6 Commits

Author	SHA1	Message	Date
iven	a504a40395	fix: 7 项 E2E Bug 修复 — Dashboard 404 / 记忆去重 / 记忆注入 / invoice_id / Prompt 版本 ... P0: - BUG-H1: Dashboard 路由 /api/v1/stats/dashboard → /api/v1/admin/dashboard P1: - BUG-H2: viking_add 预检查 content_hash 去重，返回 "deduped" 状态；SqliteStorage 启动时回填已有条目 content_hash - BUG-M5: saas-relay-client 发送前调用 viking_inject_prompt 注入跨会话记忆 P2: - BUG-M1: PaymentResult 添加 invoice_id 字段，query_payment_status 返回 invoice_id - BUG-M2: UpdatePromptRequest 添加内容字段，更新时自动创建新版本并递增 current_version - BUG-M3: viking_find scope 参数文档化（设计行为，调用方需传 agent scope） - BUG-M4: Dashboard 路由缺失已修复，handler 层 require_admin 已正确返回 403 P3 (确认已修复/非代码问题): - BUG-L1: pain_seed_categories 已统一，无 pain_seeds 残留 - BUG-L2: pipeline_create 参数格式正确，E2E 测试方法问题	2026-04-17 03:31:06 +08:00
iven	7de486bfca	test(saas): Phase 1 integration tests — billing + scheduled_task + knowledge (68 tests) ... - Fix TIMESTAMPTZ decode errors: add ::TEXT cast to all SELECT queries where Row structs use String for TIMESTAMPTZ columns (~22 locations) - Fix Axum 0.7 route params: {id} → :id in billing/knowledge/scheduled_task routes - Fix JSONB bind: scheduled_task INSERT uses ::jsonb cast for input_payload - Add billing_test.rs (14 tests): plans, subscription, usage, payments, invoices - Add scheduled_task_test.rs (12 tests): CRUD, validation, isolation - Add knowledge_test.rs (20 tests): categories, items, versions, search, analytics, permissions - Fix auth test regression: 6 tests were failing due to TIMESTAMPTZ type mismatch Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-07 14:25:34 +08:00
iven	cc26797faf	fix(saas): eliminate 6 compiler warnings + stabilize directive complete ... - Remove unused imports: Utc (billing/service), StatusCode (billing/handlers), Sha256 (billing/handlers) - Fix unused variables: _db (scheduler), _e (payment WeChat error) - Fix visibility: RegisterDeviceRequest pub(super) → pub (used in pub handler) - Update STABILIZATION_DIRECTIVE.md: all 7 criteria met, downgrade to advisory - Fix TRUTH.md §2.2: mark P0/P1 defects as resolved, update Admin pages count to 14 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-03 21:57:04 +08:00
iven	da438ad868	fix(billing): resolve all audit findings — CSRF, float precision, TOCTOU, error sanitization ... - Add CSRF token protection for mock payment (SHA256 + constant-time verify) - Replace f64 currency conversion with pure integer string parsing (parse_yuan_to_cents) - Move subscription check inside transaction to prevent TOCTOU race - Rewrite increment_usage to use atomic SQL (account_id+period_start WHERE) - Add trade_no format validation in payment callback - Sanitize error messages to prevent sensitive data leakage - Use i32::try_from for WeChat amount conversion (prevent truncation) - Replace window.__ZCLAW_STATS_SYNC_INTERVAL__ with useRef pattern - Replace eprintln/println with tracing macros in lifecycle - Remove unused variable in scheduler - Remove duplicate sha2 and unused hmac from Cargo.toml	2026-04-02 20:04:43 +08:00
iven	28299807b6	fix(desktop): DeerFlow UI — ChatArea refactor + ai-elements + dead CSS cleanup ... ChatArea retry button uses setInput instead of direct sendToGateway, fix bootstrap spinner stuck for non-logged-in users, remove dead CSS (aurora-title/sidebar-open/quick-action-chips), add ai components (ReasoningBlock/StreamingText/ChatMode/ModelSelector/TaskProgress), add ClassroomPlayer + ResizableChatLayout + artifact panel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 19:24:44 +08:00
iven	b1e3a27043	feat(saas): add payment integration with Alipay/WeChat mock support ... - payment.rs: create_payment, handle_payment_callback, query_payment_status - Mock pay page for development mode with HTML confirm/cancel flow - Payment callback handler with subscription auto-creation on success - Alipay form-urlencoded and WeChat JSON callback parsing - 7 new routes including callback and mock-pay endpoints Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 00:41:35 +08:00