207 Commits

Author	SHA1	Message	Date
iven	a685e97b17	feat(skills): WASM host 函数真实实现 — zclaw_log/http_fetch/file_read (Phase 4B) ... 替换 stub 为真实实现: - zclaw_log: 读取 guest 内存并 log - zclaw_http_fetch: ureq v3 同步 GET (10s timeout, network_allowed 守卫) - zclaw_file_read: 沙箱 /workspace 目录读取 (路径校验防逃逸) 添加 ureq v3 workspace 依赖, 25 测试全通过。	2026-04-18 08:18:08 +08:00
iven	2037809196	refactor(kernel): 移除 multi-agent feature gate — 33处 cfg 全部删除 (Phase 4A) ... 8 个文件移除 #[cfg(feature = "multi-agent")]，zclaw-kernel default features 新增 multi-agent。A2A 路由、agents、adapters 现在始终编译。	2026-04-18 08:17:58 +08:00
iven	5687dc20e0	refactor(runtime): loop_runner 双路径合并 — 统一走 middleware chain (Phase 3A) ... middleware_chain 从 Option<MiddlewareChain> 改为 MiddlewareChain: - 移除 6 处 use_middleware 分支 + 2 处 legacy loop_guard inline path - 移除 loop_guard field + Mutex import + circuit_breaker_triggered 变量 - 空 chain (Default) 行为等价于 middleware path 中的 no-op - 1154行 → 1023行，净减 131 行 - cargo check --workspace ✓ | cargo test ✓ (排除 desktop 预存编译问题)	2026-04-17 21:56:10 +08:00
iven	5381e316f0	refactor(pipeline): 移除空的 zclaw-kernel 依赖 (Phase 2A) ... Pipeline 代码中无任何 zclaw_kernel 引用，依赖声明是遗留物。 移除后编译验证通过: cargo check --workspace --exclude zclaw-saas ✓	2026-04-17 20:10:21 +08:00
iven	cb9e48f11d	refactor(hands): 移除空壳 Hand — Whiteboard/Slideshow/Speech (Phase 5) ... 删除 3 个仅含 UI 占位的 Hand，清理 Rust 实现与前端引用： - Rust: whiteboard.rs(422行) + slideshow.rs(797行) + speech.rs(442行) - 前端: WhiteboardCanvas + SlideshowRenderer + speech-synth + 相关类型/常量 - 配置: 3 个 HAND.toml - 净减 ~5400 行，Hands 9→6(启用) + Quiz/Browser/Researcher/Collector/Clip/Twitter/Reminder	2026-04-17 19:55:59 +08:00
iven	f9290ea683	feat(types): 错误体系重构 — ErrorKind + error code + Serialize ... Rust (crates/zclaw-types/src/error.rs): - 新增 ErrorKind enum (17 种) + Serde Serialize/Deserialize - 新增 error_codes 模块 (稳定错误码 E4040-E5110) - ZclawError 新增 kind() / code() 方法 - 新增 ErrorDetail struct + Serialize impl - 保留所有现有变体和构造器 (零破坏性) - 新增 12 个测试: kind 映射 + code 稳定性 + JSON 序列化 TypeScript (desktop/src/lib/error-types.ts): - 新增 RustErrorKind / RustErrorDetail 类型定义 - 新增 tryParseRustError() 结构化错误解析 - 新增 classifyRustError() 按 ErrorKind 分类 - classifyError() 优先解析结构化错误，fallback 字符串匹配 - 17 种 ErrorKind → 中文标题映射 验证: cargo check ✓ | tsc ✓ | 62 zclaw-types tests ✓	2026-04-17 19:38:19 +08:00
iven	2cae822775	fix: Phase 0 阻碍项修复 — 流式事件错误处理 + CI 排除 + UI 中文化 ... BLK-2: loop_runner.rs 22 处 let _ = tx.send() 全部替换为 if let Err(e) { tracing::warn!(...) }，修复流式事件静默丢失问题 BLK-5: 50+ 英文字符串翻译为中文 - HandApprovalModal.tsx (~40处): 风险标签/按钮/状态/表单标签 - ChatArea.tsx: Thinking.../Sending... - AuditLogsPanel.tsx: 空状态文案 - HandParamsForm.tsx: 空列表提示 - CreateTriggerModal.tsx: 成功提示 - MessageSearch.tsx: 时间筛选/搜索历史 BLK-6: CI/Release workflow 添加 --exclude zclaw-saas - ci.yml: clippy/test/build 三个步骤 - release.yml: test 步骤 验证: cargo check ✓ | tsc --noEmit ✓	2026-04-17 18:12:42 +08:00
iven	90340725a4	fix(saas): admin_guard_middleware — 非 admin 用户统一返回 403 ... BUG-M4 修复: 之前非 admin 用户发送 malformed body 到 admin 端点时， Axum 先反序列化 body 返回 422，绕过了权限检查。 - 新增 admin_guard_middleware (auth/mod.rs) 在中间件层拦截 - account::admin_routes() 拆分 (dashboard 独立) - billing::admin_routes() + account::admin_routes() 加 guard layer - 非 admin 用户无论 body 是否合法，统一返回 403	2026-04-17 11:45:55 +08:00
iven	a504a40395	fix: 7 项 E2E Bug 修复 — Dashboard 404 / 记忆去重 / 记忆注入 / invoice_id / Prompt 版本 ... P0: - BUG-H1: Dashboard 路由 /api/v1/stats/dashboard → /api/v1/admin/dashboard P1: - BUG-H2: viking_add 预检查 content_hash 去重，返回 "deduped" 状态；SqliteStorage 启动时回填已有条目 content_hash - BUG-M5: saas-relay-client 发送前调用 viking_inject_prompt 注入跨会话记忆 P2: - BUG-M1: PaymentResult 添加 invoice_id 字段，query_payment_status 返回 invoice_id - BUG-M2: UpdatePromptRequest 添加内容字段，更新时自动创建新版本并递增 current_version - BUG-M3: viking_find scope 参数文档化（设计行为，调用方需传 agent scope） - BUG-M4: Dashboard 路由缺失已修复，handler 层 require_admin 已正确返回 403 P3 (确认已修复/非代码问题): - BUG-L1: pain_seed_categories 已统一，无 pain_seeds 残留 - BUG-L2: pipeline_create 参数格式正确，E2E 测试方法问题	2026-04-17 03:31:06 +08:00
iven	0d79993691	fix(saas): 3 项 P0 安全/功能修复 + TRUTH.md 数字校准 ... P0-01: Admin ApiKeys 创建功能前后端不匹配 - 前端 service 从 /keys 改回 /tokens（api_tokens 表） - 前端 UI 字段 {name, expires_days, permissions} 与旧路由匹配 P0-02: 账户锁定检查错误处理 - unwrap_or(false) 改为 map_err + SaasError 传播 - SQL 查询失败时返回错误而非静默跳过锁定检查 P0-03: Logout refresh token 撤销增强 - 新增 access token cookie fallback 提取 account_id - Tauri 桌面端 Bearer auth 场景下也能撤销 refresh token TRUTH.md 校准: Tauri 183→190, invoke 95→104, .route() 136→137, 中间件 15→14	2026-04-16 22:22:12 +08:00
iven	3c01754c40	fix(agent): 12 项 agent 对话链路全栈修复 ... 深端到端验证发现 12 个问题，6 Phase 全栈修复： Phase 5 — 快速 UX 修复: - #9: SimpleSidebar 添加新对话按钮 (SquarePen + useChatStore) - #5: 模型列表 JOIN provider_keys 过滤无 API Key 的模型 - #11: AgentOnboardingWizard 焦点领域增加 4 行业选项 (医疗健康/教育培训/金融财务/法律合规) Phase 1 — ButlerPanel 记忆修复: - #2a: MemorySection URI 从 viking://agent/.../memories/ 修正为 agent://.../ - #2b: "立即分析对话"按钮现在触发 extractAndStoreMemories Phase 2 — FTS5 中文分词: - #4: FTS5 tokenizer 从 unicode61 切换到 trigram，原生支持 CJK - 自动迁移：检测旧 unicode61 表并重建索引 - sanitize_fts_query 支持中文引号短语查询 Phase 3 — 跨会话身份持久化: - #6-8: 重新启用 USER.md 注入系统提示词 (截断前 10 行) Phase 4 — Agent 面板同步: - #1,#10: listClones 从 4 字段扩展到完整映射 (soul/userProfile 解析 nickname/emoji/userName/userRole) - updateClone 通过 identity 系统同步 nickname→SOUL.md 和 userName/userRole→USER.md Phase 6 — Agent 创建容错: - #12: createFromTemplate 增加 SaaS 不可用 fallback 验证: tsc --noEmit ✅ cargo check ✅	2026-04-16 09:21:46 +08:00
iven	b69dc6115d	fix(relay): API Key 解密失败自愈 — 启动迁移 + 容错跳过 ... 根因: select_best_key 遇到解密失败时直接 500 返回， 不会尝试下一个 key。如果 DB 中有旧的加密格式 key， 整个 relay 请求被阻断。 修复: - key_pool: 解密失败时 warn + skip 到下一个 key，不再 500 - key_pool: 新增 heal_provider_keys() 启动自愈迁移 - 逐个尝试解密所有加密 key - 解密成功 → 用当前密钥重新加密（幂等） - 解密失败 → 标记 is_active=false + warn - main.rs: 启动时调用自愈迁移（在 TOTP 迁移之后）	2026-04-16 02:40:44 +08:00
iven	043824c722	perf(runtime): nl_schedule 正则预编译 — 9个 LazyLock 静态替代每次调用编译 ... 将 parse_nl_schedule 中 9 个 Regex::new() 从函数内每次调用编译 提升为 std::sync::LazyLock<Regex> 静态变量，首次调用时编译一次， 后续调用直接复用。16 个单元测试全部通过。	2026-04-15 13:34:27 +08:00
iven	bd12bdb62b	fix(chat): 定时功能审计修复 — 消除重复解析 + ID碰撞 + 输入补全 ... 审计发现修复： - H-01: 存储 ParsedSchedule 避免重复 parse_nl_schedule 调用 - H-03: trigger ID 追加 UUID 片段防止高并发碰撞 - C-02: execute_trigger 验证错误信息明确系统 Hand 必须注册 - M-02: SchedulerService 传递 trigger_name 作为 task_description - M-01: 添加拦截路径跳过 post_hook 的设计注释	2026-04-15 10:02:49 +08:00
iven	28c892fd31	fix(chat): 聊天定时功能断链接通 — NlScheduleParser + _reminder Hand ... 接通"写了没接"的定时功能断链： - NlScheduleParser has_schedule_intent/parse_nl_schedule 接入 agent_chat_stream - 新增 _reminder 系统 Hand 作为定时触发器桥接 - TriggerManager hand_id 验证对 _ 前缀系统 Hand 放行 - 聊天消息含定时意图时自动拦截，创建触发器并返回确认消息 验证：cargo check 0 error, 49 tests passed, Tauri MCP "每天早上9点提醒我查房" → cron 0 9 * * * 确认正确显示	2026-04-15 09:45:19 +08:00
iven	ee1c9ef3ea	chore: Cargo warnings 清零 — 39→0 (仅剩 sqlx-postgres 外部依赖警告) ... - runtime: 移除未使用的 SessionId/Datelike import，修复 unused variable - intelligence: 模块级 #![allow(dead_code)] 抑制 Hermes 预留代码警告 - mcp.rs/persist.rs/nl_schedule.rs: 标注 #[allow(dead_code)] 保留接口	2026-04-15 01:53:11 +08:00
iven	be2a136392	fix(saas): relay_tasks 超时自动清理 — 每5分钟扫描 processing >10min 标记 failed ... - scheduler.rs: 新增 start_db_cleanup_tasks 中的 relay 超时清理定时任务 - status=processing 且 updated_at 超过 10 分钟的 relay_task 自动标记为 failed - 避免 Provider key 禁用后 relay_task 永久停留在 processing 状态	2026-04-15 01:41:50 +08:00
iven	76cdfd0c00	fix(saas): SSE 用量统计一致性修复 — 回写 usage_records + 消除 relay_requests 双重计数 ... - service.rs: SSE 流结束后回写 usage_records 真实 token (status=success) - service.rs: spawned task 中调用 increment_usage 统一递增 tokens + relay_requests - handlers.rs: 移除 SSE 路径的 increment_dimension("relay_requests") 消除双重计数 - 从 request_body 提取 model_id 用于 usage_records 精准归因	2026-04-15 01:40:27 +08:00
iven	9c59e6e82a	fix(saas): SSE relay token capture 修复 — stream_done 标志 + 前缀兼容 ... - SseUsageCapture 增加 stream_done 标志，[DONE] 和 stream 结束时设置 - parse_sse_line 兼容 "data:" 和 "data: " 两种前缀 - 增加 total_tokens 兜底解析（某些 provider 不返回 prompt_tokens） - 轮询逻辑优先检测 stream_done，而非依赖 total > 0 条件 - 超时时增加 warn 日志记录实际 token 值 根因: 上游 provider 不在 SSE chunk 中返回 usage 时，轮询稳定逻辑 (total > 0 条件) 永远不满足，导致 token 始终为 0。	2026-04-15 00:15:03 +08:00
iven	e0eb7173c5	fix: 三端联调 P1 修复 — API密钥页崩溃 + 桌面端401恢复 + 用量统计全零 ... P1-03: vite.config.ts proxy '/api' → '/api/' 加尾部斜杠， 防止前缀匹配 /api-keys 导致 SPA 路由崩溃 P1-01: kernel_init 增加 api_key 变更检测（token 刷新后自动重连）， streamStore 增加 401 自动恢复（refresh token → kernel reconnect）， KernelClient 新增 getConfig() 方法 P1-02: /api/v1/usage 总计改从 billing_usage_quotas 读取 （authoritative source，SSE 和 JSON 均写入）， by_model/by_day 仍从 usage_records 读取	2026-04-14 22:02:02 +08:00
iven	6721a1cc6e	fix(admin): 行业选择500修复 + 管理员切换订阅计划 ... - fix(industry): list_industries SQL参数编号错位 — count查询和items查询 共用WHERE子句但参数从$3开始，sqlx bind按$1/$2顺序绑定导致500 - feat(billing): 新增 PUT /admin/accounts/:id/subscription 端点 (super_admin) 验证目标计划 → 取消当前订阅 → 创建新订阅(30天) → 同步配额 - feat(admin-v2): Accounts.tsx 编辑弹窗新增「订阅计划」选择区 显示所有活跃计划，保存时调用admin switch plan API	2026-04-14 19:06:58 +08:00
iven	d2a0c8efc0	fix(saas): 启动崩溃修复 — config_items 约束 + industry 类型匹配 ... - db.rs: config_items INSERT ON CONFLICT (id) → (category, key_path) 匹配实际唯一约束 - db.rs: fix_seed_data category 重命名前先删除冲突行，避免唯一约束冲突 - migration/service.rs: seed_default_config_items + sync push INSERT 同步修复 ON CONFLICT - industry/types.rs: keywords_count i64→i32 匹配 PostgreSQL INT4 列类型 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-14 18:35:24 +08:00
iven	dd854479eb	fix: 三端联调测试 2 P1 + 2 P2 + 4 P3 修复 ... P1-07: billing get_or_create_usage 同步 max_* 列到当前计划限额 P1-08: relay handler 增加直接配额检查 (relay_requests/input/output_tokens) P2-09: relay failover 成功后记录 tokens 并标记 completed P2-10: Tauri agentStore saas-relay 模式下从 SaaS API 获取真实用量 P2-14: super_admin 合成 subscription + check_quota 放行 P3-19: 新建 ApiKeys.tsx 页面替代 ModelServices 路由 P3-15: antd destroyOnClose → destroyOnHidden (3处) P3-16: ProTable onSearch → onSubmit (2处)	2026-04-14 17:48:22 +08:00
iven	4c3136890b	fix: 三端联调测试 2 P0 + 6 P1 + 2 P2 修复 ... P0-1: SaaS relay 模型别名解析 — "glm-4-flash" → "glm-4-flash-250414" (resolve_model) P0-2: config.rs interpolate_env_vars UTF-8 修复 (chars 迭代器替代 bytes as char) + DB 启动编码检查 + docker-compose UTF-8 编码参数 P1-3: UI 模型选择器覆盖 Agent 默认模型 (model_override 全链路: TS→Tauri→Rust kernel) P1-6: 知识搜索管道修复 — seed_knowledge 创建 chunks + 默认分类 (seed/uploaded/distillation) P1-7: 用量限额从当前 Plan 读取 (非 stale usage 表) P1-8: relay 双维度配额检查 (relay_requests + input_tokens) P2-9: SSE 路径 token 计数修复 — 流结束检测替代固定 500ms sleep + billing increment	2026-04-14 00:17:08 +08:00
iven	c167ea4ea5	fix(v13): V13 审计 6 项修复 — TrajectoryRecorder注册 + industryStore接入 + 知识搜索 + webhook标注 + structured UI + persistent注释 ... FIX-01: TrajectoryRecorderMiddleware 注册到 create_middleware_chain() (@650优先级) FIX-02: industryStore 接入 ButlerPanel 行业专长展示 + 自动拉取 FIX-03: 桌面端知识库搜索 saas-knowledge mixin + VikingPanel SaaS KB UI FIX-04: webhook 迁移标注 deprecated + 添加 down migration 注释 FIX-05: Admin Knowledge 添加结构化数据 Tab (CRUD + 行浏览) FIX-06: PersistentMemoryStore 精化 dead_code 标注 (完整迁移留后续) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 01:34:08 +08:00
iven	0b512a3d85	fix(industry): 三轮审计修复 — 3 HIGH + 4 MEDIUM 清零 ... H1: status 值不匹配 disabled→inactive + source 补 admin 映射 + valueEnum H2: experience.rs format_for_injection 添加 xml_escape H3: TriggerContext industry_keywords 接通全局缓存 M2: ID 自动生成移除中文字符保留 + 无 ASCII 时提示手动输入 M3: TS CreateIndustryRequest 添加 id? 字段 M4: ListIndustriesQuery 添加 deny_unknown_fields	2026-04-12 21:04:00 +08:00
iven	640df9937f	feat(knowledge): Phase D 统一搜索 + 种子知识冷启动 ... - search/recommend API 返回 UnifiedSearchResult (文档+结构化双通道) - POST /api/v1/knowledge/seed 种子知识冷启动 (幂等, admin权限) - seed_knowledge service: 按标题+行业查重, source=distillation - SearchRequest 扩展: search_structured/search_documents/industry_id	2026-04-12 20:46:43 +08:00
iven	f8c5a76ce6	fix(industry): 审计收尾 — MEDIUM + LOW 全部清零 ... M-1: Industries 创建弹窗添加 cold_start_template + pain_seed_categories M-3: industryStore console.warn → createLogger 结构化日志 B2: classify_with_industries 平局打破 + 归一化因子 3.0 文档化 S3: set_account_industries 验证移入事务内消除 TOCTOU T1: 4 个 SaaS 请求类型添加 deny_unknown_fields I3: store_trigger_experience Debug 格式 → signal_name 描述名 L-1: 删除 Accounts.tsx 死代码 editingIndustries L-3: Industries.tsx filters 类型补全 source 字段	2026-04-12 20:37:48 +08:00
iven	76f6011e0f	fix(industry): 二次审计修复 — 2 CRITICAL + 4 HIGH + 2 MEDIUM ... C-1: Industries.tsx 创建弹窗缺少 id 字段 → 添加 id 输入框 + 自动生成 C-2: Accounts.tsx handleSave 无 try/catch → 包装 + handleClose 统一关闭 V1: viking_commands Mutex 跨 await → 先 clone Arc 再释放 Mutex I1: intelligence_hooks 误导性"相关度" → 移除 access_count 伪分数 I2: pain point 摘要未 XML 转义 → xml_escape() 处理 S1: industry status 无枚举验证 → active/inactive 白名单 S2: create_industry id 无格式验证 → 正则 + 长度检查 H-3: Industries.tsx 编辑模态数据竞争 → data.id === industryId 守卫 H-4: Accounts.tsx useEffect 覆盖用户编辑 → editingId 守卫	2026-04-12 20:13:41 +08:00
iven	60062a8097	feat(knowledge): Phase B+C 文档提取器 + multipart 文件上传 ... - PDF 提取 (pdf-extract) + DOCX 提取 (zip+quick-xml) + Excel 解析 (calamine) - 统一格式路由 detect_format() → RAG 通道或结构化通道 - POST /api/v1/knowledge/upload multipart 文件上传 - PDF/DOCX/Markdown → RAG 管线，Excel → structured_rows JSONB - 结构化数据源 CRUD API (GET/DELETE /api/v1/structured/sources) - POST /api/v1/structured/query JSONB 关键词查询 - 修复 industry/service.rs SaasError::Database 类型不匹配	2026-04-12 19:25:24 +08:00
iven	fbc8c9fdde	fix(industry): 审计修复 — 4 CRITICAL + 5 HIGH 全部解决 ... C1: SaaS industry/service.rs SQL 注入风险 → 参数化查询 ($N 绑定) C2: INDUSTRY_CONFIGS 死链 → Kernel 共享 Arc 接通 ButlerRouter C3: IndustryListItem 缺 keywords_count → SQL 查询 + 类型补全 C4: set_account_industries 非事务性 → batch 验证 + 事务 DELETE+INSERT H8: Accounts.tsx mutate 竞态 → mutateAsync 顺序等待 H9: XML 注入未转义 → xml_escape() 辅助函数 H10: update_industry 覆盖 source → 保留原始值 H11: 面包屑缺少 /industries → 添加行业配置映射	2026-04-12 19:06:19 +08:00
iven	c3593d3438	feat(knowledge): Phase A 知识库可见性隔离 + 结构化数据源 + 蒸馏Worker ... - knowledge_items 增加 visibility(public/private) + account_id 字段 - 新建 structured_sources + structured_rows 表 (Excel JSONB 行级存储) - 结构化数据源 CRUD API (5 路由: list/get/rows/delete/query) - 安全查询: JSONB GIN 索引 + 可见性过滤 + 行数限制 - 蒸馏 Worker: 复用 Provider Key Pool 调 DeepSeek/Qwen API - L0 质量过滤: 长度/隐私检测 - create_item 增加 is_admin 参数控制可见性默认值 - generate_embedding: extract_keywords_from_text 改为 pub 复用 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-12 18:36:05 +08:00
iven	b357916d97	feat(intelligence): Phase 5 主动行为激活 — 注入格式 + 跨会话连续性 + 触发持久化 ... Task 5.1+5.4: ButlerRouter/experience 注入格式升级为 <butler-context> XML fencing - butler_router: [路由上下文] → <butler-context><routing>...</routing></butler-context> - experience: [过往经验] → <butler-context><experience>...</experience></butler-context> - 统一 system-note 提示，引导 LLM 自然运用上下文 Task 5.2: 跨会话连续性 — pre_conversation_hook 注入活跃痛点 + 相关经验 - 从 VikingStorage 检索相关记忆(相似度>=0.3) - 从 pain_aggregator 获取 High severity 痛点(top 3) Task 5.3: 触发信号持久化 — post_conversation_hook 将触发信号存入 VikingStorage - store_trigger_experience(): 模板提取，零 LLM 成本 - 为未来 LLM 深度反思积累数据基础	2026-04-12 18:31:37 +08:00
iven	29fbfbec59	feat(intelligence): Phase 2 学习循环基础 — 触发信号 + 经验行业维度 ... - 新增 triggers.rs: 5 种触发信号（痛点确认/正反馈/复杂工具链/用户纠正/行业模式） - ExperienceStore 增加 industry_context + source_trigger 字段 - experience.rs format_for_injection 支持行业标签 - intelligence_hooks.rs 集成触发信号评估 - 17 个测试全通过 (7 trigger + 10 experience)	2026-04-12 15:52:29 +08:00
iven	5d1050bf6f	feat(industry): Phase 1 行业配置基础 — 数据模型 + 四行业内置配置 + ButlerRouter 动态关键词 ... - 新增 SaaS industry 模块 (types/service/handlers/mod/builtin) - 4 行业内置配置: healthcare/education/garment/ecommerce - 数据库迁移: industries + account_industries 表 - 8 个 API 端点 (CRUD + 用户行业关联) - ButlerRouter 改造: 支持 IndustryKeywordConfig 动态注入 - 12 个测试全通过 (含动态行业分类测试)	2026-04-12 15:42:35 +08:00
iven	5599cefc41	feat(saas): 接通 embedding 模型管理全栈 ... 数据库 migration 已有 is_embedding/model_type 列但全栈未使用。 打通 4 层: ModelRow → ModelInfo/CRUD → CachedModel → Admin 前端。 relay/models 端点也返回 is_embedding 字段，前端可按类型过滤。	2026-04-12 08:10:50 +08:00
iven	9e0aa496cd	fix(runtime): 修复 Skill/MCP 调用链路3个断点 ... 1. Anthropic Driver ToolResult 格式修复 — ContentBlock 添加 ToolResult 变体, tool_call_id 不再被丢弃, 按 Anthropic API 规范发送 tool_result 格式 2. 前端 callMcpTool 参数名对齐 — serviceName/toolName/args 改为 service_name/tool_name/arguments, 后端支持 service_name 精确路由 3. MCP 工具桥接到 ToolRegistry — McpToolAdapter 添加 service_name/clone, 新建 McpToolWrapper 实现 Tool trait, Kernel 添加 mcp_adapters 共享状态, McpManagerState 与 Kernel 共享同一 Arc<RwLock<Vec>>, MCP 服务启停时 自动同步工具列表到 LLM 可见的 ToolRegistry	2026-04-11 16:20:38 +08:00
iven	d50d1ab882	feat(kernel): agent_get 返回值扩展 UserProfile 字段 ... - AgentInfo 增加 user_profile: Option<Value> (serde default) - SqliteStorage 增加 pool() getter - agent_get 命令查询 UserProfileStore 填充 user_profile - 前端 AgentInfo 类型同步更新 复用已有 UserProfileStore，不新增 Tauri 命令。	2026-04-11 12:51:27 +08:00
iven	25a4d4e9d5	fix(saas): 新用户 llm_routing 默认改为 relay 使 SaaS token pool 成为主路径 ... - handlers.rs: SQL INSERT 和 LoginResponse 中 'local' → 'relay' - 新增 migration: ALTER llm_routing SET DEFAULT 'relay' - 符合管家式服务理念：用户无需配置 API Key，SaaS 自动中转	2026-04-11 02:05:27 +08:00
iven	1e675947d5	feat(butler): upgrade ButlerRouter to semantic skill routing ... Replace keyword-only ButlerRouter with SemanticSkillRouter (TF-IDF). 75 skills now participate in intent classification instead of 4 hardcoded domains. - Expose ButlerRouterBackend trait + RoutingHint as pub - Add with_router() constructor for injecting custom backends - Add SemanticRouterAdapter in kernel layer (bridges skills ↔ runtime) - Enhance context injection with skill-level match info	2026-04-10 21:24:30 +08:00
iven	88cac9557b	fix(saas): P0-2/P0-3 — usage endpoint + refresh token type mismatch ... P0-2: GET /usage 500 "text >= timestamptz" — usage_records.created_at is TEXT in actual DB despite migration declaring TIMESTAMPTZ. Fixed by using dynamic SQL with ::timestamptz explicit casts for all date comparisons, avoiding sqlx NULL-without-type-OID binding issues. P0-3: POST /auth/refresh 500 — refresh_tokens.expires_at/used_at are TEXT columns. Added ::timestamptz cast to SQL queries in auth handlers and cleanup worker.	2026-04-10 16:25:52 +08:00
iven	b0e6654944	fix: P0-01/P1-01/P1-03 — account lockout, token revocation, optional display_name ... - P0-01: Account lockout now enforced via SQL-level comparison (locked_until > NOW()) instead of broken RFC3339 text parsing - P1-01: Logout handler accepts JSON body with optional refresh_token, revokes ALL refresh tokens for the account (not just current) - P1-03: Provider display_name is now optional, falls back to name All 6 smoke tests pass (S1-S6).	2026-04-10 12:13:53 +08:00
iven	99262efca4	test: execute 30 smoke tests + fix P0 CSS break + BREAKS.md report ... Layer 1 break detection results (21/30 pass, 63%): - SaaS API: 5/5 pass (S3 skip no LLM key) - Admin V2: 5/6 pass (A6 flaky auth guard) - Desktop Chat: 3/6 pass (D1 no chat response in browser; D2/D3 skip non-Tauri) - Desktop Feature: 6/6 pass - Cross-System: 2/6 pass (4 blocked by login rate limit 429) Bugs found: - P0-01: Account lockout not enforced (locked_until set but not checked) - P1-01: Refresh token still valid after logout - P1-02: Desktop browser chat no response (stores not exposed) - P1-03: Provider API requires display_name (undocumented) Fixes applied: - desktop/src/index.css: @import -> @plugin for Tailwind v4 compatibility - Admin tests: correct credentials admin/admin123 from .env - Cross tests: correct dashboard endpoint /stats/dashboard	2026-04-10 11:26:13 +08:00
iven	2e70e1a3f8	test: add 30 smoke tests for break detection across SaaS/Admin/Desktop ... Layer 1 断裂探测矩阵: - S1-S6: SaaS API 端到端 (auth/lockout/relay/permissions/billing/knowledge) - A1-A6: Admin V2 连通性 (login/dashboard/CRUD/knowledge/roles/models) - D1-D6: Desktop 聊天流 (gateway/kernel/relay/cancel/offline/error) - F1-F6: Desktop 功能闭环 (agent/hands/pipeline/memory/butler/skills) - X1-X6: 跨系统闭环 (provider→desktop/disabled user/knowledge/stats/totp/billing) Also adds: admin-v2 Playwright config, updated spec doc with cross-reference Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-10 09:47:35 +08:00
iven	ffa137eff6	test(saas): add 8 model config extended tests — encryption, groups, quota ... - API Key encryption at rest: verify enc: prefix in DB for provider keys and main provider api_key - Key pool: toggle active/inactive + delete with DB state verification - Model Groups: full CRUD lifecycle + cascade delete + user permission - Quota enforcement: relay_requests exhaustion verified at DB level (middleware test infra issue noted — DB state confirmed correct) - Provider disable: model hidden from relay/models list after disable	2026-04-10 09:20:06 +08:00
iven	c37c7218c2	test(saas): add 36 security/validation/permission tests (184 total, 0 failures) ... New test files: - auth_security_test.rs (12): account lockout DB state, lockout reset, password version invalidation, disabled account, refresh token revocation, boundary validation (username/password), role enforcement, TOTP 2FA flow - account_security_test.rs (9): role management, privilege escalation prevention, account disable/enable, cross-account access control, operation logs - relay_validation_test.rs (8): input validation (missing fields, empty messages, invalid roles), disabled provider, model listing, task isolation - permission_matrix_test.rs (7): super_admin full access, user allowed/ forbidden endpoints, public endpoints, unauthenticated rejection, API token lifecycle Discovered: account lockout runtime check broken — handlers.rs:213 parse_from_rfc3339 fails on PostgreSQL TIMESTAMPTZ::TEXT format, silently skipping lockout. DB state is correct but login not rejected.	2026-04-10 08:11:02 +08:00
iven	ba586e5aa7	fix: BUG-009/010/011 — DataMasking, cancel button, SQL casts ... BUG-009 (P1): Add frontend DataMasking in saas-relay-client.ts - Masks ID cards, phones, emails, money, company names before relay - Unmasks tokens in AI response so user sees original data - Mirrors Rust DataMasking middleware patterns BUG-010 (P3): Send button transforms to Stop during streaming - Shows square icon when isStreaming, calls cancelStream() - Normal arrow icon when idle, calls handleSend() BUG-011 (P2): Add ::timestamptz casts for old TEXT timestamp columns - account/handlers.rs: dashboard stats query - telemetry/service.rs: reported_at comparisons - workers/aggregate_usage.rs: usage aggregation query	2026-04-09 23:45:19 +08:00
iven	bf728c34f3	fix: saasStore require() bug + health check pool formula + DEV error details ... - saasStore.ts: replace require('./chat/conversationStore') with await import() to fix ReferenceError in Vite ESM environment (P1) - main.rs: fix health check pool usage formula from max_connections - num_idle to pool.size() - num_idle, preventing false "degraded" status (P1) - error.rs: show detailed error messages in ZCLAW_SAAS_DEV=true mode - Update bug tracker with BUG-003 through BUG-007	2026-04-09 22:23:05 +08:00
iven	bd6cf8e05f	fix(saas): add ::bigint cast to all SUM() aggregates for PG NUMERIC compat ... PostgreSQL SUM() on bigint returns NUMERIC, causing sqlx decode errors when Rust expects i64/Option<i64>. Root cause: key_pool.rs select_best_key() token_count SUM was missing ::bigint, causing DATABASE_ERROR on every relay request. Fixed in 4 files: - relay/key_pool.rs: SUM(token_count) — root cause of relay failure - relay/service.rs: SUM(remaining_rpm) in sort_candidates_by_quota - account/handlers.rs: SUM(input/output_tokens) in dashboard stats - workers/aggregate_usage.rs: SUM(input/output_tokens) in aggregation	2026-04-09 22:16:27 +08:00
iven	a081a97678	fix(relay): audit fixes — abort signal, model selector guard, SSE CRLF, SQL format ... Addresses findings from deep code audit: H-1: Pass abortController.signal to saasClient.chatCompletion() so user-cancelled streams actually abort the HTTP connection (was only stopping the read loop, leaving server-side SSE connection open). H-2: ModelSelector now shows only when (!isTauriRuntime() || isLoggedIn). Prevents decorative model list in Tauri local kernel mode where model selection has no effect (violates CLAUDE.md §5.2). M-1: Normalize CRLF to LF before SSE event boundary parsing (\n\n). Prevents buffer overflow when behind nginx/CDN with CRLF line endings. M-2: SQL window_minute comparison uses to_char(NOW()-interval, format) instead of (NOW()-interval)::TEXT, matching the stored format exactly. M-3: sort_candidates_by_quota uses same sliding 60s window as select_best_key. LOW: Fix misleading invalidate_cache doc comment.	2026-04-09 19:51:34 +08:00