docs(release): 新增 CHANGELOG.md + CONTRIBUTING.md

DeliciousBuding · claude · DeliciousBuding · commit 455d8ee9feb2 · 2026-05-27T18:10:26.000+08:00
CHANGELOG v0.1.0——Desktop/Hub/Edge/Web/Mobile 五层功能记录
CONTRIBUTING——开发流程、测试命令、安全规则、架构边界

Co-Authored-By: Claude &lt;noreply@anthropic.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,56 @@
+# Changelog
+
+## [0.1.0] — 2026-05-27
+
+### Desktop Command Center (P0)
+- Multi-runtime Agent CLI support (Claude Code, Codex, OpenCode)
+- IM-native workspace with thread-based collaboration
+- Side-by-side diff review panel with approval workflow
+- Artifact preview and run output rendering
+- Tauri 2 desktop shell with glassmorphism chat UI
+- Operational Home dashboard, settings search, Tooltip
+- Agent Profile configuration (Runtime, Model, Skill, MCP, approval policy)
+
+### Hub Server (P1-P2)
+- TokenDance ID unified login (OIDC PKCE exchange)
+- Hub-local session management with access/refresh tokens
+- IM contacts, group sessions, multi-device sync
+- Agent dispatch bridge (Web -> Hub -> Desktop -> Edge)
+- WebSocket typed events + REST JSON API (OpenAPI 3.0)
+- AgentTeam models, API, and StartTeamRun orchestration
+- Target-bound device routing and execution target inventory
+- Team run events, conflict resolution, artifact indexing
+- Approval controls queue with team decision recording
+- Runtime event history, stream validation, offline task queue
+- 78 database migrations (PostgreSQL + Redis)
+
+### Edge Server
+- Local execution node with Agent Runtime adapters (Claude Code, Codex, OpenCode)
+- Process lifecycle management, EventStore, workspace allowlist
+- Run cleanup, output budget caps, context auto-compaction engine
+- SKILL.md discovery and injection into agent adapters
+- AgentTree slot enforcement and mailbox trigger_turn
+- Prometheus metrics and health checks
+- Context budget tracking with per-child ratio enforcement
+
+### Web App
+- Browser workspace for remote viewing and approvals
+- Hub typed RunEvent replay and projection
+- Structured runtime message display
+- Ecosystem console with Hub session authentication
+
+### Mobile App
+- Tauri 2 mobile shell with independent project configuration
+- Mobile-native bubble chat, run review, approval workflow
+- Bottom navigation, activity cards, context awareness
+- i18n (zh/en)
+
+### Engineering
+- CI/CD: GitHub Actions (Go test/lint/race/vet, pnpm test/typecheck/build)
+- Cross-platform build matrix (ubuntu, windows, macos)
+- Edge >= 75% coverage, Hub >= 40% coverage (hard gate)
+- golangci-lint v2, gosec, govulncheck
+- Benchmark regression checks for events and adapters
+- Docker build verification and Docker Compose production deployment
+- Commit message format enforcement: type(scope): 中文摘要
+- Secret guard, whitespace check, CI gate policy validation
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,114 @@
+# Contributing to AgentHub
+
+## Getting Started
+
+1. Clone and checkout the development branch:
+   ```powershell
+   git clone <repo-url>
+   cd AgentHub
+   git checkout dev/delicious233
+   ```
+
+2. Run setup to enable git hooks and verify tooling:
+   ```powershell
+   # Windows
+   .\scripts\setup.ps1
+
+   # macOS / Linux
+   ./scripts/setup.sh
+   ```
+
+3. Read `AGENTS.md` for project conventions, architecture boundaries, and agent workflow rules.
+
+## Development Flow
+
+- Always branch from `dev/delicious233` (master is lagging behind).
+- Sync before starting:
+  ```powershell
+  git checkout dev/delicious233
+  git pull --ff-only
+  ```
+- Branch naming: `feat/xxx`, `fix/xxx`, `docs/xxx`, `refactor/xxx`
+- Commit format:
+  ```
+  type(scope): 中文摘要
+  ```
+  Types: `init|feat|fix|docs|refactor|chore|test|perf|ci|revert`
+- PR to `dev/delicious233`, not master directly.
+- Keep PRs small and focused. Rebase onto latest `dev/delicious233` before opening a PR.
+- Push frequently -- do not leave uncommitted changes across days.
+
+## Testing
+
+| Layer | Command |
+|-------|---------|
+| Edge Server | `cd edge-server && go test ./... -short -count=1` |
+| Hub Server | `cd hub-server && go test ./... -short -count=1` |
+| Desktop (unit) | `cd app/desktop && pnpm test` |
+| Desktop (typecheck) | `cd app/desktop && pnpm typecheck` |
+| Web (build) | `cd app/web && pnpm build` |
+| Web (typecheck) | `cd app/web && corepack.cmd pnpm typecheck` (Windows) |
+
+For Edge changes, also run:
+```powershell
+.\scripts\verify-runtime-readiness.ps1
+```
+
+For security-sensitive changes, run:
+```powershell
+..\scripts\verify-security-risks.ps1 -StrictReleaseGate
+```
+
+## Code Style
+
+| Language | Tool |
+|----------|------|
+| Go | Standard `gofmt` formatting |
+| TypeScript | Prettier + ESLint (`pnpm lint`) |
+| Styles | CSS Modules + OKLCH design tokens (`var(--primary)`, `var(--border)`) |
+
+- Documentation and commit messages in Chinese; code identifiers, paths, API fields, and CLI commands in English.
+- Use `@shared/ui` for all reusable components -- do not create duplicate local UI copies in desktop or web.
+- Run `git diff --check` before committing to catch whitespace errors.
+
+## Project Structure
+
+| Directory | Purpose |
+|-----------|---------|
+| `app/desktop/` | Tauri desktop app (port 5173) |
+| `app/mobile/` | Tauri mobile app (port 5174) |
+| `app/web/` | Web workbench (port 5175 reserved) |
+| `app/shared/` | Shared UI, types, API client (`@agenthub/shared`) |
+| `hub-server/` | Hub: accounts, IM, sync, relay (port 8090) |
+| `edge-server/` | Edge: execution node, runtime adapters (port 3210) |
+| `api/` | REST OpenAPI spec + WebSocket event contract |
+| `docs/` | Architecture, governance, operations, roadmap |
+| `scripts/` | Setup, dev start/stop, verification scripts |
+
+Desktop and Mobile are independent Tauri projects. Do not modify each other's `tauri.conf.json`, `Cargo.toml`, or `lib.rs`.
+
+## Security
+
+- Never commit `.env`, API keys, tokens, cookies, private keys, certificates, SSH configs, or production database connection strings.
+- Use `.env.example` as a template with placeholder values.
+- Server aliases (hk1, hk2, us1, gz1) must not appear in repository files.
+- Production secrets live in `.env.production` (already in `.gitignore`).
+- Check diff output for sensitive data before pushing.
+- If you accidentally commit secrets, stop pushing immediately, notify the maintainer, rotate keys, then clean up git history.
+- Report security issues privately -- do not file public issues.
+
+## Architecture Boundaries
+
+- **Agent Runtime** (what runs): Claude Code, Codex, OpenCode CLI/SDK adapters in `edge-server/internal/adapters/`
+- **Agent Profile** (who acts): User-managed agent entities combining Runtime + Model + Skill + MCP + approval policy
+- **Agent Configuration**: Rules, memory, context, chat history, working directory
+- **Execution Target** (where it runs): Local Edge, Remote Edge, Cloud Edge, Hub Relay
+
+Local execution does not require Hub. Hub enters the path for accounts, cloud IM, multi-device sync, remote viewing/approval, device routing, and relay.
+
+## Documentation
+
+- Three primary docs: product requirements, system architecture, implementation guide
+- Reference and research go in `docs/reference/`; historical proposals in `docs/archive/`
+- Before modifying APIs, read `api/README.md`, `api/openapi.yaml`, `api/events.md`
+- Before auth/i18n/Feishu changes, read the corresponding docs under `../docs/` (TokenDance workspace level)
