142 Commits

Author	SHA1	Message	Date
iven	1f792bdfe0	test: add T6 SaaS, T7 Skills, T8 Chat audit reports ... T6 SaaS Desktop (health 85→89, +4): - M7-02 P1 PUT path param 已修复 - M7-04 P1 refreshToken body 已修复 - M7-01 P2 密码长度不一致（6 vs 8）未修复 T7 Skills (health 85→87, +2): - M5-01 P1 triggers 映射已修复（正确使用 backend.triggers） - category 全部为 null（仍从 tags[0] 映射） - 75 个技能全部成功加载 T8 Chat (health 91→91, 0): - ChatStore 4-sub-store 重构完成 - 11 层中间件链确认存在 - 11 项 V12 问题全为 P2/P3	2026-04-05 18:50:19 +08:00
iven	66827a55a5	test: add T5 Pipeline workflow audit report ... T5 Pipeline (health 72→78, +6): - M6-01 P1 route_intent 已修复 (已注册) - M6-02 P1 v1/v2 解析器分裂已修复 (fallback) - 15 个行业模板全部成功列举 - pipeline_run 异步执行基本工作 - M6-03/04/05/07 P2 未修复	2026-04-05 18:44:28 +08:00
iven	4431bef71c	test: add T4 Classroom system audit report ... T4 Classroom (health 70→75, +5): - M11-01 P1 blocking_lock 已修复 (try_lock) - M11-02 P1 map_err 已修复 - M11-03 P1 持久化已修复 (SQLite) - M11-06 Date.now→crypto.randomUUID 已修复 - NEW P1: GenerationPipeline 硬编码 model="default" 导致课堂生成 404	2026-04-05 18:38:20 +08:00
iven	a3bfdbb01c	test: add T2 Intelligence and T3 Agent audit reports ... T2 Intelligence (health 61→74, +13): - M4-01 P0 双数据库已修复 (unified-client 统一路径) - M4-03 Heartbeat 不自动启动 (未修复) - M4-08 心跳间隔无下限 (未修复) - 记忆 CRUD 全链路通过 T3 Agent (health 67→73, +6): - M2-01 字段丢失部分修复 (写入成功但读取不返回) - M2-05 删除活跃 Agent 无警告 (未修复) - M2-08 参数验证部分修复 (max_tokens=0 未拒绝) - CRUD 操作基本工作	2026-04-05 18:29:29 +08:00
iven	5877e794fa	test: add T1 Hands audit report and baseline results ... Phase 1 baseline + T1 Hands functional audit: - Desktop vitest: 174/185 passed (chatStore refactoring) - Admin vitest: 36/71 passed (API mock issues) - Cargo check: 0 errors - T1 Hands: 18/23 TCs executed, health 58→68 (+10) - Key findings: M3-01/M3-06 fixed, M3-02/M3-04 unfixed - New P1: LLM API concurrent DATABASE_ERROR	2026-04-05 18:19:32 +08:00
iven	0a3ba2fad4	docs: add pre-launch functional audit test execution plan (T1-T12, 5 chunks, 112 TCs)	2026-04-05 17:53:39 +08:00
iven	7e56b40972	docs: add functional verification plan and report ... Comprehensive 15-module verification of ZCLAW desktop app via tauri-mcp. Found 8 issues (1 CRITICAL fixed, 3 MAJOR, 4 MINOR). Key findings: - Skills system shows 0 loaded (should be 75) - Automation/Skills/Workflow views have no UI navigation entry - Rate limiting triggered by rapid page switching	2026-04-05 15:49:19 +08:00
iven	d6b1f44119	feat(admin): add ConfigSync page + close ADMIN-01/02 (AUDIT_TRACKER) ... - ADMIN-01 FIXED: ConfigSync.tsx page with ProTable + pagination - config-sync service calling GET /config/sync-logs - route + nav item + breadcrumb - backend @reserved → @connected - ADMIN-02 FALSE_POSITIVE: Logs.tsx + logs service already exist	2026-04-05 01:40:38 +08:00
iven	745c2fd754	feat(saas): add down migrations for all incremental schema changes (AUD3-DB-01) ... - 16 down SQL files in migrations/down/ for each incremental migration - db::run_down_migrations() executes rollback files in reverse order - migrate_down CLI task: task=migrate_down timestamp=20260402 - Initial schema and seed data excluded (would be destructive)	2026-04-05 01:35:33 +08:00
iven	3b0ab1a7b7	fix(types): Desktop type safety hardening (TYPE-01) ... - Unify ConnectionState: kernel-types.ts now canonical source with 'handshaking', gateway-types.ts re-exports - PromptTemplateInfo source/status → union literals - PromptVariable.type → union literal - CreateRoleRequest id/permissions → optional - PropertyPanel: replace 13 as any with typed accessor pattern - chatStore: window cast via as unknown as Record	2026-04-05 01:30:29 +08:00
iven	36168d6978	docs(audit): sync AUD3-FE-05/06 table status to FIXED	2026-04-05 01:13:27 +08:00
iven	b84a503500	docs(audit): batch close 17 OPEN items + update TRUTH.md command counts ... Closed items (FALSE_POSITIVE): V11-P3-02/03/08, V11-P4-03/04/05, AUD3-FE-04/07/08, V11-P3-04/06, AUD3-CONC-03, DOC-03/04, V11-P4-01 Fixed: V11-P2-05, AUD3-FE-03, AUD3-FE-09, DOC-03 Documented: AUD3-API-02, V11-P4-02, SEC2-P3-01/02 TRUTH.md: 171→177 commands (160 @connected / 16 @reserved) CLAUDE.md: skills 76→75, unified counts	2026-04-05 01:07:08 +08:00
iven	13a40dbbf5	docs(audit): update tracker with DEAD-05 + V11-P2-05 progress ... - DEAD-05: 10 dead saas-client methods removed (PARTIALLY_FIXED) - V11-P2-05: 9 stale @reserved annotations corrected to @connected Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-05 00:23:45 +08:00
iven	26dc500b1b	docs(audit): batch close 15 P2/P3 items as FALSE_POSITIVE ... CLOSED items: - BREAK-02/03/04: FALSE_POSITIVE (already closed in changelog) - V11-P2-01: saas-admin.ts deleted - V11-P2-02: admin-v2 has roles service+page - V11-P2-04: ToolDefinition re-export, not duplicate - V11-P2-06: fetch_all sync-only, no LIMIT needed - V11-P3-02/03: function removed or feature-gated - V11-P3-05/DEAD-04: properly feature-gated - AUD3-CONC-02/DB-02: already covered by SEC2-P2-05/08 - EVAL-01: zclaw-channels removed - SEC-V9-02: comprehensive validation exists - DOC-01/02: tauri command count updated 175→171 Also fixed BREAK-02/03/04 table rows to match changelog status.	2026-04-04 23:52:33 +08:00
iven	37e77d0d5e	docs(audit): close P2/P3 items, FALSE_POSITIVE resolved ... - SEC-V9-02: relay input validation already comprehensive - AUDIT-01: audit-logger.ts already deleted in prior cleanup - G-07: provider_keys vs account_api_keys intentional architecture - V11-P2-03: gateway-storage sync methods already replaced - V11-P3-01: audit-logger.ts already deleted - V11-P3-07: secure-storage sync same as V11-P2-03 - Batch 7 commit hash corrected (1fec8cf)	2026-04-04 21:51:36 +08:00
iven	61224efff5	docs(truth): update numbers after V12 modular audit ... - Pipeline templates: 10 → 17 YAML files - Hands disabled: clarify Predictor/Lead have no TOML/Rust impl - Classroom commands: annotate @reserved status - Add V12 audit changelog entries	2026-04-04 21:34:24 +08:00
iven	6c6fcb76b3	docs(audit): resolve 3 P1 architecture decisions ... - SEC2-P1-01 FactStore: FALSE_POSITIVE (trait already removed) - V11-P1-03 3 SQL tables: FALSE_POSITIVE (2 active via JOIN, 1 write-only downgrade to P3) - M4-04 deep approval: WONTFIX (4-layer defense-in-depth sufficient) - M11-02: FIXED (map_err added in prev commit)	2026-04-04 21:31:47 +08:00
iven	1fec8cfbc1	fix(arch): unify TS/Rust types + classroom persistence registration + approval audit ... - M11-03: Register ClassroomPersistence via Tauri .setup() hook with in-memory fallback. Previously missing — classroom commands would crash at runtime. - M3-02: Document BrowserHand as schema validator + TypeScript delegation passthrough (dual-path architecture explicitly documented). - M4-04: Add defense-in-depth audit logging in execute_hand() and execute_hand_with_source() when needs_approval hands bypass approval gate. - TYPE-01: Add #[serde(rename_all = "camelCase")] to Rust AgentInfo. Add missing fields to TS AgentInfo (messageCount, createdAt, updatedAt). Fix KernelStatus TS interface to match Rust KernelStatusResponse (baseUrl/model instead of defaultProvider/defaultModel). - SEC2-P1-01: Document EXTRACTION_DRIVER OnceCell as legacy path; Kernel struct field is the active path. - TriggerSource: Add #[derive(PartialEq)] for approval audit comparisons.	2026-04-04 21:09:02 +08:00
iven	8e56df74ec	docs: update audit tracker with V12 module audit fix progress	2026-04-04 19:28:11 +08:00
iven	442ec0eeef	docs(audit): V12 模块化端到端审计报告 — 11 模块 + 总报告 ... 混合矩阵式审计：10 个功能模块 × 五维检查清单 - 项目整体健康度: 76/100 - 2 个 P0 (M4 双数据库 + 反思引擎 LLM 未接入) - 15 个 P1 (跨 M2/M3/M4/M5/M6/M7/M11) - 三类断链模式: 写了没接/接了不对/双实现未统一 - 三阶段修复路线图: P0(2-3天) → P1(5-7天) → P2(5-7天)	2026-04-04 17:55:03 +08:00
iven	5db2907420	test(desktop): add agent-chat comprehensive E2E test spec ... Full E2E test suite for agent chat functionality including: - Message send/receive flow - Streaming response verification - Model switching behavior - Error handling scenarios - Multi-turn conversation context Includes test report documenting coverage and known gaps.	2026-04-03 23:02:00 +08:00
iven	cc26797faf	fix(saas): eliminate 6 compiler warnings + stabilize directive complete ... - Remove unused imports: Utc (billing/service), StatusCode (billing/handlers), Sha256 (billing/handlers) - Fix unused variables: _db (scheduler), _e (payment WeChat error) - Fix visibility: RegisterDeviceRequest pub(super) → pub (used in pub handler) - Update STABILIZATION_DIRECTIVE.md: all 7 criteria met, downgrade to advisory - Fix TRUTH.md §2.2: mark P0/P1 defects as resolved, update Admin pages count to 14 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-03 21:57:04 +08:00
iven	2ceeeaba3d	fix(production-readiness): 3-batch production readiness cleanup — 12 tasks ... Batch 1 — User-facing fixes: - B1-1: Pipeline verified end-to-end (14 Rust commands, 8 frontend invoke, fully connected) - B1-2: MessageSearch restored to ChatArea with search button in DeerFlow header - B1-3: Viking cleanup — removed 5 orphan invokes (no Rust impl), added addWithMetadata + storeWithSummaries methods + summary generation UI - B1-4: api-fallbacks transparency — added _isFallback markers + console.warn to all 6 fallback functions Batch 2 — System health: - B2-1: Document drift calibration — TRUTH.md/README.md numbers verified and updated - B2-2: @reserved annotations on 15 SaaS handler functions with no frontend callers - B2-3: Scheduled Task Admin V2 — new service + page + route + sidebar navigation - B2-4: TRUTH.md Pipeline/Viking/ScheduledTask records corrected Batch 3 — Long-term quality: - B3-1: hand_run_status/hand_run_list verified as fully implemented (not stubs) - B3-2: Identity snapshot rollback UI added to RightPanel - B3-3: P2 code quality — 4 fixes (TODO comments, fire-and-forget notes, design notes, table name validation), 2 verified N/A, 1 upstream - B3-4: Config PATCH→PUT alignment (admin-v2 config.ts matched to SaaS backend)	2026-04-03 21:34:56 +08:00
iven	305984c982	fix(saas): P2 code quality fixes + config PATCH/PUT alignment ... P2 code quality (SEC2-P2-01~10): - P2-04: Replace vague TODO with detailed Phase 2 design note in generate_embedding.rs - P2-05: Add NOTE(fire-and-forget) annotations to 4 long-running tokio::spawn in main.rs - P2-07: Add DESIGN NOTE to scheduler explaining sequential execution rationale - P2-08: Add compile-time table name whitelist + runtime char validation in db.rs - P2-02: Verified N/A (only zclaw-pipeline uses serde_yaml_bw, no inconsistency) - P2-06: Verified N/A (bind loop correctly matches 6-column placeholders) - P2-03: Remains OPEN (requires upstream sqlx release) Config HTTP method alignment (B3-4): - Fix admin-v2 config.ts: request.patch -> request.put to match backend .put() route - Fix backend handler doc comment: PATCH -> PUT - Add @reserved annotations to 6 config handlers without frontend callers	2026-04-03 21:32:17 +08:00
iven	22b967d2a6	docs(features): v0.10.1/v0.10.2 数字校准 + 行业模板文档更新 ... - README.md: SKILL 76→75, Tauri 命令 175→171, SaaS API 58→131, Workers 5→7, 数据表 25→34, Admin 11→13 页面 - 00-saas-overview.md: Agent Template 新增 5 个端点文档、种子数据表、端到端数据流图 - roadmap.md: 同步最新数字 - fix(saasStore): toTopRequired → totpRequired 拼写修复	2026-04-03 21:29:44 +08:00
iven	1c697d0b46	chore: 清理临时管理目录并更新文档索引 ... 删除 admin-temp-dir 目录及其内容 更新文档索引以包含 dashmap 相关文件	2026-04-03 00:42:48 +08:00
iven	d8e2954d73	docs: stabilization directive + TRUTH document + AI session prompts + dockerignore ... - STABILIZATION_DIRECTIVE.md: feature freeze rules, banned actions, priorities - TRUTH.md: single source of truth for system state (crate counts, store counts) - AI_SESSION_PROMPTS.md: three-layer prompt system for AI sessions - Industry agent delivery design spec - Stabilization test suite for regression prevention - Delete stale ISSUE-TRACKER.md - Add .dockerignore for container builds - Add brainstorm session artifacts	2026-04-03 00:29:16 +08:00
iven	0a04b260a4	refactor(desktop): ChatStore structured split + IDB persistence + stream cancel ... Split monolithic chatStore.ts (908 lines) into 4 focused stores: - chatStore.ts: facade layer, owns messages[], backward-compatible selectors - conversationStore.ts: conversation CRUD, agent switching, IndexedDB persistence - streamStore.ts: streaming orchestration, chat mode, suggestions - messageStore.ts: token tracking Key fixes from 3-round deep audit: - C1: Fix Rust serde camelCase vs TS snake_case mismatch (toolStart/toolEnd/iterationStart) - C2: Fix IDB async rehydration race with persist.hasHydrated() subscribe - C3: Add sessionKey to partialize to survive page refresh - H3: Fix IDB migration retry on failure (don't set migrated=true in catch) - M3: Fix ToolCallStep deduplication (toolStart creates, toolEnd updates) - M-NEW-2: Clear sessionKey on cancelStream Also adds: - Rust backend stream cancellation via AtomicBool + cancel_stream command - IndexedDB storage adapter with one-time localStorage migration - HMR cleanup for cross-store subscriptions	2026-04-03 00:24:16 +08:00
iven	8898bb399e	docs: audit reports + feature docs + skills + admin-v2 + config sync ... Update audit tracker, roadmap, architecture docs, add admin-v2 Roles page + Billing tests, sync CLAUDE.md, Cargo.toml, docker-compose.yml, add deep-research / frontend-design / chart-visualization skills Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 19:25:00 +08:00
iven	62df7feac1	docs(spec): switch payment integration from Stripe to Alipay/WeChat Pay direct ... Target market is domestic China users only — integrate Alipay Face-to-Face Payment and WeChat Native Pay directly instead of Stripe as intermediary. Updated billing module structure, risk table, and verification criteria. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 23:21:22 +08:00
iven	73ff5e8c5e	feat(desktop): DeerFlow visual redesign + stream hang fix + intelligence client ... DeerFlow frontend visual overhaul: - Card-style input box (white rounded card, textarea top, actions bottom) - Dropdown mode selector (闪速/思考/Pro/Ultra with icons+descriptions) - Colored quick-action chips (小惊喜/写作/研究/收集/学习) - Minimal top bar (title + token count + export) - Warm gray color system (#faf9f6 bg, #f5f4f1 sidebar, #e8e6e1 border) - DeerFlow-style sidebar (新对话/对话/智能体 nav) - Reasoning block, tool call chain, task progress visualization - Streaming text, model selector, suggestion chips components - Resizable artifact panel with drag handle - Virtualized message list for 100+ messages Bug fixes: - Stream hang: GatewayClient onclose code 1000 now calls onComplete - WebView2 textarea border: CSS !important override for UA styles - Gateway stream event handling (response/phase/tool_call types) Intelligence client: - Unified client with fallback drivers (compactor/heartbeat/identity/memory/reflection) - Gateway API types and type conversions	2026-04-01 22:03:07 +08:00
iven	e3b93ff96d	fix(security): implement all 15 security fixes from penetration test V1 ... Security audit (2026-03-31): 5 HIGH + 10 MEDIUM issues, all fixed. HIGH: - H1: JWT password_version mechanism (pwv in Claims, middleware verification, auto-increment on password change) - H2: Docker saas port bound to 127.0.0.1 - H3: TOTP encryption key decoupled from JWT secret (production bailout) - H4+H5: Tauri CSP hardened (removed unsafe-inline, restricted connect-src) MEDIUM: - M1: Persistent rate limiting (PostgreSQL rate_limit_events table) - M2: Account lockout (5 failures -> 15min lock) - M3: RFC 5322 email validation with regex - M4: Device registration typed struct with length limits - M5: Provider URL validation on create/update (SSRF prevention) - M6: Legacy TOTP secret migration (fixed nonce -> random nonce) - M7: Legacy frontend crypto migration (static salt -> random salt) - M8+M9: Admin frontend: removed JS token storage, HttpOnly cookie only - M10: Pipeline debug log sanitization (keys only, 100-char truncation) Also: fixed CLAUDE.md Section 12 (was corrupted), added title.rs middleware skeleton, fixed RegisterDeviceRequest visibility.	2026-04-01 08:38:37 +08:00
iven	6cae768401	fix(desktop): session persistence — refresh/login/context/empty-content 4-bug fix ... 1. App.tsx: add restoreSession() call on startup to prevent redirect to login page after refresh (isRestoring guard + BootstrapScreen) 2. CloneManager: call syncAgents() after loadClones() to restore currentAgent and conversation history on app load 3. zclaw-memory: add get_or_create_session() so frontend session UUID is persisted directly — kernel no longer creates mismatched IDs 4. openai.rs: assistant message content must be non-empty for Kimi/Qwen APIs — replace empty content with meaningful placeholders Also includes admin-v2 ModelServices unified page (merge providers + models + API keys into expandable row layout)	2026-03-31 13:38:59 +08:00
iven	3e5d64484e	fix(relay): fix llm_routing read path bug and add User-Agent header for Coding Plan ... 1. connectionStore.ts: storedAccount.account.llm_routing → storedAccount.llm_routing - saveSaaSSession stores SaaSAccountInfo directly, not { account: SaaSAccountInfo } - This bug caused admin llm_routing config to never take effect 2. relay/service.rs: add User-Agent: claude-code/1.0 header - Kimi Coding Plan requires recognized coding agent User-Agent - Default reqwest UA is rejected with 403 3. Docs: add llm_routing routing mode explanation and troubleshooting entries	2026-03-31 12:02:32 +08:00
iven	f79560a911	refactor(desktop): split kernel_commands/pipeline_commands into modules, add SaaS client libs and gateway modules ... Split monolithic kernel_commands.rs (2185 lines) and pipeline_commands.rs (1391 lines) into focused sub-modules under kernel_commands/ and pipeline_commands/ directories. Add gateway module (commands, config, io, runtime), health_check, and 15 new TypeScript client libraries for SaaS relay, auth, admin, telemetry, and kernel sub-systems (a2a, agent, chat, hands, skills, triggers). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 11:12:47 +08:00
iven	d0ae7d2770	feat(deploy): add Dockerfile, saas-env.example, nginx config, and production deployment guide ... Multi-stage Docker build for zclaw-saas with dependency caching, environment variable template with security defaults, Nginx reverse proxy with SSE/WebSocket support and HTTPS, and comprehensive Chinese-language production deployment documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 10:26:30 +08:00
iven	eb956d0dce	feat: 新增管理后台前端项目及安全加固 ... refactor(saas): 重构认证中间件与限流策略 - 登录限流调整为5次/分钟/IP - 注册限流调整为3次/小时/IP - GET请求不计入限流 fix(saas): 修复调度器时间戳处理 - 使用NOW()替代文本时间戳 - 兼容TEXT和TIMESTAMPTZ列类型 feat(saas): 实现环境变量插值 - 支持${ENV_VAR}语法解析 - 数据库密码支持环境变量注入 chore: 新增前端管理界面 - 基于React+Ant Design Pro - 包含路由守卫/错误边界 - 对接58个API端点 docs: 更新安全加固文档 - 新增密钥管理规范 - 记录P0安全项审计结果 - 补充TLS终止说明 test: 完善配置解析单元测试 - 新增环境变量插值测试用例	2026-03-31 00:11:33 +08:00
iven	9d310e5a3c	docs: 更新 roadmap — S2/S4/S8/F16 标记已完成	2026-03-30 19:56:03 +08:00
iven	e7b2d1c099	docs: 审计后文档同步 — feature-checklist/roadmap/technical-reference 更新 ... - feature-checklist: 新增 Admin V2 章节(12项全通过)，Speech/Twitter 状态提升， Hands 9/11 可用，安全备注更新 - roadmap: 标记 S1/S3 审批/Hand 为已完成，更新 crate 数量(10)， 新增审计/依赖/清理已完成项 - technical-reference: 更新日期至 03-30，crate 数量 10	2026-03-30 18:32:02 +08:00
iven	bc8c77e7fe	fix(security): P0 审计修复 — 6项关键安全/编译问题 ... F1: kernel.rs multi-agent 编译错误 — 重排 spawn_agent 中 A2A 注册顺序， 在 config 被 registry.register() 消费前使用 F2: saas-config.toml 从 git 追踪中移除 — 包含数据库密码已进入版本历史 F3: config.rs 硬编码开发密钥改用 #[cfg(debug_assertions)] 编译时门控 — dev fallback 密钥不再进入 release 构建 F4: 公共认证端点添加 IP 速率限制 (20 RPM) — 防止暴力破解 F5: SSE relay 路由分离出全局 15s TimeoutLayer — 避免长流式响应被截断 F6: Provider API 密钥入库前 AES-256-GCM 加密 — 明文存储修复 附带：完整审计报告 docs/superpowers/specs/2026-03-30-comprehensive-audit-report.md	2026-03-30 13:32:22 +08:00
iven	834aa12076	fix: P0 panic风险修复 + P1编译warnings清零 + P2代码/文档清理 ... P0 安全性: - account/handlers.rs: .unwrap() → .expect() 语义化错误信息 - relay/handlers.rs: SSE Response .unwrap() → .expect() P1 编译质量 (6 warnings → 0): - kernel.rs: 移除未使用的 Capability import 和 config_clone 变量 - pipeline_commands.rs: 未使用变量 id → _id - db.rs: 移除多余括号 - relay/service.rs: 移除未使用的 StreamExt import - telemetry/service.rs: 抑制 param_idx 未读赋值警告 - main.rs: TcpKeepalive::with_retries() Linux-only 条件编译 P2 代码清理: - 移除 handStore/HandsPanel/HandTaskPanel/gateway-api/SchedulerPanel 调试 console.log - SchedulerPanel: 修复 updateWorkflow 未解构导致 TS 编译错误 - 文档清理 zclaw-channels 已移除 crate 的引用	2026-03-30 11:33:47 +08:00
iven	a7d33d0207	feat(admin): Admin V2 — Ant Design Pro 纯 SPA 重写 ... Next.js SSR/hydration 与 SWR fetch-on-mount 存在根本冲突： hydration 卸载组件时 abort 的请求仍占用后端 DB 连接， retry 循环耗尽 PostgreSQL 连接池导致后端完全卡死。 admin-v2 使用 Vite + React + antd 纯 SPA 彻底消除此问题： - 12 页面全部完成（Login, Dashboard, Accounts, Providers, Models, API Keys, Usage, Relay, Config, Prompts, Logs, Agent Templates） - ProTable + ProForm + ProLayout 统一 UI 模式 - TanStack Query + Axios + Zustand 数据层 - JWT 自动刷新 + 401 重试机制 - 全部 18 网络请求 200 OK，零 ERR_ABORTED 同时更新 troubleshooting 第 13 节和 SaaS 平台文档。	2026-03-30 09:35:59 +08:00
iven	5595083b96	feat(skills): SemanticSkillRouter — TF-IDF + Embedding 混合路由 ... 实现 SemanticSkillRouter 核心模块 (zclaw-skills): - Embedder trait + NoOpEmbedder (TF-IDF fallback) - SkillTfidfIndex 全文索引 - retrieve_candidates() Top-K 检索 - route() 置信度阈值路由 (0.85) - cosine_similarity 公共函数 - 单元测试覆盖 Kernel 适配层 (zclaw-kernel): - EmbeddingAdapter: zclaw-growth EmbeddingClient → Embedder 文档同步: - 01-intelligent-routing.md Phase 1+2 标记完成	2026-03-30 00:54:11 +08:00
iven	7de294375b	feat(auth): 添加异步密码哈希和验证函数 ... refactor(relay): 复用HTTP客户端和请求体序列化结果 feat(kernel): 添加获取单个审批记录的方法 fix(store): 改进SaaS连接错误分类和降级处理 docs: 更新审计文档和系统架构文档 refactor(prompt): 优化SQL查询参数化绑定 refactor(migration): 使用静态SQL和COALESCE更新配置项 feat(commands): 添加审批执行状态追踪和事件通知 chore: 更新启动脚本以支持Admin后台 fix(auth-guard): 优化授权状态管理和错误处理 refactor(db): 使用异步密码哈希函数 refactor(totp): 使用异步密码验证函数 style: 清理无用文件和注释 docs: 更新功能全景和审计文档 refactor(service): 优化HTTP客户端重用和请求处理 fix(connection): 改进SaaS不可用时的降级处理 refactor(handlers): 使用异步密码验证函数 chore: 更新依赖和工具链配置	2026-03-29 21:45:29 +08:00
iven	b7ec317d2c	docs: 更新功能文档 — 反映架构重构成果 ... - docs/features/README.md — 技能数 69→70, Hands 11个, 成熟度更新 - 智能层文档成熟度上调 (身份演化 L3, 反思引擎 L3) - 后端集成文档更新 SaaS 迁移系统说明 - 知识库添加架构重构记录	2026-03-29 19:42:37 +08:00
iven	8b9d506893	refactor(saas): 架构重构 + 性能优化 — 借鉴 loco-rs 模式 ... Phase 0: 知识库 - docs/knowledge-base/loco-rs-patterns.md — loco-rs 10 个可借鉴模式研究 Phase 1: 数据层重构 - crates/zclaw-saas/src/models/ — 15 个 FromRow 类型化模型 - Login 3 次查询合并为 1 次 AccountLoginRow 查询 - 所有 service 文件从元组解构迁移到 FromRow 结构体 Phase 2: Worker + Scheduler 系统 - crates/zclaw-saas/src/workers/ — Worker trait + 5 个具体实现 - crates/zclaw-saas/src/scheduler.rs — TOML 声明式调度器 - crates/zclaw-saas/src/tasks/ — CLI 任务系统 Phase 3: 性能修复 - Relay N+1 查询 → 精准 SQL (relay/handlers.rs) - Config RwLock → AtomicU32 无锁 rate limit (state.rs, middleware.rs) - SSE std::sync::Mutex → tokio::sync::Mutex (relay/service.rs) - /auth/refresh 阻塞清理 → Scheduler 定期执行 Phase 4: 多环境配置 - config/saas-{development,production,test}.toml - ZCLAW_ENV 环境选择 + ZCLAW_SAAS_CONFIG 精确覆盖 - scheduler 配置集成到 TOML	2026-03-29 19:21:48 +08:00
iven	5fdf96c3f5	chore: 提交所有工作进度 — SaaS 后端增强、Admin UI、桌面端集成 ... 包含大量 SaaS 平台改进、Admin 管理后台更新、桌面端集成完善、 文档同步、测试文件重构等内容。为 QA 测试准备干净工作树。	2026-03-29 10:46:41 +08:00
iven	452ff45a5f	feat(saas): P2 增强 — TOTP 2FA、Relay 重试、配置同步升级 ... - TOTP 2FA: totp-rs v5.7.1 + data-encoding Base32, setup/verify/disable 流程, 登录时 TOTP 验证集成, SaasError::Totp 返回 400 - Relay 重试: 指数退避 (base_delay_ms * 2^attempt), 错误分类 (4xx 不重试), Admin POST /tasks/:id/retry 端点 - 配置同步: push (客户端覆盖) / merge (SaaS 优先) / diff (只读对比), 实际写入 config_items 表 - 集成测试: 27 个测试全部通过 (新增 6 个 P2 测试) - 文档: 更新 SaaS 平台总览 (模块完成度 + API 端点列表)	2026-03-27 17:58:14 +08:00
iven	80d98b35a5	fix(audit): v5 审计修复 8 项 — 条件编译、安全加固、冗余清理 ... - N1: Whiteboard Export 动作标注 demo=true - N2/N3: Director + A2A 通过 #[cfg(feature)] 条件编译隔离 - N4: viking_adapter 文本匹配降级为 LOW（生产路径走 SqliteStorage） - N5: 移除冗余 compactor_compact_llm Tauri 命令注册 - M3: hand_approve/hand_cancel 添加 hand_id 验证防跨 Hand 审批 - N7: scheduled_task 文档注释标注 PLANNNED - 新增 COMPREHENSIVE_AUDIT_V5.md 独立审计报告 - 更新 DEEP_AUDIT_REPORT.md 追加修复记录（累计 32 项）	2026-03-27 12:33:44 +08:00
iven	b3a31ec48b	docs(saas): 添加 SaaS 后台系统设计规格 ... 涵盖四大核心模块的完整设计: - 账号权限管理 (JWT/Argon2/TOTP/权限模板) - 模型与 API 配置中心 (提供商/模型/密钥/使用量) - 模型请求中转服务 (队列/流式转发/速率限制) - 系统配置迁移分析 (迁移优先级/同步协议) 技术栈: Rust + Axum 后端 + React 管理后台 目标: MVP <100 用户, 独立 SaaS 服务	2026-03-27 12:16:19 +08:00