fix(audit): Batch 4-6 中间件注释 + 依赖迁移 + 安全加固
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
Batch 4: - kernel/mod.rs: 添加中间件注册顺序≠执行顺序注释 - EvolutionMiddleware 注册处标注 priority=78 Batch 5: - desktop/src-tauri/Cargo.toml: serde_yaml 0.9 (deprecated) → serde_yaml_bw 2.x Batch 6: - saas/main.rs: CORS 开发模式改为显式 localhost origins (修复 Any+credentials 违规) - docker-compose.yml: 移除默认弱密码 your_secure_password,改为必填校验 - director.rs: 用户输入添加 <user_input>/<user_request> 边界标记防注入 全量测试通过: 719 passed, 0 failed
This commit is contained in:
iven
@@ -642,7 +642,9 @@ Respond with ONLY the number (1-{}) of the agent who should speak next. No expla
|
||||
}
|
||||
|
||||
if let Some(ref user_input) = input {
|
||||
context.push_str(&format!("User: {}\n\n", user_input));
|
||||
context.push_str("<user_input>\n");
|
||||
context.push_str(&format!("{}\n", user_input));
|
||||
context.push_str("</user_input>\n\n");
|
||||
}
|
||||
|
||||
// Add recent history
|
||||
@@ -908,7 +910,9 @@ impl Director {
|
||||
let prompt = format!(
|
||||
r#"你是 ZCLAW 管家。请将以下用户需求拆解为 1-5 个具体子任务。
|
||||
|
||||
用户需求:{}
|
||||
<user_request>
|
||||
{}
|
||||
</user_request>
|
||||
|
||||
请按 JSON 数组格式输出,每个元素包含:
|
||||
- description: 子任务描述(中文)
|
||||
|
||||
Reference in New Issue
Block a user