feat(AgentSwarm): add Claude/Codex workflow, workspace persistence, and human review UX#296
Conversation
…nd human review UX - 添加 /api/agent-board 路由和 Swarm Commander/Dispatcher 基础架构 - 将生成的任务文件持久化到已配置的工作区 - 在工作区中为每个任务生成用户审核文档(reviews/<任务>-user-review.md) - 添加代理看板 UI,包含看板、任务详细日志和人工审核操作 - 要求“全部运行”任务设置工作区,并添加 VS Code 打开操作 - 实现 Studio 存储和 SSE 任务的更新/插入/同步行为 - 为路由流程、持久化和超时处理添加单元/功能测试 - 更新 Studio 布局、PostCSS 配置、后端 URL 助手和锁定文件 Closes jerry609#197
|
@CJBshuosi is attempting to deploy a commit to the Jerry's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a significant new feature: an Agent Swarm system that orchestrates AI agents (Claude and Codex) to automate coding tasks. It provides a robust backend for task decomposition, execution, and review, coupled with a user-friendly Kanban-style UI for monitoring and interacting with these agent-driven workflows. The changes also include critical infrastructure for workspace management, file persistence, and seamless integration with development tools like VS Code, aiming to enhance the efficiency and transparency of AI-assisted code generation. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request introduces a new 'Agent Board' feature, enabling multi-agent workflows where a Claude Commander orchestrates Codex workers to decompose tasks, generate code, and review results. Key changes include new FastAPI routes (agent_board.py) and dedicated backend modules (ClaudeCommander.py, CodexDispatcher.py) for AI interaction, task management, and file persistence. The frontend is updated with new React components (AgentBoard.tsx, ChatHistoryPanel.tsx) to display tasks in a Kanban-style board, alongside UI modifications in studio/page.tsx, ContextPackPanel.tsx, and ReproductionLog.tsx to integrate these new views and facilitate direct backend API calls. The studio-store.ts is updated to manage the state of these new agent tasks, and comprehensive unit tests are added for the new backend components and frontend store. Review comments highlight critical security vulnerabilities, including an unsanitized workspace_dir parameter in CodexDispatcher allowing arbitrary file writes, and prompt injection risks in ClaudeCommander. Other concerns include the use of an in-memory store for agent sessions leading to data loss, dangerous auto-approval logic in Claude's review process on exceptions, a likely typo in an OpenAI model name, hardcoded timeouts, and suggestions for improved type safety and configurable parameters.
| session_id=session_id, | ||
| paper_id=request.paper_id, | ||
| context_pack_id=request.context_pack_id, | ||
| workspace_dir=request.workspace_dir, |
There was a problem hiding this comment.
The workspace_dir parameter is accepted from the user without any validation or sanitization. This path is subsequently used as a base directory for file operations, including directory creation (mkdir) and file writing (write_text). An attacker could provide an absolute path to a sensitive system directory (e.g., /etc or /root), allowing them to overwrite arbitrary files on the server with content generated by the AI agents. This is a critical vulnerability that could lead to full system compromise.
| # --------------------------------------------------------------------------- | ||
| # In-memory store (replace with DB in production) | ||
| # --------------------------------------------------------------------------- | ||
| _sessions: Dict[str, "BoardSession"] = {} |
| except Exception: | ||
| log.exception("Claude review failed; auto-approving") | ||
| return ReviewResult(approved=True, feedback="Auto-approved (review error)") |
There was a problem hiding this comment.
review 方法捕获任何 Exception 并返回一个自动批准的结果。这是危险的,因为如果 Claude 的审查因任何原因(例如,API 错误、格式错误的 JSON 响应等)失败,它可能会批准由 Codex 生成的不正确甚至恶意的代码。审查失败应被视为失败,而不是成功。更安全的做法是返回 approved=False 或重新引发异常由调用者处理。
| except Exception: | |
| log.exception("Claude review failed; auto-approving") | |
| return ReviewResult(approved=True, feedback="Auto-approved (review error)") | |
| except Exception: | |
| log.exception("Claude review failed; rejecting") | |
| return ReviewResult(approved=False, feedback="Failed to perform AI review due to an internal error.") |
| _CODEX_MODELS = [ | ||
| "gpt-4.1-mini", | ||
| "gpt-4o-mini", | ||
| "gpt-4o", | ||
| ] |
| f"## Objective\n{objective}\n\n" | ||
| f"## Task Roadmap\n{json.dumps(roadmap, indent=2)}\n\n" | ||
| f"## Key Observations\n{json.dumps(observations[:10], indent=2)}\n\n" | ||
| "Decompose into coding tasks. For each task provide:\n" | ||
| '- "title": short name\n' | ||
| '- "description": what to implement\n' | ||
| '- "difficulty": easy/medium/hard\n' | ||
| '- "acceptance_criteria": list of verification checks\n' | ||
| '- "dependencies": list of task titles this depends on\n\n' | ||
| "Return a JSON array of task objects. No markdown fences." |
There was a problem hiding this comment.
User-supplied data from the context_pack (such as objective, roadmap, and observations) is directly concatenated into prompts sent to the Anthropic Claude API. This makes the application vulnerable to prompt injection attacks, where a malicious user could manipulate the AI commander's behavior to perform unauthorized actions or leak sensitive information. Since the commander's output is used to generate code for execution, this also increases the risk of indirect code injection.
There was a problem hiding this comment.
Claude如何指挥codex还需要深入研究,代码注入问题先暂时保留
| id: str | ||
| title: str | ||
| description: str | ||
| status: str = "planning" # planning | in_progress | ai_review | human_review | done |
There was a problem hiding this comment.
| created_at: str = "" | ||
| updated_at: str = "" |
There was a problem hiding this comment.
created_at 和 updated_at 字段默认为空字符串 "",这不是一个有效的 ISO 8601 时间戳。虽然代码似乎总是在创建/更新时设置这些字段,但模型定义具有误导性。更好的做法是使用 default_factory 设置一个合适的默认时间戳,或者如果它们确实可以不存在,则将它们设为 Optional[str] = None。
| created_at: str = "" | |
| updated_at: str = "" | |
| created_at: str = Field(default_factory=lambda: datetime.utcnow().isoformat()) | |
| updated_at: str = Field(default_factory=lambda: datetime.utcnow().isoformat()) |
|
|
||
| commander = _get_commander() | ||
| dispatcher = _get_dispatcher() | ||
| workspace = Path(session.workspace_dir or "/tmp/paperbot-workspace") |
| def __init__( | ||
| self, | ||
| api_key: Optional[str] = None, | ||
| model: str = "claude-sonnet-4-20250514", |
| abortRef.current?.abort() | ||
| const controller = new AbortController() | ||
| abortRef.current = controller | ||
| const timeout = setTimeout(() => controller.abort(), 10 * 60 * 1000) |
There was a problem hiding this comment.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
* fix: validate studio output dirs and add p2c module design docs :wq * feat(PaperToContext): M3 #140 Closes #140 * feat(p2c): implement ContextEngineBridge to inject user context into extraction Related to #157 * activate paper-scope memory read/write path. Raletd to #158 * fix(p2c): address Gemini code review issues from PR. Related to #157 * fix(p2c): address Gemini code review issues. Related to #158 * fix(p2c): sanitize XML tag content to prevent tag-escape prompt injection * feat(memory): add FTS5 full-text search and sqlite-vec hybrid search. Related to #161 * feat(p2c): persist CodeMemory experiences to SQLite. Related to #162 * address Gemini code review issues from PR #224 and #225 * fix(memory): address Gemini code review issues from #153 epic audit P0 fixes: - Replace unbounded daemon threads with ThreadPoolExecutor(max_workers=2) for embedding writes; atexit + close() ensure graceful shutdown so in-flight embeddings are not lost on process exit - Restore apprise>=1.9.0 and feedgen>=1.0.0 removed in epic branch, which would have broken Epic #179 push/RSS features on merge P1 fixes: - _escape_fts: replace double-quote-only escaping with a whitelist regex [A-Za-z0-9_+-] so FTS5 operators (*, NEAR, NOT, ^) cannot alter query semantics; empty queries now short-circuit to [] - _hybrid_merge: skip items with None/invalid id instead of defaulting to id=0, preventing silent score collisions across unrelated records - ReproExperienceStore: add application-level dedup check + UNIQUE constraint (paper_id, pattern_type, content) + IntegrityError fallback to prevent duplicate experiences from accumulating across retries Migration: - 0022_repro_experience_dedup: adds uq_repro_exp_paper_type_content unique constraint to existing repro_code_experience table Tests: 47 unit tests pass (+3 new tests covering the fixes above) * fix: harden repro experience isolation and wire persistence into repro pipeline Add user-scoped isolation for repro_code_experience and enforce dedup semantics with migration 0022_repro_experience_dedup. Inject ReproExperienceStore through ReproAgent/Orchestrator/CodingAgent/GenerationNode and propagate user_id/pack_id in generation, verification, and debugging persistence paths. Update /api/gen-code to accept user_id and extend unit tests for user isolation and persistence behavior. * feat(memory): introduce memory decay mechanism (#163) Add decay-aware scoring that combines relevance (confidence), recency (exponential decay with 90-day half-life), and usage frequency to re-rank search results. New memories default to expires_at = created_at + 365 days. search_memories() now auto-touches usage on hits. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(memory): add cross-track batch search (#164) Add search_memories_batch() that queries multiple scope_ids in a single SQL call, eliminating the N+1 loop in build_context_pack(). Engine now uses this batch method for cross-track memory retrieval. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(context): implement layered context loading (#165) Refactor build_context_pack() into 4 layer methods: - Layer 0: user profile (cached with 5-min TTL, ~200 tokens) - Layer 1: track context — tasks/milestones (~500 tokens) - Layer 2: query-relevant + cross-track memories (~1000 tokens) - Layer 3: paper-scoped memories (on-demand) Return value adds context_layers metadata while remaining fully backward-compatible. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(memory): align decay with OpenClaw patterns - Use standard ln(2)/halfLifeDays lambda formula (matches OpenClaw temporal-decay.ts:toDecayLambda) - Default half-life lowered to 30 days (was 90, now matches OpenClaw) - Evergreen memories (global scope, preference kind) are immune to recency decay (inspired by OpenClaw isEvergreenMemoryPath) - Add _to_decay_lambda() and _is_evergreen_memory() helpers - Expand tests for lambda math, half-life precision, and evergreen logic Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(context): isolate layer0 cache and touch batch hits (#236) * feat(memory): upgrade batch retrieval with hybrid and MMR options (#237) * feat(context): add embedding fallback chain and token guard config (#238) * fix(memory): bound batch hybrid candidates by scope_ids * docs: update README with macOS python3 tips * docs: update README with more badges * docs: update README with deleting extra badges * feat(search): add offline retrieval benchmark harness Add a deterministic retrieval benchmark fixture, scorer, CLI, docs, and CI smoke gate for PaperSearchService.\n\nCloses #284\nRefs #283 * feat(context): add offline context-engine benchmark Add deterministic fixtures, scoring, CLI, and smoke coverage for layered assembly, token guard, and advisory routing in ContextEngine.\n\nCloses #286\nRefs #283 * feat(memory): add scope isolation acceptance bench Add an offline scope-isolation benchmark for memory retrieval paths, extend the metric collector with cross-user and cross-scope leak rates, and wire the new check into CI.\n\nCloses #285\nRefs #283 * feat(memory): add offline injection robustness detector Add a deterministic prompt-injection pattern detector, labeled offline fixtures, an acceptance benchmark, and CI coverage for Injection Robustness L1.\n\nCloses #287\nRefs #283 * feat(memory): add offline performance benchmark harness Add a deterministic synthetic benchmark for memory search latency baselines across 10k/100k/1M scales, plus docs and smokeable unit coverage.\n\nCloses #288\nRefs #283 * feat: add ROI benchmark for repro memory Closes #289 Refs #283 * docs: add MemoryBench epic completion report Refs #283 * docs: add runtime memory benchmark report Refs #283 * Docs: update README with our new name (#290) * docs: update README with macOS python3 tips * docs: update README with more badges * docs: update README with deleting extra badges * docs: update README with new god name --------- Co-authored-by: 林杰 <linjie@linjiedeMacBook-Air.local> Co-authored-by: 林杰 <linjie@v8d1ef64c.dip.tu-dresden.de> Co-authored-by: 林杰 <linjie@v8d1ef43e.dip.tu-dresden.de> Co-authored-by: 林杰 <linjie@v8d1ef6c5.dip.tu-dresden.de> * Fix: show friendly error when backend is unreachable (#291) * docs: update README with macOS python3 tips * docs: update README with more badges * docs: update README with deleting extra badges * docs: update README with new god name --------- Co-authored-by: 林杰 <linjie@linjiedeMacBook-Air.local> Co-authored-by: 林杰 <linjie@v8d1ef64c.dip.tu-dresden.de> Co-authored-by: 林杰 <linjie@v8d1ef43e.dip.tu-dresden.de> Co-authored-by: 林杰 <linjie@v8d1ef6c5.dip.tu-dresden.de> * feat: improve memory ROI and effectiveness benchmarks * fix: avoid importing missing data template in main * fix: stabilize live memory roi benchmark * feat: expand multi-session memory effectiveness benchmark * feat: implement MemoryBench evaluation suite with 4 bench suites Add comprehensive memory module evaluation aligned with LongMemEval (ICLR 2025), LoCoMo (ACL 2024), Mem0, and Letta benchmarks. - Retrieval Bench v2: IR metrics (Recall@5=0.873, MRR@10=0.731, nDCG@10=0.747) with 40 annotated queries across 5 question types and 5 memory dimensions - Scope Isolation + CRUD: zero-leak verification across user x scope matrix, Mem0-aligned CRUD lifecycle (add/update/delete/dedup) - Context Extraction: L0-L3 layer completeness, precision, token budget guard, TrackRouter accuracy (100%), graceful degradation - Injection Robustness L1: offline pattern detection (0% pollution, 0% FP) - Fixture dataset: 45 memories (2 users), 12 injection patterns - Testing documentation with methodology, validity analysis, and results Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: add MemoryBench quantitative results to README Add evaluation results section with metrics from 4 bench suites: - Retrieval quality (Recall@5=0.873, MRR@10=0.731, nDCG@10=0.747) - Scope isolation + CRUD lifecycle (zero leaks, all CRUD pass) - Context extraction (100% precision, 100% router accuracy) - Injection robustness (0% pollution, 0% false positive) Includes LoCoMo question-type breakdown and run instructions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat(AgentSwarm): add Claude/Codex workflow, workspace persistence, and human review UX (#296) * feat(AgentSwarm): add Claude/Codex workflow, workspace persistence, and human review UX - 添加 /api/agent-board 路由和 Swarm Commander/Dispatcher 基础架构 - 将生成的任务文件持久化到已配置的工作区 - 在工作区中为每个任务生成用户审核文档(reviews/<任务>-user-review.md) - 添加代理看板 UI,包含看板、任务详细日志和人工审核操作 - 要求“全部运行”任务设置工作区,并添加 VS Code 打开操作 - 实现 Studio 存储和 SSE 任务的更新/插入/同步行为 - 为路由流程、持久化和超时处理添加单元/功能测试 - 更新 Studio 布局、PostCSS 配置、后端 URL 助手和锁定文件 Closes #197 * (fix)修改AI review问题 * refactor: share research fetch helpers (#295) Co-authored-by: 林杰 <linjie@v8d1ef6c5.dip.tu-dresden.de> * feat: add research/yearCombobox. Realted to #297 * refactor(research): dedupe fetch helpers across Research pages; fix Radix popover import; add @radix-ui/react-popover dep * fix(web): move @radix-ui/react-popover to dependencies * fix(research): keep track list order stable across activation * refactor(research): share stable track merge helper * fix(research): make paper feedback togglable * feat(research): hide 'Open Discovery Workspace' behind feature flag * feat(research): gate track memory button behind feature flag (#333) * feat(research): gate track memory button behind feature flag * fix(research): avoid reactivating already active track * ci(vercel): add auto deploy workflow for dev branch * feat: calm dashboard workspace (#334) * feat: harden search and connector infrastructure (#339) * refactor(infra): unify async request layer for connectors Implements issue #262 by moving Arxiv/OpenAlex/PapersCool connectors onto the shared async transport with retry support, updating async call sites, and adding focused tests. * perf(infra): batch OpenAlex ID lookups Implements issue #267 by replacing per-ID OpenAlex work fetches with batched filter queries and adds focused coverage for the batched path. * refactor(infra): unify Semantic Scholar client stack Implements issue #266 by routing both the shared mixin and the scholar-tracking agent through the same SemanticScholarClient surface, removing the duplicated legacy API client path, and adding focused unification tests. * feat(infra): harden SSE transport handling Implements issue #263 by moving heartbeat, timeout, cancellation cleanup, and X-Accel-Buffering handling into the shared SSE wrapper and switching the streaming routes onto the common response helper with regression coverage. * fix(infra): bound ARQ jobs and reuse event log Implements issue #268 by adding timeout/max_tries metadata to worker functions, reusing the SqlAlchemyEventLog singleton inside the worker module, and covering both behaviors with focused tests. * feat(search): add three-tier paper deduplicator (DOI/arxiv_id/rapidfuzz) Replaces the identity-key-only dedup in PaperSearchService._fuse_with_rrf() with a dedicated PaperDeduplicator that matches across DOI, arxiv_id (version- stripped), and fuzzy title similarity via rapidfuzz. Merged papers accumulate the best metadata (highest citations, longest abstract, union of identities). Closes #317 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(search): prevent conflicting identity dedup merges Refs #317 * fix(embeddings): add CJK character support to hash embedding tokenizer Extends HashEmbeddingProvider regex to include CJK Unified Ideographs (U+4E00–U+9FFF) and Extension A (U+3400–U+4DBF), enabling proper embedding of Chinese text. Closes #276 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(embeddings): extend hash tokenizer beyond Han-only CJK Refs #276 --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix(research): restore feedback track ux on current dev (#341) * refactor(research): dedupe fetch helpers across Research pages; fix Radix popover import; add @radix-ui/react-popover dep * fix(web): preserve item order in research tracks selection Closes #304 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(web): remove unused components Closes #305 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(web): keep active research track visible Refs #304 * fix(research): align paper feedback toggles with persisted state Refs #324 * fix(web): add missing @radix-ui/react-popover dependency Research page crashed with "Module not found: Can't resolve '@radix-ui/react-popover'" because SearchBox.tsx imports popover.tsx which depends on this package. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(research): restore feedback track ux on current dev --------- Co-authored-by: 林杰 <linjie@v8d1ef6a5.dip.tu-dresden.de> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix(web): resolve DeepCode Studio page issues * fix(repro): improve memory and workflow correctness * feat: add intelligence radar backend * fix(api): block cross-user intelligence feed access * fix(intelligence): avoid thread-unsafe refresh races * refactor: enforce alembic-only store initialization * fix(db): bootstrap sqlite schemas for lazy stores * fix(stores): align ports with store interfaces * fix(stores): align remaining port contracts * fix(api): harden request boundaries and settings handling * fix(api): stop trusting spoofable forwarded hosts * fix(api): gate studio code execution by default * fix(api): stream request-size checks safely * feat(export): add Obsidian filesystem exporter * feat(cli): add Obsidian export command * feat(obsidian): finish configurable vault export workflow (#348) * refactor(web): move workflow workbench out of dashboard * ci(vercel): use --preview flag for dev deploy * fix(ci): remove invalid Vercel preview flag * fix(ci): keep Vercel secrets free of inline comments * refactor: share candidate search boundary and simplify dashboard * refactor(api): split paperscool search curate and ingest * refactor(web): flatten dashboard brief snapshot * refactor(web): reduce dashboard brief visual noise * refactor(web): feature top dashboard signals * fix(obsidian): harden export follow-ups * fix(obsidian): tighten review follow-ups * feat(web): add Obsidian handoff to Research workspace (#352) * feat(web): add Obsidian handoff to Research workspace * fix(web): address obsidian workspace review feedback * feat: ship track-centric research context stack (#356) * feat(api): add track context read model service * feat(api): expose consolidated track context endpoint * refactor(web): migrate research page to track context endpoint * refactor(memory): wrap track-scoped memory access * chore: document track-centric research model and stabilize tests * docs: refresh readme screenshots * fix(deps): align package manifests with runtime imports * docs: refresh email push screenshot * feat(research): close citation graph and obsidian export gaps (#360) * feat(obsidian): add bidirectional vault sync * fix(paper): improve saved papers table layout * feat(openclaw): add paperbot plugin bridge * fix(obsidian): address sync review feedback * feat(web): flatten dashboard action bands * refactor(web): condense dashboard next-up panel * refactor(web): simplify dashboard around recommendations * refactor(web): simplify dashboard surface and workflow copy * feat(web): add dashboard queue actions * fix(web): harden dashboard queue links and brief parsing * fix(paper): unify unsave with feedback API * fix(paper): scope saved papers per track * fix: unblock dashboard build and e2e * ci: add vercel pr preview automation * fix: repair vercel preview workflow setup * fix: run vercel build from repo root * fix: skip preview smoke without bypass secret * feat(auth): add multi-user authentication foundation. Related to #151 - Add User domain model and SQLAlchemy UserModel with soft-delete support - Add SqlAlchemyUserStore with email/GitHub user CRUD, password auth, reset tokens - Add JWT signing/verification (python-jose), bcrypt password hashing - Add FastAPI auth dependencies: get_user_id (optional fallback) and get_current_user (strict) - Add /api/auth routes: register, login, github/exchange, me, forgot/reset-password - Add Alembic migrations for users and password_reset_tokens tables - Add AUTH_OPTIONAL env var for gradual migration from legacy 'default' user - Fix account lifecycle bugs: reactivate on OAuth re-login, reject inactive on password login - Add auth API tests * fix(auth): address code review feedback on PR #365 * feat(document): add explicit evidence indexing pipeline * docs(benchmark): define document evidence eval contract * feat(benchmark): add document evidence eval scaffold * fix(api): restore py39 auth compatibility after dev rebase * chore(logging): surface cleanup and FTS5 failures * fix(paper): refine saved filters and cleanup code * fix(paper): refine paper context cleanup and year filter * feat(eval): support dedicated embedding benchmark providers * feat(settings): add embedding endpoint configuration * refactor(settings): align embedding endpoint ux with cc-switch * refactor(settings): simplify embedding endpoint panel * refactor(settings): tighten embedding layout on wide screens * feat(studio): refine paper gallery icon animation and context workspace layout * ci: disable native vercel git deploys * docs: restore master demo gallery assets * fix: unblock ci for merge-dev-into-master * fix: address codeql alerts * fix: harden agent board workspace path validation --------- Co-authored-by: boyu <oor2020@163.com> Co-authored-by: WenjingWang <jingnvx@outlook.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: 林杰 <linjie@linjiedeMacBook-Air.local> Co-authored-by: 林杰 <linjie@v8d1ef64c.dip.tu-dresden.de> Co-authored-by: Linjie-top <linjie666z@gmail.com> Co-authored-by: 林杰 <linjie@v8d1ef43e.dip.tu-dresden.de> Co-authored-by: 林杰 <linjie@v8d1ef6c5.dip.tu-dresden.de> Co-authored-by: 林杰 <linjie@v8d1ef6a5.dip.tu-dresden.de> Co-authored-by: 林杰 <linjie@v8d1ef4ea.dip.tu-dresden.de> Co-authored-by: 林杰 <linjie@v8d1ef41f.dip.tu-dresden.de>
添加 /api/agent-board 路由和 Swarm Commander/Dispatcher 基础架构
将生成的任务文件持久化到已配置的工作区
在工作区中为每个任务生成用户审核文档(reviews/<任务>-user-review.md)
添加代理看板 UI,包含看板、任务详细日志和人工审核操作
要求“全部运行”任务设置工作区,并添加 VS Code 打开操作
实现 Studio 存储和 SSE 任务的更新/插入/同步行为
为路由流程、持久化和超时处理添加单元/功能测试
更新 Studio 布局、PostCSS 配置、后端 URL 助手和锁定文件
Closes #197