fix: toFloat handles json.Number, CORS credentials+wildcard bug, strategy config error handling

- agent/agent.go: toFloat() now handles json.Number and int32 types to prevent silent data loss
- api/server.go: CORS fix — echo specific origin instead of '*' when credentials are enabled (browsers reject Allow-Credentials with wildcard)
- api/strategy.go: all 4 json.Unmarshal calls now check errors and return 'config_error' field instead of silently serving zero-value configs
- store/decision.go: explicitly mark best-effort unmarshal with _ = assignment for clarity
This commit is contained in:
shinchan-zhai
2026-03-23 12:10:55 +08:00
parent 2dbbc82506
commit 708ffdb7bd
4 changed files with 47 additions and 18 deletions

View File

@@ -138,9 +138,10 @@ func (db *DecisionRecordDB) toRecord() *DecisionRecord {
ErrorMessage: db.ErrorMessage,
AIRequestDurationMs: db.AIRequestDurationMs,
}
json.Unmarshal([]byte(db.CandidateCoins), &record.CandidateCoins)
json.Unmarshal([]byte(db.ExecutionLog), &record.ExecutionLog)
json.Unmarshal([]byte(db.Decisions), &record.Decisions)
// Best-effort unmarshal — empty/malformed JSON fields are left as zero values.
_ = json.Unmarshal([]byte(db.CandidateCoins), &record.CandidateCoins)
_ = json.Unmarshal([]byte(db.ExecutionLog), &record.ExecutionLog)
_ = json.Unmarshal([]byte(db.Decisions), &record.Decisions)
return record
}