Move line-walk/delta/phase2/frontend audits and legacy memory into docs/archive/, add functional development SSOT, thin AGENTS/CLAUDE stubs, and regenerate changelog/audit indexes via consolidate_docs.py.
停用 .cursor/skills 与虚拟部门分派,新增 no-department-agents 规则并更新文档索引与验收标准。
Critical runtime bugs: - terminal.html WebSSH完全不可用(URL前缀/JSON解析/Content-Type三处错误) - servers.py路由遮蔽:/logs被/{id}拦截,3个前端页面同步日志查询失败 - scripts.html startExecPoll()→startExecPolling(),长任务快速执行崩溃 - agent.py {value!r!s:.50}格式串非法,agent发非数值时ValueError - alerts.html d.daily.reduce()无null检查,API返回空数据时TypeError Resource leak / stability: - websocket.py僵尸连接未关闭TCP,文件描述符泄漏 - websocket.py _last_alert_time字典无限增长(加1小时过期清理) - asyncssh_pool.py全忙时超过MAX_CONNECTIONS无限增长 - self_monitor.py Telegram告警无冷却,宕机时每30秒刷屏 - schedule_runner.py一次性调度执行超60秒会重复触发 - 限速脚本EXPIRE每次重置窗口可绕过(改用Lua原子脚本) Security: - JWT access token加token_version声明,改密码后旧token立失效(零宽限) - INSTALL_MODE导入时常量→动态函数,安装后JWT认证不再残留禁用 - install.py /lock端点加管理员存在性验证,防止阻断安装 - ServerUpdate schema移除connectivity只读字段,防止伪造连接状态 Frontend fixes: - doExec()缺r.ok检查、commands.html null检查 - _server_to_dict()补last_checked_at+ssh_key_public - _field_match()逗号cron表达式修复 - alerts类型显示、SSH会话名称、搜索高亮定位 - 一次性/循环定时任务(run_mode+fire_at+自动禁用) Dead code removed (400+ lines): - SyncService batch_push/_push_single等5个方法(零调用者) - 5个未使用schema(SyncCommands/SyncConfig/SyncSftp/FileDeploy/PaginatedResponse) - 6个零调用service方法、3个无前端API端点 - 4个未使用import Schema migrations: - push_schedules: run_mode + fire_at列,cron_expr改NULL - servers: 7个新列 + ssh_key_private/public VARCHAR(500)→TEXT Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>