diff --git a/base/web/share.go b/base/web/share.go
index 83629e2a..8c4f3413 100644
--- a/base/web/share.go
+++ b/base/web/share.go
@@ -49,7 +49,6 @@ func _share_cache(m *ice.Message, arg ...string) {
 		}
 	} else {
 		msg := m.Cmd(CACHE, arg[0])
-		m.Debug("what %v", msg.FormatMeta())
 		m.RenderDownload(msg.Append(nfs.FILE), msg.Append(mdb.TYPE), msg.Append(mdb.NAME))
 	}
 }
diff --git a/base/web/space.go b/base/web/space.go
index ecb7def5..5f006291 100644
--- a/base/web/space.go
+++ b/base/web/space.go
@@ -205,7 +205,7 @@ func _space_fork(m *ice.Message) {
 		text := kit.Select(s.RemoteAddr().String(), m.Option(ice.MSG_USERADDR))
 		name := strings.ToLower(m.Option(mdb.NAME, kit.ReplaceAll(kit.Select(text, m.Option(mdb.NAME)), ".", "_", ":", "_")))
 		kind := kit.Select(WORKER, m.Option(mdb.TYPE))
-		args := append([]string{mdb.TYPE, kind, mdb.NAME, name}, m.OptionSimple(SHARE, RIVER)...)
+		args := append([]string{mdb.TYPE, kind, mdb.NAME, name}, m.OptionSimple(SHARE, RIVER, ice.CMD)...)
 
 		m.Go(func() {
 			mdb.HashCreate(m, mdb.TEXT, kit.Select(text, m.Option(mdb.TEXT)), args, kit.Dict(mdb.TARGET, s))
diff --git a/core/chat/chat.shy b/core/chat/chat.shy
index 0bd29b6a..f3d83b6b 100644
--- a/core/chat/chat.shy
+++ b/core/chat/chat.shy
@@ -1,30 +1,33 @@
 chat.go
 chat.shy
 header.go
-action.go
-search.go
 footer.go
+search.go
+action.go
 river.go
 storm.go
 template.go
 
 pod.go
 cmd.go
-div.go
-website.go
-topic.go
 grant.go
 sso.go
 oauth
 
-room.go
-meet.go
 scan.go
 paste.go
-media.go
-files.go
-trans.go
 iframe.go
-keyboard.go
 location.go
 location.shy
+
+files.go
+trans.go
+media.go
+topic.go
+
+div.go
+website.go
+keyboard.go
+room.go
+meet.go
+
diff --git a/core/chat/grant.go b/core/chat/grant.go
index 5a1c21d1..2c6d12a2 100644
--- a/core/chat/grant.go
+++ b/core/chat/grant.go
@@ -3,22 +3,31 @@ package chat
 import (
 	ice "shylinux.com/x/icebergs"
 	"shylinux.com/x/icebergs/base/aaa"
-	"shylinux.com/x/icebergs/base/mdb"
+	"shylinux.com/x/icebergs/base/cli"
 	"shylinux.com/x/icebergs/base/web"
 )
 
 const GRANT = "grant"
 
 func init() {
+	const CONFIRM = "confirm"
 	Index.MergeCommands(ice.Commands{
-		GRANT: {Name: "grant space id auto", Help: "授权", Actions: ice.MergeActions(ice.Actions{
-			"confirm": {Help: "通过", Hand: func(m *ice.Message, arg ...string) {
+		GRANT: {Name: "grant space auto", Help: "授权", Actions: ice.MergeActions(ice.Actions{
+			CONFIRM: {Help: "授权", Hand: func(m *ice.Message, arg ...string) {
+				if m.Warn(m.Option(ice.MSG_USERNAME) == "", ice.ErrNotLogin) {
+					return
+				}
+				if m.Warn(m.Option(web.SPACE) == "", ice.ErrNotValid, web.SPACE) {
+					return
+				}
+				if m.Warn(m.CmdAppend(web.SPACE, m.Option(web.SPACE), ice.CMD) != cli.PWD, ice.ErrNotFound, m.Option(web.SPACE)) {
+					return
+				}
 				m.Cmd(web.SPACE, m.Option(web.SPACE), ice.MSG_SESSID, aaa.SessCreate(m, m.Option(ice.MSG_USERNAME)))
 				m.ProcessLocation(web.MergeURL2(m, ice.PS))
 			}},
-		}, mdb.HashAction(mdb.SHORT, web.SPACE, mdb.FIELD, "time,space,userrole,username,usernick"), aaa.RoleAction("confirm")), Hand: func(m *ice.Message, arg ...string) {
-			m.Echo("请授权: %s 访问设备: %s", arg[0], ice.Info.HostName).Echo(ice.NL)
-			m.EchoButton("confirm")
+		}, aaa.RoleAction(CONFIRM)), Hand: func(m *ice.Message, arg ...string) {
+			m.Echo("请授权: %s 访问设备: %s", arg[0], ice.Info.HostName).Echo(ice.NL).EchoButton(CONFIRM)
 		}},
 	})
 }
diff --git a/core/code/xterm.go b/core/code/xterm.go
index 80702298..59dab5d4 100644
--- a/core/code/xterm.go
+++ b/core/code/xterm.go
@@ -55,7 +55,6 @@ func _xterm_get(m *ice.Message, h string) _xterm {
 				if n, e := tty.Read(buf); !m.Warn(e) && e == nil {
 					m.Option(ice.MSG_DAEMON, mdb.HashSelectField(m, h, "view"))
 					m.Option(mdb.TEXT, string(buf[:n]))
-					m.Debug("what %v", m.FormatMeta())
 					web.PushNoticeGrow(m)
 				} else {
 					break
diff --git a/logs.go b/logs.go
index 3b19ceb3..bbb3cc31 100644
--- a/logs.go
+++ b/logs.go
@@ -116,10 +116,14 @@ func (m *Message) Warn(err Any, arg ...Any) bool {
 	if !m.IsErr() {
 		if m.error(arg...); len(arg) > 0 {
 			switch kit.Format(arg[0]) {
+			case ErrNotValid:
+				m.RenderStatusBadRequest(str)
 			case ErrNotLogin:
 				m.RenderStatusUnauthorized(str)
 			case ErrNotRight:
 				m.RenderStatusForbidden(str)
+			case ErrNotFound:
+				m.RenderStatusNotFound(str)
 			}
 		}
 	}
diff --git a/meta.go b/meta.go
index ad99af59..66b712cb 100644
--- a/meta.go
+++ b/meta.go
@@ -225,8 +225,8 @@ func (m *Message) Copy(msg *Message, arg ...string) *Message {
 			m.data[k] = v
 		} else {
 			m.Set(MSG_OPTION, k)
-			m.Add(MSG_OPTION, kit.Simple(k, msg.meta[k])...)
 		}
+		m.Add(MSG_OPTION, kit.Simple(k, msg.meta[k])...)
 	}
 	for _, k := range msg.meta[MSG_APPEND] {
 		m.Add(MSG_APPEND, kit.Simple(k, msg.meta[k])...)
diff --git a/misc.go b/misc.go
index 39033288..862fa340 100644
--- a/misc.go
+++ b/misc.go
@@ -347,7 +347,6 @@ func (c *Context) _action(m *Message, cmd *Command, key string, sub string, h *A
 	}
 	m.Log(LOG_CMDS, "%s.%s %s %d %v", c.Name, key, sub, len(arg), arg,
 		logs.FileLineMeta(kit.Select(m._target, m._source, m.target.Name == MDB)))
-
 	h.Hand(m, arg...)
 	return m
 }
diff --git a/render.go b/render.go
index 853451b3..7c3b8277 100644
--- a/render.go
+++ b/render.go
@@ -58,17 +58,16 @@ func (m *Message) Render(cmd string, args ...Any) *Message {
 	}
 	m.Optionv(MSG_OUTPUT, cmd)
 	m.Optionv(MSG_ARGS, args)
-
 	return m
 }
 func (m *Message) RenderTemplate(args ...Any) *Message {
 	return m.Render(RENDER_TEMPLATE, args...)
 }
-func (m *Message) RenderStatus(status int) *Message {
-	return m.Render(RENDER_STATUS, status)
+func (m *Message) RenderStatus(status int, arg ...string) *Message {
+	return m.Render(RENDER_STATUS, status, arg)
 }
-func (m *Message) RenderStatusBadRequest() *Message {
-	return m.Render(RENDER_STATUS, http.StatusBadRequest)
+func (m *Message) RenderStatusBadRequest(arg ...string) *Message {
+	return m.Render(RENDER_STATUS, http.StatusBadRequest, arg)
 }
 func (m *Message) RenderStatusUnauthorized(arg ...string) *Message {
 	return m.Render(RENDER_STATUS, http.StatusUnauthorized, arg)
@@ -76,8 +75,8 @@ func (m *Message) RenderStatusUnauthorized(arg ...string) *Message {
 func (m *Message) RenderStatusForbidden(arg ...string) *Message {
 	return m.Render(RENDER_STATUS, http.StatusForbidden, arg)
 }
-func (m *Message) RenderStatusNotFound() *Message {
-	return m.Render(RENDER_STATUS, http.StatusNotFound)
+func (m *Message) RenderStatusNotFound(arg ...string) *Message {
+	return m.Render(RENDER_STATUS, http.StatusNotFound, arg)
 }
 func (m *Message) RenderRedirect(args ...Any) *Message {
 	return m.Render(RENDER_REDIRECT, args...)