fix: 发布前审计 Batch 2 — Debug遮蔽 + unwrap + 静默吞错 + MCP锁 + 索引 + Config验证

安全:
- LlmConfig 自定义 Debug impl，api_key 显示为 "***REDACTED***"
- tsconfig.json 移除 ErrorBoundary.tsx 排除项（安全关键组件）
- billing/handlers.rs Response builder unwrap → map_err 错误传播
- classroom_commands/mod.rs db_path.parent().unwrap() → ok_or_else

静默吞错:
- approvals.rs 3处 warn→error（审批状态丢失是严重事件）
- events.rs publish() 添加 Event dropped debug 日志
- mcp_transport.rs eprintln→tracing::warn (僵尸进程风险)
- zclaw-growth sqlite.rs 4处迁移：区分 duplicate column name 与真实错误

MCP Transport:
- 合并 stdin+stdout 为单一 Mutex<TransportHandles>
- send_request write-then-read 原子化，防止并发响应错配

数据库:
- 新迁移 20260418000001: idx_rle_created_at + idx_billing_sub_plan + idx_ki_created_by

配置验证:
- SaaSConfig::load() 添加 jwt_expiration_hours>=1, max_connections>0, min<=max

crates/zclaw-kernel/src/config.rs

@@ -30,7 +30,7 @@ impl Default for ApiProtocol {
 ///
 /// This is the single source of truth for LLM configuration.
 /// Model ID is passed directly to the API without any transformation.
-#[derive(Debug, Clone, Serialize, Deserialize)]
+#[derive(Clone, Serialize, Deserialize)]
 pub struct LlmConfig {
     /// API base URL (e.g., "https://api.openai.com/v1")
     pub base_url: String,
@@ -61,6 +61,20 @@ pub struct LlmConfig {
     pub context_window: u32,
 }
 
+impl std::fmt::Debug for LlmConfig {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("LlmConfig")
+            .field("base_url", &self.base_url)
+            .field("api_key", &"***REDACTED***")
+            .field("model", &self.model)
+            .field("api_protocol", &self.api_protocol)
+            .field("max_tokens", &self.max_tokens)
+            .field("temperature", &self.temperature)
+            .field("context_window", &self.context_window)
+            .finish()
+    }
+}
+
 impl LlmConfig {
     /// Create a new LLM config
     pub fn new(base_url: impl Into<String>, api_key: impl Into<String>, model: impl Into<String>) -> Self {

crates/zclaw-kernel/src/events.rs

@@ -17,8 +17,9 @@ impl EventBus {
 
     /// Publish an event
     pub fn publish(&self, event: Event) {
-        // Ignore send errors (no subscribers)
-        let _ = self.sender.send(event);
+        if let Err(e) = self.sender.send(event) {
+            tracing::debug!("Event dropped (no subscribers or channel full): {:?}", e);
+        }
     }
 
     /// Subscribe to events

crates/zclaw-kernel/src/kernel/approvals.rs

@@ -86,12 +86,12 @@ impl Kernel {
                     completed_at: None,
                 };
                 let _ = memory.save_hand_run(&run).await.map_err(|e| {
-                    tracing::warn!("[Approval] Failed to save hand run: {}", e);
+                    tracing::error!("[Approval] Failed to save hand run: {}", e);
                 });
                 run.status = HandRunStatus::Running;
                 run.started_at = Some(chrono::Utc::now().to_rfc3339());
                 let _ = memory.update_hand_run(&run).await.map_err(|e| {
-                    tracing::warn!("[Approval] Failed to update hand run (running): {}", e);
+                    tracing::error!("[Approval] Failed to update hand run (running): {}", e);
                 });
 
                 // Register cancellation flag
@@ -122,7 +122,7 @@ impl Kernel {
                 run.duration_ms = Some(duration.as_millis() as u64);
                 run.completed_at = Some(completed_at);
                 let _ = memory.update_hand_run(&run).await.map_err(|e| {
-                    tracing::warn!("[Approval] Failed to update hand run (completed): {}", e);
+                    tracing::error!("[Approval] Failed to update hand run (completed): {}", e);
                 });
 
                 // Update approval status based on execution result