36 Commits

Author	SHA1	Message	Date
iven	5816f56039	fix(runtime,hands): 搜索功能修复 — glm空参数回退+schema简化 ... 根因: glm-5.1 不理解 oneOf+const 复杂 schema，发送 tool_calls 时 arguments 为空 {}。同时缺少从对话上下文提取用户意图的回退机制。 修复: 1. researcher input_schema 从 oneOf+const 改为扁平化属性 — glm 正确传参 2. loop_runner 增加 empty-input 回退 — 从最近用户消息注入 _fallback_query 3. researcher infer_action 增加 _fallback_query 分支处理 4. 调试日志降级 INFO→DEBUG (openai tool_calls delta, researcher input)	2026-04-22 16:06:47 +08:00
iven	3cb9709caf	fix(runtime): SSE行缓冲 — 修复glm tool call参数截断丢失 ... 根因: OpenAI driver的SSE解析直接按TCP chunk分行, 当glm的JSON响应被拆成多个TCP包时,SSE data行被截断, 导致tool call arguments丢失(input={})。 修复: 1. 添加pending_line缓冲区,跨chunk累积不完整的SSE行 2. 只处理完整的行(\n结尾),未完成的保留到下次 3. researcher.infer_action()增加更多字段推断(search/keyword/q等) 验证: 99 tests PASS, 160 hands tests PASS	2026-04-22 15:20:23 +08:00
iven	bc9537cd80	fix(hands): hand_researcher 参数容错 — LLM不传action字段时自动推断 ... 根因: glm等国内LLM调用hand_researcher时不带action字段， 导致"missing field action"反复报错触发LoopGuard拦截。 修复: execute()先尝试严格反序列化，失败时调用infer_action() 从输入字段推断意图: - 有query → search - 有url → fetch - 有urls → summarize - 都没有 → 友好错误提示 验证: 160 tests PASS	2026-04-22 14:23:52 +08:00
iven	bb1869bb1b	fix(hands): 搜索引擎优先级调整 — 国内用户优先百度+Bing CN ... 中国用户无法使用 Google/DuckDuckGo(被墙)，调整策略: 1. Google/DuckDuckGo 路由降级到百度(非Bing) 2. search_native() 所有查询统一百度+Bing CN并行 3. DDG仅作为最后后备(主引擎都空时才尝试) 4. 移除 CJK 分支逻辑 — 百度+Bing CN 对中英文都有效	2026-04-22 14:06:20 +08:00
iven	6d7457de56	fix(hands): 搜索引擎升级 — DDG改POST + Jina Reader内容提取 ... 借鉴DeerFlow(ddgs库)架构改进搜索: 1. DDG搜索从GET改为POST(form-encoded),匹配ddgs库行为 2. 新增Jina Reader API(r.jina.ai)用于网页内容提取,返回干净Markdown 3. Jina失败时自动降级到原有HTML解析 4. 支持 ZCLAW_JINA_API_KEY 环境变量(可选,免费tier无需key) 5. 内容截断4096字符(DeerFlow模式) 验证: 160 tests PASS, 0 warnings, workspace check clean	2026-04-22 12:59:48 +08:00
iven	ee56bf6087	fix(hands): 搜索结果质量过滤 — 去除JS/CSS/广告等垃圾内容 ... 问题：HTML解析器提取搜索引擎页面中的导航/脚本/广告片段， 导致搜索结果混入 function()/var/stylesheet 等垃圾文本。 修复： - 新增 is_quality_result() 过滤函数，检查 title/snippet/url 质量 - 拒绝含 JS 关键词(function/var/const/window/document)的标题 - 拒绝含 CSS 标识(.css/stylesheet)的标题 - 拒绝过短(<2)或过长(>300)的标题 - 拒绝 javascript:/data: URL - strip_html_tags 添加空白折叠 + 更多HTML实体 - 三个解析器(DDG/Bing/百度)全部接入质量过滤 测试: 68 PASS (新增8个质量过滤测试)	2026-04-22 12:16:02 +08:00
iven	5a0c652f4f	fix(hands): 审计修复 — SSRF防护/输入验证/HTTP状态检查/解析加固 ... 三维度穷尽审计(安全+质量+正确性)后修复: CRITICAL: - execute_fetch() 添加完整 SSRF 防护(IPv4/IPv6/私有地址/云元数据/主机名黑名单) - reqwest 重定向策略限制为3次，阻止重定向链 SSRF - DDG HTML 解析: split("result__body") → split("class=\"result__body\"") 防误匹配 - Google 变体降级到 Bing 时添加 tracing::warn 日志 HIGH: - ResearchQuery 输入验证: 查询≤500字符, max_results≤50, 空查询拒绝 - Cache 容量限制: 200 条目上限 + 简单淘汰 - extract_href_uddg 手动 URL 解码替换为标准 percent_decode - 3个搜索引擎方法添加 HTTP status code 检查(429/503 不再静默) MEDIUM: - config.toml default_engine 从 "searxng" 改为 "auto"(Rust 原生优先) - User-Agent 从机器人标识改为浏览器 UA，降低反爬风险 - 百度解析器从精确匹配改为 c-container 包含匹配，覆盖更多变体 - 添加 url crate 依赖 测试: 60 PASS (新增12: SSRF 5 + percent_decode 3 + 输入验证 4)	2026-04-22 12:11:35 +08:00
iven	95a05bc6dc	feat(hands): Rust原生多引擎搜索 — DuckDuckGo HTML/Bing CN/百度并行聚合 ... - 用 DuckDuckGo HTML 搜索(html.duckduckgo.com)替换 Instant Answer API，获得真正搜索结果 - 新增 Bing CN 搜索(cn.bing.com)，中文查询自动切换 - 新增百度搜索(baidu.com/s)，中文内容覆盖 - CJK 自动检测：中文查询并行搜索 Bing+Baidu+DDG，英文查询 DDG+Bing - 结果去重(URL) + 按相关性排序 - SearXNG 保留为可选后端，不再强制依赖 Docker - 137 tests PASS（新增 20 个：HTML解析/CJK检测/辅助函数/引擎测试）	2026-04-22 11:41:19 +08:00
iven	0fd981905d	fix(hands): 集成 SearXNG 元搜索引擎 — 替换不可用的 DuckDuckGo Instant Answer API ... - ResearcherHand 新增 search_searxng() 方法，调用 SearXNG JSON API 聚合 70+ 搜索引擎 - SearchEngine 枚举增加 SearXNG 变体，路由逻辑按配置分发搜索后端 - Auto 模式: SearXNG 优先 → DuckDuckGo fallback - config.toml [tools.web.search] 新增 searxng_url/searxng_timeout 配置 - docker-compose.yml 新增 SearXNG 服务容器 (searxng-config/settings.yml) - 新增 6 个 SearXNG 相关单元测试 (响应解析/URL构造/分数归一化/配置加载) - 验证: 124 tests PASS, workspace 0 warnings	2026-04-22 10:52:13 +08:00
iven	8691837608	fix(runtime,hands): 4项根因修复 — URL编码/Browser桩/定时解析/LLM超时 ... 1. researcher.rs: url_encode() chars→bytes，修复中文搜索URL编码 (U+533B→%533B 改为 UTF-8 %E5%8C%BB) 2. browser.rs: WebDriver不可用时返回明确错误而非静默成功， 防止LLM误以为操作已完成 3. nl_schedule.rs: 新增相对延迟解析(秒后/分钟后/小时后)， 避免fallback到LLM幻觉cron 4. 4个LLM driver: 移除http1_only()防reqwest解码错误， 超时120s→300s适配工具调用链，Anthropic裸Client::new()补全配置	2026-04-22 03:24:55 +08:00
iven	b726d0cd5e	fix(growth,memory,hands): 穷尽审计后 4 项修复 — 伪造时间戳+测试覆盖+注释纠正 ... CRITICAL: - user_profile_store: find_active_pains_since 改为 find_active_pains， 移除无意义 .filter(|_| true)，不再伪造 created_at=since HIGH: - daily_report: 移除虚假的 "Emits Tauri event" 注释（事件发射是调用方职责） - daily_report: chrono::Local → chrono::Utc 一致性修复 - 新增 8 个单元测试: PainPoint 系列测试 + find_since + get_events_since 验证: zclaw-memory 54 PASS, zclaw-growth 151 PASS, zclaw-hands 5 PASS	2026-04-21 18:45:10 +08:00
iven	ae56aba366	feat(hands,desktop): C线差异化 — 管家日报 + 零配置引导优化 ... C1 管家日报: - 新增 _daily_report Hand (daily_report.rs) — 5个测试 - 增强 user_profile_store — PainPoint 结构体 + find_active_pains_since + resolve_pain - experience_store 新增 find_since 日期范围查询 - trajectory_store 新增 get_events_since 日期范围查询 - 新增 DailyReportPanel.tsx 前端日报面板 - Sidebar 新增"日报"导航入口 C3 零配置引导: - 修复行业卡点击后阶段推进 bug (industry_discovery → identity_setup) 验证: 940 tests PASS, 0 failures	2026-04-21 18:23:36 +08:00
iven	74ce6d4adc	fix(growth,hands): 穷尽审计后 3 项修复 — browser 文档注释 + experience_store warn 日志 + identity 数字更正 ... - browser.rs: 过时 doc comment pending_execution → delegated_to_frontend - experience_store.rs: merge 反序列化失败时 warn!() + fallback 覆写 - wiki/log.md: identity_patterns 43→54 更正	2026-04-21 12:46:26 +08:00
iven	9a2611d122	fix(growth,hands,kernel,desktop): Phase 1 用户可感知修复 — 6 项断链修复 ... Phase 1 修复内容: 1. Hand 执行前端字段映射 — instance_id → runId，修复 Hand 状态追踪 2. Heartbeat 痛点感知 — PAIN_POINTS_CACHE + VikingStorage 持久化 + 未解决痛点检查 3. Browser Hand 委托消息 — pending_execution → delegated_to_frontend + 中文摘要 4. 跨会话记忆检索增强 — 扩展 IdentityRecall 模式 26→43 + 弱身份信号检测 + 低结果 fallback 5. Twitter Hand 凭据持久化 — SetCredentials action + 文件持久化 + 启动恢复 6. Browser 测试修复 — 适配新的 delegated_to_frontend 响应格式 验证: cargo check ✅ | cargo test 912 PASS ✅ | tsc --noEmit ✅	2026-04-21 10:18:25 +08:00
iven	4329bae1ea	fix(audit): Batch 2 生产代码 unwrap 替换 (20 处) ... P0 修复: - viking_commands.rs: URI 路径构建 unwrap → ok_or_else 错误传播 - clip.rs: 临时文件路径 unwrap → ok_or_else (防 Windows 中文路径 panic) P1 修复: - personality_detector.rs: Mutex lock unwrap → unwrap_or_else 防中毒传播 - pptx.rs: HashMap.get unwrap → expect (来自 keys() 迭代) P2 修复: - 4 处 SystemTime.unwrap → expect("system clock is valid") - 4 处 dev_server URL.parse.unwrap → expect("hardcoded URL is valid") - 9 处 nl_schedule Regex.unwrap → expect("static regex is valid") - 5 处 data_masking Regex.unwrap → expect("static regex is valid") - 2 处 pipeline/state Regex.unwrap → expect("static regex is valid") 全量测试通过: 719 passed, 0 failed	2026-04-19 08:38:09 +08:00
iven	cb9e48f11d	refactor(hands): 移除空壳 Hand — Whiteboard/Slideshow/Speech (Phase 5) ... 删除 3 个仅含 UI 占位的 Hand，清理 Rust 实现与前端引用： - Rust: whiteboard.rs(422行) + slideshow.rs(797行) + speech.rs(442行) - 前端: WhiteboardCanvas + SlideshowRenderer + speech-synth + 相关类型/常量 - 配置: 3 个 HAND.toml - 净减 ~5400 行，Hands 9→6(启用) + Quiz/Browser/Researcher/Collector/Clip/Twitter/Reminder	2026-04-17 19:55:59 +08:00
iven	28c892fd31	fix(chat): 聊天定时功能断链接通 — NlScheduleParser + _reminder Hand ... 接通"写了没接"的定时功能断链： - NlScheduleParser has_schedule_intent/parse_nl_schedule 接入 agent_chat_stream - 新增 _reminder 系统 Hand 作为定时触发器桥接 - TriggerManager hand_id 验证对 _ 前缀系统 Hand 放行 - 聊天消息含定时意图时自动拦截，创建触发器并返回确认消息 验证：cargo check 0 error, 49 tests passed, Tauri MCP "每天早上9点提醒我查房" → cron 0 9 * * * 确认正确显示	2026-04-15 09:45:19 +08:00
iven	3f2acb49fb	fix: pre-release audit fixes — Twitter OAuth, DataMasking perf, Prompt versioning ... - Twitter like/retweet: return explicit unavailable error instead of sending doomed Bearer token requests (would 403 on Twitter API v2) - DataMasking: pre-compile regex patterns with LazyLock (was compiling 6 patterns on every mask() call) - Prompt version: fix get_version handler ignoring version path param, add service::get_version_by_number for correct per-version retrieval	2026-04-09 16:43:24 +08:00
iven	26a833d1c8	fix: resolve 17 P2 defects and 5 P3 defects from pre-launch audit ... Batch fix covering multiple modules: - P2-01: HandRegistry Semaphore-based max_concurrent enforcement - P2-03: Populate toolCount/metricCount from Hand trait methods - P2-06: heartbeat_update_config minimum interval validation - P2-07: ReflectionResult used_fallback marker for rule-based fallback - P2-08/09: identity_propose_change parameter naming consistency - P2-10: ClassroomMetadata is_placeholder flag for LLM failure - P2-11: classroomStore userDidCloseDuringGeneration intent tracking - P2-12: workflowStore pipeline_create sends actionType - P2-13/14: PipelineInfo step_count + PipelineStepInfo for proper step mapping - P2-15: Pipe transform support in context.resolve (8 transforms) - P2-16: Mustache {{...}} → \${...} auto-normalization - P2-17: SaaSLogin password placeholder 6→8 - P2-19: serialize_skill_md + update_skill preserve tools field - P2-22: ToolOutputGuard sensitive patterns from warn→block - P2-23: Mutex::unwrap() → unwrap_or_else in relay/service.rs - P3-01/03/07/08/09: Various P3 fixes - DEFECT_LIST.md: comprehensive status sync (43/51 fixed, 8 remaining) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-06 00:49:16 +08:00
iven	1fec8cfbc1	fix(arch): unify TS/Rust types + classroom persistence registration + approval audit ... - M11-03: Register ClassroomPersistence via Tauri .setup() hook with in-memory fallback. Previously missing — classroom commands would crash at runtime. - M3-02: Document BrowserHand as schema validator + TypeScript delegation passthrough (dual-path architecture explicitly documented). - M4-04: Add defense-in-depth audit logging in execute_hand() and execute_hand_with_source() when needs_approval hands bypass approval gate. - TYPE-01: Add #[serde(rename_all = "camelCase")] to Rust AgentInfo. Add missing fields to TS AgentInfo (messageCount, createdAt, updatedAt). Fix KernelStatus TS interface to match Rust KernelStatusResponse (baseUrl/model instead of defaultProvider/defaultModel). - SEC2-P1-01: Document EXTRACTION_DRIVER OnceCell as legacy path; Kernel struct field is the active path. - TriggerSource: Add #[derive(PartialEq)] for approval audit comparisons.	2026-04-04 21:09:02 +08:00
iven	59f660b93b	fix(hands): add max_concurrent + timeout_secs fields + hand timeout enforcement ... M3-04/M3-05 audit fixes: - HandConfig: add max_concurrent (u32) and timeout_secs (u64) with serde defaults - Kernel execute_hand: enforce timeout via tokio::time::timeout, cancel on expiry - All 9 hand implementations: add max_concurrent: 0, timeout_secs: 0 - Agent createClone: pass soul field through to kernel - Fix duplicate soul block in agent_create command	2026-04-04 18:41:15 +08:00
iven	52bdafa633	refactor(crates): kernel/generation module split + DeerFlow optimizations + middleware + dead code cleanup ... - Split zclaw-kernel/kernel.rs (1486 lines) into 9 domain modules - Split zclaw-kernel/generation.rs (1080 lines) into 3 modules - Add DeerFlow-inspired middleware: DanglingTool, SubagentLimit, ToolError, ToolOutputGuard - Add PromptBuilder for structured system prompt assembly - Add FactStore (zclaw-memory) for persistent fact extraction - Add task builtin tool for agent task management - Driver improvements: Anthropic/OpenAI extended thinking, Gemini safety settings - Replace let _ = with proper log::warn! across SaaS handlers - Remove unused dependency (url) from zclaw-hands	2026-04-03 00:28:03 +08:00
iven	07099e3ef0	test(hands): expand Slideshow tests (4→34) and fix Clip invalid action test ... Slideshow: add navigation edge cases, autoplay/pause/resume, spotlight/ laser/highlight defaults, content block deserialization, Hand trait dispatch, and add_slide helper tests. Clip: fix test_execute_invalid_action to expect Err (execute returns HandError for unknown variants). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 01:13:15 +08:00
iven	dce9035584	test(hands): add 28 unit tests for Twitter Hand ... Cover config defaults, 13 action types deserialization, serialization roundtrip, credential management, and data type parsing. Also add PartialEq derive to HandStatus for test assertions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 01:01:37 +08:00
iven	17a2501808	test(hands): add unit tests for BrowserHand + fix requires_approval config ... Fix needs_approval field in BrowserHand::new() from false to true to match the TOML config (hands/browser.HAND.toml says requires_approval = true). Browser automation has security implications and should require approval. Add 11 unit tests covering: - Config id and enabled state - needs_approval correctness (after fix) - Action deserialization (Navigate, Click, Type, Scrape, Screenshot) - Roundtrip serialization for all major action variants - BrowserSequence builder with stop_on_error() - Multi-step sequence execution - FormField deserialization Also add stop_on_error() builder method to BrowserSequence which was referenced in the test plan but missing from the struct. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 23:22:18 +08:00
iven	cc7ee3189d	test(hands): add unit tests for CollectorHand + fix HTML extraction position tracking ... Fix extract_visible_text to use proper byte position tracking (pos += char_len) instead of iterating chars without position context, which caused script/style tag detection to fail on multi-byte content. Also adds script/style stripping logic and raises truncation limit to 10000 chars. Adds 9 unit tests covering: - Config identity verification - OutputFormat serialization round-trip - HTML text extraction (basic, script stripping, style stripping, empty input) - Aggregate action with empty URLs - CollectorAction deserialization (Collect/Aggregate/Extract) - CollectionTarget deserialization	2026-04-01 23:21:43 +08:00
iven	59fc7debd6	feat(hands): add 25 unit tests + fix summary + fix HTML extraction for ResearcherHand ... - Add comprehensive test suite: config, types, action deserialization, URL encoding, HTML text extraction, hand trait methods - Fix summary field: generate rule-based summary from top search results (was always None) - Fix extract_text_from_html: correct position tracking for script/style tag detection Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-01 23:16:57 +08:00
iven	813b49a986	feat: P0 KernelClient功能修复 + P1/P2/P3质量改进 ... P0 KernelClient 功能断裂修复: - Skill CUD: registry.rs create/update/delete + serialize_skill_md + kernel proxy - Workflow CUD: pipeline_commands.rs create/update/delete + serde_yaml依赖 - Agent更新: registry update方法 + AgentConfigUpdated事件 + agent_update命令 - Hand流式事件: HandStart/HandEnd变体替换ToolStart/ToolEnd - 后端验证: hand_get/hand_run_status/hand_run_list确认实现完整 - Approval闭环: respond_to_approval后台spawn+5分钟超时轮询 P2/P3 质量改进: - Browser WebDriver: TCP探测ChromeDriver/GeckoDriver/Edge端口替换硬编码true - api-fallbacks: 移除假技能和16个捏造安全层，替换为真实能力映射 - dead_code清理: 移除5个模块级#![allow(dead_code)]，删除3个真正死方法， 删除未注册的compactor_compact_llm命令，warnings从8降到3 - 所有变更通过cargo check + tsc --noEmit验证	2026-03-30 10:55:08 +08:00
iven	13c0b18bbc	feat: Batch 5-9 — GrowthIntegration桥接、验证补全、死代码清理、Pipeline模板、Speech/Twitter真实实现 ... Batch 5 (P0): GrowthIntegration 接入 Tauri - Kernel 新增 set_viking()/set_extraction_driver() 桥接 SqliteStorage - 中间件链共享存储，MemoryExtractor 接入 LLM 驱动 Batch 6 (P1): 输入验证 + Heartbeat - Relay 验证补全（stream 兼容检查、API key 格式校验） - UUID 类型校验、SessionId 错误返回 - Heartbeat 默认开启 + 首次聊天自动初始化 Batch 7 (P2): 死代码清理 - zclaw-channels 整体移除（317 行） - multi-agent 特性门控、admin 方法标注 Batch 8 (P2): Pipeline 模板 - PipelineMetadata 新增 annotations 字段 - pipeline_templates 命令 + 2 个示例模板 - fallback driver base_url 修复（doubao/qwen/deepseek 端点） Batch 9 (P1): SpeechHand/TwitterHand 真实实现 - SpeechHand: tts_method 字段 + Browser TTS 前端集成 (Web Speech API) - TwitterHand: 12 个 action 全部替换为 Twitter API v2 真实 HTTP 调用 - chatStore/useAutomationEvents 双路径 TTS 触发	2026-03-30 09:24:50 +08:00
iven	a71c4138cc	fix(audit): 修复深度审计发现的 P0/P1 问题 (8项) ... 基于 DEEP_AUDIT_REPORT.md 修复 2 CRITICAL + 4 HIGH + 1 MEDIUM 问题: - C1: PromptOnly 技能集成 LLM 调用 — 定义 LlmCompleter trait， 通过 LlmDriverAdapter 桥接 zclaw_runtime::LlmDriver， PromptOnlySkill.execute() 现在调用 LLM 生成内容 - C2: 反思引擎空记忆 bug — 新增 query_memories_for_reflection() 从 VikingStorage 查询真实记忆传入 reflect() - H7: Agent Store 接口适配 — KernelClient 添加 listClones/createClone/ deleteClone/updateClone 方法，映射到 agent_* 命令 - H8: Hand 审批检查 — hand_execute 执行前检查 needs_approval， 需审批返回 pending_approval 状态 - M1: 幽灵命令注册 — 注册 hand_get/hand_run_status/hand_run_list 三个 Tauri 桩命令 - H1/H2: SpeechHand/TwitterHand 添加 demo 标签 - H5: 归档过时 VERIFICATION_REPORT 文档更新: DEEP_AUDIT_REPORT.md 标记修复状态，README.md 更新 关键指标和变更历史。整体完成度从 ~50% 提升至 ~58%。	2026-03-27 09:36:50 +08:00
iven	0d4fa96b82	refactor: 统一项目名称从OpenFang到ZCLAW ... 重构所有代码和文档中的项目名称，将OpenFang统一更新为ZCLAW。包括： - 配置文件中的项目名称 - 代码注释和文档引用 - 环境变量和路径 - 类型定义和接口名称 - 测试用例和模拟数据 同时优化部分代码结构，移除未使用的模块，并更新相关依赖项。	2026-03-27 07:36:03 +08:00
iven	aa6a9cbd84	feat: 新增技能编排引擎和工作流构建器组件 ... refactor: 统一Hands系统常量到单个源文件 refactor: 更新Hands中文名称和描述 fix: 修复技能市场在连接状态变化时重新加载 fix: 修复身份变更提案的错误处理逻辑 docs: 更新多个功能文档的验证状态和实现位置 docs: 更新Hands系统文档 test: 添加测试文件验证工作区路径	2026-03-25 08:27:25 +08:00
iven	1441f98c5e	feat(hands): implement 4 new Hands and fix BrowserHand registration ... - Add ResearcherHand: DuckDuckGo search, web fetch, report generation - Add CollectorHand: data collection, aggregation, multiple output formats - Add ClipHand: video processing (trim, convert, thumbnail, concat) - Add TwitterHand: Twitter/X automation (tweet, retweet, like, search) - Fix BrowserHand not registered in Kernel (critical bug) - Add HandError variant to ZclawError enum - Update documentation: 9/11 Hands implemented (82%) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 13:22:44 +08:00
iven	3ff08faa56	release(v0.2.0): streaming, MCP protocol, Browser Hand, security enhancements ... ## Major Features ### Streaming Response System - Implement LlmDriver trait with `stream()` method returning async Stream - Add SSE parsing for Anthropic and OpenAI API streaming - Integrate Tauri event system for frontend streaming (`stream:chunk` events) - Add StreamChunk types: Delta, ToolStart, ToolEnd, Complete, Error ### MCP Protocol Implementation - Add MCP JSON-RPC 2.0 types (mcp_types.rs) - Implement stdio-based MCP transport (mcp_transport.rs) - Support tool discovery, execution, and resource operations ### Browser Hand Implementation - Complete browser automation with Playwright-style actions - Support Navigate, Click, Type, Scrape, Screenshot, Wait actions - Add educational Hands: Whiteboard, Slideshow, Speech, Quiz ### Security Enhancements - Implement command whitelist/blacklist for shell_exec tool - Add SSRF protection with private IP blocking - Create security.toml configuration file ## Test Improvements - Fix test import paths (security-utils, setup) - Fix vi.mock hoisting issues with vi.hoisted() - Update test expectations for validateUrl and sanitizeFilename - Add getUnsupportedLocalGatewayStatus mock ## Documentation Updates - Update architecture documentation - Improve configuration reference - Add quick-start guide updates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 03:24:24 +08:00
iven	84601776d9	feat(hands): add Browser Hand for web automation ... Add BrowserHand implementation with: - BrowserAction enum for all automation actions - Navigate, Click, Type, Scrape, Screenshot, FillForm - Wait, Execute (JavaScript), GetSource, GetUrl, GetTitle - Scroll, Back, Forward, Refresh, Hover, PressKey, Upload - Hand trait implementation with config and execute - Integration with existing Tauri browser commands Browser Hand enables agents to interact with web pages for navigation, form filling, scraping, and automation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 03:07:27 +08:00
iven	0ab2f7afda	feat(phase4): complete zclaw-skills, zclaw-hands, zclaw-channels, zclaw-protocols 模块实现	2026-03-22 08:57:37 +08:00