v5.1: 全面代码审查修复 — 安全加固 + 功能修复 + 测试补全 + 工程化

安全修复 (CRITICAL):
- 启用 CSP (default-src 'self')
- read_text_file 限制文件扩展名白名单 (.json/.csv/.txt)
- capabilities 显式声明窗口权限
- profile 名校验增强 (null 字节/控制字符/长度限制)

功能修复 (HIGH):
- AnalyzeDialog 重新打开时正确刷新数据
- UndoRedoButtons 订阅路径长度变化确保响应性
- 禁用状态持久化错误处理 (.catch → console.warn)
- 硬编码中文全部迁移到 i18n (6 处)
- PATH 长度检查改用 UTF-16 字符计数
- PATH 写入前 null 字节校验
- CLI export 拒绝写入系统目录
- savePaths 职责分离: window.confirm → Tauri ask() 对话框

代码质量 (MEDIUM):
- 导入路径统一过滤 (sanitize_paths: null 字节/分号/空白)
- 原子写入 (atomic_write: disabled.json + profiles)
- 验证缓存自动清理 (PathTable useEffect)
- Scanner 线程错误处理改进 (.unwrap → .map_err)
- Ctrl+F 去重 (移除 use-keyboard 重复处理)
- Profile 路径列表 key 修复 (index → path)
- 生产构建启用日志插件 (Warn 级别)
- export_paths JSON 序列化改 expect

测试:
- Rust: 35 → 48 测试 (+13)
- Frontend: 80 → 85 测试 (+5)
- Vitest 全局 jsdom + 覆盖率阈值 (80%)
- 安装 @vitest/coverage-v8 + test:coverage 脚本
- 移除未使用的 @testing-library/jest-dom

工程化:
- CI 添加 Cargo 缓存 (Swatinem/rust-cache@v2)
- CI 添加 cargo fmt --check
- tsconfig.test.json 覆盖测试文件类型检查
- cargo fmt 全量格式化

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

src/components/dialogs/AnalyzeDialog.tsx

@@ -37,8 +37,9 @@ export function AnalyzeDialog({ open, onClose }: Props) {
 
   const prevOpen = useRef(false);
   useEffect(() => {
-    if (!open || prevOpen.current) return;
-    prevOpen.current = open;
+    if (!open) { prevOpen.current = false; return; }
+    if (prevOpen.current) return;
+    prevOpen.current = true;
     setLoading(true);
     const paths = getEnabledPaths();
     Promise.all([
@@ -184,7 +185,7 @@ function ToolsTab({
                 opacity: g.exists ? 1 : 0.6,
               }}
             >
-              {g.dir} {!g.exists && '(不存在)'}
+              {g.dir} {!g.exists && t('analyze.notExists')}
             </div>
             <div className="flex flex-wrap gap-1 mt-1 ml-2">
               {g.exes.map((exe) => (

src/components/dialogs/ImportDialog.tsx

@@ -16,9 +16,9 @@ export function ImportDialog({ open, systemCount, userCount, onSelect, onCancel
     <Modal open={open} onClose={onCancel}>
       <h2 className="text-lg font-semibold mb-4">{t('dialog.importTarget')}</h2>
       <p className="text-sm mb-4 opacity-70">
-        {systemCount > 0 && `系统变量: ${systemCount} 条`}
+        {systemCount > 0 && t('dialog.importSystemCount', { count: systemCount })}
         {systemCount > 0 && userCount > 0 && ' | '}
-        {userCount > 0 && `用户变量: ${userCount} 条`}
+        {userCount > 0 && t('dialog.importUserCount', { count: userCount })}
       </p>
       <div className="flex flex-col gap-2">
         {systemCount > 0 && <button className="px-4 py-2 text-sm rounded border text-left" style={{ borderColor: 'var(--app-border)' }} onClick={() => onSelect('system')}>{t('dialog.importSystem')}</button>}

src/components/dialogs/ProfileDialog.tsx

@@ -151,7 +151,7 @@ export function ProfileDialog({ open, onClose }: Props) {
           <div className="flex-1 p-3 overflow-auto">
             {!selectedData ? (
               <div className="text-center py-10 text-sm" style={{ opacity: 0.4 }}>
-                {profiles.length === 0 ? t('profile.noProfiles') : '选择一个配置文件'}
+                {profiles.length === 0 ? t('profile.noProfiles') : t('profile.selectProfile')}
               </div>
             ) : (
               <div>
@@ -194,7 +194,7 @@ export function ProfileDialog({ open, onClose }: Props) {
                       style={{ backgroundColor: 'var(--app-list-bg)', color: 'var(--app-fg)', borderColor: 'var(--app-border)' }}
                     />
                     <button className="px-2 py-1 text-xs rounded text-white" style={{ backgroundColor: '#3b82f6' }} onClick={handleRename}>
-                      确认
+                      {t('button.save')}
                     </button>
                   </div>
                 )}
@@ -211,16 +211,17 @@ export function ProfileDialog({ open, onClose }: Props) {
 }
 
 function PathSection({ title, paths }: { title: string; paths: PathEntry[] }) {
+  const { t } = useTranslation();
   return (
     <div className="mb-2">
       <div className="text-xs font-medium mb-1" style={{ opacity: 0.7 }}>{title}</div>
       {paths.length === 0 ? (
-        <div className="text-xs" style={{ opacity: 0.4 }}>（空）</div>
+        <div className="text-xs" style={{ opacity: 0.4 }}>{t('profile.empty')}</div>
       ) : (
         <div className="space-y-0.5 max-h-48 overflow-auto">
-          {paths.map((e, i) => (
+          {paths.map((e) => (
             <div
-              key={i}
+              key={e.path}
               className="text-xs font-mono px-2 py-0.5 rounded flex items-center gap-1.5"
               style={{
                 backgroundColor: 'var(--app-list-bg)',

src/components/path-list/PathTable.tsx

@@ -1,4 +1,5 @@
 import { useState, useEffect, useMemo, useCallback, useRef } from 'react';
+import { useTranslation } from 'react-i18next';
 import { useAppStore } from '@/store/app-store';
 import { invoke } from '@tauri-apps/api/core';
 import { TargetType } from '@/core/undo-redo';
@@ -17,6 +18,7 @@ type ValidationState = 'valid' | 'invalid' | 'unknown';
 const DEFAULT_VALIDATION_STATE: ValidationState = 'valid';
 
 export function PathTable({ tabId }: PathTableProps) {
+  const { t } = useTranslation();
   const sysPaths = useAppStore((s) => s.sysPaths);
   const userPaths = useAppStore((s) => s.userPaths);
   const searchQuery = useAppStore((s) => s.searchQuery);
@@ -35,6 +37,33 @@ export function PathTable({ tabId }: PathTableProps) {
   const validatedRef = useRef<Set<string>>(new Set());
   const expandedRef = useRef<Set<string>>(new Set());
 
+  // 清理不再存在的路径缓存
+  useEffect(() => {
+    const currentKeys = new Set(paths.map(p => p.path));
+    setValidationCache(prev => {
+      let changed = false;
+      const next = new Map(prev);
+      for (const key of next.keys()) {
+        if (!currentKeys.has(key)) { next.delete(key); changed = true; }
+      }
+      return changed ? next : prev;
+    });
+    setExpandedCache(prev => {
+      let changed = false;
+      const next = new Map(prev);
+      for (const key of next.keys()) {
+        if (!currentKeys.has(key)) { next.delete(key); changed = true; }
+      }
+      return changed ? next : prev;
+    });
+    for (const key of [...validatedRef.current]) {
+      if (!currentKeys.has(key)) validatedRef.current.delete(key);
+    }
+    for (const key of [...expandedRef.current]) {
+      if (!currentKeys.has(key)) expandedRef.current.delete(key);
+    }
+  }, [paths]);
+
   // 过滤搜索
   const filtered = useMemo<PathRow[]>(() => {
     if (!searchQuery) return paths.map((p, i) => ({ path: p.path, index: i, enabled: p.enabled }));
@@ -160,7 +189,7 @@ export function PathTable({ tabId }: PathTableProps) {
           >
             <th className="w-8 px-2 py-1">#</th>
             <th className="w-6 px-1 py-1"></th>
-            <th className="px-2 py-1">路径</th>
+            <th className="px-2 py-1">{t('table.path')}</th>
           </tr>
         </thead>
         <tbody>

src/components/toolbar/UndoRedoButtons.tsx

@@ -6,6 +6,9 @@ export function UndoRedoButtons() {
   const { t } = useTranslation();
   const isAdmin = useAppStore((s) => s.isAdmin);
   const undoRedo = useAppStore((s) => s.undoRedo);
+  // 订阅路径数组长度变化，确保 undoRedo 内部状态变化时触发重渲染
+  useAppStore((s) => s.sysPaths.length);
+  useAppStore((s) => s.userPaths.length);
   const undo = useAppStore((s) => s.undo);
   const redo = useAppStore((s) => s.redo);