lumencode 0.4.4 → 1.1.0

package/lib/report.js

@@ -144,7 +144,17 @@ function buildGitNarrative(git, periodName) {
     const totalLines = ai.totalLinesChanged || 1;
     const aiLinePct = Math.round((ai.aiLinesChanged / totalLines) * 100);
     const commitPct = Math.round((ai.aiCommitRatio ?? (ai.aiCommits / git.commits)) * 100);
-    line += ` 其中 ${aiLinePct}% 代码变更有 AI 参与，${ai.aiCommits}/${git.commits} 提交使用 AI (${commitPct}%)。`;
+    const possibleCommitPct = ai.possibleAICommits > 0 ? Math.round((ai.possibleAICommits / git.commits) * 100) : 0;
+    const weightedPct = Math.round((ai.weightedAILineRatio || 0) * 100);
+    line += ` 高/中置信 AI 提交 ${ai.aiCommits}/${git.commits} (${commitPct}%)，`;
+    if (ai.possibleAICommits > 0) {
+      line += `可能 AI 提交 ${ai.possibleAICommits} (${possibleCommitPct}%)，`;
+    }
+    line += `AI 代码改写占比 ${aiLinePct}%`;
+    if (weightedPct > aiLinePct) {
+      line += `，加权影响力 ${weightedPct}%`;
+    }
+    line += '。';
   }
 
   return line;
@@ -433,10 +443,12 @@ function buildGitInsight(git) {
     const ai = git.aiContribution;
     const ratio = ai.aiCommitRatio ?? (ai.aiCommits ? ai.aiCommits / git.commits : 0);
     const commitPct = Math.round(ratio * 100);
+    const possiblePct = Math.round((ai.possibleAICommitRatio || 0) * 100);
     if (!isNaN(commitPct)) {
       if (commitPct > 80) insights.push('AI 参与度极高，核心代码产出几乎全程 AI 辅助');
       else if (commitPct > 50) insights.push('AI 参与度较高，超过半数提交有 AI 辅助');
-      else if (commitPct > 0) insights.push(`AI 参与 ${commitPct}% 的提交，人机协作比例适中`);
+      else if (commitPct > 0) insights.push(`高/中置信 AI 参与 ${commitPct}% 的提交，人机协作比例适中`);
+      else if (possiblePct > 0) insights.push(`无高/中置信 AI 提交，但 ${possiblePct}% 提交可能受 AI 影响`);
     }
   }
   const netLines = git.linesAdded - git.linesDeleted;
@@ -602,6 +614,10 @@ export function generateReport(usageData, gitData, period, startDate, endDate) {
       gitTable.addRow(['高置信提交', String(ai.highConfidenceCommits), '']);
       gitTable.addRow(['AI 命中文件新增行', String(ai.aiFileLinesAdded), '']);
       gitTable.addRow(['AI 命中文件删除行', String(ai.aiFileLinesDeleted), '']);
+      if (ai.possibleAICommits > 0) {
+        const possiblePct = Math.round((ai.possibleAICommits / gitData.commits) * 100);
+        gitTable.addRow(['可能 AI 提交', `${ai.possibleAICommits}/${gitData.commits}`, `${possiblePct}%`]);
+      }
       gitTable.addRow(['低置信关联提交', String(ai.lowConfidenceCommits), '']);
     }
     lines.push(gitTable.render());
@@ -900,7 +916,11 @@ export function generateFeishuCard(usageData, gitData, period, startDate, endDat
     if (gitData.aiContribution) {
       const ai = gitData.aiContribution;
       const commitPct = Math.round((ai.aiCommitRatio ?? (ai.aiCommits / gitData.commits)) * 100);
-      fields.push({ is_short: true, text: { tag: 'lark_md', content: `**AI 代码改写占比**\n${commitPct}%` } });
+      fields.push({ is_short: true, text: { tag: 'lark_md', content: `**AI 提交**\n${ai.aiCommits}/${gitData.commits} (${commitPct}%)` } });
+      if (ai.possibleAICommits > 0) {
+        const possiblePct = Math.round((ai.possibleAICommits / gitData.commits) * 100);
+        fields.push({ is_short: true, text: { tag: 'lark_md', content: `**可能 AI**\n${ai.possibleAICommits} (${possiblePct}%)` } });
+      }
     }
   }
   if (usageData.estimatedCost) {
@@ -1024,7 +1044,16 @@ export function generateBriefReport(usageData, gitData, period, startDate, endDa
       const totalLines = ai.totalLinesChanged || 1;
       const aiLinePct = Math.round((ai.aiLinesChanged / totalLines) * 100);
       const commitPct = Math.round((ai.aiCommitRatio ?? (ai.aiCommits / gitData.commits)) * 100);
-      lines.push(bullet(`${aiLinePct}% 代码变更有 AI 参与，${ai.aiCommits}/${gitData.commits} 提交使用 AI (${commitPct}%)`));
+      const possibleCommitPct = ai.possibleAICommits > 0 ? Math.round((ai.possibleAICommits / gitData.commits) * 100) : 0;
+      const weightedPct = Math.round((ai.weightedAILineRatio || 0) * 100);
+      let line = `${aiLinePct}% 代码变更有 AI 参与，${ai.aiCommits}/${gitData.commits} 提交使用 AI (${commitPct}%)`;
+      if (ai.possibleAICommits > 0) {
+        line += `，可能 AI 提交 ${ai.possibleAICommits} (${possibleCommitPct}%)`;
+      }
+      if (weightedPct > aiLinePct) {
+        line += `，加权影响力 ${weightedPct}%`;
+      }
+      lines.push(bullet(line));
     }
 
     if (gitData.commitList?.length) {
@@ -1146,16 +1175,17 @@ export function generateWorkReport(usageData, gitData, period, startDate, endDat
   const opts = typeof options === 'string'
     ? { level: 'detailed', platform: options }
     : { level: 'detailed', platform: 'default', ...options };
-  const { level, platform: fmt, tool } = opts;
-  const titlePrefix = tool && tool !== 'all' ? toolTitle(tool) : 'AI 编码助手';
+  const { level, platform: fmt, tool, projectName } = opts;
+  const toolLabel = tool && tool !== 'all' ? toolTitle(tool) : 'AI 编码助手';
+  const titlePrefix = projectName ? `${projectName} · ${toolLabel}` : toolLabel;
 
   // 简报路由
   if (level === 'brief') {
     return generateBriefReport(usageData, gitData, period, startDate, endDate, prevData, fmt, tool);
   }
   const lines = [];
-  const periodLabel = period === 'daily' ? '日报' : period === 'weekly' ? '周报' : '月报';
-  const dateLabel = period === 'monthly' ? startDate.slice(0, 7) : period === 'weekly' ? `${startDate} ~ ${endDate}` : startDate;
+  const periodLabel = period === 'daily' ? '日报' : period === 'weekly' ? '周报' : period === 'monthly' ? '月报' : '自定义';
+  const dateLabel = period === 'monthly' ? startDate.slice(0, 7) : period === 'daily' ? startDate : `${startDate} ~ ${endDate}`;
 
   lines.push(`# ${titlePrefix} 工作${periodLabel} - ${dateLabel}`);
   lines.push('');
@@ -1291,18 +1321,25 @@ export function generateWorkReport(usageData, gitData, period, startDate, endDat
         const aiLinePct = Math.round(((gitData.aiContribution?.aiLineRatio ?? gitData.aiContribution?.aiRatio) || 0) * 100);
         sectionLines.push(`- 高/中置信 AI 提交 **${totalAI}/${totalCommits}**（${aiLinePct}%），涉及 +${formatInt(aiDetail.totalAIFileAdded)}/-${formatInt(aiDetail.totalAIFileDeleted)} 行`);
 
-        if (aiDetail.explicit.length > 0) {
-          sectionLines.push(`- **显式 AI**（${aiDetail.explicit.length} 项）：${aiDetail.explicit.map(s => `\`${s}\``).join('、')}`);
+        if (gitData.aiContribution?.possibleAICommits > 0) {
+          const possiblePct = Math.round((gitData.aiContribution.possibleAICommits / totalCommits) * 100);
+          sectionLines.push(`- 可能 AI 提交 **${gitData.aiContribution.possibleAICommits}/${totalCommits}**（${possiblePct}%）`);
         }
-        if (aiDetail.sessionStrong.length > 0) {
-          sectionLines.push(`- **强关联**（${aiDetail.sessionStrong.length} 项）：${aiDetail.sessionStrong.map(s => `\`${s}\``).join('、')}`);
+        if (gitData.aiContribution?.weightedAILineRatio > 0) {
+          sectionLines.push(`- 加权 AI 影响力 **${Math.round(gitData.aiContribution.weightedAILineRatio * 100)}%**`);
         }
-        if (aiDetail.fileOverlap.length > 0) {
-          sectionLines.push(`- **文件重叠**（${aiDetail.fileOverlap.length} 项）：${aiDetail.fileOverlap.map(s => `\`${s}\``).join('、')}`);
+
+        // 汇总统计（不列出具体 commit subject，工作汇报中无阅读价值）
+        const parts = [];
+        if (aiDetail.explicit.length > 0) parts.push(`显式标记 ${aiDetail.explicit.length} 项`);
+        if (aiDetail.sessionStrong.length > 0) parts.push(`会话强关联 ${aiDetail.sessionStrong.length} 项`);
+        if (aiDetail.fileOverlap.length > 0) parts.push(`文件重叠 ${aiDetail.fileOverlap.length} 项`);
+        if (parts.length > 0) {
+          sectionLines.push(`- 归因方式：${parts.join('、')}`);
         }
         if (aiDetail.aiFiles.length > 0) {
-          const topFiles = aiDetail.aiFiles.slice(0, 8).map(f => `\`${f}\``).join('、');
-          const overflow = aiDetail.aiFiles.length > 8 ? ` 等 ${aiDetail.aiFiles.length} 个` : '';
+          const topFiles = aiDetail.aiFiles.slice(0, 5).join('、');
+          const overflow = aiDetail.aiFiles.length > 5 ? ` 等 ${aiDetail.aiFiles.length} 个` : '';
           sectionLines.push(`- **AI 涉及文件**：${topFiles}${overflow}`);
         }
         sectionLines.push('');

package/lib/server.js

@@ -4,12 +4,13 @@ import { join, extname, resolve, sep } from 'path';
 import { fileURLToPath } from 'url';
 import { saveConfig } from './config.js';
 import { generateWorkReport, generateFeishuCard } from './report.js';
-import { collectAllRecords, filterRecordsByPeriod, groupBySessions } from './aggregate.js';
+import { collectAllRecords, filterRecordsByPeriod, groupBySessions, computeUsageStats, computeTrendData, computePrevPeriodRange } from './aggregate.js';
 import { normalizeProjectPath } from './aggregate.js';
 import { invalidateFileCache } from './cache.js';
 import { invalidateGitCache, getGitStatsForMultipleReposAsync, finalizeGitStats } from './git.js';
 import { identifyBillingBlocks } from './blocks.js';
 import { detectAvailableTools, parseAllEnabledTools } from './parsers/index.js';
+import { isAssistantRecord, getInputTokens, getOutputTokens } from './record-utils.js';
 
 // basename 提取，兼容不同路径格式
 function getProjectBaseName(p) {
@@ -19,6 +20,13 @@ function getProjectBaseName(p) {
 
 const __dirname = fileURLToPath(new URL('..', import.meta.url));
 
+// 读取应用版本号（必须在 __dirname 定义之后）
+let appVersion = '0.0.0';
+try {
+  const pkg = JSON.parse(readFileSync(join(__dirname, 'package.json'), 'utf8'));
+  appVersion = pkg.version || '0.0.0';
+} catch {}
+
 const MIME = {
   '.html': 'text/html',
   '.css': 'text/css',
@@ -39,6 +47,61 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
 
   const PORT = process.env.LUMENCODE_PORT || 4567;
 
+  // ── 解析结果级缓存（避免同一秒内多次全量解析） ──
+  let _parsedCache = null;
+  let _parsedCacheKey = '';
+  let _parsedCacheExpire = 0;
+  const PARSED_CACHE_TTL = 30_000; // 30s
+
+  // ── 查询结果缓存（按查询条件缓存 buildReportData 结果） ──
+  const _reportCache = new Map();
+  const REPORT_CACHE_TTL = 30_000; // 30s
+  const REPORT_CACHE_MAX_SIZE = 50;
+
+  function getReportCacheKey(period, date, tool, customStart, customEnd, format) {
+    return `${period}|${date}|${tool || 'all'}|${customStart || ''}|${customEnd || ''}|${format || 'json'}`;
+  }
+
+  function getCachedReport(cacheKey) {
+    const cached = _reportCache.get(cacheKey);
+    if (cached && Date.now() < cached.expire) return cached.data;
+    _reportCache.delete(cacheKey);
+    return null;
+  }
+
+  function setCachedReport(cacheKey, data) {
+    _reportCache.set(cacheKey, { data, expire: Date.now() + REPORT_CACHE_TTL });
+    // LRU: 超出限制时删除最早的条目
+    while (_reportCache.size > REPORT_CACHE_MAX_SIZE) {
+      const oldest = _reportCache.keys().next().value;
+      _reportCache.delete(oldest);
+    }
+  }
+
+  function invalidateReportCache() {
+    _reportCache.clear();
+  }
+
+  function getCachedParse(config, includeProjects) {
+    const key = `${config.claudeDir}|${includeProjects?.join(',') || ''}`;
+    const now = Date.now();
+    if (_parsedCache && _parsedCacheKey === key && now < _parsedCacheExpire) return _parsedCache;
+    return null;
+  }
+
+  async function getOrParse(config, includeProjects) {
+    const cached = getCachedParse(config, includeProjects);
+    if (cached) return cached;
+    const result = await parseAllEnabledTools(config, {
+      excludeProjects: config.excludeProjects,
+      includeProjects,
+    });
+    _parsedCache = result;
+    _parsedCacheKey = `${config.claudeDir}|${includeProjects?.join(',') || ''}`;
+    _parsedCacheExpire = Date.now() + PARSED_CACHE_TTL;
+    return result;
+  }
+
   const server = createServer(async (req, res) => {
     const url = new URL(req.url, `http://localhost:${PORT}`);
 
@@ -46,16 +109,22 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
     res.setHeader('X-Content-Type-Options', 'nosniff');
     res.setHeader('X-Frame-Options', 'DENY');
     res.setHeader('Referrer-Policy', 'no-referrer');
+    res.setHeader('X-XSS-Protection', '1; mode=block');
+    res.setHeader('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
 
     // API endpoint
     if (url.pathname === '/api/tools') {
       try {
         const tools = await detectAvailableTools(config);
         const enabled = config.enabledTools || tools.filter(t => t.detected).map(t => t.name);
-        const result = tools.map(({ name, displayName, detected, version }) => ({
-          name, displayName, detected, version,
-          enabled: enabled.includes(name),
-        }));
+        const result = {
+          appName: 'LumenCode',
+          appVersion: 'v' + appVersion,
+          tools: tools.map(({ name, displayName, detected, version }) => ({
+            name, displayName, detected, version,
+            enabled: enabled.includes(name),
+          })),
+        };
         res.writeHead(200, { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': 'http://localhost:' + PORT });
         res.end(JSON.stringify(result));
       } catch (err) {
@@ -67,10 +136,40 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
     }
 
     if (url.pathname === '/api/report') {
-      const period = url.searchParams.get('period') || 'daily';
+      const VALID_PERIODS = ['daily', 'weekly', 'monthly', 'custom'];
+      const rawPeriod = url.searchParams.get('period') || 'daily';
+      if (!VALID_PERIODS.includes(rawPeriod)) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: `无效的 period 参数，可选值：${VALID_PERIODS.join('/')}` }));
+        return;
+      }
+      const period = rawPeriod;
       const date = url.searchParams.get('date') || new Date().toISOString().slice(0, 10);
       const format = url.searchParams.get('format') || 'json';
       const tool = url.searchParams.get('tool') || 'all';
+      const customStart = url.searchParams.get('start') || '';
+      const customEnd = url.searchParams.get('end') || '';
+      const includeProjects = computeIncludeProjects(config);
+
+      // Validate custom range
+      if (period === 'custom') {
+        if (!customStart || !customEnd || !/^\d{4}-\d{2}-\d{2}$/.test(customStart) || !/^\d{4}-\d{2}-\d{2}$/.test(customEnd)) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: '自定义周期需要 start 和 end 参数 (YYYY-MM-DD)' }));
+          return;
+        }
+        if (customStart > customEnd) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: '起始日期不能晚于结束日期' }));
+          return;
+        }
+        const spanMs = new Date(customEnd) - new Date(customStart);
+        if (spanMs > 90 * 86400000) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: '自定义周期最长 90 天' }));
+          return;
+        }
+      }
 
       // 未配置时返回友好提示
       if (!config.claudeDir || !existsSync(config.claudeDir)) {
@@ -83,7 +182,21 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
       }
 
       try {
-        const data = await buildReportData(period, date, config, computeIncludeProjects(config), tool);
+        // 查询结果缓存：相同条件直接返回缓存
+        const reportCacheKey = getReportCacheKey(period, date, tool, customStart, customEnd, format);
+        let data = getCachedReport(reportCacheKey);
+        if (data) {
+          res.writeHead(200, {
+            'Content-Type': 'application/json',
+            'Access-Control-Allow-Origin': 'http://localhost:' + PORT,
+            'X-Cache': 'HIT',
+          });
+          res.end(JSON.stringify(data));
+          return;
+        }
+
+        const parsed = await getOrParse(config, includeProjects);
+        data = await buildReportData(period, date, config, includeProjects, tool, parsed, { customStart, customEnd });
         if (!data) {
           res.writeHead(200, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({
@@ -97,6 +210,7 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
           const platform = url.searchParams.get('platform') || 'default';
           const level = url.searchParams.get('level') || 'detailed';
           const feishuCard = url.searchParams.get('feishuCard') === 'true';
+          const project = url.searchParams.get('project') || '';
 
           if (feishuCard) {
             const card = generateFeishuCard(data.usageStats, data.gitStats, period, data.start, data.end, tool);
@@ -105,7 +219,51 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
             return;
           }
 
-          const markdown = generateWorkReport(data.usageStats, data.gitStats, period, data.start, data.end, data.prevStats, { level, platform, tool });
+          // 单项目报告：过滤记录后重新计算统计
+          let projUsageStats = data.usageStats;
+          let projGitStats = data.gitStats;
+          let projPrevStats = data.prevStats;
+          let projectName = '';
+
+          if (project) {
+            const { records: allRecords } = parsed;
+            const toolRecords = tool !== 'all' ? allRecords.filter(r => r.tool === tool) : allRecords;
+            // basename 匹配
+            const projRecords = toolRecords.filter(r => {
+              return getProjectBaseName(r.project) === project;
+            });
+            const { filtered: projFiltered, start: pStart, end: pEnd } = filterRecordsByPeriod(projRecords, period, date, { customStart, customEnd });
+            projUsageStats = projFiltered.length > 0 ? computeUsageStats(projFiltered, config.scenarioKeywords, config.costMode) : { requestCount: 0, projects: {} };
+            projectName = project;
+
+            // 上一周期
+            const prevRange = computePrevPeriodRange(period, date, { customStart, customEnd });
+            const prevProjFiltered = projRecords.filter(r => {
+              if (!r.timestamp) return false;
+              const d = r.timestamp.slice(0, 10);
+              return d >= prevRange.start && d <= prevRange.end;
+            });
+            projPrevStats = prevProjFiltered.length > 0 ? computeUsageStats(prevProjFiltered, config.scenarioKeywords, config.costMode) : null;
+
+            // 单项目 Git 统计
+            if (config.repos?.length > 0) {
+              const matchedRepo = config.repos.find(r => getProjectBaseName(r) === project);
+              if (matchedRepo) {
+                try {
+                  const { getGitStatsAsync } = await import('./git.js');
+                  const sessions = groupBySessions(projFiltered);
+                  const { finalizeGitStats, getGitStatsForMultipleReposAsync } = await import('./git.js');
+                  let repoGit = await getGitStatsForMultipleReposAsync([matchedRepo], pStart, pEnd + 'T23:59:59');
+                  repoGit = finalizeGitStats(repoGit, sessions);
+                  projGitStats = repoGit;
+                } catch {}
+              }
+            } else {
+              projGitStats = null;
+            }
+          }
+
+          const markdown = generateWorkReport(projUsageStats, projGitStats, period, data.start, data.end, projPrevStats, { level, platform, tool, projectName });
           res.writeHead(200, {
             'Content-Type': 'text/plain; charset=utf-8',
             'Access-Control-Allow-Origin': 'http://localhost:' + PORT,
@@ -151,9 +309,13 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
           };
         }
 
+        // 写入查询结果缓存
+        setCachedReport(reportCacheKey, data);
+
         res.writeHead(200, {
           'Content-Type': 'application/json',
           'Access-Control-Allow-Origin': 'http://localhost:' + PORT,
+          'X-Cache': 'MISS',
         });
         res.end(JSON.stringify(data));
       } catch (err) {
@@ -170,10 +332,7 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
       const project = url.searchParams.get('project') || '';
       const tool = url.searchParams.get('tool') || '';
       try {
-        const { records: allRecords } = await parseAllEnabledTools(config, {
-          excludeProjects: config.excludeProjects,
-          includeProjects: computeIncludeProjects(config),
-        });
+        const { records: allRecords } = await getOrParse(config, computeIncludeProjects(config));
         const { filtered, start, end } = filterRecordsByPeriod(allRecords, period, date);
         const tooledRecords = tool ? filtered.filter(r => r.tool === tool) : filtered;
         // basename 匹配，兼容不同工具的路径格式差异
@@ -183,11 +342,8 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
         // 附加 commits 信息（若配置了 repos），按覆盖项目过滤，扩展窗口匹配跨天提交
         if (config.repos?.length) {
           try {
-            const coveredBases = new Set(projected.map(r => {
-              const p = r.project || '';
-              return p.replace(/\\/g, '/').replace(/\/$/, '').split('/').pop();
-            }).filter(Boolean));
-            const sessionRepos = config.repos.filter(r => coveredBases.has(r.replace(/\\/g, '/').replace(/\/$/, '').split('/').pop()));
+            const coveredBases = new Set(projected.map(r => getProjectBaseName(r.project)).filter(Boolean));
+            const sessionRepos = config.repos.filter(r => coveredBases.has(getProjectBaseName(r)));
             if (sessionRepos.length > 0) {
               const extEnd = new Date(end);
               extEnd.setDate(extEnd.getDate() + 2);
@@ -237,24 +393,20 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
       const dimension = url.searchParams.get('dimension') || '';
       const key = url.searchParams.get('key') || '';
       try {
-        const { records: allRecords } = await parseAllEnabledTools(config, {
-          excludeProjects: config.excludeProjects,
-          includeProjects: computeIncludeProjects(config),
-        });
+        const { records: allRecords } = await getOrParse(config, computeIncludeProjects(config));
         const { filtered } = filterRecordsByPeriod(allRecords, period, date);
         let result = [];
         if (dimension === 'model') {
           const modelRecords = filtered.filter(r => {
-            const isAssistant = r.metadata?.type === 'assistant' || (r.tool === 'codex') || (r.tool === 'opencode' && r.metadata?.role !== 'user') || (r.type === 'assistant' && !r.tool);
-            return isAssistant && (r.model || '') === key;
+            return isAssistantRecord(r) && (r.model || '') === key;
           });
           const dailyMap = {};
           for (const r of modelRecords) {
             const d = r.timestamp.slice(0, 10);
             if (!dailyMap[d]) dailyMap[d] = { date: d, requests: 0, inputTokens: 0, outputTokens: 0 };
             dailyMap[d].requests++;
-            dailyMap[d].inputTokens += r.inputTokens || r.tokens?.input || 0;
-            dailyMap[d].outputTokens += r.outputTokens || r.tokens?.output || 0;
+            dailyMap[d].inputTokens += getInputTokens(r);
+            dailyMap[d].outputTokens += getOutputTokens(r);
           }
           result = Object.values(dailyMap).sort((a, b) => a.date.localeCompare(b.date));
         } else if (dimension === 'scenario') {
@@ -291,10 +443,7 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
       const period = url.searchParams.get('period') || 'daily';
       const date = url.searchParams.get('date') || new Date().toISOString().slice(0, 10);
       try {
-        const { records: allRecords } = await parseAllEnabledTools(config, {
-          excludeProjects: config.excludeProjects,
-          includeProjects: computeIncludeProjects(config),
-        });
+        const { records: allRecords } = await getOrParse(config, computeIncludeProjects(config));
         const { filtered } = filterRecordsByPeriod(allRecords, period, date);
         const blocks = identifyBillingBlocks(filtered, 5, config.costMode);
         res.writeHead(200, { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': 'http://localhost:' + PORT });
@@ -344,7 +493,7 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
           try {
             const newConfig = JSON.parse(body);
             // 路径字段验证：必须是字符串且路径存在或为空
-            const validatePath = (v) => typeof v === 'string';
+            const validatePath = (v) => typeof v === 'string' && !v.includes('..') && !/[`$|;&<>!\n\r]/.test(v) && v.length < 500;
             if (newConfig.claudeDir !== undefined) { if (!validatePath(newConfig.claudeDir)) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'claudeDir 格式无效' })); return; } config.claudeDir = newConfig.claudeDir; }
             if (newConfig.codexDir !== undefined) { if (!validatePath(newConfig.codexDir)) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'codexDir 格式无效' })); return; } config.codexDir = newConfig.codexDir; }
             if (newConfig.opencodeDir !== undefined) { if (!validatePath(newConfig.opencodeDir)) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ error: 'opencodeDir 格式无效' })); return; } config.opencodeDir = newConfig.opencodeDir; }
@@ -354,6 +503,8 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
             if (newConfig.scenarioKeywords !== undefined) config.scenarioKeywords = newConfig.scenarioKeywords;
             invalidateFileCache();
             invalidateGitCache();
+            _parsedCache = null; // 配置变更后清除解析缓存
+            invalidateReportCache(); // 配置变更后清除查询结果缓存
             saveConfig(config, configPath);
             res.writeHead(200, { 'Content-Type': 'application/json', 'Access-Control-Allow-Origin': 'http://localhost:' + PORT });
             res.end(JSON.stringify({ success: true }));
@@ -379,6 +530,8 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
 
     // Static files
     let filePath = url.pathname === '/' ? '/index.html' : decodeURIComponent(url.pathname);
+    // 防止路径遍历：normalize 后检查
+    filePath = filePath.replace(/\.\./g, '').replace(/\\/g, '/');
     const resolved = resolve(__dirname, 'public', filePath.replace(/^\//, ''));
     const publicDir = resolve(__dirname, 'public');
 
@@ -400,6 +553,14 @@ export function startServer(config, effectiveIncludeProjects, buildReportData, c
     res.end(content);
   });
 
+  // 防止未处理异常导致进程崩溃
+  process.on('uncaughtException', (err) => {
+    console.error('Uncaught exception:', err.message);
+  });
+  process.on('unhandledRejection', (reason) => {
+    console.error('Unhandled rejection:', reason);
+  });
+
   server.listen(PORT, '127.0.0.1', () => {
     console.log(`\n  LumenCode server running at http://localhost:${PORT}\n`);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lumencode",
-  "version": "0.4.4",
+  "version": "1.1.0",
   "description": "LumenCode — AI 编码助手使用报告工具，从 JSONL 日志和 Git 仓库提取 AI 贡献度、效率与使用指标，支持 Web 可视化和命令行两种模式",
   "type": "module",
   "bin": {

package/public/api.js

@@ -27,6 +27,7 @@ export function createLatestRequestGuard() {
 const cache = new Map();
 const pending = new Map();
 const DEFAULT_TTL = 30_000;
+const CACHE_MAX_SIZE = 50;
 
 export function clearApiCache() {
   cache.clear();
@@ -49,6 +50,11 @@ export async function cachedFetch(url, options = {}, ttl = DEFAULT_TTL) {
       if (!res.ok) throw new Error(`HTTP ${res.status}`);
       const data = await res.json();
       cache.set(key, { data, expire: Date.now() + ttl });
+      // LRU eviction
+      while (cache.size > CACHE_MAX_SIZE) {
+        const oldest = cache.keys().next().value;
+        cache.delete(oldest);
+      }
       return data;
     } finally {
       pending.delete(key);