Fifth-round codex+gemini final verification: Gemini gave Ready-to-plan;
codex gave Ready-with-caveats with 5 surgical contract gaps. All 5
closed in v2.5:
1. reconcile status=retry semantics pinned: original task returns to
queued with attempts+1, no cloning, no new job. §6.4 route note,
§7.5 UNKNOWN reconcile table (renamed from "重新创建任务" to "重新
运行"), and §15.1 Mermaid all agree.
2. content_ref workspace boundary rule (Phase 1): tenant-native
entities (article_draft/template_gen/video/brand_asset) must
belong to actor's primary workspace, otherwise 422. Added to
Plan 0 cross-workspace pentration test exit bar.
3. WorkspaceScope input surface unified: removed workspace_id= query
from §6.8.2 modal example; scope solely derived from Actor.
4. Contract drift cleanup: GET /api/desktop/accounts?client=self
return fields add delete_requested_at; retry path clarified to
JSON body.
5. Parked Web cancel endpoint: new POST /api/tenant/tasks/{id}/cancel
(WorkspaceScope) for aborting parked/queued tasks; §15.1 Mermaid
updated with queued→aborted edge and endpoint labels.
Header upgraded to v2.5.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Third-round Claude+Codex+Gemini architect review surfaced foundation-
level issues that prior local patches missed. Codex verdict was
Needs-rework; Gemini verdict was Ready-with-caveats. v2.3 lands all
2 Critical + 9 Warning + 3 Info.
Critical:
- C1 workspace-as-first-class: Prior drafts added a WorkspaceScope
middleware, but Codex verified code: Actor/Claims carry only tenant_id,
cache_support keys scope to tenant, workspaces table migration does
not exist, tenant_monitoring_quotas tracks primary_installation_id.
Add a new Plan 0 (Workspace foundation uplift, 2-3w, blocks Plan A)
covering workspaces + memberships migrations, claims extension,
cache-key rewrite, and the full monitoring-domain migration checklist
(new §6.1.1). §2 hard-constraint 8 rewritten; new hard-constraint 9
reserves credential_holder / account_home naming for future evolution.
- C2 CDP stream-capture path was still inconsistent: Fetch.continueResponse
+ takeResponseBodyAsStream cannot chain per CDP semantics. v2.3 moves
EventSource to Network.eventSourceMessageReceived, fetch-stream to
Network.streamResourceContent + dataReceived (Chromium >=120, OK on
Electron 41), and reserves Fetch only for must-mutate scenarios
without chained continueResponse. Plan A now requires a provider x
transport spike matrix (0.5w) before any adapter work.
Warning:
- W1 Patch-channel minimal loop (G1) promoted from Plan C to Plan B,
so Beta exit criteria are satisfiable.
- W2 waiting_user decoupled from lease: becomes a parked state that
releases the lease, survives hours of human review, and is resumed
via POST /tasks/{id}/lease?from_parked=true.
- W3 credential_holder/account_home evolution seam formalized.
- W4 §6.1.1 lists 8 monitoring-domain migration items that were
previously hidden inside "sqlc rename".
- W5 Deep-link nonce becomes a one-time opaque code bound to
target_client_id, Redis-jti consumed on verify.
- W6 §10.3 block H raised from 1.5w to 2.5-3w after Gemini verified
PublishArticleModal's accounts[0] assumption needs a real rewrite.
- W7 MarkdownPreview extracted into packages/ui-shared so Web preview
and Desktop manual review use the same renderer.
- W8 packages/http-client gains a standardized SseClient (backoff +
Last-Event-ID + snapshot + dedup), shared by both apps.
- W9 Trace viewer now runs inside a CSP-sandboxed iframe with hash
routing for file:// loads; trace data flows in via postMessage.
Info:
- I1 §14 adapter map appendix; Hunyuan renamed to Yuanbao with the
correct entry domain (yuanbao.tencent.com).
- I2 UNKNOWN tasks gain a reconcile workflow (mark-succeeded /
mark-failed / ignore / recreate), plus weekly in-app nudge.
- I3 New §15 listing the 5 Mermaid diagrams Plan A must produce
(sequence, lease state machine, account resync, multi-instance
topology, component tree).
Total effort re-estimated from 24-28w to 28-33w; split expands from
3 plans to 4 (Plan 0 -> A -> B -> C).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
User feedback integrated:
- LLM monitoring scope: 3 → 5 providers (add Hunyuan + Kimi).
Keep-alive table in §4.4 gets 2 rows (default 8 min heartbeat,
re-evaluate on integration). Block B effort 2-3w → 4-5w; total
22-26w → 24-28w; Plan B scope updated.
- New §6.8 "admin-web coordination" covering:
- Publish modal with *account-level* selection (not platform-level):
one workspace has many accounts per platform (e.g., 5 WeChat);
one job expands to N desktop_tasks each bound to (platform, account).
- Media data dashboards at account-level granularity (overview,
publish history, monitoring results).
- New /api/tenant/* aggregation + SSE event bus (separate channel
from /api/desktop/events).
- Offline degradation UX when client(s) are offline.
- Account data consistency: client is SoT for account existence,
server stores projection; startup resync on upsert/delete.
- georankly:// deep links with installed-client detection fallback.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Captures the full plan for replacing apps/browser-extension with an
Electron tray client: single main process with multi-session isolation,
embedded web-view login with OS-encrypted local cookie vault, CDP-based
LLM monitoring (no official APIs, cost-driven), unified PublishAdapter
and MonitorAdapter interfaces with dual-track updates (per-adapter patch
channel + full release channel), Playwright-grade tracing, new
/api/desktop/* protocol with SSE + 60s pull, and 5-arch multi-OS
packaging strategy.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Updated the regex for placeholder matching to support more flexible key formats.
- Refactored variable storage to allow both ID and key lookups in rendering.
- Improved schema validation to check for duplicate keys and enforce non-empty keys.
- Added new utility functions for variable value lookup and display name generation.
- Enhanced tests to cover new key-based variable scenarios.
- Refactored KolPrompt repository to simplify prompt storage and management, including the removal of obsolete revision handling.
- Introduced new API endpoints for saving, activating, and archiving prompts.
- Added new utility functions for handling Kol placeholders and platform options in the admin web.
- Implemented database migrations to simplify prompt storage structure and ensure data integrity.
Addresses all critical findings from review:
- KOL identity via prompt_share_profiles, not platform_role
- Prompts stored as sealed article_templates, not parallel system
- Platform-level packages with proper API path separation
- Generation pipeline integrated with existing tx/quota/idempotency
- Variable model with immutable IDs and version snapshots
- Independent kol_assist_tasks table (decoupled from template_assist_tasks)
- Complete resource lifecycle and auth chain
- Consistent tenant-level subscription entity
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Implemented KnowledgeHandler for managing knowledge groups and items, including listing, creating, updating, and deleting operations.
- Added database migration scripts to create necessary tables for knowledge management, including knowledge_groups, knowledge_items, knowledge_parse_tasks, and knowledge_chunks_meta.
- Introduced prompt_rule_knowledge_groups table to associate prompt rules with knowledge groups.
- Removed ListQuestionVersions method and associated types from BrandService and Queries.
- Updated PromptRuleGenerationService to change task naming and handling.
- Enhanced ScheduleTaskService to support filtering by created date range and keyword.
- Introduced InstantTaskService for managing instant tasks with appropriate filtering and response structures.
- Added InstantTaskHandler for handling API requests related to instant tasks.
- Created InstantTaskTab component for the admin web interface to display and manage instant tasks.
- Updated database migrations to rename source types for articles and generation tasks.
- Adjusted models and repository queries to reflect the removal of question version handling.
- Implemented tenant and user management features including:
- Tenant creation and management with associated migrations.
- User creation and management with associated migrations.
- Tenant membership management with associated migrations.
- Platform user roles management with associated migrations.
- Quota management with associated migrations.
- Article and template management with associated migrations.
- Added HTTP handlers for templates and workspaces.
- Created tests for protected and public routes.
- Introduced a script to check tenant scope in SQL queries.
- Documented task plan for backend completion and frontend foundation.