23 Commits

Author	SHA1	Message	Date
iven	c167ea4ea5	fix(v13): V13 审计 6 项修复 — TrajectoryRecorder注册 + industryStore接入 + 知识搜索 + webhook标注 + structured UI + persistent注释 ... FIX-01: TrajectoryRecorderMiddleware 注册到 create_middleware_chain() (@650优先级) FIX-02: industryStore 接入 ButlerPanel 行业专长展示 + 自动拉取 FIX-03: 桌面端知识库搜索 saas-knowledge mixin + VikingPanel SaaS KB UI FIX-04: webhook 迁移标注 deprecated + 添加 down migration 注释 FIX-05: Admin Knowledge 添加结构化数据 Tab (CRUD + 行浏览) FIX-06: PersistentMemoryStore 精化 dead_code 标注 (完整迁移留后续) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 01:34:08 +08:00
iven	c3593d3438	feat(knowledge): Phase A 知识库可见性隔离 + 结构化数据源 + 蒸馏Worker ... - knowledge_items 增加 visibility(public/private) + account_id 字段 - 新建 structured_sources + structured_rows 表 (Excel JSONB 行级存储) - 结构化数据源 CRUD API (5 路由: list/get/rows/delete/query) - 安全查询: JSONB GIN 索引 + 可见性过滤 + 行数限制 - 蒸馏 Worker: 复用 Provider Key Pool 调 DeepSeek/Qwen API - L0 质量过滤: 长度/隐私检测 - create_item 增加 is_admin 参数控制可见性默认值 - generate_embedding: extract_keywords_from_text 改为 pub 复用 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-12 18:36:05 +08:00
iven	5d1050bf6f	feat(industry): Phase 1 行业配置基础 — 数据模型 + 四行业内置配置 + ButlerRouter 动态关键词 ... - 新增 SaaS industry 模块 (types/service/handlers/mod/builtin) - 4 行业内置配置: healthcare/education/garment/ecommerce - 数据库迁移: industries + account_industries 表 - 8 个 API 端点 (CRUD + 用户行业关联) - ButlerRouter 改造: 支持 IndustryKeywordConfig 动态注入 - 12 个测试全通过 (含动态行业分类测试)	2026-04-12 15:42:35 +08:00
iven	25a4d4e9d5	fix(saas): 新用户 llm_routing 默认改为 relay 使 SaaS token pool 成为主路径 ... - handlers.rs: SQL INSERT 和 LoginResponse 中 'local' → 'relay' - 新增 migration: ALTER llm_routing SET DEFAULT 'relay' - 符合管家式服务理念：用户无需配置 API Key，SaaS 自动中转	2026-04-11 02:05:27 +08:00
iven	de36bb0724	fix(saas): migration idempotency fixes + SCHEMA_VERSION bump to 14 ... - Add IF NOT EXISTS to accounts_template_assignment ALTER COLUMN - Add IF NOT EXISTS to webhooks CREATE INDEX statements - Add created_at/updated_at columns + ON CONFLICT DO NOTHING to industry templates - Bump SCHEMA_VERSION 13→14 to force migration re-run on existing DB	2026-04-05 08:19:10 +08:00
iven	745c2fd754	feat(saas): add down migrations for all incremental schema changes (AUD3-DB-01) ... - 16 down SQL files in migrations/down/ for each incremental migration - db::run_down_migrations() executes rollback files in reverse order - migrate_down CLI task: task=migrate_down timestamp=20260402 - Initial schema and seed data excluded (would be destructive)	2026-04-05 01:35:33 +08:00
iven	894c0d7b15	feat(desktop): pipeline result preview + industry templates + onboarding auto-trigger ... Sprint 2: 产品体验打磨 + 行业模板 - Create PipelineResultPreview component with tab-based output switching - Connect workflow/hand messages to PresentationContainer in ChatArea - Add auto-trigger first Hand after onboarding (industry-specific queries) - Seed 3 industry agent templates (education, healthcare, design-shantou) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-04 10:48:47 +08:00
iven	be0a78a523	feat(saas): add model groups for cross-provider failover ... Model Groups provide logical model names that map to multiple physical models across providers, with automatic failover when one provider's key pool is exhausted. Backend: - New model_groups + model_group_members tables with FK constraints - Full CRUD API (7 endpoints) with admin-only write permissions - Cache layer: DashMap-backed CachedModelGroup with load_from_db - Relay integration: ModelResolution enum for Direct/Group routing - Cross-provider failover: sort_candidates_by_quota + OnceLock cache - Relay failure path: record failure usage + relay_dequeue (fixes queue counter leak that caused connection pool exhaustion) - add_group_member: validate model_id exists before insert Frontend: - saas-relay-client: accept getModel() callback for dynamic model selection - connectionStore: prefer conversationStore.currentModel over first available Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-04 09:56:21 +08:00
iven	5eeabd1f30	feat(saas): add webhook event notification system (@unplugged) ... Webhook infrastructure for external event notifications: - SQL migration: webhook_subscriptions + webhook_deliveries tables - Types: CreateWebhookRequest, UpdateWebhookRequest, WebhookDelivery - Service: CRUD operations + trigger_webhooks + HMAC-SHA256 signing - Handlers: REST API endpoints (CRUD + delivery logs) - Worker: WebhookDeliveryWorker with exponential retry (max 3) NOT YET INTEGRATED: needs mod registration in lib.rs + workers/mod.rs, hmac crate dependency, and route mounting. Code is ready for future integration after stabilization phase completes.	2026-04-03 23:01:49 +08:00
iven	1048901665	fix(saas): industry template audit fixes + pgvector optional + relay timeout ... - Fix seed template tools to match actual runtime tool names (file_read/file_write/shell_exec/web_fetch) - Persist system_prompt/temperature/max_tokens via identity system in agentStore.createFromTemplate() - Fire-and-forget assignTemplate() in AgentOnboardingWizard - Fix saas-relay-client unused variable warning - Make pgvector extension optional in knowledge_base migration - Increase StreamBridge timeout from 30s to 90s for thinking models	2026-04-03 15:10:13 +08:00
iven	ea00c32c08	feat(saas): industry agent template assignment system ... Phase 1-8 of industry-agent-delivery plan: - DB migration: accounts.assigned_template_id (ON DELETE SET NULL) - SaaS API: 4 new endpoints (assign/get/unassign/create-agent) - Service layer: assign_template_to_account, get_assigned_template, unassign_template, create_agent_from_template) - Types: AssignTemplateRequest, AgentConfigFromTemplate (capabilities merged into tools) - Frontend SaaS Client: assignTemplate, getAssignedTemplate, unassignTemplate, createAgentFromTemplate - saasStore: assignedTemplate state + login auto-fetch + actions - saas-relay-client: fix unused import and saasUrl reference error - connectionStore: fix relayModel undefined error - capabilities default to glm-4-flash - Route registration: new template assignment routes Cospec and handlers consolidated Build: cargo check --workspace PASS, tsc --noEmit Pass	2026-04-03 13:31:58 +08:00
iven	28299807b6	fix(desktop): DeerFlow UI — ChatArea refactor + ai-elements + dead CSS cleanup ... ChatArea retry button uses setInput instead of direct sendToGateway, fix bootstrap spinner stuck for non-logged-in users, remove dead CSS (aurora-title/sidebar-open/quick-action-chips), add ai components (ReasoningBlock/StreamingText/ChatMode/ModelSelector/TaskProgress), add ClassroomPlayer + ResizableChatLayout + artifact panel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 19:24:44 +08:00
iven	7e4b787d5c	fix(knowledge): deep audit — 18 bugs fixed across backend + frontend ... CRITICAL: - Migration permission seed WHERE name → WHERE id (matched 0 rows, all KB APIs broken) HIGH: - analytics_quality SQL alias + missing comma fix - search() duplicate else block compile error - chunk_content duplicate var declarations + type mismatch - SQL invalid escape sequences - delete_category missing rows_affected check MEDIUM: - analytics_overview hit_rate vs positive_feedback_rate separation - analytics_quality GROUP BY kc.id,kc.name (same-name category merge) - update_category handler trim + empty name validation - update_item duplicate VALID_STATUSES inside transaction - page_size max(1) lower bound in list handlers - batch_create title/content/length validation - embedding dispatch silent error → tracing::warn - Version modal close clears detailItem state - Search empty state distinguishes not-searched vs no-results - Create modal cancel resets form	2026-04-02 19:07:42 +08:00
iven	ef60f9a183	feat(saas): add knowledge base module — categories, items, versions, search, analytics ... - 5 knowledge tables (categories, items, chunks, versions, usage) with pgvector + HNSW + GIN indexes - 23+ API routes covering full CRUD, tree-structured categories, version snapshots - Keyword-based search with ILIKE + array match (placeholder for vector search) - Analytics endpoints: overview, trends, top-items, quality, gaps - Markdown-aware content chunking with overlap strategy - Worker dispatch for async embedding generation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 00:21:28 +08:00
iven	9487cd7f72	feat(saas): add billing infrastructure — tables, types, service, handlers ... B1.1 Billing database: - 5 tables: billing_plans, billing_subscriptions, billing_invoices, billing_payments, billing_usage_quotas - Seed data: Free(¥0)/Pro(¥49)/Team(¥199) plans - JSONB limits for flexible plan configuration Billing module (crates/zclaw-saas/src/billing/): - types.rs: BillingPlan, Subscription, Invoice, Payment, UsageQuota - service.rs: plan CRUD, subscription lookup, usage tracking, quota check - handlers.rs: REST API (plans list/detail, subscription, usage) - mod.rs: routes registered at /api/v1/billing/* Cargo.toml: added chrono feature to sqlx for DateTime<Utc> support	2026-04-01 23:59:46 +08:00
iven	e3b93ff96d	fix(security): implement all 15 security fixes from penetration test V1 ... Security audit (2026-03-31): 5 HIGH + 10 MEDIUM issues, all fixed. HIGH: - H1: JWT password_version mechanism (pwv in Claims, middleware verification, auto-increment on password change) - H2: Docker saas port bound to 127.0.0.1 - H3: TOTP encryption key decoupled from JWT secret (production bailout) - H4+H5: Tauri CSP hardened (removed unsafe-inline, restricted connect-src) MEDIUM: - M1: Persistent rate limiting (PostgreSQL rate_limit_events table) - M2: Account lockout (5 failures -> 15min lock) - M3: RFC 5322 email validation with regex - M4: Device registration typed struct with length limits - M5: Provider URL validation on create/update (SSRF prevention) - M6: Legacy TOTP secret migration (fixed nonce -> random nonce) - M7: Legacy frontend crypto migration (static salt -> random salt) - M8+M9: Admin frontend: removed JS token storage, HttpOnly cookie only - M10: Pipeline debug log sanitization (keys only, 100-char truncation) Also: fixed CLAUDE.md Section 12 (was corrupted), added title.rs middleware skeleton, fixed RegisterDeviceRequest visibility.	2026-04-01 08:38:37 +08:00
iven	ee51d5abcd	feat(admin-v2): add ProTable search, scenarios/quick_commands form, tests, remove quota_reset_interval ... - Enable ProTable search on Accounts (username/email), Models (model_id/alias), Providers (display_name/name) with hideInSearch for non-searchable columns - Add scenarios (Select tags) and quick_commands (Form.List) to AgentTemplates create form, plus service type updates - Remove unused quota_reset_interval from ProviderKey model, key_pool SQL, handlers, and frontend types; add migration + bump schema to v11 - Add Vitest config, test setup, request interceptor tests (7 cases), authStore tests (8 cases) — all 15 passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 11:13:16 +08:00
iven	8e6abc91e1	feat(key-pool): add LRU sorting via last_used_at column ... - Add migration to add last_used_at TIMESTAMPTZ column to provider_keys - Update select_best_key() SQL to sort by last_used_at ASC NULLS FIRST - Update record_key_usage() to set last_used_at = NOW() on each use - Bump SCHEMA_VERSION to 10	2026-03-31 10:14:49 +08:00
iven	3e57fadfc9	feat(saas): extend agent templates with soul_content, add /available endpoint, key pool cleanup, and industry seed templates ... - Add 9 extended fields to AgentTemplateInfo: soul_content, scenarios, welcome_message, quick_commands, personality, communication_style, emoji, version, source_id - Refactor service.rs to use sqlx::Row (manual column extraction) to avoid the 16-element tuple FromRow limit - Add /api/v1/agent-templates/available (lightweight public listing) and /api/v1/agent-templates/:id/full endpoints - Add 24h key_usage_window cleanup task in scheduler - Update seed data with extended fields for all 5 existing templates plus new Medical Assistant template (healthcare category)	2026-03-31 02:58:09 +08:00
iven	a0bbd4ba82	feat(scheduler): 定时任务后端持久化 + Pipeline trigger 编译修复 ... S4/S8 定时任务后端: - 新增 scheduled_tasks 表 (migration v7) - 新增 scheduled_task CRUD 模块 (handlers/service/types) - 注册 /api/scheduler/tasks 路由 (GET/POST/PATCH/DELETE) - 新增 start_user_task_scheduler() 30秒轮询循环 - 支持 cron/interval/once 三种调度类型 - once 类型执行后自动禁用 修复: - pipeline_commands.rs: 修复 pipeline.trigger 字段不存在的编译错误 (Pipeline 结构体无 trigger 字段，改用 metadata.tags/description)	2026-03-30 19:46:45 +08:00
iven	09df242cf8	fix(saas): Sprint 1 P0 阻塞修复 ... 1.1 补全 docker-compose.yml (PostgreSQL 16 + SaaS 后端容器) 1.2 Migration 系统化: - provider_keys.max_rpm/max_tpm 改为 BIGINT 匹配 Rust Option<i64> - 移除 seed_demo_data 中的 ALTER TABLE 运行时修补 - seed 数据绑定类型 i32→i64 对齐列定义 1.3 saas-config.toml 修复: - 添加 cors_origins (开发环境 localhost) - 添加 [scheduler] section (注释示例) - 数据库密码改为开发默认值 + ZCLAW_DATABASE_URL 环境变量覆盖 - 添加配置文档注释 (JWT/TOTP/管理员环境变量)	2026-03-29 23:27:24 +08:00
iven	7de294375b	feat(auth): 添加异步密码哈希和验证函数 ... refactor(relay): 复用HTTP客户端和请求体序列化结果 feat(kernel): 添加获取单个审批记录的方法 fix(store): 改进SaaS连接错误分类和降级处理 docs: 更新审计文档和系统架构文档 refactor(prompt): 优化SQL查询参数化绑定 refactor(migration): 使用静态SQL和COALESCE更新配置项 feat(commands): 添加审批执行状态追踪和事件通知 chore: 更新启动脚本以支持Admin后台 fix(auth-guard): 优化授权状态管理和错误处理 refactor(db): 使用异步密码哈希函数 refactor(totp): 使用异步密码验证函数 style: 清理无用文件和注释 docs: 更新功能全景和审计文档 refactor(service): 优化HTTP客户端重用和请求处理 fix(connection): 改进SaaS不可用时的降级处理 refactor(handlers): 使用异步密码验证函数 chore: 更新依赖和工具链配置	2026-03-29 21:45:29 +08:00
iven	a0ca35c9dd	feat(saas): SQL 迁移系统 + TIMESTAMPTZ + 热路径重构 ... P0: SQL 迁移系统 - crates/zclaw-saas/migrations/ — 独立 SQL 迁移文件目录 - 20260329000001_initial_schema.sql — TIMESTAMPTZ 完整 schema - 20260329000002_seed_data.sql — 角色种子数据 - db.rs: 移除 335 行内联 SCHEMA_SQL，改为文件加载 - 版本追踪: saas_schema_version 表管理迁移状态 - 向后兼容: 已有 TEXT 时间戳数据库不受影响 P1: 安全重构 - relay/service.rs: update_task_status 从 format!() 改为 3 条独立参数化查询 - config.rs: 移除 TODO 注释，补充字段文档说明 - state.rs: 添加 dispatch_log_operation 异步日志派发方法 P2: Worker 集成 - state.rs: WorkerDispatcher 接入 AppState - 所有异步后台任务基础设施就绪	2026-03-29 19:41:03 +08:00