ContentPipe v0.8.1 — Review API + Docker Hardening

🚀 ContentPipe v0.8.1

AI 图文内容生产线 — 选题→调研→写作→配图→排版→发布，每步可交互审核。

✨ 新功能

审核 API 集成（Phase 1-3）

• 📋 结构化产物摘要 — 审核通知自动展示标题、字数、章节、配图等关键信息
• 🔧 Reject/Rollback JSON API — POST /api/runs/{id}/reject + POST /api/runs/{id}/rollback，支持来源和原因追踪
• 📡 SSE 实时事件推送 — GET /api/runs/{id}/events，支持外部客户端订阅
• 🔄 Web→Discord 反向推送 — 网页审核操作自动同步到 Discord 频道
• 💬 消息来源追踪 — source 字段区分 web/discord/api 操作

Setup & Settings

• 🧙 首次运行向导 — 3 步配置 Gateway + 模型 + 频道
• ⚙️ 完整设置页面 — Gateway/模型/频道管理 + 重新设置按钮
• 🌐 多平台频道发现 — 自动发现 Discord/飞书/KOOK/WeCom 频道
• 🔥 热重载配置 — 修改设置无需重启服务

安全与部署

• 🔒 API 速率限制 — 60/min per IP（可配置 CONTENTPIPE_RATE_LIMIT）
• 🌍 CORS 支持 — CONTENTPIPE_CORS_ORIGINS 环境变量控制
• 🔐 文件锁 — state.yaml 并发读写安全

🐛 Bug 修复

• 修复 run_dir 路径错误（3→4 parents），影响 rollback 文件清理
• 修复 Discord 通知使用不存在的 Gateway /api/message 端点，改为 Bot API 直连
• 修复 YAML 截断导致 pipeline 无限重试，新增自动修复（删尾行+补引号）
• 修复图片引擎 auto 模式只返回 Pollinations，改为优先使用付费 API
• 修复 jimeng.py 硬编码本地 Gateway URL 和 Tab ID
• 修复设置页面模型 ID 不匹配 Gateway key 字段

🐳 Docker 改进

• docker-compose.yml 挂载 config/ 和 prompts/ 目录
• 添加 /api/health 健康检查
• DISCORD_BOT_TOKEN / DISCORD_PROXY 环境变量支持（Docker 无需 openclaw.json）
• .env.example 补全 15+ 个配置变量

📦 升级指南

git pull
cp .env.example .env.local  # 对比补充新变量
./start.sh restart

Docker 用户：

git pull
cp .env.example .env  # 填入必要配置
docker compose up -d --build

Full Changelog: v0.8.0...v0.8.1

v0.8.0 — Artifact Review Architecture & Writer Convergence

🚀 What's New in v0.8.0

⚡ Core Architecture: Unified Artifact Review

The biggest change in this release — review chat now directly modifies official artifacts instead of syncing state through an intermediary. Python reads back changes and arbitrates commits.

• One node = one agent = one session = one artifact — clean separation of concerns
• Scout/Researcher/Director/Formatter all use unified _handle_artifact_review_chat() flow
• Every LLM round followed by Python read-back for safety
• .prev files saved before each modification for full diff history

✍️ Writer Convergence

• Continuous writer:main session preserves persona and voice across review rounds
• Fresh structure helper (writer-structure) extracts article structure without context pollution
• Writer prompt reframed as 微信公众号主笔 persona
• De-AI engine reframed as 终稿润色引擎 (polish, not detection evasion)

📊 Diff Support for All Nodes

• New ?node= parameter on /api/runs/{run_id}/diff endpoint
• Supports: scout, researcher, writer, director, formatter
• Review UI shows "查看本次改动 diff" button with modal viewer

🎨 Director: Closed Style System

• Style field now closed enum: tech-digital, business-finance, news-insight, lifestyle, education
• Free-form style_variant for nuance within a style category
• Template mapping moved from Python hardcode to config/template-mapping.yaml
• Caption field for reader-visible image descriptions (replaces internal purpose)

🔒 Security: WeChat Credentials via Environment

• WECHAT_APPID / WECHAT_SECRET now loaded from environment variables only
• Credentials removed from pipeline.yaml config file
• start.sh auto-sources .env.local if present
• .env.example provided as template for new deployments

🏗️ Session Generation Support

• build_contentpipe_node_session_key() supports generation parameter
• On rollback, generation increments to cut stale LLM context
• Format: contentpipe:{run_id}:{node_id}:{lane}[:g{generation}]

🧹 Cleanup

• Removed dead code (validate_chat_article_markdown, _sync_chat_to_state)
• Unified _node_session_key to single source of truth in nodes.py
• scripts/output/ and backup files added to .gitignore
• Deprecated writer-extractor.md moved to prompts/deprecated/

📚 Documentation

• Architecture docs aligned to v0.7.2+ implementation
• BUILTIN-SKILLS.md updated with Python arbitration responsibilities
• README adds configuration guide (§5.3 .env.local, §5.4 WeChat IP whitelist)

---

Full Changelog: v0.7.1...v0.8.0

v0.7.1 — release hardening, auth, CI, and deployment

ContentPipe v0.7.1 — GitHub Release Notes (Draft)

Summary

ContentPipe v0.7.1 is the first hardening release after the public repository launch.

This release makes the project substantially closer to being:

• deployable by other users
• safe to expose behind a reverse proxy
• maintainable as an open-source repository
• testable in CI

Highlights

Access control

A lightweight authentication layer was added.

You can now protect the Web UI and API with:

• CONTENTPIPE_AUTH_TOKEN
• browser login page (/login)
• API token access via X-ContentPipe-Token or Bearer token

Deployment hardening

This release adds:

• .env.example
• Dockerfile
• docker-compose.yml
• production deployment guidance in README
• reverse proxy / HTTPS example

CI and tests

A basic GitHub Actions workflow now validates the project with:

• dependency install
• python -m compileall scripts
• pytest -q

A first test suite was added for:

• auth helpers
• YAML / JSON parsing safety
• core web API behavior

Logging cleanup

The project replaces remaining print()-based operational output with structured logging, improving production readability and future observability.

Safer uploads

Image upload handling now includes lightweight validation without heavily hurting review UX:

• allowed image extensions
• MIME type checks
• size limits
• safer identifier validation

Included work

• MIT license
• security / contributing docs
• auth middleware and login page
• CI workflow
• tests
• Docker deployment files
• README production deployment section
• logging cleanup across core runtime files

Upgrade notes

If you deploy this release for other users, you should set at least:

CONTENTPIPE_AUTH_TOKEN=change-me
CONTENTPIPE_PUBLIC_BASE_URL=https://your-domain.example
OPENCLAW_GATEWAY_URL=http://host.docker.internal:18789

Suggested GitHub release title

v0.7.1 — release hardening, auth, CI, and deployment