zclaw_openfang

Author	SHA1	Message	Date
iven	ee51d5abcd	feat(admin-v2): add ProTable search, scenarios/quick_commands form, tests, remove quota_reset_interval - Enable ProTable search on Accounts (username/email), Models (model_id/alias), Providers (display_name/name) with hideInSearch for non-searchable columns - Add scenarios (Select tags) and quick_commands (Form.List) to AgentTemplates create form, plus service type updates - Remove unused quota_reset_interval from ProviderKey model, key_pool SQL, handlers, and frontend types; add migration + bump schema to v11 - Add Vitest config, test setup, request interceptor tests (7 cases), authStore tests (8 cases) — all 15 passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 11:13:16 +08:00
iven	1d9283f335	fix: P0+P1 security and quality fixes P0-1: Token refresh race condition — reject all pending requests on refresh failure P0-2: Remove X-Forwarded-For trust in rate limiting — use only ConnectInfo IP P1-3: Template grid reactive — use useSaaSStore() hook instead of getState() P1-4: Agent Template detail modal — show emoji, personality, soul_content, welcome_message, communication_style, source_id, scenarios, version P1-5: adminRouting parse validation — type-safe llm_routing extraction from localStorage P1-6: Remove unused @ant-design/charts dependency P1-extra: Type addKeyMutation data parameter (replace any) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-31 09:17:04 +08:00
iven	9fb9c3204c	feat(admin-v2): add LLM routing to accounts, upgrade Key Pool CRUD, extend agent template fields - Add llm_routing field (relay/local) to AccountPublic type and Accounts page table + edit modal - Upgrade Providers Key Pool from read-only to full CRUD with add/toggle/delete mutations - Extend AgentTemplate type with soul_content, scenarios, welcome_message, quick_commands, personality, communication_style, emoji, version, source_id fields - Add AgentTemplateAvailable lightweight interface - Add emoji column and extended form fields (emoji, personality, soul_content, welcome_message, communication_style, source_id) to Agent Templates page - Add getFull method to agent-templates service - Fix misplaced useState import in Accounts.tsx	2026-03-31 03:07:40 +08:00
iven	6821df5f44	refactor(admin): 迁移 admin 项目到 admin-v2 并移除旧代码 Some checks failed CI / Lint & TypeCheck (push) Has been cancelled Details CI / Unit Tests (push) Has been cancelled Details CI / Build Frontend (push) Has been cancelled Details CI / Rust Check (push) Has been cancelled Details CI / Security Scan (push) Has been cancelled Details CI / E2E Tests (push) Has been cancelled Details 重构 admin 项目为 admin-v2，移除 Next.js 相关代码，添加 Vite 配置和环境变量删除所有 UI 组件、工具函数、API 客户端和类型定义新增 ErrorBoundary 组件处理错误边界调整代理配置支持 SSE 长连接超时设置	2026-03-31 00:10:42 +08:00
iven	c2aff09811	feat(security): Auth Token HttpOnly Cookie — XSS 安全加固后端: - axum-extra 启用 cookie feature - login/register/refresh 设置 HttpOnly + Secure + SameSite=Strict cookies - 新增 POST /api/v1/auth/logout 清除 cookies - auth_middleware 支持 cookie 提取路径（fallback from header） - CORS: 添加 allow_credentials(true) + COOKIE header 前端 (admin-v2): - authStore: token 仅存内存，不再写 localStorage（account 保留） - request.ts: 添加 withCredentials: true 发送 cookies - 修复 refresh token rotation bug（之前不更新 stored refreshToken） - logout 调用后端清除 cookie 端点向后兼容: API 客户端仍可用 Authorization: Bearer header Desktop (Ed25519 设备认证) 完全不受影响	2026-03-30 19:30:42 +08:00
iven	ba2c6a6105	fix(saas): P1 审计修复 — 连接池断路器 + Worker重试 + XSS防护 + 状态机SQL解析器 P1 修复内容: - F7: health handler 连接池容量检查 (80%阈值返回503 degraded) - F9: SSE spawned task 并发限制 (Semaphore 16 permits) - F10: Key Pool 单次 JOIN 查询优化 (消除 N+1) - F12: CORS panic → 配置错误 - F14: 连接池使用率计算修正 (ratio = used*100/total) - F15: SQL 迁移解析器替换为状态机 (支持 $$, DO $body$, 存储过程) - Worker 重试机制: 失败任务通过 mpsc channel 重新入队 - DOMPurify XSS 防护 (PipelineResultPreview) - Admin V2: ErrorBoundary + SWR全局配置 + 请求优化	2026-03-30 14:21:39 +08:00
iven	a7d33d0207	feat(admin): Admin V2 — Ant Design Pro 纯 SPA 重写 Some checks failed CI / Lint & TypeCheck (push) Has been cancelled Details CI / Unit Tests (push) Has been cancelled Details CI / Build Frontend (push) Has been cancelled Details CI / Rust Check (push) Has been cancelled Details CI / Security Scan (push) Has been cancelled Details CI / E2E Tests (push) Has been cancelled Details Next.js SSR/hydration 与 SWR fetch-on-mount 存在根本冲突： hydration 卸载组件时 abort 的请求仍占用后端 DB 连接， retry 循环耗尽 PostgreSQL 连接池导致后端完全卡死。 admin-v2 使用 Vite + React + antd 纯 SPA 彻底消除此问题： - 12 页面全部完成（Login, Dashboard, Accounts, Providers, Models, API Keys, Usage, Relay, Config, Prompts, Logs, Agent Templates） - ProTable + ProForm + ProLayout 统一 UI 模式 - TanStack Query + Axios + Zustand 数据层 - JWT 自动刷新 + 401 重试机制 - 全部 18 网络请求 200 OK，零 ERR_ABORTED 同时更新 troubleshooting 第 13 节和 SaaS 平台文档。	2026-03-30 09:35:59 +08:00

7 Commits