fix(kernel,desktop): Core Chain Hardening 穷尽审计 7 项修复

审计发现 1 CRITICAL + 4 HIGH + 4 MEDIUM + 4 LOW, 修复如下:

CRITICAL:
- TS seam 测试改为 JSON round-trip 验证 (12 测试覆盖 10 事件类型)

HIGH:
- post_conversation_hook 拦截路径 driver=None 加 debug 日志
- schedule intercept channel send 失败回退 LLM (return Ok(None))

MEDIUM:
- DeltaBuffer.flush() 先 mutation 再 clear, 防止异常丢数据
- ModelsAPI.tsx 去重: 改用 model-config.ts 导出 (消除 2 函数+1 接口+2 常量)
- boot_with_driver docstring 记录跳过 agent 恢复

TypeScript 0 错误, Rust 76 kernel 测试通过, TS 12 seam 测试通过

crates/zclaw-kernel/src/kernel/messaging.rs

@@ -77,7 +77,8 @@ impl Kernel {
 
                         let (tx, rx) = mpsc::channel(32);
                         if tx.send(zclaw_runtime::LoopEvent::Delta(confirm_msg)).await.is_err() {
-                            tracing::warn!("[Kernel] Failed to send confirm msg to channel");
+                            tracing::warn!("[Kernel] Failed to send confirm msg to channel — falling through to LLM");
+                            return Ok(None);
                         }
                         if tx.send(zclaw_runtime::LoopEvent::Complete(
                             zclaw_runtime::AgentLoopResult {

crates/zclaw-kernel/src/kernel/mod.rs

@@ -181,8 +181,12 @@ impl Kernel {
 
     /// Boot the kernel with a pre-configured driver (for testing).
     ///
-    /// Skips `config.create_driver()` and uses the provided driver directly.
-    /// Uses an in-memory SQLite database to avoid filesystem side effects.
+    /// **TEST ONLY.** Do not call from production code.
+    ///
+    /// Differences from `boot()`:
+    /// - Uses the provided `driver` instead of `config.create_driver()`
+    /// - Uses an in-memory SQLite database (no filesystem side effects)
+    /// - Skips agent recovery from persistent storage (`memory.list_agents_with_runtime()`)
     pub async fn boot_with_driver(
         config: KernelConfig,
         driver: Arc<dyn LlmDriver>,