15 Commits

Author	SHA1	Message	Date
iven	d50d1ab882	feat(kernel): agent_get 返回值扩展 UserProfile 字段 ... - AgentInfo 增加 user_profile: Option<Value> (serde default) - SqliteStorage 增加 pool() getter - agent_get 命令查询 UserProfileStore 填充 user_profile - 前端 AgentInfo 类型同步更新 复用已有 UserProfileStore，不新增 Tauri 命令。	2026-04-11 12:51:27 +08:00
iven	02c69bb3cf	fix: subagent unique ID matching + AgentState serialization + pre-existing TS errors ... - S-3: Thread task_id (UUID) through all 6 layers (LoopEvent → StreamChatEvent → kernel-types → gateway-client → streamStore) so subtasks are matched by ID, not description string - AgentState: Add #[serde(rename_all = "lowercase")] to fix PascalCase serialization ("Running" → "running"), update frontend matcher - S-1: Remove unused onClose prop from ArtifactPanel + ChatArea call site - Fix hooks/index.ts: remove orphaned useAutomationEvents re-exports (module deleted) - Fix types/index.ts: remove orphaned automation type/value re-exports (module deleted) - Fix ChatArea.tsx: framer-motion 12 + React 19 type compat — use createElement + explicit any return type to avoid unknown-in-JSX-child error Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-06 22:30:16 +08:00
iven	bcaab50c56	fix(desktop): resolve all remaining P1 defects (P1-02/05/06, P1-01 experimental) ... - P1-02: Heartbeat auto-initialized in kernel_init for default agent - P1-05: CloneManager shows warning when deleting active agent + auto-switch - P1-06: AgentInfo returns soul/system_prompt/temperature/max_tokens - P1-01: Browser Hand marked experimental (requires Fantoccini bridge) - Updated DEFECT_LIST.md: all P1 resolved (0 active) - Updated RELEASE_READINESS.md: all P1 sections reflect current status	2026-04-05 21:21:33 +08:00
iven	1fec8cfbc1	fix(arch): unify TS/Rust types + classroom persistence registration + approval audit ... - M11-03: Register ClassroomPersistence via Tauri .setup() hook with in-memory fallback. Previously missing — classroom commands would crash at runtime. - M3-02: Document BrowserHand as schema validator + TypeScript delegation passthrough (dual-path architecture explicitly documented). - M4-04: Add defense-in-depth audit logging in execute_hand() and execute_hand_with_source() when needs_approval hands bypass approval gate. - TYPE-01: Add #[serde(rename_all = "camelCase")] to Rust AgentInfo. Add missing fields to TS AgentInfo (messageCount, createdAt, updatedAt). Fix KernelStatus TS interface to match Rust KernelStatusResponse (baseUrl/model instead of defaultProvider/defaultModel). - SEC2-P1-01: Document EXTRACTION_DRIVER OnceCell as legacy path; Kernel struct field is the active path. - TriggerSource: Add #[derive(PartialEq)] for approval audit comparisons.	2026-04-04 21:09:02 +08:00
iven	52bdafa633	refactor(crates): kernel/generation module split + DeerFlow optimizations + middleware + dead code cleanup ... - Split zclaw-kernel/kernel.rs (1486 lines) into 9 domain modules - Split zclaw-kernel/generation.rs (1080 lines) into 3 modules - Add DeerFlow-inspired middleware: DanglingTool, SubagentLimit, ToolError, ToolOutputGuard - Add PromptBuilder for structured system prompt assembly - Add FactStore (zclaw-memory) for persistent fact extraction - Add task builtin tool for agent task management - Driver improvements: Anthropic/OpenAI extended thinking, Gemini safety settings - Replace let _ = with proper log::warn! across SaaS handlers - Remove unused dependency (url) from zclaw-hands	2026-04-03 00:28:03 +08:00
iven	eb956d0dce	feat: 新增管理后台前端项目及安全加固 ... refactor(saas): 重构认证中间件与限流策略 - 登录限流调整为5次/分钟/IP - 注册限流调整为3次/小时/IP - GET请求不计入限流 fix(saas): 修复调度器时间戳处理 - 使用NOW()替代文本时间戳 - 兼容TEXT和TIMESTAMPTZ列类型 feat(saas): 实现环境变量插值 - 支持${ENV_VAR}语法解析 - 数据库密码支持环境变量注入 chore: 新增前端管理界面 - 基于React+Ant Design Pro - 包含路由守卫/错误边界 - 对接58个API端点 docs: 更新安全加固文档 - 新增密钥管理规范 - 记录P0安全项审计结果 - 补充TLS终止说明 test: 完善配置解析单元测试 - 新增环境变量插值测试用例	2026-03-31 00:11:33 +08:00
iven	813b49a986	feat: P0 KernelClient功能修复 + P1/P2/P3质量改进 ... P0 KernelClient 功能断裂修复: - Skill CUD: registry.rs create/update/delete + serialize_skill_md + kernel proxy - Workflow CUD: pipeline_commands.rs create/update/delete + serde_yaml依赖 - Agent更新: registry update方法 + AgentConfigUpdated事件 + agent_update命令 - Hand流式事件: HandStart/HandEnd变体替换ToolStart/ToolEnd - 后端验证: hand_get/hand_run_status/hand_run_list确认实现完整 - Approval闭环: respond_to_approval后台spawn+5分钟超时轮询 P2/P3 质量改进: - Browser WebDriver: TCP探测ChromeDriver/GeckoDriver/Edge端口替换硬编码true - api-fallbacks: 移除假技能和16个捏造安全层，替换为真实能力映射 - dead_code清理: 移除5个模块级#![allow(dead_code)]，删除3个真正死方法， 删除未注册的compactor_compact_llm命令，warnings从8降到3 - 所有变更通过cargo check + tsc --noEmit验证	2026-03-30 10:55:08 +08:00
iven	5fdf96c3f5	chore: 提交所有工作进度 — SaaS 后端增强、Admin UI、桌面端集成 ... 包含大量 SaaS 平台改进、Admin 管理后台更新、桌面端集成完善、 文档同步、测试文件重构等内容。为 QA 测试准备干净工作树。	2026-03-29 10:46:41 +08:00
iven	bf6d81f9c6	refactor: 清理未使用代码并添加未来功能标记 ... style: 统一代码格式和注释风格 docs: 更新多个功能文档的完整度和状态 feat(runtime): 添加路径验证工具支持 fix(pipeline): 改进条件判断和变量解析逻辑 test(types): 为ID类型添加全面测试用例 chore: 更新依赖项和Cargo.lock文件 perf(mcp): 优化MCP协议传输和错误处理	2026-03-25 21:55:12 +08:00
iven	1441f98c5e	feat(hands): implement 4 new Hands and fix BrowserHand registration ... - Add ResearcherHand: DuckDuckGo search, web fetch, report generation - Add CollectorHand: data collection, aggregation, multiple output formats - Add ClipHand: video processing (trim, convert, thumbnail, concat) - Add TwitterHand: Twitter/X automation (tweet, retweet, like, search) - Fix BrowserHand not registered in Kernel (critical bug) - Add HandError variant to ZclawError enum - Update documentation: 9/11 Hands implemented (82%) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 13:22:44 +08:00
iven	3ff08faa56	release(v0.2.0): streaming, MCP protocol, Browser Hand, security enhancements ... ## Major Features ### Streaming Response System - Implement LlmDriver trait with `stream()` method returning async Stream - Add SSE parsing for Anthropic and OpenAI API streaming - Integrate Tauri event system for frontend streaming (`stream:chunk` events) - Add StreamChunk types: Delta, ToolStart, ToolEnd, Complete, Error ### MCP Protocol Implementation - Add MCP JSON-RPC 2.0 types (mcp_types.rs) - Implement stdio-based MCP transport (mcp_transport.rs) - Support tool discovery, execution, and resource operations ### Browser Hand Implementation - Complete browser automation with Playwright-style actions - Support Navigate, Click, Type, Scrape, Screenshot, Wait actions - Add educational Hands: Whiteboard, Slideshow, Speech, Quiz ### Security Enhancements - Implement command whitelist/blacklist for shell_exec tool - Add SSRF protection with private IP blocking - Create security.toml configuration file ## Test Improvements - Fix test import paths (security-utils, setup) - Fix vi.mock hoisting issues with vi.hoisted() - Update test expectations for validateUrl and sanitizeFilename - Add getUnsupportedLocalGatewayStatus mock ## Documentation Updates - Update architecture documentation - Improve configuration reference - Add quick-start guide updates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 03:24:24 +08:00
iven	e49ba4460b	feat(security): add security configuration and tool validation ... Security Configuration: - config/security.toml with shell_exec, file_read, file_write, web_fetch, browser, and mcp settings - Command whitelist/blacklist for shell execution - Path restrictions for file operations - SSRF protection for web fetch Tool Security Implementation: - ShellSecurityConfig with whitelist/blacklist validation - ShellExecTool with actual command execution - Timeout and output size limits - Security checks before command execution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 03:10:32 +08:00
iven	5a35243fd2	feat(protocols): implement MCP JSON-RPC transport layer ... Add complete MCP protocol implementation: - mcp_types.rs: JSON-RPC types, initialize, tools, resources, prompts - mcp_transport.rs: Stdio-based transport with split mutexes for stdin/stdout - McpServerConfig builders for npx/node/python MCP servers - Full McpClient trait implementation for tools/resources/prompts - Add McpError variant to ZclawError Transport supports: - Starting MCP server processes via Command - JSON-RPC 2.0 request/response over stdio - Length-prefixed message framing - Tool listing and invocation - Resource listing and reading - Prompt listing and retrieval Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 02:00:10 +08:00
iven	58cd24f85b	feat: add internal ZCLAW kernel crates to git tracking	2026-03-22 09:26:36 +08:00
iven	7abfca9d5c	feat(kernel): add internal ZCLAW kernel integration with Tauri ... Phase 1-3 of independence architecture: - zclaw-types: Add ToolDefinition, ToolResult, KernelConfig, ModelConfig - zclaw-kernel: Fix AgentInfo provider field, export config module - desktop: Add kernel_commands for internal kernel access - Add AgentId FromStr implementation for parsing New Tauri commands: - kernel_init, kernel_status, kernel_shutdown - agent_create, agent_list, agent_get, agent_delete - agent_chat Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-22 08:37:20 +08:00