Root cause: Playwright external Chromium is not a Tauri runtime, so
isTauriRuntime() returns false. The app needs SaaS session to route
chat through relay, but tests never logged in.
Fix: Auto-detect non-Tauri mode and pre-login via SaaS API, injecting
session into localStorage before tests run.
6 tests each called saasLogin() → 6 login requests in <60s → hit 5/min/IP
rate limit on the 6th test. Now login once per worker, reuse token for all
6 tests. Reduces login API calls from 6 to 1.
Root cause: loadFromStorage() set isAuthenticated=true from localStorage
without validating the HttpOnly cookie. On page refresh with expired cookie,
children rendered and made failing API calls before AuthGuard could redirect.
Fix:
- authStore: isAuthenticated starts false, never trusted from localStorage
- AuthGuard: always calls GET /auth/me on mount (unless login flow set it)
- Three-state guard (checking/authenticated/unauthenticated) eliminates race
P0-2: GET /usage 500 "text >= timestamptz" — usage_records.created_at
is TEXT in actual DB despite migration declaring TIMESTAMPTZ. Fixed by
using dynamic SQL with ::timestamptz explicit casts for all date
comparisons, avoiding sqlx NULL-without-type-OID binding issues.
P0-3: POST /auth/refresh 500 — refresh_tokens.expires_at/used_at are
TEXT columns. Added ::timestamptz cast to SQL queries in auth handlers
and cleanup worker.
- P0-01: Account lockout now enforced via SQL-level comparison
(locked_until > NOW()) instead of broken RFC3339 text parsing
- P1-01: Logout handler accepts JSON body with optional refresh_token,
revokes ALL refresh tokens for the account (not just current)
- P1-03: Provider display_name is now optional, falls back to name
All 6 smoke tests pass (S1-S6).
- Move side panel toggle from floating button to chat header right side
(Trae Solo style) via new PanelToggleButton component
- Add px-6 py-4 padding to message list container
- Add mb-5 gap between messages for readable vertical spacing
- API Key encryption at rest: verify enc: prefix in DB for provider keys
and main provider api_key
- Key pool: toggle active/inactive + delete with DB state verification
- Model Groups: full CRUD lifecycle + cascade delete + user permission
- Quota enforcement: relay_requests exhaustion verified at DB level
(middleware test infra issue noted — DB state confirmed correct)
- Provider disable: model hidden from relay/models list after disable
Fix 6 page test files to match actual component output:
- Login: cookie-based auth login(account), brand text updates
- Config/Logs/Prompts: remove stale description text assertions
- ModelServices: check for actual table buttons instead of title
- Usage: update description text to match PageHeader
All 132 tests pass (17/17 files).
BUG-012: Reposition side panel toggle button (top-[52px]→top-20) to
avoid overlap with header buttons in ResizableChatLayout.
BUG-013: Install @tailwindcss/typography plugin and import in index.css
to enable prose-* Markdown rendering classes in StreamingText.
BUG-007: Rewrite authStore tests to match HttpOnly cookie auth model
(login takes 1 arg, no token/refreshToken in state). Rewrite request
interceptor tests for cookie-based auth. Update bug-tracker status.
BUG-009 (P1): Add frontend DataMasking in saas-relay-client.ts
- Masks ID cards, phones, emails, money, company names before relay
- Unmasks tokens in AI response so user sees original data
- Mirrors Rust DataMasking middleware patterns
BUG-010 (P3): Send button transforms to Stop during streaming
- Shows square icon when isStreaming, calls cancelStream()
- Normal arrow icon when idle, calls handleSend()
BUG-011 (P2): Add ::timestamptz casts for old TEXT timestamp columns
- account/handlers.rs: dashboard stats query
- telemetry/service.rs: reported_at comparisons
- workers/aggregate_usage.rs: usage aggregation query
New bugs from user review:
- BUG-012 (P2): side panel button overlaps with detail button
- BUG-013 (P2): AI response Markdown not rendered, poor formatting
Added detailed section for untestable scenarios:
- 6 scenarios need Tauri local kernel mode
- 4 scenarios need physical environment changes
- 2 scenarios need Admin backend verification
SaaS Relay was sending only the current message without conversation
history, giving LLM no context from previous turns. Root cause:
streamStore passed only `content` string to chatStream(), and
saas-relay-client hard-coded a single-element messages array.
Fix:
- GatewayClient.chatStream() opts: add `history` field
- streamStore: extract last 20 messages as history before calling chatStream
- saas-relay-client: build messages array from history + current message
- saasStore.ts: replace require('./chat/conversationStore') with await import()
to fix ReferenceError in Vite ESM environment (P1)
- main.rs: fix health check pool usage formula from max_connections - num_idle
to pool.size() - num_idle, preventing false "degraded" status (P1)
- error.rs: show detailed error messages in ZCLAW_SAAS_DEV=true mode
- Update bug tracker with BUG-003 through BUG-007
PostgreSQL SUM() on bigint returns NUMERIC, causing sqlx decode errors
when Rust expects i64/Option<i64>. Root cause: key_pool.rs
select_best_key() token_count SUM was missing ::bigint, causing
DATABASE_ERROR on every relay request.
Fixed in 4 files:
- relay/key_pool.rs: SUM(token_count) — root cause of relay failure
- relay/service.rs: SUM(remaining_rpm) in sort_candidates_by_quota
- account/handlers.rs: SUM(input/output_tokens) in dashboard stats
- workers/aggregate_usage.rs: SUM(input/output_tokens) in aggregation
Addresses findings from deep code audit:
H-1: Pass abortController.signal to saasClient.chatCompletion() so
user-cancelled streams actually abort the HTTP connection (was only
stopping the read loop, leaving server-side SSE connection open).
H-2: ModelSelector now shows only when (!isTauriRuntime() || isLoggedIn).
Prevents decorative model list in Tauri local kernel mode where model
selection has no effect (violates CLAUDE.md §5.2).
M-1: Normalize CRLF to LF before SSE event boundary parsing (\n\n).
Prevents buffer overflow when behind nginx/CDN with CRLF line endings.
M-2: SQL window_minute comparison uses to_char(NOW()-interval, format)
instead of (NOW()-interval)::TEXT, matching the stored format exactly.
M-3: sort_candidates_by_quota uses same sliding 60s window as select_best_key.
LOW: Fix misleading invalidate_cache doc comment.
P1: onError callback now sets content to error message instead of empty string.
Previously API errors (404/429) produced empty assistant messages with only
a visual error badge — now the error text is persisted in message content.
P3: Retry button now re-sends the preceding user message via sendToGateway
instead of copying to input. Works for both virtualized and non-virtualized
message lists. Removed unused setInput prop from MessageBubble.
Also hides model selector in Tauri runtime (SaaS token pool routes models).
Root cause: conversationStore hardcoded 'glm-4-flash' as default model,
which may not exist in SaaS admin config, causing 404 on all chat requests.
- conversationStore: default currentModel to empty string (runtime-resolved)
- saasStore: after fetching available models, auto-switch currentModel
to first available if the stored model is not in the list
- SaaS relay getModel() already had fallback to first available model
Model selector was cosmetic-only in desktop mode: chatStream never passes
model param to backend. Hiding prevents user confusion and 404 errors when
selecting models not in SaaS token pool.
Also adds E2E test report covering 168 messages, 4 bugs found (P0 fixed).
Adapt ChatArea for compact/butler mode:
- Add onOpenDetail prop for expanding to full view
- Remove inline export dialog (moved to detail view)
- Replace SquarePen with ClipboardList icon
Add SimpleSidebar component for butler simple mode:
- Two tabs: 对话 / 行业资讯
- Quick suggestion buttons
- Minimal navigation
RightPanel refactoring for dual-mode support:
- Detect simple vs professional mode
- Conditional rendering based on butler mode state
- Add comprehensive pre-release test report (code-level audit)
- Update TRUTH.md: SaaS endpoints 130→140, middleware 12→13
- Update CLAUDE.md stabilization table with correct numbers
- Mark all blocking bugs as resolved in test report
- Add ?mode=rwc to pain.db SQLite URL so it creates the file on first run
- Move useUIModeStore hook before conditional returns in App.tsx to fix
React "Rendered more hooks than during the previous render" error
- Call init_pain_storage() in Tauri .setup() so pain persistence activates on boot
- Integrate useColdStart hook into FirstConversationPrompt for auto-greeting
- Add UI mode toggle section to Settings/General (already had imports)
- Add "简洁" mode switch-back button to TopBar in professional layout
- Update SemanticSkillRouter @reserved annotation to reflect active status
New ButlerRouterMiddleware (priority 80) intercepts user messages,
classifies intent using keyword-based domain detection, and injects
routing context into the system prompt. Supports healthcare, data
report, policy compliance, and meeting coordination domains.
- New: butler_router.rs — keyword classifier + MiddlewareContext injection
- Registered in Kernel::create_middleware_chain() at priority 80
- 9 tests passing (classification + middleware integration)
PainAggregator and SolutionGenerator were in-memory only, losing all
data on restart. Add PainStorage module with SQLite backend (4 tables),
dual-write strategy (hot cache + durable), and startup cache warming.
- New: pain_storage.rs — SQLite CRUD for pain_points, pain_evidence,
proposals, proposal_steps with schema initialization
- Modified: pain_aggregator.rs — global PAIN_STORAGE singleton,
init_pain_storage() for startup, dual-write in merge_or_create/update
- Modified: solution_generator.rs — same dual-write pattern via
global PAIN_STORAGE
- 20 tests passing (10 storage + 10 aggregator)
