zclaw_openfang

iven/zclaw_openfang

Fork 0

Commit Graph

Author	SHA1	Message	Date
iven	a71c4138cc	fix(audit): 修复深度审计发现的 P0/P1 问题 (8项) Some checks failed CI / Lint & TypeCheck (push) Has been cancelled Details CI / Unit Tests (push) Has been cancelled Details CI / Build Frontend (push) Has been cancelled Details CI / Rust Check (push) Has been cancelled Details CI / Security Scan (push) Has been cancelled Details CI / E2E Tests (push) Has been cancelled Details 基于 DEEP_AUDIT_REPORT.md 修复 2 CRITICAL + 4 HIGH + 1 MEDIUM 问题: - C1: PromptOnly 技能集成 LLM 调用 — 定义 LlmCompleter trait，通过 LlmDriverAdapter 桥接 zclaw_runtime::LlmDriver， PromptOnlySkill.execute() 现在调用 LLM 生成内容 - C2: 反思引擎空记忆 bug — 新增 query_memories_for_reflection() 从 VikingStorage 查询真实记忆传入 reflect() - H7: Agent Store 接口适配 — KernelClient 添加 listClones/createClone/ deleteClone/updateClone 方法，映射到 agent_* 命令 - H8: Hand 审批检查 — hand_execute 执行前检查 needs_approval，需审批返回 pending_approval 状态 - M1: 幽灵命令注册 — 注册 hand_get/hand_run_status/hand_run_list 三个 Tauri 桩命令 - H1/H2: SpeechHand/TwitterHand 添加 demo 标签 - H5: 归档过时 VERIFICATION_REPORT 文档更新: DEEP_AUDIT_REPORT.md 标记修复状态，README.md 更新关键指标和变更历史。整体完成度从 ~50% 提升至 ~58%。	2026-03-27 09:36:50 +08:00
iven	3ff08faa56	release(v0.2.0): streaming, MCP protocol, Browser Hand, security enhancements ## Major Features ### Streaming Response System - Implement LlmDriver trait with `stream()` method returning async Stream - Add SSE parsing for Anthropic and OpenAI API streaming - Integrate Tauri event system for frontend streaming (`stream:chunk` events) - Add StreamChunk types: Delta, ToolStart, ToolEnd, Complete, Error ### MCP Protocol Implementation - Add MCP JSON-RPC 2.0 types (mcp_types.rs) - Implement stdio-based MCP transport (mcp_transport.rs) - Support tool discovery, execution, and resource operations ### Browser Hand Implementation - Complete browser automation with Playwright-style actions - Support Navigate, Click, Type, Scrape, Screenshot, Wait actions - Add educational Hands: Whiteboard, Slideshow, Speech, Quiz ### Security Enhancements - Implement command whitelist/blacklist for shell_exec tool - Add SSRF protection with private IP blocking - Create security.toml configuration file ## Test Improvements - Fix test import paths (security-utils, setup) - Fix vi.mock hoisting issues with vi.hoisted() - Update test expectations for validateUrl and sanitizeFilename - Add getUnsupportedLocalGatewayStatus mock ## Documentation Updates - Update architecture documentation - Improve configuration reference - Add quick-start guide updates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 03:24:24 +08:00

Author

SHA1

Message

Date

iven

a71c4138cc

fix(audit): 修复深度审计发现的 P0/P1 问题 (8项)

CI / Lint & TypeCheck (push) Has been cancelled

Details

CI / Unit Tests (push) Has been cancelled

Details

CI / Build Frontend (push) Has been cancelled

Details

CI / Rust Check (push) Has been cancelled

Details

CI / Security Scan (push) Has been cancelled

Details

CI / E2E Tests (push) Has been cancelled

Details

基于 DEEP_AUDIT_REPORT.md 修复 2 CRITICAL + 4 HIGH + 1 MEDIUM 问题:

- C1: PromptOnly 技能集成 LLM 调用 — 定义 LlmCompleter trait，
  通过 LlmDriverAdapter 桥接 zclaw_runtime::LlmDriver，
  PromptOnlySkill.execute() 现在调用 LLM 生成内容
- C2: 反思引擎空记忆 bug — 新增 query_memories_for_reflection()
  从 VikingStorage 查询真实记忆传入 reflect()
- H7: Agent Store 接口适配 — KernelClient 添加 listClones/createClone/
  deleteClone/updateClone 方法，映射到 agent_* 命令
- H8: Hand 审批检查 — hand_execute 执行前检查 needs_approval，
  需审批返回 pending_approval 状态
- M1: 幽灵命令注册 — 注册 hand_get/hand_run_status/hand_run_list
  三个 Tauri 桩命令
- H1/H2: SpeechHand/TwitterHand 添加 demo 标签
- H5: 归档过时 VERIFICATION_REPORT

文档更新: DEEP_AUDIT_REPORT.md 标记修复状态，README.md 更新
关键指标和变更历史。整体完成度从 ~50% 提升至 ~58%。

2026-03-27 09:36:50 +08:00

iven

3ff08faa56

release(v0.2.0): streaming, MCP protocol, Browser Hand, security enhancements

## Major Features

### Streaming Response System
- Implement LlmDriver trait with `stream()` method returning async Stream
- Add SSE parsing for Anthropic and OpenAI API streaming
- Integrate Tauri event system for frontend streaming (`stream:chunk` events)
- Add StreamChunk types: Delta, ToolStart, ToolEnd, Complete, Error

### MCP Protocol Implementation
- Add MCP JSON-RPC 2.0 types (mcp_types.rs)
- Implement stdio-based MCP transport (mcp_transport.rs)
- Support tool discovery, execution, and resource operations

### Browser Hand Implementation
- Complete browser automation with Playwright-style actions
- Support Navigate, Click, Type, Scrape, Screenshot, Wait actions
- Add educational Hands: Whiteboard, Slideshow, Speech, Quiz

### Security Enhancements
- Implement command whitelist/blacklist for shell_exec tool
- Add SSRF protection with private IP blocking
- Create security.toml configuration file

## Test Improvements
- Fix test import paths (security-utils, setup)
- Fix vi.mock hoisting issues with vi.hoisted()
- Update test expectations for validateUrl and sanitizeFilename
- Add getUnsupportedLocalGatewayStatus mock

## Documentation Updates
- Update architecture documentation
- Improve configuration reference
- Add quick-start guide updates

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-24 03:24:24 +08:00

2 Commits