v5.1: 全面代码审查修复 — 安全加固 + 功能修复 + 测试补全 + 工程化

安全修复 (CRITICAL):
- 启用 CSP (default-src 'self')
- read_text_file 限制文件扩展名白名单 (.json/.csv/.txt)
- capabilities 显式声明窗口权限
- profile 名校验增强 (null 字节/控制字符/长度限制)

功能修复 (HIGH):
- AnalyzeDialog 重新打开时正确刷新数据
- UndoRedoButtons 订阅路径长度变化确保响应性
- 禁用状态持久化错误处理 (.catch → console.warn)
- 硬编码中文全部迁移到 i18n (6 处)
- PATH 长度检查改用 UTF-16 字符计数
- PATH 写入前 null 字节校验
- CLI export 拒绝写入系统目录
- savePaths 职责分离: window.confirm → Tauri ask() 对话框

代码质量 (MEDIUM):
- 导入路径统一过滤 (sanitize_paths: null 字节/分号/空白)
- 原子写入 (atomic_write: disabled.json + profiles)
- 验证缓存自动清理 (PathTable useEffect)
- Scanner 线程错误处理改进 (.unwrap → .map_err)
- Ctrl+F 去重 (移除 use-keyboard 重复处理)
- Profile 路径列表 key 修复 (index → path)
- 生产构建启用日志插件 (Warn 级别)
- export_paths JSON 序列化改 expect

测试:
- Rust: 35 → 48 测试 (+13)
- Frontend: 80 → 85 测试 (+5)
- Vitest 全局 jsdom + 覆盖率阈值 (80%)
- 安装 @vitest/coverage-v8 + test:coverage 脚本
- 移除未使用的 @testing-library/jest-dom

工程化:
- CI 添加 Cargo 缓存 (Swatinem/rust-cache@v2)
- CI 添加 cargo fmt --check
- tsconfig.test.json 覆盖测试文件类型检查
- cargo fmt 全量格式化

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

tests/unit/analyze-dialog.test.tsx

@@ -1,4 +1,3 @@
-// @vitest-environment jsdom
 import { describe, it, expect, vi } from 'vitest';
 import { render } from '@testing-library/react';
 import { AnalyzeDialog } from '../../src/components/dialogs/AnalyzeDialog';

tests/unit/app-store.test.ts

@@ -268,8 +268,8 @@ describe('savePaths', () => {
     // 第二次调用应被 isSaving 守卫拦截（此时 isSaving=true）
     const r2 = useAppStore.getState().savePaths();
 
-    // 第二次调用同步返回 undefined（被守卫拦截）
-    await expect(r2).resolves.toBeUndefined();
+    // 第二次调用同步返回 false（被守卫拦截）
+    await expect(r2).resolves.toBe(false);
 
     // 放行第一次调用的所有 invoke
     resolveAll!(undefined);

tests/unit/merge-preview.test.tsx

@@ -1,4 +1,3 @@
-// @vitest-environment jsdom
 import { describe, it, expect, vi } from 'vitest';
 import { render } from '@testing-library/react';
 import { MergePreview } from '../../src/components/path-list/MergePreview';

tests/unit/path-manager.test.ts

@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import { pathClean } from '../../src/core/path-manager';
+import { pathClean, analyzePaths } from '../../src/core/path-manager';
 import type { PathEntry } from '../../src/core/path-entry';
 
 function pe(s: string, enabled: boolean = true): PathEntry {
@@ -9,6 +9,31 @@ function pe(s: string, enabled: boolean = true): PathEntry {
 const alwaysValid = () => true;
 const validateFn = (path: string) => !path.includes('Invalid');
 
+describe('analyzePaths', () => {
+  it('检测大小写重复', () => {
+    const result = analyzePaths([pe('C:\\Windows'), pe('c:\\windows')], alwaysValid);
+    expect(result[0].isDuplicate).toBe(false);
+    expect(result[1].isDuplicate).toBe(true);
+  });
+
+  it('识别环境变量路径', () => {
+    const result = analyzePaths([pe('C:\\Normal'), pe('%JAVA_HOME%\\bin')], alwaysValid);
+    expect(result[0].isEnvVar).toBe(false);
+    expect(result[1].isEnvVar).toBe(true);
+  });
+
+  it('标记无效路径', () => {
+    const result = analyzePaths([pe('C:\\Valid'), pe('C:\\Invalid')], validateFn);
+    expect(result[0].isValid).toBe(true);
+    expect(result[1].isValid).toBe(false);
+  });
+
+  it('空数组返回空', () => {
+    const result = analyzePaths([], alwaysValid);
+    expect(result).toEqual([]);
+  });
+});
+
 describe('pathClean', () => {
   it('移除无效路径', () => {
     const [kept, removed] = pathClean([pe('C:\\Valid'), pe('C:\\Invalid'), pe('D:\\Valid')], validateFn);

tests/unit/undo-redo.test.ts

@@ -174,4 +174,29 @@ describe('UndoRedoManager', () => {
     const r = mgr.redo(...u)!;
     expect(r[0][0].enabled).toBe(false);
   });
+
+  it('IMPORT_BOTH 撤销/重做（同时修改系统和用户路径）', () => {
+    const oldSys = [...sys];
+    const oldUser = [...user];
+    const newSys = [pe('C:\\ImportedSys')];
+    const newUser = [pe('C:\\ImportedUser')];
+
+    mgr.push({
+      type: OperationType.IMPORT_BOTH,
+      target: TargetType.SYSTEM,
+      index: 0, count: 0,
+      oldPaths: oldSys, newPaths: newSys,
+      oldPathsOther: oldUser, newPathsOther: newUser,
+    });
+    sys = newSys;
+    user = newUser;
+
+    const u = mgr.undo(sys, user)!;
+    expect(u[0]).toEqual(oldSys);
+    expect(u[1]).toEqual(oldUser);
+
+    const r = mgr.redo(...u)!;
+    expect(r[0]).toEqual(newSys);
+    expect(r[1]).toEqual(newUser);
+  });
 });