17 Commits

Author	SHA1	Message	Date
iven	edd6dd5fc8	fix(audit): Batch 4-6 中间件注释 + 依赖迁移 + 安全加固 ... Batch 4: - kernel/mod.rs: 添加中间件注册顺序≠执行顺序注释 - EvolutionMiddleware 注册处标注 priority=78 Batch 5: - desktop/src-tauri/Cargo.toml: serde_yaml 0.9 (deprecated) → serde_yaml_bw 2.x Batch 6: - saas/main.rs: CORS 开发模式改为显式 localhost origins (修复 Any+credentials 违规) - docker-compose.yml: 移除默认弱密码 your_secure_password，改为必填校验 - director.rs: 用户输入添加 <user_input>/<user_request> 边界标记防注入 全量测试通过: 719 passed, 0 failed	2026-04-19 08:46:12 +08:00
iven	e94235c4f9	fix(growth): Evolution Engine 穷尽审计 3CRITICAL + 3HIGH 全部修复 ... C-01: ExperienceExtractor 接入 ExperienceStore - GrowthIntegration.new() 创建 ExperienceExtractor 时注入 ExperienceStore - 经验持久化路径打通：extract_combined → persist_experiences → ExperienceStore C-02+C-03: 进化触发链路全链路接通 - create_middleware_chain() 注册 EvolutionMiddleware (priority 78) - MemoryMiddleware 持有 Arc<EvolutionMiddleware> 共享引用 - after_completion 中调用 check_evolution() → 推送 PendingEvolution - EvolutionMiddleware 在下次对话前注入进化建议到 system prompt H-01: FeedbackCollector loaded 标志修复 - load() 失败时保留 loaded=false，下次 save 重试 - 日志级别 debug → warn H-03: FeedbackCollector 内部可变性 - EvolutionEngine.feedback 改为 Arc<Mutex<FeedbackCollector>> - submit_feedback() 从 &mut self → &self，支持中间件 &self 调用路径 - GrowthIntegration.initialize() 从 &mut self → &self H-05: 删除空测试 test_parse_empty_response (无 assert) H-06: infer_experiences_from_memories() fallback - Outcome::Success → Outcome::Partial (反映推断不确定性)	2026-04-19 00:43:02 +08:00
iven	2037809196	refactor(kernel): 移除 multi-agent feature gate — 33处 cfg 全部删除 (Phase 4A) ... 8 个文件移除 #[cfg(feature = "multi-agent")]，zclaw-kernel default features 新增 multi-agent。A2A 路由、agents、adapters 现在始终编译。	2026-04-18 08:17:58 +08:00
iven	5687dc20e0	refactor(runtime): loop_runner 双路径合并 — 统一走 middleware chain (Phase 3A) ... middleware_chain 从 Option<MiddlewareChain> 改为 MiddlewareChain: - 移除 6 处 use_middleware 分支 + 2 处 legacy loop_guard inline path - 移除 loop_guard field + Mutex import + circuit_breaker_triggered 变量 - 空 chain (Default) 行为等价于 middleware path 中的 no-op - 1154行 → 1023行，净减 131 行 - cargo check --workspace ✓ | cargo test ✓ (排除 desktop 预存编译问题)	2026-04-17 21:56:10 +08:00
iven	cb9e48f11d	refactor(hands): 移除空壳 Hand — Whiteboard/Slideshow/Speech (Phase 5) ... 删除 3 个仅含 UI 占位的 Hand，清理 Rust 实现与前端引用： - Rust: whiteboard.rs(422行) + slideshow.rs(797行) + speech.rs(442行) - 前端: WhiteboardCanvas + SlideshowRenderer + speech-synth + 相关类型/常量 - 配置: 3 个 HAND.toml - 净减 ~5400 行，Hands 9→6(启用) + Quiz/Browser/Researcher/Collector/Clip/Twitter/Reminder	2026-04-17 19:55:59 +08:00
iven	28c892fd31	fix(chat): 聊天定时功能断链接通 — NlScheduleParser + _reminder Hand ... 接通"写了没接"的定时功能断链： - NlScheduleParser has_schedule_intent/parse_nl_schedule 接入 agent_chat_stream - 新增 _reminder 系统 Hand 作为定时触发器桥接 - TriggerManager hand_id 验证对 _ 前缀系统 Hand 放行 - 聊天消息含定时意图时自动拦截，创建触发器并返回确认消息 验证：cargo check 0 error, 49 tests passed, Tauri MCP "每天早上9点提醒我查房" → cron 0 9 * * * 确认正确显示	2026-04-15 09:45:19 +08:00
iven	c167ea4ea5	fix(v13): V13 审计 6 项修复 — TrajectoryRecorder注册 + industryStore接入 + 知识搜索 + webhook标注 + structured UI + persistent注释 ... FIX-01: TrajectoryRecorderMiddleware 注册到 create_middleware_chain() (@650优先级) FIX-02: industryStore 接入 ButlerPanel 行业专长展示 + 自动拉取 FIX-03: 桌面端知识库搜索 saas-knowledge mixin + VikingPanel SaaS KB UI FIX-04: webhook 迁移标注 deprecated + 添加 down migration 注释 FIX-05: Admin Knowledge 添加结构化数据 Tab (CRUD + 行浏览) FIX-06: PersistentMemoryStore 精化 dead_code 标注 (完整迁移留后续) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 01:34:08 +08:00
iven	fbc8c9fdde	fix(industry): 审计修复 — 4 CRITICAL + 5 HIGH 全部解决 ... C1: SaaS industry/service.rs SQL 注入风险 → 参数化查询 ($N 绑定) C2: INDUSTRY_CONFIGS 死链 → Kernel 共享 Arc 接通 ButlerRouter C3: IndustryListItem 缺 keywords_count → SQL 查询 + 类型补全 C4: set_account_industries 非事务性 → batch 验证 + 事务 DELETE+INSERT H8: Accounts.tsx mutate 竞态 → mutateAsync 顺序等待 H9: XML 注入未转义 → xml_escape() 辅助函数 H10: update_industry 覆盖 source → 保留原始值 H11: 面包屑缺少 /industries → 添加行业配置映射	2026-04-12 19:06:19 +08:00
iven	5d1050bf6f	feat(industry): Phase 1 行业配置基础 — 数据模型 + 四行业内置配置 + ButlerRouter 动态关键词 ... - 新增 SaaS industry 模块 (types/service/handlers/mod/builtin) - 4 行业内置配置: healthcare/education/garment/ecommerce - 数据库迁移: industries + account_industries 表 - 8 个 API 端点 (CRUD + 用户行业关联) - ButlerRouter 改造: 支持 IndustryKeywordConfig 动态注入 - 12 个测试全通过 (含动态行业分类测试)	2026-04-12 15:42:35 +08:00
iven	9e0aa496cd	fix(runtime): 修复 Skill/MCP 调用链路3个断点 ... 1. Anthropic Driver ToolResult 格式修复 — ContentBlock 添加 ToolResult 变体, tool_call_id 不再被丢弃, 按 Anthropic API 规范发送 tool_result 格式 2. 前端 callMcpTool 参数名对齐 — serviceName/toolName/args 改为 service_name/tool_name/arguments, 后端支持 service_name 精确路由 3. MCP 工具桥接到 ToolRegistry — McpToolAdapter 添加 service_name/clone, 新建 McpToolWrapper 实现 Tool trait, Kernel 添加 mcp_adapters 共享状态, McpManagerState 与 Kernel 共享同一 Arc<RwLock<Vec>>, MCP 服务启停时 自动同步工具列表到 LLM 可见的 ToolRegistry	2026-04-11 16:20:38 +08:00
iven	1e675947d5	feat(butler): upgrade ButlerRouter to semantic skill routing ... Replace keyword-only ButlerRouter with SemanticSkillRouter (TF-IDF). 75 skills now participate in intent classification instead of 4 hardcoded domains. - Expose ButlerRouterBackend trait + RoutingHint as pub - Add with_router() constructor for injecting custom backends - Add SemanticRouterAdapter in kernel layer (bridges skills ↔ runtime) - Enhance context injection with skill-level match info	2026-04-10 21:24:30 +08:00
iven	ffaee49d67	feat(middleware): add butler router for semantic skill routing ... New ButlerRouterMiddleware (priority 80) intercepts user messages, classifies intent using keyword-based domain detection, and injects routing context into the system prompt. Supports healthcare, data report, policy compliance, and meeting coordination domains. - New: butler_router.rs — keyword classifier + MiddlewareContext injection - Registered in Kernel::create_middleware_chain() at priority 80 - 9 tests passing (classification + middleware integration)	2026-04-09 09:26:48 +08:00
iven	8aed363fc8	feat(middleware): add DataMaskingMiddleware — sensitive entity protection (Chunk 3) ... Priority 90 — runs before Compaction@100 and Memory@150. Detects and replaces company names, money amounts, phone numbers, emails, and ID card numbers with deterministic tokens (__ENTITY_N__). External callers can restore originals via DataMasker::unmask().	2026-04-07 08:01:05 +08:00
iven	cb140b5151	feat: DeerFlow 2.0 core capabilities — Phase 1.0 + 1.1 ... Phase 1.0 — Butler Mode UI: - Hide "自动化" and "技能市场" entries from sidebar navigation - Remove AutomationPanel and SkillMarket view rendering from App.tsx - Simplify MainViewType to only 'chat' - Main interface is now: chat + conversation list + detail panel only Phase 1.1 — Mode Differentiation: - Add subagent_enabled field to ChatModeConfig (Rust), StreamChatRequest (Tauri), gateway-client, kernel-client, saas-relay-client, and streamStore - TaskTool is now only registered when subagent_enabled=true (Ultra mode) - System prompt includes sub-agent delegation instructions only in Ultra mode - Frontend transmits subagent_enabled from ChatMode config through the full stack This connects the 4-tier mode selector (Flash/Thinking/Pro/Ultra) to actual backend behavioral differences — Ultra mode now truly enables sub-agent delegation.	2026-04-06 12:46:43 +08:00
iven	f4ed1b33e0	feat(kernel): add multi-skill orchestration bridge + true parallel execution ... - Kernel orchestration bridge: execute_orchestration, auto_compose_skills, validate_orchestration methods on Kernel struct - True parallel execution: replace sequential for-loop with tokio::JoinSet for concurrent node execution within parallel groups - Tauri commands: orchestration_execute (auto-compose or pre-defined graph), orchestration_validate (dry-run validation) - Full type conversions: OrchestrationRequest/Response with camelCase serde Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-04 09:18:26 +08:00
iven	b25dfc967a	feat(kernel): persist agent runtime state across restarts ... - Schema: migrations now execute ALTER TABLE ADD COLUMN for state/message_count - MemoryStore: add update_agent_runtime() and list_agents_with_runtime() - Registry: add register_with_runtime() to accept persisted state/message_count - Kernel boot: restore agents with their persisted state (not always Running) - Kernel shutdown: persist all agent states/message_counts before terminating Agents that were suspended stay suspended after restart. Message counts survive restarts instead of resetting to 0.	2026-04-04 01:19:53 +08:00
iven	52bdafa633	refactor(crates): kernel/generation module split + DeerFlow optimizations + middleware + dead code cleanup ... - Split zclaw-kernel/kernel.rs (1486 lines) into 9 domain modules - Split zclaw-kernel/generation.rs (1080 lines) into 3 modules - Add DeerFlow-inspired middleware: DanglingTool, SubagentLimit, ToolError, ToolOutputGuard - Add PromptBuilder for structured system prompt assembly - Add FactStore (zclaw-memory) for persistent fact extraction - Add task builtin tool for agent task management - Driver improvements: Anthropic/OpenAI extended thinking, Gemini safety settings - Replace let _ = with proper log::warn! across SaaS handlers - Remove unused dependency (url) from zclaw-hands	2026-04-03 00:28:03 +08:00