feat: Implement Qwen adapter and enhance AI platform detection

- Added a new Qwen adapter to facilitate monitoring through Playwright, leveraging internal text/chat managers.
- Updated account detection logic to recognize Qwen sessions based on persisted cookies, improving binding reliability.
- Relaxed authentication requirements for monitor tasks, allowing anonymous execution for certain AI platforms.
- Enhanced the generic AI platform detection to include Qwen-specific logic, ensuring accurate session identification.
- Modified the monitoring dashboard to include runtime state indicating if the current user's desktop client is online.
- Updated various files including `account-binder.ts`, `runtime-controller.ts`, and `monitoring_service.go` to support new features and improvements.
This commit is contained in:
2026-04-20 19:10:35 +08:00
parent 69fd182755
commit 7abac1e9c4
13 changed files with 973 additions and 105 deletions
+13
View File
@@ -79,6 +79,14 @@
- Electron process metrics are sufficient to drive a two-tier adaptive concurrency policy: default to `1`, raise to `2` only when the machine looks healthy enough and multiple live AI accounts exist.
- Desktop task SSE events now carry optional `business_date`, `scheduler_group_key`, `question_text`, and `title` metadata derived from the task payload, allowing the local scheduler to defer same-question fan-out before leasing.
- A new hidden Playwright manager now connects to Electron Chromium through a local CDP endpoint and leases hidden pages bound to the existing account session partition, while leaving the legacy hidden-view path available for current adapters.
- The browser-extension `qwen` adapter does not rely on stable DOM selectors; it drives Tongyi's internal text/chat managers from `__TONGYI_PORTSL_GLOBAL_CONTAINER__` and reads results from `__qianwenChatAPI`, which makes Playwright page evaluation a better desktop port than raw HTTP.
- Qwen binding was previously too strict for desktop because the generic AI bind flow waited for obvious post-login UI signals like avatar/name; in practice Qwen can already have a durable session footprint before those signals render, so the bind window may fail to auto-close.
- Anonymous `curl` inspection of `https://www.qianwen.com/` currently returns an `XSRF-TOKEN` cookie even before login, so CSRF-only cookies should not count as authenticated AI session evidence.
- On this machine's real `pending-qwen-*` partition, a logged-in Qwen session persists cookies including `tongyi_sso_ticket`, `tongyi_sso_ticket_hash`, and `b-user-id`; these are materially stronger auth signals than generic DOM nickname/avatar detection.
- The user clarified that only `yuanbao`, `kimi`, and `deepseek` require login for monitor execution; other AI platforms may still ask questions and collect responses anonymously, so preflight auth gating must not block those monitor tasks.
- The `admin-web` tracking page still used the removed browser-plugin monitoring bridge for `立即采集`, even though the current monitoring architecture is desktop-client driven and runs silently in the background.
- The user clarified that `立即采集` must only be available when the current logged-in user's own desktop client is online; another user's online client in the same workspace must not make the action available.
- `MonitoringService.CollectNow` previously fell back to the most recently online workspace client regardless of `user_id`, so the backend rule did not match the desired UI rule until this turn.
## Technical Decisions
| Decision | Rationale |
@@ -98,6 +106,11 @@
| Add the local scheduler before wiring more monitor adapters | This aligns with the user's requirement that the client, not the server, decides actual execution timing |
| Keep publish-task execution behavior intact while evolving monitor-task scheduling | Publish is already working and should not be destabilized by monitor-specific policy changes |
| Build the hidden Playwright layer as reusable infrastructure instead of burying it inside one adapter | Qwen is the immediate motivation, but the same layer will likely be needed by other complex AI platforms |
| Port Qwen by evaluating in-page managers/state instead of reverse-engineering private APIs | The existing extension path already proved this is the stable way to drive Qwen's encrypted web client |
| Exclude CSRF-only cookie names from generic AI auth fingerprinting | Qwen sets `XSRF-TOKEN` on anonymous visits, which would otherwise create false-positive auth evidence |
| Only enforce active auth preflight for monitor tasks on `yuanbao`, `kimi`, and `deepseek` | The user explicitly allowed anonymous execution for the other AI monitoring platforms |
| Gate tracking `collect-now` on the current actor's online desktop client, not any workspace client | The user explicitly wants the action tied to the current logged-in account's client presence |
| Expose current-user desktop-client availability through the monitoring dashboard response | `TrackingView` already loads the dashboard, so returning the runtime bit there avoids a second frontend probe and keeps button gating aligned with backend validation |
## Issues Encountered
| Issue | Resolution |