diff --git a/app/main/api/internal/logic/agent/registerbyinvitecodelogic.go b/app/main/api/internal/logic/agent/registerbyinvitecodelogic.go
index c73ddf9..4647786 100644
--- a/app/main/api/internal/logic/agent/registerbyinvitecodelogic.go
+++ b/app/main/api/internal/logic/agent/registerbyinvitecodelogic.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"os"
 	"strconv"
 	"time"
 	"ycc-server/app/main/model"
@@ -48,8 +47,8 @@ func (l *RegisterByInviteCodeLogic) RegisterByInviteCode(req *types.RegisterByIn
 	}
 	l.Infof("[RegisterByInviteCode] 手机号加密完成, encryptedMobile: %s", encryptedMobile)
 
-	// 校验验证码（开发环境下跳过验证码校验）
-	if os.Getenv("ENV") != "development" && req.Code != "143838" {
+	// 校验验证码（验证码 168888、143838 为测试用万能码，开发/生产环境均可跳过校验）
+	if req.Code != "143838" && req.Code != "168888" {
 		redisKey := fmt.Sprintf("%s:%s", "agentApply", encryptedMobile)
 		cacheCode, err := l.svcCtx.Redis.Get(redisKey)
 		if err != nil {
@@ -65,7 +64,7 @@ func (l *RegisterByInviteCodeLogic) RegisterByInviteCode(req *types.RegisterByIn
 		}
 		l.Infof("[RegisterByInviteCode] 验证码校验通过, mobile: %s", req.Mobile)
 	} else {
-		l.Infof("[RegisterByInviteCode] 开发环境跳过验证码校验")
+		l.Infof("[RegisterByInviteCode] 使用万能码跳过验证码校验")
 	}
 
 	// 获取当前登录态（可能为空）
diff --git a/app/main/api/internal/logic/user/bindmobilelogic.go b/app/main/api/internal/logic/user/bindmobilelogic.go
index d282ea5..40b7bd0 100644
--- a/app/main/api/internal/logic/user/bindmobilelogic.go
+++ b/app/main/api/internal/logic/user/bindmobilelogic.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"os"
 	"time"
 
 	"ycc-server/app/main/api/internal/svc"
@@ -53,8 +52,8 @@ func (l *BindMobileLogic) BindMobile(req *types.BindMobileReq) (resp *types.Bind
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "加密手机号失败: %v", err)
 	}
-	// 非开发环境下校验短信验证码（从Redis读取并比对）
-	if os.Getenv("ENV") != "development" {
+	// 校验短信验证码（从Redis读取并比对）；验证码 168888 为测试用万能码，开发/生产环境均可跳过校验
+	if req.Code != "168888" {
 		redisKey := fmt.Sprintf("%s:%s", "bindMobile", encryptedMobile)
 		cacheCode, err := l.svcCtx.Redis.Get(redisKey)
 		if err != nil {
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index 12e01ae..9e5ee6e 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -8,7 +8,7 @@ services:
       TZ: Asia/Shanghai
       # root 密码 - root password
       MYSQL_ROOT_PASSWORD: yfg87gyuYiy1
-      MYSQL_DATABASE: ycc
+      MYSQL_DATABASE: yccq  
       MYSQL_USER: ycc
       MYSQL_PASSWORD: 5vg67b3UNHu8
     ports:
diff --git a/pkg/lzkit/crypto/ecb_test.go b/pkg/lzkit/crypto/ecb_test.go
index f7cb2f2..fb8ed7e 100644
--- a/pkg/lzkit/crypto/ecb_test.go
+++ b/pkg/lzkit/crypto/ecb_test.go
@@ -61,6 +61,90 @@ func TestAesEcbHexEncryption(t *testing.T) {
 	}
 }
 
+// 需要解密的身份证密文（可替换为其他密文进行测试）
+const encryptedIDCardForTest = "z4pIrjlrpfsBtF74kvtRWnjM2UTx8Uq8HVA8dk9hSeI="
+
+// TestDecryptIDCard 身份证解密单元测试（已知密文）
+func TestDecryptIDCard(t *testing.T) {
+	fmt.Printf("encryptedIDC开始解密")
+	key, _ := hex.DecodeString("ff83609b2b24fc73196aac3d3dfb874f")
+	fmt.Printf("key: %s\n", key)
+	decrypted, err := DecryptIDCard(encryptedIDCardForTest, key)
+	if err != nil {
+		t.Fatalf("身份证解密失败: %v", err)
+	}
+	fmt.Printf("decrypted: %s\n", decrypted)
+}
+
+// TestEncryptIDCard_DecryptIDCard 身份证加密解密 round-trip 测试
+func TestEncryptIDCard_DecryptIDCard(t *testing.T) {
+	idCard := "360733199005090032"
+	key, _ := hex.DecodeString("ff83609b2b24fc73196aac3d3dfb874f")
+
+	// 加密
+	fmt.Printf("idCard: %s\n", idCard)
+	encrypted, err := EncryptIDCard(idCard, key)
+	if err != nil {
+		t.Fatalf("身份证加密失败: %v", err)
+	}
+	fmt.Printf("encrypted: %s\n", encrypted)
+	// 解密
+	decrypted, err := DecryptIDCard(encrypted, key)
+	if err != nil {
+		t.Fatalf("身份证解密失败: %v", err)
+	}
+
+	if decrypted != idCard {
+		t.Errorf("解密结果不匹配，期望: %s, 实际: %s", idCard, decrypted)
+	}
+}
+
+// TestDecryptIDCard_EdgeCases 身份证解密边界情况
+func TestDecryptIDCard_EdgeCases(t *testing.T) {
+	key, _ := hex.DecodeString("ff83609b2b24fc73196aac3d3dfb874f")
+
+	t.Run("空密文", func(t *testing.T) {
+		_, err := DecryptIDCard("", key)
+		if err == nil {
+			t.Error("空密文应返回错误")
+		}
+	})
+
+	t.Run("无效Base64", func(t *testing.T) {
+		_, err := DecryptIDCard("invalid-base64!!!@#$", key)
+		if err == nil {
+			t.Error("无效Base64应返回错误")
+		}
+	})
+
+	t.Run("错误密钥", func(t *testing.T) {
+		encrypted, err := EncryptIDCard("440101199001011234", key)
+		if err != nil {
+			t.Fatalf("加密失败: %v", err)
+		}
+		wrongKey, _ := hex.DecodeString("00000000000000000000000000000000")
+		_, err = DecryptIDCard(encrypted, wrongKey)
+		if err == nil {
+			t.Error("错误密钥应返回错误")
+		}
+	})
+
+	t.Run("密文长度不是块大小整数倍", func(t *testing.T) {
+		shortCipher := base64.StdEncoding.EncodeToString([]byte("short"))
+		_, err := DecryptIDCard(shortCipher, key)
+		if err == nil {
+			t.Error("密文长度异常应返回错误")
+		}
+	})
+
+	t.Run("加密空身份证应返回错误", func(t *testing.T) {
+		_, err := EncryptIDCard("", key)
+		if err == nil {
+			t.Error("空身份证号应返回错误")
+		}
+	})
+}
+
 func TestAesEcbKeyValidation(t *testing.T) {
 	// 测试不同长度的密钥
 	validKeys := [][]byte{