qzl/social-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
189 Commits 2 Branches 0 Tags
8da9377ed9af3c1076c88aebcee8ccc282fc2ee4
Commit Graph

62 Commits

Author SHA1 Message Date
qzl 95d6927724 fix: 后端 JWT 验证改为 HS256 方式提升认证可靠性 2026-03-10 17:43:55 +08:00
zl-q c9a2c75c35 fix: 增强云端 Supabase 认证可靠性,修复验证码失败可观测性 
- JWT 验证器新增 apikey 参数,支持云端 JWKS 认证头
- Auth 网关新增上游超时/错误映射为 503 状态码
- Auth 网关新增重定向 URL 校验,阻断开放重定向风险
- 用户依赖传递 anon_key 给 JWT 验证器
- 新增相关单元测试覆盖 JWKS 头、503 映射、重定向校验
- 新增实现计划文档
 2026-03-10 09:11:27 +08:00
qzl 6fe2e7b6c3 refactor: 迁移本地 Supabase 到云端,使用 JWKS 进行 JWT 验证 
- 新增 JwtVerifier 支持 RS256 + JWKS 验证
- 简化 docker-compose,删除本地 Supabase 服务(kong/auth/storage等)
- 删除冗余的 Supabase 配置文件(volumes目录)
- 适配测试用例以支持新配置方式
- 更新运行时文档和迁移计划
 2026-03-09 18:03:04 +08:00
zl-q 3ac09475ad feat(agent): add voice input capability and standardize tool naming 
- Add voice recording with transcribe endpoint (ASR) for multimodal input
- Android: add RECORD_AUDIO and INTERNET permissions
- Refactor tool naming: frontend tools use 'front.' prefix, backend tools use 'back.'
- Migrate calendar tools: create_calendar_event -> back.mutate/list/delete events
- Add calendar_event_list.v1 and calendar_operation.v1 UI card types
- Update all Flutter and Python tests to match new tool naming conventions
- Add record package dependency for voice recording
 2026-03-09 00:10:09 +08:00
zl-q 2980213a5b fix(agent): stabilize live e2e tool execution and loop isolation 2026-03-08 22:41:59 +08:00
zl-q 14508c52f6 merge: integrate feature/tasks-8-9-multimodal-asr into dev 2026-03-08 17:35:53 +08:00
zl-q 1060503a2d feat(agent): support multimodal intent input and ASR transcribe endpoint 2026-03-08 17:34:28 +08:00
zl-q daa1c86d02 feat(agent): complete task4-6 tool result persistence flow 2026-03-08 17:07:09 +08:00
zl-q 8a23018b6d feat(agent): migrate to native CrewAI tool loop and async resume enqueue 2026-03-08 16:01:16 +08:00
zl-q 120df903d2 feat: AG-UI 协议对齐与路由导航功能 
- 前端: 添加 SSE 流式支持、stateSnapshot 事件、路由导航工具
- 前端: 实现工具调用审批流程,支持 pending 状态展示
- 后端: Agent 状态管理与会话持久化相关重构
- 文档: 新增 agent-agui-full-alignance 设计文档
- 测试: 补充相关单元测试和集成测试
 2026-03-07 17:30:20 +08:00
zl-q ec33bb0cee refactor: 统一认证端点并删除冗余 profile 模块 
- 合并 auth 端点: /verifications/verify → /verify, /verifications/resend → /resend
- 整合密码重置到 /verify 端点 (type=recovery)
- 移除未使用的 /auth/users 端点
- 添加 redirect URL 白名单验证 (site_url + additional_redirect_urls)
- 限流改用 Redis + IP 标识,替代内存锁
- 删除 v1/profile 死代码模块
- 更新前端 auth_api 适配新端点
- 添加 supabase site_url 和 additional_redirect_urls 配置
 2026-03-07 14:55:00 +08:00
qzl 1f6cb1a48f refactor: 删除未使用的 api_external_url 配置并完善 runtime 文档 
- 删除 SupabaseSettings 中未使用的 api_external_url computed field
- 更新测试文件移除相关测试用例
- backend/AGENTS.md 新增软删除设计规则
- runtime-database.md 更新表结构(删除 user_agents,表名更新为 agent_chat_sessions/messages,system_agents)
- runtime-frontend.md 补充路由结构和功能模块说明
- 根 AGENTS.md 清理过时技能路径引用
 2026-03-06 18:25:18 +08:00
qzl 105e7849fe refactor: Web 服务器从 gunicorn 迁移到 uvicorn 2026-03-06 17:55:01 +08:00
qzl b6087fd195 chore: checkpoint current backend/runtime changes 2026-03-06 17:28:17 +08:00
qzl 2c59fe5ee2 refactor: 统一 Redis 连接管理,改用 RedisService 
- App 启动时初始化 RedisService,关闭时释放连接
- Celery worker 通过 worker_process_init 钩子初始化 Redis
- Agent 端点改用 RedisService 替代直接创建连接
- Celery task 改为 async def,使用统一连接
- 删除无用的 infra 模块和 core/http/models
- 日志脱敏,不记录 Redis 密码
- 初始化失败时 fail-fast
- 异常发布添加二级保护
 2026-03-06 16:11:43 +08:00
qzl c5ccfc4b88 feat(agent): add redis short-term user context cache and align tests 2026-03-06 12:02:10 +08:00
qzl db158de39c feat(agent): 实现 Agent Runtime LLM 配置与消息元数据结构化支持 2026-03-05 18:25:51 +08:00
qzl b486e78ff3 feat(agent): complete closed-loop runtime and pricing fallback 2026-03-05 15:34:37 +08:00
qzl b02a322bf3 refactor: 移除 crewai agent 架构相关代码并更新 LLM 配置 2026-03-04 11:37:09 +08:00
qzl 80cbb3512f refactor: 切换到 litellm,删除未使用的代码 
- 添加 litellm 依赖,统一 LLM 调用层
- 新增 litellm_client.py 支持多厂商
- 更新 llm_catalog.yaml 添加 litellm_model 映射
- 删除旧的 cost_tracker.py (litellm 内置 cost 追踪)
- 删除未使用的 multimodal.py 和 storage_adapter.py
- 删除空文件 crewai/__init__.py, tools/__init__.py
- 更新测试以适配新代码
 2026-03-03 17:52:34 +08:00
qzl 30a4a1af5d fix(agent): polish interrupt-resume flow for merge readiness 2026-03-03 17:26:04 +08:00
qzl 9aefb76c9e fix(agent): address CRITICAL/HIGH security and validation issues 
- Fix SSE JSON injection: use json.dumps for safe serialization
- Add tool validation to dispatcher with allowlist
- Add field validation to tool_registry with proper error handling
- Add run_id consistency check (409 on mismatch)
- Add RunAgentInput constraints: min_length, extra=forbid
- Fix crewai_flow: use Field(default_factory), prefix unused params
 2026-03-03 16:25:43 +08:00
qzl ff85c1ab08 test(agent): update tool registry test to match security policy 2026-03-03 16:02:32 +08:00
qzl f7df9d679f fix(agent): enforce tool security checks and audit logging 2026-03-03 16:01:04 +08:00
qzl 6a4c98bb63 feat(agent): close interrupt resume tool result loop 2026-03-03 16:00:11 +08:00
qzl 5bac134506 feat(agent): add sse run/resume endpoints with auth 2026-03-03 15:55:38 +08:00
qzl c76d4d415f fix(agent): serialize crewai flow stages and remove nested asyncio.run 2026-03-03 15:49:03 +08:00
qzl 3a64410641 feat(agent): add interrupt-aware tool dispatcher 2026-03-03 15:44:41 +08:00
qzl dedd23fdf9 fix(agent): enforce idempotent resume transition 2026-03-03 15:43:10 +08:00
qzl cff1436bc6 feat(agent): persist pending tool call in session snapshot 2026-03-03 15:39:56 +08:00
qzl e03923e593 feat(agent): add tool registry domain validation 2026-03-03 15:30:53 +08:00
qzl 17e6de177c refactor(agent): align chat schema with full run agent input 2026-03-03 15:29:46 +08:00
qzl 971ba30032 test: add unit tests for load_user_agent_catalog function 
- test_user_agent_catalog_file_exists_and_has_required_fields: verifies catalog file exists with correct structure
- test_load_user_agent_catalog_raises_on_invalid_structure: verifies invalid YAML is properly rejected
 2026-03-02 16:05:30 +08:00
qzl 6b32990986 refactor: 重构 config 目录结构,按领域分类静态配置 2026-03-02 14:40:45 +08:00
qzl 99d540a18d refactor: 重命名 agent_chat 模块为 agent 2026-03-02 11:13:20 +08:00
qzl b417bc800a Merge branch 'feature-calendar-sharing' into dev 2026-02-28 13:28:49 +08:00
qzl ce8cd1d31f fix: address CRITICAL security issues - permission escalation and encoding inconsistency 2026-02-28 12:40:40 +08:00
qzl 173d91086f test: add calendar sharing tests and update API docs 2026-02-28 12:28:45 +08:00
qzl 330589f702 Merge remote-tracking branch 'origin/feature/friendship' into dev 2026-02-28 12:22:18 +08:00
qzl e0cd20f16e test: add integration tests for friendship routes 2026-02-28 12:16:06 +08:00
qzl 7a49783156 feat: add share calendar API 2026-02-28 12:15:59 +08:00
qzl 709ae5ab73 feat: add inbox messages module for calendar invitations 2026-02-28 12:09:34 +08:00
qzl b66a8499ed fix: change friendship status values from accepted/pending to active in tests 2026-02-28 12:04:26 +08:00
qzl 17551d662b feat(friendships): implement FriendshipService with TDD 
- Add send_request(), accept_request(), decline_request(), cancel_request()
- Add get_inbox(), get_outgoing_requests(), get_friends_list(), remove_friend()
- Add unit tests for all service methods (14 tests)
- Update FriendRequestResponse schema to include 'canceled' status
- Follow async SQLAlchemy patterns and BaseService conventions
 2026-02-28 12:01:57 +08:00
qzl 50b38de488 feat: add schedule items CRUD API 
- Add ScheduleItem Pydantic schemas with metadata support
- Add repository layer with CRUD operations
- Add service layer with authorization
- Add FastAPI router with all endpoints
- Add unit and integration tests
- Update API documentation
 2026-02-28 11:34:49 +08:00
qzl 598c6c2ec5 feat(friendships): create module structure and schemas 2026-02-28 11:30:18 +08:00
qzl dbd3f68dd4 test: add invite code validation tests and fix migration rollback 
- Add TestInviteCodeSignup integration tests for valid/invalid invite codes
- Fix migration downgrade: avoid dropping trigger dependency
- Add DB CHECK constraint for invite_codes.code format
- Update runtime-route.md with invite_code documentation
- Update runtime-runbook.md with change log
 2026-02-28 10:56:09 +08:00
qzl e4e995854d feat: 实现密码重置功能与用户搜索API,优化注册登录流程 
- 新增忘记密码页面与重置密码确认流程(前端+后端)
- 修复注册验证码页登录跳转路由
- 新增用户搜索API(按邮箱查询)
- 简化infra脚本,统一为app.sh
- 补充密码重置与用户API测试覆盖
- 更新runtime文档与AGENTS配置
 2026-02-27 15:22:42 +08:00
qzl 6641eba9df feat: split initial social schema migration chain 
replace monolithic migration with ordered scripts, include profiles/sessions in migration, and verify full downgrade/upgrade cycle for clean Supabase bootstrap
 2026-02-26 17:58:37 +08:00
qzl 2994cc708c fix: update E2E tests for RESTful endpoints 2026-02-26 14:43:52 +08:00