155 Commits

Author	SHA1	Message	Date
iven	769bfdf5d6	fix(desktop): 修复 10 个 agent 对话测试发现的缺陷 ... - BUG-001+002 P0: 模型选择器合并 SaaS 可用模型列表 - BUG-003 P1: 修复 relay 错误消息重复显示 - BUG-005 P1: 设置页面显示实际连接模式和地址 - BUG-006 P2: 统一 UI 语言为中文 - BUG-009 P3: 错误时隐藏建议按钮 - BUG-010 P3: 密码切换按钮添加 aria-label Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-04 01:31:28 +08:00
iven	912f117ea3	feat(desktop): wire MCP client to settings UI ... - MCPServices.tsx now calls real Tauri commands (start/stop/list) instead of only toggling config flags - Show running service count, discovered tools per service - Expand/collapse tool list for each running MCP service - Extended QuickConfig mcpServices type with command/args/env/cwd - Config change persists enabled state, MCP start/stop happens live	2026-04-04 01:30:13 +08:00
iven	276ec3ca94	chore(desktop): remove dead active-learning frontend code ... Zero imports across codebase — never wired to any UI or Tauri command. Rust Growth crate handles memory/summary generation instead.	2026-04-04 00:38:13 +08:00
iven	5db2907420	test(desktop): add agent-chat comprehensive E2E test spec ... Full E2E test suite for agent chat functionality including: - Message send/receive flow - Streaming response verification - Model switching behavior - Error handling scenarios - Multi-turn conversation context Includes test report documenting coverage and known gaps.	2026-04-03 23:02:00 +08:00
iven	1c99e5f3a3	fix(browser): stability enhancements + MCP frontend client ... S7 Browser Hand: - Remove dead code: browser/actions.rs (314 lines of unused BrowserAction/ActionResult types) - Fix browser_scrape_page: log failed selector matches instead of silently swallowing errors - Fix element_to_info: document known limitation for always-None location/size fields - Fix browserHandStore: reuse activeSessionId in executeScript/takeScreenshot/executeTemplate instead of creating orphan Browser sessions - Add Browser.connect(sessionId) method for session reuse MCP Frontend: - Add desktop/src/lib/mcp-client.ts (77 lines) — typed client for MCP Tauri commands (startMcpService, stopMcpService, listMcpServices, callMcpTool) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-03 22:16:12 +08:00
iven	943afe3b6b	feat(protocols): MCP tool adapter + Tauri commands + initialize bug fix ... S6 MCP Protocol: - Fix McpTransport::initialize() — store actual server capabilities instead of discarding them and storing empty ServerCapabilities::default() - Add send_notification() method to McpTransport for JSON-RPC notifications - Send notifications/initialized after MCP handshake (spec requirement) - Add McpToolAdapter: bridges MCP server tools into the tool execution path - Add McpServiceManager: lifecycle management for MCP server connections - Add 4 Tauri commands: mcp_start_service, mcp_stop_service, mcp_list_services, mcp_call_tool - Register zclaw-protocols dependency in desktop Cargo.toml New files: - crates/zclaw-protocols/src/mcp_tool_adapter.rs (153 lines) - desktop/src-tauri/src/kernel_commands/mcp.rs (145 lines) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-03 22:07:35 +08:00
iven	264dc75b2c	fix(production-readiness): audit fixes — duplicate useState + route mismatch + stale @reserved ... - ChatArea.tsx: remove duplicate useState(searchOpen) declaration on line 70 - scheduled_task/mod.rs: fix route from /api/scheduler/tasks to /api/v1/scheduler/tasks (matches admin-v2 service baseURL pattern and all other modules) - scheduled_task/handlers.rs: remove @reserved annotations (now has Admin V2 frontend) - scheduled_task/handlers.rs: update doc comments with correct /api/v1/ paths	2026-04-03 21:41:30 +08:00
iven	4281ce35b4	fix(saas): remove hardcoded model fallback — dynamic from available models ... - service.rs: template model passed as-is (Option<String>), no hardcoded fallback - saas-types.ts: AgentConfigFromTemplate.model → string | null - agentStore.ts: when model is null, resolve from saasStore.availableModels[0] - AgentOnboardingWizard.tsx: restore full file (was corrupted), apply assignTemplate try/catch fix	2026-04-03 21:38:15 +08:00
iven	2ceeeaba3d	fix(production-readiness): 3-batch production readiness cleanup — 12 tasks ... Batch 1 — User-facing fixes: - B1-1: Pipeline verified end-to-end (14 Rust commands, 8 frontend invoke, fully connected) - B1-2: MessageSearch restored to ChatArea with search button in DeerFlow header - B1-3: Viking cleanup — removed 5 orphan invokes (no Rust impl), added addWithMetadata + storeWithSummaries methods + summary generation UI - B1-4: api-fallbacks transparency — added _isFallback markers + console.warn to all 6 fallback functions Batch 2 — System health: - B2-1: Document drift calibration — TRUTH.md/README.md numbers verified and updated - B2-2: @reserved annotations on 15 SaaS handler functions with no frontend callers - B2-3: Scheduled Task Admin V2 — new service + page + route + sidebar navigation - B2-4: TRUTH.md Pipeline/Viking/ScheduledTask records corrected Batch 3 — Long-term quality: - B3-1: hand_run_status/hand_run_list verified as fully implemented (not stubs) - B3-2: Identity snapshot rollback UI added to RightPanel - B3-3: P2 code quality — 4 fixes (TODO comments, fire-and-forget notes, design notes, table name validation), 2 verified N/A, 1 upstream - B3-4: Config PATCH→PUT alignment (admin-v2 config.ts matched to SaaS backend)	2026-04-03 21:34:56 +08:00
iven	22b967d2a6	docs(features): v0.10.1/v0.10.2 数字校准 + 行业模板文档更新 ... - README.md: SKILL 76→75, Tauri 命令 175→171, SaaS API 58→131, Workers 5→7, 数据表 25→34, Admin 11→13 页面 - 00-saas-overview.md: Agent Template 新增 5 个端点文档、种子数据表、端到端数据流图 - roadmap.md: 同步最新数字 - fix(saasStore): toTopRequired → totpRequired 拼写修复	2026-04-03 21:29:44 +08:00
iven	edecd4c81f	fix(saas): deep audit round industry template system - critical fixes ... C1: Use backend createAgentFromTemplate API + tools forwarding C3: seed source='builtin' instead of 'custom' C4: immutable clone data handling (return fresh from store) + spread) H3: assignTemplate error propagation (try/catch) H4: input validation for name/fields H5: assign_template account existence check H6: remove dead route get_full_template H7: model fallback gpt-4o-mini (hardcoded constant) H8: logout clears template state H9: console.warn -> structured logger C2: restoreSession fetches assignedTemplate	2026-04-03 19:45:25 +08:00
iven	0857a1f608	feat(desktop): wire template welcome_message + quick_commands to chat UI ... - Add welcomeMessage/quickCommands fields to Clone interface - Persist template welcome/quick data via updateClone after creation - FirstConversationPrompt: prefer template-provided welcome message over dynamically generated one - FirstConversationPrompt: render template quick_commands as chips instead of hardcoded QUICK_ACTIONS when available - Tighten assign/unassign template endpoint permissions from model:read to relay:use (self-service operation for all authenticated users)	2026-04-03 15:20:15 +08:00
iven	1048901665	fix(saas): industry template audit fixes + pgvector optional + relay timeout ... - Fix seed template tools to match actual runtime tool names (file_read/file_write/shell_exec/web_fetch) - Persist system_prompt/temperature/max_tokens via identity system in agentStore.createFromTemplate() - Fire-and-forget assignTemplate() in AgentOnboardingWizard - Fix saas-relay-client unused variable warning - Make pgvector extension optional in knowledge_base migration - Increase StreamBridge timeout from 30s to 90s for thinking models	2026-04-03 15:10:13 +08:00
iven	ea00c32c08	feat(saas): industry agent template assignment system ... Phase 1-8 of industry-agent-delivery plan: - DB migration: accounts.assigned_template_id (ON DELETE SET NULL) - SaaS API: 4 new endpoints (assign/get/unassign/create-agent) - Service layer: assign_template_to_account, get_assigned_template, unassign_template, create_agent_from_template) - Types: AssignTemplateRequest, AgentConfigFromTemplate (capabilities merged into tools) - Frontend SaaS Client: assignTemplate, getAssignedTemplate, unassignTemplate, createAgentFromTemplate - saasStore: assignedTemplate state + login auto-fetch + actions - saas-relay-client: fix unused import and saasUrl reference error - connectionStore: fix relayModel undefined error - capabilities default to glm-4-flash - Route registration: new template assignment routes Cospec and handlers consolidated Build: cargo check --workspace PASS, tsc --noEmit Pass	2026-04-03 13:31:58 +08:00
iven	5b1b747810	fix(desktop): prevent transformCallback crash in browser mode ... Root cause: ChatArea.tsx called listen() from @tauri-apps/api/event directly on component mount without checking isTauriRuntime(). When accessed from a regular browser (not Tauri WebView), window.__TAURI_INTERNALS__ is undefined, causing "Cannot read properties of undefined (reading 'transformCallback')". Solution: - Created lib/safe-tauri.ts with safe wrappers (safeInvoke, safeListen, safeListenEvent, requireInvoke) that gracefully degrade when Tauri IPC is unavailable - Replaced direct listen() call in ChatArea.tsx with safeListenEvent()	2026-04-03 13:00:36 +08:00
iven	564c7ca28f	fix(desktop): guard invoke calls with isTauriRuntime check ... Step 5 (embedding config) and Step 5b (summary driver) in App.tsx bootstrap called invoke() without checking if Tauri IPC is available. When accessing http://localhost:1420/ in a regular browser, this caused "Cannot read properties of undefined (reading 'transformCallback')". Also added __TAURI_INTERNALS__ guard in saasStore kernel config sync.	2026-04-03 12:46:14 +08:00
iven	65b73c547f	fix(desktop): resolve Tauri state panic on startup ... SessionStreamGuard and StreamCancelFlags were type aliases to the same Arc<DashMap<String, Arc<AtomicBool>>> type. Tauri distinguishes managed state by Rust type, so registering both caused a runtime panic: "state for type ... is already being managed". Changed to newtype structs with Deref impl to the inner Arc<DashMap>, keeping all call sites compatible without changes.	2026-04-03 12:29:10 +08:00
iven	d8e2954d73	docs: stabilization directive + TRUTH document + AI session prompts + dockerignore ... - STABILIZATION_DIRECTIVE.md: feature freeze rules, banned actions, priorities - TRUTH.md: single source of truth for system state (crate counts, store counts) - AI_SESSION_PROMPTS.md: three-layer prompt system for AI sessions - Industry agent delivery design spec - Stabilization test suite for regression prevention - Delete stale ISSUE-TRACKER.md - Add .dockerignore for container builds - Add brainstorm session artifacts	2026-04-03 00:29:16 +08:00
iven	5c74e74f2a	fix(desktop): component cleanup + dead code removal + DeerFlow ai-elements ... - ChatArea: DeerFlow ai-elements annotations for accessibility - Conversation: remove unused Context, simplify message rendering - Delete dead modules: audit-logger.ts, gateway-reconnect.ts - Replace console.log with structured logger across components - Add idb dependency for IndexedDB persistence - Fix kernel-skills type safety improvements	2026-04-03 00:28:58 +08:00
iven	15d578c5bc	fix(tauri): replace silent let _ = with structured logging across 20 modules ... Replace error-swallowing let _ = patterns with tracing::warn! in browser, classroom, gateway, intelligence, memory, pipeline, secure_storage, and viking command handlers. Ensures errors are observable in production logs.	2026-04-03 00:28:39 +08:00
iven	0a04b260a4	refactor(desktop): ChatStore structured split + IDB persistence + stream cancel ... Split monolithic chatStore.ts (908 lines) into 4 focused stores: - chatStore.ts: facade layer, owns messages[], backward-compatible selectors - conversationStore.ts: conversation CRUD, agent switching, IndexedDB persistence - streamStore.ts: streaming orchestration, chat mode, suggestions - messageStore.ts: token tracking Key fixes from 3-round deep audit: - C1: Fix Rust serde camelCase vs TS snake_case mismatch (toolStart/toolEnd/iterationStart) - C2: Fix IDB async rehydration race with persist.hasHydrated() subscribe - C3: Add sessionKey to partialize to survive page refresh - H3: Fix IDB migration retry on failure (don't set migrated=true in catch) - M3: Fix ToolCallStep deduplication (toolStart creates, toolEnd updates) - M-NEW-2: Clear sessionKey on cancelStream Also adds: - Rust backend stream cancellation via AtomicBool + cancel_stream command - IndexedDB storage adapter with one-time localStorage migration - HMR cleanup for cross-store subscriptions	2026-04-03 00:24:16 +08:00
iven	da438ad868	fix(billing): resolve all audit findings — CSRF, float precision, TOCTOU, error sanitization ... - Add CSRF token protection for mock payment (SHA256 + constant-time verify) - Replace f64 currency conversion with pure integer string parsing (parse_yuan_to_cents) - Move subscription check inside transaction to prevent TOCTOU race - Rewrite increment_usage to use atomic SQL (account_id+period_start WHERE) - Add trade_no format validation in payment callback - Sanitize error messages to prevent sensitive data leakage - Use i32::try_from for WeChat amount conversion (prevent truncation) - Replace window.__ZCLAW_STATS_SYNC_INTERVAL__ with useRef pattern - Replace eprintln/println with tracing macros in lifecycle - Remove unused variable in scheduler - Remove duplicate sha2 and unused hmac from Cargo.toml	2026-04-02 20:04:43 +08:00
iven	28299807b6	fix(desktop): DeerFlow UI — ChatArea refactor + ai-elements + dead CSS cleanup ... ChatArea retry button uses setInput instead of direct sendToGateway, fix bootstrap spinner stuck for non-logged-in users, remove dead CSS (aurora-title/sidebar-open/quick-action-chips), add ai components (ReasoningBlock/StreamingText/ChatMode/ModelSelector/TaskProgress), add ClassroomPlayer + ResizableChatLayout + artifact panel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 19:24:44 +08:00
iven	837abec48a	feat(billing): add usage increment API + wire hand/pipeline execution tracking ... Server side: - POST /api/v1/billing/usage/increment endpoint with dimension whitelist (hand_executions, pipeline_runs, relay_requests) and count validation (1-100) - Returns updated usage quota after increment Desktop side: - New saas-billing.ts mixin with incrementUsageDimension() and reportUsageFireAndForget() (non-blocking, safe for finally blocks) - handStore.triggerHand: reports hand_executions after successful run - PipelinesPanel.handleRunComplete: reports pipeline_runs on completion - SaaSClient type declarations for new billing methods Billing pipeline now covers all three dimensions: relay_requests → relay handler (server-side, real-time) hand_executions → handStore (client-side, fire-and-forget) pipeline_runs → PipelinesPanel (client-side, fire-and-forget)	2026-04-02 02:02:59 +08:00
iven	8263b236fd	refactor(desktop): wire PipelineResultPreview into PipelinesPanel ... Replace the inline ResultModal with the full-featured PipelineResultPreview component. This gives users JSON/Markdown/ Classroom mode switching, file download cards, and classroom export support instead of the previous basic PresentationContainer wrapper. Remove unused ResultModal component and PresentationContainer import. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 01:32:58 +08:00
iven	a851a2854f	feat(desktop): update quick action prompts for education/healthcare/design industries ... Tailor first-conversation prompts to the three target user groups: - Education: AI tool comparison, digital transformation research - Healthcare: administrative optimization proposal - Design/Shantou: toy industry export trend analysis Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 23:21:06 +08:00
iven	73ff5e8c5e	feat(desktop): DeerFlow visual redesign + stream hang fix + intelligence client ... DeerFlow frontend visual overhaul: - Card-style input box (white rounded card, textarea top, actions bottom) - Dropdown mode selector (闪速/思考/Pro/Ultra with icons+descriptions) - Colored quick-action chips (小惊喜/写作/研究/收集/学习) - Minimal top bar (title + token count + export) - Warm gray color system (#faf9f6 bg, #f5f4f1 sidebar, #e8e6e1 border) - DeerFlow-style sidebar (新对话/对话/智能体 nav) - Reasoning block, tool call chain, task progress visualization - Streaming text, model selector, suggestion chips components - Resizable artifact panel with drag handle - Virtualized message list for 100+ messages Bug fixes: - Stream hang: GatewayClient onclose code 1000 now calls onComplete - WebView2 textarea border: CSS !important override for UA styles - Gateway stream event handling (response/phase/tool_call types) Intelligence client: - Unified client with fallback drivers (compactor/heartbeat/identity/memory/reflection) - Gateway API types and type conversions	2026-04-01 22:03:07 +08:00
iven	e3b93ff96d	fix(security): implement all 15 security fixes from penetration test V1 ... Security audit (2026-03-31): 5 HIGH + 10 MEDIUM issues, all fixed. HIGH: - H1: JWT password_version mechanism (pwv in Claims, middleware verification, auto-increment on password change) - H2: Docker saas port bound to 127.0.0.1 - H3: TOTP encryption key decoupled from JWT secret (production bailout) - H4+H5: Tauri CSP hardened (removed unsafe-inline, restricted connect-src) MEDIUM: - M1: Persistent rate limiting (PostgreSQL rate_limit_events table) - M2: Account lockout (5 failures -> 15min lock) - M3: RFC 5322 email validation with regex - M4: Device registration typed struct with length limits - M5: Provider URL validation on create/update (SSRF prevention) - M6: Legacy TOTP secret migration (fixed nonce -> random nonce) - M7: Legacy frontend crypto migration (static salt -> random salt) - M8+M9: Admin frontend: removed JS token storage, HttpOnly cookie only - M10: Pipeline debug log sanitization (keys only, 100-char truncation) Also: fixed CLAUDE.md Section 12 (was corrupted), added title.rs middleware skeleton, fixed RegisterDeviceRequest visibility.	2026-04-01 08:38:37 +08:00
iven	7d4d2b999b	fix: unify logger names in kernel-hands, replace console.error in gateway-api ... - Fix inconsistent 'KernelClient' logger name to 'KernelHands' in listApprovals - Replace console.error with logger.error in gateway-api triggerHand - No functional changes, only logging consistency improvements	2026-03-31 16:29:39 +08:00
iven	f23f6c5f91	refactor(desktop): remove deprecated gatewayStore.ts facade ... - Remove gatewayStore.ts (358-line backward-compat facade) that no components import from - All consumers already use domain-specific stores directly (connectionStore, agentStore, handStore, etc.) - Update store/index.ts comment to remove useGatewayStore reference	2026-03-31 16:21:28 +08:00
iven	97698f54b2	fix(desktop): validate adminRouting with type-safe parsing and logged warnings ... - Add type guard (typeof parsed === 'object' && 'llm_routing' in parsed) before accessing llm_routing - Replace silent catch with log.warn for parse failures - Add 8 unit tests covering valid/invalid/null/malformed inputs	2026-03-31 16:17:29 +08:00
iven	6cae768401	fix(desktop): session persistence — refresh/login/context/empty-content 4-bug fix ... 1. App.tsx: add restoreSession() call on startup to prevent redirect to login page after refresh (isRestoring guard + BootstrapScreen) 2. CloneManager: call syncAgents() after loadClones() to restore currentAgent and conversation history on app load 3. zclaw-memory: add get_or_create_session() so frontend session UUID is persisted directly — kernel no longer creates mismatched IDs 4. openai.rs: assistant message content must be non-empty for Kimi/Qwen APIs — replace empty content with meaningful placeholders Also includes admin-v2 ModelServices unified page (merge providers + models + API keys into expandable row layout)	2026-03-31 13:38:59 +08:00
iven	3e5d64484e	fix(relay): fix llm_routing read path bug and add User-Agent header for Coding Plan ... 1. connectionStore.ts: storedAccount.account.llm_routing → storedAccount.llm_routing - saveSaaSSession stores SaaSAccountInfo directly, not { account: SaaSAccountInfo } - This bug caused admin llm_routing config to never take effect 2. relay/service.rs: add User-Agent: claude-code/1.0 header - Kimi Coding Plan requires recognized coding agent User-Agent - Default reqwest UA is rejected with 403 3. Docs: add llm_routing routing mode explanation and troubleshooting entries	2026-03-31 12:02:32 +08:00
iven	f79560a911	refactor(desktop): split kernel_commands/pipeline_commands into modules, add SaaS client libs and gateway modules ... Split monolithic kernel_commands.rs (2185 lines) and pipeline_commands.rs (1391 lines) into focused sub-modules under kernel_commands/ and pipeline_commands/ directories. Add gateway module (commands, config, io, runtime), health_check, and 15 new TypeScript client libraries for SaaS relay, auth, admin, telemetry, and kernel sub-systems (a2a, agent, chat, hands, skills, triggers). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 11:12:47 +08:00
iven	1d9283f335	fix: P0+P1 security and quality fixes ... P0-1: Token refresh race condition — reject all pending requests on refresh failure P0-2: Remove X-Forwarded-For trust in rate limiting — use only ConnectInfo IP P1-3: Template grid reactive — use useSaaSStore() hook instead of getState() P1-4: Agent Template detail modal — show emoji, personality, soul_content, welcome_message, communication_style, source_id, scenarios, version P1-5: adminRouting parse validation — type-safe llm_routing extraction from localStorage P1-6: Remove unused @ant-design/charts dependency P1-extra: Type addKeyMutation data parameter (replace any) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 09:17:04 +08:00
iven	c9b9c5231b	feat(desktop): integrate SaaS llm_routing, template API, and onboarding template selection ... - Add AgentTemplateAvailable/AgentTemplateFull types and fetchAvailableTemplates/fetchTemplateFull API methods to saas-client - Add llm_routing field to SaaSAccountInfo for admin-configured routing priority - Add availableTemplates state and fetchAvailableTemplates action to saasStore with background fetch on login - Add admin llm_routing priority check in connectionStore connect() to force relay or local mode - Add createFromTemplate action to agentStore with SOUL.md persistence - Add Step 0 template selection to AgentOnboardingWizard with grid layout for template browsing	2026-03-31 03:15:45 +08:00
iven	eb956d0dce	feat: 新增管理后台前端项目及安全加固 ... refactor(saas): 重构认证中间件与限流策略 - 登录限流调整为5次/分钟/IP - 注册限流调整为3次/小时/IP - GET请求不计入限流 fix(saas): 修复调度器时间戳处理 - 使用NOW()替代文本时间戳 - 兼容TEXT和TIMESTAMPTZ列类型 feat(saas): 实现环境变量插值 - 支持${ENV_VAR}语法解析 - 数据库密码支持环境变量注入 chore: 新增前端管理界面 - 基于React+Ant Design Pro - 包含路由守卫/错误边界 - 对接58个API端点 docs: 更新安全加固文档 - 新增密钥管理规范 - 记录P0安全项审计结果 - 补充TLS终止说明 test: 完善配置解析单元测试 - 新增环境变量插值测试用例	2026-03-31 00:11:33 +08:00
iven	a0bbd4ba82	feat(scheduler): 定时任务后端持久化 + Pipeline trigger 编译修复 ... S4/S8 定时任务后端: - 新增 scheduled_tasks 表 (migration v7) - 新增 scheduled_task CRUD 模块 (handlers/service/types) - 注册 /api/scheduler/tasks 路由 (GET/POST/PATCH/DELETE) - 新增 start_user_task_scheduler() 30秒轮询循环 - 支持 cron/interval/once 三种调度类型 - once 类型执行后自动禁用 修复: - pipeline_commands.rs: 修复 pipeline.trigger 字段不存在的编译错误 (Pipeline 结构体无 trigger 字段，改用 metadata.tags/description)	2026-03-30 19:46:45 +08:00
iven	ecd7f2e928	fix(desktop): console.log 清理 — 替换为结构化 logger ... 将 desktop/src 中 23 处 console.log 替换为 createLogger() 结构化日志: - 生产构建自动静默 debug/info 级别 - 保留 console.error 用于关键错误可见性 - 新增 dompurify 依赖修复 XSS 防护引入缺失 涉及文件: App.tsx, offlineStore.ts, autonomy-manager.ts, gateway-auth.ts, llm-service.ts, request-helper.ts, security-index.ts, skill-discovery.ts, use-onboarding.ts 等 16 个文件	2026-03-30 16:22:16 +08:00
iven	ba2c6a6105	fix(saas): P1 审计修复 — 连接池断路器 + Worker重试 + XSS防护 + 状态机SQL解析器 ... P1 修复内容: - F7: health handler 连接池容量检查 (80%阈值返回503 degraded) - F9: SSE spawned task 并发限制 (Semaphore 16 permits) - F10: Key Pool 单次 JOIN 查询优化 (消除 N+1) - F12: CORS panic → 配置错误 - F14: 连接池使用率计算修正 (ratio = used*100/total) - F15: SQL 迁移解析器替换为状态机 (支持 $$, DO $body$, 存储过程) - Worker 重试机制: 失败任务通过 mpsc channel 重新入队 - DOMPurify XSS 防护 (PipelineResultPreview) - Admin V2: ErrorBoundary + SWR全局配置 + 请求优化	2026-03-30 14:21:39 +08:00
iven	834aa12076	fix: P0 panic风险修复 + P1编译warnings清零 + P2代码/文档清理 ... P0 安全性: - account/handlers.rs: .unwrap() → .expect() 语义化错误信息 - relay/handlers.rs: SSE Response .unwrap() → .expect() P1 编译质量 (6 warnings → 0): - kernel.rs: 移除未使用的 Capability import 和 config_clone 变量 - pipeline_commands.rs: 未使用变量 id → _id - db.rs: 移除多余括号 - relay/service.rs: 移除未使用的 StreamExt import - telemetry/service.rs: 抑制 param_idx 未读赋值警告 - main.rs: TcpKeepalive::with_retries() Linux-only 条件编译 P2 代码清理: - 移除 handStore/HandsPanel/HandTaskPanel/gateway-api/SchedulerPanel 调试 console.log - SchedulerPanel: 修复 updateWorkflow 未解构导致 TS 编译错误 - 文档清理 zclaw-channels 已移除 crate 的引用	2026-03-30 11:33:47 +08:00
iven	813b49a986	feat: P0 KernelClient功能修复 + P1/P2/P3质量改进 ... P0 KernelClient 功能断裂修复: - Skill CUD: registry.rs create/update/delete + serialize_skill_md + kernel proxy - Workflow CUD: pipeline_commands.rs create/update/delete + serde_yaml依赖 - Agent更新: registry update方法 + AgentConfigUpdated事件 + agent_update命令 - Hand流式事件: HandStart/HandEnd变体替换ToolStart/ToolEnd - 后端验证: hand_get/hand_run_status/hand_run_list确认实现完整 - Approval闭环: respond_to_approval后台spawn+5分钟超时轮询 P2/P3 质量改进: - Browser WebDriver: TCP探测ChromeDriver/GeckoDriver/Edge端口替换硬编码true - api-fallbacks: 移除假技能和16个捏造安全层，替换为真实能力映射 - dead_code清理: 移除5个模块级#![allow(dead_code)]，删除3个真正死方法， 删除未注册的compactor_compact_llm命令，warnings从8降到3 - 所有变更通过cargo check + tsc --noEmit验证	2026-03-30 10:55:08 +08:00
iven	13c0b18bbc	feat: Batch 5-9 — GrowthIntegration桥接、验证补全、死代码清理、Pipeline模板、Speech/Twitter真实实现 ... Batch 5 (P0): GrowthIntegration 接入 Tauri - Kernel 新增 set_viking()/set_extraction_driver() 桥接 SqliteStorage - 中间件链共享存储，MemoryExtractor 接入 LLM 驱动 Batch 6 (P1): 输入验证 + Heartbeat - Relay 验证补全（stream 兼容检查、API key 格式校验） - UUID 类型校验、SessionId 错误返回 - Heartbeat 默认开启 + 首次聊天自动初始化 Batch 7 (P2): 死代码清理 - zclaw-channels 整体移除（317 行） - multi-agent 特性门控、admin 方法标注 Batch 8 (P2): Pipeline 模板 - PipelineMetadata 新增 annotations 字段 - pipeline_templates 命令 + 2 个示例模板 - fallback driver base_url 修复（doubao/qwen/deepseek 端点） Batch 9 (P1): SpeechHand/TwitterHand 真实实现 - SpeechHand: tts_method 字段 + Browser TTS 前端集成 (Web Speech API) - TwitterHand: 12 个 action 全部替换为 Twitter API v2 真实 HTTP 调用 - chatStore/useAutomationEvents 双路径 TTS 触发	2026-03-30 09:24:50 +08:00
iven	f3f586efef	feat(kernel): Agent 导入/导出 + message_count 跟踪 ... Sprint 3.1 message_count 修复: - AgentRegistry 新增 message_counts 字段跟踪每个 agent 的消息数 - increment_message_count() 在 send_message 和 send_message_stream 中调用 - get_info() 返回实际计数值 Sprint 3.3 Agent 导入/导出: - Kernel 新增 get_agent_config() 方法返回原始 AgentConfig - 新增 agent_export Tauri 命令，导出配置为 JSON - 新增 agent_import Tauri 命令，从 JSON 导入并自动生成新 ID - 注册到 Tauri invoke_handler	2026-03-30 00:19:02 +08:00
iven	ee29b7b752	fix(pipeline): BREAK-04 接入 pipeline-complete 事件监听 ... PipelinesPanel 新增 useEffect 订阅 PipelineClient.onComplete()， 处理用户导航离开后的后台 Pipeline 完成通知。 - 后台完成时 toast 提示成功/失败 - 跳过当前选中 pipeline 的重复通知（轮询路径已处理） - 组件卸载时自动清理监听器	2026-03-29 23:51:55 +08:00
iven	7de294375b	feat(auth): 添加异步密码哈希和验证函数 ... refactor(relay): 复用HTTP客户端和请求体序列化结果 feat(kernel): 添加获取单个审批记录的方法 fix(store): 改进SaaS连接错误分类和降级处理 docs: 更新审计文档和系统架构文档 refactor(prompt): 优化SQL查询参数化绑定 refactor(migration): 使用静态SQL和COALESCE更新配置项 feat(commands): 添加审批执行状态追踪和事件通知 chore: 更新启动脚本以支持Admin后台 fix(auth-guard): 优化授权状态管理和错误处理 refactor(db): 使用异步密码哈希函数 refactor(totp): 使用异步密码验证函数 style: 清理无用文件和注释 docs: 更新功能全景和审计文档 refactor(service): 优化HTTP客户端重用和请求处理 fix(connection): 改进SaaS不可用时的降级处理 refactor(handlers): 使用异步密码验证函数 chore: 更新依赖和工具链配置	2026-03-29 21:45:29 +08:00
iven	5fdf96c3f5	chore: 提交所有工作进度 — SaaS 后端增强、Admin UI、桌面端集成 ... 包含大量 SaaS 平台改进、Admin 管理后台更新、桌面端集成完善、 文档同步、测试文件重构等内容。为 QA 测试准备干净工作树。	2026-03-29 10:46:41 +08:00
iven	4d8d560d1f	feat(saas): 桌面端 P2 客户端补齐 — TOTP 2FA、Relay 任务、Config 同步 ... - saas-client: 添加 TOTP/Relay/Config 类型和 typed 方法，login 支持 totp_code - saasStore: TOTP 感知登录 (检测 TOTP_ERROR → 两步登录)，TOTP 管理动作 - SaaSLogin: TOTP 验证码输入步骤 (6 位数字，Enter 提交) - TOTPSettings (新): 启用流程 (QR 码 + secret + 验证码)，禁用 (密码确认) - RelayTasksPanel (新): 状态过滤、任务列表、Admin 重试按钮 - SaaSSettings: 集成 TOTP 和 Relay 面板到设置页	2026-03-27 18:20:11 +08:00
iven	bc12f6899a	feat(saas): Phase 4 端到端完善 — 设备注册、离线支持、配置迁移、集成测试 ... - 后端: devices 表 + register/heartbeat/list 端点 (UPSERT 语义) - 桌面端: 设备 ID 持久化 + 5 分钟心跳 + 离线状态指示 - saas-client: 重试逻辑 (2 次指数退避) + isServerReachable 跟踪 - ConfigMigrationWizard: 3 步向导 (方向选择→冲突解决→结果) - SaaSSettings: 修改密码折叠面板 + 迁移向导入口 - 集成测试: 21 个测试全部通过 (含设备注册/UPSERT/心跳、密码修改、E2E 生命周期) - 修复 ConfigMigrationWizard merge 分支变量遮蔽 bug	2026-03-27 15:07:03 +08:00
iven	8cce2283f7	fix(saas): P0 安全修复 + P1 功能补全 — 角色提升、Admin 引导、IP 记录、密码修改 ... P0 安全修复: - 修复 account update 自角色提升漏洞: 非 admin 用户更新自己时剥离 role 字段 - 添加 Admin 引导机制: accounts 表为空时自动从环境变量创建 super_admin P1 功能补全: - 所有 17 个 log_operation 调用点传入真实客户端 IP (ConnectInfo + X-Forwarded-For) - AuthContext 新增 client_ip 字段, middleware 层自动提取 - main.rs 使用 into_make_service_with_connect_info 启用 SocketAddr 注入 - 新增 PUT /api/v1/auth/password 密码修改端点 (验证旧密码 + argon2 哈希) - 桌面端 SaaS 设置页添加密码修改 UI (折叠式表单) - SaaSClient 添加 changePassword() 方法 - 集成测试修复: 注入模拟 ConnectInfo 适配 onshot 测试模式	2026-03-27 14:45:47 +08:00