todo

fix rmdir versionid (#784 )
fix iam (#783 )
2026-01-17 17:40:38 +00:00 · 2025-11-04 17:12:58 +08:00 · 2025-11-03 18:23:16 +08:00 · 2025-11-03 17:39:51 +08:00 · 2025-11-03 12:49:39 +08:00 · 2025-11-03 00:34:54 +08:00
207 changed files with 14637 additions and 7866 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -103,6 +103,8 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
+      - name: Delete huge unnecessary tools folder
+        run: rm -rf /opt/hostedtoolcache
      - name: Checkout repository
        uses: actions/checkout@v5

--- a/.rules.md
+++ b/.rules.md
@@ -0,0 +1,702 @@
+# RustFS Project AI Coding Rules
+
+## 🚨🚨🚨 CRITICAL DEVELOPMENT RULES - ZERO TOLERANCE 🚨🚨🚨
+
+### ⛔️ ABSOLUTE PROHIBITION: NEVER COMMIT DIRECTLY TO MASTER/MAIN BRANCH ⛔️
+
+**🔥 THIS IS THE MOST CRITICAL RULE - VIOLATION WILL RESULT IN IMMEDIATE REVERSAL 🔥**
+
+- **🚫 ZERO DIRECT COMMITS TO MAIN/MASTER BRANCH - ABSOLUTELY FORBIDDEN**
+- **🚫 ANY DIRECT COMMIT TO MAIN BRANCH MUST BE IMMEDIATELY REVERTED**
+- **🚫 NO EXCEPTIONS FOR HOTFIXES, EMERGENCIES, OR URGENT CHANGES**
+- **🚫 NO EXCEPTIONS FOR SMALL CHANGES, TYPOS, OR DOCUMENTATION UPDATES**
+- **🚫 NO EXCEPTIONS FOR ANYONE - MAINTAINERS, CONTRIBUTORS, OR ADMINS**
+
+### 📋 MANDATORY WORKFLOW - STRICTLY ENFORCED
+
+**EVERY SINGLE CHANGE MUST FOLLOW THIS WORKFLOW:**
+
+1. **Check current branch**: `git branch` (MUST NOT be on main/master)
+2. **Switch to main**: `git checkout main`
+3. **Pull latest**: `git pull origin main`
+4. **Create feature branch**: `git checkout -b feat/your-feature-name`
+5. **Make changes ONLY on feature branch**
+6. **Test thoroughly before committing**
+7. **Commit and push to feature branch**: `git push origin feat/your-feature-name`
+8. **Create Pull Request**: Use `gh pr create` (MANDATORY)
+9. **Wait for PR approval**: NO self-merging allowed
+10. **Merge through GitHub interface**: ONLY after approval
+
+### 🔒 ENFORCEMENT MECHANISMS
+
+- **Branch protection rules**: Main branch is protected
+- **Pre-commit hooks**: Will block direct commits to main
+- **CI/CD checks**: All PRs must pass before merging
+- **Code review requirement**: At least one approval needed
+- **Automated reversal**: Direct commits to main will be automatically reverted
+
+## 🎯 Core AI Development Principles
+
+### Five Execution Steps
+
+#### 1. Task Analysis and Planning
+- **Clear Objectives**: Deeply understand task requirements and expected results before starting coding
+- **Plan Development**: List specific files, components, and functions that need modification, explaining the reasons for changes
+- **Risk Assessment**: Evaluate the impact of changes on existing functionality, develop rollback plans
+
+#### 2. Precise Code Location
+- **File Identification**: Determine specific files and line numbers that need modification
+- **Impact Analysis**: Avoid modifying irrelevant files, clearly state the reason for each file modification
+- **Minimization Principle**: Unless explicitly required by the task, do not create new abstraction layers or refactor existing code
+
+#### 3. Minimal Code Changes
+- **Focus on Core**: Only write code directly required by the task
+- **Avoid Redundancy**: Do not add unnecessary logs, comments, tests, or error handling
+- **Isolation**: Ensure new code does not interfere with existing functionality, maintain code independence
+
+#### 4. Strict Code Review
+- **Correctness Check**: Verify the correctness and completeness of code logic
+- **Style Consistency**: Ensure code conforms to established project coding style
+- **Side Effect Assessment**: Evaluate the impact of changes on downstream systems
+
+#### 5. Clear Delivery Documentation
+- **Change Summary**: Detailed explanation of all modifications and reasons
+- **File List**: List all modified files and their specific changes
+- **Risk Statement**: Mark any assumptions or potential risk points
+
+### Core Principles
+- **🎯 Precise Execution**: Strictly follow task requirements, no arbitrary innovation
+- **⚡ Efficient Development**: Avoid over-design, only do necessary work
+- **🛡️ Safe and Reliable**: Always follow development processes, ensure code quality and system stability
+- **🔒 Cautious Modification**: Only modify when clearly knowing what needs to be changed and having confidence
+
+### Additional AI Behavior Rules
+
+1. **Use English for all code comments and documentation** - All comments, variable names, function names, documentation, and user-facing text in code should be in English
+2. **Clean up temporary scripts after use** - Any temporary scripts, test files, or helper files created during AI work should be removed after task completion
+3. **Only make confident modifications** - Do not make speculative changes or "convenient" modifications outside the task scope. If uncertain about a change, ask for clarification rather than guessing
+
+## Project Overview
+
+RustFS is a high-performance distributed object storage system written in Rust, compatible with S3 API. The project adopts a modular architecture, supporting erasure coding storage, multi-tenant management, observability, and other enterprise-level features.
+
+## Core Architecture Principles
+
+### 1. Modular Design
+
+- Project uses Cargo workspace structure, containing multiple independent crates
+- Core modules: `rustfs` (main service), `ecstore` (erasure coding storage), `common` (shared components)
+- Functional modules: `iam` (identity management), `madmin` (management interface), `crypto` (encryption), etc.
+- Tool modules: `cli` (command line tool), `crates/*` (utility libraries)
+
+### 2. Asynchronous Programming Pattern
+
+- Comprehensive use of `tokio` async runtime
+- Prioritize `async/await` syntax
+- Use `async-trait` for async methods in traits
+- Avoid blocking operations, use `spawn_blocking` when necessary
+
+### 3. Error Handling Strategy
+
+- **Use modular, type-safe error handling with `thiserror`**
+- Each module should define its own error type using `thiserror::Error` derive macro
+- Support error chains and context information through `#[from]` and `#[source]` attributes
+- Use `Result<T>` type aliases for consistency within each module
+- Error conversion between modules should use explicit `From` implementations
+- Follow the pattern: `pub type Result<T> = core::result::Result<T, Error>`
+- Use `#[error("description")]` attributes for clear error messages
+- Support error downcasting when needed through `other()` helper methods
+- Implement `Clone` for errors when required by the domain logic
+
+## Code Style Guidelines
+
+### 1. Formatting Configuration
+
+```toml
+max_width = 130
+fn_call_width = 90
+single_line_let_else_max_width = 100
+```
+
+### 2. **🔧 MANDATORY Code Formatting Rules**
+
+**CRITICAL**: All code must be properly formatted before committing. This project enforces strict formatting standards to maintain code consistency and readability.
+
+#### Pre-commit Requirements (MANDATORY)
+
+Before every commit, you **MUST**:
+
+1. **Format your code**:
+   ```bash
+   cargo fmt --all
+   ```
+
+2. **Verify formatting**:
+   ```bash
+   cargo fmt --all --check
+   ```
+
+3. **Pass clippy checks**:
+   ```bash
+   cargo clippy --all-targets --all-features -- -D warnings
+   ```
+
+4. **Ensure compilation**:
+   ```bash
+   cargo check --all-targets
+   ```
+
+#### Quick Commands
+
+Use these convenient Makefile targets for common tasks:
+
+```bash
+# Format all code
+make fmt
+
+# Check if code is properly formatted
+make fmt-check
+
+# Run clippy checks
+make clippy
+
+# Run compilation check
+make check
+
+# Run tests
+make test
+
+# Run all pre-commit checks (format + clippy + check + test)
+make pre-commit
+
+# Setup git hooks (one-time setup)
+make setup-hooks
+```
+
+### 3. Naming Conventions
+
+- Use `snake_case` for functions, variables, modules
+- Use `PascalCase` for types, traits, enums
+- Constants use `SCREAMING_SNAKE_CASE`
+- Global variables prefix `GLOBAL_`, e.g., `GLOBAL_Endpoints`
+- Use meaningful and descriptive names for variables, functions, and methods
+- Avoid meaningless names like `temp`, `data`, `foo`, `bar`, `test123`
+- Choose names that clearly express the purpose and intent
+
+### 4. Type Declaration Guidelines
+
+- **Prefer type inference over explicit type declarations** when the type is obvious from context
+- Let the Rust compiler infer types whenever possible to reduce verbosity and improve maintainability
+- Only specify types explicitly when:
+  - The type cannot be inferred by the compiler
+  - Explicit typing improves code clarity and readability
+  - Required for API boundaries (function signatures, public struct fields)
+  - Needed to resolve ambiguity between multiple possible types
+
+### 5. Documentation Comments
+
+- Public APIs must have documentation comments
+- Use `///` for documentation comments
+- Complex functions add `# Examples` and `# Parameters` descriptions
+- Error cases use `# Errors` descriptions
+- Always use English for all comments and documentation
+- Avoid meaningless comments like "debug 111" or placeholder text
+
+### 6. Import Guidelines
+
+- Standard library imports first
+- Third-party crate imports in the middle
+- Project internal imports last
+- Group `use` statements with blank lines between groups
+
+## Asynchronous Programming Guidelines
+
+### 1. Trait Definition
+
+```rust
+#[async_trait::async_trait]
+pub trait StorageAPI: Send + Sync {
+    async fn get_object(&self, bucket: &str, object: &str) -> Result<ObjectInfo>;
+}
+```
+
+### 2. Error Handling
+
+```rust
+// Use ? operator to propagate errors
+async fn example_function() -> Result<()> {
+    let data = read_file("path").await?;
+    process_data(data).await?;
+    Ok(())
+}
+```
+
+### 3. Concurrency Control
+
+- Use `Arc` and `Mutex`/`RwLock` for shared state management
+- Prioritize async locks from `tokio::sync`
+- Avoid holding locks for long periods
+
+## Logging and Tracing Guidelines
+
+### 1. Tracing Usage
+
+```rust
+#[tracing::instrument(skip(self, data))]
+async fn process_data(&self, data: &[u8]) -> Result<()> {
+    info!("Processing {} bytes", data.len());
+    // Implementation logic
+}
+```
+
+### 2. Log Levels
+
+- `error!`: System errors requiring immediate attention
+- `warn!`: Warning information that may affect functionality
+- `info!`: Important business information
+- `debug!`: Debug information for development use
+- `trace!`: Detailed execution paths
+
+### 3. Structured Logging
+
+```rust
+info!(
+    counter.rustfs_api_requests_total = 1_u64,
+    key_request_method = %request.method(),
+    key_request_uri_path = %request.uri().path(),
+    "API request processed"
+);
+```
+
+## Error Handling Guidelines
+
+### 1. Error Type Definition
+
+```rust
+// Use thiserror for module-specific error types
+#[derive(thiserror::Error, Debug)]
+pub enum MyError {
+    #[error("IO error: {0}")]
+    Io(#[from] std::io::Error),
+
+    #[error("Storage error: {0}")]
+    Storage(#[from] ecstore::error::StorageError),
+
+    #[error("Custom error: {message}")]
+    Custom { message: String },
+
+    #[error("File not found: {path}")]
+    FileNotFound { path: String },
+
+    #[error("Invalid configuration: {0}")]
+    InvalidConfig(String),
+}
+
+// Provide Result type alias for the module
+pub type Result<T> = core::result::Result<T, MyError>;
+```
+
+### 2. Error Helper Methods
+
+```rust
+impl MyError {
+    /// Create error from any compatible error type
+    pub fn other<E>(error: E) -> Self
+    where
+        E: Into<Box<dyn std::error::Error + Send + Sync>>,
+    {
+        MyError::Io(std::io::Error::other(error))
+    }
+}
+```
+
+### 3. Error Context and Propagation
+
+```rust
+// Use ? operator for clean error propagation
+async fn example_function() -> Result<()> {
+    let data = read_file("path").await?;
+    process_data(data).await?;
+    Ok(())
+}
+
+// Add context to errors
+fn process_with_context(path: &str) -> Result<()> {
+    std::fs::read(path)
+        .map_err(|e| MyError::Custom {
+            message: format!("Failed to read {}: {}", path, e)
+        })?;
+    Ok(())
+}
+```
+
+## Performance Optimization Guidelines
+
+### 1. Memory Management
+
+- Use `Bytes` instead of `Vec<u8>` for zero-copy operations
+- Avoid unnecessary cloning, use reference passing
+- Use `Arc` for sharing large objects
+
+### 2. Concurrency Optimization
+
+```rust
+// Use join_all for concurrent operations
+let futures = disks.iter().map(|disk| disk.operation());
+let results = join_all(futures).await;
+```
+
+### 3. Caching Strategy
+
+- Use `LazyLock` for global caching
+- Implement LRU cache to avoid memory leaks
+
+## Testing Guidelines
+
+### 1. Unit Tests
+
+```rust
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use test_case::test_case;
+
+    #[tokio::test]
+    async fn test_async_function() {
+        let result = async_function().await;
+        assert!(result.is_ok());
+    }
+
+    #[test_case("input1", "expected1")]
+    #[test_case("input2", "expected2")]
+    fn test_with_cases(input: &str, expected: &str) {
+        assert_eq!(function(input), expected);
+    }
+}
+```
+
+### 2. Integration Tests
+
+- Use `e2e_test` module for end-to-end testing
+- Simulate real storage environments
+
+### 3. Test Quality Standards
+
+- Write meaningful test cases that verify actual functionality
+- Avoid placeholder or debug content like "debug 111", "test test", etc.
+- Use descriptive test names that clearly indicate what is being tested
+- Each test should have a clear purpose and verify specific behavior
+- Test data should be realistic and representative of actual use cases
+
+## Cross-Platform Compatibility Guidelines
+
+### 1. CPU Architecture Compatibility
+
+- **Always consider multi-platform and different CPU architecture compatibility** when writing code
+- Support major architectures: x86_64, aarch64 (ARM64), and other target platforms
+- Use conditional compilation for architecture-specific code:
+
+```rust
+#[cfg(target_arch = "x86_64")]
+fn optimized_x86_64_function() { /* x86_64 specific implementation */ }
+
+#[cfg(target_arch = "aarch64")]
+fn optimized_aarch64_function() { /* ARM64 specific implementation */ }
+
+#[cfg(not(any(target_arch = "x86_64", target_arch = "aarch64")))]
+fn generic_function() { /* Generic fallback implementation */ }
+```
+
+### 2. Platform-Specific Dependencies
+
+- Use feature flags for platform-specific dependencies
+- Provide fallback implementations for unsupported platforms
+- Test on multiple architectures in CI/CD pipeline
+
+### 3. Endianness Considerations
+
+- Use explicit byte order conversion when dealing with binary data
+- Prefer `to_le_bytes()`, `from_le_bytes()` for consistent little-endian format
+- Use `byteorder` crate for complex binary format handling
+
+### 4. SIMD and Performance Optimizations
+
+- Use portable SIMD libraries like `wide` or `packed_simd`
+- Provide fallback implementations for non-SIMD architectures
+- Use runtime feature detection when appropriate
+
+## Security Guidelines
+
+### 1. Memory Safety
+
+- Disable `unsafe` code (workspace.lints.rust.unsafe_code = "deny")
+- Use `rustls` instead of `openssl`
+
+### 2. Authentication and Authorization
+
+```rust
+// Use IAM system for permission checks
+let identity = iam.authenticate(&access_key, &secret_key).await?;
+iam.authorize(&identity, &action, &resource).await?;
+```
+
+## Configuration Management Guidelines
+
+### 1. Environment Variables
+
+- Use `RUSTFS_` prefix
+- Support both configuration files and environment variables
+- Provide reasonable default values
+
+### 2. Configuration Structure
+
+```rust
+#[derive(Debug, Deserialize, Clone)]
+pub struct Config {
+    pub address: String,
+    pub volumes: String,
+    #[serde(default)]
+    pub console_enable: bool,
+}
+```
+
+## Dependency Management Guidelines
+
+### 1. Workspace Dependencies
+
+- Manage versions uniformly at workspace level
+- Use `workspace = true` to inherit configuration
+
+### 2. Feature Flags
+
+```rust
+[features]
+default = ["file"]
+gpu = ["dep:nvml-wrapper"]
+kafka = ["dep:rdkafka"]
+```
+
+## Deployment and Operations Guidelines
+
+### 1. Containerization
+
+- Provide Dockerfile and docker-compose configuration
+- Support multi-stage builds to optimize image size
+
+### 2. Observability
+
+- Integrate OpenTelemetry for distributed tracing
+- Support Prometheus metrics collection
+- Provide Grafana dashboards
+
+### 3. Health Checks
+
+```rust
+// Implement health check endpoint
+async fn health_check() -> Result<HealthStatus> {
+    // Check component status
+}
+```
+
+## Code Review Checklist
+
+### 1. **Code Formatting and Quality (MANDATORY)**
+
+- [ ] **Code is properly formatted** (`cargo fmt --all --check` passes)
+- [ ] **All clippy warnings are resolved** (`cargo clippy --all-targets --all-features -- -D warnings` passes)
+- [ ] **Code compiles successfully** (`cargo check --all-targets` passes)
+- [ ] **Pre-commit hooks are working** and all checks pass
+- [ ] **No formatting-related changes** mixed with functional changes (separate commits)
+
+### 2. Functionality
+
+- [ ] Are all error cases properly handled?
+- [ ] Is there appropriate logging?
+- [ ] Is there necessary test coverage?
+
+### 3. Performance
+
+- [ ] Are unnecessary memory allocations avoided?
+- [ ] Are async operations used correctly?
+- [ ] Are there potential deadlock risks?
+
+### 4. Security
+
+- [ ] Are input parameters properly validated?
+- [ ] Are there appropriate permission checks?
+- [ ] Is information leakage avoided?
+
+### 5. Cross-Platform Compatibility
+
+- [ ] Does the code work on different CPU architectures (x86_64, aarch64)?
+- [ ] Are platform-specific features properly gated with conditional compilation?
+- [ ] Is byte order handling correct for binary data?
+- [ ] Are there appropriate fallback implementations for unsupported platforms?
+
+### 6. Code Commits and Documentation
+
+- [ ] Does it comply with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)?
+- [ ] Are commit messages concise and under 72 characters for the title line?
+- [ ] Commit titles should be concise and in English, avoid Chinese
+- [ ] Is PR description provided in copyable markdown format for easy copying?
+
+## Common Patterns and Best Practices
+
+### 1. Resource Management
+
+```rust
+// Use RAII pattern for resource management
+pub struct ResourceGuard {
+    resource: Resource,
+}
+
+impl Drop for ResourceGuard {
+    fn drop(&mut self) {
+        // Clean up resources
+    }
+}
+```
+
+### 2. Dependency Injection
+
+```rust
+// Use dependency injection pattern
+pub struct Service {
+    config: Arc<Config>,
+    storage: Arc<dyn StorageAPI>,
+}
+```
+
+### 3. Graceful Shutdown
+
+```rust
+// Implement graceful shutdown
+async fn shutdown_gracefully(shutdown_rx: &mut Receiver<()>) {
+    tokio::select! {
+        _ = shutdown_rx.recv() => {
+            info!("Received shutdown signal");
+            // Perform cleanup operations
+        }
+        _ = tokio::time::sleep(SHUTDOWN_TIMEOUT) => {
+            warn!("Shutdown timeout reached");
+        }
+    }
+}
+```
+
+## Domain-Specific Guidelines
+
+### 1. Storage Operations
+
+- All storage operations must support erasure coding
+- Implement read/write quorum mechanisms
+- Support data integrity verification
+
+### 2. Network Communication
+
+- Use gRPC for internal service communication
+- HTTP/HTTPS support for S3-compatible API
+- Implement connection pooling and retry mechanisms
+
+### 3. Metadata Management
+
+- Use FlatBuffers for serialization
+- Support version control and migration
+- Implement metadata caching
+
+## Branch Management and Development Workflow
+
+### Branch Management
+
+- **🚨 CRITICAL: NEVER modify code directly on main or master branch - THIS IS ABSOLUTELY FORBIDDEN 🚨**
+- **⚠️ ANY DIRECT COMMITS TO MASTER/MAIN WILL BE REJECTED AND MUST BE REVERTED IMMEDIATELY ⚠️**
+- **🔒 ALL CHANGES MUST GO THROUGH PULL REQUESTS - NO DIRECT COMMITS TO MAIN UNDER ANY CIRCUMSTANCES 🔒**
+- **Always work on feature branches - NO EXCEPTIONS**
+- Always check the .rules.md file before starting to ensure you understand the project guidelines
+- **MANDATORY workflow for ALL changes:**
+   1. `git checkout main` (switch to main branch)
+   2. `git pull` (get latest changes)
+   3. `git checkout -b feat/your-feature-name` (create and switch to feature branch)
+   4. Make your changes ONLY on the feature branch
+   5. Test thoroughly before committing
+   6. Commit and push to the feature branch
+   7. **Create a pull request for code review - THIS IS THE ONLY WAY TO MERGE TO MAIN**
+   8. **Wait for PR approval before merging - NEVER merge your own PRs without review**
+- Use descriptive branch names following the pattern: `feat/feature-name`, `fix/issue-name`, `refactor/component-name`, etc.
+- **Double-check current branch before ANY commit: `git branch` to ensure you're NOT on main/master**
+- **Pull Request Requirements:**
+  - All changes must be submitted via PR regardless of size or urgency
+  - PRs must include comprehensive description and testing information
+  - PRs must pass all CI/CD checks before merging
+  - PRs require at least one approval from code reviewers
+  - Even hotfixes and emergency changes must go through PR process
+- **Enforcement:**
+  - Main branch should be protected with branch protection rules
+  - Direct pushes to main should be blocked by repository settings
+  - Any accidental direct commits to main must be immediately reverted via PR
+
+### Development Workflow
+
+## 🎯 **Core Development Principles**
+
+- **🔴 Every change must be precise - don't modify unless you're confident**
+  - Carefully analyze code logic and ensure complete understanding before making changes
+  - When uncertain, prefer asking users or consulting documentation over blind modifications
+  - Use small iterative steps, modify only necessary parts at a time
+  - Evaluate impact scope before changes to ensure no new issues are introduced
+
+- **🚀 GitHub PR creation prioritizes gh command usage**
+  - Prefer using `gh pr create` command to create Pull Requests
+  - Avoid having users manually create PRs through web interface
+  - Provide clear and professional PR titles and descriptions
+  - Using `gh` commands ensures better integration and automation
+
+## 📝 **Code Quality Requirements**
+
+- Use English for all code comments, documentation, and variable names
+- Write meaningful and descriptive names for variables, functions, and methods
+- Avoid meaningless test content like "debug 111" or placeholder values
+- Before each change, carefully read the existing code to ensure you understand the code structure and implementation, do not break existing logic implementation, do not introduce new issues
+- Ensure each change provides sufficient test cases to guarantee code correctness
+- Do not arbitrarily modify numbers and constants in test cases, carefully analyze their meaning to ensure test case correctness
+- When writing or modifying tests, check existing test cases to ensure they have scientific naming and rigorous logic testing, if not compliant, modify test cases to ensure scientific and rigorous testing
+- **Before committing any changes, run `cargo clippy --all-targets --all-features -- -D warnings` to ensure all code passes Clippy checks**
+- After each development completion, first git add . then git commit -m "feat: feature description" or "fix: issue description", ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
+- **Keep commit messages concise and under 72 characters** for the title line, use body for detailed explanations if needed
+- After each development completion, first git push to remote repository
+- After each change completion, summarize the changes, do not create summary files, provide a brief change description, ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
+- Provide change descriptions needed for PR in the conversation, ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
+- **Always provide PR descriptions in English** after completing any changes, including:
+  - Clear and concise title following Conventional Commits format
+  - Detailed description of what was changed and why
+  - List of key changes and improvements
+  - Any breaking changes or migration notes if applicable
+  - Testing information and verification steps
+- **Provide PR descriptions in copyable markdown format** enclosed in code blocks for easy one-click copying
+
+## 🚫 AI Documentation Generation Restrictions
+
+### Forbidden Summary Documents
+
+- **Strictly forbidden to create any form of AI-generated summary documents**
+- **Do not create documents containing large amounts of emoji, detailed formatting tables and typical AI style**
+- **Do not generate the following types of documents in the project:**
+  - Benchmark summary documents (BENCHMARK*.md)
+  - Implementation comparison analysis documents (IMPLEMENTATION_COMPARISON*.md)
+  - Performance analysis report documents
+  - Architecture summary documents
+  - Feature comparison documents
+  - Any documents with large amounts of emoji and formatted content
+- **If documentation is needed, only create when explicitly requested by the user, and maintain a concise and practical style**
+- **Documentation should focus on actually needed information, avoiding excessive formatting and decorative content**
+- **Any discovered AI-generated summary documents should be immediately deleted**
+
+### Allowed Documentation Types
+
+- README.md (project introduction, keep concise)
+- Technical documentation (only create when explicitly needed)
+- User manual (only create when explicitly needed)
+- API documentation (generated from code)
+- Changelog (CHANGELOG.md)
+
+These rules should serve as guiding principles when developing the RustFS project, ensuring code quality, performance, and maintainability.
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -93,8 +93,15 @@
            "name": "Debug executable target/debug/test",
            "type":  "lldb",
            "request": "launch",
-            "program": "${workspaceFolder}/target/debug/deps/lifecycle_integration_test-5eb7590b8f3bea55",
-            "args": [],
+            "program": "${workspaceFolder}/target/debug/deps/lifecycle_integration_test-5915cbfcab491b3b",
+            "args": [
+              "--skip",
+              "test_lifecycle_expiry_basic",
+              "--skip",
+              "test_lifecycle_expiry_deletemarker",
+              //"--skip",
+              //"test_lifecycle_transition_basic",
+            ],
            "cwd": "${workspaceFolder}",
            //"stopAtEntry": false,
            //"preLaunchTask": "cargo build",
--- a/CLA.md
+++ b/CLA.md
@@ -1,39 +1,88 @@
 RustFS Individual Contributor License Agreement

-Thank you for your interest in contributing documentation and related software code to a project hosted or managed by RustFS. In order to clarify the intellectual property license granted with Contributions from any person or entity, RustFS must have a Contributor License Agreement (“CLA”) on file that has been signed by each Contributor, indicating agreement to the license terms below. This version of the Contributor License Agreement allows an individual to submit Contributions to the applicable project. If you are making a submission on behalf of a legal entity, then you should sign the separate Corporate Contributor License Agreement.
+Thank you for your interest in contributing documentation and related software code to a project hosted or managed by
+RustFS. In order to clarify the intellectual property license granted with Contributions from any person or entity,
+RustFS must have a Contributor License Agreement ("CLA") on file that has been signed by each Contributor, indicating
+agreement to the license terms below. This version of the Contributor License Agreement allows an individual to submit
+Contributions to the applicable project. If you are making a submission on behalf of a legal entity, then you should
+sign the separate Corporate Contributor License Agreement.

-You accept and agree to the following terms and conditions for Your present and future Contributions submitted to RustFS. You hereby irrevocably assign and transfer to RustFS all right, title, and interest in and to Your Contributions, including all copyrights and other intellectual property rights therein.
+You accept and agree to the following terms and conditions for Your present and future Contributions submitted to
+RustFS. You hereby irrevocably assign and transfer to RustFS all right, title, and interest in and to Your
+Contributions, including all copyrights and other intellectual property rights therein.

 Definitions

-“You” (or “Your”) shall mean the copyright owner or legal entity authorized by the copyright owner that is making this Agreement with RustFS. For legal entities, the entity making a Contribution and all other entities that control, are controlled by, or are under common control with that entity are considered to be a single Contributor. For the purposes of this definition, “control” means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+“You” (or “Your”) shall mean the copyright owner or legal entity authorized by the copyright owner that is making this
+Agreement with RustFS. For legal entities, the entity making a Contribution and all other entities that control, are
+controlled by, or are under common control with that entity are considered to be a single Contributor. For the purposes
+of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such
+entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares,
+or (iii) beneficial ownership of such entity.

-“Contribution” shall mean any original work of authorship, including any modifications or additions to an existing work, that is intentionally submitted by You to RustFS for inclusion in, or documentation of, any of the products or projects owned or managed by RustFS (the “Work”), including without limitation any Work described in Schedule A. For the purposes of this definition, “submitted” means any form of electronic or written communication sent to RustFS or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, RustFS for the purpose of discussing and improving the Work.
+“Contribution” shall mean any original work of authorship, including any modifications or additions to an existing work,
+that is intentionally submitted by You to RustFS for inclusion in, or documentation of, any of the products or projects
+owned or managed by RustFS (the "Work"), including without limitation any Work described in Schedule A. For the purposes
+of this definition, "submitted" means any form of electronic or written communication sent to RustFS or its
+representatives, including but not limited to communication on electronic mailing lists, source code control systems,
+and issue tracking systems that are managed by, or on behalf of, RustFS for the purpose of discussing and improving the
+Work.

 Assignment of Copyright

-Subject to the terms and conditions of this Agreement, You hereby irrevocably assign and transfer to RustFS all right, title, and interest in and to Your Contributions, including all copyrights and other intellectual property rights therein, for the entire term of such rights, including all renewals and extensions. You agree to execute all documents and take all actions as may be reasonably necessary to vest in RustFS the ownership of Your Contributions and to assist RustFS in perfecting, maintaining, and enforcing its rights in Your Contributions.
+Subject to the terms and conditions of this Agreement, You hereby irrevocably assign and transfer to RustFS all right,
+title, and interest in and to Your Contributions, including all copyrights and other intellectual property rights
+therein, for the entire term of such rights, including all renewals and extensions. You agree to execute all documents
+and take all actions as may be reasonably necessary to vest in RustFS the ownership of Your Contributions and to assist
+RustFS in perfecting, maintaining, and enforcing its rights in Your Contributions.

 Grant of Patent License

-Subject to the terms and conditions of this Agreement, You hereby grant to RustFS and to recipients of documentation and software distributed by RustFS a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted. If any entity institutes patent litigation against You or any other entity (including a cross-claim or counterclaim in a lawsuit) alleging that your Contribution, or the Work to which you have contributed, constitutes direct or contributory patent infringement, then any patent licenses granted to that entity under this Agreement for that Contribution or Work shall terminate as of the date such litigation is filed.
+Subject to the terms and conditions of this Agreement, You hereby grant to RustFS and to recipients of documentation and
+software distributed by RustFS a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as
+stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the
+Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your
+Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was
+submitted. If any entity institutes patent litigation against You or any other entity (including a cross-claim or
+counterclaim in a lawsuit) alleging that your Contribution, or the Work to which you have contributed, constitutes
+direct or contributory patent infringement, then any patent licenses granted to that entity under this Agreement for
+that Contribution or Work shall terminate as of the date such litigation is filed.

 You represent that you are legally entitled to grant the above assignment and license.

-You represent that each of Your Contributions is Your original creation (see section 7 for submissions on behalf of others). You represent that Your Contribution submissions include complete details of any third-party license or other restriction (including, but not limited to, related patents and trademarks) of which you are personally aware and which are associated with any part of Your Contributions.
+You represent that each of Your Contributions is Your original creation (see section 7 for submissions on behalf of
+others). You represent that Your Contribution submissions include complete details of any third-party license or other
+restriction (including, but not limited to, related patents and trademarks) of which you are personally aware and which
+are associated with any part of Your Contributions.

-You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. You may provide support for free, for a fee, or not at all. Unless required by applicable law or agreed to in writing, You provide Your Contributions on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. You
+may provide support for free, for a fee, or not at all. Unless required by applicable law or agreed to in writing, You
+provide Your Contributions on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
+including, without limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR
+A PARTICULAR PURPOSE.

-Should You wish to submit work that is not Your original creation, You may submit it to RustFS separately from any Contribution, identifying the complete details of its source and of any license or other restriction (including, but not limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously marking the work as “Submitted on behalf of a third-party: [named here]”.
+Should You wish to submit work that is not Your original creation, You may submit it to RustFS separately from any
+Contribution, identifying the complete details of its source and of any license or other restriction (including, but not
+limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously
+marking the work as "Submitted on behalf of a third-party: [named here]”.

-You agree to notify RustFS of any facts or circumstances of which you become aware that would make these representations inaccurate in any respect.
+You agree to notify RustFS of any facts or circumstances of which you become aware that would make these representations
+inaccurate in any respect.

 Modification of CLA

-RustFS reserves the right to update or modify this CLA in the future. Any updates or modifications to this CLA shall apply only to Contributions made after the effective date of the revised CLA. Contributions made prior to the update shall remain governed by the version of the CLA that was in effect at the time of submission. It is not necessary for all Contributors to re-sign the CLA when the CLA is updated or modified.
+RustFS reserves the right to update or modify this CLA in the future. Any updates or modifications to this CLA shall
+apply only to Contributions made after the effective date of the revised CLA. Contributions made prior to the update
+shall remain governed by the version of the CLA that was in effect at the time of submission. It is not necessary for
+all Contributors to re-sign the CLA when the CLA is updated or modified.

 Governing Law and Dispute Resolution

-This Agreement will be governed by and construed in accordance with the laws of the People’s Republic of China excluding that body of laws known as conflict of laws. The parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply. Any legal action or proceeding arising under this Agreement will be brought exclusively in the courts located in Beijing, China, and the parties hereby irrevocably consent to the personal jurisdiction and venue therein.
+This Agreement will be governed by and construed in accordance with the laws of the People's Republic of China excluding
+that body of laws known as conflict of laws. The parties expressly agree that the United Nations Convention on Contracts
+for the International Sale of Goods will not apply. Any legal action or proceeding arising under this Agreement will be
+brought exclusively in the courts located in Beijing, China, and the parties hereby irrevocably consent to the personal
+jurisdiction and venue therein.

-For your reading convenience, this Agreement is written in parallel English and Chinese sections. To the extent there is a conflict between the English and Chinese sections, the English sections shall govern.
+For your reading convenience, this Agreement is written in parallel English and Chinese sections. To the extent there is
+a conflict between the English and Chinese sections, the English sections shall govern.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -4,23 +4,28 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co

 ## Project Overview

-RustFS is a high-performance distributed object storage software built with Rust, providing S3-compatible APIs and advanced features like data lakes, AI, and big data support. It's designed as an alternative to MinIO with better performance and a more business-friendly Apache 2.0 license.
+RustFS is a high-performance distributed object storage software built with Rust, providing S3-compatible APIs and
+advanced features like data lakes, AI, and big data support. It's designed as an alternative to MinIO with better
+performance and a more business-friendly Apache 2.0 license.

 ## Build Commands

 ### Primary Build Commands
+
 - `cargo build --release` - Build the main RustFS binary
 - `./build-rustfs.sh` - Recommended build script that handles console resources and cross-platform compilation
 - `./build-rustfs.sh --dev` - Development build with debug symbols
 - `make build` or `just build` - Use Make/Just for standardized builds

 ### Platform-Specific Builds
+
 - `./build-rustfs.sh --platform x86_64-unknown-linux-musl` - Build for musl target
 - `./build-rustfs.sh --platform aarch64-unknown-linux-gnu` - Build for ARM64
 - `make build-musl` or `just build-musl` - Build musl variant
 - `make build-cross-all` - Build all supported architectures

 ### Testing Commands
+
 - `cargo test --workspace --exclude e2e_test` - Run unit tests (excluding e2e tests)
 - `cargo nextest run --all --exclude e2e_test` - Use nextest if available (faster)
 - `cargo test --all --doc` - Run documentation tests
@@ -28,22 +33,30 @@ RustFS is a high-performance distributed object storage software built with Rust
 - `make pre-commit` - Run all quality checks (fmt, clippy, check, test)

 ### End-to-End Testing
+
 - `cargo test --package e2e_test` - Run all e2e tests
 - `./scripts/run_e2e_tests.sh` - Run e2e tests via script
 - `./scripts/run_scanner_benchmarks.sh` - Run scanner performance benchmarks

 ### KMS-Specific Testing (with proxy bypass)
- `NO_PROXY=127.0.0.1,localhost HTTP_PROXY= HTTPS_PROXY= http_proxy= https_proxy= cargo test --package e2e_test test_local_kms_end_to_end -- --nocapture --test-threads=1` - Run complete KMS end-to-end test
- `NO_PROXY=127.0.0.1,localhost HTTP_PROXY= HTTPS_PROXY= http_proxy= https_proxy= cargo test --package e2e_test kms:: -- --nocapture --test-threads=1` - Run all KMS tests
+
+-
+`NO_PROXY=127.0.0.1,localhost HTTP_PROXY= HTTPS_PROXY= http_proxy= https_proxy= cargo test --package e2e_test test_local_kms_end_to_end -- --nocapture --test-threads=1` -
+Run complete KMS end-to-end test
+-
+`NO_PROXY=127.0.0.1,localhost HTTP_PROXY= HTTPS_PROXY= http_proxy= https_proxy= cargo test --package e2e_test kms:: -- --nocapture --test-threads=1` -
+Run all KMS tests
 - `cargo test --package e2e_test test_local_kms_key_isolation -- --nocapture --test-threads=1` - Test KMS key isolation
 - `cargo test --package e2e_test test_local_kms_large_file -- --nocapture --test-threads=1` - Test KMS with large files

 ### Code Quality
+
 - `cargo fmt --all` - Format code
 - `cargo clippy --all-targets --all-features -- -D warnings` - Lint code
 - `make pre-commit` or `just pre-commit` - Run all quality checks (fmt, clippy, check, test)

 ### Quick Development Commands
+
 - `make help` or `just help` - Show all available commands with descriptions
 - `make help-build` - Show detailed build options and cross-compilation help
 - `make help-docker` - Show comprehensive Docker build and deployment options
@@ -52,6 +65,7 @@ RustFS is a high-performance distributed object storage software built with Rust
 - `./scripts/probe.sh` - Health check and connectivity testing

 ### Docker Build Commands
+
 - `make docker-buildx` - Build multi-architecture production images
 - `make docker-dev-local` - Build development image for local use
 - `./docker-buildx.sh --push` - Build and push production images
@@ -61,6 +75,7 @@ RustFS is a high-performance distributed object storage software built with Rust
 ### Core Components

 **Main Binary (`rustfs/`):**
+
 - Entry point at `rustfs/src/main.rs`
 - Core modules: admin, auth, config, server, storage, license management, profiling
 - HTTP server with S3-compatible APIs
@@ -68,10 +83,11 @@ RustFS is a high-performance distributed object storage software built with Rust
 - Parallel service initialization with DNS resolver, bucket metadata, and IAM

 **Key Crates (`crates/`):**
+
 - `ecstore` - Erasure coding storage implementation (core storage layer)
 - `iam` - Identity and Access Management
 - `kms` - Key Management Service for encryption and key handling
- `madmin` - Management dashboard and admin API interface  
+- `madmin` - Management dashboard and admin API interface
 - `s3select-api` & `s3select-query` - S3 Select API and query engine
 - `config` - Configuration management with notify features
 - `crypto` - Cryptography and security features
@@ -94,6 +110,7 @@ RustFS is a high-performance distributed object storage software built with Rust
 - `targets` - Target-specific configurations and utilities

 ### Build System
+
 - Cargo workspace with 25+ crates (including new KMS functionality)
 - Custom `build-rustfs.sh` script for advanced build options
 - Multi-architecture Docker builds via `docker-buildx.sh`
@@ -103,10 +120,11 @@ RustFS is a high-performance distributed object storage software built with Rust
 - Performance benchmarking and audit workflows

 ### Key Dependencies
+
 - `axum` - HTTP framework for S3 API server
 - `tokio` - Async runtime
 - `s3s` - S3 protocol implementation library
- `datafusion` - For S3 Select query processing  
+- `datafusion` - For S3 Select query processing
 - `hyper`/`hyper-util` - HTTP client/server utilities
 - `rustls` - TLS implementation
 - `serde`/`serde_json` - Serialization
@@ -115,6 +133,7 @@ RustFS is a high-performance distributed object storage software built with Rust
 - `tikv-jemallocator` - Memory allocator for Linux GNU builds

 ### Development Workflow
+
 - Console resources are embedded during build via `rust-embed`
 - Protocol buffers generated via custom `gproto` binary
 - E2E tests in separate crate (`e2e_test`) with comprehensive KMS testing
@@ -124,14 +143,16 @@ RustFS is a high-performance distributed object storage software built with Rust
 - Git hooks setup available via `make setup-hooks` or `just setup-hooks`

 ### Performance & Observability
+
 - Performance profiling available with `pprof` integration (disabled on Windows)
 - Profiling enabled via environment variables in production
 - Built-in observability with OpenTelemetry integration
 - Background services (scanner, heal) can be controlled via environment variables:
-  - `RUSTFS_ENABLE_SCANNER` (default: true)
-  - `RUSTFS_ENABLE_HEAL` (default: true)
+    - `RUSTFS_ENABLE_SCANNER` (default: true)
+    - `RUSTFS_ENABLE_HEAL` (default: true)

 ### Service Architecture
+
 - Service state management with graceful shutdown handling
 - Parallel initialization of core systems (DNS, bucket metadata, IAM)
 - Event notification system with MQTT and webhook support
@@ -139,6 +160,7 @@ RustFS is a high-performance distributed object storage software built with Rust
 - Jemalloc allocator for Linux GNU targets for better performance

 ## Environment Variables
+
 - `RUSTFS_ENABLE_SCANNER` - Enable/disable background data scanner (default: true)
 - `RUSTFS_ENABLE_HEAL` - Enable/disable auto-heal functionality (default: true)
 - Various profiling and observability controls
@@ -146,12 +168,14 @@ RustFS is a high-performance distributed object storage software built with Rust
 - Test environment configurations in `scripts/dev_rustfs.env`

 ### KMS Environment Variables
+
 - `NO_PROXY=127.0.0.1,localhost` - Required for KMS E2E tests to bypass proxy
 - `HTTP_PROXY=` `HTTPS_PROXY=` `http_proxy=` `https_proxy=` - Clear proxy settings for local KMS testing

 ## KMS (Key Management Service) Architecture

 ### KMS Implementation Status
+
 - **Full KMS Integration:** Complete implementation with Local and Vault backends
 - **Automatic Configuration:** KMS auto-configures on startup with `--kms-enable` flag
 - **Encryption Support:** Full S3-compatible server-side encryption (SSE-S3, SSE-KMS, SSE-C)
@@ -159,18 +183,21 @@ RustFS is a high-performance distributed object storage software built with Rust
 - **Production Ready:** Comprehensive testing including large files and key isolation

 ### KMS Configuration
+
 - **Local Backend:** `--kms-backend local --kms-key-dir <path> --kms-default-key-id <id>`
 - **Vault Backend:** `--kms-backend vault --kms-vault-endpoint <url> --kms-vault-key-name <name>`
 - **Auto-startup:** KMS automatically initializes when `--kms-enable` is provided
 - **Manual Configuration:** Also supports dynamic configuration via admin API

 ### S3 Encryption Support
+
 - **SSE-S3:** Server-side encryption with S3-managed keys (`ServerSideEncryption: AES256`)
 - **SSE-KMS:** Server-side encryption with KMS-managed keys (`ServerSideEncryption: aws:kms`)
 - **SSE-C:** Server-side encryption with customer-provided keys
 - **Response Headers:** All encryption types return correct `server_side_encryption` headers in PUT/GET responses

 ### KMS Testing Architecture
+
 - **Comprehensive E2E Tests:** Located in `crates/e2e_test/src/kms/`
 - **Test Environments:** Automated test environment setup with temporary directories
 - **Encryption Coverage:** Tests all three encryption types (SSE-S3, SSE-KMS, SSE-C)
@@ -178,6 +205,7 @@ RustFS is a high-performance distributed object storage software built with Rust
 - **Edge Cases:** Key isolation, large file handling, error scenarios

 ### Key Files for KMS
+
 - `crates/kms/` - Core KMS implementation with Local/Vault backends
 - `rustfs/src/main.rs` - KMS auto-initialization in `init_kms_system()`
 - `rustfs/src/storage/ecfs.rs` - SSE encryption/decryption in PUT/GET operations
@@ -186,54 +214,62 @@ RustFS is a high-performance distributed object storage software built with Rust
 - `crates/rio/src/encrypt_reader.rs` - Streaming encryption for large files

 ## Code Style and Safety Requirements
+
 - **Language Requirements:**
-  - Communicate with me in Chinese, but **only English can be used in code files**
-  - Code comments, function names, variable names, and all text in source files must be in English only
-  - No Chinese characters, emojis, or non-ASCII characters are allowed in any source code files
-  - This includes comments, strings, documentation, and any other text within code files
+    - Communicate with me in Chinese, but **only English can be used in code files**
+    - Code comments, function names, variable names, and all text in source files must be in English only
+    - No Chinese characters, emojis, or non-ASCII characters are allowed in any source code files
+    - This includes comments, strings, documentation, and any other text within code files
 - **Safety-Critical Rules:**
-  - `unsafe_code = "deny"` enforced at workspace level
-  - Never use `unwrap()`, `expect()`, or panic-inducing code except in tests
-  - Avoid blocking I/O operations in async contexts
-  - Use proper error handling with `Result<T, E>` and `Option<T>`
-  - Follow Rust's ownership and borrowing rules strictly
+    - `unsafe_code = "deny"` enforced at workspace level
+    - Never use `unwrap()`, `expect()`, or panic-inducing code except in tests
+    - Avoid blocking I/O operations in async contexts
+    - Use proper error handling with `Result<T, E>` and `Option<T>`
+    - Follow Rust's ownership and borrowing rules strictly
 - **Performance Guidelines:**
-  - Use `cargo clippy --all-targets --all-features -- -D warnings` to catch issues
-  - Prefer `anyhow` for error handling in applications, `thiserror` for libraries
-  - Use appropriate async runtimes and avoid blocking calls
+    - Use `cargo clippy --all-targets --all-features -- -D warnings` to catch issues
+    - Prefer `anyhow` for error handling in applications, `thiserror` for libraries
+    - Use appropriate async runtimes and avoid blocking calls
 - **Testing Standards:**
-  - All new features must include comprehensive tests
-  - Use `#[cfg(test)]` for test-only code that may use panic macros
-  - E2E tests should cover KMS integration scenarios
+    - All new features must include comprehensive tests
+    - Use `#[cfg(test)]` for test-only code that may use panic macros
+    - E2E tests should cover KMS integration scenarios

 ## Common Development Tasks

 ### Running KMS Tests Locally
+
 1. **Clear proxy settings:** KMS tests require direct localhost connections
 2. **Use serial execution:** `--test-threads=1` prevents port conflicts
 3. **Enable output:** `--nocapture` shows detailed test logs
-4. **Full command:** `NO_PROXY=127.0.0.1,localhost HTTP_PROXY= HTTPS_PROXY= http_proxy= https_proxy= cargo test --package e2e_test test_local_kms_end_to_end -- --nocapture --test-threads=1`
+4. **Full command:**
+   `NO_PROXY=127.0.0.1,localhost HTTP_PROXY= HTTPS_PROXY= http_proxy= https_proxy= cargo test --package e2e_test test_local_kms_end_to_end -- --nocapture --test-threads=1`

 ### KMS Development Workflow
+
 1. **Code changes:** Modify KMS-related code in `crates/kms/` or `rustfs/src/`
 2. **Compile:** Always run `cargo build` after changes
 3. **Test specific functionality:** Use targeted test commands for faster iteration
 4. **Full validation:** Run complete end-to-end tests before commits

 ### Debugging KMS Issues
+
 - **Server startup:** Check that KMS auto-initializes with debug logs
 - **Encryption failures:** Verify SSE headers are correctly set in both PUT and GET responses
 - **Test failures:** Use `--nocapture` to see detailed error messages
 - **Key management:** Test admin API endpoints with proper authentication

 ## Important Reminders
+
 - **Always compile after code changes:** Use `cargo build` to catch errors early
 - **Don't bypass tests:** All functionality must be properly tested, not worked around
 - **Use proper error handling:** Never use `unwrap()` or `expect()` in production code (except tests)
 - **Follow S3 compatibility:** Ensure all encryption types return correct HTTP response headers

 # important-instruction-reminders
+
 Do what has been asked; nothing more, nothing less.
 NEVER create files unless they're absolutely necessary for achieving your goal.
 ALWAYS prefer editing an existing file to creating a new one.
-NEVER proactively create documentation files (*.md) or README files. Only create documentation files if explicitly requested by the User.
+NEVER proactively create documentation files (*.md) or README files. Only create documentation files if explicitly
+requested by the User.
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -63,102 +63,146 @@ unsafe_code = "deny"
 all = "warn"

 [workspace.dependencies]
+# RustFS Internal Crates
+rustfs = { path = "./rustfs", version = "0.0.5" }
 rustfs-ahm = { path = "crates/ahm", version = "0.0.5" }
-rustfs-s3select-api = { path = "crates/s3select-api", version = "0.0.5" }
 rustfs-appauth = { path = "crates/appauth", version = "0.0.5" }
 rustfs-audit = { path = "crates/audit", version = "0.0.5" }
+rustfs-checksums = { path = "crates/checksums", version = "0.0.5" }
 rustfs-common = { path = "crates/common", version = "0.0.5" }
+rustfs-config = { path = "./crates/config", version = "0.0.5" }
 rustfs-crypto = { path = "crates/crypto", version = "0.0.5" }
 rustfs-ecstore = { path = "crates/ecstore", version = "0.0.5" }
+rustfs-filemeta = { path = "crates/filemeta", version = "0.0.5" }
 rustfs-iam = { path = "crates/iam", version = "0.0.5" }
+rustfs-kms = { path = "crates/kms", version = "0.0.5" }
 rustfs-lock = { path = "crates/lock", version = "0.0.5" }
 rustfs-madmin = { path = "crates/madmin", version = "0.0.5" }
+rustfs-mcp = { path = "crates/mcp", version = "0.0.5" }
+rustfs-notify = { path = "crates/notify", version = "0.0.5" }
+rustfs-obs = { path = "crates/obs", version = "0.0.5" }
 rustfs-policy = { path = "crates/policy", version = "0.0.5" }
 rustfs-protos = { path = "crates/protos", version = "0.0.5" }
-rustfs-s3select-query = { path = "crates/s3select-query", version = "0.0.5" }
-rustfs = { path = "./rustfs", version = "0.0.5" }
-rustfs-zip = { path = "./crates/zip", version = "0.0.5" }
-rustfs-config = { path = "./crates/config", version = "0.0.5" }
-rustfs-obs = { path = "crates/obs", version = "0.0.5" }
-rustfs-notify = { path = "crates/notify", version = "0.0.5" }
-rustfs-utils = { path = "crates/utils", version = "0.0.5" }
 rustfs-rio = { path = "crates/rio", version = "0.0.5" }
-rustfs-filemeta = { path = "crates/filemeta", version = "0.0.5" }
+rustfs-s3select-api = { path = "crates/s3select-api", version = "0.0.5" }
+rustfs-s3select-query = { path = "crates/s3select-query", version = "0.0.5" }
 rustfs-signer = { path = "crates/signer", version = "0.0.5" }
-rustfs-checksums = { path = "crates/checksums", version = "0.0.5" }
-rustfs-workers = { path = "crates/workers", version = "0.0.5" }
-rustfs-mcp = { path = "crates/mcp", version = "0.0.5" }
 rustfs-targets = { path = "crates/targets", version = "0.0.5" }
-rustfs-kms = { path = "crates/kms", version = "0.0.5" }
-aes-gcm = { version = "0.10.3", features = ["std"] }
-anyhow = "1.0.100"
-arc-swap = "1.7.1"
-argon2 = { version = "0.5.3", features = ["std"] }
-atoi = "2.0.0"
+rustfs-utils = { path = "crates/utils", version = "0.0.5" }
+rustfs-workers = { path = "crates/workers", version = "0.0.5" }
+rustfs-zip = { path = "./crates/zip", version = "0.0.5" }
+
+# Async Runtime and Networking
 async-channel = "2.5.0"
+async-compression = { version = "0.4.19" }
 async-recursion = "1.1.1"
 async-trait = "0.1.89"
-async-compression = { version = "0.4.19" }
-atomic_enum = "0.3.0"
-aws-config = { version = "1.8.8" }
-aws-credential-types = { version = "1.2.8" }
-aws-smithy-types = { version = "1.3.3" }
-aws-sdk-s3 = { version = "1.108.0", default-features = false, features = ["sigv4a", "rustls", "rt-tokio"] }
 axum = "0.8.6"
-axum-extra = "0.10.3"
+axum-extra = "0.12.0"
 axum-server = { version = "0.7.2", features = ["tls-rustls-no-provider"], default-features = false }
-base64-simd = "0.8.0"
-base64 = "0.22.1"
-brotli = "8.0.2"
-bytes = { version = "1.10.1", features = ["serde"] }
-bytesize = "2.1.0"
-byteorder = "1.5.0"
-cfg-if = "1.0.4"
-convert_case = "0.8.0"
-crc-fast = "1.3.0"
-chacha20poly1305 = { version = "0.10.1" }
-chrono = { version = "0.4.42", features = ["serde"] }
-clap = { version = "4.5.49", features = ["derive", "env"] }
-const-str = { version = "0.7.0", features = ["std", "proc"] }
-crc32fast = "1.5.0"
-criterion = { version = "0.7", features = ["html_reports"] }
-crossbeam-queue = "0.3.12"
-datafusion = "50.2.0"
-derive_builder = "0.20.2"
-enumset = "1.1.10"
-flatbuffers = "25.9.23"
-flate2 = "1.1.4"
-flexi_logger = { version = "0.31.7", features = ["trc", "dont_minimize_extra_stacks", "compress", "kv"] }
-form_urlencoded = "1.2.2"
 futures = "0.3.31"
 futures-core = "0.3.31"
 futures-util = "0.3.31"
+hyper = { version = "1.7.0", features = ["http2", "http1", "server"] }
+hyper-rustls = { version = "0.27.7", default-features = false, features = ["native-tokio", "http1", "tls12", "logging", "http2", "ring", "webpki-roots"] }
+hyper-util = { version = "0.1.17", features = ["tokio", "server-auto", "server-graceful"] }
+http = "1.3.1"
+http-body = "1.0.1"
+reqwest = { version = "0.12.24", default-features = false, features = ["rustls-tls-webpki-roots", "charset", "http2", "system-proxy", "stream", "json", "blocking"] }
+socket2 = "0.6.1"
+tokio = { version = "1.48.0", features = ["fs", "rt-multi-thread"] }
+tokio-rustls = { version = "0.26.4", default-features = false, features = ["logging", "tls12", "ring"] }
+tokio-stream = { version = "0.1.17" }
+tokio-test = "0.4.4"
+tokio-util = { version = "0.7.17", features = ["io", "compat"] }
+tonic = { version = "0.14.2", features = ["gzip"] }
+tonic-prost = { version = "0.14.2" }
+tonic-prost-build = { version = "0.14.2" }
+tower = { version = "0.5.2", features = ["timeout"] }
+tower-http = { version = "0.6.6", features = ["cors"] }
+
+# Serialization and Data Formats
+bytes = { version = "1.10.1", features = ["serde"] }
+bytesize = "2.1.0"
+byteorder = "1.5.0"
+flatbuffers = "25.9.23"
+form_urlencoded = "1.2.2"
+prost = "0.14.1"
+quick-xml = "0.38.3"
+rmcp = { version = "0.8.3" }
+rmp = { version = "0.8.14" }
+rmp-serde = { version = "1.3.0" }
+serde = { version = "1.0.228", features = ["derive"] }
+serde_json = { version = "1.0.145", features = ["raw_value"] }
+serde_urlencoded = "0.7.1"
+schemars = "1.0.4"
+
+# Cryptography and Security
+aes-gcm = { version = "0.10.3", features = ["std"] }
+argon2 = { version = "0.5.3", features = ["std"] }
+blake3 = { version = "1.8.2" }
+chacha20poly1305 = { version = "0.10.1" }
+crc-fast = "1.3.0"
+crc32c = "0.6.8"
+crc32fast = "1.5.0"
+crc64fast-nvme = "1.2.0"
+hmac = "0.12.1"
+jsonwebtoken = { version = "10.1.0", features = ["rust_crypto"] }
+pbkdf2 = "0.12.2"
+rsa = { version = "0.9.8" }
+rustls = { version = "0.23.34", features = ["ring", "logging", "std", "tls12"], default-features = false }
+rustls-pemfile = "2.2.0"
+rustls-pki-types = "1.13.0"
+sha1 = "0.10.6"
+sha2 = "0.10.9"
+zeroize = { version = "1.8.2", features = ["derive"] }
+
+# Time and Date
+chrono = { version = "0.4.42", features = ["serde"] }
+humantime = "2.3.0"
+time = { version = "0.3.44", features = ["std", "parsing", "formatting", "macros", "serde"] }
+
+# Utilities and Tools
+anyhow = "1.0.100"
+arc-swap = "1.7.1"
+astral-tokio-tar = "0.5.6"
+atoi = "2.0.0"
+atomic_enum = "0.3.0"
+aws-config = { version = "1.8.10" }
+aws-credential-types = { version = "1.2.8" }
+aws-sdk-s3 = { version = "1.110.0", default-features = false, features = ["sigv4a", "rustls", "rt-tokio"] }
+aws-smithy-types = { version = "1.3.4" }
+base64 = "0.22.1"
+base64-simd = "0.8.0"
+brotli = "8.0.2"
+cfg-if = "1.0.4"
+clap = { version = "4.5.51", features = ["derive", "env"] }
+const-str = { version = "0.7.0", features = ["std", "proc"] }
+convert_case = "0.8.0"
+criterion = { version = "0.7", features = ["html_reports"] }
+crossbeam-queue = "0.3.12"
+datafusion = "50.3.0"
+derive_builder = "0.20.2"
+enumset = "1.1.10"
+flate2 = "1.1.5"
+flexi_logger = { version = "0.31.7", features = ["trc", "dont_minimize_extra_stacks", "compress", "kv"] }
 glob = "0.3.3"
+google-cloud-storage = "1.2.0"
+google-cloud-auth = "1.1.0"
 hashbrown = { version = "0.16.0", features = ["serde", "rayon"] }
 hex-simd = "0.8.0"
 highway = { version = "1.3.0" }
-hickory-resolver = { version = "0.25.2", features = ["tls-ring"] }
-hmac = "0.12.1"
-hyper = "1.7.0"
-hyper-util = { version = "0.1.17", features = [
-    "tokio",
-    "server-auto",
-    "server-graceful",
-] }
-hyper-rustls = { version = "0.27.7", default-features = false, features = ["native-tokio", "http1", "tls12", "logging", "http2", "ring", "webpki-roots"] }
-http = "1.3.1"
-http-body = "1.0.1"
-humantime = "2.3.0"
 ipnetwork = { version = "0.21.1", features = ["serde"] }
-jsonwebtoken = { version = "10.0.0", features = ["rust_crypto"] }
 lazy_static = "1.5.0"
 libc = "0.2.177"
 libsystemd = { version = "0.7.2" }
 local-ip-address = "0.6.5"
 lz4 = "1.28.1"
-matchit = "0.8.4"
+matchit = "0.9.0"
 md-5 = "0.10.6"
 md5 = "0.8.0"
+metrics = "0.24.2"
+metrics-exporter-opentelemetry = "0.1.2"
 mime_guess = "2.0.5"
 moka = { version = "0.12.11", features = ["future"] }
 netif = "0.1.6"
@@ -168,128 +212,72 @@ num_cpus = { version = "1.17.0" }
 nvml-wrapper = "0.11.0"
 object_store = "0.12.4"
 once_cell = "1.21.3"
-opentelemetry = { version = "0.31.0" }
-opentelemetry-appender-tracing = { version = "0.31.1", features = [
-    "experimental_use_tracing_span_context",
-    "experimental_metadata_attributes",
-    "spec_unstable_logs_enabled"
-] }
-opentelemetry_sdk = { version = "0.31.0" }
-opentelemetry-stdout = { version = "0.31.0" }
-opentelemetry-otlp = { version = "0.31.0", default-features = false, features = [
-    "grpc-tonic", "gzip-tonic", "trace", "metrics", "logs", "internal-logs"
-] }
-opentelemetry-semantic-conventions = { version = "0.31.0", features = [
-    "semconv_experimental",
-] }
 parking_lot = "0.12.5"
 path-absolutize = "3.1.1"
 path-clean = "1.0.1"
-blake3 = { version = "1.8.2" }
-pbkdf2 = "0.12.2"
 pin-project-lite = "0.2.16"
-prost = "0.14.1"
 pretty_assertions = "1.4.1"
-quick-xml = "0.38.3"
 rand = "0.9.2"
 rayon = "1.11.0"
 reed-solomon-simd = { version = "3.1.0" }
 regex = { version = "1.12.2" }
-reqwest = { version = "0.12.24", default-features = false, features = [
-    "rustls-tls-webpki-roots",
-    "charset",
-    "http2",
-    "system-proxy",
-    "stream",
-    "json",
-    "blocking",
-] }
-rmcp = { version = "0.8.1" }
-rmp = { version = "0.8.14" }
-rmp-serde = { version = "1.3.0" }
-rsa = { version = "0.9.8" }
 rumqttc = { version = "0.25.0" }
-rust-embed = { version = "8.7.2" }
+rust-embed = { version = "8.9.0" }
 rustc-hash = { version = "2.1.1" }
-rustls = { version = "0.23.32", features = ["ring", "logging", "std", "tls12"], default-features = false }
-rustls-pki-types = "1.12.0"
-rustls-pemfile = "2.2.0"
 s3s = { version = "0.12.0-rc.3", features = ["minio"] }
-schemars = "1.0.4"
-serde = { version = "1.0.228", features = ["derive"] }
-serde_json = { version = "1.0.145", features = ["raw_value"] }
-serde_urlencoded = "0.7.1"
 serial_test = "3.2.0"
-sha1 = "0.10.6"
-sha2 = "0.10.9"
 shadow-rs = { version = "1.4.0", default-features = false }
 siphasher = "1.0.1"
 smallvec = { version = "1.15.1", features = ["serde"] }
 smartstring = "1.0.1"
 snafu = "0.8.9"
 snap = "1.1.1"
-socket2 = "0.6.1"
 starshard = { version = "0.5.0", features = ["rayon", "async", "serde"] }
 strum = { version = "0.27.2", features = ["derive"] }
-sysinfo = "0.37.1"
 sysctl = "0.7.1"
-tempfile = "3.23.0"
+sysinfo = "0.37.2"
 temp-env = "0.3.6"
+tempfile = "3.23.0"
 test-case = "3.3.1"
 thiserror = "2.0.17"
-time = { version = "0.3.44", features = [
-    "std",
-    "parsing",
-    "formatting",
-    "macros",
-    "serde",
-] }
-tokio = { version = "1.48.0", features = ["fs", "rt-multi-thread"] }
-tokio-rustls = { version = "0.26.4", default-features = false, features = ["logging", "tls12", "ring"] }
-tokio-stream = { version = "0.1.17" }
-tokio-tar = "0.3.1"
-tokio-test = "0.4.4"
-tokio-util = { version = "0.7.16", features = ["io", "compat"] }
-tonic = { version = "0.14.2", features = ["gzip"] }
-tonic-prost = { version = "0.14.2" }
-tonic-prost-build = { version = "0.14.2" }
-tower = { version = "0.5.2", features = ["timeout"] }
-tower-http = { version = "0.6.6", features = ["cors"] }
 tracing = { version = "0.1.41" }
-tracing-core = "0.1.34"
 tracing-error = "0.2.1"
 tracing-opentelemetry = "0.32.0"
 tracing-subscriber = { version = "0.3.20", features = ["env-filter", "time"] }
 transform-stream = "0.3.1"
 url = "2.5.7"
 urlencoding = "2.1.3"
-uuid = { version = "1.18.1", features = [
-    "v4",
-    "fast-rng",
-    "macro-diagnostics",
-] }
+uuid = { version = "1.18.1", features = ["v4", "fast-rng", "macro-diagnostics"] }
 vaultrs = { version = "0.7.4" }
 walkdir = "2.5.0"
 wildmatch = { version = "2.5.0", features = ["serde"] }
-zeroize = { version = "1.8.2", features = ["derive"] }
 winapi = { version = "0.3.9" }
 xxhash-rust = { version = "0.8.15", features = ["xxh64", "xxh3"] }
 zip = "6.0.0"
 zstd = "0.13.3"

+# Observability and Metrics
+opentelemetry = { version = "0.31.0" }
+opentelemetry-appender-tracing = { version = "0.31.1", features = ["experimental_use_tracing_span_context", "experimental_metadata_attributes", "spec_unstable_logs_enabled"] }
+opentelemetry-otlp = { version = "0.31.0", default-features = false, features = ["grpc-tonic", "gzip-tonic", "trace", "metrics", "logs", "internal-logs"] }
+opentelemetry_sdk = { version = "0.31.0" }
+opentelemetry-semantic-conventions = { version = "0.31.0", features = ["semconv_experimental"] }
+opentelemetry-stdout = { version = "0.31.0" }
+
+# Performance Analysis and Memory Profiling
+# Use tikv-jemallocator as memory allocator and enable performance analysis
+tikv-jemallocator = { version = "0.6", features = ["profiling", "stats", "unprefixed_malloc_on_supported_platforms", "background_threads"] }
+# Used to control and obtain statistics for jemalloc at runtime
+tikv-jemalloc-ctl = { version = "0.6", features = ["use_std", "stats", "profiling"] }
+# Used to generate pprof-compatible memory profiling data and support symbolization and flame graphs
+jemalloc_pprof = { version = "0.8.1", features = ["symbolize", "flamegraph"] }
+# Used to generate CPU performance analysis data and flame diagrams
+pprof = { version = "0.15.0", features = ["flamegraph", "protobuf-codec"] }
+mimalloc = "0.1"
+

 [workspace.metadata.cargo-shear]
-ignored = ["rustfs", "rust-i18n", "rustfs-mcp", "tokio-test", "rustfs-audit"]
-
-[profile.wasm-dev]
-inherits = "dev"
-opt-level = 1
-
-[profile.server-dev]
-inherits = "dev"
-
-[profile.android-dev]
-inherits = "dev"
+ignored = ["rustfs", "rustfs-mcp", "tokio-test"]

 [profile.release]
 opt-level = 3
--- a/2
+++ b/2
@@ -58,7 +58,7 @@ LABEL name="RustFS" \
      url="https://rustfs.com" \
      license="Apache-2.0"

-RUN apk add --no-cache ca-certificates coreutils
+RUN apk add --no-cache ca-certificates coreutils curl

 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /build/rustfs /usr/bin/rustfs
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ English | <a href="https://github.com/rustfs/rustfs/blob/main/README_ZH.md">简
  <a href="https://readme-i18n.com/rustfs/rustfs?lang=fr">français</a> |
  <a href="https://readme-i18n.com/rustfs/rustfs?lang=ja">日本語</a> |
  <a href="https://readme-i18n.com/rustfs/rustfs?lang=ko">한국어</a> |
-  <a href="https://readme-i18n.com/rustfs/rustfs?lang=pt">Português</a> |
+  <a href="https://readme-i18n.com/rustfs/rustfs?lang=pt">Portuguese</a> |
  <a href="https://readme-i18n.com/rustfs/rustfs?lang=ru">Русский</a>
 </p>

@@ -139,10 +139,14 @@ observability. If you want to start redis as well as nginx container, you can sp
   make help-docker                      # Show all Docker-related commands
   ```

-4. **Access the Console**: Open your web browser and navigate to `http://localhost:9000` to access the RustFS console,
+4. **Build with helm chart(Option 4) - Cloud Native environment**
+
+   Following the instructions on [helm chart README](./helm/README.md) to install RustFS on kubernetes cluster.
+
+5. **Access the Console**: Open your web browser and navigate to `http://localhost:9000` to access the RustFS console,
   default username and password is `rustfsadmin` .
-5. **Create a Bucket**: Use the console to create a new bucket for your objects.
-6. **Upload Objects**: You can upload files directly through the console or use S3-compatible APIs to interact with your
+6. **Create a Bucket**: Use the console to create a new bucket for your objects.
+7. **Upload Objects**: You can upload files directly through the console or use S3-compatible APIs to interact with your
   RustFS instance.

 **NOTE**: If you want to access RustFS instance with `https`, you can refer
@@ -194,6 +198,10 @@ top charts.

 <a href="https://trendshift.io/repositories/14181" target="_blank"><img src="https://raw.githubusercontent.com/rustfs/rustfs/refs/heads/main/docs/rustfs-trending.jpg" alt="rustfs%2Frustfs | Trendshift" /></a>

+## Star History
+
+[![Star History Chart](https://api.star-history.com/svg?repos=rustfs/rustfs&type=date&legend=top-left)](https://www.star-history.com/#rustfs/rustfs&type=date&legend=top-left)
+
 ## License

 [Apache 2.0](https://opensource.org/licenses/Apache-2.0)
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -87,13 +87,49 @@ RustFS 是一个使用 Rust（全球最受欢迎的编程语言之一）构建
 以外，还有 grafana、prometheus、jaeger 等，这些是为 rustfs 可观测性服务的，还有 redis 和 nginx。你想启动哪些容器，就需要用
 `--profile` 参数指定相应的 profile。

-3. **访问控制台**：打开 Web 浏览器并导航到 `http://localhost:9000` 以访问 RustFS 控制台，默认的用户名和密码是
-   `rustfsadmin` 。
-4. **创建存储桶**：使用控制台为您的对象创建新的存储桶。
-5. **上传对象**：您可以直接通过控制台上传文件，或使用 S3 兼容的 API 与您的 RustFS 实例交互。
+3. **从源码构建（方案三）- 高级用户**

-**注意**：如果你想通过 `https` 来访问 RustFS
-实例，请参考 [TLS 配置文档](https://docs.rustfs.com/zh/integration/tls-configured.html)
+   面向希望从源码构建支持多架构 Docker 镜像的开发者：
+
+   ```bash
+   # 本地构建多架构镜像
+   ./docker-buildx.sh --build-arg RELEASE=latest
+
+   # 构建并推送至镜像仓库
+   ./docker-buildx.sh --push
+
+   # 构建指定版本
+   ./docker-buildx.sh --release v1.0.0 --push
+
+   # 构建并推送到自定义镜像仓库
+   ./docker-buildx.sh --registry your-registry.com --namespace yourname --push
+   ```
+
+   `docker-buildx.sh` 脚本支持：
+    - **多架构构建**：`linux/amd64`、`linux/arm64`
+    - **自动版本检测**：可使用 git 标签或提交哈希
+    - **仓库灵活性**：支持 Docker Hub、GitHub Container Registry 等
+    - **构建优化**：包含缓存和并行构建
+
+   你也可以使用 Makefile 提供的目标命令以提升便捷性：
+
+   ```bash
+   make docker-buildx                    # 本地构建
+   make docker-buildx-push               # 构建并推送
+   make docker-buildx-version VERSION=v1.0.0  # 构建指定版本
+   make help-docker                      # 显示全部 Docker 相关命令
+   ```
+
+4. **使用 Helm Chart 部署（方案四）- 云原生环境**
+
+   按照 [helm chart 说明文档](./helm/README.md) 的指引，在 Kubernetes 集群中安装 RustFS。
+
+5. **访问控制台**：打开 Web 浏览器并导航到 `http://localhost:9000` 以访问 RustFS 控制台，默认的用户名和密码是
+   `rustfsadmin` 。
+6. **创建存储桶**：使用控制台为您的对象创建新的存储桶。
+7. **上传对象**：您可以直接通过控制台上传文件，或使用 S3 兼容的 API 与您的 RustFS 实例交互。
+
+**注意**：如果你想通过 `https` 来访问 RustFS 实例，请参考 [TLS 配置文档](https://docs.rustfs.com/zh/integration/tls-configured.html)

 ## 文档

@@ -136,6 +172,10 @@ RustFS 变得更好的杰出人员。

 <a href="https://trendshift.io/repositories/14181" target="_blank"><img src="https://raw.githubusercontent.com/rustfs/rustfs/refs/heads/main/docs/rustfs-trending.jpg" alt="rustfs%2Frustfs | Trendshift" /></a>

+## Star 历史图
+
+[![Star 历史图](https://api.star-history.com/svg?repos=rustfs/rustfs&type=date&legend=top-left)](https://www.star-history.com/#rustfs/rustfs&type=date&legend=top-left)
+
 ## 许可证

 [Apache 2.0](https://opensource.org/licenses/Apache-2.0)
--- a/crates/ahm/Cargo.toml
+++ b/crates/ahm/Cargo.toml
@@ -40,3 +40,4 @@ serde_json = { workspace = true }
 serial_test = { workspace = true }
 tracing-subscriber = { workspace = true }
 tempfile = { workspace = true }
+heed = "0.22.0"
--- a/crates/ahm/src/heal/task.rs
+++ b/crates/ahm/src/heal/task.rs
@@ -49,11 +49,12 @@ pub enum HealType {
 }

 /// Heal priority
-#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
+#[derive(Debug, Default, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
 pub enum HealPriority {
    /// Low priority
    Low = 0,
    /// Normal priority
+    #[default]
    Normal = 1,
    /// High priority
    High = 2,
@@ -61,12 +62,6 @@ pub enum HealPriority {
    Urgent = 3,
 }

-impl Default for HealPriority {
-    fn default() -> Self {
-        Self::Normal
-    }
-}
-
 /// Heal options
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct HealOptions {
--- a/crates/ahm/tests/lifecycle_cache_test.rs
+++ b/crates/ahm/tests/lifecycle_cache_test.rs
@@ -0,0 +1,508 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use heed::byteorder::BigEndian;
+use heed::types::*;
+use heed::{BoxedError, BytesDecode, BytesEncode, Database, DatabaseFlags, Env, EnvOpenOptions};
+use rustfs_ahm::scanner::local_scan::{self, LocalObjectRecord, LocalScanOutcome};
+use rustfs_ecstore::{
+    disk::endpoint::Endpoint,
+    endpoints::{EndpointServerPools, Endpoints, PoolEndpoints},
+    store::ECStore,
+    store_api::{MakeBucketOptions, ObjectIO, ObjectInfo, ObjectOptions, PutObjReader, StorageAPI},
+};
+use serial_test::serial;
+use std::borrow::Cow;
+use std::sync::Once;
+use std::sync::OnceLock;
+use std::{path::PathBuf, sync::Arc};
+use tokio::fs;
+use tokio_util::sync::CancellationToken;
+use tracing::warn;
+use tracing::{debug, info};
+//use heed_traits::Comparator;
+use time::OffsetDateTime;
+use uuid::Uuid;
+
+static GLOBAL_ENV: OnceLock<(Vec<PathBuf>, Arc<ECStore>)> = OnceLock::new();
+static INIT: Once = Once::new();
+
+static _LIFECYCLE_EXPIRY_CURRENT_DAYS: i32 = 1;
+static _LIFECYCLE_EXPIRY_NONCURRENT_DAYS: i32 = 1;
+static _LIFECYCLE_TRANSITION_CURRENT_DAYS: i32 = 1;
+static _LIFECYCLE_TRANSITION_NONCURRENT_DAYS: i32 = 1;
+static GLOBAL_LMDB_ENV: OnceLock<Env> = OnceLock::new();
+static GLOBAL_LMDB_DB: OnceLock<Database<I64<BigEndian>, LifecycleContentCodec>> = OnceLock::new();
+
+fn init_tracing() {
+    INIT.call_once(|| {
+        let _ = tracing_subscriber::fmt::try_init();
+    });
+}
+
+/// Test helper: Create test environment with ECStore
+async fn setup_test_env() -> (Vec<PathBuf>, Arc<ECStore>) {
+    init_tracing();
+
+    // Fast path: already initialized, just clone and return
+    if let Some((paths, ecstore)) = GLOBAL_ENV.get() {
+        return (paths.clone(), ecstore.clone());
+    }
+
+    // create temp dir as 4 disks with unique base dir
+    let test_base_dir = format!("/tmp/rustfs_ahm_lifecyclecache_test_{}", uuid::Uuid::new_v4());
+    let temp_dir = std::path::PathBuf::from(&test_base_dir);
+    if temp_dir.exists() {
+        fs::remove_dir_all(&temp_dir).await.ok();
+    }
+    fs::create_dir_all(&temp_dir).await.unwrap();
+
+    // create 4 disk dirs
+    let disk_paths = vec![
+        temp_dir.join("disk1"),
+        temp_dir.join("disk2"),
+        temp_dir.join("disk3"),
+        temp_dir.join("disk4"),
+    ];
+
+    for disk_path in &disk_paths {
+        fs::create_dir_all(disk_path).await.unwrap();
+    }
+
+    // create EndpointServerPools
+    let mut endpoints = Vec::new();
+    for (i, disk_path) in disk_paths.iter().enumerate() {
+        let mut endpoint = Endpoint::try_from(disk_path.to_str().unwrap()).unwrap();
+        // set correct index
+        endpoint.set_pool_index(0);
+        endpoint.set_set_index(0);
+        endpoint.set_disk_index(i);
+        endpoints.push(endpoint);
+    }
+
+    let pool_endpoints = PoolEndpoints {
+        legacy: false,
+        set_count: 1,
+        drives_per_set: 4,
+        endpoints: Endpoints::from(endpoints),
+        cmd_line: "test".to_string(),
+        platform: format!("OS: {} | Arch: {}", std::env::consts::OS, std::env::consts::ARCH),
+    };
+
+    let endpoint_pools = EndpointServerPools(vec![pool_endpoints]);
+
+    // format disks (only first time)
+    rustfs_ecstore::store::init_local_disks(endpoint_pools.clone()).await.unwrap();
+
+    // create ECStore with dynamic port 0 (let OS assign) or fixed 9002 if free
+    let port = 9002; // for simplicity
+    let server_addr: std::net::SocketAddr = format!("127.0.0.1:{port}").parse().unwrap();
+    let ecstore = ECStore::new(server_addr, endpoint_pools, CancellationToken::new())
+        .await
+        .unwrap();
+
+    // init bucket metadata system
+    let buckets_list = ecstore
+        .list_bucket(&rustfs_ecstore::store_api::BucketOptions {
+            no_metadata: true,
+            ..Default::default()
+        })
+        .await
+        .unwrap();
+    let buckets = buckets_list.into_iter().map(|v| v.name).collect();
+    rustfs_ecstore::bucket::metadata_sys::init_bucket_metadata_sys(ecstore.clone(), buckets).await;
+
+    //lmdb env
+    // User home directory
+    /*if let Ok(home_dir) = env::var("HOME").or_else(|_| env::var("USERPROFILE")) {
+        let mut path = PathBuf::from(home_dir);
+        path.push(format!(".{DEFAULT_LOG_FILENAME}"));
+        path.push(DEFAULT_LOG_DIR);
+        if ensure_directory_writable(&path) {
+            //return path;
+        }
+    }*/
+    let test_lmdb_lifecycle_dir = "/tmp/lmdb_lifecycle".to_string();
+    let temp_dir = std::path::PathBuf::from(&test_lmdb_lifecycle_dir);
+    if temp_dir.exists() {
+        fs::remove_dir_all(&temp_dir).await.ok();
+    }
+    fs::create_dir_all(&temp_dir).await.unwrap();
+    let lmdb_env = unsafe { EnvOpenOptions::new().max_dbs(100).open(&test_lmdb_lifecycle_dir).unwrap() };
+    let bucket_name = format!("test-lc-cache-{}", "00000");
+    let mut wtxn = lmdb_env.write_txn().unwrap();
+    let db = match lmdb_env
+        .database_options()
+        .name(&format!("bucket_{}", bucket_name))
+        .types::<I64<BigEndian>, LifecycleContentCodec>()
+        .flags(DatabaseFlags::DUP_SORT)
+        //.dup_sort_comparator::<>()
+        .create(&mut wtxn)
+    {
+        Ok(db) => db,
+        Err(err) => {
+            panic!("lmdb error: {}", err);
+        }
+    };
+    let _ = wtxn.commit();
+    let _ = GLOBAL_LMDB_ENV.set(lmdb_env);
+    let _ = GLOBAL_LMDB_DB.set(db);
+
+    // Store in global once lock
+    let _ = GLOBAL_ENV.set((disk_paths.clone(), ecstore.clone()));
+
+    (disk_paths, ecstore)
+}
+
+/// Test helper: Create a test bucket
+#[allow(dead_code)]
+async fn create_test_bucket(ecstore: &Arc<ECStore>, bucket_name: &str) {
+    (**ecstore)
+        .make_bucket(bucket_name, &Default::default())
+        .await
+        .expect("Failed to create test bucket");
+    info!("Created test bucket: {}", bucket_name);
+}
+
+/// Test helper: Create a test lock bucket
+async fn create_test_lock_bucket(ecstore: &Arc<ECStore>, bucket_name: &str) {
+    (**ecstore)
+        .make_bucket(
+            bucket_name,
+            &MakeBucketOptions {
+                lock_enabled: true,
+                versioning_enabled: true,
+                ..Default::default()
+            },
+        )
+        .await
+        .expect("Failed to create test bucket");
+    info!("Created test bucket: {}", bucket_name);
+}
+
+/// Test helper: Upload test object
+async fn upload_test_object(ecstore: &Arc<ECStore>, bucket: &str, object: &str, data: &[u8]) {
+    let mut reader = PutObjReader::from_vec(data.to_vec());
+    let object_info = (**ecstore)
+        .put_object(bucket, object, &mut reader, &ObjectOptions::default())
+        .await
+        .expect("Failed to upload test object");
+
+    println!("object_info1: {:?}", object_info);
+
+    info!("Uploaded test object: {}/{} ({} bytes)", bucket, object, object_info.size);
+}
+
+/// Test helper: Check if object exists
+async fn object_exists(ecstore: &Arc<ECStore>, bucket: &str, object: &str) -> bool {
+    match (**ecstore).get_object_info(bucket, object, &ObjectOptions::default()).await {
+        Ok(info) => !info.delete_marker,
+        Err(_) => false,
+    }
+}
+
+fn ns_to_offset_datetime(ns: i128) -> Option<OffsetDateTime> {
+    OffsetDateTime::from_unix_timestamp_nanos(ns).ok()
+}
+
+fn convert_record_to_object_info(record: &LocalObjectRecord) -> ObjectInfo {
+    let usage = &record.usage;
+
+    ObjectInfo {
+        bucket: usage.bucket.clone(),
+        name: usage.object.clone(),
+        size: usage.total_size as i64,
+        delete_marker: !usage.has_live_object && usage.delete_markers_count > 0,
+        mod_time: usage.last_modified_ns.and_then(ns_to_offset_datetime),
+        ..Default::default()
+    }
+}
+
+#[allow(dead_code)]
+fn to_object_info(
+    bucket: &str,
+    object: &str,
+    total_size: i64,
+    delete_marker: bool,
+    mod_time: OffsetDateTime,
+    version_id: &str,
+) -> ObjectInfo {
+    ObjectInfo {
+        bucket: bucket.to_string(),
+        name: object.to_string(),
+        size: total_size,
+        delete_marker,
+        mod_time: Some(mod_time),
+        version_id: Some(Uuid::parse_str(version_id).unwrap()),
+        ..Default::default()
+    }
+}
+
+#[derive(Debug, PartialEq, Eq)]
+enum LifecycleType {
+    ExpiryCurrent,
+    ExpiryNoncurrent,
+    TransitionCurrent,
+    TransitionNoncurrent,
+}
+
+#[derive(Debug, PartialEq, Eq)]
+pub struct LifecycleContent {
+    ver_no: u8,
+    ver_id: String,
+    mod_time: OffsetDateTime,
+    type_: LifecycleType,
+    object_name: String,
+}
+
+pub struct LifecycleContentCodec;
+
+impl BytesEncode<'_> for LifecycleContentCodec {
+    type EItem = LifecycleContent;
+
+    fn bytes_encode(lcc: &Self::EItem) -> Result<Cow<'_, [u8]>, BoxedError> {
+        let (ver_no_byte, ver_id_bytes, mod_timestamp_bytes, type_byte, object_name_bytes) = match lcc {
+            LifecycleContent {
+                ver_no,
+                ver_id,
+                mod_time,
+                type_: LifecycleType::ExpiryCurrent,
+                object_name,
+            } => (
+                ver_no,
+                ver_id.clone().into_bytes(),
+                mod_time.unix_timestamp().to_be_bytes(),
+                0,
+                object_name.clone().into_bytes(),
+            ),
+            LifecycleContent {
+                ver_no,
+                ver_id,
+                mod_time,
+                type_: LifecycleType::ExpiryNoncurrent,
+                object_name,
+            } => (
+                ver_no,
+                ver_id.clone().into_bytes(),
+                mod_time.unix_timestamp().to_be_bytes(),
+                1,
+                object_name.clone().into_bytes(),
+            ),
+            LifecycleContent {
+                ver_no,
+                ver_id,
+                mod_time,
+                type_: LifecycleType::TransitionCurrent,
+                object_name,
+            } => (
+                ver_no,
+                ver_id.clone().into_bytes(),
+                mod_time.unix_timestamp().to_be_bytes(),
+                2,
+                object_name.clone().into_bytes(),
+            ),
+            LifecycleContent {
+                ver_no,
+                ver_id,
+                mod_time,
+                type_: LifecycleType::TransitionNoncurrent,
+                object_name,
+            } => (
+                ver_no,
+                ver_id.clone().into_bytes(),
+                mod_time.unix_timestamp().to_be_bytes(),
+                3,
+                object_name.clone().into_bytes(),
+            ),
+        };
+
+        let mut output = Vec::<u8>::new();
+        output.push(*ver_no_byte);
+        output.extend_from_slice(&ver_id_bytes);
+        output.extend_from_slice(&mod_timestamp_bytes);
+        output.push(type_byte);
+        output.extend_from_slice(&object_name_bytes);
+        Ok(Cow::Owned(output))
+    }
+}
+
+impl<'a> BytesDecode<'a> for LifecycleContentCodec {
+    type DItem = LifecycleContent;
+
+    fn bytes_decode(bytes: &'a [u8]) -> Result<Self::DItem, BoxedError> {
+        use std::mem::size_of;
+
+        let ver_no = match bytes.get(..size_of::<u8>()) {
+            Some(bytes) => bytes.try_into().map(u8::from_be_bytes).unwrap(),
+            None => return Err("invalid LifecycleContent: cannot extract ver_no".into()),
+        };
+
+        let ver_id = match bytes.get(size_of::<u8>()..(36 + 1)) {
+            Some(bytes) => unsafe { std::str::from_utf8_unchecked(bytes).to_string() },
+            None => return Err("invalid LifecycleContent: cannot extract ver_id".into()),
+        };
+
+        let mod_timestamp = match bytes.get((36 + 1)..(size_of::<i64>() + 36 + 1)) {
+            Some(bytes) => bytes.try_into().map(i64::from_be_bytes).unwrap(),
+            None => return Err("invalid LifecycleContent: cannot extract mod_time timestamp".into()),
+        };
+
+        let type_ = match bytes.get(size_of::<i64>() + 36 + 1) {
+            Some(&0) => LifecycleType::ExpiryCurrent,
+            Some(&1) => LifecycleType::ExpiryNoncurrent,
+            Some(&2) => LifecycleType::TransitionCurrent,
+            Some(&3) => LifecycleType::TransitionNoncurrent,
+            Some(_) => return Err("invalid LifecycleContent: invalid LifecycleType".into()),
+            None => return Err("invalid LifecycleContent: cannot extract LifecycleType".into()),
+        };
+
+        let object_name = match bytes.get((size_of::<i64>() + 36 + 1 + 1)..) {
+            Some(bytes) => unsafe { std::str::from_utf8_unchecked(bytes).to_string() },
+            None => return Err("invalid LifecycleContent: cannot extract object_name".into()),
+        };
+
+        Ok(LifecycleContent {
+            ver_no,
+            ver_id,
+            mod_time: OffsetDateTime::from_unix_timestamp(mod_timestamp).unwrap(),
+            type_,
+            object_name,
+        })
+    }
+}
+
+mod serial_tests {
+    use super::*;
+
+    #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
+    #[serial]
+    //#[ignore]
+    async fn test_lifecycle_chche_build() {
+        let (_disk_paths, ecstore) = setup_test_env().await;
+
+        // Create test bucket and object
+        let suffix = uuid::Uuid::new_v4().simple().to_string();
+        let bucket_name = format!("test-lc-cache-{}", &suffix[..8]);
+        let object_name = "test/object.txt"; // Match the lifecycle rule prefix "test/"
+        let test_data = b"Hello, this is test data for lifecycle expiry!";
+
+        create_test_lock_bucket(&ecstore, bucket_name.as_str()).await;
+        upload_test_object(&ecstore, bucket_name.as_str(), object_name, test_data).await;
+
+        // Verify object exists initially
+        assert!(object_exists(&ecstore, bucket_name.as_str(), object_name).await);
+        println!("✅ Object exists before lifecycle processing");
+
+        let scan_outcome = match local_scan::scan_and_persist_local_usage(ecstore.clone()).await {
+            Ok(outcome) => outcome,
+            Err(err) => {
+                warn!("Local usage scan failed: {}", err);
+                LocalScanOutcome::default()
+            }
+        };
+        let bucket_objects_map = &scan_outcome.bucket_objects;
+
+        let records = match bucket_objects_map.get(&bucket_name) {
+            Some(records) => records,
+            None => {
+                debug!("No local snapshot entries found for bucket {}; skipping lifecycle/integrity", bucket_name);
+                &vec![]
+            }
+        };
+
+        if let Some(lmdb_env) = GLOBAL_LMDB_ENV.get() {
+            if let Some(lmdb) = GLOBAL_LMDB_DB.get() {
+                let mut wtxn = lmdb_env.write_txn().unwrap();
+
+                /*if let Ok((lc_config, _)) = rustfs_ecstore::bucket::metadata_sys::get_lifecycle_config(bucket_name.as_str()).await {
+                    if let Ok(object_info) = ecstore
+                        .get_object_info(bucket_name.as_str(), object_name, &rustfs_ecstore::store_api::ObjectOptions::default())
+                        .await
+                    {
+                        let event = rustfs_ecstore::bucket::lifecycle::bucket_lifecycle_ops::eval_action_from_lifecycle(
+                            &lc_config,
+                            None,
+                            None,
+                            &object_info,
+                        )
+                        .await;
+
+                        rustfs_ecstore::bucket::lifecycle::bucket_lifecycle_ops::apply_expiry_on_non_transitioned_objects(
+                            ecstore.clone(),
+                            &object_info,
+                            &event,
+                            &rustfs_ecstore::bucket::lifecycle::bucket_lifecycle_audit::LcEventSrc::Scanner,
+                        )
+                        .await;
+
+                        expired = wait_for_object_absence(&ecstore, bucket_name.as_str(), object_name, Duration::from_secs(2)).await;
+                    }
+                }*/
+
+                for record in records {
+                    if !record.usage.has_live_object {
+                        continue;
+                    }
+
+                    let object_info = convert_record_to_object_info(record);
+                    println!("object_info2: {:?}", object_info);
+                    let mod_time = object_info.mod_time.unwrap_or(OffsetDateTime::now_utc());
+                    let expiry_time = rustfs_ecstore::bucket::lifecycle::lifecycle::expected_expiry_time(mod_time, 1);
+
+                    let version_id = if let Some(version_id) = object_info.version_id {
+                        version_id.to_string()
+                    } else {
+                        "zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz".to_string()
+                    };
+
+                    lmdb.put(
+                        &mut wtxn,
+                        &expiry_time.unix_timestamp(),
+                        &LifecycleContent {
+                            ver_no: 0,
+                            ver_id: version_id,
+                            mod_time,
+                            type_: LifecycleType::TransitionNoncurrent,
+                            object_name: object_info.name,
+                        },
+                    )
+                    .unwrap();
+                }
+
+                wtxn.commit().unwrap();
+
+                let mut wtxn = lmdb_env.write_txn().unwrap();
+                let iter = lmdb.iter_mut(&mut wtxn).unwrap();
+                //let _ = unsafe { iter.del_current().unwrap() };
+                for row in iter {
+                    if let Ok(ref elm) = row {
+                        let LifecycleContent {
+                            ver_no,
+                            ver_id,
+                            mod_time,
+                            type_,
+                            object_name,
+                        } = &elm.1;
+                        println!("cache row:{} {} {} {:?} {}", ver_no, ver_id, mod_time, type_, object_name);
+                    }
+                    println!("row:{:?}", row);
+                }
+                //drop(iter);
+                wtxn.commit().unwrap();
+            }
+        }
+
+        println!("Lifecycle cache test completed");
+    }
+}
--- a/crates/ahm/tests/lifecycle_integration_test.rs
+++ b/crates/ahm/tests/lifecycle_integration_test.rs
@@ -18,9 +18,9 @@ use rustfs_ecstore::{
    bucket::metadata_sys,
    disk::endpoint::Endpoint,
    endpoints::{EndpointServerPools, Endpoints, PoolEndpoints},
+    global::GLOBAL_TierConfigMgr,
    store::ECStore,
    store_api::{MakeBucketOptions, ObjectIO, ObjectOptions, PutObjReader, StorageAPI},
-    tier::tier::TierConfigMgr,
    tier::tier_config::{TierConfig, TierMinIO, TierType},
 };
 use serial_test::serial;
@@ -28,14 +28,11 @@ use std::sync::Once;
 use std::sync::OnceLock;
 use std::{path::PathBuf, sync::Arc, time::Duration};
 use tokio::fs;
-use tokio::sync::RwLock;
 use tokio_util::sync::CancellationToken;
-use tracing::warn;
-use tracing::{debug, info};
+use tracing::info;

 static GLOBAL_ENV: OnceLock<(Vec<PathBuf>, Arc<ECStore>)> = OnceLock::new();
 static INIT: Once = Once::new();
-static GLOBAL_TIER_CONFIG_MGR: OnceLock<Arc<RwLock<TierConfigMgr>>> = OnceLock::new();

 fn init_tracing() {
    INIT.call_once(|| {
@@ -121,13 +118,11 @@ async fn setup_test_env() -> (Vec<PathBuf>, Arc<ECStore>) {
    // Store in global once lock
    let _ = GLOBAL_ENV.set((disk_paths.clone(), ecstore.clone()));

-    let _ = GLOBAL_TIER_CONFIG_MGR.set(TierConfigMgr::new());
-
    (disk_paths, ecstore)
 }

 /// Test helper: Create a test bucket
-async fn _create_test_bucket(ecstore: &Arc<ECStore>, bucket_name: &str) {
+async fn create_test_bucket(ecstore: &Arc<ECStore>, bucket_name: &str) {
    (**ecstore)
        .make_bucket(bucket_name, &Default::default())
        .await
@@ -220,7 +215,7 @@ async fn set_bucket_lifecycle_transition(bucket_name: &str) -> Result<(), Box<dy
        </Filter>
        <Transition>
          <Days>0</Days>
-          <StorageClass>COLDTIER</StorageClass>
+          <StorageClass>COLDTIER44</StorageClass>
        </Transition>
    </Rule>
    <Rule>
@@ -231,7 +226,7 @@ async fn set_bucket_lifecycle_transition(bucket_name: &str) -> Result<(), Box<dy
        </Filter>
        <NoncurrentVersionTransition>
          <NoncurrentDays>0</NoncurrentDays>
-          <StorageClass>COLDTIER</StorageClass>
+          <StorageClass>COLDTIER44</StorageClass>
        </NoncurrentVersionTransition>
    </Rule>
 </LifecycleConfiguration>"#;
@@ -243,33 +238,51 @@ async fn set_bucket_lifecycle_transition(bucket_name: &str) -> Result<(), Box<dy

 /// Test helper: Create a test tier
 #[allow(dead_code)]
-async fn create_test_tier() {
+async fn create_test_tier(server: u32) {
    let args = TierConfig {
        version: "v1".to_string(),
        tier_type: TierType::MinIO,
-        name: "COLDTIER".to_string(),
+        name: "COLDTIER44".to_string(),
        s3: None,
+        aliyun: None,
+        tencent: None,
+        huaweicloud: None,
+        azure: None,
+        gcs: None,
+        r2: None,
        rustfs: None,
-        minio: Some(TierMinIO {
-            access_key: "minioadmin".to_string(),
-            secret_key: "minioadmin".to_string(),
-            bucket: "mblock2".to_string(),
-            endpoint: "http://127.0.0.1:9020".to_string(),
-            prefix: "mypre3/".to_string(),
-            region: "".to_string(),
-            ..Default::default()
-        }),
+        minio: if server == 1 {
+            Some(TierMinIO {
+                access_key: "minioadmin".to_string(),
+                secret_key: "minioadmin".to_string(),
+                bucket: "hello".to_string(),
+                endpoint: "http://39.105.198.204:9000".to_string(),
+                prefix: format!("mypre{}/", uuid::Uuid::new_v4()),
+                region: "".to_string(),
+                ..Default::default()
+            })
+        } else {
+            Some(TierMinIO {
+                access_key: "minioadmin".to_string(),
+                secret_key: "minioadmin".to_string(),
+                bucket: "mblock2".to_string(),
+                endpoint: "http://127.0.0.1:9020".to_string(),
+                prefix: format!("mypre{}/", uuid::Uuid::new_v4()),
+                region: "".to_string(),
+                ..Default::default()
+            })
+        },
    };
-    let mut tier_config_mgr = GLOBAL_TIER_CONFIG_MGR.get().unwrap().write().await;
+    let mut tier_config_mgr = GLOBAL_TierConfigMgr.write().await;
    if let Err(err) = tier_config_mgr.add(args, false).await {
-        warn!("tier_config_mgr add failed, e: {:?}", err);
+        println!("tier_config_mgr add failed, e: {:?}", err);
        panic!("tier add failed. {err}");
    }
    if let Err(e) = tier_config_mgr.save().await {
-        warn!("tier_config_mgr save failed, e: {:?}", e);
+        println!("tier_config_mgr save failed, e: {:?}", e);
        panic!("tier save failed");
    }
-    info!("Created test tier: {}", "COLDTIER");
+    println!("Created test tier: COLDTIER44");
 }

 /// Test helper: Check if object exists
@@ -284,9 +297,10 @@ async fn object_exists(ecstore: &Arc<ECStore>, bucket: &str, object: &str) -> bo
 #[allow(dead_code)]
 async fn object_is_delete_marker(ecstore: &Arc<ECStore>, bucket: &str, object: &str) -> bool {
    if let Ok(oi) = (**ecstore).get_object_info(bucket, object, &ObjectOptions::default()).await {
-        debug!("oi: {:?}", oi);
+        println!("oi: {:?}", oi);
        oi.delete_marker
    } else {
+        println!("object_is_delete_marker is error");
        panic!("object_is_delete_marker is error");
    }
 }
@@ -295,9 +309,10 @@ async fn object_is_delete_marker(ecstore: &Arc<ECStore>, bucket: &str, object: &
 #[allow(dead_code)]
 async fn object_is_transitioned(ecstore: &Arc<ECStore>, bucket: &str, object: &str) -> bool {
    if let Ok(oi) = (**ecstore).get_object_info(bucket, object, &ObjectOptions::default()).await {
-        info!("oi: {:?}", oi);
+        println!("oi: {:?}", oi);
        !oi.transitioned_object.status.is_empty()
    } else {
+        println!("object_is_transitioned is error");
        panic!("object_is_transitioned is error");
    }
 }
@@ -343,7 +358,7 @@ mod serial_tests {
        set_bucket_lifecycle(bucket_name.as_str())
            .await
            .expect("Failed to set lifecycle configuration");
-        println!("✅ Lifecycle configuration set for bucket: {}", bucket_name);
+        println!("✅ Lifecycle configuration set for bucket: {bucket_name}");

        // Verify lifecycle configuration was set
        match rustfs_ecstore::bucket::metadata_sys::get(bucket_name.as_str()).await {
@@ -455,8 +470,9 @@ mod serial_tests {
        println!("Lifecycle expiry basic test completed");
    }

-    #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
+    #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
    #[serial]
+    //#[ignore]
    async fn test_lifecycle_expiry_deletemarker() {
        let (_disk_paths, ecstore) = setup_test_env().await;

@@ -477,7 +493,7 @@ mod serial_tests {
        set_bucket_lifecycle_deletemarker(bucket_name.as_str())
            .await
            .expect("Failed to set lifecycle configuration");
-        println!("✅ Lifecycle configuration set for bucket: {}", bucket_name);
+        println!("✅ Lifecycle configuration set for bucket: {bucket_name}");

        // Verify lifecycle configuration was set
        match rustfs_ecstore::bucket::metadata_sys::get(bucket_name.as_str()).await {
@@ -578,12 +594,13 @@ mod serial_tests {
        println!("Lifecycle expiry basic test completed");
    }

-    #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
+    #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
    #[serial]
+    #[ignore]
    async fn test_lifecycle_transition_basic() {
        let (_disk_paths, ecstore) = setup_test_env().await;

-        //create_test_tier().await;
+        create_test_tier(1).await;

        // Create test bucket and object
        let suffix = uuid::Uuid::new_v4().simple().to_string();
@@ -591,7 +608,8 @@ mod serial_tests {
        let object_name = "test/object.txt"; // Match the lifecycle rule prefix "test/"
        let test_data = b"Hello, this is test data for lifecycle expiry!";

-        create_test_lock_bucket(&ecstore, bucket_name.as_str()).await;
+        //create_test_lock_bucket(&ecstore, bucket_name.as_str()).await;
+        create_test_bucket(&ecstore, bucket_name.as_str()).await;
        upload_test_object(&ecstore, bucket_name.as_str(), object_name, test_data).await;

        // Verify object exists initially
@@ -599,13 +617,13 @@ mod serial_tests {
        println!("✅ Object exists before lifecycle processing");

        // Set lifecycle configuration with very short expiry (0 days = immediate expiry)
-        /*set_bucket_lifecycle_transition(bucket_name)
+        set_bucket_lifecycle_transition(bucket_name.as_str())
            .await
            .expect("Failed to set lifecycle configuration");
        println!("✅ Lifecycle configuration set for bucket: {bucket_name}");

        // Verify lifecycle configuration was set
-        match rustfs_ecstore::bucket::metadata_sys::get(bucket_name).await {
+        match rustfs_ecstore::bucket::metadata_sys::get(bucket_name.as_str()).await {
            Ok(bucket_meta) => {
                assert!(bucket_meta.lifecycle_config.is_some());
                println!("✅ Bucket metadata retrieved successfully");
@@ -613,7 +631,7 @@ mod serial_tests {
            Err(e) => {
                println!("❌ Error retrieving bucket metadata: {e:?}");
            }
-        }*/
+        }

        // Create scanner with very short intervals for testing
        let scanner_config = ScannerConfig {
@@ -640,12 +658,11 @@ mod serial_tests {
        tokio::time::sleep(Duration::from_secs(5)).await;

        // Check if object has been expired (deleted)
-        //let check_result = object_is_transitioned(&ecstore, bucket_name, object_name).await;
-        let check_result = object_exists(&ecstore, bucket_name.as_str(), object_name).await;
+        let check_result = object_is_transitioned(&ecstore, &bucket_name, object_name).await;
        println!("Object exists after lifecycle processing: {check_result}");

        if check_result {
-            println!("✅ Object was not deleted by lifecycle processing");
+            println!("✅ Object was transitioned by lifecycle processing");
            // Let's try to get object info to see its details
            match ecstore
                .get_object_info(bucket_name.as_str(), object_name, &rustfs_ecstore::store_api::ObjectOptions::default())
@@ -663,7 +680,7 @@ mod serial_tests {
                }
            }
        } else {
-            println!("❌ Object was deleted by lifecycle processing");
+            println!("❌ Object was not transitioned by lifecycle processing");
        }

        assert!(check_result);
--- a/crates/audit/tests/config_parsing_test.rs
+++ b/crates/audit/tests/config_parsing_test.rs
@@ -81,8 +81,8 @@ fn test_config_section_names() {
 fn test_environment_variable_parsing() {
    // Test environment variable prefix patterns
    let env_prefix = "RUSTFS_";
-    let audit_webhook_prefix = format!("{}AUDIT_WEBHOOK_", env_prefix);
-    let audit_mqtt_prefix = format!("{}AUDIT_MQTT_", env_prefix);
+    let audit_webhook_prefix = format!("{env_prefix}AUDIT_WEBHOOK_");
+    let audit_mqtt_prefix = format!("{env_prefix}AUDIT_MQTT_");

    assert_eq!(audit_webhook_prefix, "RUSTFS_AUDIT_WEBHOOK_");
    assert_eq!(audit_mqtt_prefix, "RUSTFS_AUDIT_MQTT_");
@@ -141,13 +141,13 @@ fn test_duration_parsing_formats() {
        let result = parse_duration_test(input);
        match (result, expected_seconds) {
            (Some(duration), Some(expected)) => {
-                assert_eq!(duration.as_secs(), expected, "Failed for input: {}", input);
+                assert_eq!(duration.as_secs(), expected, "Failed for input: {input}");
            }
            (None, None) => {
                // Both None, test passes
            }
            _ => {
-                panic!("Mismatch for input: {}, got: {:?}, expected: {:?}", input, result, expected_seconds);
+                panic!("Mismatch for input: {input}, got: {result:?}, expected: {expected_seconds:?}");
            }
        }
    }
@@ -188,13 +188,13 @@ fn test_url_validation() {

    for url_str in valid_urls {
        let result = Url::parse(url_str);
-        assert!(result.is_ok(), "Valid URL should parse: {}", url_str);
+        assert!(result.is_ok(), "Valid URL should parse: {url_str}");
    }

    for url_str in &invalid_urls[..3] {
        // Skip the ftp one as it's technically valid
        let result = Url::parse(url_str);
-        assert!(result.is_err(), "Invalid URL should not parse: {}", url_str);
+        assert!(result.is_err(), "Invalid URL should not parse: {url_str}");
    }
 }

@@ -214,6 +214,6 @@ fn test_qos_parsing() {
            0..=2 => Some(q),
            _ => None,
        });
-        assert_eq!(result, expected, "Failed for QoS input: {}", input);
+        assert_eq!(result, expected, "Failed for QoS input: {input}");
    }
 }
--- a/crates/audit/tests/integration_test.rs
+++ b/crates/audit/tests/integration_test.rs
@@ -57,7 +57,7 @@ async fn test_config_parsing_webhook() {
        }
        Err(e) => {
            // Other errors might indicate parsing issues
-            println!("Unexpected error: {}", e);
+            println!("Unexpected error: {e}");
        }
        Ok(_) => {
            // Unexpected success in test environment without server storage
@@ -103,6 +103,6 @@ fn test_enable_value_parsing() {

    for (input, expected) in test_cases {
        let result = matches!(input.to_lowercase().as_str(), "1" | "on" | "true" | "yes");
-        assert_eq!(result, expected, "Failed for input: {}", input);
+        assert_eq!(result, expected, "Failed for input: {input}");
    }
 }
--- a/crates/audit/tests/performance_test.rs
+++ b/crates/audit/tests/performance_test.rs
@@ -32,10 +32,10 @@ async fn test_audit_system_startup_performance() {
    let _result = timeout(Duration::from_secs(5), system.start(config)).await;
    let elapsed = start.elapsed();

-    println!("Audit system startup took: {:?}", elapsed);
+    println!("Audit system startup took: {elapsed:?}");

    // Should complete within 5 seconds
-    assert!(elapsed < Duration::from_secs(5), "Startup took too long: {:?}", elapsed);
+    assert!(elapsed < Duration::from_secs(5), "Startup took too long: {elapsed:?}");

    // Clean up
    let _ = system.close().await;
@@ -54,8 +54,8 @@ async fn test_concurrent_target_creation() {
    for i in 1..=5 {
        let mut kvs = rustfs_ecstore::config::KVS::new();
        kvs.insert("enable".to_string(), "on".to_string());
-        kvs.insert("endpoint".to_string(), format!("http://localhost:302{}/webhook", i));
-        webhook_section.insert(format!("instance_{}", i), kvs);
+        kvs.insert("endpoint".to_string(), format!("http://localhost:302{i}/webhook"));
+        webhook_section.insert(format!("instance_{i}"), kvs);
    }

    config.0.insert("audit_webhook".to_string(), webhook_section);
@@ -66,10 +66,10 @@ async fn test_concurrent_target_creation() {
    let result = registry.create_targets_from_config(&config).await;
    let elapsed = start.elapsed();

-    println!("Concurrent target creation took: {:?}", elapsed);
+    println!("Concurrent target creation took: {elapsed:?}");

    // Should complete quickly even with multiple targets
-    assert!(elapsed < Duration::from_secs(10), "Target creation took too long: {:?}", elapsed);
+    assert!(elapsed < Duration::from_secs(10), "Target creation took too long: {elapsed:?}");

    // Verify it fails with expected error (server not initialized)
    match result {
@@ -77,7 +77,7 @@ async fn test_concurrent_target_creation() {
            // Expected in test environment
        }
        Err(e) => {
-            println!("Unexpected error during concurrent creation: {}", e);
+            println!("Unexpected error during concurrent creation: {e}");
        }
        Ok(_) => {
            println!("Unexpected success in test environment");
@@ -93,8 +93,8 @@ async fn test_audit_log_dispatch_performance() {
    let config = rustfs_ecstore::config::Config(HashMap::new());
    let start_result = system.start(config).await;
    if start_result.is_err() {
-        println!("AuditSystem failed to start: {:?}", start_result);
-        return; // 或 assert!(false, "AuditSystem failed to start");
+        println!("AuditSystem failed to start: {start_result:?}");
+        return; // Alternatively: assert!(false, "AuditSystem failed to start");
    }

    use chrono::Utc;
@@ -104,14 +104,14 @@ async fn test_audit_log_dispatch_performance() {
    let id = 1;

    let mut req_header = HashMap::new();
-    req_header.insert("authorization".to_string(), format!("Bearer test-token-{}", id));
+    req_header.insert("authorization".to_string(), format!("Bearer test-token-{id}"));
    req_header.insert("content-type".to_string(), "application/octet-stream".to_string());

    let mut resp_header = HashMap::new();
    resp_header.insert("x-response".to_string(), "ok".to_string());

    let mut tags = HashMap::new();
-    tags.insert(format!("tag-{}", id), json!("sample"));
+    tags.insert(format!("tag-{id}"), json!("sample"));

    let mut req_query = HashMap::new();
    req_query.insert("id".to_string(), id.to_string());
@@ -119,7 +119,7 @@ async fn test_audit_log_dispatch_performance() {
    let api_details = ApiDetails {
        name: Some("PutObject".to_string()),
        bucket: Some("test-bucket".to_string()),
-        object: Some(format!("test-object-{}", id)),
+        object: Some(format!("test-object-{id}")),
        status: Some("success".to_string()),
        status_code: Some(200),
        input_bytes: Some(1024),
@@ -134,7 +134,7 @@ async fn test_audit_log_dispatch_performance() {
    // Create sample audit log entry
    let audit_entry = AuditEntry {
        version: "1".to_string(),
-        deployment_id: Some(format!("test-deployment-{}", id)),
+        deployment_id: Some(format!("test-deployment-{id}")),
        site_name: Some("test-site".to_string()),
        time: Utc::now(),
        event: EventName::ObjectCreatedPut,
@@ -142,9 +142,9 @@ async fn test_audit_log_dispatch_performance() {
        trigger: "api".to_string(),
        api: api_details,
        remote_host: Some("127.0.0.1".to_string()),
-        request_id: Some(format!("test-request-{}", id)),
+        request_id: Some(format!("test-request-{id}")),
        user_agent: Some("test-agent".to_string()),
-        req_path: Some(format!("/test-bucket/test-object-{}", id)),
+        req_path: Some(format!("/test-bucket/test-object-{id}")),
        req_host: Some("test-host".to_string()),
        req_node: Some("node-1".to_string()),
        req_claims: None,
@@ -152,8 +152,8 @@ async fn test_audit_log_dispatch_performance() {
        req_header: Some(req_header),
        resp_header: Some(resp_header),
        tags: Some(tags),
-        access_key: Some(format!("AKIA{}", id)),
-        parent_user: Some(format!("parent-{}", id)),
+        access_key: Some(format!("AKIA{id}")),
+        parent_user: Some(format!("parent-{id}")),
        error: None,
    };

@@ -163,10 +163,10 @@ async fn test_audit_log_dispatch_performance() {
    let result = system.dispatch(Arc::new(audit_entry)).await;
    let elapsed = start.elapsed();

-    println!("Audit log dispatch took: {:?}", elapsed);
+    println!("Audit log dispatch took: {elapsed:?}");

    // Should be very fast (sub-millisecond for no targets)
-    assert!(elapsed < Duration::from_millis(100), "Dispatch took too long: {:?}", elapsed);
+    assert!(elapsed < Duration::from_millis(100), "Dispatch took too long: {elapsed:?}");

    // Should succeed even with no targets
    assert!(result.is_ok(), "Dispatch should succeed with no targets");
@@ -226,10 +226,10 @@ fn test_event_name_mask_performance() {
    }

    let elapsed = start.elapsed();
-    println!("Event mask calculation (5000 ops) took: {:?}", elapsed);
+    println!("Event mask calculation (5000 ops) took: {elapsed:?}");

    // Should be very fast
-    assert!(elapsed < Duration::from_millis(100), "Mask calculation too slow: {:?}", elapsed);
+    assert!(elapsed < Duration::from_millis(100), "Mask calculation too slow: {elapsed:?}");
 }

 #[test]
@@ -254,10 +254,10 @@ fn test_event_name_expansion_performance() {
    }

    let elapsed = start.elapsed();
-    println!("Event expansion (4000 ops) took: {:?}", elapsed);
+    println!("Event expansion (4000 ops) took: {elapsed:?}");

    // Should be very fast
-    assert!(elapsed < Duration::from_millis(100), "Expansion too slow: {:?}", elapsed);
+    assert!(elapsed < Duration::from_millis(100), "Expansion too slow: {elapsed:?}");
 }

 #[tokio::test]
@@ -274,10 +274,10 @@ async fn test_registry_operations_performance() {
    }

    let elapsed = start.elapsed();
-    println!("Registry operations (2000 ops) took: {:?}", elapsed);
+    println!("Registry operations (2000 ops) took: {elapsed:?}");

    // Should be very fast for empty registry
-    assert!(elapsed < Duration::from_millis(100), "Registry ops too slow: {:?}", elapsed);
+    assert!(elapsed < Duration::from_millis(100), "Registry ops too slow: {elapsed:?}");
 }

 // Performance requirements validation
@@ -294,7 +294,7 @@ fn test_performance_requirements() {
    // Simulate processing 3000 events worth of operations
    for i in 0..3000 {
        // Simulate event name parsing and processing
-        let _event_id = format!("s3:ObjectCreated:Put_{}", i);
+        let _event_id = format!("s3:ObjectCreated:Put_{i}");
        let _timestamp = chrono::Utc::now().to_rfc3339();

        // Simulate basic audit entry creation overhead
@@ -305,16 +305,16 @@ fn test_performance_requirements() {
    let elapsed = start.elapsed();
    let eps = 3000.0 / elapsed.as_secs_f64();

-    println!("Simulated 3000 events in {:?} ({:.0} EPS)", elapsed, eps);
+    println!("Simulated 3000 events in {elapsed:?} ({eps:.0} EPS)");

    // Our core processing should easily handle 3k EPS worth of CPU overhead
    // The actual EPS limit will be determined by network I/O to targets
-    assert!(eps > 10000.0, "Core processing too slow for 3k EPS target: {} EPS", eps);
+    assert!(eps > 10000.0, "Core processing too slow for 3k EPS target: {eps} EPS");

    // P99 latency requirement: < 30ms
    // For core processing, we should be much faster than this
    let avg_latency = elapsed / 3000;
-    println!("Average processing latency: {:?}", avg_latency);
+    println!("Average processing latency: {avg_latency:?}");

-    assert!(avg_latency < Duration::from_millis(1), "Processing latency too high: {:?}", avg_latency);
+    assert!(avg_latency < Duration::from_millis(1), "Processing latency too high: {avg_latency:?}");
 }
--- a/crates/audit/tests/system_integration_test.rs
+++ b/crates/audit/tests/system_integration_test.rs
@@ -52,7 +52,7 @@ async fn test_complete_audit_system_lifecycle() {
            assert_eq!(system.get_state().await, system::AuditSystemState::Running);
        }
        Err(e) => {
-            panic!("Unexpected error: {}", e);
+            panic!("Unexpected error: {e}");
        }
    }

@@ -103,7 +103,7 @@ async fn test_audit_log_dispatch_with_no_targets() {
            // Also acceptable since system not running
        }
        Err(e) => {
-            panic!("Unexpected error: {}", e);
+            panic!("Unexpected error: {e}");
        }
    }
 }
@@ -172,7 +172,7 @@ async fn test_config_parsing_with_multiple_instances() {
            // Expected - parsing worked but save failed
        }
        Err(e) => {
-            println!("Config parsing error: {}", e);
+            println!("Config parsing error: {e}");
            // Other errors might indicate parsing issues, but not necessarily failures
        }
        Ok(_) => {
@@ -261,7 +261,7 @@ async fn test_concurrent_operations() {
        let (i, state, is_running) = task.await.expect("Task should complete");
        assert_eq!(state, system::AuditSystemState::Stopped);
        assert!(!is_running);
-        println!("Task {} completed successfully", i);
+        println!("Task {i} completed successfully");
    }
 }

@@ -295,8 +295,8 @@ async fn test_performance_under_load() {
    }

    let elapsed = start.elapsed();
-    println!("100 concurrent dispatches took: {:?}", elapsed);
-    println!("Successes: {}, Errors: {}", success_count, error_count);
+    println!("100 concurrent dispatches took: {elapsed:?}");
+    println!("Successes: {success_count}, Errors: {error_count}");

    // Should complete reasonably quickly
    assert!(elapsed < Duration::from_secs(5), "Concurrent operations took too long");
@@ -318,14 +318,14 @@ fn create_sample_audit_entry_with_id(id: u32) -> AuditEntry {
    use std::collections::HashMap;

    let mut req_header = HashMap::new();
-    req_header.insert("authorization".to_string(), format!("Bearer test-token-{}", id));
+    req_header.insert("authorization".to_string(), format!("Bearer test-token-{id}"));
    req_header.insert("content-type".to_string(), "application/octet-stream".to_string());

    let mut resp_header = HashMap::new();
    resp_header.insert("x-response".to_string(), "ok".to_string());

    let mut tags = HashMap::new();
-    tags.insert(format!("tag-{}", id), json!("sample"));
+    tags.insert(format!("tag-{id}"), json!("sample"));

    let mut req_query = HashMap::new();
    req_query.insert("id".to_string(), id.to_string());
@@ -333,7 +333,7 @@ fn create_sample_audit_entry_with_id(id: u32) -> AuditEntry {
    let api_details = ApiDetails {
        name: Some("PutObject".to_string()),
        bucket: Some("test-bucket".to_string()),
-        object: Some(format!("test-object-{}", id)),
+        object: Some(format!("test-object-{id}")),
        status: Some("success".to_string()),
        status_code: Some(200),
        input_bytes: Some(1024),
@@ -348,7 +348,7 @@ fn create_sample_audit_entry_with_id(id: u32) -> AuditEntry {

    AuditEntry {
        version: "1".to_string(),
-        deployment_id: Some(format!("test-deployment-{}", id)),
+        deployment_id: Some(format!("test-deployment-{id}")),
        site_name: Some("test-site".to_string()),
        time: Utc::now(),
        event: EventName::ObjectCreatedPut,
@@ -356,9 +356,9 @@ fn create_sample_audit_entry_with_id(id: u32) -> AuditEntry {
        trigger: "api".to_string(),
        api: api_details,
        remote_host: Some("127.0.0.1".to_string()),
-        request_id: Some(format!("test-request-{}", id)),
+        request_id: Some(format!("test-request-{id}")),
        user_agent: Some("test-agent".to_string()),
-        req_path: Some(format!("/test-bucket/test-object-{}", id)),
+        req_path: Some(format!("/test-bucket/test-object-{id}")),
        req_host: Some("test-host".to_string()),
        req_node: Some("node-1".to_string()),
        req_claims: None,
@@ -366,8 +366,8 @@ fn create_sample_audit_entry_with_id(id: u32) -> AuditEntry {
        req_header: Some(req_header),
        resp_header: Some(resp_header),
        tags: Some(tags),
-        access_key: Some(format!("AKIA{}", id)),
-        parent_user: Some(format!("parent-{}", id)),
+        access_key: Some(format!("AKIA{id}")),
+        parent_user: Some(format!("parent-{id}")),
        error: None,
    }
 }
--- a/crates/common/src/heal_channel.rs
+++ b/crates/common/src/heal_channel.rs
@@ -85,19 +85,14 @@ impl Display for DriveState {
    }
 }

-#[derive(Clone, Copy, Debug, Serialize, Deserialize, PartialEq, Eq)]
+#[derive(Clone, Copy, Debug, Default, Serialize, Deserialize, PartialEq, Eq)]
 pub enum HealScanMode {
    Unknown,
+    #[default]
    Normal,
    Deep,
 }

-impl Default for HealScanMode {
-    fn default() -> Self {
-        Self::Normal
-    }
-}
-
 #[derive(Clone, Copy, Debug, Default, Serialize, Deserialize)]
 pub struct HealOpts {
    pub recursive: bool,
@@ -175,11 +170,12 @@ pub struct HealChannelResponse {
 }

 /// Heal priority
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+#[derive(Debug, Default, Clone, Copy, PartialEq, Eq)]
 pub enum HealChannelPriority {
    /// Low priority
    Low,
    /// Normal priority
+    #[default]
    Normal,
    /// High priority
    High,
@@ -187,12 +183,6 @@ pub enum HealChannelPriority {
    Critical,
 }

-impl Default for HealChannelPriority {
-    fn default() -> Self {
-        Self::Normal
-    }
-}
-
 /// Heal channel sender
 pub type HealChannelSender = mpsc::UnboundedSender<HealChannelCommand>;

--- a/crates/config/src/constants/app.rs
+++ b/crates/config/src/constants/app.rs
@@ -21,12 +21,12 @@ pub const APP_NAME: &str = "RustFS";
 /// Application version
 /// Default value: 1.0.0
 /// Environment variable: RUSTFS_VERSION
-pub const VERSION: &str = "0.0.1";
+pub const VERSION: &str = "1.0.0";

 /// Default configuration logger level
-/// Default value: info
+/// Default value: error
 /// Environment variable: RUSTFS_LOG_LEVEL
-pub const DEFAULT_LOG_LEVEL: &str = "info";
+pub const DEFAULT_LOG_LEVEL: &str = "error";

 /// Default configuration use stdout
 /// Default value: false
@@ -40,22 +40,15 @@ pub const SAMPLE_RATIO: f64 = 1.0;
 pub const METER_INTERVAL: u64 = 30;

 /// Default configuration service version
-/// Default value: 0.0.1
-pub const SERVICE_VERSION: &str = "0.0.1";
+/// Default value: 1.0.0
+/// Environment variable: RUSTFS_OBS_SERVICE_VERSION
+/// Uses the same value as VERSION constant
+pub const SERVICE_VERSION: &str = "1.0.0";

 /// Default configuration environment
 /// Default value: production
 pub const ENVIRONMENT: &str = "production";

-/// maximum number of connections
-/// This is the maximum number of connections that the server will accept.
-/// This is used to limit the number of connections to the server.
-pub const MAX_CONNECTIONS: usize = 100;
-/// timeout for connections
-/// This is the timeout for connections to the server.
-/// This is used to limit the time that a connection can be open.
-pub const DEFAULT_TIMEOUT_MS: u64 = 3000;
-
 /// Default Access Key
 /// Default value: rustfsadmin
 /// Environment variable: RUSTFS_ACCESS_KEY
@@ -126,12 +119,6 @@ pub const DEFAULT_LOG_FILENAME: &str = "rustfs";
 /// Default value: rustfs.log
 pub const DEFAULT_OBS_LOG_FILENAME: &str = concat!(DEFAULT_LOG_FILENAME, "");

-/// Default sink file log file for rustfs
-/// This is the default sink file log file for rustfs.
-/// It is used to store the logs of the application.
-/// Default value: rustfs-sink.log
-pub const DEFAULT_SINK_FILE_LOG_FILE: &str = concat!(DEFAULT_LOG_FILENAME, "-sink.log");
-
 /// Default log directory for rustfs
 /// This is the default log directory for rustfs.
 /// It is used to store the logs of the application.
@@ -151,7 +138,7 @@ pub const DEFAULT_LOG_ROTATION_SIZE_MB: u64 = 100;
 /// It is used to rotate the logs of the application.
 /// Default value: hour, eg: day,hour,minute,second
 /// Environment variable: RUSTFS_OBS_LOG_ROTATION_TIME
-pub const DEFAULT_LOG_ROTATION_TIME: &str = "day";
+pub const DEFAULT_LOG_ROTATION_TIME: &str = "hour";

 /// Default log keep files for rustfs
 /// This is the default log keep files for rustfs.
@@ -160,19 +147,18 @@ pub const DEFAULT_LOG_ROTATION_TIME: &str = "day";
 /// Environment variable: RUSTFS_OBS_LOG_KEEP_FILES
 pub const DEFAULT_LOG_KEEP_FILES: u16 = 30;

-/// This is the external address for rustfs to access endpoint (used in Docker deployments).
-/// This should match the mapped host port when using Docker port mapping.
-/// Example: ":9020" when mapping host port 9020 to container port 9000.
-/// Default value: DEFAULT_ADDRESS
-/// Environment variable: RUSTFS_EXTERNAL_ADDRESS
-/// Command line argument: --external-address
-/// Example: RUSTFS_EXTERNAL_ADDRESS=":9020"
-/// Example: --external-address ":9020"
-pub const ENV_EXTERNAL_ADDRESS: &str = "RUSTFS_EXTERNAL_ADDRESS";
+/// Default log local logging enabled for rustfs
+/// This is the default log local logging enabled for rustfs.
+/// It is used to enable or disable local logging of the application.
+/// Default value: false
+/// Environment variable: RUSTFS_OBS_LOCAL_LOGGING_ENABLED
+pub const DEFAULT_LOG_LOCAL_LOGGING_ENABLED: bool = false;

-/// 1 KiB
+/// Constant representing 1 Kibibyte (1024 bytes)
+/// Default value: 1024
 pub const KI_B: usize = 1024;
-/// 1 MiB
+/// Constant representing 1 Mebibyte (1024 * 1024 bytes)
+/// Default value: 1048576
 pub const MI_B: usize = 1024 * 1024;

 #[cfg(test)]
@@ -185,16 +171,16 @@ mod tests {
        assert_eq!(APP_NAME, "RustFS");
        assert!(!APP_NAME.contains(' '), "App name should not contain spaces");

-        assert_eq!(VERSION, "0.0.1");
+        assert_eq!(VERSION, "1.0.0");

-        assert_eq!(SERVICE_VERSION, "0.0.1");
+        assert_eq!(SERVICE_VERSION, "1.0.0");
        assert_eq!(VERSION, SERVICE_VERSION, "Version and service version should be consistent");
    }

    #[test]
    fn test_logging_constants() {
        // Test logging related constants
-        assert_eq!(DEFAULT_LOG_LEVEL, "info");
+        assert_eq!(DEFAULT_LOG_LEVEL, "error");
        assert!(
            ["trace", "debug", "info", "warn", "error"].contains(&DEFAULT_LOG_LEVEL),
            "Log level should be a valid tracing level"
@@ -215,14 +201,6 @@ mod tests {
        );
    }

-    #[test]
-    fn test_connection_constants() {
-        // Test connection related constants
-        assert_eq!(MAX_CONNECTIONS, 100);
-
-        assert_eq!(DEFAULT_TIMEOUT_MS, 3000);
-    }
-
    #[test]
    fn test_security_constants() {
        // Test security related constants
@@ -325,8 +303,8 @@ mod tests {
        // assert!(DEFAULT_TIMEOUT_MS < u64::MAX, "Timeout should be reasonable");

        // These are const non-zero values, so zero checks are redundant
-        // assert!(DEFAULT_PORT != 0, "Default port should not be zero");
-        // assert!(DEFAULT_CONSOLE_PORT != 0, "Console port should not be zero");
+        assert_ne!(DEFAULT_PORT, 0, "Default port should not be zero");
+        assert_ne!(DEFAULT_CONSOLE_PORT, 0, "Console port should not be zero");
    }

    #[test]
--- a/crates/config/src/constants/mod.rs
+++ b/crates/config/src/constants/mod.rs
@@ -15,6 +15,7 @@
 pub(crate) mod app;
 pub(crate) mod console;
 pub(crate) mod env;
+pub(crate) mod profiler;
 pub(crate) mod runtime;
 pub(crate) mod targets;
 pub(crate) mod tls;
--- a/crates/config/src/constants/profiler.rs
+++ b/crates/config/src/constants/profiler.rs
@@ -0,0 +1,41 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+pub const ENV_ENABLE_PROFILING: &str = "RUSTFS_ENABLE_PROFILING";
+
+// CPU profiling
+pub const ENV_CPU_MODE: &str = "RUSTFS_PROF_CPU_MODE"; // off|continuous|periodic
+pub const ENV_CPU_FREQ: &str = "RUSTFS_PROF_CPU_FREQ";
+pub const ENV_CPU_INTERVAL_SECS: &str = "RUSTFS_PROF_CPU_INTERVAL_SECS";
+pub const ENV_CPU_DURATION_SECS: &str = "RUSTFS_PROF_CPU_DURATION_SECS";
+
+// Memory profiling (jemalloc)
+pub const ENV_MEM_PERIODIC: &str = "RUSTFS_PROF_MEM_PERIODIC";
+pub const ENV_MEM_INTERVAL_SECS: &str = "RUSTFS_PROF_MEM_INTERVAL_SECS";
+
+// Output directory
+pub const ENV_OUTPUT_DIR: &str = "RUSTFS_PROF_OUTPUT_DIR";
+
+// Defaults
+pub const DEFAULT_ENABLE_PROFILING: bool = false;
+
+pub const DEFAULT_CPU_MODE: &str = "off";
+pub const DEFAULT_CPU_FREQ: usize = 100;
+pub const DEFAULT_CPU_INTERVAL_SECS: u64 = 300;
+pub const DEFAULT_CPU_DURATION_SECS: u64 = 60;
+
+pub const DEFAULT_MEM_PERIODIC: bool = false;
+pub const DEFAULT_MEM_INTERVAL_SECS: u64 = 300;
+
+pub const DEFAULT_OUTPUT_DIR: &str = ".";
--- a/crates/config/src/constants/runtime.rs
+++ b/crates/config/src/constants/runtime.rs
@@ -22,7 +22,10 @@ pub const ENV_THREAD_STACK_SIZE: &str = "RUSTFS_RUNTIME_THREAD_STACK_SIZE";
 pub const ENV_THREAD_KEEP_ALIVE: &str = "RUSTFS_RUNTIME_THREAD_KEEP_ALIVE";
 pub const ENV_GLOBAL_QUEUE_INTERVAL: &str = "RUSTFS_RUNTIME_GLOBAL_QUEUE_INTERVAL";
 pub const ENV_THREAD_NAME: &str = "RUSTFS_RUNTIME_THREAD_NAME";
+pub const ENV_MAX_IO_EVENTS_PER_TICK: &str = "RUSTFS_RUNTIME_MAX_IO_EVENTS_PER_TICK";
 pub const ENV_RNG_SEED: &str = "RUSTFS_RUNTIME_RNG_SEED";
+/// Event polling interval
+pub const ENV_EVENT_INTERVAL: &str = "RUSTFS_RUNTIME_EVENT_INTERVAL";

 // Default values for Tokio runtime
 pub const DEFAULT_WORKER_THREADS: usize = 16;
@@ -32,4 +35,7 @@ pub const DEFAULT_THREAD_STACK_SIZE: usize = MI_B; // 1 MiB
 pub const DEFAULT_THREAD_KEEP_ALIVE: u64 = 60; // seconds
 pub const DEFAULT_GLOBAL_QUEUE_INTERVAL: u32 = 31;
 pub const DEFAULT_THREAD_NAME: &str = "rustfs-worker";
+pub const DEFAULT_MAX_IO_EVENTS_PER_TICK: usize = 1024;
+/// Event polling default (Tokio default 61)
+pub const DEFAULT_EVENT_INTERVAL: u32 = 61;
 pub const DEFAULT_RNG_SEED: Option<u64> = None; // None means random
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -21,6 +21,8 @@ pub use constants::console::*;
 #[cfg(feature = "constants")]
 pub use constants::env::*;
 #[cfg(feature = "constants")]
+pub use constants::profiler::*;
+#[cfg(feature = "constants")]
 pub use constants::runtime::*;
 #[cfg(feature = "constants")]
 pub use constants::targets::*;
--- a/crates/crypto/src/encdec/tests.rs
+++ b/crates/crypto/src/encdec/tests.rs
@@ -226,7 +226,7 @@ fn test_password_variations() -> Result<(), crate::Error> {
        b"12345".as_slice(),            // Numeric
        b"!@#$%^&*()".as_slice(),       // Special characters
        b"\x00\x01\x02\x03".as_slice(), // Binary password
-        "密码测试".as_bytes(),          // Unicode password
+        "пароль тест".as_bytes(),       // Unicode password
        &[0xFF; 64],                    // Long binary password
    ];

--- a/crates/e2e_test/src/kms/README.md
+++ b/crates/e2e_test/src/kms/README.md
@@ -1,267 +1,253 @@
 # KMS End-to-End Tests

-本目录包含 RustFS KMS (Key Management Service) 的端到端集成测试，用于验证完整的 KMS 功能流程。
+This directory contains the integration suites used to validate the full RustFS KMS (Key Management Service) workflow.

-## 📁 测试文件说明
+## 📁 Test Overview

 ### `kms_local_test.rs`
-本地KMS后端的端到端测试，包含：
- 自动启动和配置本地KMS后端
- 通过动态配置API配置KMS服务
- 测试SSE-C（客户端提供密钥）加密流程
- 验证S3兼容的对象加密/解密操作
- 密钥生命周期管理测试
+End-to-end coverage for the local KMS backend:
+- Auto-start and configure the local backend
+- Configure KMS through the dynamic configuration API
+- Verify SSE-C (client-provided keys)
+- Exercise S3-compatible encryption/decryption
+- Validate key lifecycle management

 ### `kms_vault_test.rs`
-Vault KMS后端的端到端测试，包含：
- 自动启动Vault开发服务器
- 配置Vault transit engine和密钥
- 通过动态配置API配置KMS服务
- 测试完整的Vault KMS集成
- 验证Token认证和加密操作
+End-to-end coverage for the Vault backend:
+- Launch a Vault dev server automatically
+- Configure the transit engine and encryption keys
+- Configure KMS via the dynamic configuration API
+- Run the full Vault integration flow
+- Validate token authentication and encryption operations

 ### `kms_comprehensive_test.rs`
-**完整的KMS功能测试套件**（当前因AWS SDK API兼容性问题暂时禁用），包含：
- **Bucket加密配置**: SSE-S3和SSE-KMS默认加密设置
- **完整的SSE加密模式测试**:
-  - SSE-S3: S3管理的服务端加密
-  - SSE-KMS: KMS管理的服务端加密
-  - SSE-C: 客户端提供密钥的服务端加密
- **对象操作测试**: 上传、下载、验证三种SSE模式
- **分片上传测试**: 多部分上传支持所有SSE模式
- **对象复制测试**: 不同SSE模式间的复制操作
- **完整KMS API管理**:
-  - 密钥生命周期管理（创建、列表、描述、删除、取消删除）
-  - 直接加密/解密操作
-  - 数据密钥生成和操作
-  - KMS服务管理（启动、停止、状态查询）
+**Full KMS capability suite** (currently disabled because of AWS SDK compatibility issues):
+- **Bucket encryption configuration**: SSE-S3 and SSE-KMS defaults
+- **All SSE encryption modes**:
+  - SSE-S3 (S3-managed server-side encryption)
+  - SSE-KMS (KMS-managed server-side encryption)
+  - SSE-C (client-provided keys)
+- **Object operations**: upload, download, and validation for every SSE mode
+- **Multipart uploads**: cover each SSE mode
+- **Object replication**: cross-mode replication scenarios
+- **Complete KMS API management**:
+  - Key lifecycle (create, list, describe, delete, cancel delete)
+  - Direct encrypt/decrypt operations
+  - Data key generation and handling
+  - KMS service lifecycle (start, stop, status)

 ### `kms_integration_test.rs`
-综合性KMS集成测试，包含：
- 多后端兼容性测试
- KMS服务生命周期测试
- 错误处理和恢复测试
- **注意**: 当前因AWS SDK API兼容性问题暂时禁用
+Broad integration tests that exercise:
+- Multiple backends
+- KMS lifecycle management
+- Error handling and recovery
+- **Note**: currently disabled because of AWS SDK compatibility gaps

-## 🚀 如何运行测试
+## 🚀 Running Tests

-### 前提条件
+### Prerequisites

-1. **系统依赖**：
+1. **System dependencies**
   ```bash
   # macOS
   brew install vault awscurl
-   
+
   # Ubuntu/Debian
   apt-get install vault
   pip install awscurl
   ```

-2. **构建RustFS**：
+2. **Build RustFS**
   ```bash
-   # 在项目根目录
   cargo build
   ```

-### 运行单个测试
+### Run individual suites

-#### 本地KMS测试
+#### Local backend
 ```bash
 cd crates/e2e_test
 cargo test test_local_kms_end_to_end -- --nocapture
 ```

-#### Vault KMS测试
+#### Vault backend
 ```bash
 cd crates/e2e_test
 cargo test test_vault_kms_end_to_end -- --nocapture
 ```

-#### 高可用性测试
+#### High availability
 ```bash
 cd crates/e2e_test
 cargo test test_vault_kms_high_availability -- --nocapture
 ```

-#### 完整功能测试（开发中）
+#### Comprehensive features (disabled)
 ```bash
 cd crates/e2e_test
-# 注意：以下测试因AWS SDK API兼容性问题暂时禁用
+# Disabled due to AWS SDK compatibility gaps
 # cargo test test_comprehensive_kms_functionality -- --nocapture
-# cargo test test_sse_modes_compatibility -- --nocapture  
+# cargo test test_sse_modes_compatibility -- --nocapture
 # cargo test test_kms_api_comprehensive -- --nocapture
 ```

-### 运行所有KMS测试
+### Run all KMS suites
 ```bash
 cd crates/e2e_test
 cargo test kms -- --nocapture
 ```

-### 串行运行（避免端口冲突）
+### Run serially (avoid port conflicts)
 ```bash
 cd crates/e2e_test
 cargo test kms -- --nocapture --test-threads=1
 ```

-## 🔧 测试配置
+## 🔧 Configuration

-### 环境变量
+### Environment variables
 ```bash
-# 可选：自定义端口（默认使用9050）
+# Optional: custom RustFS port (default 9050)
 export RUSTFS_TEST_PORT=9050

-# 可选：自定义Vault端口（默认使用8200）
+# Optional: custom Vault port (default 8200)
 export VAULT_TEST_PORT=8200

-# 可选：启用详细日志
+# Optional: enable verbose logging
 export RUST_LOG=debug
 ```

-### 依赖的二进制文件路径
+### Required binaries

-测试会自动查找以下二进制文件：
- `../../target/debug/rustfs` - RustFS服务器
- `vault` - Vault (需要在PATH中)
- `/Users/dandan/Library/Python/3.9/bin/awscurl` - AWS签名工具
+Tests look for:
+- `../../target/debug/rustfs` – RustFS server
+- `vault` – Vault CLI (must be on PATH)
+- `/Users/dandan/Library/Python/3.9/bin/awscurl` – AWS SigV4 helper

-## 📋 测试流程说明
+## 📋 Test Flow

-### Local KMS测试流程
-1. **环境准备**：创建临时目录，设置KMS密钥存储路径
-2. **启动服务**：启动RustFS服务器，启用KMS功能
-3. **等待就绪**：检查端口监听和S3 API响应
-4. **配置KMS**：通过awscurl发送配置请求到admin API
-5. **启动KMS**：激活KMS服务
-6. **功能测试**：
-   - 创建测试存储桶
-   - 测试SSE-C加密（客户端提供密钥）
-   - 验证对象加密/解密
-7. **清理**：终止进程，清理临时文件
+### Local backend
+1. **Prepare environment** – create temporary directories and key storage paths
+2. **Start RustFS** – launch the server with KMS enabled
+3. **Wait for readiness** – confirm the port listener and S3 API
+4. **Configure KMS** – send configuration via awscurl to the admin API
+5. **Start KMS** – activate the KMS service
+6. **Exercise functionality**
+   - Create a test bucket
+   - Run SSE-C encryption with client-provided keys
+   - Validate encryption/decryption behavior
+7. **Cleanup** – stop processes and remove temporary files

-### Vault KMS测试流程
-1. **启动Vault**：使用开发模式启动Vault服务器
-2. **配置Vault**：
-   - 启用transit secrets engine
-   - 创建加密密钥（rustfs-master-key）
-3. **启动RustFS**：启用KMS功能的RustFS服务器
-4. **配置KMS**：通过API配置Vault后端，包含：
-   - Vault地址和Token认证
-   - Transit engine配置
-   - 密钥路径设置
-5. **功能测试**：完整的加密/解密流程测试
-6. **清理**：终止所有进程
+### Vault backend
+1. **Launch Vault** – start the dev-mode server
+2. **Configure Vault**
+   - Enable the transit secrets engine
+   - Create the `rustfs-master-key`
+3. **Start RustFS** – run the server with KMS enabled
+4. **Configure KMS** – point RustFS at Vault (address, token, transit config, key path)
+5. **Exercise functionality** – complete the encryption/decryption workflow
+6. **Cleanup** – stop all services

-## 🛠️ 故障排除
+## 🛠️ Troubleshooting

-### 常见问题
+### Common issues

-**Q: 测试失败 "RustFS server failed to become ready"**
-```
-A: 检查端口是否被占用：
+**Q: `RustFS server failed to become ready`**
+```bash
 lsof -i :9050
-kill -9 <PID>  # 如果有进程占用端口
+kill -9 <PID>  # Free the port if necessary
 ```

-**Q: Vault服务启动失败**
-```
-A: 确保Vault已安装且在PATH中：
+**Q: Vault fails to start**
+```bash
 which vault
 vault version
 ```

-**Q: awscurl认证失败**
-```
-A: 检查awscurl路径是否正确：
+**Q: awscurl authentication fails**
+```bash
 ls /Users/dandan/Library/Python/3.9/bin/awscurl
-# 或安装到不同路径：
+# Or install elsewhere
 pip install awscurl
-which awscurl  # 然后更新测试中的路径
+which awscurl  # Update the path in tests accordingly
 ```

-**Q: 测试超时**
-```
-A: 增加等待时间或检查日志：
+**Q: Tests time out**
+```bash
 RUST_LOG=debug cargo test test_local_kms_end_to_end -- --nocapture
 ```

-### 调试技巧
+### Debug tips

-1. **查看详细日志**：
+1. **Enable verbose logs**
   ```bash
   RUST_LOG=rustfs_kms=debug,rustfs=info cargo test -- --nocapture
   ```

-2. **保留临时文件**：
-   修改测试代码，注释掉清理部分，检查生成的配置文件
+2. **Keep temporary files** – comment out cleanup logic to inspect generated configs

-3. **单步调试**：
-   在测试中添加 `std::thread::sleep` 来暂停执行，手动检查服务状态
+3. **Pause execution** – add `std::thread::sleep` for manual inspection during tests

-4. **端口检查**：
+4. **Monitor ports**
   ```bash
-   # 测试运行时检查端口状态
   netstat -an | grep 9050
   curl http://127.0.0.1:9050/minio/health/ready
   ```

-## 📊 测试覆盖范围
+## 📊 Coverage

-### 功能覆盖
- ✅ KMS服务动态配置
- ✅ 本地和Vault后端支持  
- ✅ AWS S3兼容加密接口
- ✅ 密钥管理和生命周期
- ✅ 错误处理和恢复
- ✅ 高可用性场景
+### Functional
+- ✅ Dynamic KMS configuration
+- ✅ Local and Vault backends
+- ✅ AWS S3-compatible encryption APIs
+- ✅ Key lifecycle management
+- ✅ Error handling and recovery paths
+- ✅ High-availability behavior

-### 加密模式覆盖
- ✅ SSE-C (Server-Side Encryption with Customer-Provided Keys)
- ✅ SSE-S3 (Server-Side Encryption with S3-Managed Keys)
- ✅ SSE-KMS (Server-Side Encryption with KMS-Managed Keys)
+### Encryption modes
+- ✅ SSE-C (customer-provided)
+- ✅ SSE-S3 (S3-managed)
+- ✅ SSE-KMS (KMS-managed)

-### S3操作覆盖
- ✅ 对象上传/下载 (SSE-C模式)
- 🚧 分片上传 (需要AWS SDK兼容性修复)
- 🚧 对象复制 (需要AWS SDK兼容性修复)
- 🚧 Bucket加密配置 (需要AWS SDK兼容性修复)
+### S3 operations
+- ✅ Object upload/download (SSE-C)
+- 🚧 Multipart uploads (pending AWS SDK fixes)
+- 🚧 Object replication (pending AWS SDK fixes)
+- 🚧 Bucket encryption defaults (pending AWS SDK fixes)

-### KMS API覆盖
- ✅ 基础密钥管理 (创建、列表)
- 🚧 完整密钥生命周期 (需要AWS SDK兼容性修复)
- 🚧 直接加密/解密操作 (需要AWS SDK兼容性修复)
- 🚧 数据密钥生成和解密 (需要AWS SDK兼容性修复)
- ✅ KMS服务管理 (配置、启动、停止、状态)
+### KMS API
+- ✅ Basic key management (create/list)
+- 🚧 Full key lifecycle (pending AWS SDK fixes)
+- 🚧 Direct encrypt/decrypt (pending AWS SDK fixes)
+- 🚧 Data key operations (pending AWS SDK fixes)
+- ✅ Service lifecycle (configure/start/stop/status)

-### 认证方式覆盖
- ✅ Vault Token认证
- 🚧 Vault AppRole认证
+### Authentication
+- ✅ Vault token auth
+- 🚧 Vault AppRole auth

-## 🔄 持续集成
+## 🔄 CI Integration

-这些测试设计为可在CI/CD环境中运行：
+Designed to run inside CI/CD pipelines:

 ```yaml
-# GitHub Actions 示例
 - name: Run KMS E2E Tests
  run: |
-    # 安装依赖
    sudo apt-get update
    sudo apt-get install -y vault
    pip install awscurl
-    
-    # 构建并测试
+
    cargo build
    cd crates/e2e_test
    cargo test kms -- --nocapture --test-threads=1
 ```

-## 📚 相关文档
+## 📚 References

- [KMS 配置文档](../../../../docs/kms/README.md) - KMS功能完整文档
- [动态配置API](../../../../docs/kms/http-api.md) - REST API接口说明
- [故障排除指南](../../../../docs/kms/troubleshooting.md) - 常见问题解决
+- [KMS configuration guide](../../../../docs/kms/README.md)
+- [Dynamic configuration API](../../../../docs/kms/http-api.md)
+- [Troubleshooting](../../../../docs/kms/troubleshooting.md)

 ---

-*这些测试确保KMS功能的稳定性和可靠性，为生产环境部署提供信心。*
+*These suites ensure KMS stability and reliability, building confidence for production deployments.*
--- a/crates/e2e_test/src/kms/common.rs
+++ b/crates/e2e_test/src/kms/common.rs
@@ -547,9 +547,9 @@ pub async fn test_multipart_upload_with_config(
 ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    let total_size = config.total_size();

-    info!("🧪 开始分片上传测试 - {:?}", config.encryption_type);
+    info!("🧪 Starting multipart upload test - {:?}", config.encryption_type);
    info!(
-        "   对象: {}, 分片: {}个, 每片: {}MB, 总计: {}MB",
+        "   Object: {}, parts: {}, part size: {} MB, total: {} MB",
        config.object_key,
        config.total_parts,
        config.part_size / (1024 * 1024),
@@ -589,7 +589,7 @@ pub async fn test_multipart_upload_with_config(

    let create_multipart_output = create_request.send().await?;
    let upload_id = create_multipart_output.upload_id().unwrap();
-    info!("📋 创建分片上传，ID: {}", upload_id);
+    info!("📋 Created multipart upload, ID: {}", upload_id);

    // Step 2: Upload parts
    let mut completed_parts = Vec::new();
@@ -598,7 +598,7 @@ pub async fn test_multipart_upload_with_config(
        let end = std::cmp::min(start + config.part_size, total_size);
        let part_data = &test_data[start..end];

-        info!("📤 上传分片 {} ({:.2}MB)", part_number, part_data.len() as f64 / (1024.0 * 1024.0));
+        info!("📤 Uploading part {} ({:.2} MB)", part_number, part_data.len() as f64 / (1024.0 * 1024.0));

        let mut upload_request = s3_client
            .upload_part()
@@ -625,7 +625,7 @@ pub async fn test_multipart_upload_with_config(
                .build(),
        );

-        debug!("分片 {} 上传完成，ETag: {}", part_number, etag);
+        debug!("Part {} uploaded with ETag {}", part_number, etag);
    }

    // Step 3: Complete multipart upload
@@ -633,7 +633,7 @@ pub async fn test_multipart_upload_with_config(
        .set_parts(Some(completed_parts))
        .build();

-    info!("🔗 完成分片上传");
+    info!("🔗 Completing multipart upload");
    let complete_output = s3_client
        .complete_multipart_upload()
        .bucket(bucket)
@@ -643,10 +643,10 @@ pub async fn test_multipart_upload_with_config(
        .send()
        .await?;

-    debug!("完成分片上传，ETag: {:?}", complete_output.e_tag());
+    debug!("Multipart upload finalized with ETag {:?}", complete_output.e_tag());

    // Step 4: Download and verify
-    info!("📥 下载文件并验证");
+    info!("📥 Downloading object for verification");
    let mut get_request = s3_client.get_object().bucket(bucket).key(&config.object_key);

    // Add encryption headers for SSE-C GET
@@ -680,7 +680,7 @@ pub async fn test_multipart_upload_with_config(
    assert_eq!(downloaded_data.len(), total_size);
    assert_eq!(&downloaded_data[..], &test_data[..]);

-    info!("✅ 分片上传测试通过 - {:?}", config.encryption_type);
+    info!("✅ Multipart upload test passed - {:?}", config.encryption_type);
    Ok(())
 }

@@ -700,7 +700,7 @@ pub async fn test_all_multipart_encryption_types(
    bucket: &str,
    base_object_key: &str,
 ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-    info!("🧪 测试所有加密类型的分片上传");
+    info!("🧪 Testing multipart uploads for every encryption type");

    let part_size = 5 * 1024 * 1024; // 5MB per part
    let total_parts = 2;
@@ -718,7 +718,7 @@ pub async fn test_all_multipart_encryption_types(
        test_multipart_upload_with_config(s3_client, bucket, &config).await?;
    }

-    info!("✅ 所有加密类型的分片上传测试通过");
+    info!("✅ Multipart uploads succeeded for every encryption type");
    Ok(())
 }

--- a/crates/e2e_test/src/kms/kms_comprehensive_test.rs
+++ b/crates/e2e_test/src/kms/kms_comprehensive_test.rs
@@ -33,7 +33,7 @@ use tracing::info;
 #[serial]
 async fn test_comprehensive_kms_full_workflow() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("🏁 开始KMS全功能综合测试");
+    info!("🏁 Start the KMS full-featured synthesis test");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -43,25 +43,25 @@ async fn test_comprehensive_kms_full_workflow() -> Result<(), Box<dyn std::error
    kms_env.base_env.create_test_bucket(TEST_BUCKET).await?;

    // Phase 1: Test all single encryption types
-    info!("📋 阶段1: 测试所有单文件加密类型");
+    info!("📋 Phase 1: Test all single-file encryption types");
    test_sse_s3_encryption(&s3_client, TEST_BUCKET).await?;
    test_sse_kms_encryption(&s3_client, TEST_BUCKET).await?;
    test_sse_c_encryption(&s3_client, TEST_BUCKET).await?;

    // Phase 2: Test KMS key management APIs
-    info!("📋 阶段2: 测试KMS密钥管理API");
+    info!("📋 Phase 2: Test the KMS Key Management API");
    test_kms_key_management(&kms_env.base_env.url, &kms_env.base_env.access_key, &kms_env.base_env.secret_key).await?;

    // Phase 3: Test all multipart encryption types
-    info!("📋 阶段3: 测试所有分片上传加密类型");
+    info!("📋 Phase 3: Test all shard upload encryption types");
    test_all_multipart_encryption_types(&s3_client, TEST_BUCKET, "comprehensive-multipart-test").await?;

    // Phase 4: Mixed workload test
-    info!("📋 阶段4: 混合工作负载测试");
+    info!("📋 Phase 4: Mixed workload testing");
    test_mixed_encryption_workload(&s3_client, TEST_BUCKET).await?;

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ KMS全功能综合测试通过");
+    info!("✅ KMS fully functional comprehensive test passed");
    Ok(())
 }

@@ -70,7 +70,7 @@ async fn test_mixed_encryption_workload(
    s3_client: &aws_sdk_s3::Client,
    bucket: &str,
 ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-    info!("🔄 测试混合加密工作负载");
+    info!("🔄 Test hybrid crypto workloads");

    // Test configuration: different sizes and encryption types
    let test_configs = vec![
@@ -89,11 +89,11 @@ async fn test_mixed_encryption_workload(
    ];

    for (i, config) in test_configs.iter().enumerate() {
-        info!("🔄 执行混合测试 {}/{}: {:?}", i + 1, test_configs.len(), config.encryption_type);
+        info!("🔄 Perform hybrid testing {}/{}: {:?}", i + 1, test_configs.len(), config.encryption_type);
        test_multipart_upload_with_config(s3_client, bucket, config).await?;
    }

-    info!("✅ 混合加密工作负载测试通过");
+    info!("✅ Hybrid cryptographic workload tests pass");
    Ok(())
 }

@@ -102,7 +102,7 @@ async fn test_mixed_encryption_workload(
 #[serial]
 async fn test_comprehensive_stress_test() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("💪 开始KMS压力测试");
+    info!("💪 Start the KMS stress test");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -120,7 +120,7 @@ async fn test_comprehensive_stress_test() -> Result<(), Box<dyn std::error::Erro

    for config in stress_configs {
        info!(
-            "💪 执行压力测试: {:?}, 总大小: {}MB",
+            "💪 Perform stress test: {:?}, Total size: {}MB",
            config.encryption_type,
            config.total_size() / (1024 * 1024)
        );
@@ -128,7 +128,7 @@ async fn test_comprehensive_stress_test() -> Result<(), Box<dyn std::error::Erro
    }

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ KMS压力测试通过");
+    info!("✅ KMS stress test passed");
    Ok(())
 }

@@ -137,7 +137,7 @@ async fn test_comprehensive_stress_test() -> Result<(), Box<dyn std::error::Erro
 #[serial]
 async fn test_comprehensive_key_isolation() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("🔐 开始加密密钥隔离综合测试");
+    info!("🔐 Begin the comprehensive test of encryption key isolation");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -173,14 +173,14 @@ async fn test_comprehensive_key_isolation() -> Result<(), Box<dyn std::error::Er
    );

    // Upload with different keys
-    info!("🔐 上传文件用密钥1");
+    info!("🔐 Key 1 for uploading files");
    test_multipart_upload_with_config(&s3_client, TEST_BUCKET, &config1).await?;

-    info!("🔐 上传文件用密钥2");
+    info!("🔐 Key 2 for uploading files");
    test_multipart_upload_with_config(&s3_client, TEST_BUCKET, &config2).await?;

    // Verify that files cannot be read with wrong keys
-    info!("🔒 验证密钥隔离");
+    info!("🔒 Verify key isolation");
    let wrong_key = "11111111111111111111111111111111";
    let wrong_key_b64 = base64::Engine::encode(&base64::engine::general_purpose::STANDARD, wrong_key);
    let wrong_key_md5 = format!("{:x}", md5::compute(wrong_key));
@@ -196,11 +196,11 @@ async fn test_comprehensive_key_isolation() -> Result<(), Box<dyn std::error::Er
        .send()
        .await;

-    assert!(wrong_read_result.is_err(), "应该无法用错误密钥读取加密文件");
-    info!("✅ 确认密钥隔离正常工作");
+    assert!(wrong_read_result.is_err(), "The encrypted file should not be readable with the wrong key");
+    info!("✅ Confirm that key isolation is working correctly");

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ 加密密钥隔离综合测试通过");
+    info!("✅ Encryption key isolation comprehensive test passed");
    Ok(())
 }

@@ -209,7 +209,7 @@ async fn test_comprehensive_key_isolation() -> Result<(), Box<dyn std::error::Er
 #[serial]
 async fn test_comprehensive_concurrent_operations() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("⚡ 开始并发加密操作综合测试");
+    info!("⚡ Started comprehensive testing of concurrent encryption operations");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -228,7 +228,7 @@ async fn test_comprehensive_concurrent_operations() -> Result<(), Box<dyn std::e
    ];

    // Execute uploads concurrently
-    info!("⚡ 开始并发上传");
+    info!("⚡ Start concurrent uploads");
    let mut tasks = Vec::new();
    for config in concurrent_configs {
        let client = s3_client.clone();
@@ -243,10 +243,10 @@ async fn test_comprehensive_concurrent_operations() -> Result<(), Box<dyn std::e
        task.await??;
    }

-    info!("✅ 所有并发操作完成");
+    info!("✅ All concurrent operations are completed");

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ 并发加密操作综合测试通过");
+    info!("✅ The comprehensive test of concurrent encryption operation has passed");
    Ok(())
 }

@@ -255,7 +255,7 @@ async fn test_comprehensive_concurrent_operations() -> Result<(), Box<dyn std::e
 #[serial]
 async fn test_comprehensive_performance_benchmark() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("📊 开始KMS性能基准测试");
+    info!("📊 Start KMS performance benchmarking");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -278,7 +278,7 @@ async fn test_comprehensive_performance_benchmark() -> Result<(), Box<dyn std::e
    ];

    for (size_name, config) in perf_configs {
-        info!("📊 测试{}文件性能 ({}MB)", size_name, config.total_size() / (1024 * 1024));
+        info!("📊 Test {} file performance ({}MB)", size_name, config.total_size() / (1024 * 1024));

        let start_time = std::time::Instant::now();
        test_multipart_upload_with_config(&s3_client, TEST_BUCKET, &config).await?;
@@ -286,7 +286,7 @@ async fn test_comprehensive_performance_benchmark() -> Result<(), Box<dyn std::e

        let throughput_mbps = (config.total_size() as f64 / (1024.0 * 1024.0)) / duration.as_secs_f64();
        info!(
-            "📊 {}文件测试完成: {:.2}秒, 吞吐量: {:.2} MB/s",
+            "📊 {} file test completed: {:.2} seconds, throughput: {:.2} MB/s",
            size_name,
            duration.as_secs_f64(),
            throughput_mbps
@@ -294,6 +294,6 @@ async fn test_comprehensive_performance_benchmark() -> Result<(), Box<dyn std::e
    }

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ KMS性能基准测试通过");
+    info!("✅ KMS performance benchmark passed");
    Ok(())
 }
--- a/crates/e2e_test/src/kms/kms_edge_cases_test.rs
+++ b/crates/e2e_test/src/kms/kms_edge_cases_test.rs
@@ -25,6 +25,7 @@ use super::common::LocalKMSTestEnvironment;
 use crate::common::{TEST_BUCKET, init_logging};
 use aws_sdk_s3::types::ServerSideEncryption;
 use base64::Engine;
+use md5::compute;
 use serial_test::serial;
 use std::sync::Arc;
 use tokio::sync::Semaphore;
@@ -71,7 +72,7 @@ async fn test_kms_zero_byte_file_encryption() -> Result<(), Box<dyn std::error::
    info!("📤 Testing SSE-C with zero-byte file");
    let test_key = "01234567890123456789012345678901";
    let test_key_b64 = base64::engine::general_purpose::STANDARD.encode(test_key);
-    let test_key_md5 = format!("{:x}", md5::compute(test_key));
+    let test_key_md5 = format!("{:x}", compute(test_key));
    let object_key_c = "zero-byte-sse-c";

    let _put_response_c = s3_client
@@ -165,7 +166,7 @@ async fn test_kms_single_byte_file_encryption() -> Result<(), Box<dyn std::error
    info!("📤 Testing SSE-C with single-byte file");
    let test_key = "01234567890123456789012345678901";
    let test_key_b64 = base64::engine::general_purpose::STANDARD.encode(test_key);
-    let test_key_md5 = format!("{:x}", md5::compute(test_key));
+    let test_key_md5 = format!("{:x}", compute(test_key));
    let object_key_c = "single-byte-sse-c";

    s3_client
@@ -293,7 +294,7 @@ async fn test_kms_invalid_key_scenarios() -> Result<(), Box<dyn std::error::Erro
    info!("🔍 Testing invalid SSE-C key length");
    let invalid_short_key = "short"; // Too short
    let invalid_key_b64 = base64::engine::general_purpose::STANDARD.encode(invalid_short_key);
-    let invalid_key_md5 = format!("{:x}", md5::compute(invalid_short_key));
+    let invalid_key_md5 = format!("{:x}", compute(invalid_short_key));

    let invalid_key_result = s3_client
        .put_object()
@@ -333,7 +334,7 @@ async fn test_kms_invalid_key_scenarios() -> Result<(), Box<dyn std::error::Erro
    info!("🔍 Testing access to SSE-C object without key");

    // First upload a valid SSE-C object
-    let valid_key_md5 = format!("{:x}", md5::compute(valid_key));
+    let valid_key_md5 = format!("{:x}", compute(valid_key));
    s3_client
        .put_object()
        .bucket(TEST_BUCKET)
@@ -420,7 +421,7 @@ async fn test_kms_concurrent_encryption() -> Result<(), Box<dyn std::error::Erro
                    // SSE-C
                    let key = format!("testkey{i:026}"); // 32-byte key
                    let key_b64 = base64::engine::general_purpose::STANDARD.encode(&key);
-                    let key_md5 = format!("{:x}", md5::compute(&key));
+                    let key_md5 = format!("{:x}", compute(&key));

                    client
                        .put_object()
@@ -492,8 +493,8 @@ async fn test_kms_key_validation_security() -> Result<(), Box<dyn std::error::Er

    let key1_b64 = base64::engine::general_purpose::STANDARD.encode(key1);
    let key2_b64 = base64::engine::general_purpose::STANDARD.encode(key2);
-    let key1_md5 = format!("{:x}", md5::compute(key1));
-    let key2_md5 = format!("{:x}", md5::compute(key2));
+    let key1_md5 = format!("{:x}", compute(key1));
+    let key2_md5 = format!("{:x}", compute(key2));

    // Upload same data with different keys
    s3_client
--- a/crates/e2e_test/src/kms/kms_vault_test.rs
+++ b/crates/e2e_test/src/kms/kms_vault_test.rs
@@ -19,6 +19,7 @@
 //! multipart upload behaviour.

 use crate::common::{TEST_BUCKET, init_logging};
+use md5::compute;
 use serial_test::serial;
 use tokio::time::{Duration, sleep};
 use tracing::{error, info};
@@ -132,8 +133,8 @@ async fn test_vault_kms_key_isolation() -> Result<(), Box<dyn std::error::Error
    let key2 = "98765432109876543210987654321098";
    let key1_b64 = base64::Engine::encode(&base64::engine::general_purpose::STANDARD, key1);
    let key2_b64 = base64::Engine::encode(&base64::engine::general_purpose::STANDARD, key2);
-    let key1_md5 = format!("{:x}", md5::compute(key1));
-    let key2_md5 = format!("{:x}", md5::compute(key2));
+    let key1_md5 = format!("{:x}", compute(key1));
+    let key2_md5 = format!("{:x}", compute(key2));

    let data1 = b"Vault data encrypted with key 1";
    let data2 = b"Vault data encrypted with key 2";
--- a/crates/e2e_test/src/kms/multipart_encryption_test.rs
+++ b/crates/e2e_test/src/kms/multipart_encryption_test.rs
@@ -13,25 +13,25 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-//! 分片上传加密功能的分步测试用例
+//! Step-by-step test cases for sharded upload encryption
 //!
-//! 这个测试套件将验证分片上传加密功能的每一个步骤：
-//! 1. 测试基础的单分片加密（验证加密基础逻辑）
-//! 2. 测试多分片上传（验证分片拼接逻辑）
-//! 3. 测试加密元数据的保存和读取
-//! 4. 测试完整的分片上传加密流程
+//! This test suite will validate every step of the sharded upload encryption feature:
+//! 1. Test the underlying single-shard encryption (validate the encryption underlying logic)
+//! 2. Test multi-shard uploads (verify shard stitching logic)
+//! 3. Test the saving and reading of encrypted metadata
+//! 4. Test the complete sharded upload encryption process

 use super::common::LocalKMSTestEnvironment;
 use crate::common::{TEST_BUCKET, init_logging};
 use serial_test::serial;
 use tracing::{debug, info};

-/// 步骤1：测试基础单文件加密功能（确保SSE-S3在非分片场景下正常工作）
+/// Step 1: Test the basic single-file encryption function (ensure that SSE-S3 works properly in non-sharded scenarios)
 #[tokio::test]
 #[serial]
 async fn test_step1_basic_single_file_encryption() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("🧪 步骤1：测试基础单文件加密功能");
+    info!("🧪 Step 1: Test the basic single-file encryption function");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -40,11 +40,11 @@ async fn test_step1_basic_single_file_encryption() -> Result<(), Box<dyn std::er
    let s3_client = kms_env.base_env.create_s3_client();
    kms_env.base_env.create_test_bucket(TEST_BUCKET).await?;

-    // 测试小文件加密（应该会内联存储）
+    // Test small file encryption (should be stored inline)
    let test_data = b"Hello, this is a small test file for SSE-S3!";
    let object_key = "test-single-file-encrypted";

-    info!("📤 上传小文件（{}字节），启用SSE-S3加密", test_data.len());
+    info!("📤 Upload a small file ({} bytes) with SSE-S3 encryption enabled", test_data.len());
    let put_response = s3_client
        .put_object()
        .bucket(TEST_BUCKET)
@@ -54,41 +54,41 @@ async fn test_step1_basic_single_file_encryption() -> Result<(), Box<dyn std::er
        .send()
        .await?;

-    debug!("PUT响应ETag: {:?}", put_response.e_tag());
-    debug!("PUT响应SSE: {:?}", put_response.server_side_encryption());
+    debug!("PUT responds to ETags: {:?}", put_response.e_tag());
+    debug!("PUT responds to SSE: {:?}", put_response.server_side_encryption());

-    // 验证PUT响应包含正确的加密头
+    // Verify that the PUT response contains the correct cipher header
    assert_eq!(
        put_response.server_side_encryption(),
        Some(&aws_sdk_s3::types::ServerSideEncryption::Aes256)
    );

-    info!("📥 下载文件并验证加密状态");
+    info!("📥 Download the file and verify the encryption status");
    let get_response = s3_client.get_object().bucket(TEST_BUCKET).key(object_key).send().await?;

-    debug!("GET响应SSE: {:?}", get_response.server_side_encryption());
+    debug!("GET responds to SSE: {:?}", get_response.server_side_encryption());

-    // 验证GET响应包含正确的加密头
+    // Verify that the GET response contains the correct cipher header
    assert_eq!(
        get_response.server_side_encryption(),
        Some(&aws_sdk_s3::types::ServerSideEncryption::Aes256)
    );

-    // 验证数据完整性
+    // Verify data integrity
    let downloaded_data = get_response.body.collect().await?.into_bytes();
    assert_eq!(&downloaded_data[..], test_data);

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ 步骤1通过：基础单文件加密功能正常");
+    info!("✅ Step 1: The basic single file encryption function is normal");
    Ok(())
 }

-/// 步骤2：测试不加密的分片上传（确保分片上传基础功能正常）
+/// Step 2: Test the unencrypted shard upload (make sure the shard upload base is working properly)
 #[tokio::test]
 #[serial]
 async fn test_step2_basic_multipart_upload_without_encryption() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("🧪 步骤2：测试不加密的分片上传");
+    info!("🧪 Step 2: Test unencrypted shard uploads");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -102,12 +102,16 @@ async fn test_step2_basic_multipart_upload_without_encryption() -> Result<(), Bo
    let total_parts = 2;
    let total_size = part_size * total_parts;

-    // 生成测试数据（有明显的模式便于验证）
+    // Generate test data (with obvious patterns for easy verification)
    let test_data: Vec<u8> = (0..total_size).map(|i| (i % 256) as u8).collect();

-    info!("🚀 开始分片上传（无加密）：{} parts，每个 {}MB", total_parts, part_size / (1024 * 1024));
+    info!(
+        "🚀 Start sharded upload (unencrypted): {} parts, {}MB each",
+        total_parts,
+        part_size / (1024 * 1024)
+    );

-    // 步骤1：创建分片上传
+    // Step 1: Create a sharded upload
    let create_multipart_output = s3_client
        .create_multipart_upload()
        .bucket(TEST_BUCKET)
@@ -116,16 +120,16 @@ async fn test_step2_basic_multipart_upload_without_encryption() -> Result<(), Bo
        .await?;

    let upload_id = create_multipart_output.upload_id().unwrap();
-    info!("📋 创建分片上传，ID: {}", upload_id);
+    info!("📋 Create a shard upload with ID: {}", upload_id);

-    // 步骤2：上传各个分片
+    // Step 2: Upload individual shards
    let mut completed_parts = Vec::new();
    for part_number in 1..=total_parts {
        let start = (part_number - 1) * part_size;
        let end = std::cmp::min(start + part_size, total_size);
        let part_data = &test_data[start..end];

-        info!("📤 上传分片 {} ({} bytes)", part_number, part_data.len());
+        info!("📤 Upload the shard {} ({} bytes)", part_number, part_data.len());

        let upload_part_output = s3_client
            .upload_part()
@@ -145,15 +149,15 @@ async fn test_step2_basic_multipart_upload_without_encryption() -> Result<(), Bo
                .build(),
        );

-        debug!("分片 {} 上传完成，ETag: {}", part_number, etag);
+        debug!("Fragment {} upload complete,ETag: {}", part_number, etag);
    }

-    // 步骤3：完成分片上传
+    // Step 3: Complete the shard upload
    let completed_multipart_upload = aws_sdk_s3::types::CompletedMultipartUpload::builder()
        .set_parts(Some(completed_parts))
        .build();

-    info!("🔗 完成分片上传");
+    info!("🔗 Complete the shard upload");
    let complete_output = s3_client
        .complete_multipart_upload()
        .bucket(TEST_BUCKET)
@@ -163,10 +167,10 @@ async fn test_step2_basic_multipart_upload_without_encryption() -> Result<(), Bo
        .send()
        .await?;

-    debug!("完成分片上传，ETag: {:?}", complete_output.e_tag());
+    debug!("Complete the shard upload,ETag: {:?}", complete_output.e_tag());

-    // 步骤4：下载并验证
-    info!("📥 下载文件并验证数据完整性");
+    // Step 4: Download and verify
+    info!("📥 Download the file and verify data integrity");
    let get_response = s3_client.get_object().bucket(TEST_BUCKET).key(object_key).send().await?;

    let downloaded_data = get_response.body.collect().await?.into_bytes();
@@ -174,16 +178,16 @@ async fn test_step2_basic_multipart_upload_without_encryption() -> Result<(), Bo
    assert_eq!(&downloaded_data[..], &test_data[..]);

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ 步骤2通过：不加密的分片上传功能正常");
+    info!("✅ Step 2: Unencrypted shard upload functions normally");
    Ok(())
 }

-/// 步骤3：测试分片上传 + SSE-S3加密（重点测试）
+/// Step 3: Test Shard Upload + SSE-S3 Encryption (Focus Test)
 #[tokio::test]
 #[serial]
 async fn test_step3_multipart_upload_with_sse_s3() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("🧪 步骤3：测试分片上传 + SSE-S3加密");
+    info!("🧪 Step 3: Test Shard Upload + SSE-S3 Encryption");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -197,16 +201,16 @@ async fn test_step3_multipart_upload_with_sse_s3() -> Result<(), Box<dyn std::er
    let total_parts = 2;
    let total_size = part_size * total_parts;

-    // 生成测试数据
+    // Generate test data
    let test_data: Vec<u8> = (0..total_size).map(|i| ((i / 1000) % 256) as u8).collect();

    info!(
-        "🔐 开始分片上传（SSE-S3加密）：{} parts，每个 {}MB",
+        "🔐 Start sharded upload (SSE-S3 encryption): {} parts, {}MB each",
        total_parts,
        part_size / (1024 * 1024)
    );

-    // 步骤1：创建分片上传并启用SSE-S3
+    // Step 1: Create a shard upload and enable SSE-S3
    let create_multipart_output = s3_client
        .create_multipart_upload()
        .bucket(TEST_BUCKET)
@@ -216,24 +220,24 @@ async fn test_step3_multipart_upload_with_sse_s3() -> Result<(), Box<dyn std::er
        .await?;

    let upload_id = create_multipart_output.upload_id().unwrap();
-    info!("📋 创建加密分片上传，ID: {}", upload_id);
+    info!("📋 Create an encrypted shard upload with ID: {}", upload_id);

-    // 验证CreateMultipartUpload响应（如果有SSE头的话）
+    // Verify the CreateMultipartUpload response (if there is an SSE header)
    if let Some(sse) = create_multipart_output.server_side_encryption() {
-        debug!("CreateMultipartUpload包含SSE响应: {:?}", sse);
+        debug!("CreateMultipartUpload Contains SSE responses: {:?}", sse);
        assert_eq!(sse, &aws_sdk_s3::types::ServerSideEncryption::Aes256);
    } else {
-        debug!("CreateMultipartUpload不包含SSE响应头（某些实现中正常）");
+        debug!("CreateMultipartUpload does not contain SSE response headers (normal in some implementations)");
    }

-    // 步骤2：上传各个分片
+    // Step 2: Upload individual shards
    let mut completed_parts = Vec::new();
    for part_number in 1..=total_parts {
        let start = (part_number - 1) * part_size;
        let end = std::cmp::min(start + part_size, total_size);
        let part_data = &test_data[start..end];

-        info!("🔐 上传加密分片 {} ({} bytes)", part_number, part_data.len());
+        info!("🔐 Upload encrypted shards {} ({} bytes)", part_number, part_data.len());

        let upload_part_output = s3_client
            .upload_part()
@@ -253,15 +257,15 @@ async fn test_step3_multipart_upload_with_sse_s3() -> Result<(), Box<dyn std::er
                .build(),
        );

-        debug!("加密分片 {} 上传完成，ETag: {}", part_number, etag);
+        debug!("Encrypted shard {} upload complete,ETag: {}", part_number, etag);
    }

-    // 步骤3：完成分片上传
+    // Step 3: Complete the shard upload
    let completed_multipart_upload = aws_sdk_s3::types::CompletedMultipartUpload::builder()
        .set_parts(Some(completed_parts))
        .build();

-    info!("🔗 完成加密分片上传");
+    info!("🔗 Complete the encrypted shard upload");
    let complete_output = s3_client
        .complete_multipart_upload()
        .bucket(TEST_BUCKET)
@@ -271,43 +275,43 @@ async fn test_step3_multipart_upload_with_sse_s3() -> Result<(), Box<dyn std::er
        .send()
        .await?;

-    debug!("完成加密分片上传，ETag: {:?}", complete_output.e_tag());
+    debug!("Encrypted multipart upload completed with ETag {:?}", complete_output.e_tag());

-    // 步骤4：HEAD请求检查元数据
-    info!("📋 检查对象元数据");
+    // Step 4: HEAD request to inspect metadata
+    info!("📋 Inspecting object metadata");
    let head_response = s3_client.head_object().bucket(TEST_BUCKET).key(object_key).send().await?;

-    debug!("HEAD响应 SSE: {:?}", head_response.server_side_encryption());
-    debug!("HEAD响应 元数据: {:?}", head_response.metadata());
+    debug!("HEAD response SSE: {:?}", head_response.server_side_encryption());
+    debug!("HEAD response metadata: {:?}", head_response.metadata());

-    // 步骤5：GET请求下载并验证
-    info!("📥 下载加密文件并验证");
+    // Step 5: GET request to download and verify
+    info!("📥 Downloading encrypted object for verification");
    let get_response = s3_client.get_object().bucket(TEST_BUCKET).key(object_key).send().await?;

-    debug!("GET响应 SSE: {:?}", get_response.server_side_encryption());
+    debug!("GET response SSE: {:?}", get_response.server_side_encryption());

-    // 🎯 关键验证：GET响应必须包含SSE-S3加密头
+    // 🎯 Critical check: GET response must include SSE-S3 headers
    assert_eq!(
        get_response.server_side_encryption(),
        Some(&aws_sdk_s3::types::ServerSideEncryption::Aes256)
    );

-    // 验证数据完整性
+    // Verify data integrity
    let downloaded_data = get_response.body.collect().await?.into_bytes();
    assert_eq!(downloaded_data.len(), total_size);
    assert_eq!(&downloaded_data[..], &test_data[..]);

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ 步骤3通过：分片上传 + SSE-S3加密功能正常");
+    info!("✅ Step 3 passed: multipart upload with SSE-S3 encryption");
    Ok(())
 }

-/// 步骤4：测试更大的分片上传（测试流式加密）
+/// Step 4: test larger multipart uploads (streaming encryption)
 #[tokio::test]
 #[serial]
 async fn test_step4_large_multipart_upload_with_encryption() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("🧪 步骤4：测试大文件分片上传加密");
+    info!("🧪 Step 4: test large-file multipart encryption");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -317,18 +321,18 @@ async fn test_step4_large_multipart_upload_with_encryption() -> Result<(), Box<d
    kms_env.base_env.create_test_bucket(TEST_BUCKET).await?;

    let object_key = "test-large-multipart-encrypted";
-    let part_size = 6 * 1024 * 1024; // 6MB per part (大于1MB加密块大小)
-    let total_parts = 3; // 总共18MB
+    let part_size = 6 * 1024 * 1024; // 6 MB per part (greater than the 1 MB encryption chunk)
+    let total_parts = 3; // 18 MB total
    let total_size = part_size * total_parts;

    info!(
-        "🗂️ 生成大文件测试数据：{} parts，每个 {}MB，总计 {}MB",
+        "🗂️ Generated large-file test data: {} parts, {} MB each, {} MB total",
        total_parts,
        part_size / (1024 * 1024),
        total_size / (1024 * 1024)
    );

-    // 生成大文件测试数据（使用复杂模式便于验证）
+    // Generate large test data (complex pattern for validation)
    let test_data: Vec<u8> = (0..total_size)
        .map(|i| {
            let part_num = i / part_size;
@@ -337,9 +341,9 @@ async fn test_step4_large_multipart_upload_with_encryption() -> Result<(), Box<d
        })
        .collect();

-    info!("🔐 开始大文件分片上传（SSE-S3加密）");
+    info!("🔐 Starting large-file multipart upload (SSE-S3 encryption)");

-    // 创建分片上传
+    // Create multipart upload
    let create_multipart_output = s3_client
        .create_multipart_upload()
        .bucket(TEST_BUCKET)
@@ -349,9 +353,9 @@ async fn test_step4_large_multipart_upload_with_encryption() -> Result<(), Box<d
        .await?;

    let upload_id = create_multipart_output.upload_id().unwrap();
-    info!("📋 创建大文件加密分片上传，ID: {}", upload_id);
+    info!("📋 Created large encrypted multipart upload, ID: {}", upload_id);

-    // 上传各个分片
+    // Upload each part
    let mut completed_parts = Vec::new();
    for part_number in 1..=total_parts {
        let start = (part_number - 1) * part_size;
@@ -359,7 +363,7 @@ async fn test_step4_large_multipart_upload_with_encryption() -> Result<(), Box<d
        let part_data = &test_data[start..end];

        info!(
-            "🔐 上传大文件加密分片 {} ({:.2}MB)",
+            "🔐 Uploading encrypted large-file part {} ({:.2} MB)",
            part_number,
            part_data.len() as f64 / (1024.0 * 1024.0)
        );
@@ -382,15 +386,15 @@ async fn test_step4_large_multipart_upload_with_encryption() -> Result<(), Box<d
                .build(),
        );

-        debug!("大文件加密分片 {} 上传完成，ETag: {}", part_number, etag);
+        debug!("Large encrypted part {} uploaded with ETag {}", part_number, etag);
    }

-    // 完成分片上传
+    // Complete the multipart upload
    let completed_multipart_upload = aws_sdk_s3::types::CompletedMultipartUpload::builder()
        .set_parts(Some(completed_parts))
        .build();

-    info!("🔗 完成大文件加密分片上传");
+    info!("🔗 Completing large encrypted multipart upload");
    let complete_output = s3_client
        .complete_multipart_upload()
        .bucket(TEST_BUCKET)
@@ -400,40 +404,40 @@ async fn test_step4_large_multipart_upload_with_encryption() -> Result<(), Box<d
        .send()
        .await?;

-    debug!("完成大文件加密分片上传，ETag: {:?}", complete_output.e_tag());
+    debug!("Large encrypted multipart upload completed with ETag {:?}", complete_output.e_tag());

-    // 下载并验证
-    info!("📥 下载大文件并验证");
+    // Download and verify
+    info!("📥 Downloading large object for verification");
    let get_response = s3_client.get_object().bucket(TEST_BUCKET).key(object_key).send().await?;

-    // 验证加密头
+    // Verify encryption headers
    assert_eq!(
        get_response.server_side_encryption(),
        Some(&aws_sdk_s3::types::ServerSideEncryption::Aes256)
    );

-    // 验证数据完整性
+    // Verify data integrity
    let downloaded_data = get_response.body.collect().await?.into_bytes();
    assert_eq!(downloaded_data.len(), total_size);

-    // 逐字节验证数据（对于大文件更严格）
+    // Validate bytes individually (stricter for large files)
    for (i, (&actual, &expected)) in downloaded_data.iter().zip(test_data.iter()).enumerate() {
        if actual != expected {
-            panic!("大文件数据在第{i}字节不匹配: 实际={actual}, 期待={expected}");
+            panic!("Large file mismatch at byte {i}: actual={actual}, expected={expected}");
        }
    }

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ 步骤4通过：大文件分片上传加密功能正常");
+    info!("✅ Step 4 passed: large-file multipart encryption succeeded");
    Ok(())
 }

-/// 步骤5：测试所有加密类型的分片上传
+/// Step 5: test multipart uploads for every encryption mode
 #[tokio::test]
 #[serial]
 async fn test_step5_all_encryption_types_multipart() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
    init_logging();
-    info!("🧪 步骤5：测试所有加密类型的分片上传");
+    info!("🧪 Step 5: test multipart uploads for every encryption mode");

    let mut kms_env = LocalKMSTestEnvironment::new().await?;
    let _default_key_id = kms_env.start_rustfs_for_local_kms().await?;
@@ -446,8 +450,8 @@ async fn test_step5_all_encryption_types_multipart() -> Result<(), Box<dyn std::
    let total_parts = 2;
    let total_size = part_size * total_parts;

-    // 测试SSE-KMS
-    info!("🔐 测试 SSE-KMS 分片上传");
+    // Test SSE-KMS
+    info!("🔐 Testing SSE-KMS multipart upload");
    test_multipart_encryption_type(
        &s3_client,
        TEST_BUCKET,
@@ -459,8 +463,8 @@ async fn test_step5_all_encryption_types_multipart() -> Result<(), Box<dyn std::
    )
    .await?;

-    // 测试SSE-C
-    info!("🔐 测试 SSE-C 分片上传");
+    // Test SSE-C
+    info!("🔐 Testing SSE-C multipart upload");
    test_multipart_encryption_type(
        &s3_client,
        TEST_BUCKET,
@@ -473,7 +477,7 @@ async fn test_step5_all_encryption_types_multipart() -> Result<(), Box<dyn std::
    .await?;

    kms_env.base_env.delete_test_bucket(TEST_BUCKET).await?;
-    info!("✅ 步骤5通过：所有加密类型的分片上传功能正常");
+    info!("✅ Step 5 passed: multipart uploads succeeded for every encryption mode");
    Ok(())
 }

@@ -483,7 +487,7 @@ enum EncryptionType {
    SSEC,
 }

-/// 辅助函数：测试特定加密类型的分片上传
+/// Helper: test multipart uploads for a specific encryption type
 async fn test_multipart_encryption_type(
    s3_client: &aws_sdk_s3::Client,
    bucket: &str,
@@ -493,10 +497,10 @@ async fn test_multipart_encryption_type(
    total_parts: usize,
    encryption_type: EncryptionType,
 ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
-    // 生成测试数据
+    // Generate test data
    let test_data: Vec<u8> = (0..total_size).map(|i| ((i * 7) % 256) as u8).collect();

-    // 准备SSE-C所需的密钥（如果需要）
+    // Prepare SSE-C keys when required
    let (sse_c_key, sse_c_md5) = if matches!(encryption_type, EncryptionType::SSEC) {
        let key = "01234567890123456789012345678901";
        let key_b64 = base64::Engine::encode(&base64::engine::general_purpose::STANDARD, key);
@@ -506,9 +510,9 @@ async fn test_multipart_encryption_type(
        (None, None)
    };

-    info!("📋 创建分片上传 - {:?}", encryption_type);
+    info!("📋 Creating multipart upload - {:?}", encryption_type);

-    // 创建分片上传
+    // Create multipart upload
    let mut create_request = s3_client.create_multipart_upload().bucket(bucket).key(object_key);

    create_request = match encryption_type {
@@ -522,7 +526,7 @@ async fn test_multipart_encryption_type(
    let create_multipart_output = create_request.send().await?;
    let upload_id = create_multipart_output.upload_id().unwrap();

-    // 上传分片
+    // Upload parts
    let mut completed_parts = Vec::new();
    for part_number in 1..=total_parts {
        let start = (part_number - 1) * part_size;
@@ -537,7 +541,7 @@ async fn test_multipart_encryption_type(
            .part_number(part_number as i32)
            .body(aws_sdk_s3::primitives::ByteStream::from(part_data.to_vec()));

-        // SSE-C需要在每个UploadPart请求中包含密钥
+        // SSE-C requires the key on each UploadPart request
        if matches!(encryption_type, EncryptionType::SSEC) {
            upload_request = upload_request
                .sse_customer_algorithm("AES256")
@@ -554,10 +558,10 @@ async fn test_multipart_encryption_type(
                .build(),
        );

-        debug!("{:?} 分片 {} 上传完成", encryption_type, part_number);
+        debug!("{:?} part {} uploaded", encryption_type, part_number);
    }

-    // 完成分片上传
+    // Complete the multipart upload
    let completed_multipart_upload = aws_sdk_s3::types::CompletedMultipartUpload::builder()
        .set_parts(Some(completed_parts))
        .build();
@@ -571,10 +575,10 @@ async fn test_multipart_encryption_type(
        .send()
        .await?;

-    // 下载并验证
+    // Download and verify
    let mut get_request = s3_client.get_object().bucket(bucket).key(object_key);

-    // SSE-C需要在GET请求中包含密钥
+    // SSE-C requires the key on GET requests
    if matches!(encryption_type, EncryptionType::SSEC) {
        get_request = get_request
            .sse_customer_algorithm("AES256")
@@ -584,7 +588,7 @@ async fn test_multipart_encryption_type(

    let get_response = get_request.send().await?;

-    // 验证加密头
+    // Verify encryption headers
    match encryption_type {
        EncryptionType::SSEKMS => {
            assert_eq!(
@@ -597,11 +601,11 @@ async fn test_multipart_encryption_type(
        }
    }

-    // 验证数据完整性
+    // Verify data integrity
    let downloaded_data = get_response.body.collect().await?.into_bytes();
    assert_eq!(downloaded_data.len(), total_size);
    assert_eq!(&downloaded_data[..], &test_data[..]);

-    info!("✅ {:?} 分片上传测试通过", encryption_type);
+    info!("✅ {:?} multipart upload test passed", encryption_type);
    Ok(())
 }
--- a/crates/e2e_test/src/kms/test_runner.rs
+++ b/crates/e2e_test/src/kms/test_runner.rs
@@ -346,7 +346,7 @@ impl KMSTestSuite {
    /// Run the complete test suite
    pub async fn run_test_suite(&self) -> Vec<TestResult> {
        init_logging();
-        info!("🚀 开始KMS统一测试套件");
+        info!("🚀 Starting unified KMS test suite");

        let start_time = Instant::now();
        let mut results = Vec::new();
@@ -359,17 +359,17 @@ impl KMSTestSuite {
            .filter(|test| !self.config.include_critical_only || test.is_critical)
            .collect();

-        info!("📊 测试计划: {} 个测试将被执行", tests_to_run.len());
+        info!("📊 Test plan: {} test(s) scheduled", tests_to_run.len());
        for (i, test) in tests_to_run.iter().enumerate() {
            info!("  {}. {} ({})", i + 1, test.name, test.category.as_str());
        }

        // Execute tests
        for (i, test_def) in tests_to_run.iter().enumerate() {
-            info!("🧪 执行测试 {}/{}: {}", i + 1, tests_to_run.len(), test_def.name);
-            info!("   📝 描述: {}", test_def.description);
-            info!("   🏷️  分类: {}", test_def.category.as_str());
-            info!("   ⏱️  预计时间: {:?}", test_def.estimated_duration);
+            info!("🧪 Running test {}/{}: {}", i + 1, tests_to_run.len(), test_def.name);
+            info!("   📝 Description: {}", test_def.description);
+            info!("   🏷️  Category: {}", test_def.category.as_str());
+            info!("   ⏱️  Estimated duration: {:?}", test_def.estimated_duration);

            let test_start = Instant::now();
            let result = self.run_single_test(test_def).await;
@@ -377,11 +377,11 @@ impl KMSTestSuite {

            match result {
                Ok(_) => {
-                    info!("✅ 测试通过: {} ({:.2}s)", test_def.name, test_duration.as_secs_f64());
+                    info!("✅ Test passed: {} ({:.2}s)", test_def.name, test_duration.as_secs_f64());
                    results.push(TestResult::success(test_def.name.clone(), test_def.category.clone(), test_duration));
                }
                Err(e) => {
-                    error!("❌ 测试失败: {} ({:.2}s): {}", test_def.name, test_duration.as_secs_f64(), e);
+                    error!("❌ Test failed: {} ({:.2}s): {}", test_def.name, test_duration.as_secs_f64(), e);
                    results.push(TestResult::failure(
                        test_def.name.clone(),
                        test_def.category.clone(),
@@ -393,7 +393,7 @@ impl KMSTestSuite {

            // Add delay between tests to avoid resource conflicts
            if i < tests_to_run.len() - 1 {
-                debug!("⏸️  等待2秒后执行下一个测试...");
+                debug!("⏸️  Waiting two seconds before the next test...");
                sleep(Duration::from_secs(2)).await;
            }
        }
@@ -408,22 +408,22 @@ impl KMSTestSuite {
    async fn run_single_test(&self, test_def: &TestDefinition) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
        // This is a placeholder for test dispatch logic
        // In a real implementation, this would dispatch to actual test functions
-        warn!("⚠️  测试函数 '{}' 在统一运行器中尚未实现，跳过", test_def.name);
+        warn!("⚠️  Test '{}' is not implemented in the unified runner; skipping", test_def.name);
        Ok(())
    }

    /// Print comprehensive test summary
    fn print_test_summary(&self, results: &[TestResult], total_duration: Duration) {
-        info!("📊 KMS测试套件总结");
-        info!("⏱️  总执行时间: {:.2}秒", total_duration.as_secs_f64());
-        info!("📈 总测试数量: {}", results.len());
+        info!("📊 KMS test suite summary");
+        info!("⏱️  Total duration: {:.2} seconds", total_duration.as_secs_f64());
+        info!("📈 Total tests: {}", results.len());

        let passed = results.iter().filter(|r| r.success).count();
        let failed = results.iter().filter(|r| !r.success).count();

-        info!("✅ 通过: {}", passed);
-        info!("❌ 失败: {}", failed);
-        info!("📊 成功率: {:.1}%", (passed as f64 / results.len() as f64) * 100.0);
+        info!("✅ Passed: {}", passed);
+        info!("❌ Failed: {}", failed);
+        info!("📊 Success rate: {:.1}%", (passed as f64 / results.len() as f64) * 100.0);

        // Summary by category
        let mut category_summary: std::collections::HashMap<TestCategory, (usize, usize)> = std::collections::HashMap::new();
@@ -435,7 +435,7 @@ impl KMSTestSuite {
            }
        }

-        info!("📊 分类汇总:");
+        info!("📊 Category summary:");
        for (category, (total, passed_count)) in category_summary {
            info!(
                "  🏷️  {}: {}/{} ({:.1}%)",
@@ -448,7 +448,7 @@ impl KMSTestSuite {

        // List failed tests
        if failed > 0 {
-            warn!("❌ 失败的测试:");
+            warn!("❌ Failing tests:");
            for result in results.iter().filter(|r| !r.success) {
                warn!(
                    "  - {}: {}",
@@ -479,7 +479,7 @@ async fn test_kms_critical_suite() -> Result<(), Box<dyn std::error::Error + Sen
        return Err(format!("Critical test suite failed: {failed_count} tests failed").into());
    }

-    info!("✅ 所有关键测试通过");
+    info!("✅ All critical tests passed");
    Ok(())
 }

@@ -494,13 +494,13 @@ async fn test_kms_full_suite() -> Result<(), Box<dyn std::error::Error + Send +
    let failed_count = results.iter().filter(|r| !r.success).count();
    let success_rate = ((total_tests - failed_count) as f64 / total_tests as f64) * 100.0;

-    info!("📊 完整测试套件结果: {:.1}% 成功率", success_rate);
+    info!("📊 Full suite success rate: {:.1}%", success_rate);

    // Allow up to 10% failure rate for non-critical tests
    if success_rate < 90.0 {
        return Err(format!("Test suite success rate too low: {success_rate:.1}%").into());
    }

-    info!("✅ 完整测试套件通过");
+    info!("✅ Full test suite succeeded");
    Ok(())
 }
--- a/crates/ecstore/Cargo.toml
+++ b/crates/ecstore/Cargo.toml
@@ -101,6 +101,11 @@ aws-credential-types = { workspace = true }
 aws-smithy-types = { workspace = true }
 parking_lot = { workspace = true }
 moka = { workspace = true }
+base64-simd.workspace = true
+serde_urlencoded.workspace = true
+google-cloud-storage = { workspace = true }
+google-cloud-auth = { workspace = true }
+aws-config = { workspace = true }

 [target.'cfg(not(windows))'.dependencies]
 nix = { workspace = true }
--- a/crates/ecstore/run_benchmarks.sh
+++ b/crates/ecstore/run_benchmarks.sh
@@ -14,12 +14,12 @@
 # limitations under the License.


-# Reed-Solomon SIMD 性能基准测试脚本
-# 使用高性能 SIMD 实现进行纠删码性能测试
+# Reed-Solomon SIMD performance benchmark script
+# Run erasure-coding benchmarks using the high-performance SIMD implementation

 set -e

-# ANSI 颜色码
+# ANSI color codes
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
@@ -27,7 +27,7 @@ BLUE='\033[0;34m'
 PURPLE='\033[0;35m'
 NC='\033[0m' # No Color

-# 打印带颜色的消息
+# Print colored messages
 print_info() {
    echo -e "${BLUE}ℹ️  $1${NC}"
 }
@@ -44,177 +44,177 @@ print_error() {
    echo -e "${RED}❌ $1${NC}"
 }

-# 检查系统要求
+# Validate system requirements
 check_requirements() {
-    print_info "检查系统要求..."
+    print_info "Checking system requirements..."
    
-    # 检查 Rust
+    # Check for Rust
    if ! command -v cargo &> /dev/null; then
-        print_error "Cargo 未找到，请确保已安装 Rust"
+        print_error "Cargo not found; install Rust first"
        exit 1
    fi
    
-    # 检查 criterion
+    # Check criterion support
    if ! cargo --list | grep -q "bench"; then
-        print_error "未找到基准测试支持，请确保使用的是支持基准测试的 Rust 版本"
+        print_error "Benchmark support missing; use a Rust toolchain with criterion support"
        exit 1
    fi
    
-    print_success "系统要求检查通过"
+    print_success "System requirements satisfied"
 }

-# 清理之前的测试结果
+# Remove previous benchmark artifacts
 cleanup() {
-    print_info "清理之前的测试结果..."
+    print_info "Cleaning previous benchmark artifacts..."
    rm -rf target/criterion
-    print_success "清理完成"
+    print_success "Cleanup complete"
 }

-# 运行 SIMD 模式基准测试
+# Run SIMD-only benchmarks
 run_simd_benchmark() {
-    print_info "🎯 开始运行 SIMD 模式基准测试..."
+    print_info "🎯 Starting SIMD-only benchmark run..."
    echo "================================================"
    
    cargo bench --bench comparison_benchmark \
        -- --save-baseline simd_baseline
    
-    print_success "SIMD 模式基准测试完成"
+    print_success "SIMD-only benchmarks completed"
 }

-# 运行完整的基准测试套件
+# Run the full benchmark suite
 run_full_benchmark() {
-    print_info "🚀 开始运行完整基准测试套件..."
+    print_info "🚀 Starting full benchmark suite..."
    echo "================================================"
    
-    # 运行详细的基准测试
+    # Execute detailed benchmarks
    cargo bench --bench erasure_benchmark
    
-    print_success "完整基准测试套件完成"
+    print_success "Full benchmark suite finished"
 }

-# 运行性能测试
+# Run performance tests
 run_performance_test() {
-    print_info "📊 开始运行性能测试..."
+    print_info "📊 Starting performance tests..."
    echo "================================================"
    
-    print_info "步骤 1: 运行编码基准测试..."
+    print_info "Step 1: running encoding benchmarks..."
    cargo bench --bench comparison_benchmark \
        -- encode --save-baseline encode_baseline
    
-    print_info "步骤 2: 运行解码基准测试..."
+    print_info "Step 2: running decoding benchmarks..."
    cargo bench --bench comparison_benchmark \
        -- decode --save-baseline decode_baseline
    
-    print_success "性能测试完成"
+    print_success "Performance tests completed"
 }

-# 运行大数据集测试
+# Run large dataset tests
 run_large_data_test() {
-    print_info "🗂️ 开始运行大数据集测试..."
+    print_info "🗂️ Starting large-dataset tests..."
    echo "================================================"
    
    cargo bench --bench erasure_benchmark \
        -- large_data --save-baseline large_data_baseline
    
-    print_success "大数据集测试完成"
+    print_success "Large-dataset tests completed"
 }

-# 生成比较报告
+# Generate comparison report
 generate_comparison_report() {
-    print_info "📊 生成性能报告..."
+    print_info "📊 Generating performance report..."
    
    if [ -d "target/criterion" ]; then
-        print_info "基准测试结果已保存到 target/criterion/ 目录"
-        print_info "你可以打开 target/criterion/report/index.html 查看详细报告"
+        print_info "Benchmark results saved under target/criterion/"
+        print_info "Open target/criterion/report/index.html for the HTML report"
        
-        # 如果有 python 环境，可以启动简单的 HTTP 服务器查看报告
+        # If Python is available, start a simple HTTP server to browse the report
        if command -v python3 &> /dev/null; then
-            print_info "你可以运行以下命令启动本地服务器查看报告:"
+            print_info "Run the following command to serve the report locally:"
            echo "  cd target/criterion && python3 -m http.server 8080"
-            echo "  然后在浏览器中访问 http://localhost:8080/report/index.html"
+            echo "  Then open http://localhost:8080/report/index.html"
        fi
    else
-        print_warning "未找到基准测试结果目录"
+        print_warning "Benchmark result directory not found"
    fi
 }

-# 快速测试模式
+# Quick test mode
 run_quick_test() {
-    print_info "🏃 运行快速性能测试..."
+    print_info "🏃 Running quick performance test..."
    
-    print_info "测试 SIMD 编码性能..."
+    print_info "Testing SIMD encoding performance..."
    cargo bench --bench comparison_benchmark \
        -- encode --quick
    
-    print_info "测试 SIMD 解码性能..."
+    print_info "Testing SIMD decoding performance..."
    cargo bench --bench comparison_benchmark \
        -- decode --quick
    
-    print_success "快速测试完成"
+    print_success "Quick test complete"
 }

-# 显示帮助信息
+# Display help
 show_help() {
-    echo "Reed-Solomon SIMD 性能基准测试脚本"
+    echo "Reed-Solomon SIMD performance benchmark script"
    echo ""
-    echo "实现模式："
-    echo "  🎯 SIMD 模式 - 高性能 SIMD 优化的 reed-solomon-simd 实现"
+    echo "Modes:"
+    echo "  🎯 simd         High-performance reed-solomon-simd implementation"
    echo ""
-    echo "使用方法:"
+    echo "Usage:"
    echo "  $0 [command]"
    echo ""
-    echo "命令:"
-    echo "  quick        运行快速性能测试"
-    echo "  full         运行完整基准测试套件"
-    echo "  performance  运行详细的性能测试"
-    echo "  simd         运行 SIMD 模式测试"
-    echo "  large        运行大数据集测试"
-    echo "  clean        清理测试结果"
-    echo "  help         显示此帮助信息"
+    echo "Commands:"
+    echo "  quick        Run the quick performance test"
+    echo "  full         Run the full benchmark suite"
+    echo "  performance  Run detailed performance tests"
+    echo "  simd         Run the SIMD-only tests"
+    echo "  large        Run large-dataset tests"
+    echo "  clean        Remove previous results"
+    echo "  help         Show this help message"
    echo ""
-    echo "示例:"
-    echo "  $0 quick              # 快速性能测试"
-    echo "  $0 performance        # 详细性能测试"
-    echo "  $0 full              # 完整测试套件"
-    echo "  $0 simd              # SIMD 模式测试"
-    echo "  $0 large             # 大数据集测试"
+    echo "Examples:"
+    echo "  $0 quick              # Quick performance test"
+    echo "  $0 performance        # Detailed performance test"
+    echo "  $0 full              # Full benchmark suite"
+    echo "  $0 simd              # SIMD-only benchmark"
+    echo "  $0 large             # Large-dataset benchmark"
    echo ""
-    echo "实现特性:"
-    echo "  - 使用 reed-solomon-simd 高性能 SIMD 实现"
-    echo "  - 支持编码器/解码器实例缓存"
-    echo "  - 优化的内存管理和线程安全"
-    echo "  - 跨平台 SIMD 指令支持"
+    echo "Features:"
+    echo "  - Uses the high-performance reed-solomon-simd implementation"
+    echo "  - Caches encoder/decoder instances"
+    echo "  - Optimized memory management and thread safety"
+    echo "  - Cross-platform SIMD instruction support"
 }

-# 显示测试配置信息
+# Show benchmark configuration
 show_test_info() {
-    print_info "📋 测试配置信息:"
-    echo "  - 当前目录: $(pwd)"
-    echo "  - Rust 版本: $(rustc --version)"
-    echo "  - Cargo 版本: $(cargo --version)"
-    echo "  - CPU 架构: $(uname -m)"
-    echo "  - 操作系统: $(uname -s)"
+    print_info "📋 Benchmark configuration:"
+    echo "  - Working directory: $(pwd)"
+    echo "  - Rust version: $(rustc --version)"
+    echo "  - Cargo version: $(cargo --version)"
+    echo "  - CPU architecture: $(uname -m)"
+    echo "  - Operating system: $(uname -s)"
    
-    # 检查 CPU 特性
+    # Inspect CPU capabilities
    if [ -f "/proc/cpuinfo" ]; then
-        echo "  - CPU 型号: $(grep 'model name' /proc/cpuinfo | head -1 | cut -d: -f2 | xargs)"
+        echo "  - CPU model: $(grep 'model name' /proc/cpuinfo | head -1 | cut -d: -f2 | xargs)"
        if grep -q "avx2" /proc/cpuinfo; then
-            echo "  - SIMD 支持: AVX2 ✅ (将使用高级 SIMD 优化)"
+            echo "  - SIMD support: AVX2 ✅ (using advanced SIMD optimizations)"
        elif grep -q "sse4" /proc/cpuinfo; then
-            echo "  - SIMD 支持: SSE4 ✅ (将使用 SIMD 优化)"
+            echo "  - SIMD support: SSE4 ✅ (using SIMD optimizations)"
        else
-            echo "  - SIMD 支持: 基础 SIMD 特性"
+            echo "  - SIMD support: baseline features"
        fi
    fi
    
-    echo "  - 实现: reed-solomon-simd (高性能 SIMD 优化)"
-    echo "  - 特性: 实例缓存、线程安全、跨平台 SIMD"
+    echo "  - Implementation: reed-solomon-simd (SIMD-optimized)"
+    echo "  - Highlights: instance caching, thread safety, cross-platform SIMD"
    echo ""
 }

-# 主函数
+# Main entry point
 main() {
-    print_info "🧪 Reed-Solomon SIMD 实现性能基准测试"
+    print_info "🧪 Reed-Solomon SIMD benchmark suite"
    echo "================================================"
    
    check_requirements
@@ -252,15 +252,15 @@ main() {
            show_help
            ;;
        *)
-            print_error "未知命令: $1"
+            print_error "Unknown command: $1"
            echo ""
            show_help
            exit 1
            ;;
    esac
    
-    print_success "✨ 基准测试执行完成!"
+    print_success "✨ Benchmark run completed!"
 }

-# 启动脚本
+# Launch script
 main "$@" 
--- a/crates/ecstore/src/admin_server_info.rs
+++ b/crates/ecstore/src/admin_server_info.rs
@@ -96,21 +96,21 @@ async fn is_server_resolvable(endpoint: &Endpoint) -> Result<()> {
    let decoded_payload = flatbuffers::root::<PingBody>(finished_data);
    assert!(decoded_payload.is_ok());

-    // 创建客户端
+    // Create the client
    let mut client = node_service_time_out_client(&addr)
        .await
        .map_err(|err| Error::other(err.to_string()))?;

-    // 构造 PingRequest
+    // Build the PingRequest
    let request = Request::new(PingRequest {
        version: 1,
        body: bytes::Bytes::copy_from_slice(finished_data),
    });

-    // 发送请求并获取响应
+    // Send the request and obtain the response
    let response: PingResponse = client.ping(request).await?.into_inner();

-    // 打印响应
+    // Print the response
    let ping_response_body = flatbuffers::root::<PingBody>(&response.body);
    if let Err(e) = ping_response_body {
        eprintln!("{e}");
--- a/crates/ecstore/src/bucket/lifecycle/bucket_lifecycle_ops.rs
+++ b/crates/ecstore/src/bucket/lifecycle/bucket_lifecycle_ops.rs
@@ -18,14 +18,18 @@
 #![allow(unused_must_use)]
 #![allow(clippy::all)]

+use crate::error::StorageError;
 use async_channel::{Receiver as A_Receiver, Sender as A_Sender, bounded};
+use bytes::BytesMut;
 use futures::Future;
 use http::HeaderMap;
 use lazy_static::lazy_static;
 use rustfs_common::data_usage::TierStats;
 use rustfs_common::heal_channel::rep_has_active_rules;
 use rustfs_common::metrics::{IlmAction, Metrics};
+use rustfs_filemeta::fileinfo::{NULL_VERSION_ID, RestoreStatusOps, is_restored_object_on_disk};
 use rustfs_utils::path::encode_dir_object;
+use rustfs_utils::string::strings_has_prefix_fold;
 use s3s::Body;
 use sha2::{Digest, Sha256};
 use std::any::Any;
@@ -62,7 +66,11 @@ use crate::store::ECStore;
 use crate::store_api::StorageAPI;
 use crate::store_api::{GetObjectReader, HTTPRangeSpec, ObjectInfo, ObjectOptions, ObjectToDelete};
 use crate::tier::warm_backend::WarmBackendGetOpts;
-use s3s::dto::{BucketLifecycleConfiguration, DefaultRetention, ReplicationConfiguration};
+use s3s::dto::{
+    BucketLifecycleConfiguration, DefaultRetention, ReplicationConfiguration, RestoreRequest, RestoreRequestType, RestoreStatus,
+    ServerSideEncryption, Timestamp,
+};
+use s3s::header::{X_AMZ_RESTORE, X_AMZ_SERVER_SIDE_ENCRYPTION, X_AMZ_STORAGE_CLASS};

 pub type TimeFn = Arc<dyn Fn() -> Pin<Box<dyn Future<Output = ()> + Send>> + Send + Sync + 'static>;
 pub type TraceFn =
@@ -71,9 +79,12 @@ pub type ExpiryOpType = Box<dyn ExpiryOp + Send + Sync + 'static>;

 static XXHASH_SEED: u64 = 0;

-const _DISABLED: &str = "Disabled";
+pub const AMZ_OBJECT_TAGGING: &str = "X-Amz-Tagging";
+pub const AMZ_TAG_COUNT: &str = "x-amz-tagging-count";
+pub const AMZ_TAG_DIRECTIVE: &str = "X-Amz-Tagging-Directive";
+pub const AMZ_ENCRYPTION_AES: &str = "AES256";
+pub const AMZ_ENCRYPTION_KMS: &str = "aws:kms";

-//pub const ERR_INVALID_STORAGECLASS: &str = "invalid storage class.";
 pub const ERR_INVALID_STORAGECLASS: &str = "invalid tier.";

 lazy_static! {
@@ -762,11 +773,14 @@ pub fn gen_transition_objname(bucket: &str) -> Result<String, Error> {
 pub async fn transition_object(api: Arc<ECStore>, oi: &ObjectInfo, lae: LcAuditEvent) -> Result<(), Error> {
    let time_ilm = Metrics::time_ilm(lae.event.action);

+    let etag = if let Some(etag) = &oi.etag { etag } else { "" };
+    let etag = etag.to_string();
+
    let opts = ObjectOptions {
        transition: TransitionOptions {
            status: lifecycle::TRANSITION_PENDING.to_string(),
            tier: lae.event.storage_class,
-            etag: oi.etag.clone().expect("err").to_string(),
+            etag,
            ..Default::default()
        },
        //lifecycle_audit_event: lae,
@@ -787,9 +801,9 @@ pub fn audit_tier_actions(_api: ECStore, _tier: &str, _bytes: i64) -> TimeFn {
 pub async fn get_transitioned_object_reader(
    bucket: &str,
    object: &str,
-    rs: HTTPRangeSpec,
-    h: HeaderMap,
-    oi: ObjectInfo,
+    rs: &Option<HTTPRangeSpec>,
+    h: &HeaderMap,
+    oi: &ObjectInfo,
    opts: &ObjectOptions,
 ) -> Result<GetObjectReader, std::io::Error> {
    let mut tier_config_mgr = GLOBAL_TierConfigMgr.write().await;
@@ -815,19 +829,131 @@ pub async fn get_transitioned_object_reader(
    let reader = tgt_client
        .get(&oi.transitioned_object.name, &oi.transitioned_object.version_id, gopts)
        .await?;
-    Ok(get_fn(reader, h))
+    Ok(get_fn(reader, h.clone()))
 }

-pub fn post_restore_opts(_r: http::Request<Body>, _bucket: &str, _object: &str) -> Result<ObjectOptions, std::io::Error> {
-    todo!();
+pub async fn post_restore_opts(version_id: &str, bucket: &str, object: &str) -> Result<ObjectOptions, std::io::Error> {
+    let versioned = BucketVersioningSys::prefix_enabled(bucket, object).await;
+    let version_suspended = BucketVersioningSys::prefix_suspended(bucket, object).await;
+    let vid = version_id.trim();
+    if vid != "" && vid != NULL_VERSION_ID {
+        if let Err(err) = Uuid::parse_str(vid) {
+            return Err(std::io::Error::other(
+                StorageError::InvalidVersionID(bucket.to_string(), object.to_string(), vid.to_string()).to_string(),
+            ));
+        }
+        if !versioned && !version_suspended {
+            return Err(std::io::Error::other(
+                StorageError::InvalidArgument(
+                    bucket.to_string(),
+                    object.to_string(),
+                    format!("version-id specified {} but versioning is not enabled on {}", vid, bucket),
+                )
+                .to_string(),
+            ));
+        }
+    }
+    Ok(ObjectOptions {
+        versioned: versioned,
+        version_suspended: version_suspended,
+        version_id: Some(vid.to_string()),
+        ..Default::default()
+    })
 }

-pub fn put_restore_opts(_bucket: &str, _object: &str, _rreq: &RestoreObjectRequest, _oi: &ObjectInfo) -> ObjectOptions {
-    todo!();
+pub async fn put_restore_opts(
+    bucket: &str,
+    object: &str,
+    rreq: &RestoreRequest,
+    oi: &ObjectInfo,
+) -> Result<ObjectOptions, std::io::Error> {
+    let mut meta = HashMap::<String, String>::new();
+    /*let mut b = false;
+    let Some(Some(Some(mut sc))) = rreq.output_location.s3.storage_class else { b = true; };
+    if b || sc == "" {
+        //sc = oi.storage_class;
+        sc = oi.transitioned_object.tier;
+    }
+    meta.insert(X_AMZ_STORAGE_CLASS.as_str().to_lowercase(), sc);*/
+
+    if let Some(type_) = &rreq.type_
+        && type_.as_str() == RestoreRequestType::SELECT
+    {
+        for v in rreq
+            .output_location
+            .as_ref()
+            .unwrap()
+            .s3
+            .as_ref()
+            .unwrap()
+            .user_metadata
+            .as_ref()
+            .unwrap()
+        {
+            if !strings_has_prefix_fold(&v.name.clone().unwrap(), "x-amz-meta") {
+                meta.insert(
+                    format!("x-amz-meta-{}", v.name.as_ref().unwrap()),
+                    v.value.clone().unwrap_or("".to_string()),
+                );
+                continue;
+            }
+            meta.insert(v.name.clone().unwrap(), v.value.clone().unwrap_or("".to_string()));
+        }
+        if let Some(output_location) = rreq.output_location.as_ref() {
+            if let Some(s3) = &output_location.s3 {
+                if let Some(tags) = &s3.tagging {
+                    meta.insert(
+                        AMZ_OBJECT_TAGGING.to_string(),
+                        serde_urlencoded::to_string(tags.tag_set.clone()).unwrap_or("".to_string()),
+                    );
+                }
+            }
+        }
+        if let Some(output_location) = rreq.output_location.as_ref() {
+            if let Some(s3) = &output_location.s3 {
+                if let Some(encryption) = &s3.encryption {
+                    if encryption.encryption_type.as_str() != "" {
+                        meta.insert(X_AMZ_SERVER_SIDE_ENCRYPTION.as_str().to_string(), AMZ_ENCRYPTION_AES.to_string());
+                    }
+                }
+            }
+        }
+        return Ok(ObjectOptions {
+            versioned: BucketVersioningSys::prefix_enabled(bucket, object).await,
+            version_suspended: BucketVersioningSys::prefix_suspended(bucket, object).await,
+            user_defined: meta,
+            ..Default::default()
+        });
+    }
+    for (k, v) in &oi.user_defined {
+        meta.insert(k.to_string(), v.clone());
+    }
+    if oi.user_tags.len() != 0 {
+        meta.insert(AMZ_OBJECT_TAGGING.to_string(), oi.user_tags.clone());
+    }
+    let restore_expiry = lifecycle::expected_expiry_time(OffsetDateTime::now_utc(), rreq.days.unwrap_or(1));
+    meta.insert(
+        X_AMZ_RESTORE.as_str().to_string(),
+        RestoreStatus {
+            is_restore_in_progress: Some(false),
+            restore_expiry_date: Some(Timestamp::from(restore_expiry)),
+        }
+        .to_string(),
+    );
+    Ok(ObjectOptions {
+        versioned: BucketVersioningSys::prefix_enabled(bucket, object).await,
+        version_suspended: BucketVersioningSys::prefix_suspended(bucket, object).await,
+        user_defined: meta,
+        version_id: oi.version_id.map(|e| e.to_string()),
+        mod_time: oi.mod_time,
+        //expires:           oi.expires,
+        ..Default::default()
+    })
 }

 pub trait LifecycleOps {
    fn to_lifecycle_opts(&self) -> lifecycle::ObjectOpts;
+    fn is_remote(&self) -> bool;
 }

 impl LifecycleOps for ObjectInfo {
@@ -848,29 +974,54 @@ impl LifecycleOps for ObjectInfo {
            ..Default::default()
        }
    }
+
+    fn is_remote(&self) -> bool {
+        if self.transitioned_object.status != lifecycle::TRANSITION_COMPLETE {
+            return false;
+        }
+        !is_restored_object_on_disk(&self.user_defined)
+    }
 }

-#[derive(Debug, Default, Clone)]
-pub struct S3Location {
-    pub bucketname: String,
-    //pub encryption:    Encryption,
-    pub prefix: String,
-    pub storage_class: String,
-    //pub tagging:       Tags,
-    pub user_metadata: HashMap<String, String>,
+pub trait RestoreRequestOps {
+    fn validate(&self, api: Arc<ECStore>) -> Result<(), std::io::Error>;
 }

-#[derive(Debug, Default, Clone)]
-pub struct OutputLocation(pub S3Location);
+impl RestoreRequestOps for RestoreRequest {
+    fn validate(&self, api: Arc<ECStore>) -> Result<(), std::io::Error> {
+        /*if self.type_.is_none() && self.select_parameters.is_some() {
+            return Err(std::io::Error::other("Select parameters can only be specified with SELECT request type"));
+        }
+        if let Some(type_) = self.type_ && type_ == RestoreRequestType::SELECT && self.select_parameters.is_none() {
+            return Err(std::io::Error::other("SELECT restore request requires select parameters to be specified"));
+        }

-#[derive(Debug, Default, Clone)]
-pub struct RestoreObjectRequest {
-    pub days: i64,
-    pub ror_type: String,
-    pub tier: String,
-    pub description: String,
-    //pub select_parameters: SelectParameters,
-    pub output_location: OutputLocation,
+        if self.type_.is_none() && self.output_location.is_some() {
+            return Err(std::io::Error::other("OutputLocation required only for SELECT request type"));
+        }
+        if let Some(type_) = self.type_ && type_ == RestoreRequestType::SELECT && self.output_location.is_none() {
+            return Err(std::io::Error::other("OutputLocation required for SELECT requests"));
+        }
+
+        if let Some(type_) = self.type_ && type_ == RestoreRequestType::SELECT && self.days != 0 {
+            return Err(std::io::Error::other("Days cannot be specified with SELECT restore request"));
+        }
+        if self.days == 0 && self.type_.is_none() {
+            return Err(std::io::Error::other("restoration days should be at least 1"));
+        }
+        if self.output_location.is_some() {
+            if _, err := api.get_bucket_info(self.output_location.s3.bucket_name, BucketOptions{}); err != nil {
+                return err
+            }
+            if self.output_location.s3.prefix == "" {
+                return Err(std::io::Error::other("Prefix is a required parameter in OutputLocation"));
+            }
+            if self.output_location.s3.encryption.encryption_type.as_str() != ServerSideEncryption::AES256 {
+                return NotImplemented{}
+            }
+        }*/
+        Ok(())
+    }
 }

 const _MAX_RESTORE_OBJECT_REQUEST_SIZE: i64 = 2 << 20;
@@ -975,11 +1126,10 @@ pub async fn apply_expiry_on_non_transitioned_objects(
    //debug!("lc_event.action: {:?}", lc_event.action);
    //debug!("opts: {:?}", opts);
    let mut dobj = match api.delete_object(&oi.bucket, &encode_dir_object(&oi.name), opts).await {
-        Ok(obj) => obj,
+        Ok(dobj) => dobj,
        Err(e) => {
-            error!("Failed to delete object {}/{}: {:?}", oi.bucket, oi.name, e);
-            // Return the original object info if deletion fails
-            oi.clone()
+            error!("delete_object error: {:?}", e);
+            return false;
        }
    };
    //debug!("dobj: {:?}", dobj);
--- a/crates/ecstore/src/bucket/lifecycle/lifecycle.rs
+++ b/crates/ecstore/src/bucket/lifecycle/lifecycle.rs
@@ -20,7 +20,7 @@

 use s3s::dto::{
    BucketLifecycleConfiguration, ExpirationStatus, LifecycleExpiration, LifecycleRule, NoncurrentVersionTransition,
-    ObjectLockConfiguration, ObjectLockEnabled, Transition,
+    ObjectLockConfiguration, ObjectLockEnabled, RestoreRequest, Transition,
 };
 use std::cmp::Ordering;
 use std::env;
@@ -32,8 +32,6 @@ use tracing::info;

 use crate::bucket::lifecycle::rule::TransitionOps;

-use super::bucket_lifecycle_ops::RestoreObjectRequest;
-
 pub const TRANSITION_COMPLETE: &str = "complete";
 pub const TRANSITION_PENDING: &str = "pending";

@@ -325,7 +323,7 @@ impl Lifecycle for BucketLifecycleConfiguration {
                        }

                        if let Some(days) = expiration.days {
-                            let expected_expiry = expected_expiry_time(obj.mod_time.expect("err!"), days /*, date*/);
+                            let expected_expiry = expected_expiry_time(obj.mod_time.unwrap(), days /*, date*/);
                            if now.unix_timestamp() >= expected_expiry.unix_timestamp() {
                                events.push(Event {
                                    action: IlmAction::DeleteVersionAction,
@@ -402,19 +400,21 @@ impl Lifecycle for BucketLifecycleConfiguration {
                            if storage_class.as_str() != "" && !obj.delete_marker && obj.transition_status != TRANSITION_COMPLETE
                            {
                                let due = rule.noncurrent_version_transitions.as_ref().unwrap()[0].next_due(obj);
-                                if due.is_some() && (now.unix_timestamp() >= due.unwrap().unix_timestamp()) {
-                                    events.push(Event {
-                                        action: IlmAction::TransitionVersionAction,
-                                        rule_id: rule.id.clone().expect("err!"),
-                                        due,
-                                        storage_class: rule.noncurrent_version_transitions.as_ref().unwrap()[0]
-                                            .storage_class
-                                            .clone()
-                                            .unwrap()
-                                            .as_str()
-                                            .to_string(),
-                                        ..Default::default()
-                                    });
+                                if let Some(due0) = due {
+                                    if now.unix_timestamp() == 0 || now.unix_timestamp() > due0.unix_timestamp() {
+                                        events.push(Event {
+                                            action: IlmAction::TransitionVersionAction,
+                                            rule_id: rule.id.clone().expect("err!"),
+                                            due,
+                                            storage_class: rule.noncurrent_version_transitions.as_ref().unwrap()[0]
+                                                .storage_class
+                                                .clone()
+                                                .unwrap()
+                                                .as_str()
+                                                .to_string(),
+                                            ..Default::default()
+                                        });
+                                    }
                                }
                            }
                        }
@@ -446,7 +446,7 @@ impl Lifecycle for BucketLifecycleConfiguration {
                                });
                            }
                        } else if let Some(days) = expiration.days {
-                            let expected_expiry: OffsetDateTime = expected_expiry_time(obj.mod_time.expect("err!"), days);
+                            let expected_expiry: OffsetDateTime = expected_expiry_time(obj.mod_time.unwrap(), days);
                            info!(
                                "eval_inner: expiration check - days={}, obj_time={:?}, expiry_time={:?}, now={:?}, should_expire={}",
                                days,
@@ -480,12 +480,12 @@ impl Lifecycle for BucketLifecycleConfiguration {
                    if obj.transition_status != TRANSITION_COMPLETE {
                        if let Some(ref transitions) = rule.transitions {
                            let due = transitions[0].next_due(obj);
-                            if let Some(due) = due {
-                                if due.unix_timestamp() > 0 && (now.unix_timestamp() >= due.unix_timestamp()) {
+                            if let Some(due0) = due {
+                                if now.unix_timestamp() == 0 || now.unix_timestamp() > due0.unix_timestamp() {
                                    events.push(Event {
                                        action: IlmAction::TransitionAction,
                                        rule_id: rule.id.clone().expect("err!"),
-                                        due: Some(due),
+                                        due,
                                        storage_class: transitions[0].storage_class.clone().expect("err!").as_str().to_string(),
                                        noncurrent_days: 0,
                                        newer_noncurrent_versions: 0,
@@ -580,8 +580,10 @@ impl LifecycleCalculate for LifecycleExpiration {
        if !obj.is_latest || !obj.delete_marker {
            return None;
        }
-
-        Some(expected_expiry_time(obj.mod_time.unwrap(), self.days.unwrap()))
+        match self.days {
+            Some(days) => Some(expected_expiry_time(obj.mod_time.unwrap(), days)),
+            None => None,
+        }
    }
 }

@@ -591,10 +593,16 @@ impl LifecycleCalculate for NoncurrentVersionTransition {
        if obj.is_latest || self.storage_class.is_none() {
            return None;
        }
-        if self.noncurrent_days.is_none() {
-            return obj.successor_mod_time;
+        match self.noncurrent_days {
+            Some(noncurrent_days) => {
+                if let Some(successor_mod_time) = obj.successor_mod_time {
+                    Some(expected_expiry_time(successor_mod_time, noncurrent_days))
+                } else {
+                    Some(expected_expiry_time(OffsetDateTime::now_utc(), noncurrent_days))
+                }
+            }
+            None => obj.successor_mod_time,
        }
-        Some(expected_expiry_time(obj.successor_mod_time.unwrap(), self.noncurrent_days.unwrap()))
    }
 }

@@ -609,10 +617,10 @@ impl LifecycleCalculate for Transition {
            return Some(date.into());
        }

-        if self.days.is_none() {
-            return obj.mod_time;
+        match self.days {
+            Some(days) => Some(expected_expiry_time(obj.mod_time.unwrap(), days)),
+            None => obj.mod_time,
        }
-        Some(expected_expiry_time(obj.mod_time.unwrap(), self.days.unwrap()))
    }
 }

@@ -692,7 +700,7 @@ pub struct TransitionOptions {
    pub status: String,
    pub tier: String,
    pub etag: String,
-    pub restore_request: RestoreObjectRequest,
+    pub restore_request: RestoreRequest,
    pub restore_expiry: OffsetDateTime,
    pub expire_restored: bool,
 }
--- a/crates/ecstore/src/bucket/metadata.rs
+++ b/crates/ecstore/src/bucket/metadata.rs
@@ -428,8 +428,8 @@ where
    let sec = t.unix_timestamp() - 62135596800;
    let nsec = t.nanosecond();
    buf[0] = 0xc7; // mext8
-    buf[1] = 0x0c; // 长度
-    buf[2] = 0x05; // 时间扩展类型
+    buf[1] = 0x0c; // Length
+    buf[2] = 0x05; // Time extension type
    BigEndian::write_u64(&mut buf[3..], sec as u64);
    BigEndian::write_u32(&mut buf[11..], nsec);
    s.serialize_bytes(&buf)
--- a/crates/ecstore/src/bucket/quota/mod.rs
+++ b/crates/ecstore/src/bucket/quota/mod.rs
@@ -16,16 +16,16 @@ use crate::error::Result;
 use rmp_serde::Serializer as rmpSerializer;
 use serde::{Deserialize, Serialize};

-// 定义 QuotaType 枚举类型
+// Define the QuotaType enum
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 pub enum QuotaType {
    Hard,
 }

-// 定义 BucketQuota 结构体
+// Define the BucketQuota structure
 #[derive(Debug, Deserialize, Serialize, Default, Clone)]
 pub struct BucketQuota {
-    quota: Option<u64>, // 使用 Option 来表示可能不存在的字段
+    quota: Option<u64>, // Use Option to represent optional fields

    size: u64,

--- a/crates/ecstore/src/bucket/replication/config.rs
+++ b/crates/ecstore/src/bucket/replication/config.rs
@@ -46,7 +46,7 @@ pub trait ReplicationConfigurationExt {
 }

 impl ReplicationConfigurationExt for ReplicationConfiguration {
-    /// 检查是否有现有对象复制规则
+    /// Check whether any object-replication rules exist
    fn has_existing_object_replication(&self, arn: &str) -> (bool, bool) {
        let mut has_arn = false;

@@ -117,7 +117,7 @@ impl ReplicationConfigurationExt for ReplicationConfiguration {
        rules
    }

-    /// 获取目标配置
+    /// Retrieve the destination configuration
    fn get_destination(&self) -> Destination {
        if !self.rules.is_empty() {
            self.rules[0].destination.clone()
@@ -134,7 +134,7 @@ impl ReplicationConfigurationExt for ReplicationConfiguration {
        }
    }

-    /// 判断对象是否应该被复制
+    /// Determine whether an object should be replicated
    fn replicate(&self, obj: &ObjectOpts) -> bool {
        let rules = self.filter_actionable_rules(obj);

@@ -164,16 +164,16 @@ impl ReplicationConfigurationExt for ReplicationConfiguration {
                }
            }

-            // 常规对象/元数据复制
+            // Regular object/metadata replication
            return rule.metadata_replicate(obj);
        }
        false
    }

-    /// 检查是否有活跃的规则
-    /// 可选择性地提供前缀
-    /// 如果recursive为true，函数还会在前缀下的任何级别有活跃规则时返回true
-    /// 如果没有指定前缀，recursive实际上为true
+    /// Check for an active rule
+    /// Optionally accept a prefix
+    /// When recursive is true, return true if any level under the prefix has an active rule
+    /// Without a prefix, recursive behaves as true
    fn has_active_rules(&self, prefix: &str, recursive: bool) -> bool {
        if self.rules.is_empty() {
            return false;
@@ -187,13 +187,13 @@ impl ReplicationConfigurationExt for ReplicationConfiguration {
            if let Some(filter) = &rule.filter {
                if let Some(filter_prefix) = &filter.prefix {
                    if !prefix.is_empty() && !filter_prefix.is_empty() {
-                        // 传入的前缀必须在规则前缀中
+                        // The provided prefix must fall within the rule prefix
                        if !recursive && !prefix.starts_with(filter_prefix) {
                            continue;
                        }
                    }

-                    // 如果是递归的，我们可以跳过这个规则，如果它不匹配测试前缀或前缀下的级别不匹配
+                    // When recursive, skip this rule if it does not match the test prefix or hierarchy
                    if recursive && !rule.prefix().starts_with(prefix) && !prefix.starts_with(rule.prefix()) {
                        continue;
                    }
@@ -204,7 +204,7 @@ impl ReplicationConfigurationExt for ReplicationConfiguration {
        false
    }

-    /// 过滤目标ARN，返回配置中不同目标ARN的切片
+    /// Filter target ARNs and return a slice of the distinct values in the config
    fn filter_target_arns(&self, obj: &ObjectOpts) -> Vec<String> {
        let mut arns = Vec::new();
        let mut targets_map: HashSet<String> = HashSet::new();
@@ -216,7 +216,7 @@ impl ReplicationConfigurationExt for ReplicationConfiguration {
            }

            if !self.role.is_empty() {
-                arns.push(self.role.clone()); // 如果存在，使用传统的RoleArn
+                arns.push(self.role.clone()); // Use the legacy RoleArn when present
                return arns;
            }

--- a/crates/ecstore/src/bucket/replication/mod.rs
+++ b/crates/ecstore/src/bucket/replication/mod.rs
@@ -17,12 +17,10 @@ pub mod datatypes;
 mod replication_pool;
 mod replication_resyncer;
 mod replication_state;
-mod replication_type;
 mod rule;

 pub use config::*;
 pub use datatypes::*;
 pub use replication_pool::*;
 pub use replication_resyncer::*;
-pub use replication_type::*;
 pub use rule::*;
--- a/crates/ecstore/src/bucket/replication/replication_pool.rs
+++ b/crates/ecstore/src/bucket/replication/replication_pool.rs
@@ -1,9 +1,4 @@
 use crate::StorageAPI;
-use crate::bucket::replication::MrfReplicateEntry;
-use crate::bucket::replication::ReplicateDecision;
-use crate::bucket::replication::ReplicateObjectInfo;
-use crate::bucket::replication::ReplicationWorkerOperation;
-use crate::bucket::replication::ResyncDecision;
 use crate::bucket::replication::ResyncOpts;
 use crate::bucket::replication::ResyncStatusType;
 use crate::bucket::replication::replicate_delete;
@@ -18,16 +13,21 @@ use crate::bucket::replication::replication_resyncer::{
    BucketReplicationResyncStatus, DeletedObjectReplicationInfo, ReplicationResyncer,
 };
 use crate::bucket::replication::replication_state::ReplicationStats;
-use crate::bucket::replication::replication_statuses_map;
-use crate::bucket::replication::version_purge_statuses_map;
 use crate::config::com::read_config;
 use crate::error::Error as EcstoreError;
 use crate::store_api::ObjectInfo;

 use lazy_static::lazy_static;
+use rustfs_filemeta::MrfReplicateEntry;
+use rustfs_filemeta::ReplicateDecision;
+use rustfs_filemeta::ReplicateObjectInfo;
 use rustfs_filemeta::ReplicatedTargetInfo;
 use rustfs_filemeta::ReplicationStatusType;
 use rustfs_filemeta::ReplicationType;
+use rustfs_filemeta::ReplicationWorkerOperation;
+use rustfs_filemeta::ResyncDecision;
+use rustfs_filemeta::replication_statuses_map;
+use rustfs_filemeta::version_purge_statuses_map;
 use rustfs_utils::http::RESERVED_METADATA_PREFIX_LOWER;
 use time::OffsetDateTime;
 use time::format_description::well_known::Rfc3339;
@@ -996,7 +996,7 @@ pub async fn schedule_replication<S: StorageAPI>(oi: ObjectInfo, o: Arc<S>, dsc:
        target_purge_statuses: purge_statuses,
        replication_timestamp: tm,
        user_tags: oi.user_tags,
-        checksum: vec![],
+        checksum: None,
        retry_count: 0,
        event_type: "".to_string(),
        existing_obj_resync: ResyncDecision::default(),
--- a/crates/ecstore/src/bucket/replication/replication_resyncer.rs
+++ b/crates/ecstore/src/bucket/replication/replication_resyncer.rs
@@ -2,12 +2,8 @@ use crate::bucket::bucket_target_sys::{
    AdvancedPutOptions, BucketTargetSys, PutObjectOptions, PutObjectPartOptions, RemoveObjectOptions, TargetClient,
 };
 use crate::bucket::metadata_sys;
-use crate::bucket::replication::{MrfReplicateEntry, ReplicationWorkerOperation, ResyncStatusType};
-use crate::bucket::replication::{
-    ObjectOpts, REPLICATE_EXISTING, REPLICATE_EXISTING_DELETE, REPLICATION_RESET, ReplicateObjectInfo,
-    ReplicationConfigurationExt as _, ResyncTargetDecision, get_replication_state, parse_replicate_decision,
-    replication_statuses_map, target_reset_header, version_purge_statuses_map,
-};
+use crate::bucket::replication::ResyncStatusType;
+use crate::bucket::replication::{ObjectOpts, ReplicationConfigurationExt as _};
 use crate::bucket::tagging::decode_tags_to_map;
 use crate::bucket::target::BucketTargets;
 use crate::bucket::versioning_sys::BucketVersioningSys;
@@ -29,14 +25,17 @@ use byteorder::ByteOrder;
 use futures::future::join_all;
 use http::HeaderMap;

+use regex::Regex;
 use rustfs_filemeta::{
-    ReplicatedInfos, ReplicatedTargetInfo, ReplicationAction, ReplicationState, ReplicationStatusType, ReplicationType,
-    VersionPurgeStatusType,
+    MrfReplicateEntry, REPLICATE_EXISTING, REPLICATE_EXISTING_DELETE, REPLICATION_RESET, ReplicateDecision, ReplicateObjectInfo,
+    ReplicateTargetDecision, ReplicatedInfos, ReplicatedTargetInfo, ReplicationAction, ReplicationState, ReplicationStatusType,
+    ReplicationType, ReplicationWorkerOperation, ResyncDecision, ResyncTargetDecision, VersionPurgeStatusType,
+    get_replication_state, parse_replicate_decision, replication_statuses_map, target_reset_header, version_purge_statuses_map,
 };
 use rustfs_utils::http::{
    AMZ_BUCKET_REPLICATION_STATUS, AMZ_OBJECT_TAGGING, AMZ_TAGGING_DIRECTIVE, CONTENT_ENCODING, HeaderExt as _,
-    RESERVED_METADATA_PREFIX, RESERVED_METADATA_PREFIX_LOWER, RUSTFS_REPLICATION_AUTUAL_OBJECT_SIZE, SSEC_ALGORITHM_HEADER,
-    SSEC_KEY_HEADER, SSEC_KEY_MD5_HEADER, headers,
+    RESERVED_METADATA_PREFIX, RESERVED_METADATA_PREFIX_LOWER, RUSTFS_REPLICATION_AUTUAL_OBJECT_SIZE,
+    RUSTFS_REPLICATION_RESET_STATUS, SSEC_ALGORITHM_HEADER, SSEC_KEY_HEADER, SSEC_KEY_MD5_HEADER, headers,
 };
 use rustfs_utils::path::path_join_buf;
 use rustfs_utils::string::strings_has_prefix_fold;
@@ -56,9 +55,6 @@ use tokio::time::Duration as TokioDuration;
 use tokio_util::sync::CancellationToken;
 use tracing::{error, info, warn};

-use super::replication_type::{ReplicateDecision, ReplicateTargetDecision, ResyncDecision};
-use regex::Regex;
-
 const REPLICATION_DIR: &str = ".replication";
 const RESYNC_FILE_NAME: &str = "resync.bin";
 const RESYNC_META_FORMAT: u16 = 1;
@@ -663,7 +659,7 @@ pub async fn get_heal_replicate_object_info(oi: &ObjectInfo, rcfg: &ReplicationC
        replication_timestamp: None,
        ssec: false, // TODO: add ssec support
        user_tags: oi.user_tags.clone(),
-        checksum: Vec::new(),
+        checksum: oi.checksum.clone(),
        retry_count: 0,
    }
 }
@@ -849,7 +845,7 @@ impl ReplicationConfig {
            {
                resync_decision.targets.insert(
                    decision.arn.clone(),
-                    ResyncTargetDecision::resync_target(
+                    resync_target(
                        &oi,
                        &target.arn,
                        &target.reset_id,
@@ -864,6 +860,59 @@ impl ReplicationConfig {
    }
 }

+pub fn resync_target(
+    oi: &ObjectInfo,
+    arn: &str,
+    reset_id: &str,
+    reset_before_date: Option<OffsetDateTime>,
+    status: ReplicationStatusType,
+) -> ResyncTargetDecision {
+    let rs = oi
+        .user_defined
+        .get(target_reset_header(arn).as_str())
+        .or(oi.user_defined.get(RUSTFS_REPLICATION_RESET_STATUS))
+        .map(|s| s.to_string());
+
+    let mut dec = ResyncTargetDecision::default();
+
+    let mod_time = oi.mod_time.unwrap_or(OffsetDateTime::UNIX_EPOCH);
+
+    if rs.is_none() {
+        let reset_before_date = reset_before_date.unwrap_or(OffsetDateTime::UNIX_EPOCH);
+        if !reset_id.is_empty() && mod_time < reset_before_date {
+            dec.replicate = true;
+            return dec;
+        }
+
+        dec.replicate = status == ReplicationStatusType::Empty;
+
+        return dec;
+    }
+
+    if reset_id.is_empty() || reset_before_date.is_none() {
+        return dec;
+    }
+
+    let rs = rs.unwrap();
+    let reset_before_date = reset_before_date.unwrap();
+
+    let parts: Vec<&str> = rs.splitn(2, ';').collect();
+
+    if parts.len() != 2 {
+        return dec;
+    }
+
+    let new_reset = parts[0] == reset_id;
+
+    if !new_reset && status == ReplicationStatusType::Completed {
+        return dec;
+    }
+
+    dec.replicate = new_reset && mod_time < reset_before_date;
+
+    dec
+}
+
 pub struct MustReplicateOptions {
    meta: HashMap<String, String>,
    status: ReplicationStatusType,
@@ -933,7 +982,7 @@ pub async fn check_replicate_delete(
    let rcfg = match get_replication_config(bucket).await {
        Ok(Some(config)) => config,
        Ok(None) => {
-            warn!("No replication config found for bucket: {}", bucket);
+            // warn!("No replication config found for bucket: {}", bucket);
            return ReplicateDecision::default();
        }
        Err(err) => {
--- a/crates/ecstore/src/bucket/replication/replication_type.rs
+++ b/crates/ecstore/src/bucket/replication/replication_type.rs
@@ -1,470 +0,0 @@
-// Copyright 2024 RustFS Team
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use crate::error::{Error, Result};
-use crate::store_api::ObjectInfo;
-
-use regex::Regex;
-
-use rustfs_filemeta::VersionPurgeStatusType;
-use rustfs_filemeta::{ReplicatedInfos, ReplicationType};
-use rustfs_filemeta::{ReplicationState, ReplicationStatusType};
-use rustfs_utils::http::RESERVED_METADATA_PREFIX_LOWER;
-use rustfs_utils::http::RUSTFS_REPLICATION_RESET_STATUS;
-use serde::{Deserialize, Serialize};
-use std::any::Any;
-use std::collections::HashMap;
-use std::fmt;
-use time::OffsetDateTime;
-use uuid::Uuid;
-
-pub const REPLICATION_RESET: &str = "replication-reset";
-pub const REPLICATION_STATUS: &str = "replication-status";
-
-// ReplicateQueued - replication being queued trail
-pub const REPLICATE_QUEUED: &str = "replicate:queue";
-
-// ReplicateExisting - audit trail for existing objects replication
-pub const REPLICATE_EXISTING: &str = "replicate:existing";
-// ReplicateExistingDelete - audit trail for delete replication triggered for existing delete markers
-pub const REPLICATE_EXISTING_DELETE: &str = "replicate:existing:delete";
-
-// ReplicateMRF - audit trail for replication from Most Recent Failures (MRF) queue
-pub const REPLICATE_MRF: &str = "replicate:mrf";
-// ReplicateIncoming - audit trail of inline replication
-pub const REPLICATE_INCOMING: &str = "replicate:incoming";
-// ReplicateIncomingDelete - audit trail of inline replication of deletes.
-pub const REPLICATE_INCOMING_DELETE: &str = "replicate:incoming:delete";
-
-// ReplicateHeal - audit trail for healing of failed/pending replications
-pub const REPLICATE_HEAL: &str = "replicate:heal";
-// ReplicateHealDelete - audit trail of healing of failed/pending delete replications.
-pub const REPLICATE_HEAL_DELETE: &str = "replicate:heal:delete";
-
-#[derive(Serialize, Deserialize, Debug)]
-pub struct MrfReplicateEntry {
-    #[serde(rename = "bucket")]
-    pub bucket: String,
-
-    #[serde(rename = "object")]
-    pub object: String,
-
-    #[serde(skip_serializing, skip_deserializing)]
-    pub version_id: Option<Uuid>,
-
-    #[serde(rename = "retryCount")]
-    pub retry_count: i32,
-
-    #[serde(skip_serializing, skip_deserializing)]
-    pub size: i64,
-}
-
-pub trait ReplicationWorkerOperation: Any + Send + Sync {
-    fn to_mrf_entry(&self) -> MrfReplicateEntry;
-    fn as_any(&self) -> &dyn Any;
-    fn get_bucket(&self) -> &str;
-    fn get_object(&self) -> &str;
-    fn get_size(&self) -> i64;
-    fn is_delete_marker(&self) -> bool;
-    fn get_op_type(&self) -> ReplicationType;
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-pub struct ReplicateTargetDecision {
-    pub replicate: bool,
-    pub synchronous: bool,
-    pub arn: String,
-    pub id: String,
-}
-
-impl ReplicateTargetDecision {
-    pub fn new(arn: String, replicate: bool, sync: bool) -> Self {
-        Self {
-            replicate,
-            synchronous: sync,
-            arn,
-            id: String::new(),
-        }
-    }
-}
-
-impl fmt::Display for ReplicateTargetDecision {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "{};{};{};{}", self.replicate, self.synchronous, self.arn, self.id)
-    }
-}
-
-/// ReplicateDecision represents replication decision for each target
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ReplicateDecision {
-    pub targets_map: HashMap<String, ReplicateTargetDecision>,
-}
-
-impl ReplicateDecision {
-    pub fn new() -> Self {
-        Self {
-            targets_map: HashMap::new(),
-        }
-    }
-
-    /// Returns true if at least one target qualifies for replication
-    pub fn replicate_any(&self) -> bool {
-        self.targets_map.values().any(|t| t.replicate)
-    }
-
-    /// Returns true if at least one target qualifies for synchronous replication
-    pub fn is_synchronous(&self) -> bool {
-        self.targets_map.values().any(|t| t.synchronous)
-    }
-
-    /// Updates ReplicateDecision with target's replication decision
-    pub fn set(&mut self, target: ReplicateTargetDecision) {
-        self.targets_map.insert(target.arn.clone(), target);
-    }
-
-    /// Returns a stringified representation of internal replication status with all targets marked as `PENDING`
-    pub fn pending_status(&self) -> Option<String> {
-        let mut result = String::new();
-        for target in self.targets_map.values() {
-            if target.replicate {
-                result.push_str(&format!("{}={};", target.arn, ReplicationStatusType::Pending.as_str()));
-            }
-        }
-        if result.is_empty() { None } else { Some(result) }
-    }
-}
-
-impl fmt::Display for ReplicateDecision {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        let mut result = String::new();
-        for (key, value) in &self.targets_map {
-            result.push_str(&format!("{key}={value},"));
-        }
-        write!(f, "{}", result.trim_end_matches(','))
-    }
-}
-
-impl Default for ReplicateDecision {
-    fn default() -> Self {
-        Self::new()
-    }
-}
-
-// parse k-v pairs of target ARN to stringified ReplicateTargetDecision delimited by ',' into a
-// ReplicateDecision struct
-pub fn parse_replicate_decision(_bucket: &str, s: &str) -> Result<ReplicateDecision> {
-    let mut decision = ReplicateDecision::new();
-
-    if s.is_empty() {
-        return Ok(decision);
-    }
-
-    for p in s.split(',') {
-        if p.is_empty() {
-            continue;
-        }
-
-        let slc = p.split('=').collect::<Vec<&str>>();
-        if slc.len() != 2 {
-            return Err(Error::other(format!("invalid replicate decision format: {s}")));
-        }
-
-        let tgt_str = slc[1].trim_matches('"');
-        let tgt = tgt_str.split(';').collect::<Vec<&str>>();
-        if tgt.len() != 4 {
-            return Err(Error::other(format!("invalid replicate decision format: {s}")));
-        }
-
-        let tgt = ReplicateTargetDecision {
-            replicate: tgt[0] == "true",
-            synchronous: tgt[1] == "true",
-            arn: tgt[2].to_string(),
-            id: tgt[3].to_string(),
-        };
-        decision.targets_map.insert(slc[0].to_string(), tgt);
-    }
-
-    Ok(decision)
-
-    // r = ReplicateDecision{
-    // 	targetsMap: make(map[string]replicateTargetDecision),
-    // }
-    // if len(s) == 0 {
-    // 	return
-    // }
-    // for _, p := range strings.Split(s, ",") {
-    // 	if p == "" {
-    // 		continue
-    // 	}
-    // 	slc := strings.Split(p, "=")
-    // 	if len(slc) != 2 {
-    // 		return r, errInvalidReplicateDecisionFormat
-    // 	}
-    // 	tgtStr := strings.TrimSuffix(strings.TrimPrefix(slc[1], `"`), `"`)
-    // 	tgt := strings.Split(tgtStr, ";")
-    // 	if len(tgt) != 4 {
-    // 		return r, errInvalidReplicateDecisionFormat
-    // 	}
-    // 	r.targetsMap[slc[0]] = replicateTargetDecision{Replicate: tgt[0] == "true", Synchronous: tgt[1] == "true", Arn: tgt[2], ID: tgt[3]}
-    // }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-pub struct ResyncTargetDecision {
-    pub replicate: bool,
-    pub reset_id: String,
-    pub reset_before_date: Option<OffsetDateTime>,
-}
-
-pub fn target_reset_header(arn: &str) -> String {
-    format!("{RESERVED_METADATA_PREFIX_LOWER}{REPLICATION_RESET}-{arn}")
-}
-
-impl ResyncTargetDecision {
-    pub fn resync_target(
-        oi: &ObjectInfo,
-        arn: &str,
-        reset_id: &str,
-        reset_before_date: Option<OffsetDateTime>,
-        status: ReplicationStatusType,
-    ) -> Self {
-        let rs = oi
-            .user_defined
-            .get(target_reset_header(arn).as_str())
-            .or(oi.user_defined.get(RUSTFS_REPLICATION_RESET_STATUS))
-            .map(|s| s.to_string());
-
-        let mut dec = Self::default();
-
-        let mod_time = oi.mod_time.unwrap_or(OffsetDateTime::UNIX_EPOCH);
-
-        if rs.is_none() {
-            let reset_before_date = reset_before_date.unwrap_or(OffsetDateTime::UNIX_EPOCH);
-            if !reset_id.is_empty() && mod_time < reset_before_date {
-                dec.replicate = true;
-                return dec;
-            }
-
-            dec.replicate = status == ReplicationStatusType::Empty;
-
-            return dec;
-        }
-
-        if reset_id.is_empty() || reset_before_date.is_none() {
-            return dec;
-        }
-
-        let rs = rs.unwrap();
-        let reset_before_date = reset_before_date.unwrap();
-
-        let parts: Vec<&str> = rs.splitn(2, ';').collect();
-
-        if parts.len() != 2 {
-            return dec;
-        }
-
-        let new_reset = parts[0] == reset_id;
-
-        if !new_reset && status == ReplicationStatusType::Completed {
-            return dec;
-        }
-
-        dec.replicate = new_reset && mod_time < reset_before_date;
-
-        dec
-    }
-}
-
-/// ResyncDecision is a struct representing a map with target's individual resync decisions
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ResyncDecision {
-    pub targets: HashMap<String, ResyncTargetDecision>,
-}
-
-impl ResyncDecision {
-    pub fn new() -> Self {
-        Self { targets: HashMap::new() }
-    }
-
-    /// Returns true if no targets with resync decision present
-    pub fn is_empty(&self) -> bool {
-        self.targets.is_empty()
-    }
-
-    pub fn must_resync(&self) -> bool {
-        self.targets.values().any(|v| v.replicate)
-    }
-
-    pub fn must_resync_target(&self, tgt_arn: &str) -> bool {
-        self.targets.get(tgt_arn).map(|v| v.replicate).unwrap_or(false)
-    }
-}
-
-impl Default for ResyncDecision {
-    fn default() -> Self {
-        Self::new()
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ReplicateObjectInfo {
-    pub name: String,
-    pub size: i64,
-    pub actual_size: i64,
-    pub bucket: String,
-    pub version_id: Option<Uuid>,
-    pub etag: Option<String>,
-    pub mod_time: Option<OffsetDateTime>,
-    pub replication_status: ReplicationStatusType,
-    pub replication_status_internal: Option<String>,
-    pub delete_marker: bool,
-    pub version_purge_status_internal: Option<String>,
-    pub version_purge_status: VersionPurgeStatusType,
-    pub replication_state: Option<ReplicationState>,
-    pub op_type: ReplicationType,
-    pub event_type: String,
-    pub dsc: ReplicateDecision,
-    pub existing_obj_resync: ResyncDecision,
-    pub target_statuses: HashMap<String, ReplicationStatusType>,
-    pub target_purge_statuses: HashMap<String, VersionPurgeStatusType>,
-    pub replication_timestamp: Option<OffsetDateTime>,
-    pub ssec: bool,
-    pub user_tags: String,
-    pub checksum: Vec<u8>,
-    pub retry_count: u32,
-}
-
-impl ReplicationWorkerOperation for ReplicateObjectInfo {
-    fn as_any(&self) -> &dyn Any {
-        self
-    }
-
-    fn to_mrf_entry(&self) -> MrfReplicateEntry {
-        MrfReplicateEntry {
-            bucket: self.bucket.clone(),
-            object: self.name.clone(),
-            version_id: self.version_id,
-            retry_count: self.retry_count as i32,
-            size: self.size,
-        }
-    }
-
-    fn get_bucket(&self) -> &str {
-        &self.bucket
-    }
-
-    fn get_object(&self) -> &str {
-        &self.name
-    }
-
-    fn get_size(&self) -> i64 {
-        self.size
-    }
-
-    fn is_delete_marker(&self) -> bool {
-        self.delete_marker
-    }
-
-    fn get_op_type(&self) -> ReplicationType {
-        self.op_type
-    }
-}
-
-lazy_static::lazy_static! {
-    static ref REPL_STATUS_REGEX: Regex = Regex::new(r"([^=].*?)=([^,].*?);").unwrap();
-}
-
-impl ReplicateObjectInfo {
-    /// Returns replication status of a target
-    pub fn target_replication_status(&self, arn: &str) -> ReplicationStatusType {
-        let binding = self.replication_status_internal.clone().unwrap_or_default();
-        let captures = REPL_STATUS_REGEX.captures_iter(&binding);
-        for cap in captures {
-            if cap.len() == 3 && &cap[1] == arn {
-                return ReplicationStatusType::from(&cap[2]);
-            }
-        }
-        ReplicationStatusType::default()
-    }
-
-    /// Returns the relevant info needed by MRF
-    pub fn to_mrf_entry(&self) -> MrfReplicateEntry {
-        MrfReplicateEntry {
-            bucket: self.bucket.clone(),
-            object: self.name.clone(),
-            version_id: self.version_id,
-            retry_count: self.retry_count as i32,
-            size: self.size,
-        }
-    }
-}
-
-// constructs a replication status map from string representation
-pub fn replication_statuses_map(s: &str) -> HashMap<String, ReplicationStatusType> {
-    let mut targets = HashMap::new();
-    let rep_stat_matches = REPL_STATUS_REGEX.captures_iter(s).map(|c| c.extract());
-    for (_, [arn, status]) in rep_stat_matches {
-        if arn.is_empty() {
-            continue;
-        }
-        let status = ReplicationStatusType::from(status);
-        targets.insert(arn.to_string(), status);
-    }
-    targets
-}
-
-// constructs a version purge status map from string representation
-pub fn version_purge_statuses_map(s: &str) -> HashMap<String, VersionPurgeStatusType> {
-    let mut targets = HashMap::new();
-    let purge_status_matches = REPL_STATUS_REGEX.captures_iter(s).map(|c| c.extract());
-    for (_, [arn, status]) in purge_status_matches {
-        if arn.is_empty() {
-            continue;
-        }
-        let status = VersionPurgeStatusType::from(status);
-        targets.insert(arn.to_string(), status);
-    }
-    targets
-}
-
-pub fn get_replication_state(rinfos: &ReplicatedInfos, prev_state: &ReplicationState, _vid: Option<String>) -> ReplicationState {
-    let reset_status_map: Vec<(String, String)> = rinfos
-        .targets
-        .iter()
-        .filter(|v| !v.resync_timestamp.is_empty())
-        .map(|t| (target_reset_header(t.arn.as_str()), t.resync_timestamp.clone()))
-        .collect();
-
-    let repl_statuses = rinfos.replication_status_internal();
-    let vpurge_statuses = rinfos.version_purge_status_internal();
-
-    let mut reset_statuses_map = prev_state.reset_statuses_map.clone();
-    for (key, value) in reset_status_map {
-        reset_statuses_map.insert(key, value);
-    }
-
-    ReplicationState {
-        replicate_decision_str: prev_state.replicate_decision_str.clone(),
-        reset_statuses_map,
-        replica_timestamp: prev_state.replica_timestamp,
-        replica_status: prev_state.replica_status.clone(),
-        targets: replication_statuses_map(&repl_statuses.clone().unwrap_or_default()),
-        replication_status_internal: repl_statuses,
-        replication_timestamp: rinfos.replication_timestamp,
-        purge_targets: version_purge_statuses_map(&vpurge_statuses.clone().unwrap_or_default()),
-        version_purge_status_internal: vpurge_statuses,
-
-        ..Default::default()
-    }
-}
--- a/crates/ecstore/src/cache_value/metacache_set.rs
+++ b/crates/ecstore/src/cache_value/metacache_set.rs
@@ -108,7 +108,7 @@ pub async fn list_path_raw(rx: CancellationToken, opts: ListPathRawOptions) -> d
            }

            if cancel_rx_clone.is_cancelled() {
-                // warn!("list_path_raw: cancel_rx_clone.try_recv().await.is_ok()");
+                // warn!("list_path_raw: cancel_rx_clone.is_cancelled()");
                return Ok(());
            }

--- a/crates/ecstore/src/chunk_stream.rs
+++ b/crates/ecstore/src/chunk_stream.rs
@@ -39,13 +39,13 @@
 //             #[allow(clippy::shadow_same)] // necessary for `pin_mut!`
 //             Box::pin(async move {
 //                 pin_mut!(body);
-//                 // 上一次没用完的数据
+//                 // Data left over from the previous call
 //                 let mut prev_bytes = Bytes::new();
 //                 let mut read_size = 0;

 //                 loop {
 //                     let data: Vec<Bytes> = {
-//                         // 读固定大小的数据
+//                         // Read a fixed-size chunk
 //                         match Self::read_data(body.as_mut(), prev_bytes, chunk_size).await {
 //                             None => break,
 //                             Some(Err(e)) => return Err(e),
@@ -72,13 +72,13 @@

 //                     if read_size + prev_bytes.len() >= content_length {
 //                         // debug!(
-//                         //     "读完了 read_size:{} + prev_bytes.len({}) == content_length {}",
+//                         //     "Finished reading: read_size:{} + prev_bytes.len({}) == content_length {}",
 //                         //     read_size,
 //                         //     prev_bytes.len(),
 //                         //     content_length,
 //                         // );

-//                         // 填充 0？
+//                         // Pad with zeros?
 //                         if !need_padding {
 //                             y.yield_ok(prev_bytes).await;
 //                             break;
@@ -115,7 +115,7 @@
 //     {
 //         let mut bytes_buffer = Vec::new();

-//         // 只执行一次
+//         // Run only once
 //         let mut push_data_bytes = |mut bytes: Bytes| {
 //             // debug!("read from body {} split per {}, prev_bytes: {}", bytes.len(), data_size, prev_bytes.len());

@@ -127,11 +127,11 @@
 //                 return Some(bytes);
 //             }

-//             // 合并上一次数据
+//             // Merge with the previous data
 //             if !prev_bytes.is_empty() {
 //                 let need_size = data_size.wrapping_sub(prev_bytes.len());
 //                 // debug!(
-//                 //     " 上一次有剩余{},从这一次中取{},共：{}",
+//                 //     "Previous leftover {}, take {} now, total: {}",
 //                 //     prev_bytes.len(),
 //                 //     need_size,
 //                 //     prev_bytes.len() + need_size
@@ -143,7 +143,7 @@
 //                     combined.extend_from_slice(&data);

 //                     // debug!(
-//                     //     "取到的长度大于所需，取出需要的长度：{},与上一次合并得到：{}，bytes 剩余：{}",
+//                     //     "Fetched more bytes than needed: {}, merged result {}, remaining bytes {}",
 //                     //     need_size,
 //                     //     combined.len(),
 //                     //     bytes.len(),
@@ -156,7 +156,7 @@
 //                     combined.extend_from_slice(&bytes);

 //                     // debug!(
-//                     //     "取到的长度小于所需，取出需要的长度：{},与上一次合并得到：{}，bytes 剩余：{}，直接返回",
+//                     //     "Fetched fewer bytes than needed: {}, merged result {}, remaining bytes {}, return immediately",
 //                     //     need_size,
 //                     //     combined.len(),
 //                     //     bytes.len(),
@@ -166,29 +166,29 @@
 //                 }
 //             }

-//             // 取到的数据比需要的块大，从 bytes 中截取需要的块大小
+//             // If the fetched data exceeds the chunk, slice the required size
 //             if data_size <= bytes.len() {
 //                 let n = bytes.len() / data_size;

 //                 for _ in 0..n {
 //                     let data = bytes.split_to(data_size);

-//                     // println!("bytes_buffer.push: {}，剩余：{}", data.len(), bytes.len());
+//                     // println!("bytes_buffer.push: {}, remaining: {}", data.len(), bytes.len());
 //                     bytes_buffer.push(data);
 //                 }

 //                 Some(bytes)
 //             } else {
-//                 // 不够
+//                 // Insufficient data
 //                 Some(bytes)
 //             }
 //         };

-//         // 剩余数据
+//         // Remaining data
 //         let remaining_bytes = 'outer: {
-//             // // 如果上一次数据足够，跳出
+//             // // Exit if the previous data was sufficient
 //             // if let Some(remaining_bytes) = push_data_bytes(prev_bytes) {
-//             //     println!("从剩下的取");
+//             //     println!("Consuming leftovers");
 //             //     break 'outer remaining_bytes;
 //             // }

--- a/crates/ecstore/src/client/api_put_object.rs
+++ b/crates/ecstore/src/client/api_put_object.rs
@@ -30,7 +30,8 @@ use s3s::header::{
    X_AMZ_STORAGE_CLASS, X_AMZ_WEBSITE_REDIRECT_LOCATION,
 };
 //use crate::disk::{BufferReader, Reader};
-use crate::checksum::ChecksumMode;
+use crate::client::checksum::ChecksumMode;
+use crate::client::utils::base64_encode;
 use crate::client::{
    api_error_response::{err_entity_too_large, err_invalid_argument},
    api_put_object_common::optimal_part_info,
@@ -41,7 +42,6 @@ use crate::client::{
    transition_api::{ReaderImpl, TransitionClient, UploadInfo},
    utils::{is_amz_header, is_minio_header, is_rustfs_header, is_standard_header, is_storageclass_header},
 };
-use rustfs_utils::crypto::base64_encode;

 #[derive(Debug, Clone)]
 pub struct AdvancedPutOptions {
--- a/crates/ecstore/src/client/api_put_object_multipart.rs
+++ b/crates/ecstore/src/client/api_put_object_multipart.rs
@@ -25,7 +25,8 @@ use time::OffsetDateTime;
 use tracing::warn;
 use uuid::Uuid;

-use crate::checksum::ChecksumMode;
+use crate::client::checksum::ChecksumMode;
+use crate::client::utils::base64_encode;
 use crate::client::{
    api_error_response::{
        err_entity_too_large, err_entity_too_small, err_invalid_argument, http_resp_to_error_response, to_error_response,
@@ -38,7 +39,7 @@ use crate::client::{
    constants::{ISO8601_DATEFORMAT, MAX_PART_SIZE, MAX_SINGLE_PUT_OBJECT_SIZE},
    transition_api::{ReaderImpl, RequestMetadata, TransitionClient, UploadInfo},
 };
-use rustfs_utils::{crypto::base64_encode, path::trim_etag};
+use rustfs_utils::path::trim_etag;
 use s3s::header::{X_AMZ_EXPIRATION, X_AMZ_VERSION_ID};

 impl TransitionClient {
--- a/crates/ecstore/src/client/api_put_object_streaming.rs
+++ b/crates/ecstore/src/client/api_put_object_streaming.rs
@@ -29,7 +29,7 @@ use tokio_util::sync::CancellationToken;
 use tracing::warn;
 use uuid::Uuid;

-use crate::checksum::{ChecksumMode, add_auto_checksum_headers, apply_auto_checksum};
+use crate::client::checksum::{ChecksumMode, add_auto_checksum_headers, apply_auto_checksum};
 use crate::client::{
    api_error_response::{err_invalid_argument, err_unexpected_eof, http_resp_to_error_response},
    api_put_object::PutObjectOptions,
@@ -40,7 +40,8 @@ use crate::client::{
    transition_api::{ReaderImpl, RequestMetadata, TransitionClient, UploadInfo},
 };

-use rustfs_utils::{crypto::base64_encode, path::trim_etag};
+use crate::client::utils::base64_encode;
+use rustfs_utils::path::trim_etag;
 use s3s::header::{X_AMZ_EXPIRATION, X_AMZ_VERSION_ID};

 pub struct UploadedPartRes {
--- a/crates/ecstore/src/client/api_remove.rs
+++ b/crates/ecstore/src/client/api_remove.rs
@@ -20,7 +20,7 @@

 use bytes::Bytes;
 use http::{HeaderMap, HeaderValue, Method, StatusCode};
-use rustfs_utils::{HashAlgorithm, crypto::base64_encode};
+use rustfs_utils::HashAlgorithm;
 use s3s::S3ErrorCode;
 use s3s::dto::ReplicationStatus;
 use s3s::header::X_AMZ_BYPASS_GOVERNANCE_RETENTION;
@@ -29,6 +29,7 @@ use std::{collections::HashMap, sync::Arc};
 use time::OffsetDateTime;
 use tokio::sync::mpsc::{self, Receiver, Sender};

+use crate::client::utils::base64_encode;
 use crate::client::{
    api_error_response::{ErrorResponse, http_resp_to_error_response, to_error_response},
    transition_api::{ReaderImpl, RequestMetadata, TransitionClient},
--- a/crates/ecstore/src/client/api_restore.rs
+++ b/crates/ecstore/src/client/api_restore.rs
@@ -18,28 +18,23 @@
 #![allow(unused_must_use)]
 #![allow(clippy::all)]

-use bytes::Bytes;
-use http::HeaderMap;
-use std::collections::HashMap;
-use std::io::Cursor;
-use tokio::io::BufReader;
-
 use crate::client::{
    api_error_response::{err_invalid_argument, http_resp_to_error_response},
    api_get_object_acl::AccessControlList,
    api_get_options::GetObjectOptions,
    transition_api::{ObjectInfo, ReadCloser, ReaderImpl, RequestMetadata, TransitionClient, to_object_info},
 };
+use bytes::Bytes;
+use http::HeaderMap;
+use s3s::dto::RestoreRequest;
+use std::collections::HashMap;
+use std::io::Cursor;
+use tokio::io::BufReader;

 const TIER_STANDARD: &str = "Standard";
 const TIER_BULK: &str = "Bulk";
 const TIER_EXPEDITED: &str = "Expedited";

-#[derive(Debug, Default, serde::Serialize)]
-pub struct GlacierJobParameters {
-    pub tier: String,
-}
-
 #[derive(Debug, Default, serde::Serialize, serde::Deserialize)]
 pub struct Encryption {
    pub encryption_type: String,
@@ -65,58 +60,6 @@ pub struct S3 {
    pub user_metadata: MetadataEntry,
 }

-#[derive(Debug, Default, serde::Serialize)]
-pub struct SelectParameters {
-    pub expression_type: String,
-    pub expression: String,
-    //input_serialization:  SelectObjectInputSerialization,
-    //output_serialization: SelectObjectOutputSerialization,
-}
-
-#[derive(Debug, Default, serde::Serialize)]
-pub struct OutputLocation(pub S3);
-
-#[derive(Debug, Default, serde::Serialize)]
-pub struct RestoreRequest {
-    pub restore_type: String,
-    pub tier: String,
-    pub days: i64,
-    pub glacier_job_parameters: GlacierJobParameters,
-    pub description: String,
-    pub select_parameters: SelectParameters,
-    pub output_location: OutputLocation,
-}
-
-impl RestoreRequest {
-    fn set_days(&mut self, v: i64) {
-        self.days = v;
-    }
-
-    fn set_glacier_job_parameters(&mut self, v: GlacierJobParameters) {
-        self.glacier_job_parameters = v;
-    }
-
-    fn set_type(&mut self, v: &str) {
-        self.restore_type = v.to_string();
-    }
-
-    fn set_tier(&mut self, v: &str) {
-        self.tier = v.to_string();
-    }
-
-    fn set_description(&mut self, v: &str) {
-        self.description = v.to_string();
-    }
-
-    fn set_select_parameters(&mut self, v: SelectParameters) {
-        self.select_parameters = v;
-    }
-
-    fn set_output_location(&mut self, v: OutputLocation) {
-        self.output_location = v;
-    }
-}
-
 impl TransitionClient {
    pub async fn restore_object(
        &self,
@@ -125,12 +68,13 @@ impl TransitionClient {
        version_id: &str,
        restore_req: &RestoreRequest,
    ) -> Result<(), std::io::Error> {
-        let restore_request = match quick_xml::se::to_string(restore_req) {
+        /*let restore_request = match quick_xml::se::to_string(restore_req) {
            Ok(buf) => buf,
            Err(e) => {
                return Err(std::io::Error::other(e));
            }
-        };
+        };*/
+        let restore_request = "".to_string();
        let restore_request_bytes = restore_request.as_bytes().to_vec();

        let mut url_values = HashMap::new();
--- a/crates/ecstore/src/client/api_s3_datatypes.rs
+++ b/crates/ecstore/src/client/api_s3_datatypes.rs
@@ -23,9 +23,9 @@ use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use time::OffsetDateTime;

-use crate::checksum::ChecksumMode;
+use crate::client::checksum::ChecksumMode;
 use crate::client::transition_api::ObjectMultipartInfo;
-use rustfs_utils::crypto::base64_decode;
+use crate::client::utils::base64_decode;

 use super::transition_api;

--- a/crates/ecstore/src/client/bucket_cache.rs
+++ b/crates/ecstore/src/client/bucket_cache.rs
@@ -27,7 +27,7 @@ use tracing::{debug, error, info};

 use crate::client::{
    api_error_response::{http_resp_to_error_response, to_error_response},
-    transition_api::{Document, TransitionClient},
+    transition_api::{CreateBucketConfiguration, LocationConstraint, TransitionClient},
 };
 use rustfs_utils::hash::EMPTY_STRING_SHA256_HASH;
 use s3s::Body;
@@ -82,7 +82,7 @@ impl TransitionClient {
        let req = self.get_bucket_location_request(bucket_name)?;

        let mut resp = self.doit(req).await?;
-        location = process_bucket_location_response(resp, bucket_name).await?;
+        location = process_bucket_location_response(resp, bucket_name, &self.tier_type).await?;
        {
            let mut bucket_loc_cache = self.bucket_loc_cache.lock().unwrap();
            bucket_loc_cache.set(bucket_name, &location);
@@ -175,7 +175,11 @@ impl TransitionClient {
    }
 }

-async fn process_bucket_location_response(mut resp: http::Response<Body>, bucket_name: &str) -> Result<String, std::io::Error> {
+async fn process_bucket_location_response(
+    mut resp: http::Response<Body>,
+    bucket_name: &str,
+    tier_type: &str,
+) -> Result<String, std::io::Error> {
    //if resp != nil {
    if resp.status() != StatusCode::OK {
        let err_resp = http_resp_to_error_response(&resp, vec![], bucket_name, "");
@@ -209,9 +213,17 @@ async fn process_bucket_location_response(mut resp: http::Response<Body>, bucket
    //}

    let b = resp.body_mut().store_all_unlimited().await.unwrap().to_vec();
-    let Document(location_constraint) = quick_xml::de::from_str::<Document>(&String::from_utf8(b).unwrap()).unwrap();
+    let mut location = "".to_string();
+    if tier_type == "huaweicloud" {
+        let d = quick_xml::de::from_str::<CreateBucketConfiguration>(&String::from_utf8(b).unwrap()).unwrap();
+        location = d.location_constraint;
+    } else {
+        if let Ok(LocationConstraint { field }) = quick_xml::de::from_str::<LocationConstraint>(&String::from_utf8(b).unwrap()) {
+            location = field;
+        }
+    }
+    //debug!("location: {}", location);

-    let mut location = location_constraint;
    if location == "" {
        location = "us-east-1".to_string();
    }
--- a/crates/ecstore/src/client/checksum.rs
+++ b/crates/ecstore/src/client/checksum.rs
@@ -0,0 +1,351 @@
+#![allow(clippy::map_entry)]
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use lazy_static::lazy_static;
+use rustfs_checksums::ChecksumAlgorithm;
+use std::collections::HashMap;
+
+use crate::client::utils::base64_decode;
+use crate::client::utils::base64_encode;
+use crate::client::{api_put_object::PutObjectOptions, api_s3_datatypes::ObjectPart};
+use crate::{disk::DiskAPI, store_api::GetObjectReader};
+use s3s::header::{
+    X_AMZ_CHECKSUM_ALGORITHM, X_AMZ_CHECKSUM_CRC32, X_AMZ_CHECKSUM_CRC32C, X_AMZ_CHECKSUM_SHA1, X_AMZ_CHECKSUM_SHA256,
+};
+
+use enumset::{EnumSet, EnumSetType, enum_set};
+
+#[derive(Debug, EnumSetType, Default)]
+#[enumset(repr = "u8")]
+pub enum ChecksumMode {
+    #[default]
+    ChecksumNone,
+    ChecksumSHA256,
+    ChecksumSHA1,
+    ChecksumCRC32,
+    ChecksumCRC32C,
+    ChecksumCRC64NVME,
+    ChecksumFullObject,
+}
+
+lazy_static! {
+    static ref C_ChecksumMask: EnumSet<ChecksumMode> = {
+        let mut s = EnumSet::all();
+        s.remove(ChecksumMode::ChecksumFullObject);
+        s
+    };
+    static ref C_ChecksumFullObjectCRC32: EnumSet<ChecksumMode> =
+        enum_set!(ChecksumMode::ChecksumCRC32 | ChecksumMode::ChecksumFullObject);
+    static ref C_ChecksumFullObjectCRC32C: EnumSet<ChecksumMode> =
+        enum_set!(ChecksumMode::ChecksumCRC32C | ChecksumMode::ChecksumFullObject);
+}
+const AMZ_CHECKSUM_CRC64NVME: &str = "x-amz-checksum-crc64nvme";
+
+impl ChecksumMode {
+    //pub const CRC64_NVME_POLYNOMIAL: i64 = 0xad93d23594c93659;
+
+    pub fn base(&self) -> ChecksumMode {
+        let s = EnumSet::from(*self).intersection(*C_ChecksumMask);
+        match s.as_u8() {
+            1_u8 => ChecksumMode::ChecksumNone,
+            2_u8 => ChecksumMode::ChecksumSHA256,
+            4_u8 => ChecksumMode::ChecksumSHA1,
+            8_u8 => ChecksumMode::ChecksumCRC32,
+            16_u8 => ChecksumMode::ChecksumCRC32C,
+            32_u8 => ChecksumMode::ChecksumCRC64NVME,
+            _ => panic!("enum err."),
+        }
+    }
+
+    pub fn is(&self, t: ChecksumMode) -> bool {
+        *self & t == t
+    }
+
+    pub fn key(&self) -> String {
+        //match c & checksumMask {
+        match self {
+            ChecksumMode::ChecksumCRC32 => {
+                return X_AMZ_CHECKSUM_CRC32.to_string();
+            }
+            ChecksumMode::ChecksumCRC32C => {
+                return X_AMZ_CHECKSUM_CRC32C.to_string();
+            }
+            ChecksumMode::ChecksumSHA1 => {
+                return X_AMZ_CHECKSUM_SHA1.to_string();
+            }
+            ChecksumMode::ChecksumSHA256 => {
+                return X_AMZ_CHECKSUM_SHA256.to_string();
+            }
+            ChecksumMode::ChecksumCRC64NVME => {
+                return AMZ_CHECKSUM_CRC64NVME.to_string();
+            }
+            _ => {
+                return "".to_string();
+            }
+        }
+    }
+
+    pub fn can_composite(&self) -> bool {
+        let s = EnumSet::from(*self).intersection(*C_ChecksumMask);
+        match s.as_u8() {
+            2_u8 => true,
+            4_u8 => true,
+            8_u8 => true,
+            16_u8 => true,
+            _ => false,
+        }
+    }
+
+    pub fn can_merge_crc(&self) -> bool {
+        let s = EnumSet::from(*self).intersection(*C_ChecksumMask);
+        match s.as_u8() {
+            8_u8 => true,
+            16_u8 => true,
+            32_u8 => true,
+            _ => false,
+        }
+    }
+
+    pub fn full_object_requested(&self) -> bool {
+        let s = EnumSet::from(*self).intersection(*C_ChecksumMask);
+        match s.as_u8() {
+            //C_ChecksumFullObjectCRC32 as u8 => true,
+            //C_ChecksumFullObjectCRC32C as u8 => true,
+            32_u8 => true,
+            _ => false,
+        }
+    }
+
+    pub fn key_capitalized(&self) -> String {
+        self.key()
+    }
+
+    pub fn raw_byte_len(&self) -> usize {
+        let u = EnumSet::from(*self).intersection(*C_ChecksumMask).as_u8();
+        if u == ChecksumMode::ChecksumCRC32 as u8 || u == ChecksumMode::ChecksumCRC32C as u8 {
+            4
+        } else if u == ChecksumMode::ChecksumSHA1 as u8 {
+            use sha1::Digest;
+            sha1::Sha1::output_size() as usize
+        } else if u == ChecksumMode::ChecksumSHA256 as u8 {
+            use sha2::Digest;
+            sha2::Sha256::output_size() as usize
+        } else if u == ChecksumMode::ChecksumCRC64NVME as u8 {
+            8
+        } else {
+            0
+        }
+    }
+
+    pub fn hasher(&self) -> Result<Box<dyn rustfs_checksums::http::HttpChecksum>, std::io::Error> {
+        match /*C_ChecksumMask & **/self {
+            ChecksumMode::ChecksumCRC32 => {
+                return Ok(ChecksumAlgorithm::Crc32.into_impl());
+            }
+            ChecksumMode::ChecksumCRC32C => {
+                return Ok(ChecksumAlgorithm::Crc32c.into_impl());
+            }
+            ChecksumMode::ChecksumSHA1 => {
+                return Ok(ChecksumAlgorithm::Sha1.into_impl());
+            }
+            ChecksumMode::ChecksumSHA256 => {
+                return Ok(ChecksumAlgorithm::Sha256.into_impl());
+            }
+            ChecksumMode::ChecksumCRC64NVME => {
+                return Ok(ChecksumAlgorithm::Crc64Nvme.into_impl());
+            }
+            _ => return Err(std::io::Error::other("unsupported checksum type")),
+        }
+    }
+
+    pub fn is_set(&self) -> bool {
+        let s = EnumSet::from(*self).intersection(*C_ChecksumMask);
+        s.len() == 1
+    }
+
+    pub fn set_default(&mut self, t: ChecksumMode) {
+        if !self.is_set() {
+            *self = t;
+        }
+    }
+
+    pub fn encode_to_string(&self, b: &[u8]) -> Result<String, std::io::Error> {
+        if !self.is_set() {
+            return Ok("".to_string());
+        }
+        let mut h = self.hasher()?;
+        h.update(b);
+        let hash = h.finalize();
+        Ok(base64_encode(hash.as_ref()))
+    }
+
+    pub fn to_string(&self) -> String {
+        //match c & checksumMask {
+        match self {
+            ChecksumMode::ChecksumCRC32 => {
+                return "CRC32".to_string();
+            }
+            ChecksumMode::ChecksumCRC32C => {
+                return "CRC32C".to_string();
+            }
+            ChecksumMode::ChecksumSHA1 => {
+                return "SHA1".to_string();
+            }
+            ChecksumMode::ChecksumSHA256 => {
+                return "SHA256".to_string();
+            }
+            ChecksumMode::ChecksumNone => {
+                return "".to_string();
+            }
+            ChecksumMode::ChecksumCRC64NVME => {
+                return "CRC64NVME".to_string();
+            }
+            _ => {
+                return "<invalid>".to_string();
+            }
+        }
+    }
+
+    // pub fn check_sum_reader(&self, r: GetObjectReader) -> Result<Checksum, std::io::Error> {
+    //     let mut h = self.hasher()?;
+    //     Ok(Checksum::new(self.clone(), h.sum().as_bytes()))
+    // }
+
+    // pub fn check_sum_bytes(&self, b: &[u8]) -> Result<Checksum, std::io::Error> {
+    //     let mut h = self.hasher()?;
+    //     Ok(Checksum::new(self.clone(), h.sum().as_bytes()))
+    // }
+
+    pub fn composite_checksum(&self, p: &mut [ObjectPart]) -> Result<Checksum, std::io::Error> {
+        if !self.can_composite() {
+            return Err(std::io::Error::other("cannot do composite checksum"));
+        }
+        p.sort_by(|i, j| {
+            if i.part_num < j.part_num {
+                std::cmp::Ordering::Less
+            } else if i.part_num > j.part_num {
+                std::cmp::Ordering::Greater
+            } else {
+                std::cmp::Ordering::Equal
+            }
+        });
+        let c = self.base();
+        let crc_bytes = Vec::<u8>::with_capacity(p.len() * self.raw_byte_len() as usize);
+        let mut h = self.hasher()?;
+        h.update(crc_bytes.as_ref());
+        let hash = h.finalize();
+        Ok(Checksum {
+            checksum_type: self.clone(),
+            r: hash.as_ref().to_vec(),
+            computed: false,
+        })
+    }
+
+    pub fn full_object_checksum(&self, p: &mut [ObjectPart]) -> Result<Checksum, std::io::Error> {
+        todo!();
+    }
+}
+
+#[derive(Default)]
+pub struct Checksum {
+    checksum_type: ChecksumMode,
+    r: Vec<u8>,
+    computed: bool,
+}
+
+#[allow(dead_code)]
+impl Checksum {
+    fn new(t: ChecksumMode, b: &[u8]) -> Checksum {
+        if t.is_set() && b.len() == t.raw_byte_len() {
+            return Checksum {
+                checksum_type: t,
+                r: b.to_vec(),
+                computed: false,
+            };
+        }
+        Checksum::default()
+    }
+
+    #[allow(dead_code)]
+    fn new_checksum_string(t: ChecksumMode, s: &str) -> Result<Checksum, std::io::Error> {
+        let b = match base64_decode(s.as_bytes()) {
+            Ok(b) => b,
+            Err(err) => return Err(std::io::Error::other(err.to_string())),
+        };
+        if t.is_set() && b.len() == t.raw_byte_len() {
+            return Ok(Checksum {
+                checksum_type: t,
+                r: b,
+                computed: false,
+            });
+        }
+        Ok(Checksum::default())
+    }
+
+    fn is_set(&self) -> bool {
+        self.checksum_type.is_set() && self.r.len() == self.checksum_type.raw_byte_len()
+    }
+
+    fn encoded(&self) -> String {
+        if !self.is_set() {
+            return "".to_string();
+        }
+        base64_encode(&self.r)
+    }
+
+    #[allow(dead_code)]
+    fn raw(&self) -> Option<Vec<u8>> {
+        if !self.is_set() {
+            return None;
+        }
+        Some(self.r.clone())
+    }
+}
+
+pub fn add_auto_checksum_headers(opts: &mut PutObjectOptions) {
+    opts.user_metadata
+        .insert("X-Amz-Checksum-Algorithm".to_string(), opts.auto_checksum.to_string());
+    if opts.auto_checksum.full_object_requested() {
+        opts.user_metadata
+            .insert("X-Amz-Checksum-Type".to_string(), "FULL_OBJECT".to_string());
+    }
+}
+
+pub fn apply_auto_checksum(opts: &mut PutObjectOptions, all_parts: &mut [ObjectPart]) -> Result<(), std::io::Error> {
+    if opts.auto_checksum.can_composite() && !opts.auto_checksum.is(ChecksumMode::ChecksumFullObject) {
+        let crc = opts.auto_checksum.composite_checksum(all_parts)?;
+        opts.user_metadata = {
+            let mut hm = HashMap::new();
+            hm.insert(opts.auto_checksum.key(), crc.encoded());
+            hm
+        }
+    } else if opts.auto_checksum.can_merge_crc() {
+        let crc = opts.auto_checksum.full_object_checksum(all_parts)?;
+        opts.user_metadata = {
+            let mut hm = HashMap::new();
+            hm.insert(opts.auto_checksum.key_capitalized(), crc.encoded());
+            hm.insert("X-Amz-Checksum-Type".to_string(), "FULL_OBJECT".to_string());
+            hm
+        }
+    }
+
+    Ok(())
+}
--- a/crates/ecstore/src/client/mod.rs
+++ b/crates/ecstore/src/client/mod.rs
@@ -30,6 +30,7 @@ pub mod api_restore;
 pub mod api_s3_datatypes;
 pub mod api_stat;
 pub mod bucket_cache;
+pub mod checksum;
 pub mod constants;
 pub mod credentials;
 pub mod object_api_utils;
--- a/crates/ecstore/src/client/object_api_utils.rs
+++ b/crates/ecstore/src/client/object_api_utils.rs
@@ -21,6 +21,7 @@

 use http::HeaderMap;
 use s3s::dto::ETag;
+use std::pin::Pin;
 use std::{collections::HashMap, io::Cursor, sync::Arc};
 use tokio::io::BufReader;

@@ -54,7 +55,7 @@ impl PutObjReader {
    }
 }

-pub type ObjReaderFn = Arc<dyn Fn(BufReader<Cursor<Vec<u8>>>, HeaderMap) -> GetObjectReader + 'static>;
+pub type ObjReaderFn<'a> = Arc<dyn Fn(BufReader<Cursor<Vec<u8>>>, HeaderMap) -> GetObjectReader + Send + Sync + 'a>;

 fn part_number_to_rangespec(oi: ObjectInfo, part_number: usize) -> Option<HTTPRangeSpec> {
    if oi.size == 0 || oi.parts.len() == 0 {
@@ -108,19 +109,24 @@ fn get_compressed_offsets(oi: ObjectInfo, offset: i64) -> (i64, i64, i64, i64, u
    (compressed_offset, part_skip, first_part_idx, decrypt_skip, seq_num)
 }

-pub fn new_getobjectreader(
-    rs: HTTPRangeSpec,
-    oi: &ObjectInfo,
+pub fn new_getobjectreader<'a>(
+    rs: &Option<HTTPRangeSpec>,
+    oi: &'a ObjectInfo,
    opts: &ObjectOptions,
-    h: &HeaderMap,
-) -> Result<(ObjReaderFn, i64, i64), ErrorResponse> {
+    _h: &HeaderMap,
+) -> Result<(ObjReaderFn<'a>, i64, i64), ErrorResponse> {
    //let (_, mut is_encrypted) = crypto.is_encrypted(oi.user_defined)?;
    let mut is_encrypted = false;
    let is_compressed = false; //oi.is_compressed_ok();

+    let mut rs_ = None;
+    if rs.is_none() && opts.part_number.is_some() && opts.part_number.unwrap() > 0 {
+        rs_ = part_number_to_rangespec(oi.clone(), opts.part_number.unwrap());
+    }
+
    let mut get_fn: ObjReaderFn;

-    let (off, length) = match rs.get_offset_length(oi.size) {
+    let (off, length) = match rs_.unwrap().get_offset_length(oi.size) {
        Ok(x) => x,
        Err(err) => {
            return Err(ErrorResponse {
@@ -136,12 +142,11 @@ pub fn new_getobjectreader(
    };
    get_fn = Arc::new(move |input_reader: BufReader<Cursor<Vec<u8>>>, _: HeaderMap| {
        //Box::pin({
-        /*let r = GetObjectReader {
+        let r = GetObjectReader {
            object_info: oi.clone(),
-            stream: StreamingBlob::new(HashReader::new(input_reader, 10, None, None, 10)),
+            stream: Box::new(input_reader),
        };
-        r*/
-        todo!();
+        r
        //})
    });

--- a/crates/ecstore/src/client/transition_api.rs
+++ b/crates/ecstore/src/client/transition_api.rs
@@ -44,7 +44,7 @@ use std::{
 use time::Duration;
 use time::OffsetDateTime;
 use tokio::io::BufReader;
-use tracing::{debug, error};
+use tracing::{debug, error, warn};
 use url::{Url, form_urlencoded};
 use uuid::Uuid;

@@ -61,7 +61,7 @@ use crate::client::{
    constants::{UNSIGNED_PAYLOAD, UNSIGNED_PAYLOAD_TRAILER},
    credentials::{CredContext, Credentials, SignatureType, Static},
 };
-use crate::{checksum::ChecksumMode, store_api::GetObjectReader};
+use crate::{client::checksum::ChecksumMode, store_api::GetObjectReader};
 use rustfs_rio::HashReader;
 use rustfs_utils::{
    net::get_endpoint_url,
@@ -109,6 +109,7 @@ pub struct TransitionClient {
    pub health_status: AtomicI32,
    pub trailing_header_support: bool,
    pub max_retries: i64,
+    pub tier_type: String,
 }

 #[derive(Debug, Default)]
@@ -132,13 +133,13 @@ pub enum BucketLookupType {
 }

 impl TransitionClient {
-    pub async fn new(endpoint: &str, opts: Options) -> Result<TransitionClient, std::io::Error> {
-        let clnt = Self::private_new(endpoint, opts).await?;
+    pub async fn new(endpoint: &str, opts: Options, tier_type: &str) -> Result<TransitionClient, std::io::Error> {
+        let clnt = Self::private_new(endpoint, opts, tier_type).await?;

        Ok(clnt)
    }

-    async fn private_new(endpoint: &str, opts: Options) -> Result<TransitionClient, std::io::Error> {
+    async fn private_new(endpoint: &str, opts: Options, tier_type: &str) -> Result<TransitionClient, std::io::Error> {
        let endpoint_url = get_endpoint_url(endpoint, opts.secure)?;

        //#[cfg(feature = "ring")]
@@ -175,6 +176,7 @@ impl TransitionClient {
            health_status: AtomicI32::new(C_UNKNOWN),
            trailing_header_support: opts.trailing_headers,
            max_retries: opts.max_retries,
+            tier_type: tier_type.to_string(),
        };

        {
@@ -283,11 +285,14 @@ impl TransitionClient {
        let mut resp = resp.unwrap();
        debug!("http_resp: {:?}", resp);

+        //let b = resp.body_mut().store_all_unlimited().await.unwrap().to_vec();
+        //debug!("http_resp_body: {}", String::from_utf8(b).unwrap());
+
        //if self.is_trace_enabled && !(self.trace_errors_only && resp.status() == StatusCode::OK) {
        if resp.status() != StatusCode::OK {
            //self.dump_http(&cloned_req, &resp)?;
            let b = resp.body_mut().store_all_unlimited().await.unwrap().to_vec();
-            debug!("err_body: {}", String::from_utf8(b).unwrap());
+            warn!("err_body: {}", String::from_utf8(b).unwrap());
        }

        Ok(resp)
@@ -330,7 +335,8 @@ impl TransitionClient {
            }

            let b = resp.body_mut().store_all_unlimited().await.unwrap().to_vec();
-            let err_response = http_resp_to_error_response(&resp, b.clone(), &metadata.bucket_name, &metadata.object_name);
+            let mut err_response = http_resp_to_error_response(&resp, b.clone(), &metadata.bucket_name, &metadata.object_name);
+            err_response.message = format!("remote tier error: {}", err_response.message);

            if self.region == "" {
                match err_response.code {
@@ -380,9 +386,9 @@ impl TransitionClient {
        method: &http::Method,
        metadata: &mut RequestMetadata,
    ) -> Result<http::Request<Body>, std::io::Error> {
-        let location = metadata.bucket_location.clone();
+        let mut location = metadata.bucket_location.clone();
        if location == "" && metadata.bucket_name != "" {
-            let location = self.get_bucket_location(&metadata.bucket_name).await?;
+            location = self.get_bucket_location(&metadata.bucket_name).await?;
        }

        let is_makebucket = metadata.object_name == "" && method == http::Method::PUT && metadata.query_values.len() == 0;
@@ -624,7 +630,7 @@ pub struct TransitionCore(pub Arc<TransitionClient>);

 impl TransitionCore {
    pub async fn new(endpoint: &str, opts: Options) -> Result<Self, std::io::Error> {
-        let client = TransitionClient::new(endpoint, opts).await?;
+        let client = TransitionClient::new(endpoint, opts, "").await?;
        Ok(Self(Arc::new(client)))
    }

@@ -997,4 +1003,13 @@ impl tower::Service<Request<Body>> for SendRequest {
 }

 #[derive(Serialize, Deserialize)]
-pub struct Document(pub String);
+pub struct LocationConstraint {
+    #[serde(rename = "$value")]
+    pub field: String,
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct CreateBucketConfiguration {
+    #[serde(rename = "LocationConstraint")]
+    pub location_constraint: String,
+}
--- a/crates/ecstore/src/client/utils.rs
+++ b/crates/ecstore/src/client/utils.rs
@@ -90,3 +90,11 @@ pub fn is_rustfs_header(header_key: &str) -> bool {
 pub fn is_minio_header(header_key: &str) -> bool {
    header_key.to_lowercase().starts_with("x-minio-")
 }
+
+pub fn base64_encode(input: &[u8]) -> String {
+    base64_simd::URL_SAFE_NO_PAD.encode_to_string(input)
+}
+
+pub fn base64_decode(input: &[u8]) -> Result<Vec<u8>, base64_simd::Error> {
+    base64_simd::URL_SAFE_NO_PAD.decode_to_vec(input)
+}
--- a/crates/ecstore/src/config/mod.rs
+++ b/crates/ecstore/src/config/mod.rs
@@ -40,7 +40,6 @@ pub const ENV_ACCESS_KEY: &str = "RUSTFS_ACCESS_KEY";
 pub const ENV_SECRET_KEY: &str = "RUSTFS_SECRET_KEY";
 pub const ENV_ROOT_USER: &str = "RUSTFS_ROOT_USER";
 pub const ENV_ROOT_PASSWORD: &str = "RUSTFS_ROOT_PASSWORD";
-
 pub static RUSTFS_CONFIG_PREFIX: &str = "config";

 pub struct ConfigSys {}
--- a/crates/ecstore/src/disk/error_reduce.rs
+++ b/crates/ecstore/src/disk/error_reduce.rs
@@ -49,12 +49,12 @@ pub fn reduce_quorum_errs(errors: &[Option<Error>], ignored_errs: &[Error], quor
 pub fn reduce_errs(errors: &[Option<Error>], ignored_errs: &[Error]) -> (usize, Option<Error>) {
    let nil_error = Error::other("nil".to_string());

-    // 首先统计 None 的数量（作为 nil 错误）
+    // First count the number of None values (treated as nil errors)
    let nil_count = errors.iter().filter(|e| e.is_none()).count();

    let err_counts = errors
        .iter()
-        .filter_map(|e| e.as_ref()) // 只处理 Some 的错误
+        .filter_map(|e| e.as_ref()) // Only process errors stored in Some
        .fold(std::collections::HashMap::new(), |mut acc, e| {
            if is_ignored_err(ignored_errs, e) {
                return acc;
@@ -63,13 +63,13 @@ pub fn reduce_errs(errors: &[Option<Error>], ignored_errs: &[Error]) -> (usize,
            acc
        });

-    // 找到最高频率的非 nil 错误
+    // Find the most frequent non-nil error
    let (best_err, best_count) = err_counts
        .into_iter()
        .max_by(|(_, c1), (_, c2)| c1.cmp(c2))
        .unwrap_or((nil_error.clone(), 0));

-    // 比较 nil 错误和最高频率的非 nil 错误, 优先选择 nil 错误
+    // Compare nil errors with the top non-nil error and prefer the nil error
    if nil_count > best_count || (nil_count == best_count && nil_count > 0) {
        (nil_count, None)
    } else {
--- a/crates/ecstore/src/disk/local.rs
+++ b/crates/ecstore/src/disk/local.rs
@@ -319,8 +319,8 @@ impl LocalDisk {
        }

        if cfg!(target_os = "windows") {
-            // 在 Windows 上，卷名不应该包含保留字符。
-            // 这个正则表达式匹配了不允许的字符。
+            // Windows volume names must not include reserved characters.
+            // This regular expression matches disallowed characters.
            if volname.contains('|')
                || volname.contains('<')
                || volname.contains('>')
@@ -333,7 +333,7 @@ impl LocalDisk {
                return false;
            }
        } else {
-            // 对于非 Windows 系统，可能需要其他的验证逻辑。
+            // Non-Windows systems may require additional validation rules.
        }

        true
@@ -563,7 +563,7 @@ impl LocalDisk {

        // return Ok(());

-        // TODO: 异步通知 检测硬盘空间 清空回收站
+        // TODO: async notifications for disk space checks and trash cleanup

        let trash_path = self.get_object_path(super::RUSTFS_META_TMP_DELETED_BUCKET, Uuid::new_v4().to_string().as_str())?;
        // if let Some(parent) = trash_path.parent() {
@@ -846,13 +846,13 @@ impl LocalDisk {
            }
        }

-        // 没有版本了，删除 xl.meta
+        // Remove xl.meta when no versions remain
        if fm.versions.is_empty() {
            self.delete_file(&volume_dir, &xlpath, true, false).await?;
            return Ok(());
        }

-        // 更新 xl.meta
+        // Update xl.meta
        let buf = fm.marshal_msg()?;

        let volume_dir = self.get_bucket_path(volume)?;
@@ -984,7 +984,8 @@ impl LocalDisk {
    #[async_recursion::async_recursion]
    async fn scan_dir<W>(
        &self,
-        current: &mut String,
+        mut current: String,
+        mut prefix: String,
        opts: &WalkDirOptions,
        out: &mut MetacacheWriter<W>,
        objs_returned: &mut i32,
@@ -1022,14 +1023,16 @@ impl LocalDisk {
            return Ok(());
        }

-        let mut entries = match self.list_dir("", &opts.bucket, current, -1).await {
+        // TODO: add lock
+
+        let mut entries = match self.list_dir("", &opts.bucket, &current, -1).await {
            Ok(res) => res,
            Err(e) => {
                if e != DiskError::VolumeNotFound && e != Error::FileNotFound {
-                    debug!("scan list_dir {}, err {:?}", &current, &e);
+                    error!("scan list_dir {}, err {:?}", &current, &e);
                }

-                if opts.report_notfound && e == Error::FileNotFound && current == &opts.base_dir {
+                if opts.report_notfound && e == Error::FileNotFound && current == opts.base_dir {
                    return Err(DiskError::FileNotFound);
                }

@@ -1041,14 +1044,13 @@ impl LocalDisk {
            return Ok(());
        }

-        let s = SLASH_SEPARATOR.chars().next().unwrap_or_default();
-        *current = current.trim_matches(s).to_owned();
+        current = current.trim_matches('/').to_owned();

        let bucket = opts.bucket.as_str();

        let mut dir_objes = HashSet::new();

-        // 第一层过滤
+        // First-level filtering
        for item in entries.iter_mut() {
            let entry = item.clone();
            // check limit
@@ -1056,11 +1058,9 @@ impl LocalDisk {
                return Ok(());
            }
            // check prefix
-            if let Some(filter_prefix) = &opts.filter_prefix {
-                if !entry.starts_with(filter_prefix) {
-                    *item = "".to_owned();
-                    continue;
-                }
+            if !prefix.is_empty() && !entry.starts_with(prefix.as_str()) {
+                *item = "".to_owned();
+                continue;
            }

            if let Some(forward) = &forward {
@@ -1085,46 +1085,55 @@ impl LocalDisk {
            *item = "".to_owned();

            if entry.ends_with(STORAGE_FORMAT_FILE) {
-                //
-                let metadata = self
+                let metadata = match self
                    .read_metadata(self.get_object_path(bucket, format!("{}/{}", &current, &entry).as_str())?)
-                    .await?;
+                    .await
+                {
+                    Ok(res) => res,
+                    Err(err) => {
+                        warn!("scan dir read_metadata error, continue {:?}", err);
+                        continue;
+                    }
+                };

-                // 用 strip_suffix 只删除一次
                let entry = entry.strip_suffix(STORAGE_FORMAT_FILE).unwrap_or_default().to_owned();
                let name = entry.trim_end_matches(SLASH_SEPARATOR);
                let name = decode_dir_object(format!("{}/{}", &current, &name).as_str());

+                // if opts.limit > 0
+                //     && let Ok(meta) = FileMeta::load(&metadata)
+                //     && !meta.all_hidden(true)
+                // {
+                *objs_returned += 1;
+                // }
+
                out.write_obj(&MetaCacheEntry {
                    name: name.clone(),
                    metadata,
                    ..Default::default()
                })
                .await?;
-                *objs_returned += 1;

-                // warn!("scan list_dir {}, write_obj done, name: {:?}", &current, &name);
                return Ok(());
            }
        }

        entries.sort();

-        let mut entries = entries.as_slice();
        if let Some(forward) = &forward {
            for (i, entry) in entries.iter().enumerate() {
                if entry >= forward || forward.starts_with(entry.as_str()) {
-                    entries = &entries[i..];
+                    entries.drain(..i);
                    break;
                }
            }
        }

        let mut dir_stack: Vec<String> = Vec::with_capacity(5);
+        prefix = "".to_owned();

        for entry in entries.iter() {
            if opts.limit > 0 && *objs_returned >= opts.limit {
-                // warn!("scan list_dir {}, limit reached 2", &current);
                return Ok(());
            }

@@ -1132,7 +1141,7 @@ impl LocalDisk {
                continue;
            }

-            let name = path_join_buf(&[current, entry]);
+            let name = path_join_buf(&[current.as_str(), entry.as_str()]);

            if !dir_stack.is_empty() {
                if let Some(pop) = dir_stack.last().cloned() {
@@ -1144,9 +1153,7 @@ impl LocalDisk {
                        .await?;

                        if opts.recursive {
-                            let mut opts = opts.clone();
-                            opts.filter_prefix = None;
-                            if let Err(er) = Box::pin(self.scan_dir(&mut pop.clone(), &opts, out, objs_returned)).await {
+                            if let Err(er) = Box::pin(self.scan_dir(pop, prefix.clone(), opts, out, objs_returned)).await {
                                error!("scan_dir err {:?}", er);
                            }
                        }
@@ -1181,9 +1188,17 @@ impl LocalDisk {
                    meta.metadata = res;

                    out.write_obj(&meta).await?;
+
+                    // if let Ok(meta) = FileMeta::load(&meta.metadata)
+                    //     && !meta.all_hidden(true)
+                    // {
                    *objs_returned += 1;
+                    // }
                }
                Err(err) => {
+                    if err == Error::DiskNotDir {
+                        continue;
+                    }
                    if err == Error::FileNotFound || err == Error::IsNotRegular {
                        // NOT an object, append to stack (with slash)
                        // If dirObject, but no metadata (which is unexpected) we skip it.
@@ -1198,9 +1213,8 @@ impl LocalDisk {
            };
        }

-        while let Some(dir) = dir_stack.pop() {
+        while let Some(dir) = dir_stack.last() {
            if opts.limit > 0 && *objs_returned >= opts.limit {
-                // warn!("scan list_dir {}, limit reached 3", &current);
                return Ok(());
            }

@@ -1209,19 +1223,15 @@ impl LocalDisk {
                ..Default::default()
            })
            .await?;
-            *objs_returned += 1;

            if opts.recursive {
-                let mut dir = dir;
-                let mut opts = opts.clone();
-                opts.filter_prefix = None;
-                if let Err(er) = Box::pin(self.scan_dir(&mut dir, &opts, out, objs_returned)).await {
+                if let Err(er) = Box::pin(self.scan_dir(dir.clone(), prefix.clone(), opts, out, objs_returned)).await {
                    warn!("scan_dir err {:?}", &er);
                }
            }
+            dir_stack.pop();
        }

-        // warn!("scan list_dir {}, done", &current);
        Ok(())
    }
 }
@@ -1230,7 +1240,7 @@ fn is_root_path(path: impl AsRef<Path>) -> bool {
    path.as_ref().components().count() == 1 && path.as_ref().has_root()
 }

-// 过滤 std::io::ErrorKind::NotFound
+// Filter std::io::ErrorKind::NotFound
 pub async fn read_file_exists(path: impl AsRef<Path>) -> Result<(Bytes, Option<Metadata>)> {
    let p = path.as_ref();
    let (data, meta) = match read_file_all(&p).await {
@@ -1884,8 +1894,14 @@ impl DiskAPI for LocalDisk {
            }
        }

-        let mut current = opts.base_dir.clone();
-        self.scan_dir(&mut current, &opts, &mut out, &mut objs_returned).await?;
+        self.scan_dir(
+            opts.base_dir.clone(),
+            opts.filter_prefix.clone().unwrap_or_default(),
+            &opts,
+            &mut out,
+            &mut objs_returned,
+        )
+        .await?;

        Ok(())
    }
@@ -1915,11 +1931,11 @@ impl DiskAPI for LocalDisk {
            }
        }

-        // xl.meta 路径
+        // xl.meta path
        let src_file_path = src_volume_dir.join(Path::new(format!("{}/{}", &src_path, STORAGE_FORMAT_FILE).as_str()));
        let dst_file_path = dst_volume_dir.join(Path::new(format!("{}/{}", &dst_path, STORAGE_FORMAT_FILE).as_str()));

-        // data_dir 路径
+        // data_dir path
        let has_data_dir_path = {
            let has_data_dir = {
                if !fi.is_remote() {
@@ -1947,7 +1963,7 @@ impl DiskAPI for LocalDisk {
        check_path_length(src_file_path.to_string_lossy().to_string().as_str())?;
        check_path_length(dst_file_path.to_string_lossy().to_string().as_str())?;

-        // 读旧 xl.meta
+        // Read the previous xl.meta

        let has_dst_buf = match super::fs::read_file(&dst_file_path).await {
            Ok(res) => Some(res),
@@ -2087,6 +2103,7 @@ impl DiskAPI for LocalDisk {
        for vol in volumes {
            if let Err(e) = self.make_volume(vol).await {
                if e != DiskError::VolumeExists {
+                    error!("local disk make volumes failed: {e}");
                    return Err(e);
                }
            }
@@ -2108,6 +2125,7 @@ impl DiskAPI for LocalDisk {
                os::make_dir_all(&volume_dir, self.root.as_path()).await?;
                return Ok(());
            }
+            error!("local disk make volume failed: {e}");
            return Err(to_volume_error(e).into());
        }

@@ -2430,7 +2448,7 @@ impl DiskAPI for LocalDisk {
    async fn delete_volume(&self, volume: &str) -> Result<()> {
        let p = self.get_bucket_path(volume)?;

-        // TODO: 不能用递归删除，如果目录下面有文件，返回 errVolumeNotEmpty
+        // TODO: avoid recursive deletion; return errVolumeNotEmpty when files remain

        if let Err(err) = fs::remove_dir_all(&p).await {
            let e: DiskError = to_volume_error(err).into();
@@ -2584,7 +2602,7 @@ mod test {
        assert!(object_path.to_string_lossy().contains("test-bucket"));
        assert!(object_path.to_string_lossy().contains("test-object"));

-        // 清理测试目录
+        // Clean up the test directory
        let _ = fs::remove_dir_all(&test_dir).await;
    }

@@ -2649,7 +2667,7 @@ mod test {
            disk.delete_volume(vol).await.unwrap();
        }

-        // 清理测试目录
+        // Clean up the test directory
        let _ = fs::remove_dir_all(&test_dir).await;
    }

@@ -2673,7 +2691,7 @@ mod test {
        assert!(!disk_info.fs_type.is_empty());
        assert!(disk_info.total > 0);

-        // 清理测试目录
+        // Clean up the test directory
        let _ = fs::remove_dir_all(&test_dir).await;
    }

--- a/crates/ecstore/src/disk/mod.rs
+++ b/crates/ecstore/src/disk/mod.rs
@@ -431,7 +431,7 @@ pub trait DiskAPI: Debug + Send + Sync + 'static {
    async fn stat_volume(&self, volume: &str) -> Result<VolumeInfo>;
    async fn delete_volume(&self, volume: &str) -> Result<()>;

-    // 并发边读边写 w <- MetaCacheEntry
+    // Concurrent read/write pipeline w <- MetaCacheEntry
    async fn walk_dir<W: AsyncWrite + Unpin + Send>(&self, opts: WalkDirOptions, wr: &mut W) -> Result<()>;

    // Metadata operations
@@ -466,7 +466,7 @@ pub trait DiskAPI: Debug + Send + Sync + 'static {
    ) -> Result<RenameDataResp>;

    // File operations.
-    // 读目录下的所有文件、目录
+    // Read every file and directory within the folder
    async fn list_dir(&self, origvolume: &str, volume: &str, dir_path: &str, count: i32) -> Result<Vec<String>>;
    async fn read_file(&self, volume: &str, path: &str) -> Result<FileReader>;
    async fn read_file_stream(&self, volume: &str, path: &str, offset: usize, length: usize) -> Result<FileReader>;
@@ -1000,7 +1000,7 @@ mod tests {
        // Note: is_online() might return false for local disks without proper initialization
        // This is expected behavior for test environments

-        // 清理测试目录
+        // Clean up the test directory
        let _ = fs::remove_dir_all(&test_dir).await;
    }

@@ -1031,7 +1031,7 @@ mod tests {
        let location = disk.get_disk_location();
        assert!(location.valid() || (!location.valid() && endpoint.pool_idx < 0));

-        // 清理测试目录
+        // Clean up the test directory
        let _ = fs::remove_dir_all(&test_dir).await;
    }
 }
--- a/crates/ecstore/src/disk/os.rs
+++ b/crates/ecstore/src/disk/os.rs
@@ -203,7 +203,7 @@ pub async fn os_mkdir_all(dir_path: impl AsRef<Path>, base_dir: impl AsRef<Path>
    }

    if let Some(parent) = dir_path.as_ref().parent() {
-        // 不支持递归，直接 create_dir_all 了
+        // Without recursion support, fall back to create_dir_all
        if let Err(e) = super::fs::make_dir_all(&parent).await {
            if e.kind() == io::ErrorKind::AlreadyExists {
                return Ok(());
--- a/crates/ecstore/src/erasure.rs
+++ b/crates/ecstore/src/erasure.rs
@@ -297,24 +297,24 @@ impl Erasure {
    pub fn encode_data(self: Arc<Self>, data: &[u8]) -> Result<Vec<Bytes>> {
        let (shard_size, total_size) = self.need_size(data.len());

-        // 生成一个新的 所需的所有分片数据长度
+        // Generate the total length required for all shards
        let mut data_buffer = BytesMut::with_capacity(total_size);

-        // 复制源数据
+        // Copy the source data
        data_buffer.extend_from_slice(data);
        data_buffer.resize(total_size, 0u8);

        {
-            // ec encode, 结果会写进 data_buffer
+            // Perform EC encoding; the results go into data_buffer
            let data_slices: SmallVec<[&mut [u8]; 16]> = data_buffer.chunks_exact_mut(shard_size).collect();

-            // parity 数量大于 0 才 ec
+            // Only perform EC encoding when parity shards are present
            if self.parity_shards > 0 {
                self.encoder.as_ref().unwrap().encode(data_slices).map_err(Error::other)?;
            }
        }

-        // 零拷贝分片，所有 shard 引用 data_buffer
+        // Zero-copy shards: every shard references data_buffer
        let mut data_buffer = data_buffer.freeze();
        let mut shards = Vec::with_capacity(self.total_shard_count());
        for _ in 0..self.total_shard_count() {
@@ -333,13 +333,13 @@ impl Erasure {
        Ok(())
    }

-    // 每个分片长度，所需要的总长度
+    // The length per shard and the total required length
    fn need_size(&self, data_size: usize) -> (usize, usize) {
        let shard_size = self.shard_size(data_size);
        (shard_size, shard_size * (self.total_shard_count()))
    }

-    // 算出每个分片大小
+    // Compute each shard size
    pub fn shard_size(&self, data_size: usize) -> usize {
        data_size.div_ceil(self.data_shards)
    }
@@ -354,7 +354,7 @@ impl Erasure {
        let last_shard_size = last_block_size.div_ceil(self.data_shards);
        num_shards * self.shard_size(self.block_size) + last_shard_size

-        // // 因为写入的时候 ec 需要补全，所以最后一个长度应该也是一样的
+        // When writing, EC pads the data so the last shard length should match
        // if last_block_size != 0 {
        //     num_shards += 1
        // }
@@ -447,12 +447,12 @@ pub trait ReadAt {
 }

 pub struct ShardReader {
-    readers: Vec<Option<BitrotReader>>, // 磁盘
-    data_block_count: usize,            // 总的分片数量
+    readers: Vec<Option<BitrotReader>>, // Disk readers
+    data_block_count: usize,            // Total number of shards
    parity_block_count: usize,
-    shard_size: usize,      // 每个分片的块大小 一次读取一块
-    shard_file_size: usize, // 分片文件总长度
-    offset: usize,          // 在分片中的 offset
+    shard_size: usize,      // Block size per shard (read one block at a time)
+    shard_file_size: usize, // Total size of the shard file
+    offset: usize,          // Offset within the shard
 }

 impl ShardReader {
@@ -470,7 +470,7 @@ impl ShardReader {
    pub async fn read(&mut self) -> Result<Vec<Option<Vec<u8>>>> {
        // let mut disks = self.readers;
        let reader_length = self.readers.len();
-        // 需要读取的块长度
+        // Length of the block to read
        let mut read_length = self.shard_size;
        if self.offset + read_length > self.shard_file_size {
            read_length = self.shard_file_size - self.offset
--- a/crates/ecstore/src/erasure_coding/bitrot.rs
+++ b/crates/ecstore/src/erasure_coding/bitrot.rs
@@ -387,7 +387,7 @@ mod tests {
        }
        assert_eq!(n, data.len());

-        // 读
+        // Read
        let reader = bitrot_writer.into_inner();
        let reader = Cursor::new(reader.into_inner());
        let mut bitrot_reader = BitrotReader::new(reader, shard_size, HashAlgorithm::HighwayHash256);
@@ -433,7 +433,7 @@ mod tests {
            let res = bitrot_reader.read(&mut buf).await;

            if idx == count - 1 {
-                // 最后一个块，应该返回错误
+                // The last chunk should trigger an error
                assert!(res.is_err());
                assert_eq!(res.unwrap_err().kind(), std::io::ErrorKind::InvalidData);
                break;
--- a/crates/ecstore/src/erasure_coding/decode.rs
+++ b/crates/ecstore/src/erasure_coding/decode.rs
@@ -301,6 +301,10 @@ impl Erasure {
            written += n;
        }

+        if ret_err.is_some() {
+            return (written, ret_err);
+        }
+
        if written < length {
            ret_err = Some(Error::LessData.into());
        }
--- a/crates/ecstore/src/erasure_coding/encode.rs
+++ b/crates/ecstore/src/erasure_coding/encode.rs
@@ -145,7 +145,9 @@ impl Erasure {
                            return Err(std::io::Error::other(format!("Failed to send encoded data : {err}")));
                        }
                    }
-                    Ok(_) => break,
+                    Ok(_) => {
+                        break;
+                    }
                    Err(e) if e.kind() == std::io::ErrorKind::UnexpectedEof => {
                        break;
                    }
--- a/crates/ecstore/src/erasure_coding/erasure.rs
+++ b/crates/ecstore/src/erasure_coding/erasure.rs
@@ -27,7 +27,7 @@
 //!
 //! ## Example
 //!
-//! ```rust
+//! ```ignore
 //! use rustfs_ecstore::erasure_coding::Erasure;
 //!
 //! let erasure = Erasure::new(4, 2, 1024); // 4 data shards, 2 parity shards, 1KB block size
@@ -58,7 +58,7 @@ impl Clone for ReedSolomonEncoder {
        Self {
            data_shards: self.data_shards,
            parity_shards: self.parity_shards,
-            // 为新实例创建空的缓存，不共享缓存
+            // Create an empty cache for the new instance instead of sharing one
            encoder_cache: std::sync::RwLock::new(None),
            decoder_cache: std::sync::RwLock::new(None),
        }
@@ -83,7 +83,6 @@ impl ReedSolomonEncoder {
            return Ok(());
        }

-        // 使用 SIMD 进行编码
        let simd_result = self.encode_with_simd(&mut shards_vec);

        match simd_result {
@@ -176,7 +175,6 @@ impl ReedSolomonEncoder {
            .find_map(|s| s.as_ref().map(|v| v.len()))
            .ok_or_else(|| io::Error::other("No valid shards found for reconstruction"))?;

-        // 获取或创建decoder
        let mut decoder = {
            let mut cache_guard = self
                .decoder_cache
@@ -185,21 +183,17 @@ impl ReedSolomonEncoder {

            match cache_guard.take() {
                Some(mut cached_decoder) => {
-                    // 使用reset方法重置现有decoder
                    if let Err(e) = cached_decoder.reset(self.data_shards, self.parity_shards, shard_len) {
                        warn!("Failed to reset SIMD decoder: {:?}, creating new one", e);
-                        // 如果reset失败，创建新的decoder
+
                        reed_solomon_simd::ReedSolomonDecoder::new(self.data_shards, self.parity_shards, shard_len)
                            .map_err(|e| io::Error::other(format!("Failed to create SIMD decoder: {e:?}")))?
                    } else {
                        cached_decoder
                    }
                }
-                None => {
-                    // 第一次使用，创建新decoder
-                    reed_solomon_simd::ReedSolomonDecoder::new(self.data_shards, self.parity_shards, shard_len)
-                        .map_err(|e| io::Error::other(format!("Failed to create SIMD decoder: {e:?}")))?
-                }
+                None => reed_solomon_simd::ReedSolomonDecoder::new(self.data_shards, self.parity_shards, shard_len)
+                    .map_err(|e| io::Error::other(format!("Failed to create SIMD decoder: {e:?}")))?,
            }
        };

@@ -235,8 +229,7 @@ impl ReedSolomonEncoder {
            }
        }

-        // 将decoder放回缓存（在result被drop后decoder自动重置，可以重用）
-        drop(result); // 显式drop result，确保decoder被重置
+        drop(result);

        *self
            .decoder_cache
@@ -262,7 +255,7 @@ impl ReedSolomonEncoder {
 /// - `_buf`: Internal buffer for block operations.
 ///
 /// # Example
-/// ```
+/// ```ignore
 /// use rustfs_ecstore::erasure_coding::Erasure;
 /// let erasure = Erasure::new(4, 2, 8);
 /// let data = b"hello world";
@@ -468,15 +461,21 @@ impl Erasure {
            let mut buf = vec![0u8; block_size];
            match rustfs_utils::read_full(&mut *reader, &mut buf).await {
                Ok(n) if n > 0 => {
+                    warn!("encode_stream_callback_async read n={}", n);
                    total += n;
                    let res = self.encode_data(&buf[..n]);
                    on_block(res).await?
                }
-                Ok(_) => break,
+                Ok(_) => {
+                    warn!("encode_stream_callback_async read unexpected ok");
+                    break;
+                }
                Err(e) if e.kind() == std::io::ErrorKind::UnexpectedEof => {
+                    warn!("encode_stream_callback_async read unexpected eof");
                    break;
                }
                Err(e) => {
+                    warn!("encode_stream_callback_async read error={:?}", e);
                    on_block(Err(e)).await?;
                    break;
                }
@@ -948,7 +947,7 @@ mod tests {
            let block_size = 1024 * 1024; // 1MB block size
            let erasure = Erasure::new(data_shards, parity_shards, block_size);

-            // 创建2MB的测试数据，这样可以测试多个1MB块的处理
+            // Build 2 MB of test data so multiple 1 MB chunks are exercised
            let mut data = Vec::with_capacity(2 * 1024 * 1024);
            for i in 0..(2 * 1024 * 1024) {
                data.push((i % 256) as u8);
@@ -962,7 +961,7 @@ mod tests {
                data.len() / 1024
            );

-            // 编码数据
+            // Encode the data
            let start = std::time::Instant::now();
            let shards = erasure.encode_data(&data).unwrap();
            let encode_duration = start.elapsed();
--- a/crates/ecstore/src/error.rs
+++ b/crates/ecstore/src/error.rs
@@ -193,6 +193,9 @@ pub enum StorageError {

    #[error("Precondition failed")]
    PreconditionFailed,
+
+    #[error("Invalid range specified: {0}")]
+    InvalidRangeSpec(String),
 }

 impl StorageError {
@@ -424,6 +427,7 @@ impl Clone for StorageError {
            StorageError::InsufficientReadQuorum(a, b) => StorageError::InsufficientReadQuorum(a.clone(), b.clone()),
            StorageError::InsufficientWriteQuorum(a, b) => StorageError::InsufficientWriteQuorum(a.clone(), b.clone()),
            StorageError::PreconditionFailed => StorageError::PreconditionFailed,
+            StorageError::InvalidRangeSpec(a) => StorageError::InvalidRangeSpec(a.clone()),
        }
    }
 }
@@ -491,6 +495,7 @@ impl StorageError {
            StorageError::InsufficientWriteQuorum(_, _) => 0x3A,
            StorageError::PreconditionFailed => 0x3B,
            StorageError::EntityTooSmall(_, _, _) => 0x3C,
+            StorageError::InvalidRangeSpec(_) => 0x3D,
        }
    }

@@ -559,6 +564,8 @@ impl StorageError {
            0x39 => Some(StorageError::InsufficientReadQuorum(Default::default(), Default::default())),
            0x3A => Some(StorageError::InsufficientWriteQuorum(Default::default(), Default::default())),
            0x3B => Some(StorageError::PreconditionFailed),
+            0x3C => Some(StorageError::EntityTooSmall(Default::default(), Default::default(), Default::default())),
+            0x3D => Some(StorageError::InvalidRangeSpec(Default::default())),
            _ => None,
        }
    }
--- a/crates/ecstore/src/global.rs
+++ b/crates/ecstore/src/global.rs
@@ -38,7 +38,7 @@ pub const DISK_RESERVE_FRACTION: f64 = 0.15;

 lazy_static! {
    static ref GLOBAL_RUSTFS_PORT: OnceLock<u16> = OnceLock::new();
-    static ref GLOBAL_RUSTFS_EXTERNAL_PORT: OnceLock<u16> = OnceLock::new();
+    static ref globalDeploymentIDPtr: OnceLock<Uuid> = OnceLock::new();
    pub static ref GLOBAL_OBJECT_API: OnceLock<Arc<ECStore>> = OnceLock::new();
    pub static ref GLOBAL_LOCAL_DISK: Arc<RwLock<Vec<Option<DiskStore>>>> = Arc::new(RwLock::new(Vec::new()));
    pub static ref GLOBAL_IsErasure: RwLock<bool> = RwLock::new(false);
@@ -51,8 +51,6 @@ lazy_static! {
    pub static ref GLOBAL_TierConfigMgr: Arc<RwLock<TierConfigMgr>> = TierConfigMgr::new();
    pub static ref GLOBAL_LifecycleSys: Arc<LifecycleSys> = LifecycleSys::new();
    pub static ref GLOBAL_EventNotifier: Arc<RwLock<EventNotifier>> = EventNotifier::new();
-    //pub static ref GLOBAL_RemoteTargetTransport
-    static ref globalDeploymentIDPtr: OnceLock<Uuid> = OnceLock::new();
    pub static ref GLOBAL_BOOT_TIME: OnceCell<SystemTime> = OnceCell::new();
    pub static ref GLOBAL_LocalNodeName: String = "127.0.0.1:9000".to_string();
    pub static ref GLOBAL_LocalNodeNameHex: String = rustfs_utils::crypto::hex(GLOBAL_LocalNodeName.as_bytes());
@@ -60,12 +58,22 @@ lazy_static! {
    pub static ref GLOBAL_REGION: OnceLock<String> = OnceLock::new();
 }

-// Global cancellation token for background services (data scanner and auto heal)
+/// Global cancellation token for background services (data scanner and auto heal)
 static GLOBAL_BACKGROUND_SERVICES_CANCEL_TOKEN: OnceLock<CancellationToken> = OnceLock::new();

+/// Global active credentials
 static GLOBAL_ACTIVE_CRED: OnceLock<Credentials> = OnceLock::new();

-pub fn init_global_action_cred(ak: Option<String>, sk: Option<String>) {
+/// Initialize the global action credentials
+///
+/// # Arguments
+/// * `ak` - Optional access key
+/// * `sk` - Optional secret key
+///
+/// # Returns
+/// * None
+///
+pub fn init_global_action_credentials(ak: Option<String>, sk: Option<String>) {
    let ak = {
        if let Some(k) = ak {
            k
@@ -91,11 +99,16 @@ pub fn init_global_action_cred(ak: Option<String>, sk: Option<String>) {
        .unwrap();
 }

+/// Get the global action credentials
 pub fn get_global_action_cred() -> Option<Credentials> {
    GLOBAL_ACTIVE_CRED.get().cloned()
 }

 /// Get the global rustfs port
+///
+/// # Returns
+/// * `u16` - The global rustfs port
+///
 pub fn global_rustfs_port() -> u16 {
    if let Some(p) = GLOBAL_RUSTFS_PORT.get() {
        *p
@@ -105,36 +118,44 @@ pub fn global_rustfs_port() -> u16 {
 }

 /// Set the global rustfs port
+///
+/// # Arguments
+/// * `value` - The port value to set globally
+///
+/// # Returns
+/// * None
 pub fn set_global_rustfs_port(value: u16) {
    GLOBAL_RUSTFS_PORT.set(value).expect("set_global_rustfs_port fail");
 }

-/// Get the global rustfs external port
-pub fn global_rustfs_external_port() -> u16 {
-    if let Some(p) = GLOBAL_RUSTFS_EXTERNAL_PORT.get() {
-        *p
-    } else {
-        rustfs_config::DEFAULT_PORT
-    }
-}
-
-/// Set the global rustfs external port
-pub fn set_global_rustfs_external_port(value: u16) {
-    GLOBAL_RUSTFS_EXTERNAL_PORT
-        .set(value)
-        .expect("set_global_rustfs_external_port fail");
-}
-
-/// Get the global rustfs port
+/// Set the global deployment id
+///
+/// # Arguments
+/// * `id` - The Uuid to set as the global deployment id
+///
+/// # Returns
+/// * None
+///
 pub fn set_global_deployment_id(id: Uuid) {
    globalDeploymentIDPtr.set(id).unwrap();
 }

 /// Get the global deployment id
+///
+/// # Returns
+/// * `Option<String>` - The global deployment id as a string, if set
+///
 pub fn get_global_deployment_id() -> Option<String> {
    globalDeploymentIDPtr.get().map(|v| v.to_string())
 }
-/// Get the global deployment id
+/// Set the global endpoints
+///
+/// # Arguments
+/// * `eps` - A vector of PoolEndpoints to set globally
+///
+/// # Returns
+/// * None
+///
 pub fn set_global_endpoints(eps: Vec<PoolEndpoints>) {
    GLOBAL_Endpoints
        .set(EndpointServerPools::from(eps))
@@ -142,6 +163,10 @@ pub fn set_global_endpoints(eps: Vec<PoolEndpoints>) {
 }

 /// Get the global endpoints
+///
+/// # Returns
+/// * `EndpointServerPools` - The global endpoints
+///
 pub fn get_global_endpoints() -> EndpointServerPools {
    if let Some(eps) = GLOBAL_Endpoints.get() {
        eps.clone()
@@ -150,29 +175,63 @@ pub fn get_global_endpoints() -> EndpointServerPools {
    }
 }

+/// Create a new object layer instance
+///
+/// # Returns
+/// * `Option<Arc<ECStore>>` - The global object layer instance, if set
+///
 pub fn new_object_layer_fn() -> Option<Arc<ECStore>> {
    GLOBAL_OBJECT_API.get().cloned()
 }

+/// Set the global object layer
+///
+/// # Arguments
+/// * `o` - The ECStore instance to set globally
+///
+/// # Returns
+/// * None
 pub async fn set_object_layer(o: Arc<ECStore>) {
    GLOBAL_OBJECT_API.set(o).expect("set_object_layer fail ")
 }

+/// Check if the setup type is distributed erasure coding
+///
+/// # Returns
+/// * `bool` - True if the setup type is distributed erasure coding, false otherwise
+///
 pub async fn is_dist_erasure() -> bool {
    let lock = GLOBAL_IsDistErasure.read().await;
    *lock
 }

+/// Check if the setup type is erasure coding with single data center
+///
+/// # Returns
+/// * `bool` - True if the setup type is erasure coding with single data center, false otherwise
+///
 pub async fn is_erasure_sd() -> bool {
    let lock = GLOBAL_IsErasureSD.read().await;
    *lock
 }

+/// Check if the setup type is erasure coding
+///
+/// # Returns
+/// * `bool` - True if the setup type is erasure coding, false otherwise
+///
 pub async fn is_erasure() -> bool {
    let lock = GLOBAL_IsErasure.read().await;
    *lock
 }

+/// Update the global erasure type based on the setup type
+///
+/// # Arguments
+/// * `setup_type` - The SetupType to update the global erasure type
+///
+/// # Returns
+/// * None
 pub async fn update_erasure_type(setup_type: SetupType) {
    let mut is_erasure = GLOBAL_IsErasure.write().await;
    *is_erasure = setup_type == SetupType::Erasure;
@@ -198,25 +257,53 @@ pub async fn update_erasure_type(setup_type: SetupType) {

 type TypeLocalDiskSetDrives = Vec<Vec<Vec<Option<DiskStore>>>>;

+/// Set the global region
+///
+/// # Arguments
+/// * `region` - The region string to set globally
+///
+/// # Returns
+/// * None
 pub fn set_global_region(region: String) {
    GLOBAL_REGION.set(region).unwrap();
 }

+/// Get the global region
+///
+/// # Returns
+/// * `Option<String>` - The global region string, if set
+///
 pub fn get_global_region() -> Option<String> {
    GLOBAL_REGION.get().cloned()
 }

 /// Initialize the global background services cancellation token
+///
+/// # Arguments
+/// * `cancel_token` - The CancellationToken instance to set globally
+///
+/// # Returns
+/// * `Ok(())` if successful
+/// * `Err(CancellationToken)` if setting fails
+///
 pub fn init_background_services_cancel_token(cancel_token: CancellationToken) -> Result<(), CancellationToken> {
    GLOBAL_BACKGROUND_SERVICES_CANCEL_TOKEN.set(cancel_token)
 }

 /// Get the global background services cancellation token
+///
+/// # Returns
+/// * `Option<&'static CancellationToken>` - The global cancellation token, if set
+///
 pub fn get_background_services_cancel_token() -> Option<&'static CancellationToken> {
    GLOBAL_BACKGROUND_SERVICES_CANCEL_TOKEN.get()
 }

 /// Create and initialize the global background services cancellation token
+///
+/// # Returns
+/// * `CancellationToken` - The newly created global cancellation token
+///
 pub fn create_background_services_cancel_token() -> CancellationToken {
    let cancel_token = CancellationToken::new();
    init_background_services_cancel_token(cancel_token.clone()).expect("Background services cancel token already initialized");
@@ -224,6 +311,9 @@ pub fn create_background_services_cancel_token() -> CancellationToken {
 }

 /// Shutdown all background services gracefully
+///
+/// # Returns
+/// * None
 pub fn shutdown_background_services() {
    if let Some(cancel_token) = GLOBAL_BACKGROUND_SERVICES_CANCEL_TOKEN.get() {
        cancel_token.cancel();
--- a/crates/ecstore/src/lib.rs
+++ b/crates/ecstore/src/lib.rs
@@ -44,7 +44,7 @@ mod store_init;
 pub mod store_list_objects;
 pub mod store_utils;

-pub mod checksum;
+// pub mod checksum;
 pub mod client;
 pub mod event;
 pub mod event_notification;
--- a/crates/ecstore/src/metrics_realtime.rs
+++ b/crates/ecstore/src/metrics_realtime.rs
@@ -23,7 +23,7 @@ use rustfs_common::{
 use rustfs_madmin::metrics::{DiskIOStats, DiskMetric, RealtimeMetrics};
 use rustfs_utils::os::get_drive_stats;
 use serde::{Deserialize, Serialize};
-use tracing::info;
+use tracing::{debug, info};

 use crate::{
    admin_server_info::get_local_server_property,
@@ -44,7 +44,7 @@ pub struct CollectMetricsOpts {
 pub struct MetricType(u32);

 impl MetricType {
-    // 定义一些常量
+    // Define some constants
    pub const NONE: MetricType = MetricType(0);
    pub const SCANNER: MetricType = MetricType(1 << 0);
    pub const DISK: MetricType = MetricType(1 << 1);
@@ -70,8 +70,18 @@ impl MetricType {
    }
 }

+/// Collect local metrics based on the specified types and options.
+///
+/// # Arguments
+///
+/// * `types` - A `MetricType` specifying which types of metrics to collect.
+/// * `opts` - A reference to `CollectMetricsOpts` containing additional options for metric collection.
+///
+/// # Returns
+/// * A `RealtimeMetrics` struct containing the collected metrics.
+///
 pub async fn collect_local_metrics(types: MetricType, opts: &CollectMetricsOpts) -> RealtimeMetrics {
-    info!("collect_local_metrics");
+    debug!("collect_local_metrics");
    let mut real_time_metrics = RealtimeMetrics::default();
    if types.0 == MetricType::NONE.0 {
        info!("types is None, return");
@@ -93,13 +103,13 @@ pub async fn collect_local_metrics(types: MetricType, opts: &CollectMetricsOpts)
    }

    if types.contains(&MetricType::DISK) {
-        info!("start get disk metrics");
+        debug!("start get disk metrics");
        let mut aggr = DiskMetric {
            collected_at: Utc::now(),
            ..Default::default()
        };
        for (name, disk) in collect_local_disks_metrics(&opts.disks).await.into_iter() {
-            info!("got disk metric, name: {name}, metric: {disk:?}");
+            debug!("got disk metric, name: {name}, metric: {disk:?}");
            real_time_metrics.by_disk.insert(name, disk.clone());
            aggr.merge(&disk);
        }
@@ -107,7 +117,7 @@ pub async fn collect_local_metrics(types: MetricType, opts: &CollectMetricsOpts)
    }

    if types.contains(&MetricType::SCANNER) {
-        info!("start get scanner metrics");
+        debug!("start get scanner metrics");
        let metrics = globalMetrics.report().await;
        real_time_metrics.aggregated.scanner = Some(metrics);
    }
--- a/crates/ecstore/src/pools.rs
+++ b/crates/ecstore/src/pools.rs
@@ -384,7 +384,7 @@ impl PoolMeta {

        let mut update = false;

-        // 检查指定的池是否需要从已退役的池中移除。
+        // Determine whether the selected pool should be removed from the retired list.
        for k in specified_pools.keys() {
            if let Some(pi) = remembered_pools.get(k) {
                if pi.completed {
@@ -400,7 +400,7 @@ impl PoolMeta {
                    // )));
                }
            } else {
-                // 如果之前记住的池不再存在，允许更新，因为可能是添加了一个新池。
+                // If the previous pool no longer exists, allow updates because a new pool may have been added.
                update = true;
            }
        }
@@ -409,7 +409,7 @@ impl PoolMeta {
            for (k, pi) in remembered_pools.iter() {
                if let Some(pos) = specified_pools.get(k) {
                    if *pos != pi.position {
-                        update = true; // 池的顺序发生了变化，允许更新。
+                        update = true; // Pool order changed, allow the update.
                    }
                }
            }
@@ -427,12 +427,12 @@ impl PoolMeta {
        for pool in &self.pools {
            if let Some(decommission) = &pool.decommission {
                if decommission.complete || decommission.canceled {
-                    // 不需要恢复的情况：
-                    // - 退役已完成
-                    // - 退役已取消
+                    // Recovery is not required when:
+                    // - Decommissioning completed
+                    // - Decommissioning was cancelled
                    continue;
                }
-                // 其他情况需要恢复
+                // All other scenarios require recovery
                new_pools.push(pool.clone());
            }
        }
@@ -1140,6 +1140,7 @@ impl ECStore {
                .await
            {
                if !is_err_bucket_exists(&err) {
+                    error!("decommission: make bucket failed: {err}");
                    return Err(err);
                }
            }
@@ -1262,6 +1263,8 @@ impl ECStore {
                parts[i] = CompletePart {
                    part_num: pi.part_num,
                    etag: pi.etag,
+
+                    ..Default::default()
                };
            }

@@ -1289,7 +1292,7 @@ impl ECStore {
        }

        let reader = BufReader::new(rd.stream);
-        let hrd = HashReader::new(Box::new(WarpReader::new(reader)), object_info.size, object_info.size, None, false)?;
+        let hrd = HashReader::new(Box::new(WarpReader::new(reader)), object_info.size, object_info.size, None, None, false)?;
        let mut data = PutObjReader::new(hrd);

        if let Err(err) = self
--- a/crates/ecstore/src/rebalance.rs
+++ b/crates/ecstore/src/rebalance.rs
@@ -421,15 +421,15 @@ impl ECStore {
            if let Some(pool_stat) = meta.pool_stats.get_mut(pool_index) {
                info!("bucket_rebalance_done: buckets {:?}", &pool_stat.buckets);

-                // 使用 retain 来过滤掉要删除的 bucket
+                // Use retain to filter out buckets slated for removal
                let mut found = false;
                pool_stat.buckets.retain(|b| {
                    if b.as_str() == bucket.as_str() {
                        found = true;
                        pool_stat.rebalanced_buckets.push(b.clone());
-                        false // 删除这个元素
+                        false // Remove this element
                    } else {
-                        true // 保留这个元素
+                        true // Keep this element
                    }
                });

@@ -946,13 +946,13 @@ impl ECStore {
            let mut reader = rd.stream;

            for (i, part) in object_info.parts.iter().enumerate() {
-                // 每次从 reader 中读取一个 part 上传
+                // Read one part from the reader and upload it each time

                let mut chunk = vec![0u8; part.size];

                reader.read_exact(&mut chunk).await?;

-                // 每次从 reader 中读取一个 part 上传
+                // Read one part from the reader and upload it each time
                let mut data = PutObjReader::from_vec(chunk);

                let pi = match self
@@ -979,6 +979,7 @@ impl ECStore {
                parts[i] = CompletePart {
                    part_num: pi.part_num,
                    etag: pi.etag,
+                    ..Default::default()
                };
            }

@@ -1005,7 +1006,7 @@ impl ECStore {
        }

        let reader = BufReader::new(rd.stream);
-        let hrd = HashReader::new(Box::new(WarpReader::new(reader)), object_info.size, object_info.size, None, false)?;
+        let hrd = HashReader::new(Box::new(WarpReader::new(reader)), object_info.size, object_info.size, None, None, false)?;
        let mut data = PutObjReader::new(hrd);

        if let Err(err) = self
--- a/crates/ecstore/src/rpc/peer_s3_client.rs
+++ b/crates/ecstore/src/rpc/peer_s3_client.rs
@@ -94,11 +94,11 @@ impl S3PeerSys {

        let mut pool_errs = Vec::new();
        for pool_idx in 0..self.pools_count {
-            let mut per_pool_errs = Vec::new();
+            let mut per_pool_errs = vec![None; self.clients.len()];
            for (i, client) in self.clients.iter().enumerate() {
                if let Some(v) = client.get_pools() {
                    if v.contains(&pool_idx) {
-                        per_pool_errs.push(errs[i].clone());
+                        per_pool_errs[i] = errs[i].clone();
                    }
                }
            }
@@ -129,20 +129,28 @@ impl S3PeerSys {
        let errs = join_all(futures).await;

        for pool_idx in 0..self.pools_count {
-            let mut per_pool_errs = Vec::new();
+            let mut per_pool_errs = vec![None; self.clients.len()];
            for (i, client) in self.clients.iter().enumerate() {
                if let Some(v) = client.get_pools() {
                    if v.contains(&pool_idx) {
-                        per_pool_errs.push(errs[i].clone());
+                        per_pool_errs[i] = errs[i].clone();
                    }
                }
            }
            let qu = per_pool_errs.len() / 2;
            if let Some(pool_err) = reduce_write_quorum_errs(&per_pool_errs, BUCKET_OP_IGNORED_ERRS, qu) {
+                tracing::error!("heal_bucket per_pool_errs: {per_pool_errs:?}");
+                tracing::error!("heal_bucket reduce_write_quorum_errs: {pool_err}");
                return Err(pool_err);
            }
        }

+        if let Some(err) = reduce_write_quorum_errs(&errs, BUCKET_OP_IGNORED_ERRS, (errs.len() / 2) + 1) {
+            tracing::error!("heal_bucket errs: {errs:?}");
+            tracing::error!("heal_bucket reduce_write_quorum_errs: {err}");
+            return Err(err);
+        }
+
        for (i, err) in errs.iter().enumerate() {
            if err.is_none() {
                return Ok(heal_bucket_results.read().await[i].clone());
@@ -157,34 +165,36 @@ impl S3PeerSys {
            futures.push(cli.make_bucket(bucket, opts));
        }

-        let mut errors = Vec::with_capacity(self.clients.len());
+        let mut errors = vec![None; self.clients.len()];

        let results = join_all(futures).await;
-        for result in results {
+        for (i, result) in results.into_iter().enumerate() {
            match result {
                Ok(_) => {
-                    errors.push(None);
+                    errors[i] = None;
                }
                Err(e) => {
-                    errors.push(Some(e));
+                    errors[i] = Some(e);
                }
            }
        }

        for i in 0..self.pools_count {
-            let mut per_pool_errs = Vec::with_capacity(self.clients.len());
+            let mut per_pool_errs = vec![None; self.clients.len()];
            for (j, cli) in self.clients.iter().enumerate() {
                let pools = cli.get_pools();
                let idx = i;
                if pools.unwrap_or_default().contains(&idx) {
-                    per_pool_errs.push(errors[j].clone());
+                    per_pool_errs[j] = errors[j].clone();
                }
+            }

-                if let Some(pool_err) =
-                    reduce_write_quorum_errs(&per_pool_errs, BUCKET_OP_IGNORED_ERRS, (per_pool_errs.len() / 2) + 1)
-                {
-                    return Err(pool_err);
-                }
+            if let Some(pool_err) =
+                reduce_write_quorum_errs(&per_pool_errs, BUCKET_OP_IGNORED_ERRS, (per_pool_errs.len() / 2) + 1)
+            {
+                tracing::error!("make_bucket per_pool_errs: {per_pool_errs:?}");
+                tracing::error!("make_bucket reduce_write_quorum_errs: {pool_err}");
+                return Err(pool_err);
            }
        }

@@ -196,42 +206,74 @@ impl S3PeerSys {
            futures.push(cli.list_bucket(opts));
        }

-        let mut errors = Vec::with_capacity(self.clients.len());
-        let mut ress = Vec::with_capacity(self.clients.len());
+        let mut errors = vec![None; self.clients.len()];
+        let mut node_buckets = vec![None; self.clients.len()];

        let results = join_all(futures).await;
-        for result in results {
+        for (i, result) in results.into_iter().enumerate() {
            match result {
                Ok(res) => {
-                    ress.push(Some(res));
-                    errors.push(None);
+                    node_buckets[i] = Some(res);
+                    errors[i] = None;
                }
                Err(e) => {
-                    ress.push(None);
-                    errors.push(Some(e));
-                }
-            }
-        }
-        // TODO: reduceWriteQuorumErrs
-        // for i in 0..self.pools_count {}
-
-        let mut uniq_map: HashMap<&String, &BucketInfo> = HashMap::new();
-
-        for res in ress.iter() {
-            if res.is_none() {
-                continue;
-            }
-
-            let buckets = res.as_ref().unwrap();
-
-            for bucket in buckets.iter() {
-                if !uniq_map.contains_key(&bucket.name) {
-                    uniq_map.insert(&bucket.name, bucket);
+                    node_buckets[i] = None;
+                    errors[i] = Some(e);
                }
            }
        }

-        let buckets: Vec<BucketInfo> = uniq_map.values().map(|&v| v.clone()).collect();
+        let mut result_map: HashMap<&String, BucketInfo> = HashMap::new();
+        for i in 0..self.pools_count {
+            let mut per_pool_errs = vec![None; self.clients.len()];
+            for (j, cli) in self.clients.iter().enumerate() {
+                let pools = cli.get_pools();
+                let idx = i;
+                if pools.unwrap_or_default().contains(&idx) {
+                    per_pool_errs[j] = errors[j].clone();
+                }
+            }
+
+            let quorum = per_pool_errs.len() / 2;
+
+            if let Some(pool_err) = reduce_write_quorum_errs(&per_pool_errs, BUCKET_OP_IGNORED_ERRS, quorum) {
+                tracing::error!("list_bucket per_pool_errs: {per_pool_errs:?}");
+                tracing::error!("list_bucket reduce_write_quorum_errs: {pool_err}");
+                return Err(pool_err);
+            }
+
+            let mut bucket_map: HashMap<&String, usize> = HashMap::new();
+            for (j, node_bucket) in node_buckets.iter().enumerate() {
+                if let Some(buckets) = node_bucket.as_ref() {
+                    if buckets.is_empty() {
+                        continue;
+                    }
+
+                    if !self.clients[j].get_pools().unwrap_or_default().contains(&i) {
+                        continue;
+                    }
+
+                    for bucket in buckets.iter() {
+                        if result_map.contains_key(&bucket.name) {
+                            continue;
+                        }
+
+                        // incr bucket_map count create if not exists
+                        let count = bucket_map.entry(&bucket.name).or_insert(0usize);
+                        *count += 1;
+
+                        if *count >= quorum {
+                            result_map.insert(&bucket.name, bucket.clone());
+                        }
+                    }
+                }
+            }
+            // TODO: MRF
+        }
+
+        let mut buckets: Vec<BucketInfo> = result_map.into_values().collect();
+
+        buckets.sort_by_key(|b| b.name.clone());

        Ok(buckets)
    }
@@ -241,22 +283,27 @@ impl S3PeerSys {
            futures.push(cli.delete_bucket(bucket, opts));
        }

-        let mut errors = Vec::with_capacity(self.clients.len());
+        let mut errors = vec![None; self.clients.len()];

        let results = join_all(futures).await;

-        for result in results {
+        for (i, result) in results.into_iter().enumerate() {
            match result {
                Ok(_) => {
-                    errors.push(None);
+                    errors[i] = None;
                }
                Err(e) => {
-                    errors.push(Some(e));
+                    errors[i] = Some(e);
                }
            }
        }

-        // TODO: reduceWriteQuorumErrs
+        if let Some(err) = reduce_write_quorum_errs(&errors, BUCKET_OP_IGNORED_ERRS, (errors.len() / 2) + 1) {
+            if !Error::is_err_object_not_found(&err) && !opts.no_recreate {
+                let _ = self.make_bucket(bucket, &MakeBucketOptions::default()).await;
+            }
+            return Err(err);
+        }

        Ok(())
    }
@@ -266,37 +313,44 @@ impl S3PeerSys {
            futures.push(cli.get_bucket_info(bucket, opts));
        }

-        let mut ress = Vec::with_capacity(self.clients.len());
-        let mut errors = Vec::with_capacity(self.clients.len());
+        let mut ress = vec![None; self.clients.len()];
+        let mut errors = vec![None; self.clients.len()];

        let results = join_all(futures).await;
-        for result in results {
+        for (i, result) in results.into_iter().enumerate() {
            match result {
                Ok(res) => {
-                    ress.push(Some(res));
-                    errors.push(None);
+                    ress[i] = Some(res);
+                    errors[i] = None;
                }
                Err(e) => {
-                    ress.push(None);
-                    errors.push(Some(e));
+                    ress[i] = None;
+                    errors[i] = Some(e);
                }
            }
        }

        for i in 0..self.pools_count {
-            let mut per_pool_errs = Vec::with_capacity(self.clients.len());
+            let mut per_pool_errs = vec![None; self.clients.len()];
            for (j, cli) in self.clients.iter().enumerate() {
                let pools = cli.get_pools();
                let idx = i;
                if pools.unwrap_or_default().contains(&idx) {
-                    per_pool_errs.push(errors[j].as_ref());
+                    per_pool_errs[j] = errors[j].clone();
                }
+            }

-                // TODO: reduceWriteQuorumErrs
+            if let Some(pool_err) =
+                reduce_write_quorum_errs(&per_pool_errs, BUCKET_OP_IGNORED_ERRS, (per_pool_errs.len() / 2) + 1)
+            {
+                return Err(pool_err);
            }
        }

-        ress.iter().find_map(|op| op.clone()).ok_or(Error::VolumeNotFound)
+        ress.into_iter()
+            .filter(|op| op.is_some())
+            .find_map(|op| op.clone())
+            .ok_or(Error::VolumeNotFound)
    }

    pub fn get_pools(&self) -> Option<Vec<usize>> {
@@ -482,7 +536,7 @@ impl PeerS3Client for LocalPeerS3Client {
            }
        }

-        // errVolumeNotEmpty 不删除，把已经删除的重新创建
+        // For errVolumeNotEmpty, do not delete; recreate only the entries already removed

        for (idx, err) in errs.into_iter().enumerate() {
            if err.is_none() && recreate {
--- a/crates/ecstore/src/rpc/remote_disk.rs
+++ b/crates/ecstore/src/rpc/remote_disk.rs
@@ -83,7 +83,7 @@ impl DiskAPI for RemoteDisk {

    #[tracing::instrument(skip(self))]
    async fn is_online(&self) -> bool {
-        // TODO: 连接状态
+        // TODO: connection status tracking
        if node_service_time_out_client(&self.addr).await.is_ok() {
            return true;
        }
--- a/crates/ecstore/src/set_disk.rs
+++ b/crates/ecstore/src/set_disk.rs
@@ -31,13 +31,15 @@ use crate::disk::{
 use crate::erasure_coding;
 use crate::erasure_coding::bitrot_verify;
 use crate::error::{Error, Result, is_err_version_not_found};
-use crate::error::{ObjectApiError, is_err_object_not_found};
+use crate::error::{GenericError, ObjectApiError, is_err_object_not_found};
 use crate::global::{GLOBAL_LocalNodeName, GLOBAL_TierConfigMgr};
 use crate::store_api::ListObjectVersionsInfo;
 use crate::store_api::{ListPartsInfo, ObjectOptions, ObjectToDelete};
 use crate::store_api::{ObjectInfoOrErr, WalkOptions};
 use crate::{
-    bucket::lifecycle::bucket_lifecycle_ops::{gen_transition_objname, get_transitioned_object_reader, put_restore_opts},
+    bucket::lifecycle::bucket_lifecycle_ops::{
+        LifecycleOps, gen_transition_objname, get_transitioned_object_reader, put_restore_opts,
+    },
    cache_value::metacache_set::{ListPathRawOptions, list_path_raw},
    config::{GLOBAL_STORAGE_CLASS, storageclass},
    disk::{
@@ -72,13 +74,13 @@ use rustfs_filemeta::{
 };
 use rustfs_lock::fast_lock::types::LockResult;
 use rustfs_madmin::heal_commands::{HealDriveInfo, HealResultItem};
-use rustfs_rio::{EtagResolvable, HashReader, TryGetIndex as _, WarpReader};
-use rustfs_utils::http::headers::AMZ_OBJECT_TAGGING;
+use rustfs_rio::{EtagResolvable, HashReader, HashReaderMut, TryGetIndex as _, WarpReader};
+use rustfs_utils::http::RUSTFS_BUCKET_REPLICATION_SSEC_CHECKSUM;
 use rustfs_utils::http::headers::AMZ_STORAGE_CLASS;
-use rustfs_utils::http::headers::RESERVED_METADATA_PREFIX_LOWER;
+use rustfs_utils::http::headers::{AMZ_OBJECT_TAGGING, RESERVED_METADATA_PREFIX, RESERVED_METADATA_PREFIX_LOWER};
 use rustfs_utils::{
    HashAlgorithm,
-    crypto::{base64_decode, base64_encode, hex},
+    crypto::hex,
    path::{SLASH_SEPARATOR, encode_dir_object, has_suffix, path_join_buf},
 };
 use rustfs_workers::workers::Workers;
@@ -96,7 +98,7 @@ use std::{
 };
 use time::OffsetDateTime;
 use tokio::{
-    io::AsyncWrite,
+    io::{AsyncReadExt, AsyncWrite, AsyncWriteExt, BufReader},
    sync::{RwLock, broadcast},
 };
 use tokio::{
@@ -158,10 +160,7 @@ impl SetDisks {
            LockResult::Conflict {
                current_owner,
                current_mode,
-            } => format!(
-                "{mode} lock conflicted on {bucket}/{object}: held by {current_owner} as {:?}",
-                current_mode
-            ),
+            } => format!("{mode} lock conflicted on {bucket}/{object}: held by {current_owner} as {current_mode:?}"),
            LockResult::Acquired => format!("unexpected lock state while acquiring {mode} lock on {bucket}/{object}"),
        }
    }
@@ -402,7 +401,7 @@ impl SetDisks {

        let mut futures = Vec::with_capacity(disks.len());
        if let Some(ret_err) = reduce_write_quorum_errs(&errs, OBJECT_OP_IGNORED_ERRS, write_quorum) {
-            // TODO: 并发
+            // TODO: add concurrency
            for (i, err) in errs.iter().enumerate() {
                if err.is_some() {
                    continue;
@@ -892,7 +891,7 @@ impl SetDisks {
        }

        if let Some(err) = reduce_write_quorum_errs(&errs, OBJECT_OP_IGNORED_ERRS, write_quorum) {
-            // TODO: 并发
+            // TODO: add concurrency
            for (i, err) in errs.iter().enumerate() {
                if err.is_some() {
                    continue;
@@ -922,9 +921,8 @@ impl SetDisks {
    }

    fn get_upload_id_dir(bucket: &str, object: &str, upload_id: &str) -> String {
-        // warn!("get_upload_id_dir upload_id {:?}", upload_id);
-
-        let upload_uuid = base64_decode(upload_id.as_bytes())
+        let upload_uuid = base64_simd::URL_SAFE_NO_PAD
+            .decode_to_vec(upload_id.as_bytes())
            .and_then(|v| {
                String::from_utf8(v).map_or(Ok(upload_id.to_owned()), |v| {
                    let parts: Vec<_> = v.splitn(2, '.').collect();
@@ -1702,7 +1700,7 @@ impl SetDisks {

        let disks = rl.clone();

-        //  主动释放锁
+        // Explicitly release the lock
        drop(rl);

        for (i, opdisk) in disks.iter().enumerate() {
@@ -1746,7 +1744,7 @@ impl SetDisks {
            }
        };

-        // check endpoint 是否一致
+        // Check that the endpoint matches

        let _ = new_disk.set_disk_id(Some(fm.erasure.this)).await;

@@ -1961,7 +1959,7 @@ impl SetDisks {
        Ok(())
    }

-    // 打乱顺序
+    // Shuffle the order
    fn shuffle_disks_and_parts_metadata_by_index(
        disks: &[Option<DiskStore>],
        parts_metadata: &[FileInfo],
@@ -2000,7 +1998,7 @@ impl SetDisks {
        Self::shuffle_disks_and_parts_metadata(disks, parts_metadata, fi)
    }

-    // 打乱顺序
+    // Shuffle the order
    fn shuffle_disks_and_parts_metadata(
        disks: &[Option<DiskStore>],
        parts_metadata: &[FileInfo],
@@ -2077,7 +2075,7 @@ impl SetDisks {

        let vid = opts.version_id.clone().unwrap_or_default();

-        // TODO: 优化并发 可用数量中断
+        // TODO: optimize concurrency and break once enough slots are available
        let (parts_metadata, errs) = Self::read_all_fileinfo(&disks, "", bucket, object, vid.as_str(), read_data, false).await?;
        // warn!("get_object_fileinfo parts_metadata {:?}", &parts_metadata);
        // warn!("get_object_fileinfo {}/{} errs {:?}", bucket, object, &errs);
@@ -2950,6 +2948,7 @@ impl SetDisks {
                                        part.mod_time,
                                        part.actual_size,
                                        part.index.clone(),
+                                        part.checksums.clone(),
                                    );
                                    if is_inline_buffer {
                                        if let Some(writer) = writers[index].take() {
@@ -3422,7 +3421,7 @@ impl SetDisks {
        oi.user_defined.remove(X_AMZ_RESTORE.as_str());

        let version_id = oi.version_id.map(|v| v.to_string());
-        let obj = self
+        let _obj = self
            .copy_object(
                bucket,
                object,
@@ -3438,8 +3437,7 @@ impl SetDisks {
                    ..Default::default()
                },
            )
-            .await;
-        obj?;
+            .await?;
        Ok(())
    }

@@ -3528,9 +3526,9 @@ impl ObjectIO for SetDisks {
        // }

        if object_info.size == 0 {
-            if let Some(rs) = range {
-                let _ = rs.get_offset_length(object_info.size)?;
-            }
+            // if let Some(rs) = range {
+            //     let _ = rs.get_offset_length(object_info.size)?;
+            // }

            let reader = GetObjectReader {
                stream: Box::new(Cursor::new(Vec::new())),
@@ -3539,7 +3537,10 @@ impl ObjectIO for SetDisks {
            return Ok(reader);
        }

-        // TODO: remote
+        if object_info.is_remote() {
+            let gr = get_transitioned_object_reader(bucket, object, &range, &h, &object_info, opts).await?;
+            return Ok(gr);
+        }

        let (rd, wd) = tokio::io::duplex(DEFAULT_READ_BUFFER_SIZE);

@@ -3712,7 +3713,7 @@ impl ObjectIO for SetDisks {

        let stream = mem::replace(
            &mut data.stream,
-            HashReader::new(Box::new(WarpReader::new(Cursor::new(Vec::new()))), 0, 0, None, false)?,
+            HashReader::new(Box::new(WarpReader::new(Cursor::new(Vec::new()))), 0, 0, None, None, false)?,
        );

        let (reader, w_size) = match Arc::new(erasure).encode(stream, &mut writers, write_quorum).await {
@@ -3721,7 +3722,7 @@ impl ObjectIO for SetDisks {
                error!("encode err {:?}", e);
                return Err(e.into());
            }
-        }; // TODO: 出错，删除临时目录
+        }; // TODO: delete temporary directory on error

        let _ = mem::replace(&mut data.stream, reader);
        // if let Err(err) = close_bitrot_writers(&mut writers).await {
@@ -3729,7 +3730,12 @@ impl ObjectIO for SetDisks {
        // }

        if (w_size as i64) < data.size() {
-            return Err(Error::other("put_object write size < data.size()"));
+            warn!("put_object write size < data.size(), w_size={}, data.size={}", w_size, data.size());
+            return Err(Error::other(format!(
+                "put_object write size < data.size(), w_size={}, data.size={}",
+                w_size,
+                data.size()
+            )));
        }

        if user_defined.contains_key(&format!("{RESERVED_METADATA_PREFIX_LOWER}compression")) {
@@ -3756,31 +3762,42 @@ impl ObjectIO for SetDisks {
            }
        }

+        if fi.checksum.is_none() {
+            if let Some(content_hash) = data.as_hash_reader().content_hash() {
+                fi.checksum = Some(content_hash.to_bytes(&[]));
+            }
+        }
+
        if let Some(sc) = user_defined.get(AMZ_STORAGE_CLASS) {
            if sc == storageclass::STANDARD {
                let _ = user_defined.remove(AMZ_STORAGE_CLASS);
            }
        }

-        let now = OffsetDateTime::now_utc();
+        let mod_time = if let Some(mod_time) = opts.mod_time {
+            Some(mod_time)
+        } else {
+            Some(OffsetDateTime::now_utc())
+        };

-        for (i, fi) in parts_metadatas.iter_mut().enumerate() {
-            fi.metadata = user_defined.clone();
+        for (i, pfi) in parts_metadatas.iter_mut().enumerate() {
+            pfi.metadata = user_defined.clone();
            if is_inline_buffer {
                if let Some(writer) = writers[i].take() {
-                    fi.data = Some(writer.into_inline_data().map(bytes::Bytes::from).unwrap_or_default());
+                    pfi.data = Some(writer.into_inline_data().map(bytes::Bytes::from).unwrap_or_default());
                }

-                fi.set_inline_data();
+                pfi.set_inline_data();
            }

-            fi.mod_time = Some(now);
-            fi.size = w_size as i64;
-            fi.versioned = opts.versioned || opts.version_suspended;
-            fi.add_object_part(1, etag.clone(), w_size, fi.mod_time, actual_size, index_op.clone());
+            pfi.mod_time = mod_time;
+            pfi.size = w_size as i64;
+            pfi.versioned = opts.versioned || opts.version_suspended;
+            pfi.add_object_part(1, etag.clone(), w_size, mod_time, actual_size, index_op.clone(), None);
+            pfi.checksum = fi.checksum.clone();

            if opts.data_movement {
-                fi.set_data_moved();
+                pfi.set_data_moved();
            }
        }

@@ -3815,7 +3832,8 @@ impl ObjectIO for SetDisks {

        fi.replication_state_internal = Some(opts.put_replication_state());

-        // TODO: version support
+        fi.is_latest = true;
+
        Ok(ObjectInfo::from_file_info(&fi, bucket, object, opts.versioned || opts.version_suspended))
    }
 }
@@ -4032,7 +4050,7 @@ impl StorageAPI for SetDisks {
        objects: Vec<ObjectToDelete>,
        opts: ObjectOptions,
    ) -> (Vec<DeletedObject>, Vec<Option<Error>>) {
-        // 默认返回值
+        // Default return value
        let mut del_objects = vec![DeletedObject::default(); objects.len()];

        let mut del_errs = Vec::with_capacity(objects.len());
@@ -4089,7 +4107,7 @@ impl StorageAPI for SetDisks {

            vr.set_tier_free_version_id(&Uuid::new_v4().to_string());

-            // 删除
+            // Delete
            // del_objects[i].object_name.clone_from(&vr.name);
            // del_objects[i].version_id = vr.version_id.map(|v| v.to_string());

@@ -4182,9 +4200,9 @@ impl StorageAPI for SetDisks {

        let mut del_obj_errs: Vec<Vec<Option<DiskError>>> = vec![vec![None; objects.len()]; disks.len()];

-        // 每个磁盘, 删除所有对象
+        // For each disk delete all objects
        for (disk_idx, errors) in results.into_iter().enumerate() {
-            // 所有对象的删除结果
+            // Deletion results for all objects
            for idx in 0..vers.len() {
                if errors[idx].is_some() {
                    for fi in vers[idx].versions.iter() {
@@ -4430,8 +4448,6 @@ impl StorageAPI for SetDisks {
            .await
            .map_err(|e| to_object_err(e, vec![bucket, object]))?;

-        // warn!("get object_info fi {:?}", &fi);
-
        let oi = ObjectInfo::from_file_info(&fi, bucket, object, opts.versioned || opts.version_suspended);

        Ok(oi)
@@ -4553,7 +4569,7 @@ impl StorageAPI for SetDisks {
        let tgt_client = match tier_config_mgr.get_driver(&opts.transition.tier).await {
            Ok(client) => client,
            Err(err) => {
-                return Err(Error::other(err.to_string()));
+                return Err(Error::other(format!("remote tier error: {}", err)));
            }
        };

@@ -4582,10 +4598,10 @@ impl StorageAPI for SetDisks {
        // Normalize ETags by removing quotes before comparison (PR #592 compatibility)
        let transition_etag = rustfs_utils::path::trim_etag(&opts.transition.etag);
        let stored_etag = rustfs_utils::path::trim_etag(&get_raw_etag(&fi.metadata));
-        if !opts.mod_time.expect("err").unix_timestamp() == fi.mod_time.as_ref().expect("err").unix_timestamp()
+        if opts.mod_time.expect("err").unix_timestamp() != fi.mod_time.as_ref().expect("err").unix_timestamp()
            || transition_etag != stored_etag
        {
-            return Err(to_object_err(Error::from(DiskError::FileNotFound), vec![bucket, object]));
+            return Err(to_object_err(Error::other(DiskError::FileNotFound), vec![bucket, object]));
        }
        if fi.transition_status == TRANSITION_COMPLETE {
            return Ok(());
@@ -4687,7 +4703,7 @@ impl StorageAPI for SetDisks {
    }

    #[tracing::instrument(level = "debug", skip(self))]
-    async fn restore_transitioned_object(&self, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()> {
+    async fn restore_transitioned_object(self: Arc<Self>, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()> {
        // Acquire write-lock early for the restore operation
        // if !opts.no_lock {
        //     let guard_opt = self
@@ -4699,6 +4715,7 @@ impl StorageAPI for SetDisks {
        //     }
        //     _lock_guard = guard_opt;
        // }
+        let self_ = self.clone();
        let set_restore_header_fn = async move |oi: &mut ObjectInfo, rerr: Option<Error>| -> Result<()> {
            if rerr.is_none() {
                return Ok(());
@@ -4707,66 +4724,106 @@ impl StorageAPI for SetDisks {
            Err(rerr.unwrap())
        };
        let mut oi = ObjectInfo::default();
-        let fi = self.get_object_fileinfo(bucket, object, opts, true).await;
+        let fi = self_.clone().get_object_fileinfo(bucket, object, opts, true).await;
        if let Err(err) = fi {
            return set_restore_header_fn(&mut oi, Some(to_object_err(err, vec![bucket, object]))).await;
        }
        let (actual_fi, _, _) = fi.unwrap();

        oi = ObjectInfo::from_file_info(&actual_fi, bucket, object, opts.versioned || opts.version_suspended);
-        let ropts = put_restore_opts(bucket, object, &opts.transition.restore_request, &oi);
-        /*if oi.parts.len() == 1 {
-            let mut rs: HTTPRangeSpec;
-            let gr = get_transitioned_object_reader(bucket, object, rs, HeaderMap::new(), oi, opts);
-            //if err != nil {
-            //    return set_restore_header_fn(&mut oi, Some(toObjectErr(err, bucket, object)));
-            //}
-            let hash_reader = HashReader::new(gr, gr.obj_info.size, "", "", gr.obj_info.size);
-            let p_reader = PutObjReader::new(StreamingBlob::from(Box::pin(hash_reader)), hash_reader.size());
-            if let Err(err) = self.put_object(bucket, object, &mut p_reader, &ropts).await {
-                return set_restore_header_fn(&mut oi, Some(to_object_err(err, vec![bucket, object])));
+        let ropts = put_restore_opts(bucket, object, &opts.transition.restore_request, &oi).await?;
+        if oi.parts.len() == 1 {
+            let rs: Option<HTTPRangeSpec> = None;
+            let gr = get_transitioned_object_reader(bucket, object, &rs, &HeaderMap::new(), &oi, opts).await;
+            if let Err(err) = gr {
+                return set_restore_header_fn(&mut oi, Some(to_object_err(err.into(), vec![bucket, object]))).await;
+            }
+            let gr = gr.unwrap();
+            let reader = BufReader::new(gr.stream);
+            let hash_reader = HashReader::new(
+                Box::new(WarpReader::new(reader)),
+                gr.object_info.size,
+                gr.object_info.size,
+                None,
+                None,
+                false,
+            )?;
+            let mut p_reader = PutObjReader::new(hash_reader);
+            if let Err(err) = self_.clone().put_object(bucket, object, &mut p_reader, &ropts).await {
+                return set_restore_header_fn(&mut oi, Some(to_object_err(err, vec![bucket, object]))).await;
            } else {
                return Ok(());
            }
        }

-        let res = self.new_multipart_upload(bucket, object, &ropts).await?;
+        let res = self_.clone().new_multipart_upload(bucket, object, &ropts).await?;
        //if err != nil {
-        //    return set_restore_header_fn(&mut oi, err);
+        //    return set_restore_header_fn(&mut oi, err).await;
        //}

        let mut uploaded_parts: Vec<CompletePart> = vec![];
-        let mut rs: HTTPRangeSpec;
-        let gr = get_transitioned_object_reader(bucket, object, rs, HeaderMap::new(), oi, opts).await?;
-        //if err != nil {
-        //    return set_restore_header_fn(&mut oi, err);
-        //}
+        let rs: Option<HTTPRangeSpec> = None;
+        let gr = get_transitioned_object_reader(bucket, object, &rs, &HeaderMap::new(), &oi, opts).await;
+        if let Err(err) = gr {
+            return set_restore_header_fn(&mut oi, Some(StorageError::Io(err))).await;
+        }
+        let gr = gr.unwrap();

-        for part_info in oi.parts {
-            //let hr = HashReader::new(LimitReader(gr, part_info.size), part_info.size, "", "", part_info.size);
-            let hr = HashReader::new(gr, part_info.size as i64, part_info.size as i64, None, false);
-            //if err != nil {
-            //    return set_restore_header_fn(&mut oi, err);
-            //}
-            let mut p_reader = PutObjReader::new(hr, hr.size());
-            let p_info = self.put_object_part(bucket, object, &res.upload_id, part_info.number, &mut p_reader, &ObjectOptions::default()).await?;
+        for part_info in &oi.parts {
+            let reader = BufReader::new(Cursor::new(vec![] /*gr.stream*/));
+            let hash_reader = HashReader::new(
+                Box::new(WarpReader::new(reader)),
+                part_info.size as i64,
+                part_info.size as i64,
+                None,
+                None,
+                false,
+            )?;
+            let mut p_reader = PutObjReader::new(hash_reader);
+            let p_info = self_
+                .clone()
+                .put_object_part(bucket, object, &res.upload_id, part_info.number, &mut p_reader, &ObjectOptions::default())
+                .await?;
            //if let Err(err) = p_info {
-            //    return set_restore_header_fn(&mut oi, err);
+            //    return set_restore_header_fn(&mut oi, err).await;
            //}
            if p_info.size != part_info.size {
-                return set_restore_header_fn(&mut oi, Some(Error::from(ObjectApiError::InvalidObjectState(GenericError{bucket: bucket.to_string(), object: object.to_string(), ..Default::default()}))));
+                return set_restore_header_fn(
+                    &mut oi,
+                    Some(Error::other(ObjectApiError::InvalidObjectState(GenericError {
+                        bucket: bucket.to_string(),
+                        object: object.to_string(),
+                        ..Default::default()
+                    }))),
+                )
+                .await;
            }
            uploaded_parts.push(CompletePart {
                part_num: p_info.part_num,
                etag: p_info.etag,
+                checksum_crc32: None,
+                checksum_crc32c: None,
+                checksum_sha1: None,
+                checksum_sha256: None,
+                checksum_crc64nvme: None,
            });
        }
-        if let Err(err) = self.complete_multipart_upload(bucket, object, &res.upload_id, uploaded_parts, &ObjectOptions {
-            mod_time: oi.mod_time,
-            ..Default::default()
-        }).await {
-            set_restore_header_fn(&mut oi, Some(err));
-        }*/
+        if let Err(err) = self_
+            .clone()
+            .complete_multipart_upload(
+                bucket,
+                object,
+                &res.upload_id,
+                uploaded_parts,
+                &ObjectOptions {
+                    mod_time: oi.mod_time,
+                    ..Default::default()
+                },
+            )
+            .await
+        {
+            return set_restore_header_fn(&mut oi, Some(err)).await;
+        }
        Ok(())
    }

@@ -4834,64 +4891,24 @@ impl StorageAPI for SetDisks {

        let write_quorum = fi.write_quorum(self.default_write_quorum());

-        let disks = self.disks.read().await;
+        if let Some(checksum) = fi.metadata.get(rustfs_rio::RUSTFS_MULTIPART_CHECKSUM)
+            && !checksum.is_empty()
+            && data
+                .as_hash_reader()
+                .content_crc_type()
+                .is_none_or(|v| v.to_string() != *checksum)
+        {
+            return Err(Error::other(format!("checksum mismatch: {checksum}")));
+        }
+
+        let disks = self.disks.read().await.clone();

-        let disks = disks.clone();
        let shuffle_disks = Self::shuffle_disks(&disks, &fi.erasure.distribution);

        let part_suffix = format!("part.{part_id}");
        let tmp_part = format!("{}x{}", Uuid::new_v4(), OffsetDateTime::now_utc().unix_timestamp());
        let tmp_part_path = Arc::new(format!("{tmp_part}/{part_suffix}"));

-        // let mut writers = Vec::with_capacity(disks.len());
-        // let erasure = Erasure::new(fi.erasure.data_blocks, fi.erasure.parity_blocks, fi.erasure.block_size);
-        // let shared_size = erasure.shard_size(erasure.block_size);
-
-        // let futures = disks.iter().map(|disk| {
-        //     let disk = disk.clone();
-        //     let tmp_part_path = tmp_part_path.clone();
-        //     tokio::spawn(async move {
-        //         if let Some(disk) = disk {
-        //             // let writer = disk.append_file(RUSTFS_META_TMP_BUCKET, &tmp_part_path).await?;
-        //             // let filewriter = disk
-        //             //     .create_file("", RUSTFS_META_TMP_BUCKET, &tmp_part_path, data.content_length)
-        //             //     .await?;
-        //             match new_bitrot_filewriter(
-        //                 disk.clone(),
-        //                 RUSTFS_META_TMP_BUCKET,
-        //                 &tmp_part_path,
-        //                 false,
-        //                 DEFAULT_BITROT_ALGO,
-        //                 shared_size,
-        //             )
-        //             .await
-        //             {
-        //                 Ok(writer) => Ok(Some(writer)),
-        //                 Err(e) => Err(e),
-        //             }
-        //         } else {
-        //             Ok(None)
-        //         }
-        //     })
-        // });
-        // for x in join_all(futures).await {
-        //     let x = x??;
-        //     writers.push(x);
-        // }
-
-        // let erasure = Erasure::new(fi.erasure.data_blocks, fi.erasure.parity_blocks, fi.erasure.block_size);
-
-        // let stream = replace(&mut data.stream, Box::new(empty()));
-        // let etag_stream = EtagReader::new(stream);
-
-        // let (w_size, mut etag) = Arc::new(erasure)
-        //     .encode(etag_stream, &mut writers, data.content_length, write_quorum)
-        //     .await?;
-
-        // if let Err(err) = close_bitrot_writers(&mut writers).await {
-        //     error!("close_bitrot_writers err {:?}", err);
-        // }
-
        let erasure = erasure_coding::Erasure::new(fi.erasure.data_blocks, fi.erasure.parity_blocks, fi.erasure.block_size);

        let mut writers = Vec::with_capacity(shuffle_disks.len());
@@ -4944,15 +4961,20 @@ impl StorageAPI for SetDisks {

        let stream = mem::replace(
            &mut data.stream,
-            HashReader::new(Box::new(WarpReader::new(Cursor::new(Vec::new()))), 0, 0, None, false)?,
+            HashReader::new(Box::new(WarpReader::new(Cursor::new(Vec::new()))), 0, 0, None, None, false)?,
        );

-        let (reader, w_size) = Arc::new(erasure).encode(stream, &mut writers, write_quorum).await?; // TODO: 出错，删除临时目录
+        let (reader, w_size) = Arc::new(erasure).encode(stream, &mut writers, write_quorum).await?; // TODO: delete temporary directory on error

        let _ = mem::replace(&mut data.stream, reader);

        if (w_size as i64) < data.size() {
-            return Err(Error::other("put_object_part write size < data.size()"));
+            warn!("put_object_part write size < data.size(), w_size={}, data.size={}", w_size, data.size());
+            return Err(Error::other(format!(
+                "put_object_part write size < data.size(), w_size={}, data.size={}",
+                w_size,
+                data.size()
+            )));
        }

        let index_op = data.stream.try_get_index().map(|v| v.clone().into_vec());
@@ -4971,6 +4993,8 @@ impl StorageAPI for SetDisks {
            }
        }

+        let checksums = data.as_hash_reader().content_crc();
+
        let part_info = ObjectPartInfo {
            etag: etag.clone(),
            number: part_id,
@@ -4978,13 +5002,10 @@ impl StorageAPI for SetDisks {
            mod_time: Some(OffsetDateTime::now_utc()),
            actual_size,
            index: index_op,
+            checksums: if checksums.is_empty() { None } else { Some(checksums) },
            ..Default::default()
        };

-        // debug!("put_object_part part_info {:?}", part_info);
-
-        // fi.parts = vec![part_info.clone()];
-
        let part_info_buff = part_info.marshal_msg()?;

        drop(writers); // drop writers to close all files
@@ -5227,7 +5248,8 @@ impl StorageAPI for SetDisks {
            uploads.push(MultipartInfo {
                bucket: bucket.to_owned(),
                object: object.to_owned(),
-                upload_id: base64_encode(format!("{}.{}", get_global_deployment_id().unwrap_or_default(), upload_id).as_bytes()),
+                upload_id: base64_simd::URL_SAFE_NO_PAD
+                    .encode_to_string(format!("{}.{}", get_global_deployment_id().unwrap_or_default(), upload_id).as_bytes()),
                initiated: Some(start_time),
                ..Default::default()
            });
@@ -5334,7 +5356,13 @@ impl StorageAPI for SetDisks {
        }

        fi.data_dir = Some(Uuid::new_v4());
-        fi.fresh = true;
+
+        if let Some(cssum) = user_defined.get(RUSTFS_BUCKET_REPLICATION_SSEC_CHECKSUM)
+            && !cssum.is_empty()
+        {
+            fi.checksum = base64_simd::STANDARD.decode_to_vec(cssum).ok().map(Bytes::from);
+            user_defined.remove(RUSTFS_BUCKET_REPLICATION_SSEC_CHECKSUM);
+        }

        let parts_metadata = vec![fi.clone(); disks.len()];

@@ -5348,21 +5376,30 @@ impl StorageAPI for SetDisks {
            }
        }

+        if let Some(checksum) = &opts.want_checksum {
+            user_defined.insert(rustfs_rio::RUSTFS_MULTIPART_CHECKSUM.to_string(), checksum.checksum_type.to_string());
+            user_defined.insert(
+                rustfs_rio::RUSTFS_MULTIPART_CHECKSUM_TYPE.to_string(),
+                checksum.checksum_type.obj_type().to_string(),
+            );
+        }
+
        let (shuffle_disks, mut parts_metadatas) = Self::shuffle_disks_and_parts_metadata(&disks, &parts_metadata, &fi);

        let mod_time = opts.mod_time.unwrap_or(OffsetDateTime::now_utc());

-        for fi in parts_metadatas.iter_mut() {
-            fi.metadata = user_defined.clone();
-            fi.mod_time = Some(mod_time);
-            fi.fresh = true;
+        for f in parts_metadatas.iter_mut() {
+            f.metadata = user_defined.clone();
+            f.mod_time = Some(mod_time);
+            f.fresh = true;
        }

        // fi.mod_time = Some(now);

        let upload_uuid = format!("{}x{}", Uuid::new_v4(), mod_time.unix_timestamp_nanos());

-        let upload_id = base64_encode(format!("{}.{}", get_global_deployment_id().unwrap_or_default(), upload_uuid).as_bytes());
+        let upload_id = base64_simd::URL_SAFE_NO_PAD
+            .encode_to_string(format!("{}.{}", get_global_deployment_id().unwrap_or_default(), upload_uuid).as_bytes());

        let upload_path = Self::get_upload_id_dir(bucket, object, upload_uuid.as_str());

@@ -5379,7 +5416,11 @@ impl StorageAPI for SetDisks {

        // evalDisks

-        Ok(MultipartUploadResult { upload_id })
+        Ok(MultipartUploadResult {
+            upload_id,
+            checksum_algo: user_defined.get(rustfs_rio::RUSTFS_MULTIPART_CHECKSUM).cloned(),
+            checksum_type: user_defined.get(rustfs_rio::RUSTFS_MULTIPART_CHECKSUM_TYPE).cloned(),
+        })
    }

    #[tracing::instrument(skip(self))]
@@ -5412,7 +5453,7 @@ impl StorageAPI for SetDisks {

        self.delete_all(RUSTFS_META_MULTIPART_BUCKET, &upload_id_path).await
    }
-    // complete_multipart_upload 完成
+    // complete_multipart_upload finished
    #[tracing::instrument(skip(self))]
    async fn complete_multipart_upload(
        self: Arc<Self>,
@@ -5467,6 +5508,29 @@ impl StorageAPI for SetDisks {
            return Err(Error::other("part result number err"));
        }

+        let mut checksum_type = rustfs_rio::ChecksumType::NONE;
+
+        if let Some(cs) = fi.metadata.get(rustfs_rio::RUSTFS_MULTIPART_CHECKSUM) {
+            let Some(ct) = fi.metadata.get(rustfs_rio::RUSTFS_MULTIPART_CHECKSUM_TYPE) else {
+                return Err(Error::other("checksum type not found"));
+            };
+
+            if opts.want_checksum.is_some()
+                && !opts.want_checksum.as_ref().is_some_and(|v| {
+                    v.checksum_type
+                        .is(rustfs_rio::ChecksumType::from_string_with_obj_type(cs, ct))
+                })
+            {
+                return Err(Error::other(format!(
+                    "checksum type mismatch, got {:?}, want {:?}",
+                    opts.want_checksum.as_ref().unwrap(),
+                    rustfs_rio::ChecksumType::from_string_with_obj_type(cs, ct)
+                )));
+            }
+
+            checksum_type = rustfs_rio::ChecksumType::from_string_with_obj_type(cs, ct);
+        }
+
        for (i, part) in object_parts.iter().enumerate() {
            if let Some(err) = &part.error {
                error!("complete_multipart_upload part error: {:?}", &err);
@@ -5487,6 +5551,7 @@ impl StorageAPI for SetDisks {
                part.mod_time,
                part.actual_size,
                part.index.clone(),
+                part.checksums.clone(),
            );
        }

@@ -5499,6 +5564,12 @@ impl StorageAPI for SetDisks {
        let mut object_size: usize = 0;
        let mut object_actual_size: i64 = 0;

+        let mut checksum_combined = bytes::BytesMut::new();
+        let mut checksum = rustfs_rio::Checksum {
+            checksum_type,
+            ..Default::default()
+        };
+
        for (i, p) in uploaded_parts.iter().enumerate() {
            let has_part = curr_fi.parts.iter().find(|v| v.number == p.part_num);
            if has_part.is_none() {
@@ -5539,6 +5610,75 @@ impl StorageAPI for SetDisks {
                ));
            }

+            if checksum_type.is_set() {
+                let Some(crc) = ext_part
+                    .checksums
+                    .as_ref()
+                    .and_then(|f| f.get(checksum_type.to_string().as_str()))
+                    .cloned()
+                else {
+                    error!(
+                        "complete_multipart_upload fi.checksum not found type={checksum_type}, part_id={}, bucket={}, object={}",
+                        p.part_num, bucket, object
+                    );
+                    return Err(Error::InvalidPart(p.part_num, ext_part.etag.clone(), p.etag.clone().unwrap_or_default()));
+                };
+
+                let part_crc = match checksum_type {
+                    rustfs_rio::ChecksumType::SHA256 => p.checksum_sha256.clone(),
+                    rustfs_rio::ChecksumType::SHA1 => p.checksum_sha1.clone(),
+                    rustfs_rio::ChecksumType::CRC32 => p.checksum_crc32.clone(),
+                    rustfs_rio::ChecksumType::CRC32C => p.checksum_crc32c.clone(),
+                    rustfs_rio::ChecksumType::CRC64_NVME => p.checksum_crc64nvme.clone(),
+                    _ => {
+                        error!(
+                            "complete_multipart_upload checksum type={checksum_type}, part_id={}, bucket={}, object={}",
+                            p.part_num, bucket, object
+                        );
+                        return Err(Error::InvalidPart(p.part_num, ext_part.etag.clone(), p.etag.clone().unwrap_or_default()));
+                    }
+                };
+
+                if part_crc.clone().unwrap_or_default() != crc {
+                    error!("complete_multipart_upload checksum_type={checksum_type:?}, part_crc={part_crc:?}, crc={crc:?}");
+                    error!(
+                        "complete_multipart_upload checksum mismatch part_id={}, bucket={}, object={}",
+                        p.part_num, bucket, object
+                    );
+                    return Err(Error::InvalidPart(p.part_num, ext_part.etag.clone(), p.etag.clone().unwrap_or_default()));
+                }
+
+                let Some(cs) = rustfs_rio::Checksum::new_with_type(checksum_type, &crc) else {
+                    error!(
+                        "complete_multipart_upload checksum new_with_type failed part_id={}, bucket={}, object={}",
+                        p.part_num, bucket, object
+                    );
+                    return Err(Error::InvalidPart(p.part_num, ext_part.etag.clone(), p.etag.clone().unwrap_or_default()));
+                };
+
+                if !cs.valid() {
+                    error!(
+                        "complete_multipart_upload checksum valid failed part_id={}, bucket={}, object={}",
+                        p.part_num, bucket, object
+                    );
+                    return Err(Error::InvalidPart(p.part_num, ext_part.etag.clone(), p.etag.clone().unwrap_or_default()));
+                }
+
+                if checksum_type.full_object_requested() {
+                    if let Err(err) = checksum.add_part(&cs, ext_part.actual_size) {
+                        error!(
+                            "complete_multipart_upload checksum add_part failed part_id={}, bucket={}, object={}",
+                            p.part_num, bucket, object
+                        );
+                        return Err(Error::InvalidPart(p.part_num, ext_part.etag.clone(), p.etag.clone().unwrap_or_default()));
+                    }
+                }
+
+                checksum_combined.extend_from_slice(cs.raw.as_slice());
+            }
+
+            // TODO: check min part size
+
            object_size += ext_part.size;
            object_actual_size += ext_part.actual_size;

@@ -5553,6 +5693,52 @@ impl StorageAPI for SetDisks {
            });
        }

+        if let Some(wtcs) = opts.want_checksum.as_ref() {
+            if checksum_type.full_object_requested() {
+                if wtcs.encoded != checksum.encoded {
+                    error!(
+                        "complete_multipart_upload checksum mismatch want={}, got={}",
+                        wtcs.encoded, checksum.encoded
+                    );
+                    return Err(Error::other(format!(
+                        "complete_multipart_upload checksum mismatch want={}, got={}",
+                        wtcs.encoded, checksum.encoded
+                    )));
+                }
+            } else if let Err(err) = wtcs.matches(&checksum_combined, uploaded_parts.len() as i32) {
+                error!(
+                    "complete_multipart_upload checksum matches failed want={}, got={}",
+                    wtcs.encoded, checksum.encoded
+                );
+                return Err(Error::other(format!(
+                    "complete_multipart_upload checksum matches failed want={}, got={}",
+                    wtcs.encoded, checksum.encoded
+                )));
+            }
+        }
+
+        if let Some(rc_crc) = opts.user_defined.get(RUSTFS_BUCKET_REPLICATION_SSEC_CHECKSUM) {
+            if let Ok(rc_crc_bytes) = base64_simd::STANDARD.decode_to_vec(rc_crc) {
+                fi.checksum = Some(Bytes::from(rc_crc_bytes));
+            } else {
+                error!("complete_multipart_upload decode rc_crc failed rc_crc={}", rc_crc);
+            }
+        }
+
+        if checksum_type.is_set() {
+            checksum_type
+                .merge(rustfs_rio::ChecksumType::MULTIPART)
+                .merge(rustfs_rio::ChecksumType::INCLUDES_MULTIPART);
+            if !checksum_type.full_object_requested() {
+                checksum = rustfs_rio::Checksum::new_from_data(checksum_type, &checksum_combined)
+                    .ok_or_else(|| Error::other("checksum new_from_data failed"))?;
+            }
+            fi.checksum = Some(checksum.to_bytes(&checksum_combined));
+        }
+
+        fi.metadata.remove(rustfs_rio::RUSTFS_MULTIPART_CHECKSUM);
+        fi.metadata.remove(rustfs_rio::RUSTFS_MULTIPART_CHECKSUM_TYPE);
+
        fi.size = object_size as i64;
        fi.mod_time = opts.mod_time;
        if fi.mod_time.is_none() {
@@ -5570,11 +5756,22 @@ impl StorageAPI for SetDisks {

        fi.metadata.insert("etag".to_owned(), etag);

-        fi.metadata
-            .insert(format!("{RESERVED_METADATA_PREFIX_LOWER}actual-size"), object_actual_size.to_string());
-
-        fi.metadata
-            .insert("x-rustfs-encryption-original-size".to_string(), object_actual_size.to_string());
+        if opts.replication_request {
+            if let Some(actual_size) = opts
+                .user_defined
+                .get(format!("{RESERVED_METADATA_PREFIX_LOWER}Actual-Object-Size").as_str())
+            {
+                fi.metadata
+                    .insert(format!("{RESERVED_METADATA_PREFIX}actual-size"), actual_size.clone());
+                fi.metadata
+                    .insert("x-rustfs-encryption-original-size".to_string(), actual_size.to_string());
+            }
+        } else {
+            fi.metadata
+                .insert(format!("{RESERVED_METADATA_PREFIX}actual-size"), object_actual_size.to_string());
+            fi.metadata
+                .insert("x-rustfs-encryption-original-size".to_string(), object_actual_size.to_string());
+        }

        if fi.is_compressed() {
            fi.metadata
@@ -5585,9 +5782,6 @@ impl StorageAPI for SetDisks {
            fi.set_data_moved();
        }

-        // TODO: object_actual_size
-        let _ = object_actual_size;
-
        for meta in parts_metadatas.iter_mut() {
            if meta.is_valid() {
                meta.size = fi.size;
@@ -5595,13 +5789,12 @@ impl StorageAPI for SetDisks {
                meta.parts.clone_from(&fi.parts);
                meta.metadata = fi.metadata.clone();
                meta.versioned = opts.versioned || opts.version_suspended;
-
-                // TODO: Checksum
+                meta.checksum = fi.checksum.clone();
            }
        }

        let mut parts = Vec::with_capacity(curr_fi.parts.len());
-        // TODO: 优化 cleanupMultipartPath
+
        for p in curr_fi.parts.iter() {
            parts.push(path_join_buf(&[
                &upload_id_path,
@@ -5616,28 +5809,6 @@ impl StorageAPI for SetDisks {
                    format!("part.{}", p.number).as_str(),
                ]));
            }
-
-            // let _ = self
-            //     .remove_part_meta(
-            //         bucket,
-            //         object,
-            //         upload_id,
-            //         curr_fi.data_dir.unwrap_or(Uuid::nil()).to_string().as_str(),
-            //         p.number,
-            //     )
-            //     .await;
-
-            // if !fi.parts.iter().any(|v| v.number == p.number) {
-            //     let _ = self
-            //         .remove_object_part(
-            //             bucket,
-            //             object,
-            //             upload_id,
-            //             curr_fi.data_dir.unwrap_or(Uuid::nil()).to_string().as_str(),
-            //             p.number,
-            //         )
-            //         .await;
-            // }
        }

        {
@@ -5656,9 +5827,6 @@ impl StorageAPI for SetDisks {
        )
        .await?;

-        // debug!("complete fileinfo {:?}", &fi);
-
-        // TODO: reduce_common_data_dir
        if let Some(old_dir) = op_old_dir {
            self.commit_rename_data_dir(&shuffle_disks, bucket, object, &old_dir.to_string(), write_quorum)
                .await?;
@@ -6399,7 +6567,7 @@ mod tests {
        // Test that all CHECK_PART constants have expected values
        assert_eq!(CHECK_PART_UNKNOWN, 0);
        assert_eq!(CHECK_PART_SUCCESS, 1);
-        assert_eq!(CHECK_PART_FILE_NOT_FOUND, 4); // 实际值是 4，不是 2
+        assert_eq!(CHECK_PART_FILE_NOT_FOUND, 4); // The actual value is 4, not 2
        assert_eq!(CHECK_PART_VOLUME_NOT_FOUND, 3);
        assert_eq!(CHECK_PART_FILE_CORRUPT, 5);
    }
@@ -6422,10 +6590,20 @@ mod tests {
            CompletePart {
                part_num: 1,
                etag: Some("d41d8cd98f00b204e9800998ecf8427e".to_string()),
+                checksum_crc32: None,
+                checksum_crc32c: None,
+                checksum_sha1: None,
+                checksum_sha256: None,
+                checksum_crc64nvme: None,
            },
            CompletePart {
                part_num: 2,
                etag: Some("098f6bcd4621d373cade4e832627b4f6".to_string()),
+                checksum_crc32: None,
+                checksum_crc32c: None,
+                checksum_sha1: None,
+                checksum_sha256: None,
+                checksum_crc64nvme: None,
            },
        ];

@@ -6442,6 +6620,11 @@ mod tests {
        let single_part = vec![CompletePart {
            part_num: 1,
            etag: Some("d41d8cd98f00b204e9800998ecf8427e".to_string()),
+            checksum_crc32: None,
+            checksum_crc32c: None,
+            checksum_sha1: None,
+            checksum_sha256: None,
+            checksum_crc64nvme: None,
        }];
        let single_result = get_complete_multipart_md5(&single_part);
        assert!(single_result.ends_with("-1"));
@@ -6664,7 +6847,7 @@ mod tests {
        assert_eq!(conv_part_err_to_int(&Some(disk_err)), CHECK_PART_FILE_NOT_FOUND);

        let other_err = DiskError::other("other error");
-        assert_eq!(conv_part_err_to_int(&Some(other_err)), CHECK_PART_UNKNOWN); // other 错误应该返回 UNKNOWN，不是 SUCCESS
+        assert_eq!(conv_part_err_to_int(&Some(other_err)), CHECK_PART_UNKNOWN); // Other errors should return UNKNOWN, not SUCCESS
    }

    #[test]
@@ -6736,7 +6919,7 @@ mod tests {
        let errs = vec![None, Some(DiskError::other("error1")), Some(DiskError::other("error2"))];
        let joined = join_errs(&errs);
        assert!(joined.contains("<nil>"));
-        assert!(joined.contains("io error")); // DiskError::other 显示为 "io error"
+        assert!(joined.contains("io error")); // DiskError::other is rendered as "io error"

        // Test with different error types
        let errs2 = vec![None, Some(DiskError::FileNotFound), Some(DiskError::FileCorrupt)];
--- a/crates/ecstore/src/sets.rs
+++ b/crates/ecstore/src/sets.rs
@@ -646,7 +646,7 @@ impl StorageAPI for Sets {
    }

    #[tracing::instrument(skip(self))]
-    async fn restore_transitioned_object(&self, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()> {
+    async fn restore_transitioned_object(self: Arc<Self>, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()> {
        self.get_disks_by_key(object)
            .restore_transitioned_object(bucket, object, opts)
            .await
--- a/crates/ecstore/src/store.rs
+++ b/crates/ecstore/src/store.rs
@@ -59,7 +59,6 @@ use rustfs_common::globals::{GLOBAL_Local_Node_Name, GLOBAL_Rustfs_Host, GLOBAL_
 use rustfs_common::heal_channel::{HealItemType, HealOpts};
 use rustfs_filemeta::FileInfo;
 use rustfs_madmin::heal_commands::HealResultItem;
-use rustfs_utils::crypto::base64_decode;
 use rustfs_utils::path::{SLASH_SEPARATOR, decode_dir_object, encode_dir_object, path_join_buf};
 use s3s::dto::{BucketVersioningStatus, ObjectLockConfiguration, ObjectLockEnabled, VersioningConfiguration};
 use std::cmp::Ordering;
@@ -220,7 +219,7 @@ impl ECStore {
            disk_map.insert(i, disks);
        }

-        // 替换本地磁盘
+        // Replace the local disk
        if !is_dist_erasure().await {
            let mut global_local_disk_map = GLOBAL_LOCAL_DISK_MAP.write().await;
            for disk in local_disks {
@@ -244,7 +243,7 @@ impl ECStore {
            decommission_cancelers,
        });

-        // 只有在全局部署ID尚未设置时才设置它
+        // Only set it when the global deployment ID is not yet configured
        if let Some(dep_id) = deployment_id {
            if get_global_deployment_id().is_none() {
                set_global_deployment_id(dep_id);
@@ -384,7 +383,7 @@ impl ECStore {
    //     Ok(info)
    // }

-    // 读所有
+    // Read all entries
    // define in store_list_objects.rs
    // async fn list_merged(&self, opts: &ListPathOptions, delimiter: &str) -> Result<Vec<ObjectInfo>> {
    //     let walk_opts = WalkDirOptions {
@@ -426,7 +425,7 @@ impl ECStore {

    //                 if !uniq.contains(&entry.name) {
    //                     uniq.insert(entry.name.clone());
-    //                     // TODO: 过滤
+    //                     // TODO: filter

    //                     if opts.limit > 0 && ress.len() as i32 >= opts.limit {
    //                         return Ok(ress);
@@ -517,7 +516,7 @@ impl ECStore {
    }

    async fn get_available_pool_idx(&self, bucket: &str, object: &str, size: i64) -> Option<usize> {
-        // // 先随机返回一个
+        // // Return a random one first

        let mut server_pools = self.get_server_pools_available_space(bucket, object, size).await;
        server_pools.filter_max_used(100 - (100_f64 * DISK_RESERVE_FRACTION) as u64);
@@ -547,7 +546,7 @@ impl ECStore {
        let mut n_sets = vec![0; self.pools.len()];
        let mut infos = vec![Vec::new(); self.pools.len()];

-        // TODO: 并发
+        // TODO: add concurrency
        for (idx, pool) in self.pools.iter().enumerate() {
            if self.is_suspended(idx).await || self.is_pool_rebalancing(idx).await {
                continue;
@@ -714,7 +713,7 @@ impl ECStore {

        let mut ress = Vec::new();

-        // join_all 结果跟输入顺序一致
+        // join_all preserves the input order
        for (i, res) in results.into_iter().enumerate() {
            let index = i;

@@ -985,7 +984,7 @@ pub async fn all_local_disk() -> Vec<DiskStore> {
        .collect()
 }

-// init_local_disks 初始化本地磁盘，server 启动前必须初始化成功
+// init_local_disks must succeed before the server starts
 pub async fn init_local_disks(endpoint_pools: EndpointServerPools) -> Result<()> {
    let opt = &DiskOption {
        cleanup: true,
@@ -1231,6 +1230,7 @@ impl StorageAPI for ECStore {
        if let Err(err) = self.peer_sys.make_bucket(bucket, opts).await {
            let err = to_object_err(err.into(), vec![bucket]);
            if !is_err_bucket_exists(&err) {
+                error!("make bucket failed: {err}");
                let _ = self
                    .delete_bucket(
                        bucket,
@@ -1317,7 +1317,7 @@ impl StorageAPI for ECStore {

        // TODO: replication opts.srdelete_op

-        // 删除 meta
+        // Delete the metadata
        self.delete_all(RUSTFS_META_BUCKET, format!("{BUCKET_META_PREFIX}/{bucket}").as_str())
            .await?;
        Ok(())
@@ -1469,7 +1469,7 @@ impl StorageAPI for ECStore {
        let mut gopts = opts.clone();
        gopts.no_lock = true;

-        // 查询在哪个 pool
+        // Determine which pool contains it
        let (mut pinfo, errs) = self
            .get_pool_info_existing_with_opts(bucket, object, &gopts)
            .await
@@ -1543,7 +1543,7 @@ impl StorageAPI for ECStore {
            })
            .collect();

-        // 默认返回值
+        // Default return value
        let mut del_objects = vec![DeletedObject::default(); objects.len()];

        let mut del_errs = Vec::with_capacity(objects.len());
@@ -1625,7 +1625,7 @@ impl StorageAPI for ECStore {
        // //     results.push(jh.await.unwrap());
        // // }

-        // // 记录 pool Index 对应的 objects pool_idx -> objects idx
+        // // Record the mapping pool_idx -> object index
        // let mut pool_obj_idx_map = HashMap::new();
        // let mut orig_index_map = HashMap::new();

@@ -1675,9 +1675,9 @@ impl StorageAPI for ECStore {

        // if !pool_obj_idx_map.is_empty() {
        //     for (i, sets) in self.pools.iter().enumerate() {
-        //         //  取 pool idx 对应的 objects index
+        //         // Retrieve the object index for a pool idx
        //         if let Some(objs) = pool_obj_idx_map.get(&i) {
-        //             //  取对应 obj，理论上不会 none
+        //             // Fetch the corresponding object (should never be None)
        //             // let objs: Vec<ObjectToDelete> = obj_idxs.iter().filter_map(|&idx| objects.get(idx).cloned()).collect();

        //             if objs.is_empty() {
@@ -1686,10 +1686,10 @@ impl StorageAPI for ECStore {

        //             let (pdel_objs, perrs) = sets.delete_objects(bucket, objs.clone(), opts.clone()).await?;

-        //             // 同时存入不可能为 none
+        //             // Insert simultaneously (should never be None)
        //             let org_indexes = orig_index_map.get(&i).unwrap();

-        //             // perrs 的顺序理论上跟 obj_idxs 顺序一致
+        //             // perrs should follow the same order as obj_idxs
        //             for (i, err) in perrs.into_iter().enumerate() {
        //                 let obj_idx = org_indexes[i];

@@ -1864,17 +1864,20 @@ impl StorageAPI for ECStore {
    }

    #[tracing::instrument(skip(self))]
-    async fn restore_transitioned_object(&self, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()> {
+    async fn restore_transitioned_object(self: Arc<Self>, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()> {
        let object = encode_dir_object(object);
        if self.single_pool() {
-            return self.pools[0].restore_transitioned_object(bucket, &object, opts).await;
+            return self.pools[0].clone().restore_transitioned_object(bucket, &object, opts).await;
        }

        //opts.skip_decommissioned = true;
        //opts.nolock = true;
        let idx = self.get_pool_idx_existing_with_opts(bucket, object.as_str(), opts).await?;

-        self.pools[idx].restore_transitioned_object(bucket, &object, opts).await
+        self.pools[idx]
+            .clone()
+            .restore_transitioned_object(bucket, &object, opts)
+            .await
    }

    #[tracing::instrument(skip(self))]
@@ -2421,7 +2424,7 @@ fn check_list_multipart_args(
            }
        }

-        if let Err(_e) = base64_decode(upload_id_marker.as_bytes()) {
+        if let Err(_e) = base64_simd::URL_SAFE_NO_PAD.decode_to_vec(upload_id_marker.as_bytes()) {
            return Err(StorageError::MalformedUploadID(upload_id_marker.to_owned()));
        }
    }
@@ -2448,7 +2451,7 @@ fn check_new_multipart_args(bucket: &str, object: &str) -> Result<()> {
 }

 fn check_multipart_object_args(bucket: &str, object: &str, upload_id: &str) -> Result<()> {
-    if let Err(e) = base64_decode(upload_id.as_bytes()) {
+    if let Err(e) = base64_simd::URL_SAFE_NO_PAD.decode_to_vec(upload_id.as_bytes()) {
        return Err(StorageError::MalformedUploadID(format!("{bucket}/{object}-{upload_id},err:{e}")));
    };
    check_object_args(bucket, object)
@@ -2598,6 +2601,8 @@ pub async fn has_space_for(dis: &[Option<DiskInfo>], size: i64) -> Result<bool>

 #[cfg(test)]
 mod tests {
+    use crate::bucket::metadata_sys::init_bucket_metadata_sys;
+
    use super::*;

    // Test validation functions
@@ -2785,4 +2790,122 @@ mod tests {
        assert!(check_put_object_args("", "test-object").is_err());
        assert!(check_put_object_args("test-bucket", "").is_err());
    }
+
+    #[tokio::test]
+    async fn test_ecstore_put_and_list_objects() {
+        use crate::disk::endpoint::Endpoint;
+        use crate::endpoints::{EndpointServerPools, Endpoints, PoolEndpoints};
+        use std::path::PathBuf;
+        use tokio::fs;
+
+        let test_base_dir = format!("/tmp/rustfs_test_put_list_{}", Uuid::new_v4());
+        let temp_dir = PathBuf::from(&test_base_dir);
+
+        if temp_dir.exists() {
+            let _ = fs::remove_dir_all(&temp_dir).await;
+        }
+        fs::create_dir_all(&temp_dir).await.expect("Failed to create test directory");
+
+        let disk_paths = vec![
+            temp_dir.join("disk1"),
+            temp_dir.join("disk2"),
+            temp_dir.join("disk3"),
+            temp_dir.join("disk4"),
+        ];
+
+        for disk_path in &disk_paths {
+            fs::create_dir_all(disk_path).await.expect("Failed to create disk directory");
+        }
+
+        let mut endpoints = Vec::new();
+        for (i, disk_path) in disk_paths.iter().enumerate() {
+            let disk_str = disk_path.to_str().expect("Invalid disk path");
+            let mut endpoint = Endpoint::try_from(disk_str).expect("Failed to create endpoint");
+            endpoint.set_pool_index(0);
+            endpoint.set_set_index(0);
+            endpoint.set_disk_index(i);
+            endpoints.push(endpoint);
+        }
+
+        let pool_endpoints = PoolEndpoints {
+            legacy: false,
+            set_count: 1,
+            drives_per_set: 4,
+            endpoints: Endpoints::from(endpoints),
+            cmd_line: "test".to_string(),
+            platform: format!("OS: {} | Arch: {}", std::env::consts::OS, std::env::consts::ARCH),
+        };
+
+        let endpoint_pools = EndpointServerPools(vec![pool_endpoints]);
+
+        init_local_disks(endpoint_pools.clone())
+            .await
+            .expect("Failed to initialize local disks");
+
+        let server_addr: SocketAddr = "127.0.0.1:0".parse().expect("Invalid server address");
+        let ecstore = ECStore::new(server_addr, endpoint_pools, CancellationToken::new())
+            .await
+            .expect("Failed to create ECStore");
+
+        init_bucket_metadata_sys(ecstore.clone(), vec![]).await;
+
+        let bucket_name = "test-bucket";
+        ecstore
+            .make_bucket(bucket_name, &MakeBucketOptions::default())
+            .await
+            .expect("Failed to create bucket");
+
+        let test_objects = vec![
+            ("object1.txt", b"Hello, World!".to_vec()),
+            ("object2.txt", b"Test data for object 2".to_vec()),
+            ("folder/object3.txt", b"Object in folder".to_vec()),
+            ("folder/subfolder/object4.txt", b"Nested object".to_vec()),
+        ];
+
+        for (object_name, data) in &test_objects {
+            let mut reader = PutObjReader::from_vec(data.clone());
+            let object_info = ecstore
+                .put_object(bucket_name, object_name, &mut reader, &ObjectOptions::default())
+                .await
+                .unwrap_or_else(|e| panic!("Failed to put object {}: {}", object_name, e));
+
+            assert_eq!(object_info.size, data.len() as i64, "Object size mismatch for {}", object_name);
+            assert_eq!(object_info.bucket, bucket_name);
+        }
+
+        let list_result = ecstore
+            .clone()
+            .list_objects_v2(bucket_name, "", None, None, 1000, false, None)
+            .await
+            .expect("Failed to list objects");
+
+        assert_eq!(list_result.objects.len(), test_objects.len(), "Number of objects mismatch");
+
+        let mut object_names: Vec<String> = list_result.objects.iter().map(|o| o.name.clone()).collect();
+        object_names.sort();
+
+        let mut expected_names: Vec<String> = test_objects.iter().map(|(n, _)| n.to_string()).collect();
+        expected_names.sort();
+
+        assert_eq!(object_names, expected_names, "Object names mismatch");
+
+        let prefix_result = ecstore
+            .clone()
+            .list_objects_v2(bucket_name, "folder/", None, None, 1000, false, None)
+            .await
+            .expect("Failed to list objects with prefix");
+
+        assert_eq!(prefix_result.objects.len(), 2, "Should find 2 objects with prefix 'folder/'");
+        assert!(prefix_result.objects.iter().all(|o| o.name.starts_with("folder/")));
+
+        let delimiter_result = ecstore
+            .clone()
+            .list_objects_v2(bucket_name, "", None, Some("/".to_string()), 1000, false, None)
+            .await
+            .expect("Failed to list objects with delimiter");
+
+        assert!(!delimiter_result.prefixes.is_empty() || !delimiter_result.objects.is_empty());
+
+        let _ = fs::remove_dir_all(&temp_dir).await;
+    }
 }
--- a/crates/ecstore/src/store_api.rs
+++ b/crates/ecstore/src/store_api.rs
@@ -13,10 +13,8 @@
 // limitations under the License.

 use crate::bucket::metadata_sys::get_versioning_config;
-use crate::bucket::replication::REPLICATION_RESET;
-use crate::bucket::replication::REPLICATION_STATUS;
-use crate::bucket::replication::{ReplicateDecision, replication_statuses_map, version_purge_statuses_map};
 use crate::bucket::versioning::VersioningApi as _;
+use crate::config::storageclass;
 use crate::disk::DiskStore;
 use crate::error::{Error, Result};
 use crate::store_utils::clean_metadata;
@@ -25,14 +23,18 @@ use crate::{
    bucket::lifecycle::lifecycle::ExpirationOptions,
    bucket::lifecycle::{bucket_lifecycle_ops::TransitionedObject, lifecycle::TransitionOptions},
 };
+use bytes::Bytes;
 use http::{HeaderMap, HeaderValue};
 use rustfs_common::heal_channel::HealOpts;
 use rustfs_filemeta::{
-    FileInfo, MetaCacheEntriesSorted, ObjectPartInfo, ReplicationState, ReplicationStatusType, VersionPurgeStatusType,
+    FileInfo, MetaCacheEntriesSorted, ObjectPartInfo, REPLICATION_RESET, REPLICATION_STATUS, ReplicateDecision, ReplicationState,
+    ReplicationStatusType, VersionPurgeStatusType, replication_statuses_map, version_purge_statuses_map,
 };
 use rustfs_madmin::heal_commands::HealResultItem;
+use rustfs_rio::Checksum;
 use rustfs_rio::{DecompressReader, HashReader, LimitReader, WarpReader};
 use rustfs_utils::CompressionAlgorithm;
+use rustfs_utils::http::AMZ_STORAGE_CLASS;
 use rustfs_utils::http::headers::{AMZ_OBJECT_TAGGING, RESERVED_METADATA_PREFIX_LOWER};
 use rustfs_utils::path::decode_dir_object;
 use serde::{Deserialize, Serialize};
@@ -92,11 +94,28 @@ impl PutObjReader {
        PutObjReader { stream }
    }

+    pub fn as_hash_reader(&self) -> &HashReader {
+        &self.stream
+    }
+
    pub fn from_vec(data: Vec<u8>) -> Self {
+        use sha2::{Digest, Sha256};
        let content_length = data.len() as i64;
+        let sha256hex = if content_length > 0 {
+            Some(hex_simd::encode_to_string(Sha256::digest(&data), hex_simd::AsciiCase::Lower))
+        } else {
+            None
+        };
        PutObjReader {
-            stream: HashReader::new(Box::new(WarpReader::new(Cursor::new(data))), content_length, content_length, None, false)
-                .unwrap(),
+            stream: HashReader::new(
+                Box::new(WarpReader::new(Cursor::new(data))),
+                content_length,
+                content_length,
+                None,
+                sha256hex,
+                false,
+            )
+            .unwrap(),
        }
    }

@@ -274,7 +293,7 @@ impl HTTPRangeSpec {
            let suffix_len = if self.start < 0 {
                self.start
                    .checked_neg()
-                    .ok_or_else(|| Error::other("range value invalid: suffix length overflow"))?
+                    .ok_or_else(|| Error::InvalidRangeSpec("range value invalid: suffix length overflow".to_string()))?
            } else {
                self.start
            };
@@ -287,14 +306,14 @@ impl HTTPRangeSpec {
    }
    pub fn get_length(&self, res_size: i64) -> Result<i64> {
        if res_size < 0 {
-            return Err(Error::other("The requested range is not satisfiable"));
+            return Err(Error::InvalidRangeSpec("The requested range is not satisfiable".to_string()));
        }

        if self.is_suffix_length {
            let specified_len = if self.start < 0 {
                self.start
                    .checked_neg()
-                    .ok_or_else(|| Error::other("range value invalid: suffix length overflow"))?
+                    .ok_or_else(|| Error::InvalidRangeSpec("range value invalid: suffix length overflow".to_string()))?
            } else {
                self.start
            };
@@ -308,7 +327,7 @@ impl HTTPRangeSpec {
        }

        if self.start >= res_size {
-            return Err(Error::other("The requested range is not satisfiable"));
+            return Err(Error::InvalidRangeSpec("The requested range is not satisfiable".to_string()));
        }

        if self.end > -1 {
@@ -326,7 +345,7 @@ impl HTTPRangeSpec {
            return Ok(range_length);
        }

-        Err(Error::other(format!(
+        Err(Error::InvalidRangeSpec(format!(
            "range value invalid: start={}, end={}, expected start <= end and end >= -1",
            self.start, self.end
        )))
@@ -374,6 +393,8 @@ pub struct ObjectOptions {
    pub lifecycle_audit_event: LcAuditEvent,

    pub eval_metadata: Option<HashMap<String, String>>,
+
+    pub want_checksum: Option<Checksum>,
 }

 impl ObjectOptions {
@@ -456,6 +477,8 @@ pub struct BucketInfo {
 #[derive(Debug, Default, Clone)]
 pub struct MultipartUploadResult {
    pub upload_id: String,
+    pub checksum_algo: Option<String>,
+    pub checksum_type: Option<String>,
 }

 #[derive(Debug, Default, Clone)]
@@ -471,13 +494,24 @@ pub struct PartInfo {
 pub struct CompletePart {
    pub part_num: usize,
    pub etag: Option<String>,
+    // pub size: Option<usize>,
+    pub checksum_crc32: Option<String>,
+    pub checksum_crc32c: Option<String>,
+    pub checksum_sha1: Option<String>,
+    pub checksum_sha256: Option<String>,
+    pub checksum_crc64nvme: Option<String>,
 }

 impl From<s3s::dto::CompletedPart> for CompletePart {
    fn from(value: s3s::dto::CompletedPart) -> Self {
        Self {
            part_num: value.part_number.unwrap_or_default() as usize,
-            etag: value.e_tag.map(|e| e.value().to_owned()),
+            etag: value.e_tag.map(|v| v.value().to_owned()),
+            checksum_crc32: value.checksum_crc32,
+            checksum_crc32c: value.checksum_crc32c,
+            checksum_sha1: value.checksum_sha1,
+            checksum_sha256: value.checksum_sha256,
+            checksum_crc64nvme: value.checksum_crc64nvme,
        }
    }
 }
@@ -486,6 +520,7 @@ impl From<s3s::dto::CompletedPart> for CompletePart {
 pub struct ObjectInfo {
    pub bucket: String,
    pub name: String,
+    pub storage_class: Option<String>,
    pub mod_time: Option<OffsetDateTime>,
    pub size: i64,
    // Actual size is the real size of the object uploaded by client.
@@ -517,7 +552,7 @@ pub struct ObjectInfo {
    pub version_purge_status_internal: Option<String>,
    pub version_purge_status: VersionPurgeStatusType,
    pub replication_decision: String,
-    pub checksum: Vec<u8>,
+    pub checksum: Option<Bytes>,
 }

 impl Clone for ObjectInfo {
@@ -525,6 +560,7 @@ impl Clone for ObjectInfo {
        Self {
            bucket: self.bucket.clone(),
            name: self.name.clone(),
+            storage_class: self.storage_class.clone(),
            mod_time: self.mod_time,
            size: self.size,
            actual_size: self.actual_size,
@@ -554,7 +590,7 @@ impl Clone for ObjectInfo {
            version_purge_status_internal: self.version_purge_status_internal.clone(),
            version_purge_status: self.version_purge_status.clone(),
            replication_decision: self.replication_decision.clone(),
-            checksum: Default::default(),
+            checksum: self.checksum.clone(),
            expires: self.expires,
        }
    }
@@ -657,6 +693,12 @@ impl ObjectInfo {
            v
        };

+        // Extract storage class from metadata, default to STANDARD if not found
+        let storage_class = metadata
+            .get(AMZ_STORAGE_CLASS)
+            .cloned()
+            .or_else(|| Some(storageclass::STANDARD.to_string()));
+
        // Convert parts from rustfs_filemeta::ObjectPartInfo to store_api::ObjectPartInfo
        let parts = fi
            .parts
@@ -694,6 +736,8 @@ impl ObjectInfo {
            inlined,
            user_defined: metadata,
            transitioned_object,
+            checksum: fi.checksum.clone(),
+            storage_class,
            ..Default::default()
        }
    }
@@ -884,6 +928,23 @@ impl ObjectInfo {
            ..Default::default()
        }
    }
+
+    pub fn decrypt_checksums(&self, part: usize, _headers: &HeaderMap) -> Result<(HashMap<String, String>, bool)> {
+        if part > 0 {
+            if let Some(checksums) = self.parts.iter().find(|p| p.number == part).and_then(|p| p.checksums.clone()) {
+                return Ok((checksums, true));
+            }
+        }
+
+        // TODO: decrypt checksums
+
+        if let Some(data) = &self.checksum {
+            let (checksums, is_multipart) = rustfs_rio::read_checksums(data.as_ref(), 0);
+            return Ok((checksums, is_multipart));
+        }
+
+        Ok((HashMap::new(), false))
+    }
 }

 #[derive(Debug, Default)]
@@ -1275,7 +1336,7 @@ pub trait StorageAPI: ObjectIO + Debug {
    async fn get_object_tags(&self, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<String>;
    async fn add_partial(&self, bucket: &str, object: &str, version_id: &str) -> Result<()>;
    async fn transition_object(&self, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()>;
-    async fn restore_transitioned_object(&self, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()>;
+    async fn restore_transitioned_object(self: Arc<Self>, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<()>;
    async fn put_object_tags(&self, bucket: &str, object: &str, tags: &str, opts: &ObjectOptions) -> Result<ObjectInfo>;
    async fn delete_object_tags(&self, bucket: &str, object: &str, opts: &ObjectOptions) -> Result<ObjectInfo>;

@@ -1311,7 +1372,7 @@ impl<R: AsyncRead + Unpin + Send + Sync> RangedDecompressReader<R> {
        // Validate the range request
        if offset >= total_size {
            tracing::debug!("Range offset {} exceeds total size {}", offset, total_size);
-            return Err(Error::other("Range offset exceeds file size"));
+            return Err(Error::InvalidRangeSpec("Range offset exceeds file size".to_string()));
        }

        // Adjust length if it extends beyond file end
--- a/crates/ecstore/src/store_list_objects.rs
+++ b/crates/ecstore/src/store_list_objects.rs
@@ -952,6 +952,12 @@ async fn gather_results(
    let mut recv = recv;
    let mut entries = Vec::new();
    while let Some(mut entry) = recv.recv().await {
+        #[cfg(windows)]
+        {
+            // normalize windows path separator
+            entry.name = entry.name.replace("\\", "/");
+        }
+
        if returned {
            continue;
        }
@@ -1050,6 +1056,10 @@ async fn merge_entry_channels(
    out_channel: Sender<MetaCacheEntry>,
    read_quorum: usize,
 ) -> Result<()> {
+    if in_channels.is_empty() {
+        return Ok(());
+    }
+
    let mut in_channels = in_channels;
    if in_channels.len() == 1 {
        loop {
@@ -1086,18 +1096,18 @@ async fn merge_entry_channels(
            return Ok(());
        }

-        let mut best: Option<MetaCacheEntry> = None;
+        let mut best = top[0].clone();
        let mut best_idx = 0;
        to_merge.clear();

        // FIXME: top move when select_from call
-        let vtop = top.clone();
+        // let vtop = top.clone();

-        for (i, other) in vtop.iter().enumerate() {
-            if let Some(other_entry) = other {
+        // let vtop = top.as_slice();
+
+        for other_idx in 1..top.len() {
+            if let Some(other_entry) = &top[other_idx] {
                if let Some(best_entry) = &best {
-                    let other_idx = i;
-
                    // println!("get other_entry {:?}", other_entry.name);

                    if path::clean(&best_entry.name) == path::clean(&other_entry.name) {
@@ -1124,21 +1134,20 @@ async fn merge_entry_channels(
                            best_idx = other_idx;
                            continue;
                        }
-                    } else if best_entry.name > other_entry.name {
+                    }
+
+                    if best_entry.name > other_entry.name {
                        to_merge.clear();
                        best = Some(other_entry.clone());
-                        best_idx = i;
+                        best_idx = other_idx;
                    }
                } else {
                    best = Some(other_entry.clone());
-                    best_idx = i;
+                    best_idx = other_idx;
                }
            }
        }

-        // println!("get best_entry {} {:?}", &best_idx, &best.clone().unwrap_or_default().name);
-
-        // TODO:
        if !to_merge.is_empty() {
            if let Some(entry) = &best {
                let mut versions = Vec::with_capacity(to_merge.len() + 1);
@@ -1150,9 +1159,9 @@ async fn merge_entry_channels(
                }

                for &idx in to_merge.iter() {
-                    let has_entry = { top.get(idx).cloned() };
+                    let has_entry = top[idx].clone();

-                    if let Some(Some(entry)) = has_entry {
+                    if let Some(entry) = has_entry {
                        let xl2 = match entry.clone().xl_meta() {
                            Ok(res) => res,
                            Err(_) => {
@@ -1198,9 +1207,9 @@ async fn merge_entry_channels(
                out_channel.send(best_entry.clone()).await.map_err(Error::other)?;
                last = best_entry.name.clone();
            }
-            top[best_idx] = None; // Replace entry we just sent
-            select_from(&mut in_channels, best_idx, &mut top, &mut n_done).await?;
        }
+
+        select_from(&mut in_channels, best_idx, &mut top, &mut n_done).await?;
    }
 }

--- a/crates/ecstore/src/store_utils.rs
+++ b/crates/ecstore/src/store_utils.rs
@@ -37,17 +37,17 @@ pub fn clean_metadata_keys(metadata: &mut HashMap<String, String>, key_names: &[
    }
 }

-// 检查是否为  元数据桶
+// Check whether the bucket is the metadata bucket
 fn is_meta_bucket(bucket_name: &str) -> bool {
    bucket_name == RUSTFS_META_BUCKET
 }

-// 检查是否为 保留桶
+// Check whether the bucket is reserved
 fn is_reserved_bucket(bucket_name: &str) -> bool {
    bucket_name == "rustfs"
 }

-// 检查桶名是否为保留名或无效名
+// Check whether the bucket name is reserved or invalid
 pub fn is_reserved_or_invalid_bucket(bucket_entry: &str, strict: bool) -> bool {
    if bucket_entry.is_empty() {
        return true;
@@ -59,7 +59,7 @@ pub fn is_reserved_or_invalid_bucket(bucket_entry: &str, strict: bool) -> bool {
    result || is_meta_bucket(bucket_entry) || is_reserved_bucket(bucket_entry)
 }

-// 检查桶名是否有效
+// Check whether the bucket name is valid
 fn check_bucket_name(bucket_name: &str, strict: bool) -> Result<()> {
    if bucket_name.trim().is_empty() {
        return Err(Error::other("Bucket name cannot be empty"));
@@ -86,7 +86,7 @@ fn check_bucket_name(bucket_name: &str, strict: bool) -> Result<()> {
        return Err(Error::other("Bucket name contains invalid characters"));
    }

-    // 检查包含 "..", ".-", "-."
+    // Check for "..", ".-", "-."
    if bucket_name.contains("..") || bucket_name.contains(".-") || bucket_name.contains("-.") {
        return Err(Error::other("Bucket name contains invalid characters"));
    }
--- a/crates/ecstore/src/tier/mod.rs
+++ b/crates/ecstore/src/tier/mod.rs
@@ -18,6 +18,13 @@ pub mod tier_config;
 pub mod tier_gen;
 pub mod tier_handlers;
 pub mod warm_backend;
+pub mod warm_backend_aliyun;
+pub mod warm_backend_azure;
+pub mod warm_backend_gcs;
+pub mod warm_backend_huaweicloud;
 pub mod warm_backend_minio;
+pub mod warm_backend_r2;
 pub mod warm_backend_rustfs;
 pub mod warm_backend_s3;
+pub mod warm_backend_s3sdk;
+pub mod warm_backend_tencent;
--- a/crates/ecstore/src/tier/tier.rs
+++ b/crates/ecstore/src/tier/tier.rs
@@ -141,8 +141,8 @@ impl TierConfigMgr {
        (TierType::Unsupported, false)
    }

-    pub async fn add(&mut self, tier: TierConfig, force: bool) -> std::result::Result<(), AdminError> {
-        let tier_name = &tier.name;
+    pub async fn add(&mut self, tier_config: TierConfig, force: bool) -> std::result::Result<(), AdminError> {
+        let tier_name = &tier_config.name;
        if tier_name != tier_name.to_uppercase().as_str() {
            return Err(ERR_TIER_NAME_NOT_UPPERCASE.clone());
        }
@@ -152,7 +152,7 @@ impl TierConfigMgr {
            return Err(ERR_TIER_ALREADY_EXISTS.clone());
        }

-        let d = new_warm_backend(&tier, true).await?;
+        let d = new_warm_backend(&tier_config, true).await?;

        if !force {
            let in_use = d.in_use().await;
@@ -180,7 +180,7 @@ impl TierConfigMgr {
        }

        self.driver_cache.insert(tier_name.to_string(), d);
-        self.tiers.insert(tier_name.to_string(), tier);
+        self.tiers.insert(tier_name.to_string(), tier_config);

        Ok(())
    }
@@ -260,10 +260,10 @@ impl TierConfigMgr {
            return Err(ERR_TIER_NOT_FOUND.clone());
        }

-        let mut cfg = self.tiers[tier_name].clone();
+        let mut tier_config = self.tiers[tier_name].clone();
        match tier_type {
            TierType::S3 => {
-                let mut s3 = cfg.s3.as_mut().expect("err");
+                let mut s3 = tier_config.s3.as_mut().expect("err");
                if creds.aws_role {
                    s3.aws_role = true
                }
@@ -277,7 +277,7 @@ impl TierConfigMgr {
                }
            }
            TierType::RustFS => {
-                let mut rustfs = cfg.rustfs.as_mut().expect("err");
+                let mut rustfs = tier_config.rustfs.as_mut().expect("err");
                if creds.access_key == "" || creds.secret_key == "" {
                    return Err(ERR_TIER_MISSING_CREDENTIALS.clone());
                }
@@ -285,18 +285,65 @@ impl TierConfigMgr {
                rustfs.secret_key = creds.secret_key;
            }
            TierType::MinIO => {
-                let mut minio = cfg.minio.as_mut().expect("err");
+                let mut minio = tier_config.minio.as_mut().expect("err");
                if creds.access_key == "" || creds.secret_key == "" {
                    return Err(ERR_TIER_MISSING_CREDENTIALS.clone());
                }
                minio.access_key = creds.access_key;
                minio.secret_key = creds.secret_key;
            }
+            TierType::Aliyun => {
+                let mut aliyun = tier_config.aliyun.as_mut().expect("err");
+                if creds.access_key == "" || creds.secret_key == "" {
+                    return Err(ERR_TIER_MISSING_CREDENTIALS.clone());
+                }
+                aliyun.access_key = creds.access_key;
+                aliyun.secret_key = creds.secret_key;
+            }
+            TierType::Tencent => {
+                let mut tencent = tier_config.tencent.as_mut().expect("err");
+                if creds.access_key == "" || creds.secret_key == "" {
+                    return Err(ERR_TIER_MISSING_CREDENTIALS.clone());
+                }
+                tencent.access_key = creds.access_key;
+                tencent.secret_key = creds.secret_key;
+            }
+            TierType::Huaweicloud => {
+                let mut huaweicloud = tier_config.huaweicloud.as_mut().expect("err");
+                if creds.access_key == "" || creds.secret_key == "" {
+                    return Err(ERR_TIER_MISSING_CREDENTIALS.clone());
+                }
+                huaweicloud.access_key = creds.access_key;
+                huaweicloud.secret_key = creds.secret_key;
+            }
+            TierType::Azure => {
+                let mut azure = tier_config.azure.as_mut().expect("err");
+                if creds.access_key == "" || creds.secret_key == "" {
+                    return Err(ERR_TIER_MISSING_CREDENTIALS.clone());
+                }
+                azure.access_key = creds.access_key;
+                azure.secret_key = creds.secret_key;
+            }
+            TierType::GCS => {
+                let mut gcs = tier_config.gcs.as_mut().expect("err");
+                if creds.access_key == "" || creds.secret_key == "" {
+                    return Err(ERR_TIER_MISSING_CREDENTIALS.clone());
+                }
+                gcs.creds = creds.access_key; //creds.creds_json
+            }
+            TierType::R2 => {
+                let mut r2 = tier_config.r2.as_mut().expect("err");
+                if creds.access_key == "" || creds.secret_key == "" {
+                    return Err(ERR_TIER_MISSING_CREDENTIALS.clone());
+                }
+                r2.access_key = creds.access_key;
+                r2.secret_key = creds.secret_key;
+            }
            _ => (),
        }

-        let d = new_warm_backend(&cfg, true).await?;
-        self.tiers.insert(tier_name.to_string(), cfg);
+        let d = new_warm_backend(&tier_config, true).await?;
+        self.tiers.insert(tier_name.to_string(), tier_config);
        self.driver_cache.insert(tier_name.to_string(), d);
        Ok(())
    }
--- a/crates/ecstore/src/tier/tier_config.rs
+++ b/crates/ecstore/src/tier/tier_config.rs
@@ -26,14 +26,22 @@ pub enum TierType {
    Unsupported,
    #[serde(rename = "s3")]
    S3,
-    #[serde(rename = "azure")]
-    Azure,
-    #[serde(rename = "gcs")]
-    GCS,
    #[serde(rename = "rustfs")]
    RustFS,
    #[serde(rename = "minio")]
    MinIO,
+    #[serde(rename = "aliyun")]
+    Aliyun,
+    #[serde(rename = "tencent")]
+    Tencent,
+    #[serde(rename = "huaweicloud")]
+    Huaweicloud,
+    #[serde(rename = "azure")]
+    Azure,
+    #[serde(rename = "gcs")]
+    GCS,
+    #[serde(rename = "r2")]
+    R2,
 }

 impl Display for TierType {
@@ -48,6 +56,24 @@ impl Display for TierType {
            TierType::MinIO => {
                write!(f, "MinIO")
            }
+            TierType::Aliyun => {
+                write!(f, "Aliyun")
+            }
+            TierType::Tencent => {
+                write!(f, "Tencent")
+            }
+            TierType::Huaweicloud => {
+                write!(f, "Huaweicloud")
+            }
+            TierType::Azure => {
+                write!(f, "Azure")
+            }
+            TierType::GCS => {
+                write!(f, "GCS")
+            }
+            TierType::R2 => {
+                write!(f, "R2")
+            }
            _ => {
                write!(f, "Unsupported")
            }
@@ -61,6 +87,12 @@ impl TierType {
            "S3" => TierType::S3,
            "RustFS" => TierType::RustFS,
            "MinIO" => TierType::MinIO,
+            "Aliyun" => TierType::Aliyun,
+            "Tencent" => TierType::Tencent,
+            "Huaweicloud" => TierType::Huaweicloud,
+            "Azure" => TierType::Azure,
+            "GCS" => TierType::GCS,
+            "R2" => TierType::R2,
            _ => TierType::Unsupported,
        }
    }
@@ -70,6 +102,12 @@ impl TierType {
            TierType::S3 => "s3".to_string(),
            TierType::RustFS => "rustfs".to_string(),
            TierType::MinIO => "minio".to_string(),
+            TierType::Aliyun => "aliyun".to_string(),
+            TierType::Tencent => "tencent".to_string(),
+            TierType::Huaweicloud => "huaweicloud".to_string(),
+            TierType::Azure => "azure".to_string(),
+            TierType::GCS => "gcs".to_string(),
+            TierType::R2 => "r2".to_string(),
            _ => "unsupported".to_string(),
        }
    }
@@ -86,8 +124,18 @@ pub struct TierConfig {
    pub name: String,
    #[serde(rename = "s3", skip_serializing_if = "Option::is_none")]
    pub s3: Option<TierS3>,
-    //TODO: azure: Option<TierAzure>,
-    //TODO: gcs: Option<TierGCS>,
+    #[serde(rename = "aliyun", skip_serializing_if = "Option::is_none")]
+    pub aliyun: Option<TierAliyun>,
+    #[serde(rename = "tencent", skip_serializing_if = "Option::is_none")]
+    pub tencent: Option<TierTencent>,
+    #[serde(rename = "huaweicloud", skip_serializing_if = "Option::is_none")]
+    pub huaweicloud: Option<TierHuaweicloud>,
+    #[serde(rename = "azure", skip_serializing_if = "Option::is_none")]
+    pub azure: Option<TierAzure>,
+    #[serde(rename = "gcs", skip_serializing_if = "Option::is_none")]
+    pub gcs: Option<TierGCS>,
+    #[serde(rename = "r2", skip_serializing_if = "Option::is_none")]
+    pub r2: Option<TierR2>,
    #[serde(rename = "rustfs", skip_serializing_if = "Option::is_none")]
    pub rustfs: Option<TierRustFS>,
    #[serde(rename = "minio", skip_serializing_if = "Option::is_none")]
@@ -97,10 +145,14 @@ pub struct TierConfig {
 impl Clone for TierConfig {
    fn clone(&self) -> TierConfig {
        let mut s3 = None;
-        //az  TierAzure
-        //gcs TierGCS
        let mut r = None;
        let mut m = None;
+        let mut aliyun = None;
+        let mut tencent = None;
+        let mut huaweicloud = None;
+        let mut azure = None;
+        let mut gcs = None;
+        let mut r2 = None;
        match self.tier_type {
            TierType::S3 => {
                let mut s3_ = self.s3.as_ref().expect("err").clone();
@@ -117,6 +169,36 @@ impl Clone for TierConfig {
                m_.secret_key = "REDACTED".to_string();
                m = Some(m_);
            }
+            TierType::Aliyun => {
+                let mut aliyun_ = self.aliyun.as_ref().expect("err").clone();
+                aliyun_.secret_key = "REDACTED".to_string();
+                aliyun = Some(aliyun_);
+            }
+            TierType::Tencent => {
+                let mut tencent_ = self.tencent.as_ref().expect("err").clone();
+                tencent_.secret_key = "REDACTED".to_string();
+                tencent = Some(tencent_);
+            }
+            TierType::Huaweicloud => {
+                let mut huaweicloud_ = self.huaweicloud.as_ref().expect("err").clone();
+                huaweicloud_.secret_key = "REDACTED".to_string();
+                huaweicloud = Some(huaweicloud_);
+            }
+            TierType::Azure => {
+                let mut azure_ = self.azure.as_ref().expect("err").clone();
+                azure_.secret_key = "REDACTED".to_string();
+                azure = Some(azure_);
+            }
+            TierType::GCS => {
+                let mut gcs_ = self.gcs.as_ref().expect("err").clone();
+                gcs_.creds = "REDACTED".to_string();
+                gcs = Some(gcs_);
+            }
+            TierType::R2 => {
+                let mut r2_ = self.r2.as_ref().expect("err").clone();
+                r2_.secret_key = "REDACTED".to_string();
+                r2 = Some(r2_);
+            }
            _ => (),
        }
        TierConfig {
@@ -126,6 +208,12 @@ impl Clone for TierConfig {
            s3,
            rustfs: r,
            minio: m,
+            aliyun,
+            tencent,
+            huaweicloud,
+            azure,
+            gcs,
+            r2,
        }
    }
 }
@@ -137,6 +225,12 @@ impl TierConfig {
            TierType::S3 => self.s3.as_ref().expect("err").endpoint.clone(),
            TierType::RustFS => self.rustfs.as_ref().expect("err").endpoint.clone(),
            TierType::MinIO => self.minio.as_ref().expect("err").endpoint.clone(),
+            TierType::Aliyun => self.aliyun.as_ref().expect("err").endpoint.clone(),
+            TierType::Tencent => self.tencent.as_ref().expect("err").endpoint.clone(),
+            TierType::Huaweicloud => self.huaweicloud.as_ref().expect("err").endpoint.clone(),
+            TierType::Azure => self.azure.as_ref().expect("err").endpoint.clone(),
+            TierType::GCS => self.gcs.as_ref().expect("err").endpoint.clone(),
+            TierType::R2 => self.r2.as_ref().expect("err").endpoint.clone(),
            _ => {
                info!("unexpected tier type {}", self.tier_type);
                "".to_string()
@@ -149,6 +243,12 @@ impl TierConfig {
            TierType::S3 => self.s3.as_ref().expect("err").bucket.clone(),
            TierType::RustFS => self.rustfs.as_ref().expect("err").bucket.clone(),
            TierType::MinIO => self.minio.as_ref().expect("err").bucket.clone(),
+            TierType::Aliyun => self.aliyun.as_ref().expect("err").bucket.clone(),
+            TierType::Tencent => self.tencent.as_ref().expect("err").bucket.clone(),
+            TierType::Huaweicloud => self.huaweicloud.as_ref().expect("err").bucket.clone(),
+            TierType::Azure => self.azure.as_ref().expect("err").bucket.clone(),
+            TierType::GCS => self.gcs.as_ref().expect("err").bucket.clone(),
+            TierType::R2 => self.r2.as_ref().expect("err").bucket.clone(),
            _ => {
                info!("unexpected tier type {}", self.tier_type);
                "".to_string()
@@ -161,6 +261,12 @@ impl TierConfig {
            TierType::S3 => self.s3.as_ref().expect("err").prefix.clone(),
            TierType::RustFS => self.rustfs.as_ref().expect("err").prefix.clone(),
            TierType::MinIO => self.minio.as_ref().expect("err").prefix.clone(),
+            TierType::Aliyun => self.aliyun.as_ref().expect("err").prefix.clone(),
+            TierType::Tencent => self.tencent.as_ref().expect("err").prefix.clone(),
+            TierType::Huaweicloud => self.huaweicloud.as_ref().expect("err").prefix.clone(),
+            TierType::Azure => self.azure.as_ref().expect("err").prefix.clone(),
+            TierType::GCS => self.gcs.as_ref().expect("err").prefix.clone(),
+            TierType::R2 => self.r2.as_ref().expect("err").prefix.clone(),
            _ => {
                info!("unexpected tier type {}", self.tier_type);
                "".to_string()
@@ -173,6 +279,12 @@ impl TierConfig {
            TierType::S3 => self.s3.as_ref().expect("err").region.clone(),
            TierType::RustFS => self.rustfs.as_ref().expect("err").region.clone(),
            TierType::MinIO => self.minio.as_ref().expect("err").region.clone(),
+            TierType::Aliyun => self.aliyun.as_ref().expect("err").region.clone(),
+            TierType::Tencent => self.tencent.as_ref().expect("err").region.clone(),
+            TierType::Huaweicloud => self.huaweicloud.as_ref().expect("err").region.clone(),
+            TierType::Azure => self.azure.as_ref().expect("err").region.clone(),
+            TierType::GCS => self.gcs.as_ref().expect("err").region.clone(),
+            TierType::R2 => self.r2.as_ref().expect("err").region.clone(),
            _ => {
                info!("unexpected tier type {}", self.tier_type);
                "".to_string()
@@ -319,3 +431,152 @@ impl TierMinIO {
        })
    }
 }
+
+#[derive(Serialize, Deserialize, Default, Debug, Clone)]
+#[serde(default)]
+pub struct TierAliyun {
+    pub name: String,
+    pub endpoint: String,
+    #[serde(rename = "accessKey")]
+    pub access_key: String,
+    #[serde(rename = "secretKey")]
+    pub secret_key: String,
+    pub bucket: String,
+    pub prefix: String,
+    pub region: String,
+}
+
+#[derive(Serialize, Deserialize, Default, Debug, Clone)]
+#[serde(default)]
+pub struct TierTencent {
+    pub name: String,
+    pub endpoint: String,
+    #[serde(rename = "accessKey")]
+    pub access_key: String,
+    #[serde(rename = "secretKey")]
+    pub secret_key: String,
+    pub bucket: String,
+    pub prefix: String,
+    pub region: String,
+}
+
+#[derive(Serialize, Deserialize, Default, Debug, Clone)]
+#[serde(default)]
+pub struct TierHuaweicloud {
+    pub name: String,
+    pub endpoint: String,
+    #[serde(rename = "accessKey")]
+    pub access_key: String,
+    #[serde(rename = "secretKey")]
+    pub secret_key: String,
+    pub bucket: String,
+    pub prefix: String,
+    pub region: String,
+}
+
+#[derive(Serialize, Deserialize, Default, Debug, Clone)]
+#[serde(default)]
+pub struct ServicePrincipalAuth {
+    pub tenant_id: String,
+    pub client_id: String,
+    pub client_secret: String,
+}
+
+#[derive(Serialize, Deserialize, Default, Debug, Clone)]
+#[serde(default)]
+pub struct TierAzure {
+    pub name: String,
+    pub endpoint: String,
+    #[serde(rename = "accessKey")]
+    pub access_key: String,
+    #[serde(rename = "secretKey")]
+    pub secret_key: String,
+    pub bucket: String,
+    pub prefix: String,
+    pub region: String,
+    #[serde(rename = "storageClass")]
+    pub storage_class: String,
+    #[serde(rename = "spAuth")]
+    pub sp_auth: ServicePrincipalAuth,
+}
+
+impl TierAzure {
+    pub fn is_sp_enabled(&self) -> bool {
+        !self.sp_auth.tenant_id.is_empty() && !self.sp_auth.client_id.is_empty() && !self.sp_auth.client_secret.is_empty()
+    }
+}
+
+/*
+fn AzureServicePrincipal(tenantID, clientID, clientSecret string) func(az *TierAzure) error {
+  return func(az *TierAzure) error {
+    if tenantID == "" {
+      return errors.New("empty tenant ID unsupported")
+    }
+    if clientID == "" {
+      return errors.New("empty client ID unsupported")
+    }
+    if clientSecret == "" {
+      return errors.New("empty client secret unsupported")
+    }
+    az.SPAuth.TenantID = tenantID
+    az.SPAuth.ClientID = clientID
+    az.SPAuth.ClientSecret = clientSecret
+    return nil
+  }
+}
+
+fn AzurePrefix(prefix string) func(az *TierAzure) error {
+  return func(az *TierAzure) error {
+    az.Prefix = prefix
+    return nil
+  }
+}
+
+fn AzureEndpoint(endpoint string) func(az *TierAzure) error {
+  return func(az *TierAzure) error {
+    az.Endpoint = endpoint
+    return nil
+  }
+}
+
+fn AzureRegion(region string) func(az *TierAzure) error {
+  return func(az *TierAzure) error {
+    az.Region = region
+    return nil
+  }
+}
+
+fn AzureStorageClass(sc string) func(az *TierAzure) error {
+  return func(az *TierAzure) error {
+    az.StorageClass = sc
+    return nil
+  }
+}*/
+
+#[derive(Serialize, Deserialize, Default, Debug, Clone)]
+#[serde(default)]
+pub struct TierGCS {
+    pub name: String,
+    pub endpoint: String,
+    #[serde(rename = "creds")]
+    pub creds: String,
+    pub bucket: String,
+    pub prefix: String,
+    pub region: String,
+    #[serde(rename = "storageClass")]
+    pub storage_class: String,
+}
+
+#[derive(Serialize, Deserialize, Default, Debug, Clone)]
+#[serde(default)]
+pub struct TierR2 {
+    pub name: String,
+    pub endpoint: String,
+    #[serde(rename = "accessKey")]
+    pub access_key: String,
+    #[serde(rename = "secretKey")]
+    pub secret_key: String,
+    pub bucket: String,
+    pub prefix: String,
+    pub region: String,
+}
--- a/crates/ecstore/src/tier/warm_backend.rs
+++ b/crates/ecstore/src/tier/warm_backend.rs
@@ -27,9 +27,15 @@ use crate::tier::{
    tier::ERR_TIER_TYPE_UNSUPPORTED,
    tier_config::{TierConfig, TierType},
    tier_handlers::{ERR_TIER_BUCKET_NOT_FOUND, ERR_TIER_PERM_ERR},
+    warm_backend_aliyun::WarmBackendAliyun,
+    warm_backend_azure::WarmBackendAzure,
+    warm_backend_gcs::WarmBackendGCS,
+    warm_backend_huaweicloud::WarmBackendHuaweicloud,
    warm_backend_minio::WarmBackendMinIO,
+    warm_backend_r2::WarmBackendR2,
    warm_backend_rustfs::WarmBackendRustFS,
    warm_backend_s3::WarmBackendS3,
+    warm_backend_tencent::WarmBackendTencent,
 };
 use bytes::Bytes;
 use http::StatusCode;
@@ -128,6 +134,78 @@ pub async fn new_warm_backend(tier: &TierConfig, probe: bool) -> Result<WarmBack
            }
            d = Some(Box::new(dd.expect("err")));
        }
+        TierType::Aliyun => {
+            let dd = WarmBackendAliyun::new(tier.aliyun.as_ref().expect("err"), &tier.name).await;
+            if let Err(err) = dd {
+                warn!("{}", err);
+                return Err(AdminError {
+                    code: "XRustFSAdminTierInvalidConfig".to_string(),
+                    message: format!("Unable to setup remote tier, check tier configuration: {}", err.to_string()),
+                    status_code: StatusCode::BAD_REQUEST,
+                });
+            }
+            d = Some(Box::new(dd.expect("err")));
+        }
+        TierType::Tencent => {
+            let dd = WarmBackendTencent::new(tier.tencent.as_ref().expect("err"), &tier.name).await;
+            if let Err(err) = dd {
+                warn!("{}", err);
+                return Err(AdminError {
+                    code: "XRustFSAdminTierInvalidConfig".to_string(),
+                    message: format!("Unable to setup remote tier, check tier configuration: {}", err.to_string()),
+                    status_code: StatusCode::BAD_REQUEST,
+                });
+            }
+            d = Some(Box::new(dd.expect("err")));
+        }
+        TierType::Huaweicloud => {
+            let dd = WarmBackendHuaweicloud::new(tier.huaweicloud.as_ref().expect("err"), &tier.name).await;
+            if let Err(err) = dd {
+                warn!("{}", err);
+                return Err(AdminError {
+                    code: "XRustFSAdminTierInvalidConfig".to_string(),
+                    message: format!("Unable to setup remote tier, check tier configuration: {}", err.to_string()),
+                    status_code: StatusCode::BAD_REQUEST,
+                });
+            }
+            d = Some(Box::new(dd.expect("err")));
+        }
+        TierType::Azure => {
+            let dd = WarmBackendAzure::new(tier.azure.as_ref().expect("err"), &tier.name).await;
+            if let Err(err) = dd {
+                warn!("{}", err);
+                return Err(AdminError {
+                    code: "XRustFSAdminTierInvalidConfig".to_string(),
+                    message: format!("Unable to setup remote tier, check tier configuration: {}", err.to_string()),
+                    status_code: StatusCode::BAD_REQUEST,
+                });
+            }
+            d = Some(Box::new(dd.expect("err")));
+        }
+        TierType::GCS => {
+            let dd = WarmBackendGCS::new(tier.gcs.as_ref().expect("err"), &tier.name).await;
+            if let Err(err) = dd {
+                warn!("{}", err);
+                return Err(AdminError {
+                    code: "XRustFSAdminTierInvalidConfig".to_string(),
+                    message: format!("Unable to setup remote tier, check tier configuration: {}", err.to_string()),
+                    status_code: StatusCode::BAD_REQUEST,
+                });
+            }
+            d = Some(Box::new(dd.expect("err")));
+        }
+        TierType::R2 => {
+            let dd = WarmBackendR2::new(tier.r2.as_ref().expect("err"), &tier.name).await;
+            if let Err(err) = dd {
+                warn!("{}", err);
+                return Err(AdminError {
+                    code: "XRustFSAdminTierInvalidConfig".to_string(),
+                    message: format!("Unable to setup remote tier, check tier configuration: {}", err.to_string()),
+                    status_code: StatusCode::BAD_REQUEST,
+                });
+            }
+            d = Some(Box::new(dd.expect("err")));
+        }
        _ => {
            return Err(ERR_TIER_TYPE_UNSUPPORTED.clone());
        }
--- a/crates/ecstore/src/tier/warm_backend_aliyun.rs
+++ b/crates/ecstore/src/tier/warm_backend_aliyun.rs
@@ -0,0 +1,164 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use std::collections::HashMap;
+use std::sync::Arc;
+
+use crate::client::{
+    admin_handler_utils::AdminError,
+    api_put_object::PutObjectOptions,
+    credentials::{Credentials, SignatureType, Static, Value},
+    transition_api::{BucketLookupType, Options, ReadCloser, ReaderImpl, TransitionClient, TransitionCore},
+};
+use crate::tier::{
+    tier_config::TierAliyun,
+    warm_backend::{WarmBackend, WarmBackendGetOpts},
+    warm_backend_s3::WarmBackendS3,
+};
+use tracing::warn;
+
+const MAX_MULTIPART_PUT_OBJECT_SIZE: i64 = 1024 * 1024 * 1024 * 1024 * 5;
+const MAX_PARTS_COUNT: i64 = 10000;
+const _MAX_PART_SIZE: i64 = 1024 * 1024 * 1024 * 5;
+const MIN_PART_SIZE: i64 = 1024 * 1024 * 128;
+
+pub struct WarmBackendAliyun(WarmBackendS3);
+
+impl WarmBackendAliyun {
+    pub async fn new(conf: &TierAliyun, tier: &str) -> Result<Self, std::io::Error> {
+        if conf.access_key == "" || conf.secret_key == "" {
+            return Err(std::io::Error::other("both access and secret keys are required"));
+        }
+
+        if conf.bucket == "" {
+            return Err(std::io::Error::other("no bucket name was provided"));
+        }
+
+        let u = match url::Url::parse(&conf.endpoint) {
+            Ok(u) => u,
+            Err(e) => {
+                return Err(std::io::Error::other(e.to_string()));
+            }
+        };
+
+        let creds = Credentials::new(Static(Value {
+            access_key_id: conf.access_key.clone(),
+            secret_access_key: conf.secret_key.clone(),
+            session_token: "".to_string(),
+            signer_type: SignatureType::SignatureV4,
+            ..Default::default()
+        }));
+        let opts = Options {
+            creds,
+            secure: u.scheme() == "https",
+            //transport: GLOBAL_RemoteTargetTransport,
+            trailing_headers: true,
+            region: conf.region.clone(),
+            bucket_lookup: BucketLookupType::BucketLookupDNS,
+            ..Default::default()
+        };
+        let scheme = u.scheme();
+        let default_port = if scheme == "https" { 443 } else { 80 };
+        let client = TransitionClient::new(
+            &format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)),
+            opts,
+            "aliyun",
+        )
+        .await?;
+
+        let client = Arc::new(client);
+        let core = TransitionCore(Arc::clone(&client));
+        Ok(Self(WarmBackendS3 {
+            client,
+            core,
+            bucket: conf.bucket.clone(),
+            prefix: conf.prefix.strip_suffix("/").unwrap_or(&conf.prefix).to_owned(),
+            storage_class: "".to_string(),
+        }))
+    }
+}
+
+#[async_trait::async_trait]
+impl WarmBackend for WarmBackendAliyun {
+    async fn put_with_meta(
+        &self,
+        object: &str,
+        r: ReaderImpl,
+        length: i64,
+        meta: HashMap<String, String>,
+    ) -> Result<String, std::io::Error> {
+        let part_size = optimal_part_size(length)?;
+        let client = self.0.client.clone();
+        let res = client
+            .put_object(
+                &self.0.bucket,
+                &self.0.get_dest(object),
+                r,
+                length,
+                &PutObjectOptions {
+                    storage_class: self.0.storage_class.clone(),
+                    part_size: part_size as u64,
+                    disable_content_sha256: true,
+                    user_metadata: meta,
+                    ..Default::default()
+                },
+            )
+            .await?;
+        //self.ToObjectError(err, object)
+        Ok(res.version_id)
+    }
+
+    async fn put(&self, object: &str, r: ReaderImpl, length: i64) -> Result<String, std::io::Error> {
+        self.put_with_meta(object, r, length, HashMap::new()).await
+    }
+
+    async fn get(&self, object: &str, rv: &str, opts: WarmBackendGetOpts) -> Result<ReadCloser, std::io::Error> {
+        self.0.get(object, rv, opts).await
+    }
+
+    async fn remove(&self, object: &str, rv: &str) -> Result<(), std::io::Error> {
+        self.0.remove(object, rv).await
+    }
+
+    async fn in_use(&self) -> Result<bool, std::io::Error> {
+        self.0.in_use().await
+    }
+}
+
+fn optimal_part_size(object_size: i64) -> Result<i64, std::io::Error> {
+    let mut object_size = object_size;
+    if object_size == -1 {
+        object_size = MAX_MULTIPART_PUT_OBJECT_SIZE;
+    }
+
+    if object_size > MAX_MULTIPART_PUT_OBJECT_SIZE {
+        return Err(std::io::Error::other("entity too large"));
+    }
+
+    let configured_part_size = MIN_PART_SIZE;
+    let mut part_size_flt = object_size as f64 / MAX_PARTS_COUNT as f64;
+    part_size_flt = (part_size_flt as f64 / configured_part_size as f64).ceil() * configured_part_size as f64;
+
+    let part_size = part_size_flt as i64;
+    if part_size == 0 {
+        return Ok(MIN_PART_SIZE);
+    }
+    Ok(part_size)
+}
--- a/crates/ecstore/src/tier/warm_backend_azure.rs
+++ b/crates/ecstore/src/tier/warm_backend_azure.rs
@@ -0,0 +1,164 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use std::collections::HashMap;
+use std::sync::Arc;
+
+use crate::client::{
+    admin_handler_utils::AdminError,
+    api_put_object::PutObjectOptions,
+    credentials::{Credentials, SignatureType, Static, Value},
+    transition_api::{BucketLookupType, Options, ReadCloser, ReaderImpl, TransitionClient, TransitionCore},
+};
+use crate::tier::{
+    tier_config::TierAzure,
+    warm_backend::{WarmBackend, WarmBackendGetOpts},
+    warm_backend_s3::WarmBackendS3,
+};
+use tracing::warn;
+
+const MAX_MULTIPART_PUT_OBJECT_SIZE: i64 = 1024 * 1024 * 1024 * 1024 * 5;
+const MAX_PARTS_COUNT: i64 = 10000;
+const _MAX_PART_SIZE: i64 = 1024 * 1024 * 1024 * 5;
+const MIN_PART_SIZE: i64 = 1024 * 1024 * 128;
+
+pub struct WarmBackendAzure(WarmBackendS3);
+
+impl WarmBackendAzure {
+    pub async fn new(conf: &TierAzure, tier: &str) -> Result<Self, std::io::Error> {
+        if conf.access_key == "" || conf.secret_key == "" {
+            return Err(std::io::Error::other("both access and secret keys are required"));
+        }
+
+        if conf.bucket == "" {
+            return Err(std::io::Error::other("no bucket name was provided"));
+        }
+
+        let u = match url::Url::parse(&conf.endpoint) {
+            Ok(u) => u,
+            Err(e) => {
+                return Err(std::io::Error::other(e.to_string()));
+            }
+        };
+
+        let creds = Credentials::new(Static(Value {
+            access_key_id: conf.access_key.clone(),
+            secret_access_key: conf.secret_key.clone(),
+            session_token: "".to_string(),
+            signer_type: SignatureType::SignatureV4,
+            ..Default::default()
+        }));
+        let opts = Options {
+            creds,
+            secure: u.scheme() == "https",
+            //transport: GLOBAL_RemoteTargetTransport,
+            trailing_headers: true,
+            region: conf.region.clone(),
+            bucket_lookup: BucketLookupType::BucketLookupDNS,
+            ..Default::default()
+        };
+        let scheme = u.scheme();
+        let default_port = if scheme == "https" { 443 } else { 80 };
+        let client = TransitionClient::new(
+            &format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)),
+            opts,
+            "azure",
+        )
+        .await?;
+
+        let client = Arc::new(client);
+        let core = TransitionCore(Arc::clone(&client));
+        Ok(Self(WarmBackendS3 {
+            client,
+            core,
+            bucket: conf.bucket.clone(),
+            prefix: conf.prefix.strip_suffix("/").unwrap_or(&conf.prefix).to_owned(),
+            storage_class: "".to_string(),
+        }))
+    }
+}
+
+#[async_trait::async_trait]
+impl WarmBackend for WarmBackendAzure {
+    async fn put_with_meta(
+        &self,
+        object: &str,
+        r: ReaderImpl,
+        length: i64,
+        meta: HashMap<String, String>,
+    ) -> Result<String, std::io::Error> {
+        let part_size = optimal_part_size(length)?;
+        let client = self.0.client.clone();
+        let res = client
+            .put_object(
+                &self.0.bucket,
+                &self.0.get_dest(object),
+                r,
+                length,
+                &PutObjectOptions {
+                    storage_class: self.0.storage_class.clone(),
+                    part_size: part_size as u64,
+                    disable_content_sha256: true,
+                    user_metadata: meta,
+                    ..Default::default()
+                },
+            )
+            .await?;
+        //self.ToObjectError(err, object)
+        Ok(res.version_id)
+    }
+
+    async fn put(&self, object: &str, r: ReaderImpl, length: i64) -> Result<String, std::io::Error> {
+        self.put_with_meta(object, r, length, HashMap::new()).await
+    }
+
+    async fn get(&self, object: &str, rv: &str, opts: WarmBackendGetOpts) -> Result<ReadCloser, std::io::Error> {
+        self.0.get(object, rv, opts).await
+    }
+
+    async fn remove(&self, object: &str, rv: &str) -> Result<(), std::io::Error> {
+        self.0.remove(object, rv).await
+    }
+
+    async fn in_use(&self) -> Result<bool, std::io::Error> {
+        self.0.in_use().await
+    }
+}
+
+fn optimal_part_size(object_size: i64) -> Result<i64, std::io::Error> {
+    let mut object_size = object_size;
+    if object_size == -1 {
+        object_size = MAX_MULTIPART_PUT_OBJECT_SIZE;
+    }
+
+    if object_size > MAX_MULTIPART_PUT_OBJECT_SIZE {
+        return Err(std::io::Error::other("entity too large"));
+    }
+
+    let configured_part_size = MIN_PART_SIZE;
+    let mut part_size_flt = object_size as f64 / MAX_PARTS_COUNT as f64;
+    part_size_flt = (part_size_flt as f64 / configured_part_size as f64).ceil() * configured_part_size as f64;
+
+    let part_size = part_size_flt as i64;
+    if part_size == 0 {
+        return Ok(MIN_PART_SIZE);
+    }
+    Ok(part_size)
+}
--- a/crates/ecstore/src/tier/warm_backend_azure2.rs
+++ b/crates/ecstore/src/tier/warm_backend_azure2.rs
@@ -0,0 +1,231 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use std::collections::HashMap;
+use std::sync::Arc;
+
+use azure_core::http::{Body, ClientOptions, RequestContent};
+use azure_storage::StorageCredentials;
+use azure_storage_blobs::prelude::*;
+
+use crate::client::{
+    admin_handler_utils::AdminError,
+    api_put_object::PutObjectOptions,
+    transition_api::{Options, ReadCloser, ReaderImpl},
+};
+use crate::tier::{
+    tier_config::TierAzure,
+    warm_backend::{WarmBackend, WarmBackendGetOpts},
+};
+use tracing::warn;
+
+const MAX_MULTIPART_PUT_OBJECT_SIZE: i64 = 1024 * 1024 * 1024 * 1024 * 5;
+const MAX_PARTS_COUNT: i64 = 10000;
+const _MAX_PART_SIZE: i64 = 1024 * 1024 * 1024 * 5;
+const MIN_PART_SIZE: i64 = 1024 * 1024 * 128;
+
+pub struct WarmBackendAzure {
+    pub client: Arc<BlobServiceClient>,
+    pub bucket: String,
+    pub prefix: String,
+    pub storage_class: String,
+}
+
+impl WarmBackendAzure {
+    pub async fn new(conf: &TierAzure, tier: &str) -> Result<Self, std::io::Error> {
+        if conf.access_key == "" || conf.secret_key == "" {
+            return Err(std::io::Error::other("both access and secret keys are required"));
+        }
+
+        if conf.bucket == "" {
+            return Err(std::io::Error::other("no bucket name was provided"));
+        }
+
+        let creds = StorageCredentials::access_key(conf.access_key.clone(), conf.secret_key.clone());
+        let client = ClientBuilder::new(conf.access_key.clone(), creds)
+            //.endpoint(conf.endpoint)
+            .blob_service_client();
+        let client = Arc::new(client);
+        Ok(Self {
+            client,
+            bucket: conf.bucket.clone(),
+            prefix: conf.prefix.strip_suffix("/").unwrap_or(&conf.prefix).to_owned(),
+            storage_class: "".to_string(),
+        })
+    }
+
+    /*pub fn tier(&self) -> *blob.AccessTier {
+        if self.storage_class == "" {
+            return None;
+        }
+        for t in blob.PossibleAccessTierValues() {
+            if strings.EqualFold(self.storage_class, t) {
+                return &t
+            }
+        }
+        None
+    }*/
+
+    pub fn get_dest(&self, object: &str) -> String {
+        let mut dest_obj = object.to_string();
+        if self.prefix != "" {
+            dest_obj = format!("{}/{}", &self.prefix, object);
+        }
+        return dest_obj;
+    }
+}
+
+#[async_trait::async_trait]
+impl WarmBackend for WarmBackendAzure {
+    async fn put_with_meta(
+        &self,
+        object: &str,
+        r: ReaderImpl,
+        length: i64,
+        meta: HashMap<String, String>,
+    ) -> Result<String, std::io::Error> {
+        let part_size = length;
+        let client = self.client.clone();
+        let container_client = client.container_client(self.bucket.clone());
+        let blob_client = container_client.blob_client(self.get_dest(object));
+        /*let res = blob_client
+            .upload(
+                RequestContent::from(match r {
+                    ReaderImpl::Body(content_body) => content_body.to_vec(),
+                    ReaderImpl::ObjectBody(mut content_body) => content_body.read_all().await?,
+                }),
+                false,
+                length as u64,
+                None,
+            )
+            .await
+        else {
+            return Err(std::io::Error::other("upload error"));
+        };*/
+
+        let Ok(res) = blob_client
+            .put_block_blob(match r {
+                ReaderImpl::Body(content_body) => content_body.to_vec(),
+                ReaderImpl::ObjectBody(mut content_body) => content_body.read_all().await?,
+            })
+            .content_type("text/plain")
+            .into_future()
+            .await
+        else {
+            return Err(std::io::Error::other("put_block_blob error"));
+        };
+
+        //self.ToObjectError(err, object)
+        Ok(res.request_id.to_string())
+    }
+
+    async fn put(&self, object: &str, r: ReaderImpl, length: i64) -> Result<String, std::io::Error> {
+        self.put_with_meta(object, r, length, HashMap::new()).await
+    }
+
+    async fn get(&self, object: &str, rv: &str, opts: WarmBackendGetOpts) -> Result<ReadCloser, std::io::Error> {
+        let client = self.client.clone();
+        let container_client = client.container_client(self.bucket.clone());
+        let blob_client = container_client.blob_client(self.get_dest(object));
+        blob_client.get();
+        todo!();
+    }
+
+    async fn remove(&self, object: &str, rv: &str) -> Result<(), std::io::Error> {
+        let client = self.client.clone();
+        let container_client = client.container_client(self.bucket.clone());
+        let blob_client = container_client.blob_client(self.get_dest(object));
+        blob_client.delete();
+        todo!();
+    }
+
+    async fn in_use(&self) -> Result<bool, std::io::Error> {
+        /*let result = self.client
+            .list_objects_v2(&self.bucket, &self.prefix, "", "", SLASH_SEPARATOR, 1)
+            .await?;
+
+        Ok(result.common_prefixes.len() > 0 || result.contents.len() > 0)*/
+        Ok(false)
+    }
+}
+
+/*fn azure_to_object_error(err: Error, params: Vec<String>) -> Option<error> {
+    if err == nil {
+      return nil
+    }
+
+    bucket := ""
+    object := ""
+    if len(params) >= 1 {
+      bucket = params[0]
+    }
+    if len(params) == 2 {
+      object = params[1]
+    }
+
+    azureErr, ok := err.(*azcore.ResponseError)
+    if !ok {
+      // We don't interpret non Azure errors. As azure errors will
+      // have StatusCode to help to convert to object errors.
+      return err
+    }
+
+    serviceCode := azureErr.ErrorCode
+    statusCode := azureErr.StatusCode
+
+    azureCodesToObjectError(err, serviceCode, statusCode, bucket, object)
+}*/
+
+/*fn azure_codes_to_object_error(err: Error, service_code: String, status_code: i32, bucket: String, object: String) -> Option<Error> {
+  switch serviceCode {
+  case "ContainerNotFound", "ContainerBeingDeleted":
+    err = BucketNotFound{Bucket: bucket}
+  case "ContainerAlreadyExists":
+    err = BucketExists{Bucket: bucket}
+  case "InvalidResourceName":
+    err = BucketNameInvalid{Bucket: bucket}
+  case "RequestBodyTooLarge":
+    err = PartTooBig{}
+  case "InvalidMetadata":
+    err = UnsupportedMetadata{}
+  case "BlobAccessTierNotSupportedForAccountType":
+    err = NotImplemented{}
+  case "OutOfRangeInput":
+    err = ObjectNameInvalid{
+      Bucket: bucket,
+      Object: object,
+    }
+  default:
+    switch statusCode {
+    case http.StatusNotFound:
+      if object != "" {
+        err = ObjectNotFound{
+          Bucket: bucket,
+          Object: object,
+        }
+      } else {
+        err = BucketNotFound{Bucket: bucket}
+      }
+    case http.StatusBadRequest:
+      err = BucketNameInvalid{Bucket: bucket}
+    }
+  }
+  return err
+}*/
--- a/crates/ecstore/src/tier/warm_backend_gcs.rs
+++ b/crates/ecstore/src/tier/warm_backend_gcs.rs
@@ -0,0 +1,248 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use std::collections::HashMap;
+use std::sync::Arc;
+
+use bytes::Bytes;
+use google_cloud_auth::credentials::Credentials;
+use google_cloud_auth::credentials::user_account::Builder;
+use google_cloud_storage as gcs;
+use google_cloud_storage::client::Storage;
+use std::convert::TryFrom;
+
+use crate::client::{
+    admin_handler_utils::AdminError,
+    api_put_object::PutObjectOptions,
+    transition_api::{Options, ReadCloser, ReaderImpl},
+};
+use crate::tier::{
+    tier_config::TierGCS,
+    warm_backend::{WarmBackend, WarmBackendGetOpts},
+};
+use tracing::warn;
+
+const MAX_MULTIPART_PUT_OBJECT_SIZE: i64 = 1024 * 1024 * 1024 * 1024 * 5;
+const MAX_PARTS_COUNT: i64 = 10000;
+const _MAX_PART_SIZE: i64 = 1024 * 1024 * 1024 * 5;
+const MIN_PART_SIZE: i64 = 1024 * 1024 * 128;
+
+pub struct WarmBackendGCS {
+    pub client: Arc<Storage>,
+    pub bucket: String,
+    pub prefix: String,
+    pub storage_class: String,
+}
+
+impl WarmBackendGCS {
+    pub async fn new(conf: &TierGCS, tier: &str) -> Result<Self, std::io::Error> {
+        if conf.creds == "" {
+            return Err(std::io::Error::other("both access and secret keys are required"));
+        }
+
+        if conf.bucket == "" {
+            return Err(std::io::Error::other("no bucket name was provided"));
+        }
+
+        let authorized_user = serde_json::from_str(&conf.creds)?;
+        let credentials = Builder::new(authorized_user)
+            //.with_retry_policy(AlwaysRetry.with_attempt_limit(3))
+            //.with_backoff_policy(backoff)
+            .build()
+            .map_err(|e| std::io::Error::other(format!("Invalid credentials JSON: {}", e)))?;
+
+        let Ok(client) = Storage::builder()
+            .with_endpoint(conf.endpoint.clone())
+            .with_credentials(credentials)
+            .build()
+            .await
+        else {
+            return Err(std::io::Error::other("Storage::builder error"));
+        };
+        let client = Arc::new(client);
+        Ok(Self {
+            client,
+            bucket: conf.bucket.clone(),
+            prefix: conf.prefix.strip_suffix("/").unwrap_or(&conf.prefix).to_owned(),
+            storage_class: "".to_string(),
+        })
+    }
+
+    pub fn get_dest(&self, object: &str) -> String {
+        let mut dest_obj = object.to_string();
+        if self.prefix != "" {
+            dest_obj = format!("{}/{}", &self.prefix, object);
+        }
+        return dest_obj;
+    }
+}
+
+#[async_trait::async_trait]
+impl WarmBackend for WarmBackendGCS {
+    async fn put_with_meta(
+        &self,
+        object: &str,
+        r: ReaderImpl,
+        length: i64,
+        meta: HashMap<String, String>,
+    ) -> Result<String, std::io::Error> {
+        let d = match r {
+            ReaderImpl::Body(content_body) => content_body.to_vec(),
+            ReaderImpl::ObjectBody(mut content_body) => content_body.read_all().await?,
+        };
+        let Ok(res) = self
+            .client
+            .write_object(&self.bucket, &self.get_dest(object), Bytes::from(d))
+            .send_buffered()
+            .await
+        else {
+            return Err(std::io::Error::other("write_object error"));
+        };
+        //self.ToObjectError(err, object)
+        Ok(res.generation.to_string())
+    }
+
+    async fn put(&self, object: &str, r: ReaderImpl, length: i64) -> Result<String, std::io::Error> {
+        self.put_with_meta(object, r, length, HashMap::new()).await
+    }
+
+    async fn get(&self, object: &str, rv: &str, opts: WarmBackendGetOpts) -> Result<ReadCloser, std::io::Error> {
+        let Ok(mut reader) = self.client.read_object(&self.bucket, &self.get_dest(object)).send().await else {
+            return Err(std::io::Error::other("read_object error"));
+        };
+        let mut contents = Vec::new();
+        while let Ok(Some(chunk)) = reader.next().await.transpose() {
+            contents.extend_from_slice(&chunk);
+        }
+        Ok(ReadCloser::new(std::io::Cursor::new(contents)))
+    }
+
+    async fn remove(&self, object: &str, rv: &str) -> Result<(), std::io::Error> {
+        /*self.client
+        .delete_object()
+        .set_bucket(&self.bucket)
+        .set_object(&self.get_dest(object))
+        //.set_generation(object.generation)
+        .send()
+        .await?;*/
+        Ok(())
+    }
+
+    async fn in_use(&self) -> Result<bool, std::io::Error> {
+        /*let result = self.client
+            .list_objects_v2(&self.bucket, &self.prefix, "", "", SLASH_SEPARATOR, 1)
+            .await?;
+
+        Ok(result.common_prefixes.len() > 0 || result.contents.len() > 0)*/
+        Ok(false)
+    }
+}
+
+/*fn gcs_to_object_error(err: Error, params: Vec<String>) -> Option<Error> {
+  if err == nil {
+    return nil
+  }
+
+  bucket := ""
+  object := ""
+  uploadID := ""
+  if len(params) >= 1 {
+    bucket = params[0]
+  }
+  if len(params) == 2 {
+    object = params[1]
+  }
+  if len(params) == 3 {
+    uploadID = params[2]
+  }
+
+  // in some cases just a plain error is being returned
+  switch err.Error() {
+  case "storage: bucket doesn't exist":
+    err = BucketNotFound{
+      Bucket: bucket,
+    }
+    return err
+  case "storage: object doesn't exist":
+    if uploadID != "" {
+      err = InvalidUploadID{
+        UploadID: uploadID,
+      }
+    } else {
+      err = ObjectNotFound{
+        Bucket: bucket,
+        Object: object,
+      }
+    }
+    return err
+  }
+
+  googleAPIErr, ok := err.(*googleapi.Error)
+  if !ok {
+    // We don't interpret non MinIO errors. As minio errors will
+    // have StatusCode to help to convert to object errors.
+    return err
+  }
+
+  if len(googleAPIErr.Errors) == 0 {
+    return err
+  }
+
+  reason := googleAPIErr.Errors[0].Reason
+  message := googleAPIErr.Errors[0].Message
+
+  switch reason {
+  case "required":
+    // Anonymous users does not have storage.xyz access to project 123.
+    fallthrough
+  case "keyInvalid":
+    fallthrough
+  case "forbidden":
+    err = PrefixAccessDenied{
+      Bucket: bucket,
+      Object: object,
+    }
+  case "invalid":
+    err = BucketNameInvalid{
+      Bucket: bucket,
+    }
+  case "notFound":
+    if object != "" {
+      err = ObjectNotFound{
+        Bucket: bucket,
+        Object: object,
+      }
+      break
+    }
+    err = BucketNotFound{Bucket: bucket}
+  case "conflict":
+    if message == "You already own this bucket. Please select another name." {
+      err = BucketAlreadyOwnedByYou{Bucket: bucket}
+      break
+    }
+    if message == "Sorry, that name is not available. Please try a different one." {
+      err = BucketAlreadyExists{Bucket: bucket}
+      break
+    }
+    err = BucketNotEmpty{Bucket: bucket}
+  }
+
+  return err
+}*/
--- a/crates/ecstore/src/tier/warm_backend_huaweicloud.rs
+++ b/crates/ecstore/src/tier/warm_backend_huaweicloud.rs
@@ -0,0 +1,164 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use std::collections::HashMap;
+use std::sync::Arc;
+
+use crate::client::{
+    admin_handler_utils::AdminError,
+    api_put_object::PutObjectOptions,
+    credentials::{Credentials, SignatureType, Static, Value},
+    transition_api::{BucketLookupType, Options, ReadCloser, ReaderImpl, TransitionClient, TransitionCore},
+};
+use crate::tier::{
+    tier_config::TierHuaweicloud,
+    warm_backend::{WarmBackend, WarmBackendGetOpts},
+    warm_backend_s3::WarmBackendS3,
+};
+use tracing::warn;
+
+const MAX_MULTIPART_PUT_OBJECT_SIZE: i64 = 1024 * 1024 * 1024 * 1024 * 5;
+const MAX_PARTS_COUNT: i64 = 10000;
+const _MAX_PART_SIZE: i64 = 1024 * 1024 * 1024 * 5;
+const MIN_PART_SIZE: i64 = 1024 * 1024 * 128;
+
+pub struct WarmBackendHuaweicloud(WarmBackendS3);
+
+impl WarmBackendHuaweicloud {
+    pub async fn new(conf: &TierHuaweicloud, tier: &str) -> Result<Self, std::io::Error> {
+        if conf.access_key == "" || conf.secret_key == "" {
+            return Err(std::io::Error::other("both access and secret keys are required"));
+        }
+
+        if conf.bucket == "" {
+            return Err(std::io::Error::other("no bucket name was provided"));
+        }
+
+        let u = match url::Url::parse(&conf.endpoint) {
+            Ok(u) => u,
+            Err(e) => {
+                return Err(std::io::Error::other(e.to_string()));
+            }
+        };
+
+        let creds = Credentials::new(Static(Value {
+            access_key_id: conf.access_key.clone(),
+            secret_access_key: conf.secret_key.clone(),
+            session_token: "".to_string(),
+            signer_type: SignatureType::SignatureV4,
+            ..Default::default()
+        }));
+        let opts = Options {
+            creds,
+            secure: u.scheme() == "https",
+            //transport: GLOBAL_RemoteTargetTransport,
+            trailing_headers: true,
+            region: conf.region.clone(),
+            bucket_lookup: BucketLookupType::BucketLookupDNS,
+            ..Default::default()
+        };
+        let scheme = u.scheme();
+        let default_port = if scheme == "https" { 443 } else { 80 };
+        let client = TransitionClient::new(
+            &format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)),
+            opts,
+            "huaweicloud",
+        )
+        .await?;
+
+        let client = Arc::new(client);
+        let core = TransitionCore(Arc::clone(&client));
+        Ok(Self(WarmBackendS3 {
+            client,
+            core,
+            bucket: conf.bucket.clone(),
+            prefix: conf.prefix.strip_suffix("/").unwrap_or(&conf.prefix).to_owned(),
+            storage_class: "".to_string(),
+        }))
+    }
+}
+
+#[async_trait::async_trait]
+impl WarmBackend for WarmBackendHuaweicloud {
+    async fn put_with_meta(
+        &self,
+        object: &str,
+        r: ReaderImpl,
+        length: i64,
+        meta: HashMap<String, String>,
+    ) -> Result<String, std::io::Error> {
+        let part_size = optimal_part_size(length)?;
+        let client = self.0.client.clone();
+        let res = client
+            .put_object(
+                &self.0.bucket,
+                &self.0.get_dest(object),
+                r,
+                length,
+                &PutObjectOptions {
+                    storage_class: self.0.storage_class.clone(),
+                    part_size: part_size as u64,
+                    disable_content_sha256: true,
+                    user_metadata: meta,
+                    ..Default::default()
+                },
+            )
+            .await?;
+        //self.ToObjectError(err, object)
+        Ok(res.version_id)
+    }
+
+    async fn put(&self, object: &str, r: ReaderImpl, length: i64) -> Result<String, std::io::Error> {
+        self.put_with_meta(object, r, length, HashMap::new()).await
+    }
+
+    async fn get(&self, object: &str, rv: &str, opts: WarmBackendGetOpts) -> Result<ReadCloser, std::io::Error> {
+        self.0.get(object, rv, opts).await
+    }
+
+    async fn remove(&self, object: &str, rv: &str) -> Result<(), std::io::Error> {
+        self.0.remove(object, rv).await
+    }
+
+    async fn in_use(&self) -> Result<bool, std::io::Error> {
+        self.0.in_use().await
+    }
+}
+
+fn optimal_part_size(object_size: i64) -> Result<i64, std::io::Error> {
+    let mut object_size = object_size;
+    if object_size == -1 {
+        object_size = MAX_MULTIPART_PUT_OBJECT_SIZE;
+    }
+
+    if object_size > MAX_MULTIPART_PUT_OBJECT_SIZE {
+        return Err(std::io::Error::other("entity too large"));
+    }
+
+    let configured_part_size = MIN_PART_SIZE;
+    let mut part_size_flt = object_size as f64 / MAX_PARTS_COUNT as f64;
+    part_size_flt = (part_size_flt as f64 / configured_part_size as f64).ceil() * configured_part_size as f64;
+
+    let part_size = part_size_flt as i64;
+    if part_size == 0 {
+        return Ok(MIN_PART_SIZE);
+    }
+    Ok(part_size)
+}
--- a/crates/ecstore/src/tier/warm_backend_minio.rs
+++ b/crates/ecstore/src/tier/warm_backend_minio.rs
@@ -1,4 +1,3 @@
-#![allow(unused_imports)]
 // Copyright 2024 RustFS Team
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +11,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+#![allow(unused_imports)]
 #![allow(unused_variables)]
 #![allow(unused_mut)]
 #![allow(unused_assignments)]
@@ -70,12 +70,17 @@ impl WarmBackendMinIO {
            secure: u.scheme() == "https",
            //transport: GLOBAL_RemoteTargetTransport,
            trailing_headers: true,
+            region: conf.region.clone(),
            ..Default::default()
        };
        let scheme = u.scheme();
        let default_port = if scheme == "https" { 443 } else { 80 };
-        let client =
-            TransitionClient::new(&format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)), opts).await?;
+        let client = TransitionClient::new(
+            &format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)),
+            opts,
+            "minio",
+        )
+        .await?;

        let client = Arc::new(client);
        let core = TransitionCore(Arc::clone(&client));
--- a/crates/ecstore/src/tier/warm_backend_r2.rs
+++ b/crates/ecstore/src/tier/warm_backend_r2.rs
@@ -0,0 +1,163 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use std::collections::HashMap;
+use std::sync::Arc;
+
+use crate::client::{
+    admin_handler_utils::AdminError,
+    api_put_object::PutObjectOptions,
+    credentials::{Credentials, SignatureType, Static, Value},
+    transition_api::{Options, ReadCloser, ReaderImpl, TransitionClient, TransitionCore},
+};
+use crate::tier::{
+    tier_config::TierR2,
+    warm_backend::{WarmBackend, WarmBackendGetOpts},
+    warm_backend_s3::WarmBackendS3,
+};
+use tracing::warn;
+
+const MAX_MULTIPART_PUT_OBJECT_SIZE: i64 = 1024 * 1024 * 1024 * 1024 * 5;
+const MAX_PARTS_COUNT: i64 = 10000;
+const _MAX_PART_SIZE: i64 = 1024 * 1024 * 1024 * 5;
+const MIN_PART_SIZE: i64 = 1024 * 1024 * 128;
+
+pub struct WarmBackendR2(WarmBackendS3);
+
+impl WarmBackendR2 {
+    pub async fn new(conf: &TierR2, tier: &str) -> Result<Self, std::io::Error> {
+        if conf.access_key == "" || conf.secret_key == "" {
+            return Err(std::io::Error::other("both access and secret keys are required"));
+        }
+
+        if conf.bucket == "" {
+            return Err(std::io::Error::other("no bucket name was provided"));
+        }
+
+        let u = match url::Url::parse(&conf.endpoint) {
+            Ok(u) => u,
+            Err(e) => {
+                return Err(std::io::Error::other(e.to_string()));
+            }
+        };
+
+        let creds = Credentials::new(Static(Value {
+            access_key_id: conf.access_key.clone(),
+            secret_access_key: conf.secret_key.clone(),
+            session_token: "".to_string(),
+            signer_type: SignatureType::SignatureV4,
+            ..Default::default()
+        }));
+        let opts = Options {
+            creds,
+            secure: u.scheme() == "https",
+            //transport: GLOBAL_RemoteTargetTransport,
+            trailing_headers: true,
+            region: conf.region.clone(),
+            ..Default::default()
+        };
+        let scheme = u.scheme();
+        let default_port = if scheme == "https" { 443 } else { 80 };
+        let client = TransitionClient::new(
+            &format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)),
+            opts,
+            "r2",
+        )
+        .await?;
+
+        let client = Arc::new(client);
+        let core = TransitionCore(Arc::clone(&client));
+        Ok(Self(WarmBackendS3 {
+            client,
+            core,
+            bucket: conf.bucket.clone(),
+            prefix: conf.prefix.strip_suffix("/").unwrap_or(&conf.prefix).to_owned(),
+            storage_class: "".to_string(),
+        }))
+    }
+}
+
+#[async_trait::async_trait]
+impl WarmBackend for WarmBackendR2 {
+    async fn put_with_meta(
+        &self,
+        object: &str,
+        r: ReaderImpl,
+        length: i64,
+        meta: HashMap<String, String>,
+    ) -> Result<String, std::io::Error> {
+        let part_size = optimal_part_size(length)?;
+        let client = self.0.client.clone();
+        let res = client
+            .put_object(
+                &self.0.bucket,
+                &self.0.get_dest(object),
+                r,
+                length,
+                &PutObjectOptions {
+                    storage_class: self.0.storage_class.clone(),
+                    part_size: part_size as u64,
+                    disable_content_sha256: true,
+                    user_metadata: meta,
+                    ..Default::default()
+                },
+            )
+            .await?;
+        //self.ToObjectError(err, object)
+        Ok(res.version_id)
+    }
+
+    async fn put(&self, object: &str, r: ReaderImpl, length: i64) -> Result<String, std::io::Error> {
+        self.put_with_meta(object, r, length, HashMap::new()).await
+    }
+
+    async fn get(&self, object: &str, rv: &str, opts: WarmBackendGetOpts) -> Result<ReadCloser, std::io::Error> {
+        self.0.get(object, rv, opts).await
+    }
+
+    async fn remove(&self, object: &str, rv: &str) -> Result<(), std::io::Error> {
+        self.0.remove(object, rv).await
+    }
+
+    async fn in_use(&self) -> Result<bool, std::io::Error> {
+        self.0.in_use().await
+    }
+}
+
+fn optimal_part_size(object_size: i64) -> Result<i64, std::io::Error> {
+    let mut object_size = object_size;
+    if object_size == -1 {
+        object_size = MAX_MULTIPART_PUT_OBJECT_SIZE;
+    }
+
+    if object_size > MAX_MULTIPART_PUT_OBJECT_SIZE {
+        return Err(std::io::Error::other("entity too large"));
+    }
+
+    let configured_part_size = MIN_PART_SIZE;
+    let mut part_size_flt = object_size as f64 / MAX_PARTS_COUNT as f64;
+    part_size_flt = (part_size_flt as f64 / configured_part_size as f64).ceil() * configured_part_size as f64;
+
+    let part_size = part_size_flt as i64;
+    if part_size == 0 {
+        return Ok(MIN_PART_SIZE);
+    }
+    Ok(part_size)
+}
--- a/crates/ecstore/src/tier/warm_backend_rustfs.rs
+++ b/crates/ecstore/src/tier/warm_backend_rustfs.rs
@@ -1,4 +1,3 @@
-#![allow(unused_imports)]
 // Copyright 2024 RustFS Team
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +11,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+#![allow(unused_imports)]
 #![allow(unused_variables)]
 #![allow(unused_mut)]
 #![allow(unused_assignments)]
@@ -67,12 +67,17 @@ impl WarmBackendRustFS {
            secure: u.scheme() == "https",
            //transport: GLOBAL_RemoteTargetTransport,
            trailing_headers: true,
+            region: conf.region.clone(),
            ..Default::default()
        };
        let scheme = u.scheme();
        let default_port = if scheme == "https" { 443 } else { 80 };
-        let client =
-            TransitionClient::new(&format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)), opts).await?;
+        let client = TransitionClient::new(
+            &format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)),
+            opts,
+            "rustfs",
+        )
+        .await?;

        let client = Arc::new(client);
        let core = TransitionCore(Arc::clone(&client));
--- a/crates/ecstore/src/tier/warm_backend_s3.rs
+++ b/crates/ecstore/src/tier/warm_backend_s3.rs
@@ -1,4 +1,3 @@
-#![allow(unused_imports)]
 // Copyright 2024 RustFS Team
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,6 +11,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+#![allow(unused_imports)]
 #![allow(unused_variables)]
 #![allow(unused_mut)]
 #![allow(unused_assignments)]
@@ -92,9 +92,10 @@ impl WarmBackendS3 {
            creds,
            secure: u.scheme() == "https",
            //transport: GLOBAL_RemoteTargetTransport,
+            region: conf.region.clone(),
            ..Default::default()
        };
-        let client = TransitionClient::new(&u.host().expect("err").to_string(), opts).await?;
+        let client = TransitionClient::new(&u.host().expect("err").to_string(), opts, "s3").await?;

        let client = Arc::new(client);
        let core = TransitionCore(Arc::clone(&client));
--- a/crates/ecstore/src/tier/warm_backend_s3sdk.rs
+++ b/crates/ecstore/src/tier/warm_backend_s3sdk.rs
@@ -0,0 +1,196 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use std::collections::HashMap;
+use std::sync::Arc;
+use url::Url;
+
+use aws_config::meta::region::RegionProviderChain;
+use aws_sdk_s3::Client;
+use aws_sdk_s3::config::{Credentials, Region};
+use aws_sdk_s3::primitives::ByteStream;
+
+use crate::client::{
+    api_get_options::GetObjectOptions,
+    api_put_object::PutObjectOptions,
+    api_remove::RemoveObjectOptions,
+    transition_api::{ReadCloser, ReaderImpl},
+};
+use crate::error::ErrorResponse;
+use crate::error::error_resp_to_object_err;
+use crate::tier::{
+    tier_config::TierS3,
+    warm_backend::{WarmBackend, WarmBackendGetOpts},
+};
+use rustfs_utils::path::SLASH_SEPARATOR;
+
+pub struct WarmBackendS3 {
+    pub client: Arc<Client>,
+    pub bucket: String,
+    pub prefix: String,
+    pub storage_class: String,
+}
+
+impl WarmBackendS3 {
+    pub async fn new(conf: &TierS3, tier: &str) -> Result<Self, std::io::Error> {
+        let u = match Url::parse(&conf.endpoint) {
+            Ok(u) => u,
+            Err(err) => {
+                return Err(std::io::Error::other(err.to_string()));
+            }
+        };
+
+        if conf.aws_role_web_identity_token_file == "" && conf.aws_role_arn != ""
+            || conf.aws_role_web_identity_token_file != "" && conf.aws_role_arn == ""
+        {
+            return Err(std::io::Error::other("both the token file and the role ARN are required"));
+        } else if conf.access_key == "" && conf.secret_key != "" || conf.access_key != "" && conf.secret_key == "" {
+            return Err(std::io::Error::other("both the access and secret keys are required"));
+        } else if conf.aws_role
+            && (conf.aws_role_web_identity_token_file != ""
+                || conf.aws_role_arn != ""
+                || conf.access_key != ""
+                || conf.secret_key != "")
+        {
+            return Err(std::io::Error::other(
+                "AWS Role cannot be activated with static credentials or the web identity token file",
+            ));
+        } else if conf.bucket == "" {
+            return Err(std::io::Error::other("no bucket name was provided"));
+        }
+
+        let creds;
+        if conf.access_key != "" && conf.secret_key != "" {
+            creds = Credentials::new(
+                conf.access_key.clone(), // access_key_id
+                conf.secret_key.clone(), // secret_access_key
+                None,                    // session_token (optional)
+                None,
+                "Static",
+            );
+        } else {
+            return Err(std::io::Error::other("insufficient parameters for S3 backend authentication"));
+        }
+        let region_provider = RegionProviderChain::default_provider().or_else(Region::new(conf.region.clone()));
+        #[allow(deprecated)]
+        let config = aws_config::from_env()
+            .endpoint_url(conf.endpoint.clone())
+            .region(region_provider)
+            .credentials_provider(creds)
+            .load()
+            .await;
+        let client = Client::new(&config);
+        let client = Arc::new(client);
+        Ok(Self {
+            client,
+            bucket: conf.bucket.clone(),
+            prefix: conf.prefix.clone().trim_matches('/').to_string(),
+            storage_class: conf.storage_class.clone(),
+        })
+    }
+
+    pub fn get_dest(&self, object: &str) -> String {
+        let mut dest_obj = object.to_string();
+        if self.prefix != "" {
+            dest_obj = format!("{}/{}", &self.prefix, object);
+        }
+        return dest_obj;
+    }
+}
+
+#[async_trait::async_trait]
+impl WarmBackend for WarmBackendS3 {
+    async fn put_with_meta(
+        &self,
+        object: &str,
+        r: ReaderImpl,
+        length: i64,
+        meta: HashMap<String, String>,
+    ) -> Result<String, std::io::Error> {
+        let client = self.client.clone();
+        let Ok(res) = client
+            .put_object()
+            .bucket(&self.bucket)
+            .key(&self.get_dest(object))
+            .body(match r {
+                ReaderImpl::Body(content_body) => ByteStream::from(content_body.to_vec()),
+                ReaderImpl::ObjectBody(mut content_body) => ByteStream::from(content_body.read_all().await?),
+            })
+            .send()
+            .await
+        else {
+            return Err(std::io::Error::other("put_object error"));
+        };
+
+        Ok(res.version_id().unwrap_or("").to_string())
+    }
+
+    async fn put(&self, object: &str, r: ReaderImpl, length: i64) -> Result<String, std::io::Error> {
+        self.put_with_meta(object, r, length, HashMap::new()).await
+    }
+
+    async fn get(&self, object: &str, rv: &str, opts: WarmBackendGetOpts) -> Result<ReadCloser, std::io::Error> {
+        let client = self.client.clone();
+        let Ok(res) = client
+            .get_object()
+            .bucket(&self.bucket)
+            .key(&self.get_dest(object))
+            .send()
+            .await
+        else {
+            return Err(std::io::Error::other("get_object error"));
+        };
+
+        Ok(ReadCloser::new(std::io::Cursor::new(
+            res.body.collect().await.map(|data| data.into_bytes().to_vec())?,
+        )))
+    }
+
+    async fn remove(&self, object: &str, rv: &str) -> Result<(), std::io::Error> {
+        let client = self.client.clone();
+        if let Err(_) = client
+            .delete_object()
+            .bucket(&self.bucket)
+            .key(&self.get_dest(object))
+            .send()
+            .await
+        {
+            return Err(std::io::Error::other("delete_object error"));
+        }
+
+        Ok(())
+    }
+
+    async fn in_use(&self) -> Result<bool, std::io::Error> {
+        let client = self.client.clone();
+        let Ok(res) = client
+            .list_objects_v2()
+            .bucket(&self.bucket)
+            //.max_keys(10)
+            //.into_paginator()
+            .send()
+            .await
+        else {
+            return Err(std::io::Error::other("list_objects_v2 error"));
+        };
+
+        Ok(res.common_prefixes.unwrap().len() > 0 || res.contents.unwrap().len() > 0)
+    }
+}
--- a/crates/ecstore/src/tier/warm_backend_tencent.rs
+++ b/crates/ecstore/src/tier/warm_backend_tencent.rs
@@ -0,0 +1,164 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#![allow(unused_imports)]
+#![allow(unused_variables)]
+#![allow(unused_mut)]
+#![allow(unused_assignments)]
+#![allow(unused_must_use)]
+#![allow(clippy::all)]
+
+use std::collections::HashMap;
+use std::sync::Arc;
+
+use crate::client::{
+    admin_handler_utils::AdminError,
+    api_put_object::PutObjectOptions,
+    credentials::{Credentials, SignatureType, Static, Value},
+    transition_api::{BucketLookupType, Options, ReadCloser, ReaderImpl, TransitionClient, TransitionCore},
+};
+use crate::tier::{
+    tier_config::TierTencent,
+    warm_backend::{WarmBackend, WarmBackendGetOpts},
+    warm_backend_s3::WarmBackendS3,
+};
+use tracing::warn;
+
+const MAX_MULTIPART_PUT_OBJECT_SIZE: i64 = 1024 * 1024 * 1024 * 1024 * 5;
+const MAX_PARTS_COUNT: i64 = 10000;
+const _MAX_PART_SIZE: i64 = 1024 * 1024 * 1024 * 5;
+const MIN_PART_SIZE: i64 = 1024 * 1024 * 128;
+
+pub struct WarmBackendTencent(WarmBackendS3);
+
+impl WarmBackendTencent {
+    pub async fn new(conf: &TierTencent, tier: &str) -> Result<Self, std::io::Error> {
+        if conf.access_key == "" || conf.secret_key == "" {
+            return Err(std::io::Error::other("both access and secret keys are required"));
+        }
+
+        if conf.bucket == "" {
+            return Err(std::io::Error::other("no bucket name was provided"));
+        }
+
+        let u = match url::Url::parse(&conf.endpoint) {
+            Ok(u) => u,
+            Err(e) => {
+                return Err(std::io::Error::other(e.to_string()));
+            }
+        };
+
+        let creds = Credentials::new(Static(Value {
+            access_key_id: conf.access_key.clone(),
+            secret_access_key: conf.secret_key.clone(),
+            session_token: "".to_string(),
+            signer_type: SignatureType::SignatureV4,
+            ..Default::default()
+        }));
+        let opts = Options {
+            creds,
+            secure: u.scheme() == "https",
+            //transport: GLOBAL_RemoteTargetTransport,
+            trailing_headers: true,
+            region: conf.region.clone(),
+            bucket_lookup: BucketLookupType::BucketLookupDNS,
+            ..Default::default()
+        };
+        let scheme = u.scheme();
+        let default_port = if scheme == "https" { 443 } else { 80 };
+        let client = TransitionClient::new(
+            &format!("{}:{}", u.host_str().expect("err"), u.port().unwrap_or(default_port)),
+            opts,
+            "tencent",
+        )
+        .await?;
+
+        let client = Arc::new(client);
+        let core = TransitionCore(Arc::clone(&client));
+        Ok(Self(WarmBackendS3 {
+            client,
+            core,
+            bucket: conf.bucket.clone(),
+            prefix: conf.prefix.strip_suffix("/").unwrap_or(&conf.prefix).to_owned(),
+            storage_class: "".to_string(),
+        }))
+    }
+}
+
+#[async_trait::async_trait]
+impl WarmBackend for WarmBackendTencent {
+    async fn put_with_meta(
+        &self,
+        object: &str,
+        r: ReaderImpl,
+        length: i64,
+        meta: HashMap<String, String>,
+    ) -> Result<String, std::io::Error> {
+        let part_size = optimal_part_size(length)?;
+        let client = self.0.client.clone();
+        let res = client
+            .put_object(
+                &self.0.bucket,
+                &self.0.get_dest(object),
+                r,
+                length,
+                &PutObjectOptions {
+                    storage_class: self.0.storage_class.clone(),
+                    part_size: part_size as u64,
+                    disable_content_sha256: true,
+                    user_metadata: meta,
+                    ..Default::default()
+                },
+            )
+            .await?;
+        //self.ToObjectError(err, object)
+        Ok(res.version_id)
+    }
+
+    async fn put(&self, object: &str, r: ReaderImpl, length: i64) -> Result<String, std::io::Error> {
+        self.put_with_meta(object, r, length, HashMap::new()).await
+    }
+
+    async fn get(&self, object: &str, rv: &str, opts: WarmBackendGetOpts) -> Result<ReadCloser, std::io::Error> {
+        self.0.get(object, rv, opts).await
+    }
+
+    async fn remove(&self, object: &str, rv: &str) -> Result<(), std::io::Error> {
+        self.0.remove(object, rv).await
+    }
+
+    async fn in_use(&self) -> Result<bool, std::io::Error> {
+        self.0.in_use().await
+    }
+}
+
+fn optimal_part_size(object_size: i64) -> Result<i64, std::io::Error> {
+    let mut object_size = object_size;
+    if object_size == -1 {
+        object_size = MAX_MULTIPART_PUT_OBJECT_SIZE;
+    }
+
+    if object_size > MAX_MULTIPART_PUT_OBJECT_SIZE {
+        return Err(std::io::Error::other("entity too large"));
+    }
+
+    let configured_part_size = MIN_PART_SIZE;
+    let mut part_size_flt = object_size as f64 / MAX_PARTS_COUNT as f64;
+    part_size_flt = (part_size_flt as f64 / configured_part_size as f64).ceil() * configured_part_size as f64;
+
+    let part_size = part_size_flt as i64;
+    if part_size == 0 {
+        return Ok(MIN_PART_SIZE);
+    }
+    Ok(part_size)
+}
--- a/crates/filemeta/Cargo.toml
+++ b/crates/filemeta/Cargo.toml
@@ -40,6 +40,8 @@ byteorder = { workspace = true }
 tracing.workspace = true
 thiserror.workspace = true
 s3s.workspace = true
+lazy_static.workspace = true
+regex.workspace = true

 [dev-dependencies]
 criterion = { workspace = true }
--- a/crates/filemeta/src/fileinfo.rs
+++ b/crates/filemeta/src/fileinfo.rs
@@ -12,16 +12,19 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+use super::filemeta::TRANSITION_COMPLETE;
 use crate::error::{Error, Result};
 use crate::{ReplicationState, ReplicationStatusType, VersionPurgeStatusType};
 use bytes::Bytes;
 use rmp_serde::Serializer;
 use rustfs_utils::HashAlgorithm;
 use rustfs_utils::http::headers::{RESERVED_METADATA_PREFIX_LOWER, RUSTFS_HEALING};
+use s3s::dto::{RestoreStatus, Timestamp};
+use s3s::header::X_AMZ_RESTORE;
 use serde::Deserialize;
 use serde::Serialize;
 use std::collections::HashMap;
-use time::OffsetDateTime;
+use time::{OffsetDateTime, format_description::well_known::Rfc3339};
 use uuid::Uuid;

 pub const ERASURE_ALGORITHM: &str = "rs-vandermonde";
@@ -35,6 +38,8 @@ pub const TIER_FV_ID: &str = "tier-free-versionID";
 pub const TIER_FV_MARKER: &str = "tier-free-marker";
 pub const TIER_SKIP_FV_ID: &str = "tier-skip-fvid";

+const ERR_RESTORE_HDR_MALFORMED: &str = "x-amz-restore header malformed";
+
 #[derive(Serialize, Deserialize, Debug, PartialEq, Clone, Default)]
 pub struct ObjectPartInfo {
    pub etag: String,
@@ -284,6 +289,7 @@ impl FileInfo {
        Ok(t)
    }

+    #[allow(clippy::too_many_arguments)]
    pub fn add_object_part(
        &mut self,
        num: usize,
@@ -292,6 +298,7 @@ impl FileInfo {
        mod_time: Option<OffsetDateTime>,
        actual_size: i64,
        index: Option<Bytes>,
+        checksums: Option<HashMap<String, String>>,
    ) {
        let part = ObjectPartInfo {
            etag,
@@ -300,7 +307,7 @@ impl FileInfo {
            mod_time,
            actual_size,
            index,
-            checksums: None,
+            checksums,
            error: None,
        };

@@ -392,7 +399,10 @@ impl FileInfo {

    /// Check if the object is remote (transitioned to another tier)
    pub fn is_remote(&self) -> bool {
-        !self.transition_tier.is_empty()
+        if self.transition_status != TRANSITION_COMPLETE {
+            return false;
+        }
+        !is_restored_object_on_disk(&self.metadata)
    }

    /// Get the data directory for this object
@@ -533,3 +543,101 @@ pub struct FilesInfo {
    pub files: Vec<FileInfo>,
    pub is_truncated: bool,
 }
+
+pub trait RestoreStatusOps {
+    fn expiry(&self) -> Option<OffsetDateTime>;
+    fn on_going(&self) -> bool;
+    fn on_disk(&self) -> bool;
+    fn to_string(&self) -> String;
+}
+
+impl RestoreStatusOps for RestoreStatus {
+    fn expiry(&self) -> Option<OffsetDateTime> {
+        if self.on_going() {
+            return None;
+        }
+        self.restore_expiry_date.clone().map(OffsetDateTime::from)
+    }
+
+    fn on_going(&self) -> bool {
+        if let Some(on_going) = self.is_restore_in_progress {
+            return on_going;
+        }
+        false
+    }
+
+    fn on_disk(&self) -> bool {
+        let expiry = self.expiry();
+        if let Some(expiry0) = expiry
+            && OffsetDateTime::now_utc().unix_timestamp() < expiry0.unix_timestamp()
+        {
+            return true;
+        }
+        false
+    }
+
+    fn to_string(&self) -> String {
+        if self.on_going() {
+            return "ongoing-request=\"true\"".to_string();
+        }
+        format!(
+            "ongoing-request=\"false\", expiry-date=\"{}\"",
+            OffsetDateTime::from(self.restore_expiry_date.clone().unwrap())
+                .format(&Rfc3339)
+                .unwrap()
+        )
+    }
+}
+
+fn parse_restore_obj_status(restore_hdr: &str) -> Result<RestoreStatus> {
+    let tokens: Vec<&str> = restore_hdr.splitn(2, ",").collect();
+    let progress_tokens: Vec<&str> = tokens[0].splitn(2, "=").collect();
+    if progress_tokens.len() != 2 {
+        return Err(Error::other(ERR_RESTORE_HDR_MALFORMED));
+    }
+    if progress_tokens[0].trim() != "ongoing-request" {
+        return Err(Error::other(ERR_RESTORE_HDR_MALFORMED));
+    }
+
+    match progress_tokens[1] {
+        "true" | "\"true\"" => {
+            if tokens.len() == 1 {
+                return Ok(RestoreStatus {
+                    is_restore_in_progress: Some(true),
+                    ..Default::default()
+                });
+            }
+        }
+        "false" | "\"false\"" => {
+            if tokens.len() != 2 {
+                return Err(Error::other(ERR_RESTORE_HDR_MALFORMED));
+            }
+            let expiry_tokens: Vec<&str> = tokens[1].splitn(2, "=").collect();
+            if expiry_tokens.len() != 2 {
+                return Err(Error::other(ERR_RESTORE_HDR_MALFORMED));
+            }
+            if expiry_tokens[0].trim() != "expiry-date" {
+                return Err(Error::other(ERR_RESTORE_HDR_MALFORMED));
+            }
+            let expiry = OffsetDateTime::parse(expiry_tokens[1].trim_matches('"'), &Rfc3339).unwrap();
+            /*if err != nil {
+                return Err(Error::other(ERR_RESTORE_HDR_MALFORMED));
+            }*/
+            return Ok(RestoreStatus {
+                is_restore_in_progress: Some(false),
+                restore_expiry_date: Some(Timestamp::from(expiry)),
+            });
+        }
+        _ => (),
+    }
+    Err(Error::other(ERR_RESTORE_HDR_MALFORMED))
+}
+
+pub fn is_restored_object_on_disk(meta: &HashMap<String, String>) -> bool {
+    if let Some(restore_hdr) = meta.get(X_AMZ_RESTORE.as_str()) {
+        if let Ok(restore_status) = parse_restore_obj_status(restore_hdr) {
+            return restore_status.on_disk();
+        }
+    }
+    false
+}
--- a/crates/filemeta/src/filemeta.rs
+++ b/crates/filemeta/src/filemeta.rs
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
weisd	0b80074270	todo	2025-11-04 17:12:58 +08:00
weisd	6617372b33	fix rmdir versionid (#784 )	2025-11-03 18:23:16 +08:00
weisd	769778e565	fix iam (#783 )	2025-11-03 17:39:51 +08:00
houseme	a7f5c4af46	fix windows response (#781 )	2025-11-03 12:49:39 +08:00
dependabot[bot]	a9d5fbac54	build(deps): bump the dependencies group with 6 updates (#777 ) * build(deps): bump the dependencies group with 6 updates Bumps the dependencies group with 6 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [axum-extra](https://github.com/tokio-rs/axum) \| `0.10.3` \| `0.12.0` \| \| [aws-config](https://github.com/smithy-lang/smithy-rs) \| `1.8.8` \| `1.8.10` \| \| [aws-sdk-s3](https://github.com/awslabs/aws-sdk-rust) \| `1.109.0` \| `1.110.0` \| \| [aws-smithy-types](https://github.com/smithy-lang/smithy-rs) \| `1.3.3` \| `1.3.4` \| \| [clap](https://github.com/clap-rs/clap) \| `4.5.50` \| `4.5.51` \| \| [matchit](https://github.com/ibraheemdev/matchit) \| `0.8.4` \| `0.9.0` \| Updates `axum-extra` from 0.10.3 to 0.12.0 - [Release notes](https://github.com/tokio-rs/axum/releases) - [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.10.3...axum-extra-v0.12.0) Updates `aws-config` from 1.8.8 to 1.8.10 - [Release notes](https://github.com/smithy-lang/smithy-rs/releases) - [Changelog](https://github.com/smithy-lang/smithy-rs/blob/main/CHANGELOG.md) - [Commits](https://github.com/smithy-lang/smithy-rs/commits) Updates `aws-sdk-s3` from 1.109.0 to 1.110.0 - [Release notes](https://github.com/awslabs/aws-sdk-rust/releases) - [Commits](https://github.com/awslabs/aws-sdk-rust/commits) Updates `aws-smithy-types` from 1.3.3 to 1.3.4 - [Release notes](https://github.com/smithy-lang/smithy-rs/releases) - [Changelog](https://github.com/smithy-lang/smithy-rs/blob/main/CHANGELOG.md) - [Commits](https://github.com/smithy-lang/smithy-rs/commits) Updates `clap` from 4.5.50 to 4.5.51 - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.50...clap_complete-v4.5.51) Updates `matchit` from 0.8.4 to 0.9.0 - [Release notes](https://github.com/ibraheemdev/matchit/releases) - [Commits](https://github.com/ibraheemdev/matchit/compare/v0.8.4...v0.9.0) --- updated-dependencies: - dependency-name: axum-extra dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: aws-config dependency-version: 1.8.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: aws-sdk-s3 dependency-version: 1.110.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: aws-smithy-types dependency-version: 1.3.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: clap dependency-version: 4.5.51 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: matchit dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com> * upgrade crates version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: houseme <housemecn@gmail.com>	2025-11-03 00:34:54 +08:00
houseme	281e68c9bf	fix (#776 )	2025-11-01 09:28:46 +08:00
houseme	d30c42f85a	feat(admin): Add admin v3 API routes and profiling endpoints for RustFS (#774 ) * add Jemalloc * feat: optimize AI rules with unified .rules.md (#401) * feat: optimize AI rules with unified .rules.md and entry points - Create .rules.md as the central AI coding rules file - Add .copilot-rules.md as GitHub Copilot entry point - Add CLAUDE.md as Claude AI entry point - Incorporate principles from rustfs.com project - Add three critical rules: 1. Use English for all code comments and documentation 2. Clean up temporary scripts after use 3. Only make confident modifications * Update CLAUDE.md --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> * feat: translate chinese to english (#402) * Checkpoint before follow-up message Co-authored-by: anzhengchao <anzhengchao@gmail.com> * Translate project documentation and comments from Chinese to English Co-authored-by: anzhengchao <anzhengchao@gmail.com> * Fix typo: "unparseable" to "unparsable" in version test comment Co-authored-by: anzhengchao <anzhengchao@gmail.com> * Refactor compression test code with minor syntax improvements Co-authored-by: anzhengchao <anzhengchao@gmail.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> * fix: the automatic logout issue and user list display failure on Windows systems (#353) (#343) (#403) Co-authored-by: 安正超 <anzhengchao@gmail.com> * upgrade version * improve code for profiling * fix * Initial plan * feat: Implement layered DNS resolver with caching and validation Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * feat: Integrate DNS resolver into main application and fix formatting Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * feat: Implement enhanced DNS resolver with Moka cache and layered fallback Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * feat: Implement hickory-resolver with TLS support for enhanced DNS resolution Co-authored-by: houseme <4829346+houseme@users.noreply.github.com> * upgrade * add .gitignore config * fix * add * add * up * improve linux profiling * fix * fix * fix * feat(admin): Refactor profiling endpoints Replaces the existing pprof profiling endpoints with new trigger-based APIs for CPU and memory profiling. This change simplifies the handler logic by moving the profiling implementation to a dedicated module. A new handler file `admin/handlers/profile.rs` is created to contain the logic for these new endpoints. The core profiling functions are now expected to be in the `profiling` module, which the new handlers call to generate and save profile data. * cargo shear --fix * fix * fix * fix --------- Co-authored-by: 安正超 <anzhengchao@gmail.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: shiro.lee <69624924+shiroleeee@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: houseme <4829346+houseme@users.noreply.github.com>	2025-11-01 03:16:37 +08:00
Niklas Mollenhauer	79012be2c8	Add default storage class to ListObjectsV2 (#765 ) * Add InvalidRangeSpec error * Add EntityTooSmall to from_u32 * Add InvalidRangeSpec to from_u32 * Map InvalidRangeSpec to correct S3ErrorCode * Return Error::InvalidRangeSpec * Use auto implementation * Add default storage class to ListObjectsV2 Resolves #764 * Add storage_class to response * Make storage class optional so default won't be an empty string --------- Co-authored-by: houseme <housemecn@gmail.com>	2025-10-31 19:32:25 +08:00
loverustfs	325ff62684	Issue 762 (#763 ) * Add InvalidRangeSpec error * Add EntityTooSmall to from_u32 * Add InvalidRangeSpec to from_u32 * Map InvalidRangeSpec to correct S3ErrorCode * Return Error::InvalidRangeSpec * Use auto implementation --------- Co-authored-by: Niklas Mollenhauer <nikeee@outlook.com>	2025-10-31 17:20:18 +08:00
安正超	f0c2ede7a7	Remove unnecessary tools folder in CI workflow (#770 )	2025-10-31 16:44:08 +08:00
安正超	b9fd66c1cd	Delete deploy/build/rustfs.run-zh.md (#757 )	2025-10-30 13:56:26 +08:00
安正超	c43b11fb92	Delete deploy/build/rustfs-zh.service (#756 )	2025-10-30 13:55:51 +08:00
安正超	d737a439d5	Delete deploy/config/rustfs-zh.env (#755 )	2025-10-30 13:54:53 +08:00
houseme	0714c7a9ca	modify logger level from `info` to `error` (#744 ) * modify logger level from `info` to `error` * fix test * improve tokio runtime config * add rustfs helm chart files (#747) * add rustfs helm chart files * update readme file with helm chart * delete helm chart license file * fix typo in readme file * fix: restore localized samples in tests (#749) * fix: restore required localized examples * style: fix formatting issues * improve code for Observability * upgrade crates version * fix * up * fix --------- Co-authored-by: majinghe <42570491+majinghe@users.noreply.github.com> Co-authored-by: 安正超 <anzhengchao@gmail.com>	2025-10-29 19:20:53 +08:00
loverustfs	2ceb65adb4	replace rustfs pic	2025-10-29 15:50:18 +08:00
安正超	dd47fcf2a8	fix: restore localized samples in tests (#749 ) * fix: restore required localized examples * style: fix formatting issues	2025-10-29 13:16:31 +08:00
majinghe	64ba52bc1e	add rustfs helm chart files (#747 ) * add rustfs helm chart files * update readme file with helm chart * delete helm chart license file * fix typo in readme file	2025-10-29 12:23:21 +08:00
shiro.lee	d2ced233e5	fix: when the error returned by make_bucket is BucketExists, replace … (#735 ) * fix: when the error returned by make_bucket is BucketExists, replace BucketAlreadyExists with BucketAlreadyOwnedByYou (#719) * test: In the test_api_error_from_storage_error_mappings test method, modify the corresponding mapping relationships --------- Co-authored-by: weisd <im@weisd.in>	2025-10-28 15:26:34 +08:00
weisd	40660e7b80	fix: scandir object (#733 ) * fix: scandir object count * fix: base64 list continuation_token	2025-10-28 15:02:43 +08:00
likewu	2aca1f77af	Fix/ilm (#721 ) * fix tip remote tier error * fix transitioned_object * fix filemeta * add GCS R2 * add aliyun tencent huaweicloud azure gcs r2 backend tier * fix signer * change azure to s3 Co-authored-by: houseme <housemecn@gmail.com> Co-authored-by: loverustfs <155562731+loverustfs@users.noreply.github.com>	2025-10-27 20:23:50 +08:00
Ben Scholzen	6f3d2885cd	fix: take content type from PutObjectInput instead of headers (#718 ) fixes #716 Co-authored-by: loverustfs <155562731+loverustfs@users.noreply.github.com>	2025-10-26 21:44:54 +08:00
shiro.lee	6ab7619023	fix: The issue of multi-level objects created in Windows not being displayed has been fixed (#661 ) (#723 )	2025-10-26 12:00:13 +08:00
weisd	ed73e2b782	fix:add favicon.ico route (#713 )	2025-10-25 16:11:18 +08:00
weisd	6a59c0a474	fix: multipart upload checksum validation (#712 ) * fix multipart upload checksum	2025-10-24 18:23:32 +08:00
houseme	c5264f9703	improve code for metrics and switch tokio-tar to astral-tokio-tar (#705 ) * improve code for metrics and switch tokio-tar to astral-tokio-tar * remove log * fix	2025-10-24 13:07:56 +08:00
DamonXue	b47765b4c0	docs: add Star History section to README files (#696 ) Co-authored-by: 0xdx2 <xuedamon2@gmail.com> Co-authored-by: loverustfs <155562731+loverustfs@users.noreply.github.com>	2025-10-24 08:58:58 +08:00
houseme	e22b24684f	chore: bump dependencies, add metrics support, remove DNS resolver (#699 ) * upgrade version * add metrics * remove dns resolver * add metrics counter for create bucket * fix * fix * fix	2025-10-24 00:16:17 +08:00
weisd	1d069fd351	Improve the peer client (#693 )	2025-10-23 17:21:55 +08:00
houseme	416d3ad5b7	Refactor: Add observability enable flag, improve comments, remove unused config params, and enhance run function error logging. (#689 ) * improve code for dns log * fix * Improve comments, remove unused parameters in config.rs (opt), add observability enable flag, and enhance error logging in run function execution.	2025-10-23 13:59:57 +08:00
weisd	f30698ec7f	Refactor Console Server Architecture (#685 ) * todo * fix console server * fix console server * fix console server * fix console server * fix console server	2025-10-23 00:06:09 +08:00
houseme	7dcf01f127	feat: adjust metrics push interval to 3 seconds (#686 ) - Reduce metrics push frequency from default to 3s for better performance - Optimize resource utilization during metrics collection - Improve real-time monitoring responsiveness Related to admin metrics optimization on fix/admin-metrics branch	2025-10-22 23:47:11 +08:00
weisd	e524a106c5	add make bucket error logs (#683 ) * add make bucket error logs	2025-10-22 16:23:08 +08:00
weisd	d9e5f5d2e3	fix (#682 )	2025-10-22 10:35:40 +08:00
livelycode36	684e832530	fix: prevent duplicate data volumes in entrypoint.sh (#681 )	2025-10-22 09:04:04 +08:00
weisd	a65856bdf4	Fix CRC32C Checksum Implementation and Enhance Authentication System (#678 ) * fix: get_condition_values * fix checksum crc32c * fix clippy	2025-10-21 21:28:00 +08:00
weisd	2edb2929b2	fix: DataUsageInfo add list bucket permission (#674 )	2025-10-21 10:05:54 +08:00
majinghe	14bc55479b	fix docker healthcheck unhealthy issue (#672 )	2025-10-21 09:39:15 +08:00
weisd	cd1e244c68	Refactor: Introduce content checksums and improve multipart/object metadata handling (#671 ) * feat: adapt to s3s typed etag support * refactor: move replication struct to rustfs_filemeta, fix filemeta transition bug * add head_object checksum, filter object metadata output * fix multipart checksum * fix multipart checksum * add content md5,sha256 check * fix test * fix cargo --------- Co-authored-by: overtrue <anzhengchao@gmail.com>	2025-10-20 23:46:13 +08:00
songhahaha66	46797dc815	fix(export): fix the policy and service account export (#665 ) * fix(export): fix the policy export mechanism * fix: correct service account check logic in IamSys	2025-10-20 19:40:54 +08:00