iven
4e4eefdde1
fix: 深度审计修复 — WASM 安全加固 + A2A 编译路径 + 测试编译
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
CRITICAL:
- zclaw_file_read: 路径遍历修复 — 组件级过滤替代前缀检查
- zclaw_http_fetch: SSRF 防护 — URL scheme 白名单 + 私有IP段阻止
- Phase 4A: 移除 zclaw-protocols a2a feature gate, A2A 始终编译
- 移除 kernel/desktop multi-agent feature (不再控制任何代码)
MEDIUM:
- user_profiler: FactCategory cfg(test) 导入修复 (563 测试全通过)
2026-04-18 09:11:15 +08:00
iven
943afe3b6b
feat(protocols): MCP tool adapter + Tauri commands + initialize bug fix
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
S6 MCP Protocol:
- Fix McpTransport::initialize() — store actual server capabilities instead
of discarding them and storing empty ServerCapabilities::default()
- Add send_notification() method to McpTransport for JSON-RPC notifications
- Send notifications/initialized after MCP handshake (spec requirement)
- Add McpToolAdapter: bridges MCP server tools into the tool execution path
- Add McpServiceManager: lifecycle management for MCP server connections
- Add 4 Tauri commands: mcp_start_service, mcp_stop_service,
mcp_list_services, mcp_call_tool
- Register zclaw-protocols dependency in desktop Cargo.toml
New files:
- crates/zclaw-protocols/src/mcp_tool_adapter.rs (153 lines)
- desktop/src-tauri/src/kernel_commands/mcp.rs (145 lines)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-03 22:07:35 +08:00
iven
80d98b35a5
fix(audit): v5 审计修复 8 项 — 条件编译、安全加固、冗余清理
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
- N1: Whiteboard Export 动作标注 demo=true
- N2/N3: Director + A2A 通过 #[cfg(feature)] 条件编译隔离
- N4: viking_adapter 文本匹配降级为 LOW(生产路径走 SqliteStorage)
- N5: 移除冗余 compactor_compact_llm Tauri 命令注册
- M3: hand_approve/hand_cancel 添加 hand_id 验证防跨 Hand 审批
- N7: scheduled_task 文档注释标注 PLANNNED
- 新增 COMPREHENSIVE_AUDIT_V5.md 独立审计报告
- 更新 DEEP_AUDIT_REPORT.md 追加修复记录(累计 32 项)
2026-03-27 12:33:44 +08:00
iven
5a35243fd2
feat(protocols): implement MCP JSON-RPC transport layer
...
Add complete MCP protocol implementation:
- mcp_types.rs: JSON-RPC types, initialize, tools, resources, prompts
- mcp_transport.rs: Stdio-based transport with split mutexes for stdin/stdout
- McpServerConfig builders for npx/node/python MCP servers
- Full McpClient trait implementation for tools/resources/prompts
- Add McpError variant to ZclawError
Transport supports:
- Starting MCP server processes via Command
- JSON-RPC 2.0 request/response over stdio
- Length-prefixed message framing
- Tool listing and invocation
- Resource listing and reading
- Prompt listing and retrieval
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-24 02:00:10 +08:00
iven
0ab2f7afda
feat(phase4): complete zclaw-skills, zclaw-hands, zclaw-channels, zclaw-protocols 模块实现
2026-03-22 08:57:37 +08:00
