33 Commits

Author	SHA1	Message	Date
devops	f95463ef50	fix: permanent owner password persistence with SeedAudit guard ... Root cause: Dual-source architecture for owner password (Gitea secret ENV_OWNER_PASSWORD vs host .env OWNER_PASSWORD) caused drift when the DB was ever re-seeded or the volume recreated. Changes: - Add SeedAudit entity + migration to track one-time seed operations - EnsureDatabaseAsync checks SeedAudit BEFORE seeding — owner is never re-created even if the Users table is wiped - Deploy and rollback workflows now read OWNER_PASSWORD from the host's persistent .env (single source of truth) instead of Gitea secrets - compose.yaml documented: OWNER_PASSWORD only used during initial seed - Cleanup: .gitignore extended for core dumps, changelog/deployment.md updated with 2026-06-20 session notes After this fix the DB is the single source of truth for the owner password after initial seed. The host .env is the single reference for the initial value.	2026-06-21 10:15:36 +02:00
devops	adae7ba26d	feat: ship agent progress visibility	2026-06-20 20:22:54 +02:00
devops	06eac66baa	fix: postgres WAL corruption recovery + memory bump + researcher/executor ... - Postgres memory: 256M→384M limits, 64M→96M reservations - Added pg_resetwal -f pre-deploy step to recover from corrupt WAL ('PANIC: could not locate a valid checkpoint record' caused by force-killed postgres during --force-recreate) - Added data-checksums initdb arg for future corruption detection - api→postgres and web→api depends_on: service_healthy→service_started - Deploy wait loop: fail fast on unhealthy, wait on starting (180s) - Added researcher/executor to ValidAssignees and frontend dropdowns	2026-06-20 18:56:11 +02:00
devops	83e072bc27	feat: Bao/Iris-Statusrechte + Bao→Iris-Notifications + Agent-Workflow-Übersicht ... - Bao darf jetzt Status ändern (neben Iris), Sub-Agents weiterhin nicht - CanEditContent für Inhaltsbearbeitung durch alle bekannten Caller - Bao-Content-Änderungen triggern task_content_changed-Notification an Iris - Bao-Status-Änderungen triggern task_status_changed-Notification an Iris - Iris-Status-Änderungen triggern task_status_changed-Notification an Bao - Neue WorkTask-Felder: IsAgentTask (bool), ExpectedFrom (string) - Agent-Workflow-API: CreateAgentTask, WaitingTasks, AgentOverview - Frontend: Agent-Task-Badge, Iris-Overview-Panel, isBao-Getter - Login-Rate-Limiter mit strukturiertem JSON-Fehlermeldungs-Body - Volume-Name: nexus-postgres → postgres-data (Standardisierung)	2026-06-20 18:43:05 +02:00
devops	1df663f57c	fix: AdminController roles hardened (owner+admin) + SettingsView visibility ... - [Authorize(Roles = "owner,admin")] statt nur owner – admin darf jetzt ebenfalls User verwalten - CreateUser erlaubt nur Rollen admin|user|viewer; owner ist blockiert - UpdateUserRole erlaubt nur admin|user|viewer; owner kann weder gesetzt noch überschrieben werden; admin darf andere admins nicht ändern und sich nicht selbst herabstufen - SettingsView: canManageUsers = role owner || admin statt nur owner - UI-Dropdown zeigt nur admin|user|viewer (owner als Kommentar notiert)	2026-06-20 14:27:24 +02:00
devops	e4091eee80	feat: Multi-User/Admin usermanagement + Galaxy Login/Settings + Task detail improvements ... - Backend: NEW AdminController with user CRUD (GET/POST/DELETE /api/v1/admin/users) - Backend: NEW GET /api/dashboard/tasks/{id} single task endpoint - Backend: NEW POST /api/dashboard/tasks/{id}/activity comment endpoint - Backend: IUserRepository + UserRepository extended with GetAllAsync, DeleteAsync - Backend: Admin DTOs (AdminUserInfo, AdminCreateUserRequest, AdminUpdateRoleRequest) - Frontend: NEW TaskDetailView.vue — URL-based (/tasks/:id) Galaxy-themed task detail with subtask create/edit/delete, activity with comments, property sidebar - Frontend: LoginView.vue — полностью Galaxy theme redesign with GalaxyBackground, glass-morphism card, password toggle, consistent brand - Frontend: SettingsView.vue — Galaxy theme redesign with glass cards, admin user management section (create/list users, visible only to owner role) - Frontend: TaskBoardView.vue — added "Full View" link to URL-based detail page - Frontend: Router — added /tasks/:id route for TaskDetailView - Frontend: App.vue — added TaskDetail to standaloneViews whitelist - Frontend: tasks store — stable Auth: Admin creates accounts, users log in with existing /api/v1/auth/login. Login/Settings deliver visible Galaxy-consistent design with nexus-tokens.css tokens.	2026-06-20 14:24:40 +02:00
devops	dcc8450c62	feat: Phase 2 — Delegated State, Auth, Review-Gate, Notifications, Zombie-Reset	2026-06-18 23:47:41 +02:00
devops	5e7d074593	feat: Linear-style Task Board mit Drag&Drop	2026-06-18 21:34:07 +02:00
developer	e0c88238da	refactor: extract DI, helpers from Program.cs into extension classes	2026-06-16 16:52:17 +02:00
reviewer	485357c6dc	review: error-handling for config file write + compose resource limits ... - AgentsController.SaveConfigFile: catch UnauthorizedAccessException and IOException instead of letting them bubble up unhandled; return clean 500 with logged message - compose.yaml: add deploy.resources.limits.memory and reservations.memory for api (512M/128M), web (128M/32M), postgres (256M/64M)	2026-06-14 11:30:25 +02:00
reviewer	8a556c25a0	Add local liveness health endpoint	2026-06-14 09:49:25 +02:00
reviewer	45a39d319f	Fix operations CI and snapshots	2026-06-14 09:14:24 +02:00
reviewer	4ad0f9e493	refactor: SOLID architecture — backend service layer + frontend V2 components ... ## Backend — Service Layer & Repository Refactoring ### Neue Services (21 neue Dateien) **Interfaces & Implementierungen:** - `IOpenClawGatewayClient` — Interface für OpenClawGatewayClient (DIP-Fix: DashboardController hing an konkreter Klasse) - `IAgentConfigService` / `AgentConfigService` — Agent-Config-File-I/O aus AgentsController extrahiert - `IProjectService` / `ProjectService` — Projekt-CRUD + Activity-Logging (SRP) - `ITaskService` / `TaskService` — Task-State-Machine, Approve/Reject, Dashboard-Operationen (eliminiert Duplikation zwischen TasksController und DashboardController) - `IDashboardService` / `DashboardService` — Queue-Aggregation, Priority-Normalisierung, Gateway-Delegation - `IOperationsService` / `OperationsService` — Metriken-Berechnung aus OperationsController - `ITeamService` / `TeamService` — IDENTITY.md-Lesen aus TeamController - `IMemoryService` / `MemoryService` — File-I/O aus MemoryController - `IIncidentService` / `IncidentService` — File-Parsing (Regex-Source-Generatoren) aus IncidentsController - `IDocService` / `DocService` — Directory-Scan aus DocsController - `ICalendarService` / `CalendarService` — Gateway-HTTP-Calls + Fallback-Daten aus CalendarController ### Repository-Fixes **IUserRepository / UserRepository:** - `SaveChangesAsync` entfernt (leaky abstraction — Caller sollten nie SaveChanges steuern) - `RevokeTokenAsync(tokenHash)` — atomares Token-Revoke inkl. SaveChanges - `RevokeFamilyAsync(familyId)` — Batch-Revoke einer Token-Familie inkl. SaveChanges - `RemoveExpiredTokensAsync` speichert jetzt selbst (war vorher dependent auf nachfolgenden Save) ### AuthService-Fixes - `GetUserAsync`: unnötiges `Task.Run` entfernt → direkt `_users.GetByIdAsync().AsTask()` - `RevokeAsync`: delegiert jetzt an `IUserRepository.RevokeTokenAsync` - `RefreshAsync`: Token-Reuse-Detection delegiert an `IUserRepository.RevokeFamilyAsync` ### Bug-Fix - `OpenClawGatewayClient.ReadAgentGoalAsync`: pre-existing `CS1656` behoben (`reader` war `using`-Variable und wurde neu zugewiesen — in `reader2` umbenannt) ### Controller (16 Stück — alle slim) Alle Controller reduziert auf: Input validieren → Service aufrufen → HTTP-Result zurückgeben. Kein Business-Logic, kein File-I/O, keine direkte Repository-Nutzung (außer AgentsController für Activity-Log). **Program.cs — neue Registrierungen:** - `AddHttpClient<IOpenClawGatewayClient, OpenClawGatewayClient>` (war vorher konkrete Klasse) - Scoped: IDashboardService, IProjectService, ITaskService, IOperationsService, ITeamService, ICalendarService - Singleton: IAgentConfigService, IMemoryService, IIncidentService, IDocService --- ## Frontend — Dashboard V2 Components **AgentDetailModal.vue, IrisChat.vue, TaskStrip.vue:** - V2 Design-System: Dark Space Theme, Glass-Panels, Gradient-Akzente - Stores (agents, chat, tasks) nutzen Service + Mapper-Pattern - NexusLayout, FlowBoard, Topbar — Layoutfixes für fullHeight-Route-Meta Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-14 08:34:58 +02:00
reviewer	d169cbe9d5	feat(ops): production resilience — healthchecks, restart_policy, log-rotation, --wait deploy [skip ci]	2026-06-13 20:04:42 +02:00
developer	1a7bf8ca11	revert: remove Claude models (API not working)	2026-06-11 18:11:02 +02:00
developer	3907548a1d	feat(models): add Claude Sonnet 4.6 + Opus 4.8, mount openclaw.json in API container	2026-06-11 17:11:59 +02:00
developer	b1888bd8ef	feat(dashboard): AgentModal live working feed & thinking stream	2026-06-11 16:13:28 +02:00
developer	c29740a466	feat(dashboard): dynamic agent metrics + model list from config, no more hardcoded data	2026-06-11 16:01:33 +02:00
developer	5fb62bef8a	feat(queue): erweiterte Queue mit Cron-Jobs + Tasks, Prioritäten, Delete/Priority API	2026-06-11 15:58:12 +02:00
developer	97b8588dc3	feat(dashboard): multi-agent operations feed aggregating all agent sessions	2026-06-11 15:54:32 +02:00
developer	81af81fb6f	feat(dashboard): task system with DB persistence, CRUD endpoints, frontend API integration	2026-06-11 15:51:48 +02:00
developer	6a1366b472	feat(dashboard): dynamic agent data from gateway sessions instead of hardcoded list	2026-06-11 15:48:33 +02:00
developer	b7b44494f0	fix(shadcn): isolate Nexus CSS vars with --nx- prefix + admin password reset endpoint	2026-06-11 10:06:58 +02:00
developer	51d1917a7b	fix: GetSessionHistory parst content[] blocks korrekt ... - Messages aus result.details.messages extrahieren - Content = Array von {type, text} blocks → nur text extrahieren - Thinking-Blocks + REPLY_SKIP + ANNOUNCE_SKIP herausfiltern	2026-06-10 01:14:08 +02:00
developer	a5cbe98f25	fix: Chat-Messages Merge + Session-Key agent:iris:main ... - fetchChatMessages merged statt replace (verhindert Poll-wipe) - Chat/Send bereits korrekt via agentId=iris - Chat/Messages nutzt jetzt agent:iris:main als Session-Key - Cron-Job deaktiviert (verhinderte Selbst-Konversation)	2026-06-10 01:11:52 +02:00
developer	e1d6b1eeb3	fix: Chat via agentId statt sessionKey + reply aus details parsen ... - SendChatMessageAsync: sessions_send nutzt agentId (nicht sessionKey) - Reply parsen aus result.details.reply (sessions_send Antwort-Struktur) - ChatRequest.Model: SessionKey → AgentId - Controller default: 'iris' → Agent-ID (nicht Session-Key)	2026-06-10 00:58:04 +02:00
developer	dd509a75be	fix: Agents hartcodiert mit File-Activity-Detection ... - Tools/invoke Visibility scoped auf agent:main → keine Iris-Sessions sichtbar - Hardcoded 6 Agenten mit korrekten Models - Activity: checkt /mnt/workspace-{id}/memory Dateizeitstempel	2026-06-10 00:33:49 +02:00
developer	c120155170	fix: GatewayClient robuste Response-Parsing + Isolierte Try/Catch ... - ExtractToolData: unwraps content[0].text JSON + details - GetStatusAsync: separates try/catch per step (ping, session, agents, queue) - GetAgentsAsync: parses gateway agents[] array from sessions_list - GetQueueAsync: extracts from cron response data.jobs - gatewayOk no longer overridden by downstream tool errors	2026-06-10 00:30:36 +02:00
developer	889af65ae7	fix: GatewayClient Tool-Namen + Response-Unwrapping ... - sub_agents_list → subagents (action: list) - cron_list → cron (action: list) - Ping / → /health - Unwrap {ok, result} envelope in InvokeToolAsync	2026-06-10 00:26:22 +02:00
developer	f707dceb98	feat: Dashboard Backend Proxy – OpenClaw Gateway Integration ... - DashboardController: /api/dashboard/status, agents, operations, chat/send, chat/messages, queue - OpenClawGatewayClient: typed HttpClient mit Gateway tools/invoke - Dashboard DTOs: DashboardAgentInfo, ChatRequest, ChatResponse, FeedEntry, QueueItem - Gateway auth: Bearer-Password via Integrations:OpenClaw:Password - Gateway-Down → graceful degradation (HTTP 200, leere Daten) - Build: 0 errors, Tests: 3/3 passed	2026-06-10 00:20:49 +02:00
iris	a79d8282dc	refactor: Clean Architecture mit Repository Pattern, Controllern und DTOs ... - 15 Controller-Klassen ersetzen Minimal APIs in Program.cs - Repository Pattern mit Interfaces + Implementierungen (Project, Task, Activity, User) - AuthService verwendet jetzt IUserRepository statt direktem DbContext-Zugriff - SecurityHeadersMiddleware als eigenständige Middleware-Klasse - PathSecurityHelper als gemeinsamer Helper für Pfadvalidierung - DTOs in eigenem Namespace Nexus.Api.DTOs - EF-Entities in Nexus.Api.Data (vorher Nexus.Api.Domain) - Program.cs auf DI-Registrierung + Middleware reduziert - Alle 43 Endpoints unverändert erhalten - Build + 3/3 Tests erfolgreich	2026-06-09 19:52:58 +02:00
bao	82cf226b83	chore: remove build artifacts from git tracking ... - Remove all bin/, obj/, dist/ directories - Remove .bak files - Fix .gitignore patterns to prevent future leaks	2026-06-09 16:32:15 +02:00
bao	eeb6174de0	Initial commit: Nexus Mission Control Platform ... - ASP.NET Core 10 Backend (JWT Auth, Agent config API) - Vue 3 Frontend (Dashboard, Team, Agents, Config Editor) - PostgreSQL Database - Docker Compose setup - Mission Control Dashboard redesign	2026-06-09 16:31:56 +02:00