126 Commits

Author	SHA1	Message	Date
iven	6c6fcb76b3	docs(audit): resolve 3 P1 architecture decisions ... - SEC2-P1-01 FactStore: FALSE_POSITIVE (trait already removed) - V11-P1-03 3 SQL tables: FALSE_POSITIVE (2 active via JOIN, 1 write-only downgrade to P3) - M4-04 deep approval: WONTFIX (4-layer defense-in-depth sufficient) - M11-02: FIXED (map_err added in prev commit)	2026-04-04 21:31:47 +08:00
iven	1fec8cfbc1	fix(arch): unify TS/Rust types + classroom persistence registration + approval audit ... - M11-03: Register ClassroomPersistence via Tauri .setup() hook with in-memory fallback. Previously missing — classroom commands would crash at runtime. - M3-02: Document BrowserHand as schema validator + TypeScript delegation passthrough (dual-path architecture explicitly documented). - M4-04: Add defense-in-depth audit logging in execute_hand() and execute_hand_with_source() when needs_approval hands bypass approval gate. - TYPE-01: Add #[serde(rename_all = "camelCase")] to Rust AgentInfo. Add missing fields to TS AgentInfo (messageCount, createdAt, updatedAt). Fix KernelStatus TS interface to match Rust KernelStatusResponse (baseUrl/model instead of defaultProvider/defaultModel). - SEC2-P1-01: Document EXTRACTION_DRIVER OnceCell as legacy path; Kernel struct field is the active path. - TriggerSource: Add #[derive(PartialEq)] for approval audit comparisons.	2026-04-04 21:09:02 +08:00
iven	8e56df74ec	docs: update audit tracker with V12 module audit fix progress	2026-04-04 19:28:11 +08:00
iven	442ec0eeef	docs(audit): V12 模块化端到端审计报告 — 11 模块 + 总报告 ... 混合矩阵式审计：10 个功能模块 × 五维检查清单 - 项目整体健康度: 76/100 - 2 个 P0 (M4 双数据库 + 反思引擎 LLM 未接入) - 15 个 P1 (跨 M2/M3/M4/M5/M6/M7/M11) - 三类断链模式: 写了没接/接了不对/双实现未统一 - 三阶段修复路线图: P0(2-3天) → P1(5-7天) → P2(5-7天)	2026-04-04 17:55:03 +08:00
iven	5db2907420	test(desktop): add agent-chat comprehensive E2E test spec ... Full E2E test suite for agent chat functionality including: - Message send/receive flow - Streaming response verification - Model switching behavior - Error handling scenarios - Multi-turn conversation context Includes test report documenting coverage and known gaps.	2026-04-03 23:02:00 +08:00
iven	cc26797faf	fix(saas): eliminate 6 compiler warnings + stabilize directive complete ... - Remove unused imports: Utc (billing/service), StatusCode (billing/handlers), Sha256 (billing/handlers) - Fix unused variables: _db (scheduler), _e (payment WeChat error) - Fix visibility: RegisterDeviceRequest pub(super) → pub (used in pub handler) - Update STABILIZATION_DIRECTIVE.md: all 7 criteria met, downgrade to advisory - Fix TRUTH.md §2.2: mark P0/P1 defects as resolved, update Admin pages count to 14 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-03 21:57:04 +08:00
iven	2ceeeaba3d	fix(production-readiness): 3-batch production readiness cleanup — 12 tasks ... Batch 1 — User-facing fixes: - B1-1: Pipeline verified end-to-end (14 Rust commands, 8 frontend invoke, fully connected) - B1-2: MessageSearch restored to ChatArea with search button in DeerFlow header - B1-3: Viking cleanup — removed 5 orphan invokes (no Rust impl), added addWithMetadata + storeWithSummaries methods + summary generation UI - B1-4: api-fallbacks transparency — added _isFallback markers + console.warn to all 6 fallback functions Batch 2 — System health: - B2-1: Document drift calibration — TRUTH.md/README.md numbers verified and updated - B2-2: @reserved annotations on 15 SaaS handler functions with no frontend callers - B2-3: Scheduled Task Admin V2 — new service + page + route + sidebar navigation - B2-4: TRUTH.md Pipeline/Viking/ScheduledTask records corrected Batch 3 — Long-term quality: - B3-1: hand_run_status/hand_run_list verified as fully implemented (not stubs) - B3-2: Identity snapshot rollback UI added to RightPanel - B3-3: P2 code quality — 4 fixes (TODO comments, fire-and-forget notes, design notes, table name validation), 2 verified N/A, 1 upstream - B3-4: Config PATCH→PUT alignment (admin-v2 config.ts matched to SaaS backend)	2026-04-03 21:34:56 +08:00
iven	305984c982	fix(saas): P2 code quality fixes + config PATCH/PUT alignment ... P2 code quality (SEC2-P2-01~10): - P2-04: Replace vague TODO with detailed Phase 2 design note in generate_embedding.rs - P2-05: Add NOTE(fire-and-forget) annotations to 4 long-running tokio::spawn in main.rs - P2-07: Add DESIGN NOTE to scheduler explaining sequential execution rationale - P2-08: Add compile-time table name whitelist + runtime char validation in db.rs - P2-02: Verified N/A (only zclaw-pipeline uses serde_yaml_bw, no inconsistency) - P2-06: Verified N/A (bind loop correctly matches 6-column placeholders) - P2-03: Remains OPEN (requires upstream sqlx release) Config HTTP method alignment (B3-4): - Fix admin-v2 config.ts: request.patch -> request.put to match backend .put() route - Fix backend handler doc comment: PATCH -> PUT - Add @reserved annotations to 6 config handlers without frontend callers	2026-04-03 21:32:17 +08:00
iven	22b967d2a6	docs(features): v0.10.1/v0.10.2 数字校准 + 行业模板文档更新 ... - README.md: SKILL 76→75, Tauri 命令 175→171, SaaS API 58→131, Workers 5→7, 数据表 25→34, Admin 11→13 页面 - 00-saas-overview.md: Agent Template 新增 5 个端点文档、种子数据表、端到端数据流图 - roadmap.md: 同步最新数字 - fix(saasStore): toTopRequired → totpRequired 拼写修复	2026-04-03 21:29:44 +08:00
iven	1c697d0b46	chore: 清理临时管理目录并更新文档索引 ... 删除 admin-temp-dir 目录及其内容 更新文档索引以包含 dashmap 相关文件	2026-04-03 00:42:48 +08:00
iven	d8e2954d73	docs: stabilization directive + TRUTH document + AI session prompts + dockerignore ... - STABILIZATION_DIRECTIVE.md: feature freeze rules, banned actions, priorities - TRUTH.md: single source of truth for system state (crate counts, store counts) - AI_SESSION_PROMPTS.md: three-layer prompt system for AI sessions - Industry agent delivery design spec - Stabilization test suite for regression prevention - Delete stale ISSUE-TRACKER.md - Add .dockerignore for container builds - Add brainstorm session artifacts	2026-04-03 00:29:16 +08:00
iven	0a04b260a4	refactor(desktop): ChatStore structured split + IDB persistence + stream cancel ... Split monolithic chatStore.ts (908 lines) into 4 focused stores: - chatStore.ts: facade layer, owns messages[], backward-compatible selectors - conversationStore.ts: conversation CRUD, agent switching, IndexedDB persistence - streamStore.ts: streaming orchestration, chat mode, suggestions - messageStore.ts: token tracking Key fixes from 3-round deep audit: - C1: Fix Rust serde camelCase vs TS snake_case mismatch (toolStart/toolEnd/iterationStart) - C2: Fix IDB async rehydration race with persist.hasHydrated() subscribe - C3: Add sessionKey to partialize to survive page refresh - H3: Fix IDB migration retry on failure (don't set migrated=true in catch) - M3: Fix ToolCallStep deduplication (toolStart creates, toolEnd updates) - M-NEW-2: Clear sessionKey on cancelStream Also adds: - Rust backend stream cancellation via AtomicBool + cancel_stream command - IndexedDB storage adapter with one-time localStorage migration - HMR cleanup for cross-store subscriptions	2026-04-03 00:24:16 +08:00
iven	8898bb399e	docs: audit reports + feature docs + skills + admin-v2 + config sync ... Update audit tracker, roadmap, architecture docs, add admin-v2 Roles page + Billing tests, sync CLAUDE.md, Cargo.toml, docker-compose.yml, add deep-research / frontend-design / chart-visualization skills Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 19:25:00 +08:00
iven	62df7feac1	docs(spec): switch payment integration from Stripe to Alipay/WeChat Pay direct ... Target market is domestic China users only — integrate Alipay Face-to-Face Payment and WeChat Native Pay directly instead of Stripe as intermediary. Updated billing module structure, risk table, and verification criteria. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 23:21:22 +08:00
iven	73ff5e8c5e	feat(desktop): DeerFlow visual redesign + stream hang fix + intelligence client ... DeerFlow frontend visual overhaul: - Card-style input box (white rounded card, textarea top, actions bottom) - Dropdown mode selector (闪速/思考/Pro/Ultra with icons+descriptions) - Colored quick-action chips (小惊喜/写作/研究/收集/学习) - Minimal top bar (title + token count + export) - Warm gray color system (#faf9f6 bg, #f5f4f1 sidebar, #e8e6e1 border) - DeerFlow-style sidebar (新对话/对话/智能体 nav) - Reasoning block, tool call chain, task progress visualization - Streaming text, model selector, suggestion chips components - Resizable artifact panel with drag handle - Virtualized message list for 100+ messages Bug fixes: - Stream hang: GatewayClient onclose code 1000 now calls onComplete - WebView2 textarea border: CSS !important override for UA styles - Gateway stream event handling (response/phase/tool_call types) Intelligence client: - Unified client with fallback drivers (compactor/heartbeat/identity/memory/reflection) - Gateway API types and type conversions	2026-04-01 22:03:07 +08:00
iven	e3b93ff96d	fix(security): implement all 15 security fixes from penetration test V1 ... Security audit (2026-03-31): 5 HIGH + 10 MEDIUM issues, all fixed. HIGH: - H1: JWT password_version mechanism (pwv in Claims, middleware verification, auto-increment on password change) - H2: Docker saas port bound to 127.0.0.1 - H3: TOTP encryption key decoupled from JWT secret (production bailout) - H4+H5: Tauri CSP hardened (removed unsafe-inline, restricted connect-src) MEDIUM: - M1: Persistent rate limiting (PostgreSQL rate_limit_events table) - M2: Account lockout (5 failures -> 15min lock) - M3: RFC 5322 email validation with regex - M4: Device registration typed struct with length limits - M5: Provider URL validation on create/update (SSRF prevention) - M6: Legacy TOTP secret migration (fixed nonce -> random nonce) - M7: Legacy frontend crypto migration (static salt -> random salt) - M8+M9: Admin frontend: removed JS token storage, HttpOnly cookie only - M10: Pipeline debug log sanitization (keys only, 100-char truncation) Also: fixed CLAUDE.md Section 12 (was corrupted), added title.rs middleware skeleton, fixed RegisterDeviceRequest visibility.	2026-04-01 08:38:37 +08:00
iven	6cae768401	fix(desktop): session persistence — refresh/login/context/empty-content 4-bug fix ... 1. App.tsx: add restoreSession() call on startup to prevent redirect to login page after refresh (isRestoring guard + BootstrapScreen) 2. CloneManager: call syncAgents() after loadClones() to restore currentAgent and conversation history on app load 3. zclaw-memory: add get_or_create_session() so frontend session UUID is persisted directly — kernel no longer creates mismatched IDs 4. openai.rs: assistant message content must be non-empty for Kimi/Qwen APIs — replace empty content with meaningful placeholders Also includes admin-v2 ModelServices unified page (merge providers + models + API keys into expandable row layout)	2026-03-31 13:38:59 +08:00
iven	3e5d64484e	fix(relay): fix llm_routing read path bug and add User-Agent header for Coding Plan ... 1. connectionStore.ts: storedAccount.account.llm_routing → storedAccount.llm_routing - saveSaaSSession stores SaaSAccountInfo directly, not { account: SaaSAccountInfo } - This bug caused admin llm_routing config to never take effect 2. relay/service.rs: add User-Agent: claude-code/1.0 header - Kimi Coding Plan requires recognized coding agent User-Agent - Default reqwest UA is rejected with 403 3. Docs: add llm_routing routing mode explanation and troubleshooting entries	2026-03-31 12:02:32 +08:00
iven	f79560a911	refactor(desktop): split kernel_commands/pipeline_commands into modules, add SaaS client libs and gateway modules ... Split monolithic kernel_commands.rs (2185 lines) and pipeline_commands.rs (1391 lines) into focused sub-modules under kernel_commands/ and pipeline_commands/ directories. Add gateway module (commands, config, io, runtime), health_check, and 15 new TypeScript client libraries for SaaS relay, auth, admin, telemetry, and kernel sub-systems (a2a, agent, chat, hands, skills, triggers). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 11:12:47 +08:00
iven	d0ae7d2770	feat(deploy): add Dockerfile, saas-env.example, nginx config, and production deployment guide ... Multi-stage Docker build for zclaw-saas with dependency caching, environment variable template with security defaults, Nginx reverse proxy with SSE/WebSocket support and HTTPS, and comprehensive Chinese-language production deployment documentation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 10:26:30 +08:00
iven	eb956d0dce	feat: 新增管理后台前端项目及安全加固 ... refactor(saas): 重构认证中间件与限流策略 - 登录限流调整为5次/分钟/IP - 注册限流调整为3次/小时/IP - GET请求不计入限流 fix(saas): 修复调度器时间戳处理 - 使用NOW()替代文本时间戳 - 兼容TEXT和TIMESTAMPTZ列类型 feat(saas): 实现环境变量插值 - 支持${ENV_VAR}语法解析 - 数据库密码支持环境变量注入 chore: 新增前端管理界面 - 基于React+Ant Design Pro - 包含路由守卫/错误边界 - 对接58个API端点 docs: 更新安全加固文档 - 新增密钥管理规范 - 记录P0安全项审计结果 - 补充TLS终止说明 test: 完善配置解析单元测试 - 新增环境变量插值测试用例	2026-03-31 00:11:33 +08:00
iven	9d310e5a3c	docs: 更新 roadmap — S2/S4/S8/F16 标记已完成	2026-03-30 19:56:03 +08:00
iven	e7b2d1c099	docs: 审计后文档同步 — feature-checklist/roadmap/technical-reference 更新 ... - feature-checklist: 新增 Admin V2 章节(12项全通过)，Speech/Twitter 状态提升， Hands 9/11 可用，安全备注更新 - roadmap: 标记 S1/S3 审批/Hand 为已完成，更新 crate 数量(10)， 新增审计/依赖/清理已完成项 - technical-reference: 更新日期至 03-30，crate 数量 10	2026-03-30 18:32:02 +08:00
iven	bc8c77e7fe	fix(security): P0 审计修复 — 6项关键安全/编译问题 ... F1: kernel.rs multi-agent 编译错误 — 重排 spawn_agent 中 A2A 注册顺序， 在 config 被 registry.register() 消费前使用 F2: saas-config.toml 从 git 追踪中移除 — 包含数据库密码已进入版本历史 F3: config.rs 硬编码开发密钥改用 #[cfg(debug_assertions)] 编译时门控 — dev fallback 密钥不再进入 release 构建 F4: 公共认证端点添加 IP 速率限制 (20 RPM) — 防止暴力破解 F5: SSE relay 路由分离出全局 15s TimeoutLayer — 避免长流式响应被截断 F6: Provider API 密钥入库前 AES-256-GCM 加密 — 明文存储修复 附带：完整审计报告 docs/superpowers/specs/2026-03-30-comprehensive-audit-report.md	2026-03-30 13:32:22 +08:00
iven	834aa12076	fix: P0 panic风险修复 + P1编译warnings清零 + P2代码/文档清理 ... P0 安全性: - account/handlers.rs: .unwrap() → .expect() 语义化错误信息 - relay/handlers.rs: SSE Response .unwrap() → .expect() P1 编译质量 (6 warnings → 0): - kernel.rs: 移除未使用的 Capability import 和 config_clone 变量 - pipeline_commands.rs: 未使用变量 id → _id - db.rs: 移除多余括号 - relay/service.rs: 移除未使用的 StreamExt import - telemetry/service.rs: 抑制 param_idx 未读赋值警告 - main.rs: TcpKeepalive::with_retries() Linux-only 条件编译 P2 代码清理: - 移除 handStore/HandsPanel/HandTaskPanel/gateway-api/SchedulerPanel 调试 console.log - SchedulerPanel: 修复 updateWorkflow 未解构导致 TS 编译错误 - 文档清理 zclaw-channels 已移除 crate 的引用	2026-03-30 11:33:47 +08:00
iven	a7d33d0207	feat(admin): Admin V2 — Ant Design Pro 纯 SPA 重写 ... Next.js SSR/hydration 与 SWR fetch-on-mount 存在根本冲突： hydration 卸载组件时 abort 的请求仍占用后端 DB 连接， retry 循环耗尽 PostgreSQL 连接池导致后端完全卡死。 admin-v2 使用 Vite + React + antd 纯 SPA 彻底消除此问题： - 12 页面全部完成（Login, Dashboard, Accounts, Providers, Models, API Keys, Usage, Relay, Config, Prompts, Logs, Agent Templates） - ProTable + ProForm + ProLayout 统一 UI 模式 - TanStack Query + Axios + Zustand 数据层 - JWT 自动刷新 + 401 重试机制 - 全部 18 网络请求 200 OK，零 ERR_ABORTED 同时更新 troubleshooting 第 13 节和 SaaS 平台文档。	2026-03-30 09:35:59 +08:00
iven	5595083b96	feat(skills): SemanticSkillRouter — TF-IDF + Embedding 混合路由 ... 实现 SemanticSkillRouter 核心模块 (zclaw-skills): - Embedder trait + NoOpEmbedder (TF-IDF fallback) - SkillTfidfIndex 全文索引 - retrieve_candidates() Top-K 检索 - route() 置信度阈值路由 (0.85) - cosine_similarity 公共函数 - 单元测试覆盖 Kernel 适配层 (zclaw-kernel): - EmbeddingAdapter: zclaw-growth EmbeddingClient → Embedder 文档同步: - 01-intelligent-routing.md Phase 1+2 标记完成	2026-03-30 00:54:11 +08:00
iven	7de294375b	feat(auth): 添加异步密码哈希和验证函数 ... refactor(relay): 复用HTTP客户端和请求体序列化结果 feat(kernel): 添加获取单个审批记录的方法 fix(store): 改进SaaS连接错误分类和降级处理 docs: 更新审计文档和系统架构文档 refactor(prompt): 优化SQL查询参数化绑定 refactor(migration): 使用静态SQL和COALESCE更新配置项 feat(commands): 添加审批执行状态追踪和事件通知 chore: 更新启动脚本以支持Admin后台 fix(auth-guard): 优化授权状态管理和错误处理 refactor(db): 使用异步密码哈希函数 refactor(totp): 使用异步密码验证函数 style: 清理无用文件和注释 docs: 更新功能全景和审计文档 refactor(service): 优化HTTP客户端重用和请求处理 fix(connection): 改进SaaS不可用时的降级处理 refactor(handlers): 使用异步密码验证函数 chore: 更新依赖和工具链配置	2026-03-29 21:45:29 +08:00
iven	b7ec317d2c	docs: 更新功能文档 — 反映架构重构成果 ... - docs/features/README.md — 技能数 69→70, Hands 11个, 成熟度更新 - 智能层文档成熟度上调 (身份演化 L3, 反思引擎 L3) - 后端集成文档更新 SaaS 迁移系统说明 - 知识库添加架构重构记录	2026-03-29 19:42:37 +08:00
iven	8b9d506893	refactor(saas): 架构重构 + 性能优化 — 借鉴 loco-rs 模式 ... Phase 0: 知识库 - docs/knowledge-base/loco-rs-patterns.md — loco-rs 10 个可借鉴模式研究 Phase 1: 数据层重构 - crates/zclaw-saas/src/models/ — 15 个 FromRow 类型化模型 - Login 3 次查询合并为 1 次 AccountLoginRow 查询 - 所有 service 文件从元组解构迁移到 FromRow 结构体 Phase 2: Worker + Scheduler 系统 - crates/zclaw-saas/src/workers/ — Worker trait + 5 个具体实现 - crates/zclaw-saas/src/scheduler.rs — TOML 声明式调度器 - crates/zclaw-saas/src/tasks/ — CLI 任务系统 Phase 3: 性能修复 - Relay N+1 查询 → 精准 SQL (relay/handlers.rs) - Config RwLock → AtomicU32 无锁 rate limit (state.rs, middleware.rs) - SSE std::sync::Mutex → tokio::sync::Mutex (relay/service.rs) - /auth/refresh 阻塞清理 → Scheduler 定期执行 Phase 4: 多环境配置 - config/saas-{development,production,test}.toml - ZCLAW_ENV 环境选择 + ZCLAW_SAAS_CONFIG 精确覆盖 - scheduler 配置集成到 TOML	2026-03-29 19:21:48 +08:00
iven	5fdf96c3f5	chore: 提交所有工作进度 — SaaS 后端增强、Admin UI、桌面端集成 ... 包含大量 SaaS 平台改进、Admin 管理后台更新、桌面端集成完善、 文档同步、测试文件重构等内容。为 QA 测试准备干净工作树。	2026-03-29 10:46:41 +08:00
iven	452ff45a5f	feat(saas): P2 增强 — TOTP 2FA、Relay 重试、配置同步升级 ... - TOTP 2FA: totp-rs v5.7.1 + data-encoding Base32, setup/verify/disable 流程, 登录时 TOTP 验证集成, SaasError::Totp 返回 400 - Relay 重试: 指数退避 (base_delay_ms * 2^attempt), 错误分类 (4xx 不重试), Admin POST /tasks/:id/retry 端点 - 配置同步: push (客户端覆盖) / merge (SaaS 优先) / diff (只读对比), 实际写入 config_items 表 - 集成测试: 27 个测试全部通过 (新增 6 个 P2 测试) - 文档: 更新 SaaS 平台总览 (模块完成度 + API 端点列表)	2026-03-27 17:58:14 +08:00
iven	80d98b35a5	fix(audit): v5 审计修复 8 项 — 条件编译、安全加固、冗余清理 ... - N1: Whiteboard Export 动作标注 demo=true - N2/N3: Director + A2A 通过 #[cfg(feature)] 条件编译隔离 - N4: viking_adapter 文本匹配降级为 LOW（生产路径走 SqliteStorage） - N5: 移除冗余 compactor_compact_llm Tauri 命令注册 - M3: hand_approve/hand_cancel 添加 hand_id 验证防跨 Hand 审批 - N7: scheduled_task 文档注释标注 PLANNNED - 新增 COMPREHENSIVE_AUDIT_V5.md 独立审计报告 - 更新 DEEP_AUDIT_REPORT.md 追加修复记录（累计 32 项）	2026-03-27 12:33:44 +08:00
iven	b3a31ec48b	docs(saas): 添加 SaaS 后台系统设计规格 ... 涵盖四大核心模块的完整设计: - 账号权限管理 (JWT/Argon2/TOTP/权限模板) - 模型与 API 配置中心 (提供商/模型/密钥/使用量) - 模型请求中转服务 (队列/流式转发/速率限制) - 系统配置迁移分析 (迁移优先级/同步协议) 技术栈: Rust + Axum 后端 + React 管理后台 目标: MVP <100 用户, 独立 SaaS 服务	2026-03-27 12:16:19 +08:00
iven	256dba49db	fix(audit): 第五轮审计修复 — 反思LLM分析、语义路由、并行执行、错误中文化 ... - P2: 反思引擎接入 LLM 深度行为分析 (analyze_patterns_with_llm) - P3-M6: 语义路由 RuntimeLlmIntentDriver 真实 LLM 匹配 - P3-L1: V2 Pipeline execute_parallel 改用 buffer_unordered 真正并行 - P3-S10: Rust 用户可见错误提示统一中文化 累计修复 27 项，完成度 ~72% → ~78%	2026-03-27 12:10:48 +08:00
iven	30b2515f07	feat(audit): 审计修复第四轮 — 跨会话搜索、LLM压缩集成、Presentation渲染器 ... - S9: MessageSearch 新增 Session/Global 双模式，Global 调用 VikingStorage memory_search - M4b: LLM 压缩器集成到 kernel AgentLoop，支持 use_llm 配置切换 - M4c: 压缩时自动提取记忆到 VikingStorage (runtime + tauri 双路径) - H6: 新增 ChartRenderer(recharts)、Document/Slideshow 完整渲染 - 累计修复 23 项，整体完成度 ~72%，真实可用率 ~80%	2026-03-27 11:44:14 +08:00
iven	7ae6990c97	fix(audit): 修复深度审计 P2 问题 — 自主授权后端守卫、反思历史累积、心跳持久化 ... - M5-补: hand_execute/skill_execute 接收 autonomy_level 参数，后端三层守卫 (supervised 全部审批 / assisted 尊重 needs_approval / autonomous 跳过) - M3: hand_approve/hand_cancel 移除 _hand_name 下划线，添加审计日志 - M4-补: 反思历史累积存储到 reflection:history:{agent_id} 数组(最多20条) get_history 优先读持久化历史，保留 latest key 向后兼容 - 心跳历史: VikingStorage 持久化 HeartbeatResult 数组，tick() 也存历史 heartbeat_init 恢复历史，重启后不丢失 - L2: 确认 gatewayStore 仅注释引用，无需修改 - 身份回滚: 确认 IdentityChangeProposal.tsx 已实现 HistoryItem + restoreSnapshot - 更新 DEEP_AUDIT_REPORT.md 完成度 72% (核心 92%, 真实可用 80%)	2026-03-27 11:32:35 +08:00
iven	b7bc9ddcb1	fix(audit): 修复深度审计 P1/P2 问题 — 记忆统一、持久化、前端适配 ... H3: 重写 memory_commands.rs 统一到 VikingStorage 单一存储，移除双写 H4: 心跳引擎 record_interaction() 持久化到 VikingStorage，启动时恢复 M4: 反思结果/状态持久化到 VikingStorage metadata，重启后自动恢复 - HandApprovalModal import 修正 (handStore 替代 gatewayStore) - kernel-client.ts 幽灵调用替换为 kernel_status - PersistentMemoryStore dead_code warnings 清理 - 审计报告和 README 更新至 v0.6.3，完成度 58%→62%	2026-03-27 09:59:55 +08:00
iven	a71c4138cc	fix(audit): 修复深度审计发现的 P0/P1 问题 (8项) ... 基于 DEEP_AUDIT_REPORT.md 修复 2 CRITICAL + 4 HIGH + 1 MEDIUM 问题: - C1: PromptOnly 技能集成 LLM 调用 — 定义 LlmCompleter trait， 通过 LlmDriverAdapter 桥接 zclaw_runtime::LlmDriver， PromptOnlySkill.execute() 现在调用 LLM 生成内容 - C2: 反思引擎空记忆 bug — 新增 query_memories_for_reflection() 从 VikingStorage 查询真实记忆传入 reflect() - H7: Agent Store 接口适配 — KernelClient 添加 listClones/createClone/ deleteClone/updateClone 方法，映射到 agent_* 命令 - H8: Hand 审批检查 — hand_execute 执行前检查 needs_approval， 需审批返回 pending_approval 状态 - M1: 幽灵命令注册 — 注册 hand_get/hand_run_status/hand_run_list 三个 Tauri 桩命令 - H1/H2: SpeechHand/TwitterHand 添加 demo 标签 - H5: 归档过时 VERIFICATION_REPORT 文档更新: DEEP_AUDIT_REPORT.md 标记修复状态，README.md 更新 关键指标和变更历史。整体完成度从 ~50% 提升至 ~58%。	2026-03-27 09:36:50 +08:00
iven	eed347e1a6	feat: 实现循环防护和安全验证功能 ... refactor(loop_guard): 为LoopGuard添加Clone派生 feat(capabilities): 实现CapabilityManager.validate()安全验证 fix(agentStore): 添加token用量追踪 chore: 删除未实现的Predictor/Lead HAND.toml文件 style(Credits): 移除假数据并标注开发中状态 refactor(Skills): 动态加载技能卡片 perf(configStore): 为定时任务添加localStorage降级 docs: 更新功能文档和版本变更记录	2026-03-27 07:56:53 +08:00
iven	0d4fa96b82	refactor: 统一项目名称从OpenFang到ZCLAW ... 重构所有代码和文档中的项目名称，将OpenFang统一更新为ZCLAW。包括： - 配置文件中的项目名称 - 代码注释和文档引用 - 环境变量和路径 - 类型定义和接口名称 - 测试用例和模拟数据 同时优化部分代码结构，移除未使用的模块，并更新相关依赖项。	2026-03-27 07:36:03 +08:00
iven	4b08804aa9	docs: 更新 features/README.md 反映真实功能完成度 ... 基于审计报告更新 20 项功能模块的成熟度评级： - 平均真实完成度从文档声称的 L3.3 修正为 68% - 各模块成熟度标注从文档声称值调整为实际值 - 新增 P0-P2 清理工作记录	2026-03-27 00:55:49 +08:00
iven	8bcabbfb43	refactor: 代码质量清理 - 移除死代码和遗留别名 ... 基于全面审计报告的 P0-P2 修复工作： P0 (已完成): - intelligence 模块: 精确注释 dead_code 标注原因（Tauri runtime 注册） - compactor.rs: 实现 LLM 摘要生成（compact_with_llm） - pipeline_commands.rs: 替换 println! 为 tracing 宏 P1 (已完成): - 移除 8 个 gateway_* 向后兼容别名（OpenClaw 遗留） - 前端 tauri-gateway.ts 改为调用 zclaw_* 命令 - 清理 generation.rs 6 个重复的实例方法（-217 行） - A2A dead_code 注释更新 P2 (已完成): - Predictor/Lead HAND.toml 设置 enabled=false - Wasm/Native SkillMode 添加未实现说明 - browser/mod.rs 移除未使用的 re-export（消除 4 个警告） 文档更新: - feature-checklist.md 从 v0.4.0 更新到 v0.6.0 - CLAUDE.md Hands 状态更新 验证: cargo check 零警告, 42 测试通过, 净减 371 行代码	2026-03-27 00:54:57 +08:00
iven	c3996573aa	refactor: 移除 Team 和 Swarm 协作功能 ... 功能论证结论：Team（团队）和 Swarm（协作）为零后端支持的 纯前端 localStorage 空壳，Pipeline 系统已完全覆盖其全部能力。 删除 16 个文件，约 7,950 行代码： - 5 个组件：TeamCollaborationView, TeamOrchestrator, TeamList, DevQALoop, SwarmDashboard - 1 个 Store：teamStore.ts - 3 个 Client/库：team-client.ts, useTeamEvents.ts, agent-swarm.ts - 1 个类型文件：team.ts - 4 个测试文件 - 1 个文档（归档 swarm-coordination.md） 修改 4 个文件： - Sidebar.tsx：移除"团队"和"协作"导航项 - App.tsx：移除 team/swarm 视图路由 - types/index.ts：移除 team 类型导出 - chatStore.ts：移除 dispatchSwarmTask 方法 更新 CHANGELOG.md 和功能文档 README.md	2026-03-26 20:27:19 +08:00
iven	978dc5cdd8	fix(安全): 修复HTML导出中的XSS漏洞并清理调试日志 ... refactor(日志): 替换console.log为tracing日志系统 style(代码): 移除未使用的代码和依赖项 feat(测试): 添加端到端测试文档和CI工作流 docs(变更日志): 更新CHANGELOG.md记录0.1.0版本变更 perf(构建): 更新依赖版本并优化CI流程	2026-03-26 19:49:03 +08:00
iven	ef3d4e3094	docs: 更新功能文档以反映 Agent Growth System 实现 ... - 更新 README.md 版本至 v0.6.0 - 添加 zclaw-growth crate (第 9 个 crate) - 添加 Agent Growth System 组件状态表 - 更新关键指标 (135 tests, 9 crates) - 更新 roadmap.md 当前状态和执行清单 Agent Growth System 包含: - SqliteStorage + FTS5 全文搜索 - MemoryRetriever + TF-IDF 语义检索 - PromptInjector + Token 预算控制 - MemoryExtractor + LLM 驱动提取 - VikingAdapter 存储抽象层 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:39:40 +08:00
iven	14f8d4d3ad	feat(presentation): add Smart Presentation Layer for Pipeline output ... - Add PresentationAnalyzer in Rust backend (13 tests passing) - Add PresentationContainer with auto type detection - Add TypeSwitcher for manual type switching - Add ChartRenderer, QuizRenderer, SlideshowRenderer, DocumentRenderer - Integrate ResultModal into PipelinesPanel for result display - Update docs: pipeline-overview.md, README.md, roadmap.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 18:32:23 +08:00
iven	9ee23e444c	fix(dev-server): 修复开发服务器和前端兼容性问题 ... 修复内容: 1. 修复 dev_server.rs 编译错误 - 使用 Vec::new() 替代数组转换 2. 修复 pipeline-client.ts - 添加 Tauri 运行时检测和开发服务器 fallback 3. 更新 troubleshooting.md - 添加开发服务器使用说明 测试结果: - 所有前端模块正常加载 - 开发服务器 API 响应正确 - 类型检查通过	2026-03-26 18:10:55 +08:00
iven	b7f3d94950	fix(presentation): 修复 presentation 模块类型错误和语法问题 ... - 创建 types.ts 定义完整的类型系统 - 重写 DocumentRenderer.tsx 修复语法错误 - 重写 QuizRenderer.tsx 修复语法错误 - 重写 PresentationContainer.tsx 添加类型守卫 - 重写 TypeSwitcher.tsx 修复类型引用 - 更新 index.ts 移除不存在的 ChartRenderer 导出 审计结果: - 类型检查: 通过 - 单元测试: 222 passed - 构建: 成功	2026-03-26 17:19:28 +08:00
iven	d0c6319fc1	feat: 添加ESLint和Prettier配置并优化代码结构 ... style: 格式化代码文件并修复样式问题 docs: 新增部署文档和系统要求文档 test: 更新测试截图和覆盖率报告 refactor: 重构SchedulerPanel加载状态逻辑 ci: 添加lint和format脚本到package.json build: 更新依赖项并添加开发工具 chore: 添加验证报告和上线审查计划	2026-03-26 08:02:23 +08:00