- create_item: wrap item + version INSERT in transaction for atomicity
- update_item handler: validate content length (100KB) before DB hit
- KnowledgeChunk: document missing embedding field, safe per explicit SELECT usage
Server side:
- POST /api/v1/billing/usage/increment endpoint with dimension whitelist
(hand_executions, pipeline_runs, relay_requests) and count validation (1-100)
- Returns updated usage quota after increment
Desktop side:
- New saas-billing.ts mixin with incrementUsageDimension() and
reportUsageFireAndForget() (non-blocking, safe for finally blocks)
- handStore.triggerHand: reports hand_executions after successful run
- PipelinesPanel.handleRunComplete: reports pipeline_runs on completion
- SaaSClient type declarations for new billing methods
Billing pipeline now covers all three dimensions:
relay_requests → relay handler (server-side, real-time)
hand_executions → handStore (client-side, fire-and-forget)
pipeline_runs → PipelinesPanel (client-side, fire-and-forget)
- Wire relay handler to increment_usage() for JSON responses (tokens + relay_requests)
- Wire relay handler to increment_dimension("relay_requests") for SSE streams
- Add increment_dimension() function for hand_executions/pipeline_runs dimensions
- Schedule AggregateUsageWorker hourly for reconciliation (run_on_start=true)
- Mount mock payment routes in dev mode (ZCLAW_SAAS_DEV=true)
Previously the quota middleware always allowed requests because usage
counters were never incremented. Now relay requests update billing_usage_quotas
in real-time, with the aggregator providing hourly reconciliation.
Add `facts` table to schema with columns for id, agent_id, content,
category, confidence, source_session, and created_at. Implement
store_facts() and get_top_facts() on MemoryStore using upsert-by-id
and confidence-desc ordering. Facts extracted from conversations are
now durable across sessions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1. MemoryMiddleware: replace byte-length check (query.len() < 4) with
char-count check (query.chars().count() < 2). Single CJK characters
are 3 UTF-8 bytes but 1 meaningful character — the old threshold
incorrectly skipped 1-2 char Chinese queries like "你好".
2. QueryAnalyzer: add Chinese synonym mappings for 13 common technical
terms (错误→bug, 优化→improve, 配置→config, etc.) so CJK queries
can find relevant English-keyword memories and vice versa.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cover config defaults, 13 action types deserialization, serialization
roundtrip, credential management, and data type parsing. Also add
PartialEq derive to HandStatus for test assertions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- payment.rs: create_payment, handle_payment_callback, query_payment_status
- Mock pay page for development mode with HTML confirm/cancel flow
- Payment callback handler with subscription auto-creation on success
- Alipay form-urlencoded and WeChat JSON callback parsing
- 7 new routes including callback and mock-pay endpoints
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Markdown-aware content splitting (512 token chunks with 64 overlap)
- CJK keyword extraction from chunk content with stop-word filtering
- Full refresh strategy (delete old chunks → re-insert on update)
- Phase 2 placeholder for vector embedding API integration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix needs_approval field in BrowserHand::new() from false to true to
match the TOML config (hands/browser.HAND.toml says requires_approval = true).
Browser automation has security implications and should require approval.
Add 11 unit tests covering:
- Config id and enabled state
- needs_approval correctness (after fix)
- Action deserialization (Navigate, Click, Type, Scrape, Screenshot)
- Roundtrip serialization for all major action variants
- BrowserSequence builder with stop_on_error()
- Multi-step sequence execution
- FormField deserialization
Also add stop_on_error() builder method to BrowserSequence which was
referenced in the test plan but missing from the struct.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix extract_visible_text to use proper byte position tracking (pos += char_len)
instead of iterating chars without position context, which caused script/style
tag detection to fail on multi-byte content. Also adds script/style stripping
logic and raises truncation limit to 10000 chars.
Adds 9 unit tests covering:
- Config identity verification
- OutputFormat serialization round-trip
- HTML text extraction (basic, script stripping, style stripping, empty input)
- Aggregate action with empty URLs
- CollectorAction deserialization (Collect/Aggregate/Extract)
- CollectionTarget deserialization
- Add comprehensive test suite: config, types, action deserialization, URL encoding,
HTML text extraction, hand trait methods
- Fix summary field: generate rule-based summary from top search results (was always None)
- Fix extract_text_from_html: correct position tracking for script/style tag detection
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add execute_scheduled_task helper that fetches task info and dispatches
by target_type (agent/hand/workflow)
- Replace STUB warn+simple-UPDATE with full execution flow: dispatch task,
then update state with interval-aware next_run_at calculation
- Update next_run_at using interval_seconds for recurring tasks instead
of setting NULL
- Fix pre-existing cache.rs borrow-after-move bug (id.clone() in insert)
- Add trusted_proxies field to ServerConfig (Vec<String>, serde default)
- Default value is empty vector (no proxy trust until explicitly configured)
- Development config: trust localhost IPs (127.0.0.1, ::1)
- Production config: placeholder localhost IPs with comment to replace
Root cause: each relay request executes 13-17 serial DB queries, exhausting
the 50-connection pool under concurrency. When pool is exhausted, sqlx returns
PoolTimedOut which maps to 500 DATABASE_ERROR.
Fixes:
1. log_operation → dispatch_log_operation (async Worker dispatch, non-blocking)
2. record_usage → tokio::spawn (3 DB queries moved off critical path)
3. DB pool: max_connections 50→100 (env-configurable), acquire_timeout 5s→8s
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1. key_pool: merge 3 serial UPDATE queries into 2 (cumulative stats +
last_used_at combined into single UPDATE)
2. service: reduce SSE spawn sleep from 3s to 500ms and add 5s timeout
on DB operations to prevent connection hoarding
1. App.tsx: add restoreSession() call on startup to prevent redirect
to login page after refresh (isRestoring guard + BootstrapScreen)
2. CloneManager: call syncAgents() after loadClones() to restore
currentAgent and conversation history on app load
3. zclaw-memory: add get_or_create_session() so frontend session UUID
is persisted directly — kernel no longer creates mismatched IDs
4. openai.rs: assistant message content must be non-empty for
Kimi/Qwen APIs — replace empty content with meaningful placeholders
Also includes admin-v2 ModelServices unified page (merge providers +
models + API keys into expandable row layout)
- Add migration to add last_used_at TIMESTAMPTZ column to provider_keys
- Update select_best_key() SQL to sort by last_used_at ASC NULLS FIRST
- Update record_key_usage() to set last_used_at = NOW() on each use
- Bump SCHEMA_VERSION to 10
- Add llm_routing to all list_accounts/get_account SQL queries and JSON responses
- Add llm_routing to UpdateAccountRequest with COALESCE update
- Add llm_routing to AccountPublic struct in auth types
- Wire llm_routing into register (default 'local'), login, and me handlers
- Add llm_routing field to AccountRow, AccountAuthRow, AccountLoginRow model structs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add 9 extended fields to AgentTemplateInfo: soul_content, scenarios,
welcome_message, quick_commands, personality, communication_style,
emoji, version, source_id
- Refactor service.rs to use sqlx::Row (manual column extraction) to
avoid the 16-element tuple FromRow limit
- Add /api/v1/agent-templates/available (lightweight public listing)
and /api/v1/agent-templates/:id/full endpoints
- Add 24h key_usage_window cleanup task in scheduler
- Update seed data with extended fields for all 5 existing templates
plus new Medical Assistant template (healthcare category)
