92 Commits

Author	SHA1	Message	Date
iven	646d8c21af	fix(butler): wire verification gaps — pain storage init, cold start, UI mode switches ... - Call init_pain_storage() in Tauri .setup() so pain persistence activates on boot - Integrate useColdStart hook into FirstConversationPrompt for auto-greeting - Add UI mode toggle section to Settings/General (already had imports) - Add "简洁" mode switch-back button to TopBar in professional layout - Update SemanticSkillRouter @reserved annotation to reflect active status	2026-04-09 10:38:49 +08:00
iven	a4c89ec6f1	feat(intelligence): persist pain points and proposals to SQLite ... PainAggregator and SolutionGenerator were in-memory only, losing all data on restart. Add PainStorage module with SQLite backend (4 tables), dual-write strategy (hot cache + durable), and startup cache warming. - New: pain_storage.rs — SQLite CRUD for pain_points, pain_evidence, proposals, proposal_steps with schema initialization - Modified: pain_aggregator.rs — global PAIN_STORAGE singleton, init_pain_storage() for startup, dual-write in merge_or_create/update - Modified: solution_generator.rs — same dual-write pattern via global PAIN_STORAGE - 20 tests passing (10 storage + 10 aggregator)	2026-04-09 09:15:15 +08:00
iven	2247edc362	chore: add @reserved annotations to 5 butler Tauri commands ... These pain_aggregator functions have no frontend UI yet.	2026-04-09 08:54:53 +08:00
iven	adcce0d70c	fix: 4 pre-release bug fixes — identity override, model config, agent sync, auto-identity ... P1: identity.rs get_identity() returns empty soul/instructions for agents without explicit identity files. This prevents the default ZCLAW personality from overriding agent_config.system_prompt. New get_identity_or_default() method added for the DEFAULT agent. P2: messaging.rs now uses agent_config.model.model when available, falling back to global Kernel config. This allows per-agent model selection. P2: agentStore.ts loadClones retries up to 3 times (300ms interval) when getClient() returns null, handling the coordinator initialization race. P2: agent_create Tauri command auto-populates identity files (soul + instructions) from creation parameters, ensuring build_system_prompt() has content for new agents. Also fixes conversationStore upsertActiveConversation to persist generated conversation IDs, preventing duplicate entries on new conversations.	2026-04-08 21:47:46 +08:00
iven	ade534d1ce	feat: 添加MCP调试插件并优化流式超时处理 ... refactor(relay): 将Provider Key管理路由移至model_config模块 fix(saas): 修复demo_keys与provider_keys的匹配逻辑 perf(runtime): 将流式响应超时从60秒延长至180秒以适配思考型模型 docs: 新增模块化审计和上线前功能测试方案文档 chore: 添加tauri-plugin-mcp依赖及相关配置	2026-04-08 13:39:06 +08:00
iven	a5b887051d	fix: butler audit critical fixes — pain detection, proposal trigger, URI + data flow ... 5 fixes from focused audit: - Connect analyze_for_pain_signals() to post_conversation_hook (pain points now auto-created) - Add "generate solution" button in InsightsSection for high-confidence pain points (>=0.7) - Fix Memory URI mismatch: viking://agents/ → viking://agent/ (singular) - Remove duplicate .then() chain in useButlerInsights (was destructuring undefined) - Update stale director.rs doc comment (multi-agent now enabled by default)	2026-04-07 10:23:54 +08:00
iven	58703492e1	fix(intelligence): code review fixes — TODO annotations for data durability ... - Add TODO to PainAggregator documenting in-memory-only data limitation - Remove unused `use serde::Serialize` import from a2a.rs (already clean) - ProposalsSection: trigger refresh on error instead of silent catch - useButlerInsights: collect all errors instead of overwriting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-07 09:56:26 +08:00
iven	2e5f63be32	docs: reorganize docs — archive outdated, create brainstorming folder ... - Create docs/brainstorming/ with 5 discussion records (Mar 16 - Apr 7) - Archive ~30 outdated audit reports (V5-V11) to docs/archive/old-audits/ - Archive superseded analysis docs to docs/archive/old-analysis/ - Archive completed session plans to docs/archive/old-plans/ - Archive old test reports/validations to respective archive folders - Remove empty directories left after moves - Keep current docs: TRUTH.md, feature docs, deployment, knowledge-base, superpowers	2026-04-07 09:54:30 +08:00
iven	af20487b8d	feat(intelligence): add personality detector — auto-adjust from conversation signals ... - PersonalityConfig with 4 dimensions: tone, proactiveness, formality, humor - Signal detection from Chinese user messages (e.g. "说简单点" → Simple tone) - apply_personality_adjustments() returns new immutable config - build_personality_prompt() injects personality into system prompts - Integrated into post_conversation_hook for automatic detection - In-memory persistence via OnceLock (VikingStorage integration TODO) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-07 09:36:12 +08:00
iven	e1f3a9719e	feat(multi-agent): enable Director + butler delegation (Chunk 4) ... - Enable multi-agent feature by default in desktop build - Add butler delegation logic: task decomposition, expert assignment - Add ExpertTask, DelegationResult, butler_delegate() to Director - Add butler_delegate_task Tauri command bridging Director to frontend - 13 Director tests passing (6 original + 7 new butler tests) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-07 09:21:49 +08:00
iven	c7ffba196a	feat(intelligence): add PainAggregator + SolutionGenerator (Chunk 2) ... PainAggregator: cross-session pain point merge with confidence scoring, rule-based frustration detection, and category classification. SolutionGenerator: transforms high-confidence pain points into proposals with concrete steps, skill hints, and lifecycle management. 5 Tauri commands registered: butler_list_pain_points, butler_record_pain_point, butler_generate_solution, butler_list_proposals, butler_update_proposal_status.	2026-04-07 09:06:05 +08:00
iven	0e1b29da06	test(reflection): add full reflection cycle e2e tests ... Task 1.2 verification: Reflection chain confirmed working. - 6 Tauri commands registered ✅ - Frontend streamStore triggers after each conversation ✅ - Rust intelligence_hooks also triggers ✅ - LLM analysis with rules-based fallback ✅ - VikingStorage persistence (state/result/history) ✅ 2 new tests: test_reflection_cycle_full, test_reflection_generates_identity_proposals All 4 reflection tests pass.	2026-04-07 03:05:40 +08:00
iven	02c69bb3cf	fix: subagent unique ID matching + AgentState serialization + pre-existing TS errors ... - S-3: Thread task_id (UUID) through all 6 layers (LoopEvent → StreamChatEvent → kernel-types → gateway-client → streamStore) so subtasks are matched by ID, not description string - AgentState: Add #[serde(rename_all = "lowercase")] to fix PascalCase serialization ("Running" → "running"), update frontend matcher - S-1: Remove unused onClose prop from ArtifactPanel + ChatArea call site - Fix hooks/index.ts: remove orphaned useAutomationEvents re-exports (module deleted) - Fix types/index.ts: remove orphaned automation type/value re-exports (module deleted) - Fix ChatArea.tsx: framer-motion 12 + React 19 type compat — use createElement + explicit any return type to avoid unknown-in-JSX-child error Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-06 22:30:16 +08:00
iven	bbbcd7725b	fix: deep audit round 2 — non-streaming mode config + ClarificationCard + settings restructure ... HIGH fixes: - H-NS-1: Non-streaming agent_chat now builds ChatModeConfig and calls send_message_with_chat_mode(), matching the streaming path - H-FE-1: ClarificationCard component renders structured clarification questions with type badge, question text, and numbered options - H-SEM-1: SemanticSkillRouter annotated as @reserved (Phase 3 wiring) MEDIUM fixes: - M-SETTINGS-1: Settings menu restructured with "高级" section separator; skills/audit/tasks/heartbeat/semantic-memory grouped under advanced - M-MAN-1: LoopEvent→StreamChatEvent mapping completeness checklist added as documentation comment in agent_chat_stream loop - M-ORPH-1: Deleted orphaned Automation/ and SkillMarket/ files, plus transitively orphaned types, hooks, and adapters	2026-04-06 18:12:35 +08:00
iven	9871c254be	feat: sub-agent streaming progress — TaskTool emits real-time status events ... - Rust: LoopEvent::SubtaskStatus variant added to loop_runner.rs - Rust: ToolContext.event_sender field for streaming tool progress - Rust: TaskTool emits started/running/completed/failed via event_sender - Rust: StreamChatEvent::SubtaskStatus mapped in Tauri chat command - TS: StreamEventSubtaskStatus type + onSubtaskStatus callback added - TS: kernel-chat.ts handles subtaskStatus event from Tauri - TS: streamStore.ts wires callback, maps backend→frontend status, updates assistant message subtasks array in real-time	2026-04-06 13:05:37 +08:00
iven	cb140b5151	feat: DeerFlow 2.0 core capabilities — Phase 1.0 + 1.1 ... Phase 1.0 — Butler Mode UI: - Hide "自动化" and "技能市场" entries from sidebar navigation - Remove AutomationPanel and SkillMarket view rendering from App.tsx - Simplify MainViewType to only 'chat' - Main interface is now: chat + conversation list + detail panel only Phase 1.1 — Mode Differentiation: - Add subagent_enabled field to ChatModeConfig (Rust), StreamChatRequest (Tauri), gateway-client, kernel-client, saas-relay-client, and streamStore - TaskTool is now only registered when subagent_enabled=true (Ultra mode) - System prompt includes sub-agent delegation instructions only in Ultra mode - Frontend transmits subagent_enabled from ChatMode config through the full stack This connects the 4-tier mode selector (Flash/Thinking/Pro/Ultra) to actual backend behavioral differences — Ultra mode now truly enables sub-agent delegation.	2026-04-06 12:46:43 +08:00
iven	9c346ed6fb	fix(P2-10): is_placeholder now reflects actual LLM driver availability ... Previously hardcoded to false in Tauri bridge. Now checks whether kernel provided a driver before building classroom, correctly flagging placeholder content when LLM is unavailable. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-06 12:31:44 +08:00
iven	26a833d1c8	fix: resolve 17 P2 defects and 5 P3 defects from pre-launch audit ... Batch fix covering multiple modules: - P2-01: HandRegistry Semaphore-based max_concurrent enforcement - P2-03: Populate toolCount/metricCount from Hand trait methods - P2-06: heartbeat_update_config minimum interval validation - P2-07: ReflectionResult used_fallback marker for rule-based fallback - P2-08/09: identity_propose_change parameter naming consistency - P2-10: ClassroomMetadata is_placeholder flag for LLM failure - P2-11: classroomStore userDidCloseDuringGeneration intent tracking - P2-12: workflowStore pipeline_create sends actionType - P2-13/14: PipelineInfo step_count + PipelineStepInfo for proper step mapping - P2-15: Pipe transform support in context.resolve (8 transforms) - P2-16: Mustache {{...}} → \${...} auto-normalization - P2-17: SaaSLogin password placeholder 6→8 - P2-19: serialize_skill_md + update_skill preserve tools field - P2-22: ToolOutputGuard sensitive patterns from warn→block - P2-23: Mutex::unwrap() → unwrap_or_else in relay/service.rs - P3-01/03/07/08/09: Various P3 fixes - DEFECT_LIST.md: comprehensive status sync (43/51 fixed, 8 remaining) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-06 00:49:16 +08:00
iven	bcaab50c56	fix(desktop): resolve all remaining P1 defects (P1-02/05/06, P1-01 experimental) ... - P1-02: Heartbeat auto-initialized in kernel_init for default agent - P1-05: CloneManager shows warning when deleting active agent + auto-switch - P1-06: AgentInfo returns soul/system_prompt/temperature/max_tokens - P1-01: Browser Hand marked experimental (requires Fantoccini bridge) - Updated DEFECT_LIST.md: all P1 resolved (0 active) - Updated RELEASE_READINESS.md: all P1 sections reflect current status	2026-04-05 21:21:33 +08:00
iven	90855dc83e	fix(desktop): resolve 2 release-blocking P1 defects ... P1-04: GenerationPipeline hardcoded model="default" causing classroom generation 404. Added model field to GenerationPipeline struct, passed from kernel config via with_driver(driver, model). Static scene generation now receives model parameter. P1-03: LLM API concurrent 500 DATABASE_ERROR. Added transient DB error retry (PoolTimedOut/Io) in create_relay_task with 200ms backoff. Recommend setting ZCLAW_DB_MIN_CONNECTIONS=10 for burst resilience.	2026-04-05 19:18:41 +08:00
iven	9ee89ff67c	fix(desktop): 功能验证 6 项缺陷修复 ... - ISS-002: SkillInfoResponse 增加 source/path 字段，修复技能系统显示 0 个 - ISS-003: Sidebar 添加自动化/技能市场导航入口 + App 返回按钮 - ISS-004: SaaS fetchAvailableModels 添加 .catch() 防限流崩溃 - ISS-006: SaaSSettings/PricingPage 包裹 ErrorBoundary 防白屏 - ISS-008: listModels 加载 localStorage 自定义模型，修复仅显示 1 个模型 - configStore listSkills 映射添加 source/path 转发	2026-04-05 16:12:06 +08:00
iven	fb0b8d2af3	fix(tauri): @reserved annotations for 16 unconnected commands ... Complete Tauri command audit: 177 total (160 @connected + 16 @reserved + 1 unregistered identity_init) Corrected zclaw_doctor from @connected to @reserved	2026-04-05 01:06:58 +08:00
iven	f846f3d632	fix(tauri): update @reserved annotations + remove dead SaaS client methods ... - Update 9 @reserved → @connected for commands with frontend consumers: zclaw_status, zclaw_start, zclaw_stop, zclaw_restart, zclaw_doctor, viking_add_with_metadata, viking_store_with_summaries, trigger_execute, scheduled_task_create - Remove 10 dead SaaS client methods with zero callers: healthCheck, listDevices (saas-client.ts) getRelayTask, getUsage/relay (saas-relay.ts) listPrompts, getPrompt, listPromptVersions, getPromptVersion (saas-prompt.ts) getPlan, getUsage/billing (saas-billing.ts) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-05 00:22:45 +08:00
iven	ac24d15bab	fix(tauri): add @reserved annotations to 3 unconnected commands ... - classroom_chat_history: @reserved (no frontend consumer) - orchestration_execute: @reserved (no frontend consumer) - orchestration_validate: @reserved (no frontend consumer) Update AUDIT_TRACKER: V11-P2-05 verified (89 connected / 18 @reserved) DEAD-05 re-evaluated: 12 truly dead methods (not 39), documented in tracker	2026-04-05 00:04:20 +08:00
iven	1fec8cfbc1	fix(arch): unify TS/Rust types + classroom persistence registration + approval audit ... - M11-03: Register ClassroomPersistence via Tauri .setup() hook with in-memory fallback. Previously missing — classroom commands would crash at runtime. - M3-02: Document BrowserHand as schema validator + TypeScript delegation passthrough (dual-path architecture explicitly documented). - M4-04: Add defense-in-depth audit logging in execute_hand() and execute_hand_with_source() when needs_approval hands bypass approval gate. - TYPE-01: Add #[serde(rename_all = "camelCase")] to Rust AgentInfo. Add missing fields to TS AgentInfo (messageCount, createdAt, updatedAt). Fix KernelStatus TS interface to match Rust KernelStatusResponse (baseUrl/model instead of defaultProvider/defaultModel). - SEC2-P1-01: Document EXTRACTION_DRIVER OnceCell as legacy path; Kernel struct field is the active path. - TriggerSource: Add #[derive(PartialEq)] for approval audit comparisons.	2026-04-04 21:09:02 +08:00
iven	88172aa651	feat(classroom): add SQLite persistence + security hardening ... M11-03: Classroom data persistence - New persist.rs: SQLite-backed ClassroomPersistence with open/load_all/save - Schema: classrooms (JSON blob) + classroom_chats tables - generate.rs: auto-persist classroom after generation - chat.rs: auto-persist chat messages after each exchange - mod.rs: init_persistence() for app setup integration M1-01: Gemini API key now uses x-goog-api-key header - No longer leaks API key in URL query params or debug logs M1-03/04: Mutex unwrap() replaced with unwrap_or_else(|e| e.into_inner()) - MemoryMiddleware and LoopGuardMiddleware recover from poison M2-08: Agent creation input validation - Reject empty names, out-of-range temperature (0-2), zero max_tokens M11-06: Classroom chat message ID uses crypto.randomUUID()	2026-04-04 19:26:59 +08:00
iven	619bad30cb	fix(security): Gemini API key header + Mutex safety + Agent validation ... M1-01: Move Gemini API key from URL query param to x-goog-api-key header, preventing key leakage in logs/proxy/telemetry (matches Anthropic/OpenAI pattern) M1-03/M1-04: Replace Mutex .unwrap() with .unwrap_or_else(|e| e.into_inner()) in MemoryMiddleware and LoopGuardMiddleware — recovers from poison instead of panicking async runtime M2-08: Add input validation to agent_create — reject empty names, out-of-range temperature (0-2), and zero max_tokens M11-06: Replace Date.now() message ID with crypto.randomUUID() to prevent collisions in classroom chat	2026-04-04 19:15:50 +08:00
iven	985644dd9a	fix(memory): FTS5 full-text search + browser hand autonomy gate ... M4-05: Replace LIKE-only search with FTS5-first strategy: - Add memories_fts virtual table (unicode61 tokenizer) - FTS5 MATCH primary path with CJK LIKE fallback - Sync FTS index on store() M3-03: Add autonomy approval check to browserHandStore: - executeTemplate: check canAutoExecute before running - executeScript: check approval gate for JS execution	2026-04-04 18:52:02 +08:00
iven	59f660b93b	fix(hands): add max_concurrent + timeout_secs fields + hand timeout enforcement ... M3-04/M3-05 audit fixes: - HandConfig: add max_concurrent (u32) and timeout_secs (u64) with serde defaults - Kernel execute_hand: enforce timeout via tokio::time::timeout, cancel on expiry - All 9 hand implementations: add max_concurrent: 0, timeout_secs: 0 - Agent createClone: pass soul field through to kernel - Fix duplicate soul block in agent_create command	2026-04-04 18:41:15 +08:00
iven	6d1f2d108a	fix(audit): P1 心跳自启动 + refreshToken body + 类型修复 ... 审计修复 Batch 2 (M4-03/M7-04/M11-01): M4-03: 心跳引擎自动启动 - chat.rs auto-init 块: engine 创建后立即 start() - 通过 engines.get() 获取引用避免 move 后使用 M7-04: refreshToken 发送 body 修复 - SaaSClient 新增 refreshTokenValue 存储 refresh_token - refreshToken() 发送 { refresh_token } body - SaaSRefreshResponse 新增 refresh_token 字段 - login/register 自动存储 refresh_token - 添加 getRefreshToken/setRefreshToken 访问器 M11-01: blocking_lock 死锁修复 (已存在) - 确认 try_lock + Result 匹配模式已正确	2026-04-04 18:26:10 +08:00
iven	05762261be	fix(audit): P0 反思引擎 LLM 接入 + P1 hand run_id/skill triggers/pipeline v2 ... 审计修复 Batch 1 (M4-02/M3-01/M5-01/M6-02): P0 M4-02: reflection_reflect 从 KernelState 获取 LLM driver - 新增 kernel_state 参数，从 kernel.driver() 获取驱动 - 自动路径(post_conversation_hook)已正常，手动 Tauri 命令路径已修复 P1 M3-01: hand_execute 返回 run_id 给前端 - HandResult 新增 run_id 字段 - execute_hand 结果包含 run_id.to_string() P1 M5-01: skill-discovery 使用后端 triggers 字段 - BackendSkillInfo 新增 triggers 字段 - convertFromBackend 优先使用 triggers，fallback tags P1 M6-02: pipeline_list 支持 v2 YAML 格式 - scan_pipelines_with_paths 增加 v2 fallback 解析 - 新增 pipeline_v2_to_info 转换函数 - discovery.rs 导入 parse_pipeline_v2_yaml 注: M4-01 双数据库问题已在之前批次修复 M6-01 route_intent 已确认注册，审计结论过时	2026-04-04 18:11:21 +08:00
iven	f4ed1b33e0	feat(kernel): add multi-skill orchestration bridge + true parallel execution ... - Kernel orchestration bridge: execute_orchestration, auto_compose_skills, validate_orchestration methods on Kernel struct - True parallel execution: replace sequential for-loop with tokio::JoinSet for concurrent node execution within parallel groups - Tauri commands: orchestration_execute (auto-compose or pre-defined graph), orchestration_validate (dry-run validation) - Full type conversions: OrchestrationRequest/Response with camelCase serde Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-04 09:18:26 +08:00
iven	1c99e5f3a3	fix(browser): stability enhancements + MCP frontend client ... S7 Browser Hand: - Remove dead code: browser/actions.rs (314 lines of unused BrowserAction/ActionResult types) - Fix browser_scrape_page: log failed selector matches instead of silently swallowing errors - Fix element_to_info: document known limitation for always-None location/size fields - Fix browserHandStore: reuse activeSessionId in executeScript/takeScreenshot/executeTemplate instead of creating orphan Browser sessions - Add Browser.connect(sessionId) method for session reuse MCP Frontend: - Add desktop/src/lib/mcp-client.ts (77 lines) — typed client for MCP Tauri commands (startMcpService, stopMcpService, listMcpServices, callMcpTool) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-03 22:16:12 +08:00
iven	943afe3b6b	feat(protocols): MCP tool adapter + Tauri commands + initialize bug fix ... S6 MCP Protocol: - Fix McpTransport::initialize() — store actual server capabilities instead of discarding them and storing empty ServerCapabilities::default() - Add send_notification() method to McpTransport for JSON-RPC notifications - Send notifications/initialized after MCP handshake (spec requirement) - Add McpToolAdapter: bridges MCP server tools into the tool execution path - Add McpServiceManager: lifecycle management for MCP server connections - Add 4 Tauri commands: mcp_start_service, mcp_stop_service, mcp_list_services, mcp_call_tool - Register zclaw-protocols dependency in desktop Cargo.toml New files: - crates/zclaw-protocols/src/mcp_tool_adapter.rs (153 lines) - desktop/src-tauri/src/kernel_commands/mcp.rs (145 lines) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-03 22:07:35 +08:00
iven	65b73c547f	fix(desktop): resolve Tauri state panic on startup ... SessionStreamGuard and StreamCancelFlags were type aliases to the same Arc<DashMap<String, Arc<AtomicBool>>> type. Tauri distinguishes managed state by Rust type, so registering both caused a runtime panic: "state for type ... is already being managed". Changed to newtype structs with Deref impl to the inner Arc<DashMap>, keeping all call sites compatible without changes.	2026-04-03 12:29:10 +08:00
iven	15d578c5bc	fix(tauri): replace silent let _ = with structured logging across 20 modules ... Replace error-swallowing let _ = patterns with tracing::warn! in browser, classroom, gateway, intelligence, memory, pipeline, secure_storage, and viking command handlers. Ensures errors are observable in production logs.	2026-04-03 00:28:39 +08:00
iven	0a04b260a4	refactor(desktop): ChatStore structured split + IDB persistence + stream cancel ... Split monolithic chatStore.ts (908 lines) into 4 focused stores: - chatStore.ts: facade layer, owns messages[], backward-compatible selectors - conversationStore.ts: conversation CRUD, agent switching, IndexedDB persistence - streamStore.ts: streaming orchestration, chat mode, suggestions - messageStore.ts: token tracking Key fixes from 3-round deep audit: - C1: Fix Rust serde camelCase vs TS snake_case mismatch (toolStart/toolEnd/iterationStart) - C2: Fix IDB async rehydration race with persist.hasHydrated() subscribe - C3: Add sessionKey to partialize to survive page refresh - H3: Fix IDB migration retry on failure (don't set migrated=true in catch) - M3: Fix ToolCallStep deduplication (toolStart creates, toolEnd updates) - M-NEW-2: Clear sessionKey on cancelStream Also adds: - Rust backend stream cancellation via AtomicBool + cancel_stream command - IndexedDB storage adapter with one-time localStorage migration - HMR cleanup for cross-store subscriptions	2026-04-03 00:24:16 +08:00
iven	da438ad868	fix(billing): resolve all audit findings — CSRF, float precision, TOCTOU, error sanitization ... - Add CSRF token protection for mock payment (SHA256 + constant-time verify) - Replace f64 currency conversion with pure integer string parsing (parse_yuan_to_cents) - Move subscription check inside transaction to prevent TOCTOU race - Rewrite increment_usage to use atomic SQL (account_id+period_start WHERE) - Add trade_no format validation in payment callback - Sanitize error messages to prevent sensitive data leakage - Use i32::try_from for WeChat amount conversion (prevent truncation) - Replace window.__ZCLAW_STATS_SYNC_INTERVAL__ with useRef pattern - Replace eprintln/println with tracing macros in lifecycle - Remove unused variable in scheduler - Remove duplicate sha2 and unused hmac from Cargo.toml	2026-04-02 20:04:43 +08:00
iven	28299807b6	fix(desktop): DeerFlow UI — ChatArea refactor + ai-elements + dead CSS cleanup ... ChatArea retry button uses setInput instead of direct sendToGateway, fix bootstrap spinner stuck for non-logged-in users, remove dead CSS (aurora-title/sidebar-open/quick-action-chips), add ai components (ReasoningBlock/StreamingText/ChatMode/ModelSelector/TaskProgress), add ClassroomPlayer + ResizableChatLayout + artifact panel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 19:24:44 +08:00
iven	73ff5e8c5e	feat(desktop): DeerFlow visual redesign + stream hang fix + intelligence client ... DeerFlow frontend visual overhaul: - Card-style input box (white rounded card, textarea top, actions bottom) - Dropdown mode selector (闪速/思考/Pro/Ultra with icons+descriptions) - Colored quick-action chips (小惊喜/写作/研究/收集/学习) - Minimal top bar (title + token count + export) - Warm gray color system (#faf9f6 bg, #f5f4f1 sidebar, #e8e6e1 border) - DeerFlow-style sidebar (新对话/对话/智能体 nav) - Reasoning block, tool call chain, task progress visualization - Streaming text, model selector, suggestion chips components - Resizable artifact panel with drag handle - Virtualized message list for 100+ messages Bug fixes: - Stream hang: GatewayClient onclose code 1000 now calls onComplete - WebView2 textarea border: CSS !important override for UA styles - Gateway stream event handling (response/phase/tool_call types) Intelligence client: - Unified client with fallback drivers (compactor/heartbeat/identity/memory/reflection) - Gateway API types and type conversions	2026-04-01 22:03:07 +08:00
iven	e3b93ff96d	fix(security): implement all 15 security fixes from penetration test V1 ... Security audit (2026-03-31): 5 HIGH + 10 MEDIUM issues, all fixed. HIGH: - H1: JWT password_version mechanism (pwv in Claims, middleware verification, auto-increment on password change) - H2: Docker saas port bound to 127.0.0.1 - H3: TOTP encryption key decoupled from JWT secret (production bailout) - H4+H5: Tauri CSP hardened (removed unsafe-inline, restricted connect-src) MEDIUM: - M1: Persistent rate limiting (PostgreSQL rate_limit_events table) - M2: Account lockout (5 failures -> 15min lock) - M3: RFC 5322 email validation with regex - M4: Device registration typed struct with length limits - M5: Provider URL validation on create/update (SSRF prevention) - M6: Legacy TOTP secret migration (fixed nonce -> random nonce) - M7: Legacy frontend crypto migration (static salt -> random salt) - M8+M9: Admin frontend: removed JS token storage, HttpOnly cookie only - M10: Pipeline debug log sanitization (keys only, 100-char truncation) Also: fixed CLAUDE.md Section 12 (was corrupted), added title.rs middleware skeleton, fixed RegisterDeviceRequest visibility.	2026-04-01 08:38:37 +08:00
iven	f79560a911	refactor(desktop): split kernel_commands/pipeline_commands into modules, add SaaS client libs and gateway modules ... Split monolithic kernel_commands.rs (2185 lines) and pipeline_commands.rs (1391 lines) into focused sub-modules under kernel_commands/ and pipeline_commands/ directories. Add gateway module (commands, config, io, runtime), health_check, and 15 new TypeScript client libraries for SaaS relay, auth, admin, telemetry, and kernel sub-systems (a2a, agent, chat, hands, skills, triggers). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 11:12:47 +08:00
iven	eb956d0dce	feat: 新增管理后台前端项目及安全加固 ... refactor(saas): 重构认证中间件与限流策略 - 登录限流调整为5次/分钟/IP - 注册限流调整为3次/小时/IP - GET请求不计入限流 fix(saas): 修复调度器时间戳处理 - 使用NOW()替代文本时间戳 - 兼容TEXT和TIMESTAMPTZ列类型 feat(saas): 实现环境变量插值 - 支持${ENV_VAR}语法解析 - 数据库密码支持环境变量注入 chore: 新增前端管理界面 - 基于React+Ant Design Pro - 包含路由守卫/错误边界 - 对接58个API端点 docs: 更新安全加固文档 - 新增密钥管理规范 - 记录P0安全项审计结果 - 补充TLS终止说明 test: 完善配置解析单元测试 - 新增环境变量插值测试用例	2026-03-31 00:11:33 +08:00
iven	a0bbd4ba82	feat(scheduler): 定时任务后端持久化 + Pipeline trigger 编译修复 ... S4/S8 定时任务后端: - 新增 scheduled_tasks 表 (migration v7) - 新增 scheduled_task CRUD 模块 (handlers/service/types) - 注册 /api/scheduler/tasks 路由 (GET/POST/PATCH/DELETE) - 新增 start_user_task_scheduler() 30秒轮询循环 - 支持 cron/interval/once 三种调度类型 - once 类型执行后自动禁用 修复: - pipeline_commands.rs: 修复 pipeline.trigger 字段不存在的编译错误 (Pipeline 结构体无 trigger 字段，改用 metadata.tags/description)	2026-03-30 19:46:45 +08:00
iven	834aa12076	fix: P0 panic风险修复 + P1编译warnings清零 + P2代码/文档清理 ... P0 安全性: - account/handlers.rs: .unwrap() → .expect() 语义化错误信息 - relay/handlers.rs: SSE Response .unwrap() → .expect() P1 编译质量 (6 warnings → 0): - kernel.rs: 移除未使用的 Capability import 和 config_clone 变量 - pipeline_commands.rs: 未使用变量 id → _id - db.rs: 移除多余括号 - relay/service.rs: 移除未使用的 StreamExt import - telemetry/service.rs: 抑制 param_idx 未读赋值警告 - main.rs: TcpKeepalive::with_retries() Linux-only 条件编译 P2 代码清理: - 移除 handStore/HandsPanel/HandTaskPanel/gateway-api/SchedulerPanel 调试 console.log - SchedulerPanel: 修复 updateWorkflow 未解构导致 TS 编译错误 - 文档清理 zclaw-channels 已移除 crate 的引用	2026-03-30 11:33:47 +08:00
iven	813b49a986	feat: P0 KernelClient功能修复 + P1/P2/P3质量改进 ... P0 KernelClient 功能断裂修复: - Skill CUD: registry.rs create/update/delete + serialize_skill_md + kernel proxy - Workflow CUD: pipeline_commands.rs create/update/delete + serde_yaml依赖 - Agent更新: registry update方法 + AgentConfigUpdated事件 + agent_update命令 - Hand流式事件: HandStart/HandEnd变体替换ToolStart/ToolEnd - 后端验证: hand_get/hand_run_status/hand_run_list确认实现完整 - Approval闭环: respond_to_approval后台spawn+5分钟超时轮询 P2/P3 质量改进: - Browser WebDriver: TCP探测ChromeDriver/GeckoDriver/Edge端口替换硬编码true - api-fallbacks: 移除假技能和16个捏造安全层，替换为真实能力映射 - dead_code清理: 移除5个模块级#![allow(dead_code)]，删除3个真正死方法， 删除未注册的compactor_compact_llm命令，warnings从8降到3 - 所有变更通过cargo check + tsc --noEmit验证	2026-03-30 10:55:08 +08:00
iven	13c0b18bbc	feat: Batch 5-9 — GrowthIntegration桥接、验证补全、死代码清理、Pipeline模板、Speech/Twitter真实实现 ... Batch 5 (P0): GrowthIntegration 接入 Tauri - Kernel 新增 set_viking()/set_extraction_driver() 桥接 SqliteStorage - 中间件链共享存储，MemoryExtractor 接入 LLM 驱动 Batch 6 (P1): 输入验证 + Heartbeat - Relay 验证补全（stream 兼容检查、API key 格式校验） - UUID 类型校验、SessionId 错误返回 - Heartbeat 默认开启 + 首次聊天自动初始化 Batch 7 (P2): 死代码清理 - zclaw-channels 整体移除（317 行） - multi-agent 特性门控、admin 方法标注 Batch 8 (P2): Pipeline 模板 - PipelineMetadata 新增 annotations 字段 - pipeline_templates 命令 + 2 个示例模板 - fallback driver base_url 修复（doubao/qwen/deepseek 端点） Batch 9 (P1): SpeechHand/TwitterHand 真实实现 - SpeechHand: tts_method 字段 + Browser TTS 前端集成 (Web Speech API) - TwitterHand: 12 个 action 全部替换为 Twitter API v2 真实 HTTP 调用 - chatStore/useAutomationEvents 双路径 TTS 触发	2026-03-30 09:24:50 +08:00
iven	f3f586efef	feat(kernel): Agent 导入/导出 + message_count 跟踪 ... Sprint 3.1 message_count 修复: - AgentRegistry 新增 message_counts 字段跟踪每个 agent 的消息数 - increment_message_count() 在 send_message 和 send_message_stream 中调用 - get_info() 返回实际计数值 Sprint 3.3 Agent 导入/导出: - Kernel 新增 get_agent_config() 方法返回原始 AgentConfig - 新增 agent_export Tauri 命令，导出配置为 JSON - 新增 agent_import Tauri 命令，从 JSON 导入并自动生成新 ID - 注册到 Tauri invoke_handler	2026-03-30 00:19:02 +08:00
iven	7de294375b	feat(auth): 添加异步密码哈希和验证函数 ... refactor(relay): 复用HTTP客户端和请求体序列化结果 feat(kernel): 添加获取单个审批记录的方法 fix(store): 改进SaaS连接错误分类和降级处理 docs: 更新审计文档和系统架构文档 refactor(prompt): 优化SQL查询参数化绑定 refactor(migration): 使用静态SQL和COALESCE更新配置项 feat(commands): 添加审批执行状态追踪和事件通知 chore: 更新启动脚本以支持Admin后台 fix(auth-guard): 优化授权状态管理和错误处理 refactor(db): 使用异步密码哈希函数 refactor(totp): 使用异步密码验证函数 style: 清理无用文件和注释 docs: 更新功能全景和审计文档 refactor(service): 优化HTTP客户端重用和请求处理 fix(connection): 改进SaaS不可用时的降级处理 refactor(handlers): 使用异步密码验证函数 chore: 更新依赖和工具链配置	2026-03-29 21:45:29 +08:00
iven	5fdf96c3f5	chore: 提交所有工作进度 — SaaS 后端增强、Admin UI、桌面端集成 ... 包含大量 SaaS 平台改进、Admin 管理后台更新、桌面端集成完善、 文档同步、测试文件重构等内容。为 QA 测试准备干净工作树。	2026-03-29 10:46:41 +08:00