fix: SSE streaming for no-tool path, batch ticker API, security & cleanup

- Fix thinkAndActStream: emit delta event for non-tool responses (was silent)
- Add fallback to streaming on first LLM call failure
- Add batch ticker endpoint /api/agent/tickers (3 API calls → 1)
- Update MarketTicker to use batch endpoint, remove unused state
- Warn loudly when JWT_SECRET uses default value
- Fix 华为 mapping (was incorrectly mapped to Tencent)
- Replace ioutil.ReadAll with safe.ReadAllLimited in nofxos client
- Remove unused variable in hyperliquid trader_account
- Wrap CoinAnk WS readers with safe.GoNamed for panic recovery
- Use 100dvh for mobile viewport in AgentChatPage
- console.log → console.warn for auth events
This commit is contained in:
shinchan-zhai
2026-03-23 14:01:11 +08:00
parent 9bb1ab8da3
commit d6dafd830e
12 changed files with 135 additions and 34 deletions

View File

@@ -89,7 +89,12 @@ func main() {
// Set JWT secret
auth.SetJWTSecret(cfg.JWTSecret)
logger.Info("🔑 JWT secret configured")
if cfg.JWTSecret == "default-jwt-secret-change-in-production" {
logger.Warn("⚠️ JWT_SECRET is using the default value — this is INSECURE for production!")
logger.Warn("⚠️ Set JWT_SECRET environment variable to a strong random secret")
} else {
logger.Info("🔑 JWT secret configured")
}
// WebSocket market monitor is NO LONGER USED
// All K-line data now comes from CoinAnk API instead of Binance WebSocket cache