feat: 添加新插件支持及多项功能改进

- 新增磁盘加密、打印审计和剪贴板管控插件支持
- 优化水印插件显示效果，支持中文及更多Unicode字符
- 改进硬件资产收集逻辑，更准确获取磁盘和显卡信息
- 增强API错误处理，添加详细日志记录
- 完善前端界面，新增插件管理页面
- 修复多个UI问题，优化页面过渡效果
- 添加环境变量覆盖配置功能
- 实现插件状态管理API
- 更新文档和变更日志
- 添加安装程序脚本支持

migrations/012_disk_encryption.sql

@@ -0,0 +1,29 @@
+-- 012_disk_encryption.sql: Disk Encryption Detection plugin (全盘加密检测)
+
+-- BitLocker / encryption status per device drive
+CREATE TABLE IF NOT EXISTS disk_encryption_status (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid      TEXT NOT NULL,
+    drive_letter    TEXT NOT NULL,          -- e.g. "C:", "D:"
+    volume_name     TEXT,
+    encryption_method TEXT,                 -- "BitLocker", "None", "Unknown"
+    protection_status TEXT NOT NULL DEFAULT 'Unknown', -- "On", "Off", "Unknown"
+    encryption_percentage REAL NOT NULL DEFAULT 0,
+    lock_status     TEXT NOT NULL DEFAULT 'Unknown',    -- "Locked", "Unlocked"
+    reported_at     TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at      TEXT NOT NULL DEFAULT (datetime('now')),
+    FOREIGN KEY (device_uid) REFERENCES devices(device_uid),
+    UNIQUE(device_uid, drive_letter)
+);
+
+-- Compliance alerts when unencrypted drives detected
+CREATE TABLE IF NOT EXISTS encryption_alerts (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid      TEXT NOT NULL,
+    drive_letter    TEXT NOT NULL,
+    alert_type      TEXT NOT NULL DEFAULT 'not_encrypted', -- "not_encrypted", "encryption_paused", "decrypted"
+    status          TEXT NOT NULL DEFAULT 'open',           -- "open", "acknowledged", "resolved"
+    created_at      TEXT NOT NULL DEFAULT (datetime('now')),
+    resolved_at     TEXT,
+    FOREIGN KEY (device_uid) REFERENCES devices(device_uid)
+);

migrations/013_print_audit.sql

@@ -0,0 +1,18 @@
+-- 013_print_audit.sql: Print Audit plugin (打印审计)
+
+CREATE TABLE IF NOT EXISTS print_events (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid      TEXT NOT NULL,
+    document_name   TEXT,
+    printer_name    TEXT,
+    pages           INTEGER,
+    copies          INTEGER DEFAULT 1,
+    user_name       TEXT,
+    file_size_bytes INTEGER,
+    timestamp       TEXT NOT NULL,
+    reported_at     TEXT NOT NULL DEFAULT (datetime('now')),
+    FOREIGN KEY (device_uid) REFERENCES devices(device_uid)
+);
+
+CREATE INDEX IF NOT EXISTS idx_print_events_device ON print_events(device_uid);
+CREATE INDEX IF NOT EXISTS idx_print_events_ts ON print_events(timestamp);

migrations/014_clipboard_control.sql

@@ -0,0 +1,30 @@
+-- 014_clipboard_control.sql: Clipboard Control plugin (剪贴板管控)
+
+CREATE TABLE IF NOT EXISTS clipboard_rules (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    target_type     TEXT NOT NULL DEFAULT 'global' CHECK(target_type IN ('global', 'group', 'device')),
+    target_id       TEXT,
+    rule_type       TEXT NOT NULL DEFAULT 'block' CHECK(rule_type IN ('block', 'allow')),
+    -- Direction: "out" = prevent clipboard data leaving the source app
+    -- "in" = prevent pasting into the target app
+    direction       TEXT NOT NULL DEFAULT 'out' CHECK(direction IN ('out', 'in', 'both')),
+    source_process  TEXT,                    -- Process name pattern for source (copy from)
+    target_process  TEXT,                    -- Process name pattern for target (paste to)
+    content_pattern TEXT,                    -- Optional regex for content matching
+    enabled         INTEGER NOT NULL DEFAULT 1,
+    updated_at      TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+CREATE TABLE IF NOT EXISTS clipboard_violations (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid      TEXT NOT NULL,
+    source_process  TEXT,
+    target_process  TEXT,
+    content_preview TEXT,                    -- First N chars of clipboard content
+    action_taken    TEXT NOT NULL DEFAULT 'blocked', -- "blocked", "allowed"
+    timestamp       TEXT NOT NULL,
+    reported_at     TEXT NOT NULL DEFAULT (datetime('now')),
+    FOREIGN KEY (device_uid) REFERENCES devices(device_uid)
+);
+
+CREATE INDEX IF NOT EXISTS idx_clipboard_violations_device ON clipboard_violations(device_uid);

migrations/015_plugin_control.sql

@@ -0,0 +1,18 @@
+-- 015_plugin_control.sql: Add missing plugins to plugin_state CHECK constraint
+-- SQLite doesn't support ALTER TABLE ... ALTER CONSTRAINT, so we recreate the table.
+
+-- Drop old table if exists and recreate with expanded plugin list
+DROP TABLE IF EXISTS plugin_state;
+
+CREATE TABLE IF NOT EXISTS plugin_state (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    plugin_name     TEXT NOT NULL UNIQUE CHECK(plugin_name IN (
+        'web_filter', 'usage_timer', 'software_blocker',
+        'popup_blocker', 'usb_file_audit', 'watermark',
+        'disk_encryption', 'usb_audit', 'print_audit', 'clipboard_control'
+    )),
+    enabled         INTEGER NOT NULL DEFAULT 1,
+    target_type     TEXT NOT NULL DEFAULT 'global',
+    target_id       TEXT,
+    updated_at      TEXT NOT NULL DEFAULT (datetime('now'))
+);

migrations/016_encryption_alerts_unique.sql

@@ -0,0 +1,10 @@
+-- 016_encryption_alerts_unique.sql: Add UNIQUE constraint to prevent duplicate alerts
+
+-- Remove existing duplicates, keeping the earliest alert per device/drive/type/status
+DELETE FROM encryption_alerts WHERE id NOT IN (
+    SELECT MIN(id) FROM encryption_alerts GROUP BY device_uid, drive_letter, alert_type, status
+);
+
+-- Add unique index so ON CONFLICT DO NOTHING works correctly
+CREATE UNIQUE INDEX IF NOT EXISTS idx_encryption_alerts_unique
+    ON encryption_alerts(device_uid, drive_letter, alert_type, status);