api-server

Author	SHA1	Message	Date
wangdl	b0e9796acb	fix: use ConfigService for DeepSeek base URL in testCredential All checks were successful Deploy API Server / build-and-deploy (push) Successful in 43s Details - Replace hardcoded 'https://api.deepseek.com/v1/models' with config lookup - Single source of truth via ai.deepseek.baseUrl (DEEPSEEK_BASE_URL env) - Add ConfigService dep to UserAiService constructor + test mock Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:47:59 +08:00
wangdl	cb24e5fb96	fix: job-reaper batch-loop instead of single take:500 to avoid missing jobs All checks were successful Deploy API Server / build-and-deploy (push) Successful in 45s Details - Replace single findMany(take:500) with cursor-based while loop - REAP_BATCH_SIZE=500 constant; processes all stuck running + expired jobs - Prevents missing jobs when >500 are stuck simultaneously - Update tests: reset mocks before custom chains, explicit call ordering Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:45:36 +08:00
wangdl	c0594c518d	test: add concurrent resolveSnapshot race test (API-AI-R01) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 47s Details - Simulates two concurrent getSnapshot calls with no valid snapshot - Documents the known race: both trigger buildSnapshot, second update overwrites first - Verifies both calls complete without error (accepted-risk behavior) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:41:35 +08:00
wangdl	7725b3d2ea	perf: replace N+1 dedup queries with batch pre-fetch in convertCandidates All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details - convertQuizCandidates: batch findMany all stems before loop, dedup in-memory - convertFlashcardCandidates: batch findMany all fronts before loop, dedup in-memory - 50 items now = 1 query instead of 50 - Update tests: mock findMany instead of per-item findFirst Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:40:41 +08:00
wangdl	c2e5590718	fix: add observability to fire-and-forget persistResult & notifyJobComplete All checks were successful Deploy API Server / build-and-deploy (push) Successful in 44s Details - Add static counters: persistResultFailures, notifyFailures - Replace .catch(() => {}) with logger.error + counter increment - Add error-path unit tests for both counter increments - Reset counters in beforeEach for test isolation Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:38:30 +08:00
wangdl	7aea03f6e0	fix: clarify quota check is read-only, prevent refactoring pitfalls All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details - Rename checkAndReserve→checkQuota (method only reads, does not reserve) - Add doc comment: incrementJobCount is the actual quota reservation - Update user-ai.service.spec.ts references - Add comments for apiKeyMode/credentialId reassignment in budget fallback Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:36:01 +08:00
wangdl	c88af39673	feat: AI Runtime 完整业务逻辑实现 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 45s Details - runtime-internal.service: resolveSnapshot 自动重建、persistResult 5种jobType持久化、validateOutput 校验、convertQuizCandidates/convertFlashcardCandidates 候选转换、notifyJobComplete 通知、JOB_CANCELLED处理、heartbeat 双阶段更新+取消检测 - user-ai.service: createAnalysisJob 11步流程、cancelJob、publishQuiz/publishFlashcard、getAnalysis/listAnalyses等 - user-ai.controller: 20+ 用户API端点 - 新增服务: SnapshotBuilderService、PriorityRulesService、SnapshotCleanupService、JobReaperService - 新增模块: admin-learning (CRUD管理) - Prisma schema: cancelRequestedAt/cancelledAt/sourceBlockIds 字段、expiresAt 索引 - 文档: ai-runtime-user-api.md、Issue 记录 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:22:03 +08:00
wangdl	eba9632a4e	test: sync runtime-internal.service tests with current implementation (API-AI-062) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 45s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:12:02 +08:00
wangdl	02979e3c24	test: add unit tests for runtime-internal.service (API-AI-062) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 11:03:23 +08:00
wangdl	012e26b950	feat: API-Runtime 版本兼容协议 (API-AI-072) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details - pollJobs: 记录/更新 RuntimeInstance (capabilities + heartbeat) - submitResult: 校验 schemaVersion 匹配 job.outputSchemaVersion - heartbeat: 首次调用设置 startedAt - 错误码: RESULT_SCHEMA_UNSUPPORTED + RUNTIME_VERSION_INCOMPATIBLE Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 21:42:02 +08:00
wangdl	00ac32a103	feat: 平台 AI 预算、成本熔断与全局限流 (API-AI-071) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 45s Details - PlatformBudgetService: checkPlatformBudget / recordSuccess / recordFailure - 熔断器: closed → open (连续失败N次) → half_open (限制任务数) → closed - 平台日 token 预算 + 成本预算检查 - Admin 接口: transitionToHalfOpen / closeCircuit / getBudgetState - PlatformAiBudgetDaily 已存在于 Prisma schema Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 21:40:47 +08:00
wangdl	cc2ccbad59	fix: audit fixes for Runtime Internal API All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details 1. heartbeat: locked→running transition on first heartbeat 2. submitResult: validate job is locked/running before accepting 3. submitFailure: validate job is locked/running before accepting 4. resolveCredentialForJob: update lastUsedAt on credential 5. pollJobs: filter by capabilities (snapshotVersion + outputSchemaVersion) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 21:38:44 +08:00
wangdl	5cbf20046a	feat: 用户 AI 消费额度与日限流 (API-AI-070) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 43s Details - UserAiQuotaService: checkAndReserve / incrementJobCount / recordTokenUsage - 创建 Job 前检查 maxDailyAiJobs + maxDailyTokenBudget - Runtime 调用后更新 UserAiUsageDaily token 消耗 - user_deepseek_key 不计入平台 token 预算 - 超限返回 DAILY_JOB_LIMIT_EXCEEDED / DAILY_TOKEN_BUDGET_EXCEEDED Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 21:25:18 +08:00
wangdl	43e6e9029c	feat: Runtime Internal API (API-AI-028~034) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details - RuntimeInternalController: 7 个 /internal/runtime/* 端点 - RuntimeInternalService: Poll/Lock/Heartbeat/Snapshot/Credential/Result/Fail/Log - 复用 InternalAuthGuard + x-runtime-instance-id 追踪 - Job lock 防并发 (updateMany WHERE status=pending) - Result 幂等 (resultIdempotencyKey) - Failure retryable/non-retryable 处理 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 21:23:52 +08:00
wangdl	87fe180874	fix: add missing User relation on AiLearningAnalysis model All checks were successful Deploy API Server / build-and-deploy (push) Successful in 47s Details Prisma validation error P1012: User.aiAnalysisResultsNew missing opposite relation on AiLearningAnalysis. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 20:52:19 +08:00
wangdl	4cf2aa99fd	feat: 用户 AI 设置与 Key 管理 API (API-AI-011~015) Some checks failed Deploy API Server / build-and-deploy (push) Failing after 10s Details - UserAiController: GET/PUT /ai/profile, GET/PUT /ai/settings - UserAiController: CRUD /ai/model-credentials, POST test - UserAiService: Profile upsert, Settings默认创建, Key 生命周期 - CredentialEncryptionService: AES-256-GCM 加解密, SHA-256 hash, mask脱敏, 日志redact - AiRuntimeModule 注册到 AppModule Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 20:39:29 +08:00
wangdl	6888fe1d12	feat: AI Runtime Prisma Schema (API-AI-004~010 + 070/071/075) Some checks failed Deploy API Server / build-and-deploy (push) Failing after 11s Details 新增 18 个模型： - P0: UserLearningProfile, UserAiSettings, UserModelCredential - P0: AiRuntimeJob, AiRuntimeResult, LearningAnalysisSnapshot - P0: ModelInvocationLog, UserAiUsageDaily, PlatformAiBudgetDaily - P0: RuntimeInstance - P1 预留: AiLearningAnalysis, WeakPointCandidate, NextActionRecommendation, QuestionGenerationPlan, FlashcardGenerationPlan, Flashcard, AiArtifactFeedback User 模型补充新表 relation 字段。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 20:38:00 +08:00
wangdl	e6cbe16a11	feat: AI 数据权限、隐私授权与用户设置设计 (API-AI-003) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 42s Details 定义 7 项用户授权开关、12 项用户设置字段、4 层硬约束、8 级优先级体系、设备信息限制规则、Snapshot 过滤伪代码、DeepSeek Prompt 发送规则。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 20:36:40 +08:00
wangdl	045e0b2501	feat: AI Job 状态机与任务调度设计 (API-AI-002) Some checks failed Deploy API Server / build-and-deploy (push) Has been cancelled Details 定义 5 种 Job 类型、7 种状态、完整状态流转图、数据库字段、防并发锁定机制、retryable/non-retryable 分类、超时释放、幂等规则、Poll 调度策略。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 20:35:59 +08:00
wangdl	eea9e3e7c6	feat: API-Runtime 内部通信协议与 DTO (API-AI-001) Some checks failed Deploy API Server / build-and-deploy (push) Has been cancelled Details 定义 9 个 internal/runtime 接口的完整协议：Poll/Lock/Heartbeat/Snapshot/ Credential Resolve/Result/Fail/InvocationLog/Health。新增 RuntimeInternalDto 类型文件，复用 InternalAuthGuard 鉴权，与 Rust 侧可直接对齐。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 20:35:20 +08:00
wangdl	804c414901	feat: AI Runtime 总体架构文档 (API-AI-000) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 42s Details 定义 API / Rust Heavy Runtime / document runtime / iOS / Admin 职责边界、 Docker 内部网络部署、Job 异步任务流、用户 Key 与平台 Key 管理、失败重试与熔断、结果落库边界、RAG 共存策略与后续扩展预留。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 20:33:22 +08:00
wangdl	87cfa2c20d	fix: resolve AdminJwtGuard import error in reading-event module All checks were successful Deploy API Server / build-and-deploy (push) Successful in 44s Details - Fix AdminJwtGuard → AdminAuthGuard (guard file was admin-auth.guard.ts) - Add AdminAuthModule import to provide guard dependencies Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-11 20:27:15 +08:00
wangdl	6eae39a395	fix: register M8 modules in app.module.ts (routes were 404) Some checks failed Deploy API Server / build-and-deploy (push) Failing after 22s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-09 22:03:42 +08:00
wangdl	8dfda9f10e	fix: #159 getSummary/getTrend optimization + #160 admin auth guard Some checks failed Deploy API Server / build-and-deploy (push) Failing after 23s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-09 21:50:31 +08:00
wangdl	1442b9b69e	fix: admin controller audit — merge duplicate controllers, add Post import, validate params All checks were successful Deploy API Server / build-and-deploy (push) Successful in 44s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-09 21:46:37 +08:00
wangdl	4414f9cc55	feat: M-API-ADMIN-INFO admin backend complete (21/21) Some checks failed Deploy API Server / build-and-deploy (push) Failing after 20s Details - Admin dashboard + query endpoints (reading-events/sessions/progress/daily-activities/records) - Diagnostic (user-timeline/diagnose/material-diagnose/anomalies/temporary-materials) - Operations (recalculate/export) - Admin API design doc Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-09 21:42:47 +08:00
wangdl	c6f254f864	fix: add completed/interrupted guard in session upsert (out-of-order event defense) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-08 21:14:58 +08:00
wangdl	22ed18404f	fix: import paths + dead code cleanup + export ProcessResult All checks were successful Deploy API Server / build-and-deploy (push) Successful in 43s Details - Fix PrismaService/PrismaModule import paths (infrastructure/database/) - Remove dead upsertFromReadingEvent wrappers in learning-activity/learning-session services - Export ProcessResult interface for controller return type Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-08 21:12:36 +08:00
wangdl	1f678409b5	fix: add reverse relations for ReadingEvent/MaterialReadingProgress/TemporaryReadingMaterial on User model Some checks failed Deploy API Server / build-and-deploy (push) Failing after 21s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-08 21:10:49 +08:00
wangdl	38a8629e42	feat: M8 学习信息收集系统完整实现 Some checks failed Deploy API Server / build-and-deploy (push) Failing after 11s Details Phase 1-2: 设计文档 + 数据库 (ReadingEvent/MaterialReadingProgress/TemporaryReadingMaterial/LearningSession扩展/DailyLearningActivity扩展/LearningRecord) Phase 3: 批量上报 + 校验去重 + ReadingEventProcessorService Phase 4: 4表聚合管线 (LearningSession/MaterialReadingProgress/DailyLearningActivity/LearningRecord) Phase 5: 查询接口 (progress/continue/summary/trend/heatmap/history/reprocess) Phase 6: 权限校验 + session中断清理 + API文档 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-08 21:09:13 +08:00
wangdl	55e25f347e	fix: M-CHAT-A3 createSession 支持 forceCreate 参数 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 42s Details forceCreate=true 时跳过 open-or-create 查找，强制创建新会话。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 17:58:33 +08:00
wangdl	fe44dec567	feat: M-CHAT ChatScope 会话系统完整实现 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details ## 数据模型 - ChatSession +13 字段 (scopeType/scopeId/parentKnowledgeBaseId/createdFrom/isPinned/isArchived/isDeleted/modelMode/modelId/lastMessageAt) - ChatMessage +scopeSnapshot (消息级 scope 快照) - ChatCitation +lineStart/lineEnd +sourceId 索引 - 5 个新查询索引 ## 核心能力 - open-or-create: 同 scope 继续会话 (200) / 新建 (201) - scope 级检索: global/knowledge_base/material/knowledge_item/folder - listSessions: scope 过滤 + isDeleted 排除 + isPinned 排序 + 分页元数据 - 自动标题: 首条消息截取 + 词边界处理 - 软删除 + 置顶/归档 - scope 字段创建后不可修改 - 全部端点 userId 鉴权 ## 文档 - docs/chat-scope-design.md (设计文档 + 决策表) - docs/chat-scope-api-contract.md (API 契约) - docs/chat-scope-test-plan.md (33 条测试用例) - prisma/migrations/backfill_chat_scope.sql (旧数据回填) ## Bug 修复 - #104: KnowledgeItem.sourceRef 填充 (material scope 检索修复) - #102: sendMessageStream aiGateway null 保护 - listSessions isDeleted/isArchived 过滤 + 分页 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 17:27:40 +08:00
wangdl	17f16cea67	feat: #70 ChatSession 新增 knowledgeItemIds 字段，限定 AI 检索范围 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 46s Details - Prisma schema: ChatSession 加 knowledgeItemIds Json? 字段 - createSession: 接受可选 knowledgeItemIds 参数 - loadContext: 支持 itemIds 过滤，传入时只检索指定知识点 - sendMessage/sendMessageStream: 读取 session.knowledgeItemIds 传入 loadContext Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 16:02:38 +08:00
wangdl	6d0cc9b6dc	fix: GET /sessions @Body → @Query, 修复对话列表获取失败 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 44s Details GET 请求不应使用 @Body 装饰器（NestJS 默认不解析 GET body）。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 15:45:03 +08:00
wangdl	dc5948a2cd	fix: chat session auto-title + delete + remove double drag indicator All checks were successful Deploy API Server / build-and-deploy (push) Successful in 44s Details - 首条用户消息自动设为会话标题（仅当 title 为空或为新对话时） - 对话列表新增左滑删除 - 移除 duplicate drag indicator Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 15:15:00 +08:00
wangdl	35f2cd6e59	fix: SSE charset utf-8 + 服务端 charset header All checks were successful Deploy API Server / build-and-deploy (push) Successful in 43s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 15:01:16 +08:00
wangdl	aea071e4c9	fix: rag-chat controller Response 改为 import type 修复 isolatedModules 编译错误 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 43s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 14:56:13 +08:00
wangdl	6f77162cf8	feat: #71 RAG Chat SSE 流式输出 + DeepSeek V4 Pro 思考过程 Some checks failed Deploy API Server / build-and-deploy (push) Failing after 20s Details - AiProvider 接口新增 StreamChunk 类型 + generateStream() 方法 - DeepSeekProvider 实现 generateStream()：stream=true，读 reader 逐 chunk yield - AiGatewayService 新增 generateStream()：透传 provider stream + 记录用量 - RagChatService 新增 sendMessageStream()：流式调用 + 保存最终 AI 回复到 DB - POST /api/rag-chat/sessions/:id/stream 新 SSE endpoint - thinking chunk：DeepSeek V4 Pro reasoning_content → type: "thinking" - 流式模式下禁用 response_format json_object，不阻塞思考过程 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 14:49:20 +08:00
wangdl	f4de598d96	fix: rag-chat 传入 outputSchema= RagChatOutputSchema，修复 parsed 为空对象 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 42s Details parseJson 无 schema 时直接返回 {}，导致 resp.parsed?.answer 始终为 null。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 14:30:53 +08:00
wangdl	69bcd07a0f	debug: rag-chat 日志输出 AI parsed 结构 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 43s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 14:28:35 +08:00
wangdl	3d8246cf6e	fix: AI Gateway content safety 空值检查导致所有 AI 输出被误拦 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 41s Details contentSafety 未注入时 safetyCheck 为 undefined，!undefined?.safe = true，错误抛出 "AI output blocked by content safety"，实际 DeepSeek 正常返回。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 14:23:55 +08:00
wangdl	55221116b7	debug: rag-chat 日志增加 kbId All checks were successful Deploy API Server / build-and-deploy (push) Successful in 42s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 14:12:44 +08:00
wangdl	07f2786ab9	fix: 移除 rag-chat 调试日志中的 rawText 引用 (GatewayResponse 无此字段) All checks were successful Deploy API Server / build-and-deploy (push) Successful in 41s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 14:04:17 +08:00
wangdl	ce43256690	debug: rag-chat sendMessage 添加详细日志定位 AI Gateway 调用失败原因 Some checks failed Deploy API Server / build-and-deploy (push) Failing after 21s Details Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 13:56:28 +08:00
wangdl	d8877f926f	fix: 注册 rag-chat prompt template，修复 AI 对话始终返回 fallback All checks were successful Deploy API Server / build-and-deploy (push) Successful in 44s Details 根因：PromptTemplateService 未注册 rag-chat 的 prompt， sendMessage 中 promptTemplate.get('rag-chat') 抛异常被 catch，永远走 fallbackReply("AI 服务暂时不可用")。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 13:48:17 +08:00
wangdl	78e21c4c4c	fix: RagChatModule 导入 AiModule，修复 AiGatewayService 未注入 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 43s Details AiGatewayService 使用了 @Optional() 导致不报错但始终为 null， sendMessage 永远走 fallbackReply。现在导入 AiModule 正确注入。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 13:40:03 +08:00
wangdl	a784ee3bc3	fix: MiniMax 已到期，切换 primary tier 到 DeepSeek V4 Pro All checks were successful Deploy API Server / build-and-deploy (push) Successful in 40s Details - model-router: primary 层 preferred 从 minimax-m2.7 改为 deepseek-v4-pro - cost-calculator: 移除 minimax 零成本豁免 - billing: MiniMax 标注已到期 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 12:23:35 +08:00
wangdl	11a38a68c1	fix: admin-billing 不再硬编码 API key，改为从 ConfigService 读取 All checks were successful Deploy API Server / build-and-deploy (push) Successful in 47s Details DeepSeek 和硅基流动的 API key 改为从环境变量读取，不再硬编码在源码中。旧 DeepSeek key（公司采购）已全局替换为个人账号 key sk-cb34244304914c77943dfaf6522a7c9a。 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 12:17:17 +08:00
wangdl	28c68a8c3b	fix: code review — 6 medium issues in KnowledgeItem/LearningActivity All checks were successful Deploy API Server / build-and-deploy (push) Successful in 43s Details 1. enrichItem: add Logger.warn on COS errors instead of silent catch 2. getTrend: add 15s timeout fallback for AI analysis 3. buildDailySeries: use local date strings to avoid UTC timezone shift 4. detectSourceType: use lazy regex .+? to prevent ReDoS on long texts 5. sortBy: validate against whitelist, reject invalid values 6. PaginationDto visibility/ownerType: already handled via @Query params Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 12:07:40 +08:00
wangdl	4b21c98835	fix: code review — 4 critical bugs in KnowledgeItem/KB modules All checks were successful Deploy API Server / build-and-deploy (push) Successful in 42s Details 1. enrichItem: remove MIME type → sourceType mapping (contentType is text/markdown not markdown) 2. update(): add field whitelist to prevent mass assignment (userId/deletedAt/etc) 3. createFolder: add userId permission check + parent folder validation 4. deleteFolder: cascade soft-delete to corresponding KnowledgeItem (itemType=folder) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 12:04:24 +08:00

1 2 3 4 5 ...

297 Commits