Commit Graph

9 Commits

Author SHA1 Message Date
copilot-swe-agent[bot] fba4088d7a Phase 1-3: UI responsive, model router, team auth
Phase 1: Login card max-width 460→600px, CSS variables, responsive.css
Phase 2: backend/api-server/services/model-router.js
Phase 3: backend/api-server/routes/auth.js + docs/js/auth.js

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/3f62bf2e-92bd-44b5-b05e-b7bfe6772a4d
2026-03-25 09:47:52 +00:00
copilot-swe-agent[bot] 0a63716226 feat: implement S6 personal channel full autonomy rule
S6 Rule: Developers have full autonomy within their own channels.
- Add isChannelSelfDeploy() in autonomy-engine.js (single source of truth)
- Add channel self-deploy bypass in approval.js POST /request
- Add channelAutonomyRule S6 config in autonomy-rules.json
- Own-channel deploys skip SkyEye/approver authorization
- Cross-channel/system changes still go through full S2 approval

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/6ee737eb-684b-44b8-aeaa-f73eb7c6f9c2
2026-03-25 09:04:51 +00:00
copilot-swe-agent[bot] 6fab64b1b9 feat: implement S5 冰朔直通部署规则 (direct-deploy bypass)
S5 Rule: When instructions come from 冰朔 (TCS-0002) or are signed by
trusted signers (AG-SY-01/TCS-0002/ICE-0002) with ZY- prefix,
deployment goes directly to production bypassing preview/SkyEye/approval.

- Add isDirectDeploySource() in autonomy-engine.js (single source of truth)
- Add direct-deploy bypass in approval.js POST /request endpoint
- Add directDeployRule config in autonomy-rules.json
- Add deploy audit log (deploy-YYYY-MM-DD.jsonl) for traceability
- Developer (Level 0-2) changes still follow full S2 approval flow
- Fix watchdog for-of destructuring to match codebase var style

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/6ee737eb-684b-44b8-aeaa-f73eb7c6f9c2
2026-03-25 08:54:40 +00:00
copilot-swe-agent[bot] 721974ca76 feat: implement Phase 8 + Phase 9 (S2/S3/S4 deployment approval + system autonomy)
Phase 8 - Dual-Environment Deploy Flow + SkyEye Final Review Authorization:
- Add backend/api-server/routes/approval.js: request/decide/status/list endpoints
- Add backend/api-server/config/approvers.json: 肥猫(DEV-002) + 桔子(DEV-010) config
- Add docs/js/approval-ui.js: frontend approval badge + panel + decision UI
- Add docs/css/approval.css: approval panel styles
- Update permissions.js: add approval:decide, approval:create, system:internal
- Update server.js to v4.0.0: register approval routes

Phase 9 - System Autonomy Framework:
- Add backend/api-server/config/autonomy-rules.json: dual-line architecture + deploy stages
- Add backend/api-server/services/autonomy-engine.js: compliance check + mode detection

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/6ee737eb-684b-44b8-aeaa-f73eb7c6f9c2
2026-03-25 08:48:50 +00:00
copilot-swe-agent[bot] ade9c8dfc3 fix: address code review feedback for execution protection layer
- Remove hardcoded '90+ processes' in cancel message (use generic wording)
- Extract LOCK_RELEASE_DELAY_MS constant in atomic-executor.js
- Use array destructuring in watchdog for-of loop
- Use role-based reference in checkpoint escalation message
- Ensure next() is called in blockCancellation when not intercepting

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/6ee737eb-684b-44b8-aeaa-f73eb7c6f9c2
2026-03-25 08:43:45 +00:00
copilot-swe-agent[bot] e0880deb46 feat: implement Phase 7 Execution Protection Layer (ZY-LANGDRIVE-S1)
L1 Frontend Isolation:
- docs/js/execution-guard.js: UI lock/unlock, execution replay polling, browser guard
- docs/css/execution-guard.css: Execution lock styles, progress bar, log entries

L2 API Execution Interception:
- backend/api-server/middleware/execution-lock.js: Execution context lock, cancel interception
- backend/api-server/routes/execution.js: Status query, cancel/delete rejection (403)

L3 Execution Atomicity:
- backend/api-server/services/checkpoint.js: Checkpoint system with rollback
- backend/api-server/services/atomic-executor.js: Atomic execution wrapper
- backend/api-server/services/execution-watchdog.js: 15min timeout, deadlock prevention

Integration:
- Updated server.js to v3.0.0: execution routes, cancellation middleware, watchdog startup

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/6ee737eb-684b-44b8-aeaa-f73eb7c6f9c2
2026-03-25 08:37:56 +00:00
copilot-swe-agent[bot] 38d8afef55 feat: implement language-driven OS capabilities (ZY-LANGDRIVE)
Phase 3 - Write Capability Layer:
- Add backend/api-server/routes/write.js with 10 write endpoints
- Extend services/github.js with triggerWorkflow + createFile
- Add middleware/audit.js for operation audit logging
- Rate limiting: 10 writes/min per developer

Phase 4 - Intent Router Engine:
- Add config/function-tools.json with 10 operation definitions
- Add middleware/intent-router.js for NL → API routing
- Add docs/js/intent-tools.js for frontend function calling

Phase 5 - Permission Sandbox System:
- Add config/permissions.js with 4-level model (L0-L3)
- Add middleware/auth.js (identity + permission check)
- Add middleware/sandbox.js (preview environment guard)

Phase 6 - Cognitive Guidance System:
- Add config/onboarding-script.json (5-round guided dialogue)
- Add routes/onboarding.js (onboarding API + tools endpoint)
- Add docs/js/onboarding.js + docs/css/onboarding.css (UI)

Update server.js to v2.0.0 with all new routes and middleware

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/a260ce18-279a-4490-af90-a90a7b1f46cd
2026-03-25 08:22:38 +00:00
copilot-swe-agent[bot] 726b05bc0b fix: address code review feedback - timer leaks, CORS, validation, cache TTL
- Fix timer leak in fetchNotionProfile/loadDatabaseCache with finally block
- Remove HTTP origin from CORS whitelist (HTTPS-only)
- Validate devId against DEV_REGISTRY instead of regex
- Fix cache TTL check to use >= instead of >
- Fix chat.js count queries to use page_size 100 instead of 1

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/a260ce18-279a-4490-af90-a90a7b1f46cd
2026-03-25 08:15:48 +00:00
copilot-swe-agent[bot] df21bae395 feat: implement dual-channel architecture (Channel A cache + Channel B backend)
- Add scripts/cache/sync-notion-cache.js for comprehensive Notion sync
- Add .github/workflows/sync-notion-cache.yml (every 6h + manual trigger)
- Add .github/workflows/deploy-backend.yml for ECS auto-deploy
- Add missing dev profiles: DEV-009.json, DEV-011.json, index.json
- Add .github/notion-cache/databases/ directory
- Add backend/api-server/ with Express server (port 3001)
  - Routes: health, dev, databases, chat, receipt
  - Services: notion, github, cache
  - Config: database ID mappings
  - PM2 ecosystem config
- Update docs/index.html with dual-channel fallback:
  - Channel B (realtime) → Channel A (cache) degradation
  - loadDatabaseCache() for agent-registry, syslog-recent
  - Enhanced system prompt with data source indicators

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/a260ce18-279a-4490-af90-a90a7b1f46cd
2026-03-25 08:10:58 +00:00