ci(release): load Vault secrets per-platform in build matrix (#44 )

* fix(artifacts): prioritize PDF deliverables in sidebar

* docs(cases): add gateway turn acceptance summary

* ci: add release/* branch source validation workflow (#19)

release/* 仅接受 hotfix/* 或带 cherry-pick/backport 标签的 PR。
详见 iac_modules/docs/tldr-github-branch-model.md

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci: run desktop integration/patrol tests under xvfb (#22)

Headless Linux runners have no display, so 'flutter test integration_test'
fails to launch the GTK app ('The log reader stopped unexpectedly, or never
started'). Wrap integration/patrol layers in xvfb-run with a 24-bit screen
and install xvfb + mesa DRI driver for headless GL. macOS/local runs are
unaffected (no xvfb-run -> command runs directly).

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: reveal artifact files without blocking

* fix: reveal artifact files without blocking (#20)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* Release/v1.1.5 (#25)

* ci: backport release/* source validation workflow to release/v1.1.5 (#21)

让现有 release/v1.1.5 分支自身包含门禁 workflow（pull_request_target 用 base 分支版本）。
详见 iac_modules/docs/tldr-github-branch-model.md

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: reveal artifact files without blocking (#24)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

---------

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* chore: update tested linux labels (#23)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* chore: sync app version to 1.1.5 (#26)

* fix: keep stopped gateway tasks out of pending queue

* chore: add ios release verification assets

* Fix managed bridge token priority

* fix: stabilize iOS login storage and mobile settings

* Refine assistant attachment payload handling

* Fix assistant continue task requeue

* Fix mobile account sign-in flow

* Fix ACP SSE no-result recovery

* Polish assistant UI and add Service Mesh video case

* feat(mobile): redesign mobile UX and iOS native experience

* feat(mobile): move configuration chips to + menu and add left drawer

* feat(mobile): redesign mobile ui to chatgpt minimalist style

* fix(mobile): tweak composer submit button size and wire up settings drawer

* fix(mobile): remove background from send button

* fix(mobile): use blue circle with upward arrow for send button

* feat(mobile): add navigation breadcrumb to return to chat from settings

* feat(mobile): refine composer ui with minimalist modern aesthetic

* Remove OpenClaw direct ACP route

* Add desktop navigation integration test

* Add desktop settings integration test

* Use remote workspace for OpenClaw execution

* Handle gateway default task workspace

* Keep sidebar task order stable

* Hide desktop agent dialog mode

* Release v1.1.3

* Fix Apple preflight for main builds

* Fix Apple preflight for main builds

* Fix Apple preflight for main builds

* Add bulk archive task selection

* Fix assistant skill picker loading

* Stabilize mobile provider sheet test

* chore: prepare v1.1.3 release metadata

* fix: unblock OpenClaw gateway task queue

* fix: keep running task follow-up in current thread

* fix: isolate openclaw e2e artifacts

* fix(assistant): pin task session on submit

* docs: record openclaw gateway e2e cases

* test: align openclaw e2e prompts

* refactor: classify gateway task load

* refactor: classify gateway task load

* feat: sync existing workspace directory artifacts recursively

* Use manual bridge config for ACP runtime

* Fix task refresh layout stability

* chore: update core integration cases and runtime helpers

* fix: stabilize complex openclaw artifact tasks

* fix: repair bridge login sync runtime state

* fix: repair bridge login sync runtime state

* Fix manual bridge save runtime config

* fix: use OpenClaw gateway protocol 4

* fix: use OpenClaw gateway protocol 4

* fix(openclaw): keep artifact runs session scoped

* chore(app): refresh build metadata

* fix(openclaw): recover final task snapshots

* fix(openclaw): recover long SSE task artifacts

* test(app): align thread artifact isolation assertions

* fix(openclaw): keep long artifact recovery synced

* feat(openclaw): implement artifact sync and ignore policies

* Reassociate OpenClaw tasks through Bridge control plane

* Preserve artifacts after interrupted bridge responses

* feat: Remote Desktop UI and Client WebRTC Integration

* refactor: simplify remote desktop UI and add maximize toggle

* fix(webrtc): pass SDP offer and answer as object to conform to backend format

* fix: revert sdpOffer to String to match Bridge SDP expectations

* feat: add runtime logs tab to settings page

* chore: prepare release v1.1.4 (app store compliance, remote desktop fixes, ci verification)

* fix: load nested bridge skills status

* fix(ci): parse provider catalog and gateway providers from capabilities fallback

* test: stabilize OpenClaw gateway active slot regression

* fix: WebRTC remote desktop connection, cleanup local fallback, and ignore .gradle cache

* feat: add collapse toggle to desktop control panel

* fix(runtime): restore skills loading and group rendering

* refactor(ui): eliminate unowned helper sprawl in assistant skill picker

* feat: improve webrtc keyboard mapping and add adaptive resolution default

* feat: improve webrtc keyboard mapping and add adaptive resolution default

* refactor(skills): clean Path B, add retry + auto-refresh, fix silent failures

- Remove Path B (direct WebSocket RPC), unify skills loading via ACP bridge sessionClient
- Delete skillsStatusPayloadInternal fragile nested-key parsing
- SkillsController: explicit error when offline (no more silent empty), auto-retry with 2s/4s backoff
- Auto-refresh on gateway connect via ChangeNotifier listener
- Gateway connect: concurrent Future.wait for independent controller refreshes
- UI: retry button in skill picker empty/error states
- Clean up skillsController from relayChildChangeInternal listeners

* refactor(skills): fix allowErrorPayload validation, improve auto-refresh guard

* feat(ui): apply BoxFit.fill for remote desktop WebRTC view to ensure no blank spaces

* refactor: remove multi-agent orchestration subsystem (Path B)

Remove the entire multi-agent collaboration execution path, including:
- MultiAgentOrchestrator and its 4-phase pipeline (Architect→Engineer→Tester→Iteration)
- ARIS framework preset and mount infrastructure
- Hardcoded model defaults (kimi-k2.5, minimax-m2.7, glm-5)
- Deprecated runCliPromptInternal() and its fallback call chain
- All related types: MultiAgentConfig, AgentWorkerConfig, MultiAgentRole, etc.

This collapses the architecture to a single clean path:
Flutter → GoTaskServiceClient → ACP Transport → Go Bridge → Remote Execution

2886 lines removed across 41 files.

* docs(cases): clean up test cases — remove ai-security-evolution scenario, fix issues

- Delete ai-security-evolution-content-scenario/ (8 files, referenced by removed MANUAL-LOCAL-001A)
- Remove MANUAL-LOCAL-001A from core-integration-manual-cases.md
- Fix duplicate section numbering (#5 → #6 for general thread scenarios)
- Remove misplaced workspace sync rules from MANUAL-ACP-004 (bridge auth case)
- Update README.md index

* test,docs: fix all stale references to deleted multi-agent subsystem

Test fixes (6 files, -303 lines):
- Delete app_controller_acp_mount_resilience_test.dart (entirely about deleted types)
- Remove multi-agent test cases from gateway_acp_client_auth_test.dart
- Rename _manifestWithDesktopMultiAgentEnabled → _defaultDesktopManifest
  in assistant_execution_target_test, assistant_lower_pane_test,
  mobile_assistant_page_test

Docs fixes (6 files):
- Regenerate public-symbol-inventory.json/md via make docs-public-api
- Remove multi-agent sections from public-api/models-and-config.md,
  app-orchestration.md, runtime-contracts.md
- Fix xworkmate/ → xworkmate-app/ paths in cloud-session doc
- Remove multiAgent references from app-external-service-api-test-matrix.md

* docs: add architecture README with categorized navigation

* docs(architecture): fix critical accuracy errors, stale refs, paths

Accuracy fixes:
- app-orchestration.md: remove non-existent constructor params
- models-and-config.md: remove wrong multiAgent field from SettingsSnapshot
- runtime-contracts.md: add missing multiAgent/collaborationMode/routingHint fields

Stale multi-agent refs:
- unified-routing-architecture.md: agent/multi-agent → agent (含 bridge 转发)
- bridge-runtime-routing-map.md: multi-agent tasks → multi-agent forwarding tasks
- cross-repo-task-state-workflow.md: remove multi-agent orchestration from mermaid
- runtime-contracts.md, feature-surfaces.md: 多 agent → agent

Organization:
- Move cloud-session-service and stage4-helper to archive/
- Fix 22 xworkmate/ → xworkmate-app/ paths in archive doc
- Fix XWorkmate.svc.plus repo name in simple-theme-default.md
- Update README.md index and public-api/README.md coverage stats (132/590)

* docs: rewrite README — fix repo name, remove stale multi-agent refs, add dependencies

- Title: XWorkmate → xworkmate-app
- Remove references to deleted multi-agent orchestration
- Fix download links: xworkmate.svc.plus → xworkmate-app
- Replace machine-specific /Users/shenlan/... paths with relative links
- Add Dependencies section: xworkmate-bridge, xworkspace-core-skills,
  openclaw-multi-session-plugins, playbooks
- Consolidate Learn More links to repo-relative paths

* fix desktop workspace stream fallback

* Fix WebRTC desktop video stream rendering and inputs

* refactor: eliminate dead codex_runtime methods, add anti-fallback policy

codex_runtime.dart (-290 lines):
- Remove 17 dead methods behind UnsupportedError guard
  (findCodexBinary, startStdio, request, startThread, resumeThread,
   sendMessage, interrupt, getAccount, listModels, listSkills, stop,
   dispose, _resolveLaunchConfiguration + 3 @visibleForTesting wrappers)
- Remove 10 dead fields (_process, _state, _pendingRequests, _events, etc.)
- Remove ChangeNotifier mixin (nothing to notify)
- Keep only model types, enums, and standalone helper functions

AGENTS.md (+21 lines):
- Add Fallback and Dead Code Elimination Policy section
- Forbidden: cascading fallbacks, lingering DEPRECATED code,
  dead code behind guards, silent catch blocks, redundant indirection,
  excessive JSON key probing
- Required: inline WHY comments on every retained fallback chain

Additional cleanup:
- gateway_acp_client.dart: remove unused _GatewayAcpSessionUpdate class
- runtime_controllers_entities.dart: replace _canRefreshThroughRuntime
  with runtimeInternal.isConnected
- runtime_models_gateway_entities.dart: relocate CollaborationAttachment

* Simplify RTCVideoView constraints and disable adaptive resolution by default

* refactor: remove stale runtime fallbacks

* fix: preserve openclaw failure artifacts

* fix: use default native track attach for desktop stream

* fix: poll openclaw task handle to terminal snapshot

* update architecture docs

* fix: finalize openclaw task polling results

* feat(xworkmate): optimize desktop thread actions and Go task service client

* docs: add cross-repo architecture chain maps and risk analysis

- Add 4 chain maps: task-execution, artifact-lifecycle, session-recovery, bridge-distributed
- Add cross-repo call analysis with top-10 fragile points
- Update AGENTS.md with 'Cross-Repo Architecture Chain Maps' section
- Document artifact path gap: OpenClaw tools output to ~/.openclaw/media/ but plugin export scans tasks/<session>/<run>/

* fix(webrtc): resolve remote desktop black screen by properly binding remote video tracks and removing legacy Plan B constraints

* fix: remaining webrtc stream and test artifact changes

* fix(arch): A1-A3 app layer anti-patterns cleanup

* fix(arch): conservative fallback for gateway error codes

* fix: merged cleanup branch and stashed fixes

* add design doc: multi-session-plugin-optimization

* fix: allow stopping archived tasks

* fix: sync openclaw terminal snapshots in app

* fix: resolve openclaw partial artifacts and eliminate legacy fallback code

* fix(assistant): clear pending tool calls when task completes to fix sticky running status

* refactor: Remove OpenClaw rigid time limits and false positive no-exported-artifacts judgment

* fix(ci): keep macos/ios build lanes running when Apple signing secrets are missing

The release preflight used to set should_build_platform=false whenever any
Apple signing secret was unset, which silently skipped the entire macos dmg
and ios ipa lanes (build + upload gated on that flag). Result: releases only
shipped linux, windows and android artifacts even when the iOS/macOS lanes
were otherwise healthy.

Make the preflight always release the lane, but emit a :⚠️: and
annotate the skip_reason when a secret is missing. The iOS branch in
build_matrix_artifacts.sh now picks the signed vs unsigned build path based
on actual secret availability instead of should_release alone, so it falls
back to flutter build ios --no-codesign + zip Runner.app whenever a secret
is absent. package-flutter-mac-app.sh already handled the no-secret case
locally (ad-hoc codesign --sign -) and needs no change.

Behavior matrix:
  macos: secret present -> signed DMG; secret missing -> unsigned DMG
  ios:   secret present + release -> signed IPA
         secret present + non-release -> unsigned zip
         secret missing (any) -> unsigned zip

* fix(chat): drop root-level expectedArtifactDirs to satisfy chat.send schema

- Remove the unexpected property at the root of gateway task metadata.
  Keep the value nested in xworkmateTaskArtifactContract where the
  OpenClaw chat.send schema allows it (-32002: invalid chat.send params).
- Drop dead local vars and the unused asInt helper in OpenClaw task
  association parsing.
- Remove the obsolete 'sendChatMessage restarts before handling
  OpenClaw artifact guard results' test superseded by the new terminal
  artifact failure test.

* fix(ci): drop ripgrep dependency from check-no-app-ffi.sh

The Flutter verification lane runs on Ubuntu 22.04 without ripgrep
installed, so the FFI integration guard silently fell through and
printed 'No app-side Codex FFI integration artifacts found' on every
run. Replace rg with the POSIX grep -RInE that ships with the runner,
keep the same excludes (check-no-app-ffi.sh, Pods, ephemeral, build,
.dart_tool) and emit the actual offending matches so the gate fails
loudly when a forbidden reference reappears.

* Document OpenClaw artifact dirs protocol boundary

* feat: pass OpenClaw artifact dir whitelist

* Remove Patrol from macOS package

* Add OpenClaw thin adapter refactor plan

* refactor/app-thread-key

* refactor: explicitly pass openclawSessionKey in task start

* Refactor OpenClaw task integration as thin adapter

* refactor: align OpenClaw session key state flow

* chore: retire rust ffi scaffold

* docs clarify openclaw artifact workspace ownership

* ci: read release secrets from vault

* fix: merge workflow env blocks

* fix: skip remote contract on push

* fix: align OpenClaw task key flow

* chore: retrigger workflow after vault data setup

* fix: backfill OpenClaw artifacts on sidebar refresh

* fix: trim OpenClaw task prompt context

* fix: keep OpenClaw artifact sync polling

* fix: require OpenClaw artifact export before completion

* fix: unify bridge auth token for desktop connect

* fix: keep bridge token usable after sync block

* fix: accept review bridge token from account sync

* fix: keep syncing partial OpenClaw artifacts

* Improve assistant task UX

* Sync artifact sidebar with selected task

* fix: show remote desktop first-frame state

* chore: log remote desktop WebRTC stats

* Stabilize OpenClaw artifact sync

* Add AI workspace management provisioning flow

* Fix gateway dispatch test pipeline

* Harden workspace prechecks

* Add AI workspace management provisioning flow

* Fix gateway dispatch test pipeline

* Harden workspace prechecks

* Relax workspace OS checks and add YAML import/export

* Relax workspace OS checks and add YAML import/export

* Make workspace advanced configs extensible

* Make workspace advanced configs extensible

* Clarify bridge DNS precheck message

* Clarify bridge DNS precheck message

* Relax workspace prechecks and add post-deploy validation

* Relax workspace prechecks and add post-deploy validation

* Improve workspace status summary wording

* Improve workspace status summary wording

* Add default bridge save action

* Add default bridge save action

* fix: isolate remote desktop webrtc sessions

* fix: isolate remote desktop webrtc sessions

* fix: smooth remote desktop input over webrtc

* fix: smooth remote desktop input over webrtc

* feat: align workspace ready actions and naming

* feat: align workspace ready actions and naming

* fix: clear desktop first-frame overlay after decode

* fix: clear desktop first-frame overlay after decode

* fix: use renderer first-frame signal for desktop video

* fix: use renderer first-frame signal for desktop video

* fix: split desktop mouse move data channel

* fix: split desktop mouse move data channel

* fix(app): bound OpenClaw artifact sync polling

* chore: remove stale Flutter code

* feat(assistant): include attachment source paths in gateway prompts

* chore(desktop): remove advanced options panel

* fix(desktop): bound WebRTC offer wait

* feat(workspace): run remote setup script

* fix: prioritize managed bridge sync state

* feat: add explicit gateway task case hints for openclaw-gateway-e2e-regression

* fix(settings): update account panel and assistant connection state

* fix: preserve primary bridge auth token

* test: ignore transient cleanup races

* fix: allow unsigned macos CI packaging

* fix: support macos validation on bash 3

* chore: temporarily disable desktop ai workspace

* ci: move remote_contract to test gate between build and release

Reposition the remote provider contract check as a skippable test-stage
quality gate (needs: build, continue-on-error) so it can never block
build or release. release uses always() to wait without being gated.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: update macOS deployment target to 14.0 and commit pending changes

* fix(gateway): day-1 stability — stop infinite "running" and un-stoppable tasks

Symptom: a gateway turn shows "任务运行中..." forever and 停止 has no effect,
even though the OpenClaw gateway has already finished (ACP_HTTP_CONNECTION_CLOSED).

- T3: add a hard deadline to the running-handle poll branch so the client no
  longer polls forever when tasks.get keeps returning "running". Budget is
  derived from taskLoadClass (10/30/60min, aligned with the bridge) + grace;
  on timeout the turn lands in a recoverable `interrupted` state
  (OPENCLAW_RUN_POLL_TIMEOUT) prompting the user to resend.
- T4: make 停止 locally authoritative — capture the association, mark the turn
  aborted immediately (clears pending, exits the poll loop), then fire
  tasks.cancel best-effort so a hung/failed cancel RPC can't block termination.
- T6: applyGatewayChatFailureInternal now authoritatively clears the pending
  flag (both raw + normalized key). Previously runOpenClawGatewayQueuedTurnInternal's
  finally never cleared it, leaving "error shown but still running".

Full cross-repo analysis + remaining TODO in docs/cases/06.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(gateway): harden OpenClaw task recovery tests

* docs(cases/06): mark T7/T8/T9 done with impl locations & design trade-offs

Records the durable per-session run-registry implementation (bridge branch
fix/gateway-durable-run-registry): T7 gateway-unconfirmed fallback, T8 terminal
result cache, T9 DeadlineAt interrupt — with the trade-offs (no gatewayruntime
pending-map rewrite; per-session in-memory store not yet cross-restart durable;
T9 only force-terminates when the gateway is unconfirmed) and the test names that
cover each.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases): record local bridge runtime validation

* ci: refresh app workflows for node 24

* test: keep layered flutter tests aligned with repo

* test: align gateway recovery expectations

* test: stabilize assistant gateway recovery cases

* docs(cases/06): record definitive root cause — xworkmate.* gateway protocol drift

Adds the 2026-06-26 decisive finding: the bridge forwards `xworkmate.*` method
names the OpenClaw 2026.6.2 gateway does not implement (it uses native
tasks.get/list/cancel and artifacts.list/get/download). Documents the corrected
end-to-end turn timeline with the three break points (tasks.get unknown method;
{taskId}-only param shape + taskId!=runId; artifacts.* drift blocking .md delivery),
the evidence (gateway source + schema + CHANGELOG), the implemented task-lifecycle
fix, and the precisely-specified remaining work (artifact-method alignment + test
fixture migration). Corrects the earlier (wrong) "push/pull mismatch" conclusion.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases/06): correct root cause — plugin not loaded, not protocol drift

Live verification disproved the earlier "xworkmate.* protocol namespace drift"
conclusion. The xworkmate.* gateway methods are REAL — registered at runtime by
the openclaw-multi-session-plugins plugin (index.ts registerGatewayMethod). The
actual failure: the running OpenClaw gateway did not load that plugin because its
source path was the ephemeral /private/tmp/openclaw-multi-session-plugins/... and
the gateway booted (09:21) ~9h before those files were populated (18:40), so it
started with 5 plugins (no multi-session) and every xworkmate.* returned
"unknown method". Restarting the gateway loads 6 plugins and the methods work
(errors shift to plugin-level param validation).

Changes:
- Add a corrected conclusion banner up top distinguishing the primary root cause
  (plugin load) from the T1-T9 robustness hardening.
- Replace the wrong "protocol drift / native alignment" section with the
  plugin-not-loaded root cause + evidence + the abandoned-branch note
  (fix/gateway-task-protocol-alignment must NOT be merged).
- Fix failure-row 10, T13 (runtime-state check now covers gateway plugin load),
  and the landing-order to put the plugin fix as step 0.
- Cross-reference openclaw-gateway-e2e-regression/ROOT_CAUSE_ANALYSIS.md (which
  was already correct about the 4-layer chain).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases/06): definitive 4-layer chain incl. multi-session plugin + live verification

Rewrites the timeline (§1) and topology (§2) as the correct FOUR-layer chain
App → bridge → openclaw-multi-session-plugins → OpenClaw gateway, and documents the
plugin's multi-session/multi-thread role: session mapping (appThreadKey⇄openclawSessionKey),
per-(session,run) artifactScope = tasks/<sanitize(sessionKey)>/<runId>, the strict
sessionKey/runId/artifactScope triplet validation, and the expectedArtifactDirs
workspace-root fallback scan.

Live-verified against 127.0.0.1:8787 (plugin loaded, commit 2333c3e):
- session.prepare returns a real mapping; chat.send returns runId; xworkmate.tasks.get
  is handled by the plugin but returns no_native_task_record with an empty task scope
  (chain reaches the plugin layer; the agent run produced no queryable task / no file —
  a layer-4 execution/landing issue).

Adds §7 stability improvements grounded in this live run:
- S0 install the plugin from a stable path (not /private/tmp) — the primary reliability fix.
- S1 expectedArtifactDirs was [] → the plugin's workspace-root fallback is inert; bridge
  should always pass default dirs (reports/, artifacts/).
- S2 no_native_task_record status ambiguity (running vs completed-without-artifact).
- S3 sessionKey/runId/artifactScope triplet consistency (don't pre-prefix agent:main:).
- S4 runtime observability across all four layers.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases/06): S0 done — stable plugin install verified

Root cause of the plugin not loading was a symlink
~/.openclaw/extensions/openclaw-multi-session-plugins -> /tmp/... (ephemeral).
Replaced with a real dir, registered via `openclaw plugins install --force`,
restarted the gateway: now boots with "6 plugins ... openclaw-multi-session-plugins"
from the stable path, provenance warning gone, and xworkmate.session.prepare returns
the real plugin mapping (no bridge fallback). Survives restart.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(cases/06): mark S1 done — default expectedArtifactDirs (live-verified, bridge 0280893)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(gateway): harden OpenClaw polling and acceptance notes

* docs(case06): close out acceptance log

* docs(case06): reconcile TODO status + consolidated cross-repo stability backlog

- Flip stale §5 checkboxes (T1/T2/T3/T4/T6) to done with code anchors —
  they had lagged behind §2/§6 which already marked them merged.
- Add §9: authoritative full-chain status across all 4 repos' main
  (app/bridge/openclaw/playbooks HEADs), the completed stability closure,
  and the precise remaining backlog (S1 redo, S2 status ambiguity, T8b
  cross-restart persistence) with acceptance criteria + anti-regression
  recommendations.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(macos): suppress file selector deprecation warning

* docs(gateway): map durable agent terminal recovery

* docs(cases/06): 4-layer chain full live evaluation — end-to-end PASS

Live-verified one gateway turn across all four layers against 8787 (bridge 188ca4b,
gateway 6 plugins): session.start → real plugin session.prepare mapping → chat.send
→ xworkmate.tasks.get returns status=completed, constraintSatisfied=True, and
summary.md (438B) actually landed in tasks/<sani(sessionKey)>/<runId>/ and is
retrievable via xworkmate.artifacts.export. All xworkmate.* gateway methods ✓.
T12 metrics all 0 (no resilience fallback needed). Supersedes the earlier
no_native_task_record observation, which was a derived symptom of the plugin not
being loaded (the S0 symlink root cause).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(artifacts): route signed downloads through active bridge

* fix(prompt): simplify gateway workspace context to avoid conflicting paths (S5)

Every gateway turn's prompt prefix injected three near-duplicate absolute paths:
currentTaskWorkspace + localWorkspace + remoteWorkspaceHint. localWorkspace is the
App's LOCAL thread dir (~/.xworkmate/threads/...) which the gateway agent cannot
access, and remoteWorkspaceHint duplicates currentTaskWorkspace. The conflicting
paths leave the agent unsure where to work and can block conversation continuation.

For gateway turns the prompt now carries only currentTaskWorkspace (the plugin owns
the artifact scope); localWorkspace is kept only for non-gateway (local agent runs
there); remoteWorkspaceHint is dropped when equal to currentTaskWorkspace. sessionKey
is kept (short, not a path). UI is unaffected (chat bubble shows the raw user message;
the prompt-debug parser only special-cases Execution context / Preferred skills /
Attached files). Tests updated; assistant_execution_target_test green (74).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(macos): close file selector type branch

* fix(gateway): keep polling undecorated running snapshots

* docs(runbooks): record gateway turn stability case

* fix(artifacts): prioritize PDF deliverables in sidebar

* fix(artifacts): prioritize PDF deliverables in sidebar

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* docs(cases): add gateway turn acceptance summary

* ci: add release/* branch source validation workflow (#19)

release/* 仅接受 hotfix/* 或带 cherry-pick/backport 标签的 PR。
详见 iac_modules/docs/tldr-github-branch-model.md

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci: run desktop integration/patrol tests under xvfb (#22)

Headless Linux runners have no display, so 'flutter test integration_test'
fails to launch the GTK app ('The log reader stopped unexpectedly, or never
started'). Wrap integration/patrol layers in xvfb-run with a 24-bit screen
and install xvfb + mesa DRI driver for headless GL. macOS/local runs are
unaffected (no xvfb-run -> command runs directly).

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: reveal artifact files without blocking

* fix: reveal artifact files without blocking (#20)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* Release/v1.1.5 (#25)

* ci: backport release/* source validation workflow to release/v1.1.5 (#21)

让现有 release/v1.1.5 分支自身包含门禁 workflow（pull_request_target 用 base 分支版本）。
详见 iac_modules/docs/tldr-github-branch-model.md

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix: reveal artifact files without blocking (#24)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

---------

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* chore: update tested linux labels (#23)

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>

* chore: sync app version to 1.1.5

---------

Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Cowork 3P <cowork-3p@localhost>
Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix(assistant): keep manual bridge usable when signed out of svc.plus

The gateway connection resolver short-circuited to "请先登录 svc.plus"
whenever the account was signed out, before checking whether a manual
bridge was configured or whether capability discovery was still running.
A saved manual bridge could therefore never be used while signed out.

- Only emit the signed-out prompt when neither an account session nor a
  manual bridge is configured (`!accountSignedIn && !bridgeConfigured`).
- Gate the sync-blocked branch on `accountSignedIn` so it no longer
  hijacks the manual-bridge discovery path.

Adds tests covering manual-bridge discovery and discovery-failure while
signed out. See docs/cases/manual-bridge-login-state/README.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* security(docs): remove plaintext review credentials, inject from .env

The svc.plus review password and the two bridge tokens were committed in
plaintext across the manual case / API test docs. Replace every value
with a `.env` / secret-store reference and add a tracked .env.example
template. Harden .gitignore (.env.*, *.local.env, secrets.env) while
keeping !.env.example.

Note: git history was rewritten separately to purge the leaked values;
the credentials must be rotated regardless.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore(security): add gitleaks config allowlisting vendored/test fixtures

Suppress false positives so `gitleaks detect` is clean:
- third_party/* (cargokit ships a public binary-verification key)
- workspace_management_unit_test.dart (obfuscated "token" fixture)
- gatewayruntime/runtime_test.go (hardcoded "device-1" test key pair)

Real leaked secrets are purged from history, not allowlisted.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(assistant): keep manual bridge usable when signed out of svc.plus

The gateway connection resolver short-circuited to "请先登录 svc.plus"
whenever the account was signed out, before checking whether a manual
bridge was configured or whether capability discovery was still running.
A saved manual bridge could therefore never be used while signed out.

- Only emit the signed-out prompt when neither an account session nor a
  manual bridge is configured (`!accountSignedIn && !bridgeConfigured`).
- Gate the sync-blocked branch on `accountSignedIn` so it no longer
  hijacks the manual-bridge discovery path.

Adds tests covering manual-bridge discovery and discovery-failure while
signed out. See docs/cases/manual-bridge-login-state/README.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore(security): remove historical secret fixtures

* ci(release): load Vault secrets per-platform in build matrix

The build matrix loaded all 17 signing secrets in one shared block for
every platform. vault-action's ignoreNotFound only suppresses path-level
404s, not field-level "No match data" errors, so a single missing field
(e.g. APPLE_MAC_PROVISION_PROFILE_BASE64) failed every leg — including
linux/windows/android that need no Apple secrets.

Split the load into per-OS-family steps gated by matrix.platform:
- Apple (macos/ios): Apple cert + provisioning + keychain + export method
- Windows: WINDOWS_PFX_* + codesign subject
- Android: ANDROID_KEYSTORE_* + key alias/password
Linux requests nothing.

Also drop APP_STORE_CONNECT_* from the build matrix: only
testflight_upload.sh consumes them and it runs in the release job, which
loads them itself. The build matrix no longer depends on them.

Add shell: bash to the Export step (its `{ … } >> $GITHUB_ENV` brace
syntax is bash-only and would fail under the default pwsh on windows).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* ci: load Vault secrets per-platform in build matrix (#43)

The build matrix loaded every signing secret in one shared block for all
platforms. vault-action's ignoreNotFound only suppresses path-level 404s,
not field-level "No match data" errors, so a single missing field failed
every leg — including linux/windows/android that need no Apple secrets.

Split the load into per-OS-family steps gated by matrix.platform (Apple
for macos/ios, Windows, Android); linux requests nothing. Add shell: bash
to the Export step (its `{ … } >> $GITHUB_ENV` brace syntax is bash-only
and would fail under the default pwsh on windows).

Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* feat: add one-line XWorkmate installer (#42)

Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>

---------

Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Cowork 3P <cowork-3p@localhost>

2026-06-29 15:58:04 +08:00

18 KiB

Raw Blame History

云端账号与 XWorkmate Bridge 连接手动 Case

本文档整理 Apple 审核专用只读账号、svc.plus 云端同步、以及公网 / 本地 xworkmate-bridge 接入的手动验证用例。

1. 测试账号与连接参数

凭据注入约定（必读）：本文档不保存任何明文密码或 Token。所有 secret 从本地 .env （已 gitignore）或 secret store 注入，变量名见仓库根目录 .env.example。执行用例前先 set -a; source .env; set +a，下表只记录变量名与非敏感的端点信息。

1.1 云端账号

项目	内容
账号类型	只读评审账号（Apple 审核专用）
服务地址	`https://accounts.svc.plus`
邮箱 / 账号	`review@svc.plus`
密码	见 `.env`：`$REVIEW_ACCOUNT_LOGIN_PASSWORD`（勿写明文）

1.2 公网 xworkmate-bridge 组合 1

环境变量	值
`BRIDGE_SERVER_URL`	`https://xworkmate-bridge.svc.plus`
`BRIDGE_AUTH_TOKEN`	见 `.env`：`$BRIDGE_AUTH_TOKEN`（勿写明文）

1.3 公网 xworkmate-bridge 组合 2

环境变量	值
`BRIDGE_SERVER_URL`	`https://xworkmate-bridge.svc.plus`
`BRIDGE_REVIEW_AUTH_TOKEN`	见 `.env`：`$BRIDGE_REVIEW_AUTH_TOKEN`（勿写明文）

1.4 本地 xworkmate-bridge

环境变量	值
`BRIDGE_SERVER_URL`	`http://127.0.0.1:8787`
`BRIDGE_AUTH_TOKEN`	见 `.env`：`$BRIDGE_AUTH_TOKEN`（勿写明文）

2. 通用证据记录要求

每个 case 执行后建议记录：

当前 App 版本 / 构建号
当前平台与网络环境
当前入口：Settings -> Integrations
当前页签：svc.plus 云端同步 或 AI 智能体工作空间
服务地址 / Bridge 地址
token 类型：BRIDGE_AUTH_TOKEN 或 BRIDGE_REVIEW_AUTH_TOKEN
连接测试结果摘要
是否出现 secret 明文
截图点：保存前、保存后、重新进入设置页

3. 五类典型任务

以下五类任务用于验证 App 登录后能否通过当前连接方式稳定创建任务、执行技能、生成文件产物并回写到当前线程。

任务编号	类型	验收产物
CASE-001	采集最新 AI 资讯	`.md` 文件
CASE-002	附件图片制作视频	视频文件，附件图片被使用
CASE-003	安全身份演进连续图片	7 张连续风格图片
CASE-004	多平台软文矩阵	多个 `.md` 文件
CASE-005	章节拆解 + Codex + GPT images2 + PDF	汇总排版后的 PDF

`TASK-CASE-001` 采集最新 AI 资讯并保存 Markdown

输入提示词

采集最新AI资讯，保存在md文件

期望结果
- 任务能联网采集最新 AI 资讯
- 结果保存为 Markdown 文件
- 线程结果区展示文件产物
- Markdown 内包含标题、来源、摘要和时间信息
建议记录项
- 任务线程 ID
- 输出 .md 文件路径
- 资讯来源数量
- 截图点：任务完成后的 artifact 区域

`TASK-CASE-002` 附件图片制作视频

前置条件
- 当前线程上传至少 1 张图片附件
输入提示词

制作视频，附件带有图片

期望结果
- 任务识别并使用用户上传的图片附件
- 输出视频文件
- 失败时错误信息明确说明缺少图片、视频生成失败或依赖不可用
- 产物归属当前线程 workspace
建议记录项
- 附件图片文件名
- 输出视频路径
- 视频时长和分辨率
- 截图点：附件与视频产物

`TASK-CASE-003` 安全身份演进连续 7 张图片

输入提示词

从单机权限 → 网络边界 → Web安全 → 云身份 → Zero Trust → AI Agent 身份 → AI模型与知识保护 演进，连续制作 7 张一系列图片

期望结果
- 输出 7 张图片
- 7 张图片主题分别覆盖：单机权限、网络边界、Web 安全、云身份、Zero Trust、AI Agent 身份、AI 模型与知识保护
- 图片风格、尺寸、命名方式保持连续一致
- 线程结果区能看到完整图片系列
建议记录项
- 7 张图片路径
- 图片尺寸
- 是否存在缺图或主题错位
- 截图点：图片系列列表

`TASK-CASE-004` 安全身份演进多平台软文矩阵

输入提示词

围绕 从单机权限 → 网络边界 → Web安全 → 云身份 → Zero Trust → AI Agent 身份 → AI模型与知识保护 演进

1. 输出Markdown格式文件， 微信公众号短图文  400-600字 插入关键词的软文
2. 输出Markdown格式文件， 小红书风格        600-800字 插入钩子话题的软文
3. 输出Markdown格式文件， X文案串           小于144字的英语 鲜明的观点
4. 输出Markdown格式文件， 微信公众号文章    800-1200字左右
5. 输出Markdown格式文件， 头条号长文        800-1200字左右

期望结果
- 输出 Markdown 格式文件
- 至少包含微信公众号短图文、小红书风格、X 文案串、微信公众号文章、头条号长文五类内容
- 字数、语言和平台风格符合输入要求
- X 文案串为英语且单条小于 144 字符
- 内容围绕同一条安全身份演进主线，不跑题
建议记录项
- 输出文件路径
- 每个平台内容字数
- X 文案字符数
- 截图点：Markdown 产物列表

`TASK-CASE-005` 安全身份演进章节拆解生成图文 PDF

输入提示词

从单机权限 → 网络边界 → Web安全 → 云身份 → Zero Trust → AI Agent 身份 → AI模型与知识保护 演进
拆章节 -> 每章调用 Codex -> 每章 GPT images2 生成图 -> 汇总排版 -> 输出 PDF

期望结果
- 任务先拆分章节，再逐章生成内容
- 每章调用 Codex 生成或整理章节文本
- 每章调用 GPT images2 生成配图
- 最终汇总排版为 PDF
- PDF 中章节顺序与演进主线一致，图片与章节内容匹配
建议记录项
- 章节清单
- 每章图片路径
- 输出 PDF 路径
- PDF 页数
- 截图点：PDF artifact 与预览页

4. 连接云端账号

`MANUAL-CLOUD-001` 只读评审账号登录

前置条件
- App 可访问 https://accounts.svc.plus
- 当前未登录，或已退出其他账号
操作步骤
1. 打开 Settings -> Integrations
2. 切换到 svc.plus 云端同步
3. 在 服务地址 输入 https://accounts.svc.plus
4. 在 邮箱或账号 输入 review@svc.plus
5. 在 密码 输入 $REVIEW_ACCOUNT_LOGIN_PASSWORD（从 .env 读取，勿写明文）
6. 点击 登录
7. 等待账号同步完成
期望结果
- 登录成功，账号状态稳定显示为已登录或同步完成
- App 不展示密码明文
- 若账号侧托管 bridge 配置可用，设置页可同步到对应连接配置
- 只读评审账号不能触发破坏性写入或管理动作
建议记录项
- 登录账号
- 服务地址
- 登录结果摘要
- 同步后的 bridge endpoint
- 截图点：登录成功后的 svc.plus 云端同步 页

`MANUAL-CLOUD-002` 退出后重新登录保持稳定

前置条件
- 已完成 MANUAL-CLOUD-001
操作步骤
1. 在设置页退出当前账号
2. 关闭或返回设置页
3. 再次进入 Settings -> Integrations -> svc.plus 云端同步
4. 使用 review@svc.plus / $REVIEW_ACCOUNT_LOGIN_PASSWORD（从 .env 读取）重新登录
5. 观察同步状态与本地配置状态
期望结果
- 退出后不会继续显示已登录状态
- 重新登录成功
- 重新登录后同步状态可恢复
- 本地已保存的手动 bridge override 不应被异常覆盖
建议记录项
- 退出前后账号状态
- 重新登录结果
- 同步前后 endpoint 对比

`MANUAL-CLOUD-TASKS-001` 云端账号登录后执行五类典型任务

前置条件
- 已完成 MANUAL-CLOUD-001
- 云端同步状态稳定
- 当前线程可创建新任务
操作步骤
1. 使用 review@svc.plus 登录 svc.plus 云端同步
2. 确认账号同步完成
3. 新建或进入一个测试线程
4. 依次执行 TASK-CASE-001 到 TASK-CASE-005
5. 每个任务完成后记录产物路径和结果摘要
期望结果
- 五类任务均能在云端账号连接上下文下启动
- 任务产物均归属当前 App 线程
- 云端账号只读属性不影响正常评审用任务执行
- 执行过程中不暴露密码、session 或 bridge token 明文
建议记录项
- 登录账号
- 五类任务的线程 ID
- 五类任务的产物路径
- 失败任务的错误摘要

5. 连接公网 xworkmate-bridge

`MANUAL-BRIDGE-REMOTE-001` 公网 bridge 使用 `BRIDGE_AUTH_TOKEN`

前置条件
- 当前网络可访问 https://xworkmate-bridge.svc.plus
- 准备公网组合 1 的 BRIDGE_AUTH_TOKEN
操作步骤
1. 打开 Settings -> Integrations
2. 切换到 AI 智能体工作空间
3. 在 Bridge 地址 输入 https://xworkmate-bridge.svc.plus
4. 在 鉴权令牌 (TOKEN) 输入 $BRIDGE_AUTH_TOKEN（从 .env 读取，勿写明文）
5. 点击 保存配置
6. 重新进入设置页确认配置仍然存在
7. 发起一次需要 AI 智能体工作空间的任务，确认可建立连接
期望结果
- 配置保存成功
- 重新进入设置页时 endpoint 保持为公网 bridge 地址
- token 不以明文展示
- 任务请求走公网 bridge，而不是本地 127.0.0.1
建议记录项
- Bridge 地址
- token 类型：BRIDGE_AUTH_TOKEN
- 保存结果
- 任务执行结果摘要
- 截图点：AI 智能体工作空间 保存后的页面

`MANUAL-BRIDGE-REMOTE-002` 公网 bridge 使用 `BRIDGE_REVIEW_AUTH_TOKEN`

前置条件
- 当前网络可访问 https://xworkmate-bridge.svc.plus
- 准备公网组合 2 的 BRIDGE_REVIEW_AUTH_TOKEN
操作步骤
1. 打开 Settings -> Integrations -> AI 智能体工作空间
2. 在 Bridge 地址 输入 https://xworkmate-bridge.svc.plus
3. 在 鉴权令牌 (TOKEN) 输入 $BRIDGE_REVIEW_AUTH_TOKEN（从 .env 读取，勿写明文）
4. 点击 保存配置
5. 重新进入设置页确认配置稳定
6. 发起一次 AI 智能体工作空间任务
期望结果
- 使用 review token 也能保存并建立连接
- token 不以明文展示
- 任务侧不会把 review token 写入日志明文
- 失败时错误信息能区分网络不可达、鉴权失败和服务异常
建议记录项
- Bridge 地址
- token 类型：BRIDGE_REVIEW_AUTH_TOKEN
- 保存结果
- 连接或任务结果摘要
- 是否在页面或日志看到 secret 明文

`MANUAL-BRIDGE-REMOTE-TASKS-001` 公网 bridge 组合 1 执行五类典型任务

前置条件
- 已完成 MANUAL-BRIDGE-REMOTE-001
- 当前配置使用 BRIDGE_AUTH_TOKEN
操作步骤
1. 确认 Bridge 地址 为 https://xworkmate-bridge.svc.plus
2. 确认 token 类型为 BRIDGE_AUTH_TOKEN
3. 新建或进入一个测试线程
4. 依次执行 TASK-CASE-001 到 TASK-CASE-005
5. 每个任务完成后重新进入设置页，确认公网 bridge 配置未丢失
期望结果
- 五类任务均通过公网 bridge 组合 1 执行
- 生成 Markdown、视频、图片系列和 PDF 产物
- 任务不会回退到本地 127.0.0.1
- bridge token 不出现在页面、任务摘要或普通日志明文中
建议记录项
- token 类型
- 每类任务产物路径
- bridge 连接结果
- 是否出现 endpoint 回退

`MANUAL-BRIDGE-REMOTE-TASKS-002` 公网 bridge 组合 2 执行五类典型任务

前置条件
- 已完成 MANUAL-BRIDGE-REMOTE-002
- 当前配置使用 BRIDGE_REVIEW_AUTH_TOKEN
操作步骤
1. 确认 Bridge 地址 为 https://xworkmate-bridge.svc.plus
2. 确认 token 类型为 BRIDGE_REVIEW_AUTH_TOKEN
3. 新建或进入一个测试线程
4. 依次执行 TASK-CASE-001 到 TASK-CASE-005
5. 对比五类任务的启动、执行、产物回写是否与组合 1 一致
期望结果
- review token 能支持五类典型评审任务
- Markdown、视频、图片系列和 PDF 均能作为产物回写
- 若某类任务受权限限制失败，错误信息应明确说明鉴权或能力限制
- 不泄漏 BRIDGE_REVIEW_AUTH_TOKEN 明文
建议记录项
- token 类型
- 五类任务结果摘要
- 失败任务错误码或错误文案
- 截图点：最终产物列表

6. 连接本地 xworkmate-bridge

`MANUAL-BRIDGE-LOCAL-001` 本地 bridge 使用 `BRIDGE_AUTH_TOKEN`

前置条件
- 本机已启动 xworkmate-bridge
- http://127.0.0.1:8787 可访问
- 准备本地组合的 BRIDGE_AUTH_TOKEN
操作步骤
1. 打开 Settings -> Integrations -> AI 智能体工作空间
2. 在 Bridge 地址 输入 http://127.0.0.1:8787
3. 在 鉴权令牌 (TOKEN) 输入 $BRIDGE_AUTH_TOKEN（从 .env 读取，勿写明文）
4. 点击 保存配置
5. 发起一次 AI 智能体工作空间任务
6. 对照本地 bridge 日志确认请求到达
期望结果
- 配置保存成功
- 任务请求命中本地 bridge
- 页面不会把公网 bridge 与本地 bridge endpoint 混用
- 重新进入设置页后仍显示本地 bridge 地址
建议记录项
- 本地 bridge 监听地址
- App 保存结果
- 本地 bridge 日志摘要
- 任务结果摘要

`MANUAL-BRIDGE-LOCAL-002` 本地 bridge 未启动时的错误提示

前置条件
- 本地 xworkmate-bridge 未启动
- 设置页使用 http://127.0.0.1:8787
操作步骤
1. 打开 Settings -> Integrations -> AI 智能体工作空间
2. 保存本地 bridge 地址与 token
3. 发起一次 AI 智能体工作空间任务
4. 观察页面错误提示
期望结果
- 保存配置可完成，或给出明确的连接失败提示
- 任务失败信息明确指向本地 bridge 不可达
- 不会自动回退到公网 bridge
- 不会清空用户刚输入的本地配置
建议记录项
- 错误提示文案
- 任务失败摘要
- 设置页配置是否保留

`MANUAL-BRIDGE-LOCAL-TASKS-001` 本地 bridge 执行五类典型任务

前置条件
- 已完成 MANUAL-BRIDGE-LOCAL-001
- 本地 xworkmate-bridge 保持运行
操作步骤
1. 确认 Bridge 地址 为 http://127.0.0.1:8787
2. 新建或进入一个测试线程
3. 依次执行 TASK-CASE-001 到 TASK-CASE-005
4. 每个任务完成后对照本地 bridge 日志
5. 重新进入设置页确认本地 bridge 地址仍然保留
期望结果
- 五类任务请求均命中本地 bridge
- 任务产物正常回写到当前线程
- 断网或公网不可用时，本地 bridge 任务仍按本地能力给出明确结果
- 不会自动切换到公网 bridge
建议记录项
- 本地 bridge 日志摘要
- 五类任务产物路径
- 是否发生公网 endpoint 混用
- 截图点：设置页与任务产物

7. 云端同步与手动配置共存

`MANUAL-BRIDGE-MIXED-001` 云端账号登录后切换公网 bridge 手动配置

前置条件
- 已使用 review@svc.plus 登录
- 云端同步状态稳定
操作步骤
1. 登录 svc.plus 云端同步
2. 切换到 AI 智能体工作空间
3. 手动输入公网 bridge 组合 1
4. 点击 保存配置
5. 返回主页面后重新进入设置页
期望结果
- 手动 bridge 配置保存成功
- 云端账号登录状态不丢失
- 本地手动配置不会被同一轮页面刷新异常覆盖
- 页面能区分云端同步状态与 AI 智能体工作空间连接状态
建议记录项
- 登录账号
- 同步状态
- 手动配置 endpoint
- 重新进入设置页后的 endpoint

`MANUAL-BRIDGE-MIXED-002` 公网 bridge 与本地 bridge 来回切换

前置条件
- 公网 bridge 可访问
- 本地 bridge 可按需启动
操作步骤
1. 保存公网 bridge 组合 1
2. 发起一次任务并记录结果
3. 切换为本地 bridge 组合
4. 发起一次任务并记录结果
5. 再次切换回公网 bridge 组合 2
6. 重新进入设置页确认最终配置
期望结果
- 每次切换后 endpoint 与 token 类型都按用户最后一次保存生效
- 任务请求不会继续使用旧 endpoint
- 页面不会出现公网 / 本地配置交叉污染
- 最终配置以最后一次保存为准
建议记录项
- 三次保存的 endpoint
- 三次任务结果摘要
- 最终设置页截图

8. 回归覆盖矩阵

测试编号	云端账号	公网 Bridge	本地 Bridge	Secret 隐藏	配置持久化
MANUAL-CLOUD-001	✅	✅	-	✅	✅
MANUAL-CLOUD-002	✅	✅	-	✅	✅
MANUAL-CLOUD-TASKS-001	✅	✅	-	✅	✅
MANUAL-BRIDGE-REMOTE-001	-	✅	-	✅	✅
MANUAL-BRIDGE-REMOTE-002	-	✅	-	✅	✅
MANUAL-BRIDGE-REMOTE-TASKS-001	-	✅	-	✅	✅
MANUAL-BRIDGE-REMOTE-TASKS-002	-	✅	-	✅	✅
MANUAL-BRIDGE-LOCAL-001	-	-	✅	✅	✅
MANUAL-BRIDGE-LOCAL-002	-	-	✅	✅	✅
MANUAL-BRIDGE-LOCAL-TASKS-001	-	-	✅	✅	✅
MANUAL-BRIDGE-MIXED-001	✅	✅	-	✅	✅
MANUAL-BRIDGE-MIXED-002	-	✅	✅	✅	✅

9. 典型任务覆盖矩阵

连接方式	CASE-001 AI 资讯 MD	CASE-002 图片视频	CASE-003 7 图系列	CASE-004 软文矩阵	CASE-005 图文 PDF
云端账号	✅	✅	✅	✅	✅
公网 bridge 组合 1	✅	✅	✅	✅	✅
公网 bridge 组合 2	✅	✅	✅	✅	✅
本地 bridge	✅	✅	✅	✅	✅

注意：以上密码 / token 均为评审 / 测试用途，仅从 .env（已 gitignore）或 secret store 注入，禁止明文写入本文档、git 历史、公开 issue、公开日志或截图备注。一旦发生明文泄漏，先轮换凭据，再清理。

18 KiB Raw Blame History Unescape Escape

云端账号与 XWorkmate Bridge 连接手动 Case

1. 测试账号与连接参数

1.1 云端账号

1.2 公网 xworkmate-bridge 组合 1

1.3 公网 xworkmate-bridge 组合 2

1.4 本地 xworkmate-bridge

2. 通用证据记录要求

3. 五类典型任务

TASK-CASE-001 采集最新 AI 资讯并保存 Markdown

TASK-CASE-002 附件图片制作视频

TASK-CASE-003 安全身份演进连续 7 张图片

TASK-CASE-004 安全身份演进多平台软文矩阵

TASK-CASE-005 安全身份演进章节拆解生成图文 PDF

4. 连接云端账号

MANUAL-CLOUD-001 只读评审账号登录

MANUAL-CLOUD-002 退出后重新登录保持稳定

MANUAL-CLOUD-TASKS-001 云端账号登录后执行五类典型任务

5. 连接公网 xworkmate-bridge

MANUAL-BRIDGE-REMOTE-001 公网 bridge 使用 BRIDGE_AUTH_TOKEN

MANUAL-BRIDGE-REMOTE-002 公网 bridge 使用 BRIDGE_REVIEW_AUTH_TOKEN

MANUAL-BRIDGE-REMOTE-TASKS-001 公网 bridge 组合 1 执行五类典型任务

MANUAL-BRIDGE-REMOTE-TASKS-002 公网 bridge 组合 2 执行五类典型任务

6. 连接本地 xworkmate-bridge

MANUAL-BRIDGE-LOCAL-001 本地 bridge 使用 BRIDGE_AUTH_TOKEN

MANUAL-BRIDGE-LOCAL-002 本地 bridge 未启动时的错误提示

MANUAL-BRIDGE-LOCAL-TASKS-001 本地 bridge 执行五类典型任务

7. 云端同步与手动配置共存

MANUAL-BRIDGE-MIXED-001 云端账号登录后切换公网 bridge 手动配置

MANUAL-BRIDGE-MIXED-002 公网 bridge 与本地 bridge 来回切换

8. 回归覆盖矩阵

9. 典型任务覆盖矩阵

18 KiB

Raw Blame History

`TASK-CASE-001` 采集最新 AI 资讯并保存 Markdown

`TASK-CASE-002` 附件图片制作视频

`TASK-CASE-003` 安全身份演进连续 7 张图片

`TASK-CASE-004` 安全身份演进多平台软文矩阵

`TASK-CASE-005` 安全身份演进章节拆解生成图文 PDF

`MANUAL-CLOUD-001` 只读评审账号登录

`MANUAL-CLOUD-002` 退出后重新登录保持稳定

`MANUAL-CLOUD-TASKS-001` 云端账号登录后执行五类典型任务

`MANUAL-BRIDGE-REMOTE-001` 公网 bridge 使用 `BRIDGE_AUTH_TOKEN`

`MANUAL-BRIDGE-REMOTE-002` 公网 bridge 使用 `BRIDGE_REVIEW_AUTH_TOKEN`

`MANUAL-BRIDGE-REMOTE-TASKS-001` 公网 bridge 组合 1 执行五类典型任务

`MANUAL-BRIDGE-REMOTE-TASKS-002` 公网 bridge 组合 2 执行五类典型任务

`MANUAL-BRIDGE-LOCAL-001` 本地 bridge 使用 `BRIDGE_AUTH_TOKEN`

`MANUAL-BRIDGE-LOCAL-002` 本地 bridge 未启动时的错误提示

`MANUAL-BRIDGE-LOCAL-TASKS-001` 本地 bridge 执行五类典型任务

`MANUAL-BRIDGE-MIXED-001` 云端账号登录后切换公网 bridge 手动配置

`MANUAL-BRIDGE-MIXED-002` 公网 bridge 与本地 bridge 来回切换