fix: 修复 AI 回复无法送达发送者 + 重复消息 + action角色泄露 + OS环境支持

广播逻辑重构:
- AI 回复 (stream_start/response/stream_segments/multi_message/stream_end) 改用 broadcastToUser 发送给所有客户端
- 用户消息回显保持 broadcastToUserExcept 排除发送者

消息去重与角色修复:
- CacheMessage(user) 移至回复生成后，避免本轮 LLM 调用出现重复用户消息
- action 角色消息在 DB 存储时映射为 assistant，DeepSeek 等模型不支持自定义角色
- stream_end defer 机制确保错误路径也会终止客户端思考指示器

OS 完整环境支持:
- host 包重构为 HostBackend 接口 + Direct/WSL/Docker 三种后端
- 新增 os_exec/os_file/os_system 工具供 AI 在完整 Linux 环境中自由操作

其他:
- 视觉模型注入 + 图片预处理后清空 Images 避免传给 Chat 模型
- 图片 URL 相对路径→绝对 URL 转换
- DevTools 链路追踪页面 + 重启修复
- 记忆搜索模糊匹配增强
- 后台思考定时调度支持
- 管理后台页面 (模型配置/用户管理等)
- docs/api 更新广播机制说明

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

backend/gateway/internal/handler/chat_handler.go

@@ -152,7 +152,20 @@ func (h *ChatHandler) handleChatMessage(client *ws.Client, msg ws.ClientMessage)
 		"mode":       mode,
 	}
 	if len(msg.Attachments) > 0 {
-		aiReq["attachments"] = msg.Attachments
+		images := make([]string, 0, len(msg.Attachments))
+		for _, att := range msg.Attachments {
+			if att.Type == "image" && att.URL != "" {
+				imgURL := att.URL
+				// 将相对路径转换为绝对 URL，方便 AI-Core 访问
+				if strings.HasPrefix(imgURL, "/") {
+					imgURL = "http://127.0.0.1:" + h.cfg.Port + imgURL
+				}
+				images = append(images, imgURL)
+			}
+		}
+		if len(images) > 0 {
+			aiReq["images"] = images
+		}
 	}
 	reqBody, err := json.Marshal(aiReq)
 	if err != nil {
@@ -187,8 +200,8 @@ func (h *ChatHandler) handleChatMessage(client *ws.Client, msg ws.ClientMessage)
 	}
 	h.hub.CacheMessage(client.UserID, client.SessionID, userMsg)
 
-	// 广播用户消息给同用户所有设备（跨端同步）
-	h.broadcastToUser(client.UserID, ws.ServerMessage{
+	// 广播用户消息给同用户其他设备（跨端同步，排除发送者自身）
+	h.broadcastToUserExcept(client.UserID, client.ClientID, ws.ServerMessage{
 		Type:      "response",
 		MessageID: userMsgID,
 		Content:   msg.Content,
@@ -208,6 +221,21 @@ func (h *ChatHandler) handleChatMessage(client *ws.Client, msg ws.ClientMessage)
 
 // streamResponse 调用 AI-Core SSE 流式接口并逐 delta 转发给客户端
 func (h *ChatHandler) streamResponse(client *ws.Client, mode string, reqBody []byte, userMsg string) {
+	normalExit := false
+	defer func() {
+		if !normalExit {
+			h.broadcastToUser(client.UserID, ws.ServerMessage{
+				Type:      "stream_end",
+				MessageID: "msg_" + generateID(),
+				SessionID: client.SessionID,
+				Timestamp: time.Now().UnixMilli(),
+			})
+			if h.hub != nil {
+				h.hub.UpdateSessionState(client.SessionID, "idle")
+			}
+		}
+	}()
+
 	aiCoreURL := h.cfg.AICoreURL + "/api/v1/chat"
 	httpReq, err := http.NewRequest("POST", aiCoreURL, bytes.NewReader(reqBody))
 	if err != nil {
@@ -309,7 +337,7 @@ func (h *ChatHandler) streamResponse(client *ws.Client, mode string, reqBody []b
 		if chunk.Error != "" {
 			logger.Printf("[chat] AI-Core 流式错误: %s", chunk.Error)
 			h.hub.UpdateSessionState(client.SessionID, "error")
-			client.SendMessage(ws.ServerMessage{
+			h.broadcastToUser(client.UserID, ws.ServerMessage{
 				Type:      "error",
 				MessageID: "msg_" + generateID(),
 				Error:     chunk.Error,
@@ -338,9 +366,13 @@ func (h *ChatHandler) streamResponse(client *ws.Client, mode string, reqBody []b
 					msgType = "action"
 				}
 				reviewMsgID := fmt.Sprintf("%s_r%d", msgID, i)
-				// 持久化每条审查消息
+				// 持久化每条审查消息 (action 角色映射为 assistant，LLM 模型不支持自定义角色)
 				if h.sessionStore != nil && h.sessionStore.IsAvailable() {
-					if err := h.sessionStore.AddMessage(client.SessionID, role, msgType, rm.Content, client.ClientID); err != nil {
+					dbRole := role
+					if dbRole == "action" {
+						dbRole = "assistant"
+					}
+					if err := h.sessionStore.AddMessage(client.SessionID, dbRole, msgType, rm.Content, client.ClientID); err != nil {
 						logger.Printf("[chat] 持久化审查消息失败: %v", err)
 					}
 				}
@@ -402,7 +434,7 @@ func (h *ChatHandler) streamResponse(client *ws.Client, mode string, reqBody []b
 	if err := scanner.Err(); err != nil {
 		logger.Printf("[chat] SSE 读取错误: %v", err)
 		h.hub.UpdateSessionState(client.SessionID, "error")
-		client.SendMessage(ws.ServerMessage{
+		h.broadcastToUser(client.UserID, ws.ServerMessage{
 			Type:      "error",
 			MessageID: "msg_" + generateID(),
 			Error:     fmt.Sprintf("流读取错误: %v", err),
@@ -477,6 +509,7 @@ func (h *ChatHandler) streamResponse(client *ws.Client, mode string, reqBody []b
 	h.hub.RecordMessage(client.SessionID, "assistant", recordText)
 
 	// 设置会话状态为 idle
+	normalExit = true
 	h.hub.UpdateSessionState(client.SessionID, "idle")
 }
 
@@ -766,7 +799,11 @@ func (h *ChatHandler) HandleProactiveMessage(c *gin.Context) {
 
 		// Persist to database so proactive messages survive restarts.
 		if h.sessionStore != nil && h.sessionStore.IsAvailable() {
-			if err := h.sessionStore.AddMessage(sessionID, role, msgType, seg.content, ""); err != nil {
+			dbRole := role
+			if dbRole == "action" {
+				dbRole = "assistant"
+			}
+			if err := h.sessionStore.AddMessage(sessionID, dbRole, msgType, seg.content, ""); err != nil {
 				logger.Printf("[proactive] 持久化消息失败: %v", err)
 			}
 		}
@@ -951,6 +988,17 @@ func (h *ChatHandler) broadcastToUser(userID string, msg ws.ServerMessage) {
 	h.hub.SendToUser(userID, data)
 }
 
+// broadcastToUserExcept sends a server message to ALL connected clients for a user,
+// excluding the specified clientID (the sender).
+func (h *ChatHandler) broadcastToUserExcept(userID, excludeClientID string, msg ws.ServerMessage) {
+	data, err := json.Marshal(msg)
+	if err != nil {
+		logger.Printf("[chat] 序列化广播消息失败: %v", err)
+		return
+	}
+	h.hub.SendToUserExcept(userID, excludeClientID, data)
+}
+
 // parseMultiMessage 检测并解析多消息格式
 // 如果文本包含空行分隔的多条消息，拆分为多条；否则返回单条
 func parseMultiMessage(text string) []proactiveSegment {