fix(industry): 二次审计修复 — 2 CRITICAL + 4 HIGH + 2 MEDIUM

C-1: Industries.tsx 创建弹窗缺少 id 字段 → 添加 id 输入框 + 自动生成
C-2: Accounts.tsx handleSave 无 try/catch → 包装 + handleClose 统一关闭
V1: viking_commands Mutex 跨 await → 先 clone Arc 再释放 Mutex
I1: intelligence_hooks 误导性"相关度" → 移除 access_count 伪分数
I2: pain point 摘要未 XML 转义 → xml_escape() 处理
S1: industry status 无枚举验证 → active/inactive 白名单
S2: create_industry id 无格式验证 → 正则 + 长度检查
H-3: Industries.tsx 编辑模态数据竞争 → data.id === industryId 守卫
H-4: Accounts.tsx useEffect 覆盖用户编辑 → editingId 守卫

crates/zclaw-saas/src/industry/service.rs

@@ -73,6 +73,15 @@ pub async fn create_industry(
     pool: &PgPool,
     req: &CreateIndustryRequest,
 ) -> SaasResult<Industry> {
+    // Validate id format: lowercase alphanumeric + hyphen, 1-63 chars
+    let id = req.id.trim();
+    if id.is_empty() || id.len() > 63 {
+        return Err(SaasError::InvalidInput("行业 ID 长度须 1-63 字符".to_string()));
+    }
+    if !id.chars().all(|c| c.is_ascii_lowercase() || c.is_ascii_digit() || c == '-') {
+        return Err(SaasError::InvalidInput("行业 ID 仅限小写字母、数字、连字符".to_string()));
+    }
+
     let now = chrono::Utc::now();
     let keywords = serde_json::to_value(&req.keywords).unwrap_or(serde_json::json!([]));
     let pain_categories = serde_json::to_value(&req.pain_seed_categories).unwrap_or(serde_json::json!([]));
@@ -97,6 +106,14 @@ pub async fn update_industry(
     id: &str,
     req: &UpdateIndustryRequest,
 ) -> SaasResult<Industry> {
+    // Validate status enum
+    if let Some(ref status) = req.status {
+        match status.as_str() {
+            "active" | "inactive" => {},
+            _ => return Err(SaasError::InvalidInput(format!("无效状态 '{}', 允许: active/inactive", status))),
+        }
+    }
+
     // 先确认存在
     let existing = get_industry(pool, id).await?;
     let now = chrono::Utc::now();