diff --git a/progress.md b/progress.md
index e8811ca..ef22e69 100644
--- a/progress.md
+++ b/progress.md
@@ -26,6 +26,7 @@
 | 2026-05-25 | 4 | coding agent | 创建 Vue 3 + Vite 中文只读前端工作台，包含五个 tabs、静态示例数据、来源/置信度和空状态 | 完成；未接入真实 API，未提供写回入口 |
 | 2026-05-25 | 5 | coding agent | TDD 接入前端只读 API client、normalizer 和项目/工作流/智能体真实数据视图 | 完成；提交前已通过测试、构建和本地接口 smoke 验证 |
 | 2026-05-25 | 5 | spec review | 规格审查未通过：valid agent 状态不明确，工作流和 agent 只读文案仍含内部英文 | coding agent 按 blocking 范围修复 |
+| 2026-05-25 | 5 | quality review | 代码质量审查未通过：未知后端枚举值会直接进入 UI label | coding agent 按 blocking 范围修复 |
 
 ## Test Results
 
@@ -132,6 +133,11 @@
 | 2026-05-25 | `pnpm build` | PASS | Phase 5 规格修复后前端构建通过 |
 | 2026-05-25 | `go test ./...` | PASS | Phase 5 规格修复未改 Go 行为；全量 Go 回归通过 |
 | 2026-05-25 | `git diff --check` | PASS | Phase 5 规格修复 whitespace 检查通过 |
+| 2026-05-25 | `pnpm test` | FAIL | TDD 红灯：未知 source kind `sqlite_locked_internal` 被原样显示到 label |
+| 2026-05-25 | `pnpm test` | PASS | unknown source/confidence/status/trust label 兜底测试通过；共 9 个前端单测通过 |
+| 2026-05-25 | `pnpm build` | PASS | Phase 5 unknown enum 修复后前端构建通过 |
+| 2026-05-25 | `go test ./...` | PASS | Phase 5 unknown enum 修复未改 Go 行为；全量 Go 回归通过 |
+| 2026-05-25 | `git diff --check` | PASS | Phase 5 unknown enum 修复 whitespace 检查通过 |
 
 ## Bug Loop
 
@@ -156,3 +162,4 @@
 | 5 | 空状态和设置页仍有英文 `agent`、`Codex home` | 改为“智能体”和“Codex 主目录”，补中文文案回归测试 | 待复测 |
 | 5 | workflow phases 会把 `task_plan.md` 里错误记录表的 `Time/Phase` 行显示到 UI | normalizer 过滤非阶段状态，并把数字阶段名转为“阶段 N” | `pnpm test` PASS |
 | 5 | valid agent 状态只显示“已读取”，且工作流/智能体可见文案残留内部英文 | normalizer 改为“TOML 有效”/“TOML 无效”，角色设定字段改中文，WorkflowView 改“交接边”和“主智能体” | `pnpm test` PASS |
+| 5 | 未知后端枚举值可通过 source/confidence/status/trust label 暴露到 UI | 未知 source 显示“来源未知”，未知 confidence 显示“低”，未知 status/trust 显示“未知” | `pnpm test` PASS |
diff --git a/task_plan.md b/task_plan.md
index 17974cb..ebc439f 100644
--- a/task_plan.md
+++ b/task_plan.md
@@ -37,3 +37,4 @@
 | 2026-05-25 | 4 | 规格审查发现 UI 直接展示 `local_sample`、`low` 等内部英文值 | 将状态徽标、示例数据和硬编码来源/置信度改为中文展示 | 待复审 |
 | 2026-05-25 | 5 | 规格复审发现 UI 残留英文 `agent` 和 `Codex home` | 改为“智能体”和“Codex 主目录”，并补中文文案测试 | 待复审 |
 | 2026-05-25 | 5 | 规格审查发现 valid agent 未明确显示 TOML 状态，且 UI 仍有 `handoffEdges`、`主 agent`、`developer_instructions` 可见文案 | TDD 补 valid agent 状态和 workflow 空交接文案测试后修复 normalizer 与 WorkflowView 文案 | 待复审 |
+| 2026-05-25 | 5 | 代码质量审查发现未知后端枚举值会直接暴露到 UI | TDD 补 unknown source/confidence/status/trust 测试后将未知 label 统一降级为中文兜底 | 待复审 |
diff --git a/web/src/api/normalizers.js b/web/src/api/normalizers.js
index a1a0beb..70951cf 100644
--- a/web/src/api/normalizers.js
+++ b/web/src/api/normalizers.js
@@ -54,21 +54,21 @@ export function formatSourceKind(kind) {
   if (!kind) {
     return '来源未知'
   }
-  return SOURCE_KIND_LABELS[kind] ?? kind
+  return SOURCE_KIND_LABELS[kind] ?? '来源未知'
 }
 
 export function formatConfidence(confidence) {
   if (!confidence) {
     return '低'
   }
-  return CONFIDENCE_LABELS[confidence] ?? confidence
+  return CONFIDENCE_LABELS[confidence] ?? '低'
 }
 
 export function formatStatus(status) {
   if (!status) {
     return '未知'
   }
-  return STATUS_LABELS[status] ?? status
+  return STATUS_LABELS[status] ?? '未知'
 }
 
 export function formatParseStatus(status) {
@@ -100,7 +100,7 @@ export function normalizeProject(project) {
     path,
     status: project?.directoryExists ? 'complete' : 'unknown',
     statusZh: project?.directoryExists ? '目录存在' : '目录不可用',
-    trust: TRUST_LABELS[project?.trustLevel] ?? project?.trustLevel ?? '未知',
+    trust: TRUST_LABELS[project?.trustLevel] ?? '未知',
     directoryExists: Boolean(project?.directoryExists),
     source: source.label,
     confidence: source.confidenceLabel,
diff --git a/web/src/api/normalizers.test.mjs b/web/src/api/normalizers.test.mjs
index 99d7d03..fa03cdf 100644
--- a/web/src/api/normalizers.test.mjs
+++ b/web/src/api/normalizers.test.mjs
@@ -4,7 +4,9 @@ import assert from 'node:assert/strict'
 import {
   formatConfidence,
   formatSourceKind,
+  formatStatus,
   normalizeAgent,
+  normalizeProject,
   normalizeRuntime,
   normalizeWorkflow,
 } from './normalizers.js'
@@ -20,6 +22,26 @@ test('maps source kind and confidence to Chinese display text', () => {
   assert.equal(formatConfidence('low'), '低')
 })
 
+test('hides unknown backend enum values from UI labels', () => {
+  const project = normalizeProject({
+    path: '/Users/yoilun/Code/unknown',
+    displayName: '未知项目',
+    trustLevel: 'trusted_workspace_owner',
+    directoryExists: true,
+    source: {
+      kind: 'sqlite_locked_internal',
+      confidence: 'partial_high_confidence',
+    },
+  })
+
+  assert.equal(formatSourceKind('sqlite_locked_internal'), '来源未知')
+  assert.equal(formatConfidence('partial_high_confidence'), '低')
+  assert.equal(formatStatus('in_progress'), '未知')
+  assert.equal(project.source, '来源未知')
+  assert.equal(project.confidence, '低')
+  assert.equal(project.trust, '未知')
+})
+
 test('normalizes invalid agent TOML as readonly error display', () => {
   const agent = normalizeAgent({
     id: 'broken',