97 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
WangDL	3fd5f94db5	feat: complete M0-01 — TraceId + BaseService + DomainEvent + SensitiveLogger	2026-05-22 22:19:06 +08:00
WangDL	25d25b44f0	fix: don't kill stream after approval — only abort on stop	2026-05-22 19:18:27 +08:00
WangDL	e6ecb2c48f	fix: remove break after approval.request — let stream continue	2026-05-22 19:15:54 +08:00
WangDL	2753063b6f	feat: pass through approval.request events + approval endpoint	2026-05-22 17:31:55 +08:00
WangDL	fc2725b5df	feat: forward tool.started/completed events in SSE stream	2026-05-22 17:20:28 +08:00
WangDL	ff56b79659	fix: knowledgeItems → items	2026-05-22 15:54:25 +08:00
WangDL	0e85231712	feat: admin knowledge base list with Prisma	2026-05-22 15:54:06 +08:00
WangDL	644d62681e	ci: use fetch+reset for force push safety	2026-05-22 15:44:38 +08:00
WangDL	997b3c0cdb	feat: admin cost management — CRUD + monthly summary + expiry	2026-05-22 15:40:24 +08:00
WangDL	c6aa4cf88a	feat: admin billing API — DeepSeek + SiliconFlow balances	2026-05-22 15:31:51 +08:00
WangDL	ee6ef23fb2	revert: remove billing module — already exists elsewhere	2026-05-22 15:28:02 +08:00
WangDL	c170f6048b	feat: admin billing API — query DeepSeek + SiliconFlow balances	2026-05-22 15:23:25 +08:00
WangDL	cdf6195e6d	chore: update remote to wangdl/api-server	2026-05-22 15:05:46 +08:00
WangDL	97af7f4cce	fix: skip /data disk when identical to / on remote	2026-05-22 14:12:42 +08:00
WangDL	7c712bc931	fix: add python/main.py process aliases	2026-05-22 14:09:15 +08:00
WangDL	3079b2a18e	fix: clean rewrite remote metrics with individual SSH calls	2026-05-22 14:04:14 +08:00
WangDL	27dfc1c028	fix: add newlines to remote SSH awk commands	2026-05-22 14:00:31 +08:00
WangDL	fc968830c5	fix: correct ps auxww column parsing + robust remote SSH script	2026-05-22 13:57:26 +08:00
WangDL	92173cb8c4	fix: single SSH script for remote metrics + Chinese uptime + process desc	2026-05-22 13:51:19 +08:00
WangDL	1776bed47e	feat: friendly process names + data disk + public IPs + domains	2026-05-22 13:42:42 +08:00
WangDL	13a7718a3c	fix: simplify remote SSH commands for reliability	2026-05-22 13:34:08 +08:00
WangDL	ad6112f4ab	fix: use wangdl.pem for 4-core SSH	2026-05-22 13:31:45 +08:00
WangDL	f30a446bd5	feat: server metrics API — local os + remote SSH	2026-05-22 13:30:44 +08:00
WangDL	c31725433d	feat: runs + SSE streaming proxy from Hermes /v1/runs	2026-05-22 11:29:22 +08:00
WangDL	aa0575b71b	fix: normalize IP by stripping ::ffff: prefix	2026-05-22 11:23:06 +08:00
WangDL	63e73ecfaa	fix: trust proxy for real client IP from Nginx	2026-05-22 11:20:54 +08:00
WangDL	f2d3f3f13f	feat: add AdminMessage persistence + conversation title auto-set + messages API	2026-05-22 11:03:24 +08:00
WangDL	73e52d2201	fix: add validation decorators to conversation DTO	2026-05-22 10:49:27 +08:00
WangDL	f20bdc0d7a	feat: add conversation management — sessionId + X-Hermes-Session-Id + CRUD	2026-05-22 10:43:18 +08:00
WangDL	3b42a8618a	refactor: remove hardcoded system prompt — let Hermes handle natively	2026-05-22 10:28:41 +08:00
WangDL	c2e8f92abe	refactor: remove DeepSeek fallback — Hermes only; fail fast on error	2026-05-22 10:10:11 +08:00
WangDL	6413936472	ci: fix missing DATABASE_URL env for prisma migrate	2026-05-22 10:08:24 +08:00
WangDL	ea7f6736df	ci: add NestJS build + deploy — npm ci + prisma + nest build + rsync + restart	2026-05-22 10:04:47 +08:00
WangDL	34774e5325	fix: type cast messages for DeepSeekProvider compatibility	2026-05-22 00:28:12 +08:00
WangDL	a550ce2e67	feat: route admin chat through Hermes Agent API (DeepSeek fallback)	2026-05-22 00:20:34 +08:00
WangDL	2b0bc92ebb	feat: add hermes dashboard config endpoint to admin-ai-chat	2026-05-22 00:02:14 +08:00
WangDL	f2d1c16299	fix: correct AdminRole import path in admin-ai-chat controller	2026-05-21 23:58:56 +08:00
WangDL	017d78a8d6	fix: add admin-ai-chat module + fix AdminUsersModule PasswordService dependency	2026-05-21 23:57:59 +08:00
WangDL	b8a1fb0921	feat: add admin backend modules — dashboard, audit-log, admin-users ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-21 17:22:48 +08:00
WangDL	5a7c21dd60	feat: implement complete admin authentication system ... - Add AdminRole enum (SUPER_ADMIN/ADMIN/OPERATIONS/DEVELOPER/READONLY) with hierarchy - Add PasswordService (bcryptjs, 12 rounds), AdminTokenService (type=admin JWT) - Add AdminAuthService: login/lockout/refresh/logout with audit logging - Add AdminAuthController: /admin-api/auth/{login,refresh,logout,me} - Add AdminAuthGuard: validates type=admin, user status, session, lockout - Add AdminRolesGuard + @AdminRoles() decorator for RBAC - Add AdminAuditService for audit log persistence - Add AdminLoginRateLimit (10 req/15min per IP) - Add prisma/seed.ts for SUPER_ADMIN initialization via env vars - Update JwtAuthGuard to skip /admin-api/* and /internal/* paths - Update main.ts to exclude admin-api/internal from global 'api' prefix - Update jwt.config.ts with admin JWT secrets and expiry config Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-21 15:05:31 +08:00
WangDL	e5c6113b25	feat: add admin_users, admin_sessions, admin_audit_logs tables ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-21 14:39:38 +08:00
WangDL	69dbf24237	simplify CI: remove Docker deploy, keep only RAG Worker + health ... API runs via systemd on port 3000, Docker deployment not needed yet. Health check now targets the actual running API. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 17:30:59 +08:00
WangDL	1fb6dd4929	fix: Dockerfile build arg for prisma generate + cleanup deploy ... - Add ARG DATABASE_URL to Dockerfile so prisma generate works at build time - Fix env file path (/opt/zhixi/env/ not /etc/zhixi/) - Fix MySQL container name (mysql, not mysql-zhixi) - Use correct DB name (zhixi_prod) - Prevent duplicate mysql/redis containers from docker compose Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 17:25:35 +08:00
WangDL	c64dc9c95a	fix: correct .env.production path for Docker container ... /opt/zhixi/env/.env.production, not /etc/zhixi/.env.production Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 17:20:54 +08:00
WangDL	b00c320496	fix: target prod runner (runs-on: prod) instead of ubuntu-latest ... Root cause: deploy.yml used runs-on: ubuntu-latest, which matched the 4C4G web runner instead of the 8C32G prod runner. The web runner doesn't have access to /opt/zhixi/, systemd, or Docker. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 17:11:02 +08:00
WangDL	2d6c02609e	fix CI: correct Gitea URL (10.2.0.7:3000) + sudo for systemctl ... Root cause: git clone http://localhost:3000 failed because port 3000 is NestJS, not Gitea. Use internal network URL instead. Also add sudo to privileged commands and set -e to fail fast. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 16:57:16 +08:00
WangDL	744f2118a8	fix: User=ubuntu in service file, simplify CI deploy step ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 16:51:43 +08:00
WangDL	7f70d0c78f	fix: remove ExecStartPre, use systemd-run for optional self-test ... Service file is now minimal (no startup script dependency). CI step verifies reranker importability via systemd-run on host. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 16:38:23 +08:00
WangDL	88a2162b62	fix systemd: use startup.sh instead of inline ExecStartPre ... Multi-line Python in ExecStartPre is invalid systemd syntax. Extract pip install + reranker self-test into startup.sh. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 16:32:22 +08:00
WangDL	e0110fd8f8	fix CI: move Python deps + reranker test to systemd ExecStartPre ... Runner container lacks Python 3.11, so pip install and self-test now run as ExecStartPre in zhixi-worker.service on the host. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 16:25:52 +08:00