42 Commits

Author	SHA1	Message	Date
iven	f8c5a76ce6	fix(industry): 审计收尾 — MEDIUM + LOW 全部清零 ... M-1: Industries 创建弹窗添加 cold_start_template + pain_seed_categories M-3: industryStore console.warn → createLogger 结构化日志 B2: classify_with_industries 平局打破 + 归一化因子 3.0 文档化 S3: set_account_industries 验证移入事务内消除 TOCTOU T1: 4 个 SaaS 请求类型添加 deny_unknown_fields I3: store_trigger_experience Debug 格式 → signal_name 描述名 L-1: 删除 Accounts.tsx 死代码 editingIndustries L-3: Industries.tsx filters 类型补全 source 字段	2026-04-12 20:37:48 +08:00
iven	fbc8c9fdde	fix(industry): 审计修复 — 4 CRITICAL + 5 HIGH 全部解决 ... C1: SaaS industry/service.rs SQL 注入风险 → 参数化查询 ($N 绑定) C2: INDUSTRY_CONFIGS 死链 → Kernel 共享 Arc 接通 ButlerRouter C3: IndustryListItem 缺 keywords_count → SQL 查询 + 类型补全 C4: set_account_industries 非事务性 → batch 验证 + 事务 DELETE+INSERT H8: Accounts.tsx mutate 竞态 → mutateAsync 顺序等待 H9: XML 注入未转义 → xml_escape() 辅助函数 H10: update_industry 覆盖 source → 保留原始值 H11: 面包屑缺少 /industries → 添加行业配置映射	2026-04-12 19:06:19 +08:00
iven	b357916d97	feat(intelligence): Phase 5 主动行为激活 — 注入格式 + 跨会话连续性 + 触发持久化 ... Task 5.1+5.4: ButlerRouter/experience 注入格式升级为 <butler-context> XML fencing - butler_router: [路由上下文] → <butler-context><routing>...</routing></butler-context> - experience: [过往经验] → <butler-context><experience>...</experience></butler-context> - 统一 system-note 提示，引导 LLM 自然运用上下文 Task 5.2: 跨会话连续性 — pre_conversation_hook 注入活跃痛点 + 相关经验 - 从 VikingStorage 检索相关记忆(相似度>=0.3) - 从 pain_aggregator 获取 High severity 痛点(top 3) Task 5.3: 触发信号持久化 — post_conversation_hook 将触发信号存入 VikingStorage - store_trigger_experience(): 模板提取，零 LLM 成本 - 为未来 LLM 深度反思积累数据基础	2026-04-12 18:31:37 +08:00
iven	5d1050bf6f	feat(industry): Phase 1 行业配置基础 — 数据模型 + 四行业内置配置 + ButlerRouter 动态关键词 ... - 新增 SaaS industry 模块 (types/service/handlers/mod/builtin) - 4 行业内置配置: healthcare/education/garment/ecommerce - 数据库迁移: industries + account_industries 表 - 8 个 API 端点 (CRUD + 用户行业关联) - ButlerRouter 改造: 支持 IndustryKeywordConfig 动态注入 - 12 个测试全通过 (含动态行业分类测试)	2026-04-12 15:42:35 +08:00
iven	9e0aa496cd	fix(runtime): 修复 Skill/MCP 调用链路3个断点 ... 1. Anthropic Driver ToolResult 格式修复 — ContentBlock 添加 ToolResult 变体, tool_call_id 不再被丢弃, 按 Anthropic API 规范发送 tool_result 格式 2. 前端 callMcpTool 参数名对齐 — serviceName/toolName/args 改为 service_name/tool_name/arguments, 后端支持 service_name 精确路由 3. MCP 工具桥接到 ToolRegistry — McpToolAdapter 添加 service_name/clone, 新建 McpToolWrapper 实现 Tool trait, Kernel 添加 mcp_adapters 共享状态, McpManagerState 与 Kernel 共享同一 Arc<RwLock<Vec>>, MCP 服务启停时 自动同步工具列表到 LLM 可见的 ToolRegistry	2026-04-11 16:20:38 +08:00
iven	1e675947d5	feat(butler): upgrade ButlerRouter to semantic skill routing ... Replace keyword-only ButlerRouter with SemanticSkillRouter (TF-IDF). 75 skills now participate in intent classification instead of 4 hardcoded domains. - Expose ButlerRouterBackend trait + RoutingHint as pub - Add with_router() constructor for injecting custom backends - Add SemanticRouterAdapter in kernel layer (bridges skills ↔ runtime) - Enhance context injection with skill-level match info	2026-04-10 21:24:30 +08:00
iven	4b15ead8e7	feat(hermes): implement intelligence pipeline — 4 chunks, 684 tests passing ... Hermes Intelligence Pipeline closes breakpoints in ZCLAW's existing intelligence components with 4 self-contained modules: Chunk 1 — Self-improvement Loop: - ExperienceStore (zclaw-growth): FTS5+TF-IDF wrapper with scope prefix - ExperienceExtractor (desktop/intelligence): template-based extraction from successful proposals with implicit keyword detection Chunk 2 — User Modeling: - UserProfileStore (zclaw-memory): SQLite-backed structured profiles with industry/role/expertise/comm_style/recent_topics/pain_points - UserProfiler (desktop/intelligence): fact classification by category (Preference/Knowledge/Behavior) with profile summary formatting Chunk 3 — NL Cron Chinese Time Parser: - NlScheduleParser (zclaw-runtime): 6 pattern matchers for Chinese time expressions (每天/每周/工作日/间隔/每月/一次性) producing cron expressions - Period-aware hour adjustment (下午3点→15, 晚上8点→20) - Schedule intent detection + task description extraction Chunk 4 — Trajectory Compression: - TrajectoryStore (zclaw-memory): trajectory_events + compressed_trajectories - TrajectoryRecorderMiddleware (zclaw-runtime/middleware): priority 650, async non-blocking event recording via tokio::spawn - TrajectoryCompressor (desktop/intelligence): dedup, request classification, satisfaction detection, execution chain JSON Schema migrations: v2→v3 (user_profiles), v3→v4 (trajectory tables)	2026-04-09 17:47:43 +08:00
iven	3f2acb49fb	fix: pre-release audit fixes — Twitter OAuth, DataMasking perf, Prompt versioning ... - Twitter like/retweet: return explicit unavailable error instead of sending doomed Bearer token requests (would 403 on Twitter API v2) - DataMasking: pre-compile regex patterns with LazyLock (was compiling 6 patterns on every mask() call) - Prompt version: fix get_version handler ignoring version path param, add service::get_version_by_number for correct per-version retrieval	2026-04-09 16:43:24 +08:00
iven	ffaee49d67	feat(middleware): add butler router for semantic skill routing ... New ButlerRouterMiddleware (priority 80) intercepts user messages, classifies intent using keyword-based domain detection, and injects routing context into the system prompt. Supports healthcare, data report, policy compliance, and meeting coordination domains. - New: butler_router.rs — keyword classifier + MiddlewareContext injection - Registered in Kernel::create_middleware_chain() at priority 80 - 9 tests passing (classification + middleware integration)	2026-04-09 09:26:48 +08:00
iven	de2d3e3a11	fix(runtime): add 30s timeout to tool execution in AgentLoop ... Tool execution (ShellExec, WebFetch, etc.) had no timeout, causing the entire streaming response to hang indefinitely when a tool fails or stalls. Now wraps execute_tool calls in tokio::time::timeout(30s) with a graceful error message on timeout.	2026-04-08 20:44:52 +08:00
iven	ade534d1ce	feat: 添加MCP调试插件并优化流式超时处理 ... refactor(relay): 将Provider Key管理路由移至model_config模块 fix(saas): 修复demo_keys与provider_keys的匹配逻辑 perf(runtime): 将流式响应超时从60秒延长至180秒以适配思考型模型 docs: 新增模块化审计和上线前功能测试方案文档 chore: 添加tauri-plugin-mcp依赖及相关配置	2026-04-08 13:39:06 +08:00
iven	8aed363fc8	feat(middleware): add DataMaskingMiddleware — sensitive entity protection (Chunk 3) ... Priority 90 — runs before Compaction@100 and Memory@150. Detects and replaces company names, money amounts, phone numbers, emails, and ID card numbers with deterministic tokens (__ENTITY_N__). External callers can restore originals via DataMasker::unmask().	2026-04-07 08:01:05 +08:00
iven	02c69bb3cf	fix: subagent unique ID matching + AgentState serialization + pre-existing TS errors ... - S-3: Thread task_id (UUID) through all 6 layers (LoopEvent → StreamChatEvent → kernel-types → gateway-client → streamStore) so subtasks are matched by ID, not description string - AgentState: Add #[serde(rename_all = "lowercase")] to fix PascalCase serialization ("Running" → "running"), update frontend matcher - S-1: Remove unused onClose prop from ArtifactPanel + ChatArea call site - Fix hooks/index.ts: remove orphaned useAutomationEvents re-exports (module deleted) - Fix types/index.ts: remove orphaned automation type/value re-exports (module deleted) - Fix ChatArea.tsx: framer-motion 12 + React 19 type compat — use createElement + explicit any return type to avoid unknown-in-JSX-child error Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-06 22:30:16 +08:00
iven	6a13fff9ec	fix(runtime): deep audit fixes — clarification loop termination + callback alignment ... CRITICAL: - ask_clarification now terminates Agent Loop in both run() and run_streaming() paths, preventing the LLM from continuing after requesting user clarification HIGH: - SaaS relay now forwards plan_mode and subagent_enabled to backend - GatewayClient.chatStream now supports onThinkingDelta, onSubtaskStatus, and token-bearing onComplete — aligned with kernel-types StreamCallbacks - ZclawStreamEvent type extended with thinking_delta, subtask_status variants and input_tokens/output_tokens fields for token tracking via Gateway path	2026-04-06 16:50:48 +08:00
iven	9339b64bae	fix: audit findings — test compilation, artifact pipeline, typo ... - C-1: Add event_sender: None to ToolContext in file_write.rs and file_read.rs test helper functions (compilation fix) - I-1: file_write tool now echoes content preview in output JSON, enabling streamStore.ts artifact auto-creation pipeline to work - S-2: Fix typo "LLM 锥应错误" → "LLM 响应错误" in loop_runner.rs	2026-04-06 15:15:17 +08:00
iven	14c3c963c2	feat: ask_clarification tool + clarification system prompt + progressive skill loading fix ... - New ask_clarification tool (crates/zclaw-runtime/src/tool/builtin/ask_clarification.rs) with 5 clarification types: missing_info, ambiguous_requirement, approach_choice, risk_confirmation, suggestion - Registered as built-in tool in builtin.rs - Added clarification system prompt instructions to messaging.rs system prompt - Fixed messaging.rs skill injection: when SkillIndexMiddleware is active, only inject usage instructions (not full skill list), avoiding duplicate injection - Fixed pre-existing unicode arrow character causing string literal parse error Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-06 13:19:10 +08:00
iven	9871c254be	feat: sub-agent streaming progress — TaskTool emits real-time status events ... - Rust: LoopEvent::SubtaskStatus variant added to loop_runner.rs - Rust: ToolContext.event_sender field for streaming tool progress - Rust: TaskTool emits started/running/completed/failed via event_sender - Rust: StreamChatEvent::SubtaskStatus mapped in Tauri chat command - TS: StreamEventSubtaskStatus type + onSubtaskStatus callback added - TS: kernel-chat.ts handles subtaskStatus event from Tauri - TS: streamStore.ts wires callback, maps backend→frontend status, updates assistant message subtasks array in real-time	2026-04-06 13:05:37 +08:00
iven	26a833d1c8	fix: resolve 17 P2 defects and 5 P3 defects from pre-launch audit ... Batch fix covering multiple modules: - P2-01: HandRegistry Semaphore-based max_concurrent enforcement - P2-03: Populate toolCount/metricCount from Hand trait methods - P2-06: heartbeat_update_config minimum interval validation - P2-07: ReflectionResult used_fallback marker for rule-based fallback - P2-08/09: identity_propose_change parameter naming consistency - P2-10: ClassroomMetadata is_placeholder flag for LLM failure - P2-11: classroomStore userDidCloseDuringGeneration intent tracking - P2-12: workflowStore pipeline_create sends actionType - P2-13/14: PipelineInfo step_count + PipelineStepInfo for proper step mapping - P2-15: Pipe transform support in context.resolve (8 transforms) - P2-16: Mustache {{...}} → \${...} auto-normalization - P2-17: SaaSLogin password placeholder 6→8 - P2-19: serialize_skill_md + update_skill preserve tools field - P2-22: ToolOutputGuard sensitive patterns from warn→block - P2-23: Mutex::unwrap() → unwrap_or_else in relay/service.rs - P3-01/03/07/08/09: Various P3 fixes - DEFECT_LIST.md: comprehensive status sync (43/51 fixed, 8 remaining) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-06 00:49:16 +08:00
iven	619bad30cb	fix(security): Gemini API key header + Mutex safety + Agent validation ... M1-01: Move Gemini API key from URL query param to x-goog-api-key header, preventing key leakage in logs/proxy/telemetry (matches Anthropic/OpenAI pattern) M1-03/M1-04: Replace Mutex .unwrap() with .unwrap_or_else(|e| e.into_inner()) in MemoryMiddleware and LoopGuardMiddleware — recovers from poison instead of panicking async runtime M2-08: Add input validation to agent_create — reject empty names, out-of-range temperature (0-2), and zero max_tokens M11-06: Replace Date.now() message ID with crypto.randomUUID() to prevent collisions in classroom chat	2026-04-04 19:15:50 +08:00
iven	52bdafa633	refactor(crates): kernel/generation module split + DeerFlow optimizations + middleware + dead code cleanup ... - Split zclaw-kernel/kernel.rs (1486 lines) into 9 domain modules - Split zclaw-kernel/generation.rs (1080 lines) into 3 modules - Add DeerFlow-inspired middleware: DanglingTool, SubagentLimit, ToolError, ToolOutputGuard - Add PromptBuilder for structured system prompt assembly - Add FactStore (zclaw-memory) for persistent fact extraction - Add task builtin tool for agent task management - Driver improvements: Anthropic/OpenAI extended thinking, Gemini safety settings - Replace let _ = with proper log::warn! across SaaS handlers - Remove unused dependency (url) from zclaw-hands	2026-04-03 00:28:03 +08:00
iven	1bf0d3a73d	fix(memory): CJK-aware short query threshold + Chinese synonym expansion ... 1. MemoryMiddleware: replace byte-length check (query.len() < 4) with char-count check (query.chars().count() < 2). Single CJK characters are 3 UTF-8 bytes but 1 meaningful character — the old threshold incorrectly skipped 1-2 char Chinese queries like "你好". 2. QueryAnalyzer: add Chinese synonym mappings for 13 common technical terms (错误→bug, 优化→improve, 配置→config, etc.) so CJK queries can find relevant English-keyword memories and vice versa. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 01:21:29 +08:00
iven	e3b93ff96d	fix(security): implement all 15 security fixes from penetration test V1 ... Security audit (2026-03-31): 5 HIGH + 10 MEDIUM issues, all fixed. HIGH: - H1: JWT password_version mechanism (pwv in Claims, middleware verification, auto-increment on password change) - H2: Docker saas port bound to 127.0.0.1 - H3: TOTP encryption key decoupled from JWT secret (production bailout) - H4+H5: Tauri CSP hardened (removed unsafe-inline, restricted connect-src) MEDIUM: - M1: Persistent rate limiting (PostgreSQL rate_limit_events table) - M2: Account lockout (5 failures -> 15min lock) - M3: RFC 5322 email validation with regex - M4: Device registration typed struct with length limits - M5: Provider URL validation on create/update (SSRF prevention) - M6: Legacy TOTP secret migration (fixed nonce -> random nonce) - M7: Legacy frontend crypto migration (static salt -> random salt) - M8+M9: Admin frontend: removed JS token storage, HttpOnly cookie only - M10: Pipeline debug log sanitization (keys only, 100-char truncation) Also: fixed CLAUDE.md Section 12 (was corrupted), added title.rs middleware skeleton, fixed RegisterDeviceRequest visibility.	2026-04-01 08:38:37 +08:00
iven	6cae768401	fix(desktop): session persistence — refresh/login/context/empty-content 4-bug fix ... 1. App.tsx: add restoreSession() call on startup to prevent redirect to login page after refresh (isRestoring guard + BootstrapScreen) 2. CloneManager: call syncAgents() after loadClones() to restore currentAgent and conversation history on app load 3. zclaw-memory: add get_or_create_session() so frontend session UUID is persisted directly — kernel no longer creates mismatched IDs 4. openai.rs: assistant message content must be non-empty for Kimi/Qwen APIs — replace empty content with meaningful placeholders Also includes admin-v2 ModelServices unified page (merge providers + models + API keys into expandable row layout)	2026-03-31 13:38:59 +08:00
iven	13c0b18bbc	feat: Batch 5-9 — GrowthIntegration桥接、验证补全、死代码清理、Pipeline模板、Speech/Twitter真实实现 ... Batch 5 (P0): GrowthIntegration 接入 Tauri - Kernel 新增 set_viking()/set_extraction_driver() 桥接 SqliteStorage - 中间件链共享存储，MemoryExtractor 接入 LLM 驱动 Batch 6 (P1): 输入验证 + Heartbeat - Relay 验证补全（stream 兼容检查、API key 格式校验） - UUID 类型校验、SessionId 错误返回 - Heartbeat 默认开启 + 首次聊天自动初始化 Batch 7 (P2): 死代码清理 - zclaw-channels 整体移除（317 行） - multi-agent 特性门控、admin 方法标注 Batch 8 (P2): Pipeline 模板 - PipelineMetadata 新增 annotations 字段 - pipeline_templates 命令 + 2 个示例模板 - fallback driver base_url 修复（doubao/qwen/deepseek 端点） Batch 9 (P1): SpeechHand/TwitterHand 真实实现 - SpeechHand: tts_method 字段 + Browser TTS 前端集成 (Web Speech API) - TwitterHand: 12 个 action 全部替换为 Twitter API v2 真实 HTTP 调用 - chatStore/useAutomationEvents 双路径 TTS 触发	2026-03-30 09:24:50 +08:00
iven	5595083b96	feat(skills): SemanticSkillRouter — TF-IDF + Embedding 混合路由 ... 实现 SemanticSkillRouter 核心模块 (zclaw-skills): - Embedder trait + NoOpEmbedder (TF-IDF fallback) - SkillTfidfIndex 全文索引 - retrieve_candidates() Top-K 检索 - route() 置信度阈值路由 (0.85) - cosine_similarity 公共函数 - 单元测试覆盖 Kernel 适配层 (zclaw-kernel): - EmbeddingAdapter: zclaw-growth EmbeddingClient → Embedder 文档同步: - 01-intelligent-routing.md Phase 1+2 标记完成	2026-03-30 00:54:11 +08:00
iven	7e90cea117	fix(kernel): BREAK-02 记忆提取链路闭合 + BREAK-03 审批 HandRun 跟踪 ... BREAK-02 记忆提取链路闭合: - Kernel 新增 viking: Arc<VikingAdapter> 共享存储后端 - VikingAdapter 在 boot() 中初始化, 全生命周期共享 - create_middleware_chain() 注册 MemoryMiddleware (priority 150) - CompactionMiddleware 的 growth 参数从 None 改为 GrowthIntegration - zclaw-runtime 重新导出 VikingAdapter BREAK-03 审批后 HandRun 跟踪: - respond_to_approval() 添加完整 HandRun 生命周期跟踪 - Pending → Running → Completed/Failed 状态转换 - 支持 duration_ms 计时和 cancellation 注册 - 与 execute_hand() 保持一致的跟踪粒度	2026-03-29 23:45:52 +08:00
iven	04c366fe8b	feat(runtime): DeerFlow 模式中间件链 Phase 1-4 全部完成 ... 借鉴 DeerFlow 架构，实现完整中间件链系统： Phase 1 - Agent 中间件链基础设施 - MiddlewareChain Clone 支持 - LoopRunner 双路径集成 (middleware/legacy) - Kernel create_middleware_chain() 工厂方法 Phase 2 - 技能按需注入 - SkillIndexMiddleware (priority 200) - SkillLoadTool 工具 - SkillDetail/SkillIndexEntry 结构体 - KernelSkillExecutor trait 扩展 Phase 3 - Guardrail 安全护栏 - GuardrailMiddleware (priority 400, fail_open) - ShellExecRule / FileWriteRule / WebFetchRule Phase 4 - 记忆闭环统一 - MemoryMiddleware (priority 150, 30s 防抖) - after_completion 双路径调用 中间件注册顺序： 100 Compaction | 150 Memory | 200 SkillIndex 400 Guardrail | 500 LoopGuard | 700 TokenCalibration 向后兼容：Option<MiddlewareChain> 默认 None 走旧路径	2026-03-29 23:19:41 +08:00
iven	5fdf96c3f5	chore: 提交所有工作进度 — SaaS 后端增强、Admin UI、桌面端集成 ... 包含大量 SaaS 平台改进、Admin 管理后台更新、桌面端集成完善、 文档同步、测试文件重构等内容。为 QA 测试准备干净工作树。	2026-03-29 10:46:41 +08:00
iven	30b2515f07	feat(audit): 审计修复第四轮 — 跨会话搜索、LLM压缩集成、Presentation渲染器 ... - S9: MessageSearch 新增 Session/Global 双模式，Global 调用 VikingStorage memory_search - M4b: LLM 压缩器集成到 kernel AgentLoop，支持 use_llm 配置切换 - M4c: 压缩时自动提取记忆到 VikingStorage (runtime + tauri 双路径) - H6: 新增 ChartRenderer(recharts)、Document/Slideshow 完整渲染 - 累计修复 23 项，整体完成度 ~72%，真实可用率 ~80%	2026-03-27 11:44:14 +08:00
iven	eed347e1a6	feat: 实现循环防护和安全验证功能 ... refactor(loop_guard): 为LoopGuard添加Clone派生 feat(capabilities): 实现CapabilityManager.validate()安全验证 fix(agentStore): 添加token用量追踪 chore: 删除未实现的Predictor/Lead HAND.toml文件 style(Credits): 移除假数据并标注开发中状态 refactor(Skills): 动态加载技能卡片 perf(configStore): 为定时任务添加localStorage降级 docs: 更新功能文档和版本变更记录	2026-03-27 07:56:53 +08:00
iven	0d4fa96b82	refactor: 统一项目名称从OpenFang到ZCLAW ... 重构所有代码和文档中的项目名称，将OpenFang统一更新为ZCLAW。包括： - 配置文件中的项目名称 - 代码注释和文档引用 - 环境变量和路径 - 类型定义和接口名称 - 测试用例和模拟数据 同时优化部分代码结构，移除未使用的模块，并更新相关依赖项。	2026-03-27 07:36:03 +08:00
iven	978dc5cdd8	fix(安全): 修复HTML导出中的XSS漏洞并清理调试日志 ... refactor(日志): 替换console.log为tracing日志系统 style(代码): 移除未使用的代码和依赖项 feat(测试): 添加端到端测试文档和CI工作流 docs(变更日志): 更新CHANGELOG.md记录0.1.0版本变更 perf(构建): 更新依赖版本并优化CI流程	2026-03-26 19:49:03 +08:00
iven	b7f3d94950	fix(presentation): 修复 presentation 模块类型错误和语法问题 ... - 创建 types.ts 定义完整的类型系统 - 重写 DocumentRenderer.tsx 修复语法错误 - 重写 QuizRenderer.tsx 修复语法错误 - 重写 PresentationContainer.tsx 添加类型守卫 - 重写 TypeSwitcher.tsx 修复类型引用 - 更新 index.ts 移除不存在的 ChartRenderer 导出 审计结果: - 类型检查: 通过 - 单元测试: 222 passed - 构建: 成功	2026-03-26 17:19:28 +08:00
iven	bf6d81f9c6	refactor: 清理未使用代码并添加未来功能标记 ... style: 统一代码格式和注释风格 docs: 更新多个功能文档的完整度和状态 feat(runtime): 添加路径验证工具支持 fix(pipeline): 改进条件判断和变量解析逻辑 test(types): 为ID类型添加全面测试用例 chore: 更新依赖项和Cargo.lock文件 perf(mcp): 优化MCP协议传输和错误处理	2026-03-25 21:55:12 +08:00
iven	aa6a9cbd84	feat: 新增技能编排引擎和工作流构建器组件 ... refactor: 统一Hands系统常量到单个源文件 refactor: 更新Hands中文名称和描述 fix: 修复技能市场在连接状态变化时重新加载 fix: 修复身份变更提案的错误处理逻辑 docs: 更新多个功能文档的验证状态和实现位置 docs: 更新Hands系统文档 test: 添加测试文件验证工作区路径	2026-03-25 08:27:25 +08:00
iven	0179f947aa	fix(openai): resolve DashScope/Bailian tool calling 400 errors ... - Detect providers that don't support streaming with tools (DashScope, aliyuncs, bigmodel.cn) - Add stream_from_complete() to use non-streaming mode when tools are present - Fix convert_response() to prioritize tool_calls over empty content - Fix ToolUse message JSON serialization (Null -> "{}") - Skip invalid tool calls with empty names in streaming Root cause: DashScope Coding Plan API doesn't support stream=true with tools, causing tool parameters to be lost or malformed. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 21:43:03 +08:00
iven	504d5746aa	feat(skill-execution): implement execute_skill tool with full execution chain ... - Add ExecuteSkillTool for LLM to call skills during conversation - Implement SkillExecutor trait in Kernel for skill execution - Update AgentLoop to support tool execution with skill_executor - Add default skills_dir configuration in KernelConfig - Connect frontend skillMarketStore to backend skill_list command - Update technical documentation with Skill system architecture Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 13:24:23 +08:00
iven	e49ba4460b	feat(security): add security configuration and tool validation ... Security Configuration: - config/security.toml with shell_exec, file_read, file_write, web_fetch, browser, and mcp settings - Command whitelist/blacklist for shell execution - Path restrictions for file operations - SSRF protection for web fetch Tool Security Implementation: - ShellSecurityConfig with whitelist/blacklist validation - ShellExecTool with actual command execution - Timeout and output size limits - Security checks before command execution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 03:10:32 +08:00
iven	6f82723225	feat(runtime): implement streaming in AgentLoop ... - Implement run_streaming() method with async channel - Stream chunks from LLM driver and emit LoopEvent - Save assistant message to memory on completion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 01:45:50 +08:00
iven	820e3a1ffe	feat(runtime): add streaming support to LlmDriver trait ... - Add StreamChunk and StreamEvent types for Tauri event emission - Add stream() method to LlmDriver trait with async-stream - Implement Anthropic streaming with SSE parsing - Implement OpenAI streaming with SSE parsing - Add placeholder stream() for Gemini and Local drivers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 01:44:40 +08:00
iven	ae4bf815e3	fix(kernel): 使用 Kernel 配置的 model 而非 Agent 持久化的旧值 ... 问题：在"模型与 API"页面切换模型后，对话仍使用旧模型 根因：Agent 配置从数据库恢复，其 model 字段优先于 Kernel 配置 修复： - kernel.rs: send_message/send_message_stream 始终使用 Kernel 的当前 model - openai.rs: 添加 User-Agent header 解决 Coding Plan API 405 错误 - kernel_commands.rs: 添加详细调试日志便于追踪配置传递 - troubleshooting.md: 记录此问题的排查过程和解决方案 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-23 22:56:06 +08:00
iven	58cd24f85b	feat: add internal ZCLAW kernel crates to git tracking	2026-03-22 09:26:36 +08:00