Commit Graph

386 Commits

Author SHA1 Message Date
Xu Liang f38930b0ac feat(desktop): implement client token rotation and session management enhancements
Desktop Client Build / Resolve Build Metadata (push) Successful in 27s
Desktop Client Build / Build Desktop Client (push) Successful in 22m14s
Desktop Client Build / Publish Client Artifacts to NAS (push) Successful in 26s
2026-05-08 11:43:25 +08:00
root c26da5cf72 feat(installer): add custom install and uninstall macros for Shengxintui protocol
Desktop Client Build / Resolve Build Metadata (push) Successful in 30s
Frontend CI / Frontend (push) Successful in 3m53s
Backend CI / Backend (push) Failing after 11m8s
Desktop Client Build / Build Desktop Client (push) Successful in 26m32s
Desktop Client Build / Publish Client Artifacts to NAS (push) Successful in 54s
2026-05-07 13:54:04 +08:00
root 0a7b216513 fix(knowledge): refresh inflight items and skip empty chunked groups
Poll the knowledge item list every 5s while any item is still pending
or processing so the UI reflects ingestion progress without manual
refresh, and exclude items that have no active chunks from group
counters so groups with no usable content do not appear populated.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 12:08:03 +08:00
root 7443bb3260 feat(templates): confirm before leaving wizard with draft content
Intercept route changes and tab close when the template wizard has
unsubmitted content so users can save a draft, discard, or stay instead
of silently losing their progress.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 12:07:51 +08:00
root c1e7c5e90c feat(publish): add tenant publish management with desktop deep-link
Expose tenant-authenticated publish task list and retry endpoints so the
admin web can show desktop publish state without an Electron bridge, and
register a `shengxintui://` deep-link so the page can hand off to the
desktop client workbench.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 12:07:28 +08:00
root 7d82c5c193 feat(article): support regenerating failed articles 2026-05-07 10:55:44 +08:00
root ff2bb77cdd fix(web): suppress duplicate toasts when auth session expires
Desktop Client Build / Resolve Build Metadata (push) Successful in 32s
Frontend CI / Frontend (push) Successful in 4m4s
Desktop Client Build / Publish Client Artifacts to NAS (push) Has been cancelled
Desktop Client Build / Build Desktop Client (push) Has been cancelled
Mark 401/refresh-failure errors as handled so per-view catch blocks fall
through silently while a single global "登录已过期" warning is shown.
Centralize ops-web error rendering via showOpsError.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 00:12:29 +08:00
root fcc9df0d34 style(desktop): let main views fill available width and drop settings client badge
Remove the 1400px max-width cap on Home/Accounts/AiPlatforms/PublishManagement
so content stretches with the window, and clean up the unused online-clients
badge from the settings sidebar.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 23:06:00 +08:00
root d27be641b9 chore(desktop): bump kimi query timeout to 250s
Kimi's reasoning mode now needs noticeably longer to respond, so raise
the per-query timeout from 120s to 250s to avoid premature failures.
2026-05-06 21:34:19 +08:00
root df467b63b4 feat(desktop): refresh publish tasks instantly on lease activation
Emit a 'publish-task-lease' runtime invalidation event whenever the
scheduler activates a publish task, and have PublishManagementView
listen for it to trigger an immediate refresh. The view also switches
to a 5s active-task poll only while a task is in_progress, replacing
the unconditional 20s timer.
2026-05-06 21:34:13 +08:00
root ddce8b3d8d refactor(desktop): extract qwen auth rules into adapter module
Move the Qwen page-state probe, session detection, and silent probe
helpers out of account-binder into apps/desktop-client/src/main/adapters/qwen,
mirroring the Kimi adapter layout. Generic AI auth no longer special-cases
qwen since the platform now owns its own credential rules.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 21:33:40 +08:00
root 47681ab1f5 feat(desktop): report current user online clients 2026-05-06 18:25:05 +08:00
root 930f095c64 fix(desktop): shorten initial account probe delay 2026-05-06 18:21:38 +08:00
root bb7221d674 feat(desktop): add batch account probes 2026-05-06 18:21:08 +08:00
root f3487bcacf fix(desktop): isolate AI account auth probes 2026-05-06 18:20:10 +08:00
Xu Liang a99d7a4971 refactor(desktop): tighten account dedup, probe scheduling, and session cleanup
- Dedup AI platform accounts by platform ID rather than identity key, preferring higher health rank then newer verified_at
- Clean up session data and health records when duplicate or replaced accounts are removed
- Remove reconcileTrackedAccountRemoteState — no longer optimistically trust remote health state
- Spread initial probes over a random window (5s–3min) to avoid thundering-herd on startup
- Stop scheduling a next probe after an account is marked expired
- Update AI platforms stats strip to show authorized/pending instead of configured/authorized

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 15:38:53 +08:00
root e3c0fe98d7 refactor(admin-web): tighten publish modal status display
Frontend CI / Frontend (push) Successful in 2m29s
Backend CI / Backend (push) Successful in 13m51s
Move publish-state pill next to account name, surface device name in the
client-status tag with truncation + tooltip, and switch the card click
target from disabled to aria-disabled so tooltips remain interactive.
Also disable the keyword selector in the brand question form to prevent
mid-edit reassignment.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 13:42:58 +08:00
root 1ba29b9a09 feat(desktop): isolate platform accounts per desktop client
Frontend CI / Frontend (push) Successful in 3m4s
Backend CI / Backend (push) Successful in 14m24s
Scope desktop media accounts by the authenticated desktop client_id so
the same user logging in from Mac and Windows no longer sees a shared
account list. The list, identity lookup, upsert, patch, tombstone and
async health sink paths now all require matching client_id, and the
active uniqueness index moves from (workspace, platform, uid) to
(workspace, client, platform, uid).

Also strengthen the desktop client_id seed: when the OS machine id is
unavailable, fall back to a hashed fingerprint of stable hardware MAC
addresses before the random installation id, so the same hardware
keeps the same client across reinstalls.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 13:13:11 +08:00
root f6aed87e44 chore: enable ws proxy in admin-web dev server and log compliance recheck failures
- admin-web vite dev server now proxies websockets on /api so live
  features (e.g. SSE/WS) work in development.
- Tenant desktop publish compliance recheck now logs warnings when the
  query, scan or row iteration fails so the silent 50118 errors can be
  diagnosed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 12:57:03 +08:00
root 68089d065f refactor(desktop): show authorized AI platforms count on shell
The shell badge and the AI Platforms overview now report platforms
whose binding is locally authorized (authState=active) instead of the
total bound platforms, so the number reflects how many monitoring
sources are actually usable.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 12:56:54 +08:00
root 13464c7788 fix(desktop): normalize API base URL across renderer and main
Replace ad-hoc trim/fallback logic with a shared normalizer that strips
trailing slashes and accidental /api suffixes, rejects non-http schemes,
and rewrites Vite dev origins (517x) back to localhost:8080 so the
desktop client never points its API client at the renderer dev server.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 12:56:47 +08:00
root 7b4d7ccf68 feat(ops): add job center for cross-source job operations
Provide a unified ops console for inspecting, retrying and cancelling
jobs across generation, template/kol assist, knowledge parse, desktop
publish/task, compliance review and monitoring collect sources. Wires
RabbitMQ for retry republish and consolidates the desktop_publish_jobs
columns into the base migration.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 12:56:39 +08:00
root 3c912949e4 fix client IP handling behind proxies
Deployment Config CI / Deployment Config (push) Successful in 27s
Frontend CI / Frontend (push) Successful in 3m2s
Backend CI / Backend (push) Successful in 14m8s
2026-05-05 23:01:25 +08:00
Xu Liang 680adf7b93 fix(desktop): scope account access to owning client and extend identity verification
Backend CI / Backend (push) Successful in 14m18s
Restrict account tracking, probing, and health reporting to accounts owned
by the current client (client_id match). Extend identity-match verification
to bilibili, juejin, and smzdm so session validity is confirmed locally
rather than deferred to remote health state. Server-side account view now
uses stored client_id as authoritative owner instead of presence data.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-05 22:09:10 +08:00
root 337bb6f9ac feat(publish): enhance compliance feedback and UI elements in PublishArticleModal
Deployment Config CI / Deployment Config (push) Successful in 28s
Backend CI / Backend (push) Successful in 14m8s
Frontend CI / Frontend (push) Failing after 2m1s
2026-05-05 21:01:11 +08:00
root 745cdd79cf feat(compliance): add content compliance detection across tenant, ops, and clients
Implements the Revision 8/9 compliance design: tenant + ops backends, ops-web
content-safety pages, admin-web editor/publish gate integration, desktop publish
block surfacing, and supporting migrations / shared types / config plumbing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 20:48:14 +08:00
root 82375cff46 feat(http): enhance request authorization handling for login requests
Frontend CI / Frontend (push) Successful in 1m53s
fix(login-view): improve error message formatting for login errors
2026-05-04 22:21:43 +08:00
root bbfeabdaa5 feat(login-guard): unlock entire scope and report deleted keys
Frontend CI / Frontend (push) Successful in 3m13s
Backend CI / Backend (push) Successful in 15m21s
Admin login-lock reset now SCANs and clears all auth:login:* keys (any
scope) and surfaces redis_deleted_keys / fallback_deleted_keys back to
ops-web so the operator can tell whether the cache was actually hit.
Also tracks paired keys via a per-identifier index plus an unlock marker
so legacy/in-flight pair locks get cleared on the next acquire.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 20:56:38 +08:00
Xu Liang 22d0cd63a1 chore: adjust main window size and fix titlebar overlay
Frontend CI / Frontend (push) Successful in 3m5s
Backend CI / Backend (push) Successful in 15m12s
- Increase default main window size from 1320x860 to 1420x960
- Use transparent titlebar overlay for all window modes
- Remove hardcoded CONFIG_PATH from dev-ops-api make target

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 19:26:10 +08:00
Xu Liang 6dd3bd8e9d feat: improve login UX and add admin login lock reset
- Translate all login error messages to Chinese (network errors, HTTP
  status codes, URL validation errors)
- Add password visibility toggle (eye icon) to login form
- Add live countdown timer when login is locked, disable login button
  during cooldown, auto-clear error when countdown ends
- Add X button red hover feedback in server settings dialog
- Add LoginGuard.Unlock() method to clear Redis lock/failure keys
- Expose POST /admin-users/:id/reset-login-lock endpoint in ops API
- Add "重置登录保护" button in ops-web user management table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 19:25:15 +08:00
root a4c654782b feat(desktop-client): split autostart and keep-alive per platform
Refactors openAtLogin and keepRunningInBackground to make the macOS/Windows
divergence explicit instead of leaning on Electron's cross-platform
abstraction:

- openAtLogin on Windows now passes path: process.execPath and args: []
  so the registry HKCU Run key always points at the right binary.
- keepRunningInBackground on Windows shows a one-shot tray balloon ("省心
  推已最小化到托盘…") so first-time users notice the app is still alive;
  persisted via a private hasShownBackgroundBalloon flag so it never fires
  again. macOS preserves the dock icon and stays silent.
- Sets AppUserModelID early on Windows so tray.displayBalloon's Win10+
  Toast routing actually fires.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 18:21:08 +08:00
root de63d0be5b feat(desktop-client): obfuscate JS bundles before packaging
Frontend CI / Frontend (push) Successful in 4m56s
Adds a post-build obfuscation step using javascript-obfuscator with
hidden vite sourcemaps chained back to TypeScript via @ampproject/remapping,
so production packages ship mangled code while debug-time maps still
resolve to original sources. Wires obfuscation into all package:* scripts
via a new build:obf step.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 17:12:55 +08:00
Xu Liang 3ee87fd91e chore: resolve merge conflict in bootstrap.ts
Keep settings window parent logic for Windows during merge with remote.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 14:44:23 +08:00
Xu Liang 0b9ca39c9f fix(desktop-client): make settings window a child of main window on Windows
Sets the settings window parent on creation and re-applies it on reveal
so it stays modal to the main window on win32.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-02 14:42:36 +08:00
root 501763c0d5 chore: update dependencies in pnpm-lock.yaml and Go modules
Frontend CI / Frontend (push) Has been cancelled
Backend CI / Backend (push) Has been cancelled
- Updated dompurify from 3.3.3 to 3.4.2
- Updated axios from 1.14.0 to 1.15.2
- Updated Go module github.com/golang-jwt/jwt/v5 from v5.2.1 to v5.2.2
- Updated Go module github.com/jackc/pgx/v5 from v5.5.5 to v5.9.0
- Updated Go module github.com/redis/go-redis/v9 from v9.5.1 to v9.7.3
- Updated Go module github.com/stretchr/testify from v1.9.0 to v1.11.1
- Updated various golang.org/x modules to their latest versions
- Updated google.golang.org/grpc from v1.66.0 to v1.79.3
- Updated google.golang.org/protobuf from v1.34.2 to v1.36.10
2026-05-02 00:49:35 +08:00
root 669c9f709a fix(admin-web): replace inline multi-statement @cancel handler
Frontend CI / Frontend (push) Successful in 2m31s
Prettier with semi:false stripped the semicolons that previously separated
the two inline statements, leaving the Vue compiler unable to parse the
expression. Extract closeItemModal() and bind the handler by reference.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 20:47:49 +08:00
root 162abdc97c chore(frontend): introduce prettier + eslint and prune unused code
Backend CI / Backend (push) Has been cancelled
Frontend CI / Frontend (push) Failing after 1m39s
- Add Prettier 3 with prettier-plugin-organize-imports (sorts/removes unused imports)
- Add ESLint 10 flat config with typescript-eslint + eslint-plugin-vue + eslint-config-prettier
- Add root scripts: format, format:check, lint, lint:fix
- Reformat 257 files across admin-web, ops-web, desktop-client, packages
- Remove unused locals/exports flagged by --noUnusedLocals/--noUnusedParameters
- Fix duplicate localTabLabel key, surrogate-pair regex u-flag, NBSP literal in regex
- Skip server/ (Go) and apps/browser-extension/ (deprecated per ADR)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 20:39:09 +08:00
root b6281efc16 chore(admin-web): rewrite media view copy without internal table names
Replace developer-facing references to platform_accounts with
user-friendly wording about bound desktop client accounts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 20:19:21 +08:00
root fb05f07e84 refactor(admin-web): drop eyebrow labels from page heroes
Remove the redundant eyebrow text above page titles in PageHero,
BrandsView and TrackingView, and clean up the now-unused i18n keys.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 20:19:14 +08:00
root 39ef1a6b7f feat(knowledge): add retry endpoint and 20-char text name limit
Add POST /api/tenant/knowledge/items/retry/:id to re-queue failed parse
tasks, plus a 20-rune cap on text item names with matching frontend
validation. Wires the retry button into the knowledge table with a
colored status tag for clearer state feedback.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 20:19:08 +08:00
root c1f07bfb65 fix(admin-web): add custom popup class for knowledge group tree dropdown
Frontend CI / Frontend (push) Has been cancelled
2026-05-01 18:54:28 +08:00
root 478d49a8d0 fix(ops-web): update placeholder text for phone number input fields
Frontend CI / Frontend (push) Has been cancelled
2026-05-01 18:35:29 +08:00
Xu Liang fd7b1b71c3 fix(admin-web): add WebSocket upgrade headers to nginx proxy config
Frontend CI / Frontend (push) Has been cancelled
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-01 18:20:13 +08:00
Xu Liang ba6ebec892 fix(desktop-client): prevent duplicate window creation and serialize mode switches
Frontend CI / Frontend (push) Successful in 2m24s
- Add creation promise guards (mainWindowCreatePromise etc.) so concurrent
  ensureXxxWindow() calls share a single in-flight BrowserWindow, avoiding
  duplicate windows on rapid IPC
- Add windowModeSwitchQueue to serialize desktop:set-window-mode calls and
  the initial startup switch, preventing races when login/logout fire quickly
- Fix retireInactiveAppWindows: also retire existing login windows when
  switching to login mode, so stale login windows don't accumulate

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-01 18:05:12 +08:00
Xu Liang 5cd5d6685b feat(desktop-client): adapt title bar and drag region for Windows/Linux
Frontend CI / Frontend (push) Has been cancelled
- Add appTitleBarStyle() and appTitleBarOverlay() helpers for cross-platform title bar
- Use titleBarOverlay on Windows/Linux so system caption buttons render correctly
- Disable minimize button on login window (non-resizable, no need to minimize)
- Detect platform at renderer startup and set data-platform on <html> for CSS targeting
- DesktopShell: flip drag bar layout — full-width minus caption area on Win/Linux, traffic-light gap on macOS
- LoginView: move top-bar to Win/Linux caption area (top: 34px), mirror to left on macOS

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-01 18:02:52 +08:00
Xu Liang b7e096ae37 feat(desktop-client): suppress native menu bar on Windows/Linux and support phone number login
- Add suppressNativeWindowMenu() to hide native menu bar on all windows (Win/Linux only)
- Set autoHideMenuBar: true on BrowserWindow creation as belt-and-suspenders
- Import Menu from electron/main to support menu suppression
- Login form: rename field from email to identifier, support phone number input
- Migrate saved credential key from geo_rankly_saved_email to geo_rankly_saved_identifier with fallback
- Update login error message: "邮箱或密码错误" → "账号或密码错误"
- Remove unset ELECTRON_RUN_AS_NODE from dev script (not needed on Windows)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-01 18:02:00 +08:00
root 54fc313e10 feat(desktop-client): tighten window mode switching and add win/linux package scripts
Frontend CI / Frontend (push) Successful in 2m18s
- Track each window's renderer mode in a WeakMap (and fall back to
  parsing ?window= from the URL) so retireInactiveAppWindows can
  destroy stale login/main/settings windows when we switch modes,
  not just the previous one of the canonical pair.
- Replace closeWindowAfterIpcReturn with retireWindowAfterIpcReturn
  (hides immediately, then destroys instead of close()) so the IPC
  reply still reaches the caller before teardown.
- Add waitForWindowReady() with a 1.2s ceiling and call it from
  revealWindow so we don't show a half-loaded shell while
  switchWindowMode is running. Pass the source window from the IPC
  event into switchWindowMode so the closing target is the actual
  caller, not a guess based on mode.
- Silence console.* and skip the observed-fetch install in packaged
  runtime, and only auto-openDevTools in dev.
- Eagerly import LoginView in App.vue instead of defineAsyncComponent
  to remove the boot flash on the login window.
- package.json: prefix package:* with `pnpm run build` and add
  package:win and package:linux for parity.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 17:20:18 +08:00
root 8b4697d605 chore(desktop-client): gate dev-only debug paths in packaged builds
Wrap the network observer, renderer-devtools proxy (both the main-side
ipc handler registration and the preload-side response listener), and
the auto-open-devtools triggers behind !app.isPackaged so packaged
builds don't ship debugging side channels. Add a tiny console-guard
imported first in renderer/main.ts that no-ops console.* in
import.meta.env.PROD so a packaged build stays quiet.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 17:20:00 +08:00
root fb1351d82b feat(desktop-client): add afterPack hook to clean up unnecessary localization files and include certificate files for code signing
Deployment Config CI / Deployment Config (push) Successful in 23s
Frontend CI / Frontend (push) Successful in 2m25s
2026-05-01 16:32:12 +08:00
root a9af6c634c chore(desktop-client): add macOS code-signing and notarization scaffolding
Backend CI / Backend (push) Successful in 13m6s
Deployment Config CI / Deployment Config (push) Successful in 17s
Frontend CI / Frontend (push) Successful in 2m24s
- Move the build config out of package.json into electron-builder.yml so
  the mac block can carry hardenedRuntime, entitlements, universal arch,
  and usage-description Info.plist keys. Drop identity:null (which
  forces unsigned builds) and let CSC_NAME or the keychain decide.
- Add entitlements plist files and three helper scripts: sign-setup.sh
  (one-time keychain prep with notarytool store-credentials),
  sign-mac.sh (sign + notarize + staple, supports keychain or CI env
  vars), and ci-import-cert.sh (CI keychain bootstrap).
- Ignore .env.signing so local credentials don't sneak into the repo,
  and pin @emnapi/{core,runtime} as devDependencies so universal builds
  resolve them deterministically.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 16:02:14 +08:00