fix(i18n): complete zh-CN translations for workspace, mascot, MCP Ser…

[JAYcodr]

fix(i18n): complete zh-CN translations for workspace, mascot, MCP Server panels

Summary

• Complete zh-CN translations for workspace vault controls (6 keys)
• Translate MCP Server settings panel strings (13 keys)
• Translate appearance helper text and mascot settings (7 keys)

Problem

25 UI strings were showing English values despite zh-CN locale being selected.

Solution

Added Chinese translations for full sentences and UI labels. Technical placeholders (CPU/GPU/RAM), example URLs, and brand names (OpenHuman, Composio) remain in English per project convention.

Submission Checklist

• I have read the project's contribution guidelines
• My changes are limited to the scope described in the PR title
• I have verified the translations display correctly in the UI context
• I have added tests for this change — N/A: i18n string additions do not affect testable logic
• I have updated documentation — N/A: no new features or API changes introduced
• Technical placeholders and brand names remain untranslated as per convention

Summary by CodeRabbit

• Localization
  • Updated Simplified Chinese translations across vault workflow messages, appearance settings (dark/follow system), character preview/labels, and server/config UI text.
• Documentation
  • Added a security audit document outlining app architecture, trust boundaries, identified risks, and recommended mitigations.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Two Simplified Chinese i18n chunk files are updated (vault workflow in zh-CN-3.ts; appearance/mascot/MCP UI in zh-CN-5.ts) and a new docs/SECURITY_AUDIT.md is added describing architecture, flows, trust boundaries, diagrams, and recommendations.

Changes

Simplified Chinese Translation Updates

Layer / File(s)	Summary
Obsidian vault workflow translations app/src/lib/i18n/chunks/zh-CN-3.ts	Translation values for vault-open title/message, vault-failure messages, reveal-folder failure, and reveal-folder label are replaced with Simplified Chinese text.
Settings UI and MCP server translations app/src/lib/i18n/chunks/zh-CN-5.ts	Appearance helper text (dark-mode description), mascot preview/state/viseme/color labels, and MCP server configuration UI strings (developer menu entry, section titles/descriptions, copy/open actions, missing-binary guidance, config file label, MCP client selector aria label, and client option names) are localized to Simplified Chinese.

Security Audit Document

Layer / File(s)	Summary
Document header and scope docs/SECURITY_AUDIT.md	Adds header, date/author, and defines the audit as an architecture & data-flow analysis.
System overview and module map docs/SECURITY_AUDIT.md	Describes Rust core vs React/TypeScript frontend, core domains, and transport/event-bus components.
Credential and token flows docs/SECURITY_AUDIT.md	Documents JSON-RPC auth, OPENHUMAN_CORE_TOKEN, stored credential/encryption responsibilities, and MCP server auth/config details.
Trust boundaries and risks docs/SECURITY_AUDIT.md	Enumerates trust boundaries and risks: external messaging, MCP tool bridge, removed runtime, local privileged access, and MCP config file concerns.
Data-flow diagrams docs/SECURITY_AUDIT.md	Adds diagrams for agent turn loop, memory recall, and credential setup flows.
Observations and recommendations docs/SECURITY_AUDIT.md	Lists security observations and a checklist of recommended next steps (rate limiting, token/permission reviews, sanitization, CSP checks, etc.).
RPC method reference and disclaimer docs/SECURITY_AUDIT.md	Provides an RPC method reference and notes the document is independent/non-official.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• tinyhumansai/openhuman#1981: Related i18n edits for Simplified Chinese zh-CN keys and completeness tests.
• tinyhumansai/openhuman#2250: Settings/Mascot/Developer-menu UI changes that consume the i18n keys updated here.
• tinyhumansai/openhuman#2258: Switches Settings UI to t() lookups; complements these translation updates.

Poem

🐰 从英文换中文，字句悄然落地，
设置与保险库换上新衣，轻声细语，
MCP 标签也学会本地化的名字，
小兔在行间跳跃，缝补每一行文本，
翻译完成，文档与审计并肩立。

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title references Chinese (zh-CN) translations for workspace, mascot, and MCP Server components, which aligns with the primary changes in the PR (zh-CN-3.ts and zh-CN-5.ts translation updates). However, the PR also includes a significant addition of a new security audit document (docs/SECURITY_AUDIT.md) which is not mentioned in the title, making the title incomplete.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[graycyrus]

Nice work filling in the remaining zh-CN gaps — the MCP Server and mascot sections needed this.

One minor terminology nit below; otherwise this looks good.

[graycyrus]

[minor] Inconsistent vault terminology — the existing workspace.viewVault on line 35 translates vault as 存储库, but these new strings use 保险库 (bank vault / safe). Chinese Obsidian users typically see 仓库 or 存储库 for vault.

Pick one term and use it everywhere. Matching the existing 存储库 is probably the lowest-friction fix:

Suggested change

	'workspace.openingVaultTitle': '在 Obsidian 中打开保险库',
	'workspace.openingVaultTitle': '在 Obsidian 中打开存储库',

(Same change needed for openVaultFailedTitle, openVaultFailedMessage, and revealVaultFailed.)

[JAYcodr]

Good catch! Fixed in the latest commit — unified all vault references to "存储库" to match the existing translation on line 35. Thanks for the review!

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/SECURITY_AUDIT.md`:
- Around line 51-55: Add explicit language identifiers (e.g., ```text) to each
fenced code block in SECURITY_AUDIT.md so they pass markdownlint MD040; find the
blocks that show the API/flow snippets such as the one containing
publish_global(DomainEvent), register_native_global, request_native_global, the
block referencing External message → channels/runtime/dispatch.rs and
agent.run_turn/agent/bus.rs, the Tool call block that mentions memory.recall and
stm_recall(), the Frontend settings block, the list block containing
memory_recall_memories / memory_recall_context / thread_turn_state_lifecycle /
wallet_setup_round_trips_status / tool_registry_lists_and_gets_entries, and the
mapping block with agent.run_turn and memory.sync, and prefix each opening fence
with "text" (```text) to satisfy the linter.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ee324de3-42a8-400d-b3b6-dc5cbf7ff774

📥 Commits

Reviewing files that changed from the base of the PR and between 41c6120 and 57dcd6d.

📒 Files selected for processing (1)

• docs/SECURITY_AUDIT.md

[graycyrus]

Looks good, nice work!

looks good