iven
f3fb5340b5
fix: 发布前审计 Batch 1 — Pipeline 内存泄漏/超时 + Director 死锁 + Rate Limit Worker
...
Pipeline executor:
- 添加 cleanup() 方法,MAX_COMPLETED_RUNS=100 上限淘汰旧记录
- 每步执行添加 tokio::time::timeout(使用 PipelineSpec.timeout_secs,默认 300s)
- Delay ms 上限 60000,超出 warn 并截断
Director send_to_agent:
- 重构为 oneshot::channel 响应模式,避免 inbox + pending_requests 锁竞争
- 添加 ensure_inbox_reader() 独立任务分发响应到对应 oneshot sender
cleanup_rate_limit Worker:
- 实现 Worker body: DELETE FROM rate_limit_events WHERE created_at < NOW() - INTERVAL '1 hour'
651 tests passed, 0 failed
2026-04-18 14:09:16 +08:00
iven
a5b887051d
fix: butler audit critical fixes — pain detection, proposal trigger, URI + data flow
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
5 fixes from focused audit:
- Connect analyze_for_pain_signals() to post_conversation_hook (pain points now auto-created)
- Add "generate solution" button in InsightsSection for high-confidence pain points (>=0.7)
- Fix Memory URI mismatch: viking://agents/ → viking://agent/ (singular)
- Remove duplicate .then() chain in useButlerInsights (was destructuring undefined)
- Update stale director.rs doc comment (multi-agent now enabled by default)
2026-04-07 10:23:54 +08:00
iven
e1f3a9719e
feat(multi-agent): enable Director + butler delegation (Chunk 4)
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
- Enable multi-agent feature by default in desktop build
- Add butler delegation logic: task decomposition, expert assignment
- Add ExpertTask, DelegationResult, butler_delegate() to Director
- Add butler_delegate_task Tauri command bridging Director to frontend
- 13 Director tests passing (6 original + 7 new butler tests)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-07 09:21:49 +08:00
iven
9af7b0dd46
fix(kernel): enable multi-agent compilation + A2A routing tests
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
- director.rs: add missing CompletionRequest fields (thinking_enabled,
reasoning_effort, plan_mode) for multi-agent feature gate
- agents.rs: remove unused AgentState import behind multi-agent feature
- lib.rs: replace ambiguous glob re-export with explicit director types,
resolving AgentRole conflict between director and generation modules
- a2a.rs: add 5 integration tests covering direct message delivery,
broadcast routing, group messaging, agent unregistration, and
expired message rejection (10 total A2A tests, all passing)
- Verified: 537 workspace tests pass with multi-agent feature enabled
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-04 09:41:24 +08:00
iven
eb956d0dce
feat: 新增管理后台前端项目及安全加固
...
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
refactor(saas): 重构认证中间件与限流策略
- 登录限流调整为5次/分钟/IP
- 注册限流调整为3次/小时/IP
- GET请求不计入限流
fix(saas): 修复调度器时间戳处理
- 使用NOW()替代文本时间戳
- 兼容TEXT和TIMESTAMPTZ列类型
feat(saas): 实现环境变量插值
- 支持${ENV_VAR}语法解析
- 数据库密码支持环境变量注入
chore: 新增前端管理界面
- 基于React+Ant Design Pro
- 包含路由守卫/错误边界
- 对接58个API端点
docs: 更新安全加固文档
- 新增密钥管理规范
- 记录P0安全项审计结果
- 补充TLS终止说明
test: 完善配置解析单元测试
- 新增环境变量插值测试用例
2026-03-31 00:11:33 +08:00
iven
3ff08faa56
release(v0.2.0): streaming, MCP protocol, Browser Hand, security enhancements
...
## Major Features
### Streaming Response System
- Implement LlmDriver trait with `stream()` method returning async Stream
- Add SSE parsing for Anthropic and OpenAI API streaming
- Integrate Tauri event system for frontend streaming (`stream:chunk` events)
- Add StreamChunk types: Delta, ToolStart, ToolEnd, Complete, Error
### MCP Protocol Implementation
- Add MCP JSON-RPC 2.0 types (mcp_types.rs)
- Implement stdio-based MCP transport (mcp_transport.rs)
- Support tool discovery, execution, and resource operations
### Browser Hand Implementation
- Complete browser automation with Playwright-style actions
- Support Navigate, Click, Type, Scrape, Screenshot, Wait actions
- Add educational Hands: Whiteboard, Slideshow, Speech, Quiz
### Security Enhancements
- Implement command whitelist/blacklist for shell_exec tool
- Add SSRF protection with private IP blocking
- Create security.toml configuration file
## Test Improvements
- Fix test import paths (security-utils, setup)
- Fix vi.mock hoisting issues with vi.hoisted()
- Update test expectations for validateUrl and sanitizeFilename
- Add getUnsupportedLocalGatewayStatus mock
## Documentation Updates
- Update architecture documentation
- Improve configuration reference
- Add quick-start guide updates
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-24 03:24:24 +08:00
