docs: update audit tracker with V12 module audit fix progress
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
This commit is contained in:
iven
@@ -1,8 +1,8 @@
|
|||||||
# ZCLAW 审计追踪表 (V10)
|
# ZCLAW 审计追踪表 (V12)
|
||||||
|
|
||||||
> **创建日期**: 2026-03-29
|
> **创建日期**: 2026-03-29
|
||||||
> **审计版本**: V11 + 深度二次审计
|
> **审计版本**: V12 模块化端到端审计
|
||||||
> **最后更新**: 2026-04-02
|
> **最后更新**: 2026-04-04
|
||||||
> **追踪规则**: 每个发现项记录状态变更,修复后需附验证方法
|
> **追踪规则**: 每个发现项记录状态变更,修复后需附验证方法
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -229,4 +229,42 @@
|
|||||||
|------|-----|------|------|
|
|------|-----|------|------|
|
||||||
| 2026-04-02 | AUD3-FE-01 | NEW → FIXED | sendMessage 入口添加 `if (get().isStreaming) return` |
|
| 2026-04-02 | AUD3-FE-01 | NEW → FIXED | sendMessage 入口添加 `if (get().isStreaming) return` |
|
||||||
| 2026-04-02 | AUD3-FE-02/API-01 | NEW → FIXED | SaaSClient 添加 `_refreshPromise` + `refreshMutex()` 共享 Promise |
|
| 2026-04-02 | AUD3-FE-02/API-01 | NEW → FIXED | SaaSClient 添加 `_refreshPromise` + `refreshMutex()` 共享 Promise |
|
||||||
| 2026-04-02 | - | 第三轮审计 | 5 维并行审计,14 项新发现(2 HIGH + 8 MEDIUM + 4 LOW)
|
| 2026-04-02 | - | 第三轮审计 | 5 维并行审计,14 项新发现(2 HIGH + 8 MEDIUM + 4 LOW)|
|
||||||
|
|
||||||
|
## V12 模块化端到端审计修复 (2026-04-04)
|
||||||
|
|
||||||
|
> 4 个 P0 全部修复,16 个 P1 中 13 个已修复(3 个待后续架构决策)
|
||||||
|
|
||||||
|
### Batch 1: P0 + 核心 P1 修复 (`0576226`)
|
||||||
|
| M4-02 | 反思引擎 LLM 未接入 → **FIXED** | reflection_reflect 传入 Kernel driver |
|
||||||
|
| M3-01 | hand_execute 丢弃 run_id → **FIXED** | HandResult 添加 run_id 字段 |
|
||||||
|
| M5-01 | triggers 映射错误 → **FIXED** | skill-discovery.ts 使用 backend.triggers |
|
||||||
|
| M6-02 | pipeline_list 只用 v1 → **FIXED** | 先尝试 v2 再 fallback v1 |
|
||||||
|
|
||||||
|
### Batch 2: P1 连通性修复 (`6d1f2d1`)
|
||||||
|
| M4-03 | 心跳不自动启动 → **FIXED** | agent_chat_stream 自动初始化 HeartbeatEngine |
|
||||||
|
| M7-04 | refreshToken 未传 body → **FIXED** | 显式传 refresh_token + 轮换存储 |
|
||||||
|
| M7-02 | ConfigMigrationWizard PUT 用布尔值 → **FIXED** | 使用 existing.id |
|
||||||
|
|
||||||
|
### Batch 3: Hand 系统增强 (`59f660b`)
|
||||||
|
| M3-04 | max_concurrent 未实现 → **FIXED** | HandConfig 添加字段 + 全 9 个 Hand 初始化 |
|
||||||
|
| M3-05 | timeout_secs 未实现 → **FIXED** | tokio::time::timeout 包装 execute_hand |
|
||||||
|
| M2-01 | createClone 字段丢失 → **FIXED** | soul 字段透传到 kernel |
|
||||||
|
|
||||||
|
### Batch 4: 搜索 + 审批 (`985644d`)
|
||||||
|
| M4-05 | 记忆搜索用 LIKE → **FIXED** | FTS5-first + CJK LIKE fallback |
|
||||||
|
| M3-03 | browserHandStore 绕过审批 → **FIXED** | executeTemplate/executeScript 添加 canAutoExecute 检查 |
|
||||||
|
|
||||||
|
### Batch 5: 安全加固 (`619bad3`)
|
||||||
|
| M1-01 | Gemini API Key URL 泄漏 → **FIXED** | 改用 x-goog-api-key Header |
|
||||||
|
| M1-03/04 | Mutex unwrap 在 async → **FIXED** | unwrap_or_else(|e| e.into_inner()) |
|
||||||
|
| M2-08 | Agent CRUD 无验证 → **FIXED** | 空名/温度范围/max_tokens 验证 |
|
||||||
|
| M11-06 | chat message ID 冲突 → **FIXED** | crypto.randomUUID() 替代 Date.now() |
|
||||||
|
|
||||||
|
### Batch 6: 持久化 (`88172aa`)
|
||||||
|
| M11-03 | Classroom 数据内存丢失 → **FIXED** | SQLite persistence (persist.rs) + 自动保存 |
|
||||||
|
|
||||||
|
### 待后续决策的 P1
|
||||||
|
| M3-02 | Browser Hand 双路径 | OPEN | 需架构决策:移除 Rust BrowserHand 或统一路径 |
|
||||||
|
| M4-04 | 自主授权后端无强制 | OPEN | 需在 Rust middleware 层加授权检查 |
|
||||||
|
| M11-03 相关 | lib.rs 集成 persistence state 注册 | IN_PROGRESS | 需 Tauri setup hook 完成 |
|
||||||
|
|||||||
Reference in New Issue
Block a user