iven
|
e10549a1b9
|
fix: 发布前审计 Batch 2 — Debug遮蔽 + unwrap + 静默吞错 + MCP锁 + 索引 + Config验证
安全:
- LlmConfig 自定义 Debug impl,api_key 显示为 "***REDACTED***"
- tsconfig.json 移除 ErrorBoundary.tsx 排除项(安全关键组件)
- billing/handlers.rs Response builder unwrap → map_err 错误传播
- classroom_commands/mod.rs db_path.parent().unwrap() → ok_or_else
静默吞错:
- approvals.rs 3处 warn→error(审批状态丢失是严重事件)
- events.rs publish() 添加 Event dropped debug 日志
- mcp_transport.rs eprintln→tracing::warn (僵尸进程风险)
- zclaw-growth sqlite.rs 4处迁移:区分 duplicate column name 与真实错误
MCP Transport:
- 合并 stdin+stdout 为单一 Mutex<TransportHandles>
- send_request write-then-read 原子化,防止并发响应错配
数据库:
- 新迁移 20260418000001: idx_rle_created_at + idx_billing_sub_plan + idx_ki_created_by
配置验证:
- SaaSConfig::load() 添加 jwt_expiration_hours>=1, max_connections>0, min<=max
|
2026-04-18 14:09:36 +08:00 |
|
iven
|
978dc5cdd8
|
fix(安全): 修复HTML导出中的XSS漏洞并清理调试日志
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
refactor(日志): 替换console.log为tracing日志系统
style(代码): 移除未使用的代码和依赖项
feat(测试): 添加端到端测试文档和CI工作流
docs(变更日志): 更新CHANGELOG.md记录0.1.0版本变更
perf(构建): 更新依赖版本并优化CI流程
|
2026-03-26 19:49:03 +08:00 |
|
iven
|
f4efc823e2
|
refactor(types): comprehensive TypeScript type system improvements
Major type system refactoring and error fixes across the codebase:
**Type System Improvements:**
- Extended OpenFangStreamEvent with 'connected' and 'agents_updated' event types
- Added GatewayPong interface for WebSocket pong responses
- Added index signature to MemorySearchOptions for Record compatibility
- Fixed RawApproval interface with hand_name, run_id properties
**Gateway & Protocol Fixes:**
- Fixed performHandshake nonce handling in gateway-client.ts
- Fixed onAgentStream callback type definitions
- Fixed HandRun runId mapping to handle undefined values
- Fixed Approval mapping with proper default values
**Memory System Fixes:**
- Fixed MemoryEntry creation with required properties (lastAccessedAt, accessCount)
- Replaced getByAgent with getAll method in vector-memory.ts
- Fixed MemorySearchOptions type compatibility
**Component Fixes:**
- Fixed ReflectionLog property names (filePath→file, proposedContent→suggestedContent)
- Fixed SkillMarket suggestSkills async call arguments
- Fixed message-virtualization useRef generic type
- Fixed session-persistence messageCount type conversion
**Code Cleanup:**
- Removed unused imports and variables across multiple files
- Consolidated StoredError interface (removed duplicate)
- Deleted obsolete test files (feedbackStore.test.ts, memory-index.test.ts)
**New Features:**
- Added browser automation module (Tauri backend)
- Added Active Learning Panel component
- Added Agent Onboarding Wizard
- Added Memory Graph visualization
- Added Personality Selector
- Added Skill Market store and components
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-03-17 08:05:07 +08:00 |
|
iven
|
045e9cef5b
|
feat: initialize ZCLAW project with core systems and Tauri desktop
- Created backend core systems:
- Remote Execution System (远程执行系统)
- Task Orchestration Engine (任务编排引擎)
- Persistent Memory System (持续记忆系统)
- Proactive Service System (主动服务系统)
- Created Tauri desktop app:
- Three-column layout based on AutoClaw design
- React + TypeScript + Tailwind CSS
- Zustand state management
- Lucide React icons
- Components:
- Sidebar (Agent list, IM channels, scheduled tasks)
- ChatArea (Chat interface with message bubbles)
- RightPanel (Task progress, statistics, next actions)
Next: Test Tauri dev server and integrate with OpenClaw backend
|
2026-03-11 22:06:07 +08:00 |
|