P0-2: GET /usage 500 "text >= timestamptz" — usage_records.created_at
is TEXT in actual DB despite migration declaring TIMESTAMPTZ. Fixed by
using dynamic SQL with ::timestamptz explicit casts for all date
comparisons, avoiding sqlx NULL-without-type-OID binding issues.
P0-3: POST /auth/refresh 500 — refresh_tokens.expires_at/used_at are
TEXT columns. Added ::timestamptz cast to SQL queries in auth handlers
and cleanup worker.
- P0-01: Account lockout now enforced via SQL-level comparison
(locked_until > NOW()) instead of broken RFC3339 text parsing
- P1-01: Logout handler accepts JSON body with optional refresh_token,
revokes ALL refresh tokens for the account (not just current)
- P1-03: Provider display_name is now optional, falls back to name
All 6 smoke tests pass (S1-S6).
- API Key encryption at rest: verify enc: prefix in DB for provider keys
and main provider api_key
- Key pool: toggle active/inactive + delete with DB state verification
- Model Groups: full CRUD lifecycle + cascade delete + user permission
- Quota enforcement: relay_requests exhaustion verified at DB level
(middleware test infra issue noted — DB state confirmed correct)
- Provider disable: model hidden from relay/models list after disable
BUG-009 (P1): Add frontend DataMasking in saas-relay-client.ts
- Masks ID cards, phones, emails, money, company names before relay
- Unmasks tokens in AI response so user sees original data
- Mirrors Rust DataMasking middleware patterns
BUG-010 (P3): Send button transforms to Stop during streaming
- Shows square icon when isStreaming, calls cancelStream()
- Normal arrow icon when idle, calls handleSend()
BUG-011 (P2): Add ::timestamptz casts for old TEXT timestamp columns
- account/handlers.rs: dashboard stats query
- telemetry/service.rs: reported_at comparisons
- workers/aggregate_usage.rs: usage aggregation query
- saasStore.ts: replace require('./chat/conversationStore') with await import()
to fix ReferenceError in Vite ESM environment (P1)
- main.rs: fix health check pool usage formula from max_connections - num_idle
to pool.size() - num_idle, preventing false "degraded" status (P1)
- error.rs: show detailed error messages in ZCLAW_SAAS_DEV=true mode
- Update bug tracker with BUG-003 through BUG-007
PostgreSQL SUM() on bigint returns NUMERIC, causing sqlx decode errors
when Rust expects i64/Option<i64>. Root cause: key_pool.rs
select_best_key() token_count SUM was missing ::bigint, causing
DATABASE_ERROR on every relay request.
Fixed in 4 files:
- relay/key_pool.rs: SUM(token_count) — root cause of relay failure
- relay/service.rs: SUM(remaining_rpm) in sort_candidates_by_quota
- account/handlers.rs: SUM(input/output_tokens) in dashboard stats
- workers/aggregate_usage.rs: SUM(input/output_tokens) in aggregation
Addresses findings from deep code audit:
H-1: Pass abortController.signal to saasClient.chatCompletion() so
user-cancelled streams actually abort the HTTP connection (was only
stopping the read loop, leaving server-side SSE connection open).
H-2: ModelSelector now shows only when (!isTauriRuntime() || isLoggedIn).
Prevents decorative model list in Tauri local kernel mode where model
selection has no effect (violates CLAUDE.md §5.2).
M-1: Normalize CRLF to LF before SSE event boundary parsing (\n\n).
Prevents buffer overflow when behind nginx/CDN with CRLF line endings.
M-2: SQL window_minute comparison uses to_char(NOW()-interval, format)
instead of (NOW()-interval)::TEXT, matching the stored format exactly.
M-3: sort_candidates_by_quota uses same sliding 60s window as select_best_key.
LOW: Fix misleading invalidate_cache doc comment.
- Call init_pain_storage() in Tauri .setup() so pain persistence activates on boot
- Integrate useColdStart hook into FirstConversationPrompt for auto-greeting
- Add UI mode toggle section to Settings/General (already had imports)
- Add "简洁" mode switch-back button to TopBar in professional layout
- Update SemanticSkillRouter @reserved annotation to reflect active status
New ButlerRouterMiddleware (priority 80) intercepts user messages,
classifies intent using keyword-based domain detection, and injects
routing context into the system prompt. Supports healthcare, data
report, policy compliance, and meeting coordination domains.
- New: butler_router.rs — keyword classifier + MiddlewareContext injection
- Registered in Kernel::create_middleware_chain() at priority 80
- 9 tests passing (classification + middleware integration)
P1: identity.rs get_identity() returns empty soul/instructions for agents
without explicit identity files. This prevents the default ZCLAW personality
from overriding agent_config.system_prompt. New get_identity_or_default()
method added for the DEFAULT agent.
P2: messaging.rs now uses agent_config.model.model when available, falling
back to global Kernel config. This allows per-agent model selection.
P2: agentStore.ts loadClones retries up to 3 times (300ms interval) when
getClient() returns null, handling the coordinator initialization race.
P2: agent_create Tauri command auto-populates identity files (soul +
instructions) from creation parameters, ensuring build_system_prompt()
has content for new agents.
Also fixes conversationStore upsertActiveConversation to persist generated
conversation IDs, preventing duplicate entries on new conversations.
Tool execution (ShellExec, WebFetch, etc.) had no timeout, causing the
entire streaming response to hang indefinitely when a tool fails or stalls.
Now wraps execute_tool calls in tokio::time::timeout(30s) with a graceful
error message on timeout.
Root cause: start_consumer() was called in new() before any register() calls,
so the consumer's cloned HashMap was always empty. Workers like log_operation
and record_usage were never found, causing "Unknown worker" errors.
- Add WorkerDispatcher::start() method to be called after all register()s
- Update main.rs to call dispatcher.start() after 7 workers registered
- key_pool.rs: cast cooldown_until to timestamptz for comparison with NOW()
- key_pool.rs: cast request_count to bigint (INT4→INT8) for sqlx decoding
- service.rs: cast cooldown_until to timestamptz in quota sort query
- scheduler.rs: cast last_seen_at to timestamptz in device cleanup
- totp.rs: use DateTime<Utc> instead of rfc3339 string for updated_at
- Enable multi-agent feature by default in desktop build
- Add butler delegation logic: task decomposition, expert assignment
- Add ExpertTask, DelegationResult, butler_delegate() to Director
- Add butler_delegate_task Tauri command bridging Director to frontend
- 13 Director tests passing (6 original + 7 new butler tests)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Priority 90 — runs before Compaction@100 and Memory@150.
Detects and replaces company names, money amounts, phone numbers,
emails, and ID card numbers with deterministic tokens (__ENTITY_N__).
External callers can restore originals via DataMasker::unmask().
Task 1.1 verification: OpenViking Extractor chain is confirmed working.
- Tauri commands registered ✅
- Frontend triggers after each conversation ✅
- Rust extractor with LLM + rule-based fallback ✅
- SqliteStorage persistence verified via 3 new e2e tests
All 78 tests in zclaw-growth pass with no regressions.
HIGH fixes:
- H-NS-1: Non-streaming agent_chat now builds ChatModeConfig and calls
send_message_with_chat_mode(), matching the streaming path
- H-FE-1: ClarificationCard component renders structured clarification
questions with type badge, question text, and numbered options
- H-SEM-1: SemanticSkillRouter annotated as @reserved (Phase 3 wiring)
MEDIUM fixes:
- M-SETTINGS-1: Settings menu restructured with "高级" section separator;
skills/audit/tasks/heartbeat/semantic-memory grouped under advanced
- M-MAN-1: LoopEvent→StreamChatEvent mapping completeness checklist
added as documentation comment in agent_chat_stream loop
- M-ORPH-1: Deleted orphaned Automation/ and SkillMarket/ files,
plus transitively orphaned types, hooks, and adapters
CRITICAL:
- ask_clarification now terminates Agent Loop in both run() and run_streaming()
paths, preventing the LLM from continuing after requesting user clarification
HIGH:
- SaaS relay now forwards plan_mode and subagent_enabled to backend
- GatewayClient.chatStream now supports onThinkingDelta, onSubtaskStatus,
and token-bearing onComplete — aligned with kernel-types StreamCallbacks
- ZclawStreamEvent type extended with thinking_delta, subtask_status variants
and input_tokens/output_tokens fields for token tracking via Gateway path
- C-1: Add event_sender: None to ToolContext in file_write.rs and
file_read.rs test helper functions (compilation fix)
- I-1: file_write tool now echoes content preview in output JSON,
enabling streamStore.ts artifact auto-creation pipeline to work
- S-2: Fix typo "LLM 锥应错误" → "LLM 响应错误" in loop_runner.rs
- New ask_clarification tool (crates/zclaw-runtime/src/tool/builtin/ask_clarification.rs)
with 5 clarification types: missing_info, ambiguous_requirement, approach_choice, risk_confirmation, suggestion
- Registered as built-in tool in builtin.rs
- Added clarification system prompt instructions to messaging.rs system prompt
- Fixed messaging.rs skill injection: when SkillIndexMiddleware is active,
only inject usage instructions (not full skill list), avoiding duplicate injection
- Fixed pre-existing unicode arrow character causing string literal parse error
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When SkillIndexMiddleware is active, build_system_prompt_with_skills no
longer injects the full categorized skill list. Instead it only adds
usage instructions, while the middleware handles the lightweight index.
This reduces ~2000 tokens per request for the 75-skill system.
Phase 1.0 — Butler Mode UI:
- Hide "自动化" and "技能市场" entries from sidebar navigation
- Remove AutomationPanel and SkillMarket view rendering from App.tsx
- Simplify MainViewType to only 'chat'
- Main interface is now: chat + conversation list + detail panel only
Phase 1.1 — Mode Differentiation:
- Add subagent_enabled field to ChatModeConfig (Rust), StreamChatRequest (Tauri),
gateway-client, kernel-client, saas-relay-client, and streamStore
- TaskTool is now only registered when subagent_enabled=true (Ultra mode)
- System prompt includes sub-agent delegation instructions only in Ultra mode
- Frontend transmits subagent_enabled from ChatMode config through the full stack
This connects the 4-tier mode selector (Flash/Thinking/Pro/Ultra) to actual
backend behavioral differences — Ultra mode now truly enables sub-agent delegation.
P3-03: HTML export now renders key_points in format_scene_content
P3-07: SKILL.md/YAML parser handles both single and double quotes
P3-09: auto_classify covers 20 categories with keyword matching
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- P2-18: TOTP QR code local generation via qrcode lib (no external service)
- P2-21: Suspend foreign LLM providers (OpenAI/Anthropic/Gemini) for early stage
- P3-04: get_progress() now calculates actual percentage from completed/total steps
- P3-05: saveSaaSSession calls now have .catch() error logging
- P3-06: SaaS relay chatStream passes session_key/agent_id to backend
- P3-02: Whiteboard unification plan document created
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
P1-04: GenerationPipeline hardcoded model="default" causing classroom
generation 404. Added model field to GenerationPipeline struct, passed
from kernel config via with_driver(driver, model). Static scene
generation now receives model parameter.
P1-03: LLM API concurrent 500 DATABASE_ERROR. Added transient DB error
retry (PoolTimedOut/Io) in create_relay_task with 200ms backoff.
Recommend setting ZCLAW_DB_MIN_CONNECTIONS=10 for burst resilience.
- Add IF NOT EXISTS to accounts_template_assignment ALTER COLUMN
- Add IF NOT EXISTS to webhooks CREATE INDEX statements
- Add created_at/updated_at columns + ON CONFLICT DO NOTHING to industry templates
- Bump SCHEMA_VERSION 13→14 to force migration re-run on existing DB
