26 Commits

Author	SHA1	Message	Date
iven	f8c5a76ce6	fix(industry): 审计收尾 — MEDIUM + LOW 全部清零 ... M-1: Industries 创建弹窗添加 cold_start_template + pain_seed_categories M-3: industryStore console.warn → createLogger 结构化日志 B2: classify_with_industries 平局打破 + 归一化因子 3.0 文档化 S3: set_account_industries 验证移入事务内消除 TOCTOU T1: 4 个 SaaS 请求类型添加 deny_unknown_fields I3: store_trigger_experience Debug 格式 → signal_name 描述名 L-1: 删除 Accounts.tsx 死代码 editingIndustries L-3: Industries.tsx filters 类型补全 source 字段	2026-04-12 20:37:48 +08:00
iven	76f6011e0f	fix(industry): 二次审计修复 — 2 CRITICAL + 4 HIGH + 2 MEDIUM ... C-1: Industries.tsx 创建弹窗缺少 id 字段 → 添加 id 输入框 + 自动生成 C-2: Accounts.tsx handleSave 无 try/catch → 包装 + handleClose 统一关闭 V1: viking_commands Mutex 跨 await → 先 clone Arc 再释放 Mutex I1: intelligence_hooks 误导性"相关度" → 移除 access_count 伪分数 I2: pain point 摘要未 XML 转义 → xml_escape() 处理 S1: industry status 无枚举验证 → active/inactive 白名单 S2: create_industry id 无格式验证 → 正则 + 长度检查 H-3: Industries.tsx 编辑模态数据竞争 → data.id === industryId 守卫 H-4: Accounts.tsx useEffect 覆盖用户编辑 → editingId 守卫	2026-04-12 20:13:41 +08:00
iven	fbc8c9fdde	fix(industry): 审计修复 — 4 CRITICAL + 5 HIGH 全部解决 ... C1: SaaS industry/service.rs SQL 注入风险 → 参数化查询 ($N 绑定) C2: INDUSTRY_CONFIGS 死链 → Kernel 共享 Arc 接通 ButlerRouter C3: IndustryListItem 缺 keywords_count → SQL 查询 + 类型补全 C4: set_account_industries 非事务性 → batch 验证 + 事务 DELETE+INSERT H8: Accounts.tsx mutate 竞态 → mutateAsync 顺序等待 H9: XML 注入未转义 → xml_escape() 辅助函数 H10: update_industry 覆盖 source → 保留原始值 H11: 面包屑缺少 /industries → 添加行业配置映射	2026-04-12 19:06:19 +08:00
iven	edf66ab8e6	feat(admin): Phase 4 行业配置管理页面 + 账号行业授权 ... - 新增 Industries.tsx: 行业列表(ProTable) + 编辑弹窗(关键词/prompt/痛点种子) + 新建弹窗 - 新增 services/industries.ts: 行业 API 服务层(list/create/update/fullConfig/accountIndustries) - 增强 Accounts.tsx: 编辑弹窗添加行业授权多选, 自动获取/同步用户行业 - 注册 /industries 路由 + 侧边栏导航(ShopOutlined)	2026-04-12 18:07:52 +08:00
iven	5599cefc41	feat(saas): 接通 embedding 模型管理全栈 ... 数据库 migration 已有 is_embedding/model_type 列但全栈未使用。 打通 4 层: ModelRow → ModelInfo/CRUD → CachedModel → Admin 前端。 relay/models 端点也返回 is_embedding 字段，前端可按类型过滤。	2026-04-12 08:10:50 +08:00
iven	80b7ee8868	fix(admin): P1-04 AuthGuard race condition — always validate cookie before render ... Root cause: loadFromStorage() set isAuthenticated=true from localStorage without validating the HttpOnly cookie. On page refresh with expired cookie, children rendered and made failing API calls before AuthGuard could redirect. Fix: - authStore: isAuthenticated starts false, never trusted from localStorage - AuthGuard: always calls GET /auth/me on mount (unless login flow set it) - Three-state guard (checking/authenticated/unauthenticated) eliminates race	2026-04-10 21:32:14 +08:00
iven	803464b492	test(admin-v2): Phase 2 frontend tests — 61 tests for 5 pages ... - Billing (13 tests): plan cards, prices, limits, usage bars, payment flow - ScheduledTasks (16 tests): CRUD table, schedule/target types, color tags - Knowledge (12 tests): 4 tabs, items/categories/search/analytics panels - Roles (12 tests): roles + permission templates tabs - ConfigSync (8 tests): sync log viewer with action labels Fix: Knowledge.tsx missing </Select> and </Modal> closing tags (JSX parse error) Fix: tests/setup.ts added ResizeObserver mock for ProTable compatibility	2026-04-07 16:06:47 +08:00
iven	2fd6d08899	fix: SaaS Admin + Tauri 一致性审查修复 ... - 删除 webhook 死代码模块 (4 文件 + worker，未注册未挂载) - 删除孤立组件 StatusTag.tsx (从未被导入) - authStore 权限模型补全 (scheduler/knowledge/billing 6+ permission key) - authStore 硬编码 logout URL 改为 env 变量 - 清理未使用 service 方法 (agent-templates/billing/roles) - Logs.tsx 代码重复消除 (本地常量 → @/constants/status) - TRUTH.md 数字校准 (Tauri 177→183, SaaS API 131→130)	2026-04-07 01:53:54 +08:00
iven	d6b1f44119	feat(admin): add ConfigSync page + close ADMIN-01/02 (AUDIT_TRACKER) ... - ADMIN-01 FIXED: ConfigSync.tsx page with ProTable + pagination - config-sync service calling GET /config/sync-logs - route + nav item + breadcrumb - backend @reserved → @connected - ADMIN-02 FALSE_POSITIVE: Logs.tsx + logs service already exist	2026-04-05 01:40:38 +08:00
iven	e90eb5df60	feat: Sprint 3 — benchmark + conversion funnel + invoice PDF ... - 3.1: Add criterion benchmark for zclaw-growth TF-IDF retrieval (indexing throughput, query scoring latency, top-K retrieval) - 3.2: Extend admin-v2 Usage page with recharts funnel chart (registration → trial → paid conversion) and daily trend bar chart - 3.3: Add invoice PDF export via genpdf (Arial font, Windows) with GET /api/v1/billing/invoices/{id}/pdf handler Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-04 14:42:29 +08:00
iven	2ceeeaba3d	fix(production-readiness): 3-batch production readiness cleanup — 12 tasks ... Batch 1 — User-facing fixes: - B1-1: Pipeline verified end-to-end (14 Rust commands, 8 frontend invoke, fully connected) - B1-2: MessageSearch restored to ChatArea with search button in DeerFlow header - B1-3: Viking cleanup — removed 5 orphan invokes (no Rust impl), added addWithMetadata + storeWithSummaries methods + summary generation UI - B1-4: api-fallbacks transparency — added _isFallback markers + console.warn to all 6 fallback functions Batch 2 — System health: - B2-1: Document drift calibration — TRUTH.md/README.md numbers verified and updated - B2-2: @reserved annotations on 15 SaaS handler functions with no frontend callers - B2-3: Scheduled Task Admin V2 — new service + page + route + sidebar navigation - B2-4: TRUTH.md Pipeline/Viking/ScheduledTask records corrected Batch 3 — Long-term quality: - B3-1: hand_run_status/hand_run_list verified as fully implemented (not stubs) - B3-2: Identity snapshot rollback UI added to RightPanel - B3-3: P2 code quality — 4 fixes (TODO comments, fire-and-forget notes, design notes, table name validation), 2 verified N/A, 1 upstream - B3-4: Config PATCH→PUT alignment (admin-v2 config.ts matched to SaaS backend)	2026-04-03 21:34:56 +08:00
iven	305984c982	fix(saas): P2 code quality fixes + config PATCH/PUT alignment ... P2 code quality (SEC2-P2-01~10): - P2-04: Replace vague TODO with detailed Phase 2 design note in generate_embedding.rs - P2-05: Add NOTE(fire-and-forget) annotations to 4 long-running tokio::spawn in main.rs - P2-07: Add DESIGN NOTE to scheduler explaining sequential execution rationale - P2-08: Add compile-time table name whitelist + runtime char validation in db.rs - P2-02: Verified N/A (only zclaw-pipeline uses serde_yaml_bw, no inconsistency) - P2-06: Verified N/A (bind loop correctly matches 6-column placeholders) - P2-03: Remains OPEN (requires upstream sqlx release) Config HTTP method alignment (B3-4): - Fix admin-v2 config.ts: request.patch -> request.put to match backend .put() route - Fix backend handler doc comment: PATCH -> PUT - Add @reserved annotations to 6 config handlers without frontend callers	2026-04-03 21:32:17 +08:00
iven	8898bb399e	docs: audit reports + feature docs + skills + admin-v2 + config sync ... Update audit tracker, roadmap, architecture docs, add admin-v2 Roles page + Billing tests, sync CLAUDE.md, Cargo.toml, docker-compose.yml, add deep-research / frontend-design / chart-visualization skills Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 19:25:00 +08:00
iven	7e4b787d5c	fix(knowledge): deep audit — 18 bugs fixed across backend + frontend ... CRITICAL: - Migration permission seed WHERE name → WHERE id (matched 0 rows, all KB APIs broken) HIGH: - analytics_quality SQL alias + missing comma fix - search() duplicate else block compile error - chunk_content duplicate var declarations + type mismatch - SQL invalid escape sequences - delete_category missing rows_affected check MEDIUM: - analytics_overview hit_rate vs positive_feedback_rate separation - analytics_quality GROUP BY kc.id,kc.name (same-name category merge) - update_category handler trim + empty name validation - update_item duplicate VALID_STATUSES inside transaction - page_size max(1) lower bound in list handlers - batch_create title/content/length validation - embedding dispatch silent error → tracing::warn - Version modal close clears detailItem state - Search empty state distinguishes not-searched vs no-results - Create modal cancel resets form	2026-04-02 19:07:42 +08:00
iven	c8dc654fd4	feat(admin-v2): add billing management page ... - Plan cards with feature comparison and pricing - Usage progress bars with quota visualization - Alipay/WeChat Pay method selection modal - Payment status polling with auto-refresh on success - Navigation + route registration Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 00:48:35 +08:00
iven	becfda3fbf	feat(admin-v2): add Knowledge base management page ... - 4 tabs: Items (CRUD + ProTable), Categories (tree management), Search, Analytics - Knowledge service with full API integration - Nav item + breadcrumb + route registration - Analytics overview with 8 KPI statistics Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 00:34:17 +08:00
iven	e3b93ff96d	fix(security): implement all 15 security fixes from penetration test V1 ... Security audit (2026-03-31): 5 HIGH + 10 MEDIUM issues, all fixed. HIGH: - H1: JWT password_version mechanism (pwv in Claims, middleware verification, auto-increment on password change) - H2: Docker saas port bound to 127.0.0.1 - H3: TOTP encryption key decoupled from JWT secret (production bailout) - H4+H5: Tauri CSP hardened (removed unsafe-inline, restricted connect-src) MEDIUM: - M1: Persistent rate limiting (PostgreSQL rate_limit_events table) - M2: Account lockout (5 failures -> 15min lock) - M3: RFC 5322 email validation with regex - M4: Device registration typed struct with length limits - M5: Provider URL validation on create/update (SSRF prevention) - M6: Legacy TOTP secret migration (fixed nonce -> random nonce) - M7: Legacy frontend crypto migration (static salt -> random salt) - M8+M9: Admin frontend: removed JS token storage, HttpOnly cookie only - M10: Pipeline debug log sanitization (keys only, 100-char truncation) Also: fixed CLAUDE.md Section 12 (was corrupted), added title.rs middleware skeleton, fixed RegisterDeviceRequest visibility.	2026-04-01 08:38:37 +08:00
iven	721451f6a7	feat(admin-v2): wire Accounts table search to API params ... - Add searchParams state connected to useQuery queryKey/queryFn - Enable role and status columns as searchable select dropdowns - Map username search field to backend 'search' param - Add onSubmit/onReset callbacks on ProTable	2026-03-31 16:29:30 +08:00
iven	6cae768401	fix(desktop): session persistence — refresh/login/context/empty-content 4-bug fix ... 1. App.tsx: add restoreSession() call on startup to prevent redirect to login page after refresh (isRestoring guard + BootstrapScreen) 2. CloneManager: call syncAgents() after loadClones() to restore currentAgent and conversation history on app load 3. zclaw-memory: add get_or_create_session() so frontend session UUID is persisted directly — kernel no longer creates mismatched IDs 4. openai.rs: assistant message content must be non-empty for Kimi/Qwen APIs — replace empty content with meaningful placeholders Also includes admin-v2 ModelServices unified page (merge providers + models + API keys into expandable row layout)	2026-03-31 13:38:59 +08:00
iven	ee51d5abcd	feat(admin-v2): add ProTable search, scenarios/quick_commands form, tests, remove quota_reset_interval ... - Enable ProTable search on Accounts (username/email), Models (model_id/alias), Providers (display_name/name) with hideInSearch for non-searchable columns - Add scenarios (Select tags) and quick_commands (Form.List) to AgentTemplates create form, plus service type updates - Remove unused quota_reset_interval from ProviderKey model, key_pool SQL, handlers, and frontend types; add migration + bump schema to v11 - Add Vitest config, test setup, request interceptor tests (7 cases), authStore tests (8 cases) — all 15 passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 11:13:16 +08:00
iven	1d9283f335	fix: P0+P1 security and quality fixes ... P0-1: Token refresh race condition — reject all pending requests on refresh failure P0-2: Remove X-Forwarded-For trust in rate limiting — use only ConnectInfo IP P1-3: Template grid reactive — use useSaaSStore() hook instead of getState() P1-4: Agent Template detail modal — show emoji, personality, soul_content, welcome_message, communication_style, source_id, scenarios, version P1-5: adminRouting parse validation — type-safe llm_routing extraction from localStorage P1-6: Remove unused @ant-design/charts dependency P1-extra: Type addKeyMutation data parameter (replace any) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 09:17:04 +08:00
iven	9fb9c3204c	feat(admin-v2): add LLM routing to accounts, upgrade Key Pool CRUD, extend agent template fields ... - Add llm_routing field (relay/local) to AccountPublic type and Accounts page table + edit modal - Upgrade Providers Key Pool from read-only to full CRUD with add/toggle/delete mutations - Extend AgentTemplate type with soul_content, scenarios, welcome_message, quick_commands, personality, communication_style, emoji, version, source_id fields - Add AgentTemplateAvailable lightweight interface - Add emoji column and extended form fields (emoji, personality, soul_content, welcome_message, communication_style, source_id) to Agent Templates page - Add getFull method to agent-templates service - Fix misplaced useState import in Accounts.tsx	2026-03-31 03:07:40 +08:00
iven	6821df5f44	refactor(admin): 迁移 admin 项目到 admin-v2 并移除旧代码 ... 重构 admin 项目为 admin-v2，移除 Next.js 相关代码，添加 Vite 配置和环境变量 删除所有 UI 组件、工具函数、API 客户端和类型定义 新增 ErrorBoundary 组件处理错误边界 调整代理配置支持 SSE 长连接超时设置	2026-03-31 00:10:42 +08:00
iven	c2aff09811	feat(security): Auth Token HttpOnly Cookie — XSS 安全加固 ... 后端: - axum-extra 启用 cookie feature - login/register/refresh 设置 HttpOnly + Secure + SameSite=Strict cookies - 新增 POST /api/v1/auth/logout 清除 cookies - auth_middleware 支持 cookie 提取路径（fallback from header） - CORS: 添加 allow_credentials(true) + COOKIE header 前端 (admin-v2): - authStore: token 仅存内存，不再写 localStorage（account 保留） - request.ts: 添加 withCredentials: true 发送 cookies - 修复 refresh token rotation bug（之前不更新 stored refreshToken） - logout 调用后端清除 cookie 端点 向后兼容: API 客户端仍可用 Authorization: Bearer header Desktop (Ed25519 设备认证) 完全不受影响	2026-03-30 19:30:42 +08:00
iven	ba2c6a6105	fix(saas): P1 审计修复 — 连接池断路器 + Worker重试 + XSS防护 + 状态机SQL解析器 ... P1 修复内容: - F7: health handler 连接池容量检查 (80%阈值返回503 degraded) - F9: SSE spawned task 并发限制 (Semaphore 16 permits) - F10: Key Pool 单次 JOIN 查询优化 (消除 N+1) - F12: CORS panic → 配置错误 - F14: 连接池使用率计算修正 (ratio = used*100/total) - F15: SQL 迁移解析器替换为状态机 (支持 $$, DO $body$, 存储过程) - Worker 重试机制: 失败任务通过 mpsc channel 重新入队 - DOMPurify XSS 防护 (PipelineResultPreview) - Admin V2: ErrorBoundary + SWR全局配置 + 请求优化	2026-03-30 14:21:39 +08:00
iven	a7d33d0207	feat(admin): Admin V2 — Ant Design Pro 纯 SPA 重写 ... Next.js SSR/hydration 与 SWR fetch-on-mount 存在根本冲突： hydration 卸载组件时 abort 的请求仍占用后端 DB 连接， retry 循环耗尽 PostgreSQL 连接池导致后端完全卡死。 admin-v2 使用 Vite + React + antd 纯 SPA 彻底消除此问题： - 12 页面全部完成（Login, Dashboard, Accounts, Providers, Models, API Keys, Usage, Relay, Config, Prompts, Logs, Agent Templates） - ProTable + ProForm + ProLayout 统一 UI 模式 - TanStack Query + Axios + Zustand 数据层 - JWT 自动刷新 + 401 重试机制 - 全部 18 网络请求 200 OK，零 ERR_ABORTED 同时更新 troubleshooting 第 13 节和 SaaS 平台文档。	2026-03-30 09:35:59 +08:00