diff --git a/Makefile b/Makefile
index fe9a43b..30c88f3 100644
--- a/Makefile
+++ b/Makefile
@@ -8,6 +8,8 @@ OPENRESTY_IMAGE ?= xcontrol/openresty-geoip:latest
 POSTGRES_EXT_IMAGE ?= xcontrol/postgres-extensions:16
 NODE_BUILDER_IMAGE ?= xcontrol/node-builder:22
 NODE_RUNTIME_IMAGE ?= xcontrol/node-runtime:22
+GO_BUILDER_IMAGE ?= xcontrol/go-builder:1.23
+GO_RUNTIME_IMAGE ?= xcontrol/go-runtime:1.23
 ARCH := $(shell dpkg --print-architecture)
 PG_DSN ?= postgres://shenlan:password@127.0.0.1:5432/xserver?sslmode=disable
 
@@ -146,7 +148,7 @@ upgrade-rag-server:
         init-rag-server install-rag-server upgrade-rag-server \
         configure-hosts install-services upgrade-services \
         build-base-images docker-openresty-geoip docker-postgres-extensions \
-        docker-node-builder docker-node-runtime
+        docker-node-builder docker-node-runtime docker-go-builder docker-go-runtime
 
 # -----------------------------------------------------------------------------
 # Dependency installation
@@ -227,12 +229,13 @@ endif
 # -----------------------------------------------------------------------------
 
 build-base-images:
-	@OPENRESTY_IMAGE=$(OPENRESTY_IMAGE) POSTGRES_EXT_IMAGE=$(POSTGRES_EXT_IMAGE) \
-	NODE_BUILDER_IMAGE=$(NODE_BUILDER_IMAGE) NODE_RUNTIME_IMAGE=$(NODE_RUNTIME_IMAGE) \
-		bash scripts/build-base-images.sh
+        @OPENRESTY_IMAGE=$(OPENRESTY_IMAGE) POSTGRES_EXT_IMAGE=$(POSTGRES_EXT_IMAGE) \
+        NODE_BUILDER_IMAGE=$(NODE_BUILDER_IMAGE) NODE_RUNTIME_IMAGE=$(NODE_RUNTIME_IMAGE) \
+        GO_BUILDER_IMAGE=$(GO_BUILDER_IMAGE) GO_RUNTIME_IMAGE=$(GO_RUNTIME_IMAGE) \
+                bash scripts/build-base-images.sh
 
 docker-openresty-geoip:
-	docker build -f $(BASE_IMAGE_DIR)/openresty-geoip.Dockerfile -t $(OPENRESTY_IMAGE) $(BASE_IMAGE_DIR)
+        docker build -f $(BASE_IMAGE_DIR)/openresty-geoip.Dockerfile -t $(OPENRESTY_IMAGE) $(BASE_IMAGE_DIR)
 
 docker-postgres-extensions:
 	docker build -f $(BASE_IMAGE_DIR)/postgres-extensions.Dockerfile -t $(POSTGRES_EXT_IMAGE) $(BASE_IMAGE_DIR)
@@ -241,7 +244,13 @@ docker-node-builder:
 	docker build -f $(BASE_IMAGE_DIR)/node-builder.Dockerfile -t $(NODE_BUILDER_IMAGE) $(BASE_IMAGE_DIR)
 
 docker-node-runtime:
-	docker build -f $(BASE_IMAGE_DIR)/node-runtime.Dockerfile -t $(NODE_RUNTIME_IMAGE) $(BASE_IMAGE_DIR)
+        docker build -f $(BASE_IMAGE_DIR)/node-runtime.Dockerfile -t $(NODE_RUNTIME_IMAGE) $(BASE_IMAGE_DIR)
+
+docker-go-builder:
+        docker build -f $(BASE_IMAGE_DIR)/go-builder.Dockerfile -t $(GO_BUILDER_IMAGE) $(BASE_IMAGE_DIR)
+
+docker-go-runtime:
+        docker build -f $(BASE_IMAGE_DIR)/go-runtime.Dockerfile -t $(GO_RUNTIME_IMAGE) $(BASE_IMAGE_DIR)
 
 # -----------------------------------------------------------------------------
 # Database initialization
diff --git a/deploy/base-images/README.md b/deploy/base-images/README.md
index d2546e2..4d896ee 100644
--- a/deploy/base-images/README.md
+++ b/deploy/base-images/README.md
@@ -11,6 +11,10 @@ service-specific images can build faster and remain consistent.
 - **PostgreSQL 16 + extensions** (`postgres-extensions.Dockerfile`): PostgreSQL
   with `pgvector`, `pg_jieba`, and `pg_cache` compiled into the server for
   vector search and full-text tokenization.
+- **Go 1.23 builder** (`go-builder.Dockerfile`): Ubuntu 24.04 with the Go
+  toolchain and build dependencies for the Account service and RAG server.
+- **Go runtime** (`go-runtime.Dockerfile`): Slim Ubuntu 24.04 runtime with CA
+  certificates for running statically linked Go binaries.
 - **Node.js builder** (`node-builder.Dockerfile`): Node.js 22 with Yarn, the
   latest npm, and build essentials for compiling native Next.js dependencies.
 - **Node.js runtime** (`node-runtime.Dockerfile`): Slim Node.js 22 runtime ready
@@ -44,4 +48,10 @@ Each target accepts an optional tag override, for example:
 
 ```bash
 make docker-postgres-extensions POSTGRES_EXT_IMAGE=my-registry/postgres-extensions:16
+
+# Go builder (Go 1.23 + build tools)
+make docker-go-builder GO_BUILDER_IMAGE=my-registry/go-builder:1.23
+
+# Go runtime (Ubuntu 24.04 + CA certificates)
+make docker-go-runtime GO_RUNTIME_IMAGE=my-registry/go-runtime:1.23
 ```
diff --git a/deploy/base-images/go-builder.Dockerfile b/deploy/base-images/go-builder.Dockerfile
new file mode 100644
index 0000000..ea7a7ae
--- /dev/null
+++ b/deploy/base-images/go-builder.Dockerfile
@@ -0,0 +1,26 @@
+FROM ubuntu:24.04
+
+LABEL maintainer="XControl" \
+      description="Go 1.23 builder image with common dependencies for XControl services"
+
+ENV GO_VERSION=1.23.8 \
+    CGO_ENABLED=0 \
+    GOOS=linux \
+    GOARCH=amd64 \
+    PATH=/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        git \
+        build-essential; \
+    rm -rf /var/lib/apt/lists/*; \
+    curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" -o /tmp/go.tgz; \
+    tar -C /usr/local -xzf /tmp/go.tgz; \
+    rm /tmp/go.tgz
+
+WORKDIR /workspace
+
+CMD ["bash"]
diff --git a/deploy/base-images/go-runtime.Dockerfile b/deploy/base-images/go-runtime.Dockerfile
new file mode 100644
index 0000000..b9b22a2
--- /dev/null
+++ b/deploy/base-images/go-runtime.Dockerfile
@@ -0,0 +1,16 @@
+FROM ubuntu:24.04
+
+LABEL maintainer="XControl" \
+      description="Slim Ubuntu runtime base for Go services with TLS certificates"
+
+ENV CGO_ENABLED=0
+
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        ca-certificates; \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+CMD ["/bin/sh"]
diff --git a/scripts/build-base-images.sh b/scripts/build-base-images.sh
index fe6acda..5ae495a 100755
--- a/scripts/build-base-images.sh
+++ b/scripts/build-base-images.sh
@@ -8,6 +8,8 @@ OPENRESTY_IMAGE=${OPENRESTY_IMAGE:-xcontrol/openresty-geoip:latest}
 POSTGRES_EXT_IMAGE=${POSTGRES_EXT_IMAGE:-xcontrol/postgres-extensions:16}
 NODE_BUILDER_IMAGE=${NODE_BUILDER_IMAGE:-xcontrol/node-builder:22}
 NODE_RUNTIME_IMAGE=${NODE_RUNTIME_IMAGE:-xcontrol/node-runtime:22}
+GO_BUILDER_IMAGE=${GO_BUILDER_IMAGE:-xcontrol/go-builder:1.23}
+GO_RUNTIME_IMAGE=${GO_RUNTIME_IMAGE:-xcontrol/go-runtime:1.23}
 
 build_image() {
   local dockerfile=$1
@@ -20,9 +22,13 @@ build_image "openresty-geoip.Dockerfile" "${OPENRESTY_IMAGE}"
 build_image "postgres-extensions.Dockerfile" "${POSTGRES_EXT_IMAGE}"
 build_image "node-builder.Dockerfile" "${NODE_BUILDER_IMAGE}"
 build_image "node-runtime.Dockerfile" "${NODE_RUNTIME_IMAGE}"
+build_image "go-builder.Dockerfile" "${GO_BUILDER_IMAGE}"
+build_image "go-runtime.Dockerfile" "${GO_RUNTIME_IMAGE}"
 
 echo "\n✅ Base images built successfully:"
 echo " - ${OPENRESTY_IMAGE}"
 echo " - ${POSTGRES_EXT_IMAGE}"
 echo " - ${NODE_BUILDER_IMAGE}"
 echo " - ${NODE_RUNTIME_IMAGE}"
+echo " - ${GO_BUILDER_IMAGE}"
+echo " - ${GO_RUNTIME_IMAGE}"