docs: project docs, scripts, deployment configs, and evidence

2026-04-02 11:22:17 +08:00
parent 4718980ab5
commit bbeeb63dfa
396 changed files with 165018 additions and 0 deletions
--- a/docs/evidence/ops/2026-03-27/e2e/ADMIN_BOOTSTRAP_CLOSURE_20260327-173914.md
+++ b/docs/evidence/ops/2026-03-27/e2e/ADMIN_BOOTSTRAP_CLOSURE_20260327-173914.md
@@ -0,0 +1,59 @@
+# Admin Bootstrap Closure Evidence
+
+Generated at: `2026-03-27 17:39:14 +08:00`
+
+## Scope
+
+This evidence package covers the first-admin bootstrap closure for the current repository state:
+
+- public backend endpoint: `POST /api/v1/auth/bootstrap-admin`
+- public frontend route: `/bootstrap-admin`
+- login/register first-run entry points
+- supported-browser validation for `首次管理员初始化 -> 进入后台 -> 登出`
+
+## Implemented closure
+
+- Backend:
+  - added one-time admin bootstrap service flow guarded by `GET /api/v1/auth/capabilities -> admin_bootstrap_required`
+  - bootstrap now creates the first active admin, binds the `admin` role, issues a real session, and closes the bootstrap window afterward
+- Frontend:
+  - added `/bootstrap-admin` page
+  - added login/register entry points when bootstrap is still required
+  - added post-bootstrap auto-login into `/dashboard`
+- E2E:
+  - `frontend/admin/scripts/run-playwright-auth-e2e.ps1` no longer depends on startup-injected admin credentials
+  - the Playwright CDP suite now validates real bootstrap creation before the rest of the admin workflow scenarios
+
+## Verification executed
+
+```powershell
+go test ./... -count=1
+go build ./cmd/server
+
+cd D:\project\frontend\admin
+npm.cmd run lint
+npm.cmd run test:run
+npm.cmd run build
+powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1
+```
+
+## Latest supported-browser result
+
+The latest real-browser run completed with:
+
+- `PASS admin-bootstrap`
+- `PASS public-registration`
+- `PASS email-activation`
+- `PASS login-surface`
+- `PASS auth-workflow`
+- `PASS responsive-login`
+- `PASS desktop-mobile-navigation`
+- `Playwright CDP E2E completed successfully`
+
+## Real boundary
+
+- This closes the product loop for first-admin initialization in the current supported browser-validation environment.
+- It does not change the previously stated external boundaries:
+  - no live third-party OAuth provider evidence yet
+  - no live external SMTP provider deliverability evidence yet
+  - no external production delivery/governance evidence beyond the local auditable package already formed in-repo
--- a/docs/evidence/ops/2026-03-27/e2e/EMAIL_ACTIVATION_CLOSURE_20260327-171211.md
+++ b/docs/evidence/ops/2026-03-27/e2e/EMAIL_ACTIVATION_CLOSURE_20260327-171211.md
@@ -0,0 +1,65 @@
+# PRD 1.1 Email Activation Closure Evidence
+
+Date: 2026-03-27
+Scope: self-service email registration -> activation email delivery -> activation page -> successful login
+
+## Closure Summary
+
+- Added a real public frontend activation route: `/activate-account`.
+- Activation emails now point to the frontend activation page instead of the raw backend API endpoint.
+- Added public resend-activation entry points from:
+  - `/activate-account`
+  - `/login`
+  - `/register` success state for inactive email accounts
+- Fixed a real frontend regression uncovered during closure:
+  - the activation page could consume one-time activation tokens twice under React StrictMode development execution and remain stuck on loading.
+  - the page now guards against duplicate activation requests while still allowing the successful request to commit UI state.
+
+## Validation Executed
+
+```powershell
+$env:GOCACHE='D:\project\.gocache'
+$env:GOMODCACHE='D:\project\.gomodcache'
+go test ./... -count=1
+go build ./cmd/server
+
+cd D:\project\frontend\admin
+npm.cmd run lint
+npm.cmd run test:run
+npm.cmd run build
+powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1
+```
+
+## Supported Browser E2E Result
+
+The updated `run-playwright-auth-e2e.ps1` starts:
+
+- isolated backend
+- isolated frontend
+- isolated SQLite database
+- isolated local SMTP capture service
+- isolated CDP browser session
+
+The real browser suite passed the following scenarios:
+
+- `public-registration`
+- `email-activation`
+- `login-surface`
+- `auth-workflow`
+- `responsive-login`
+- `desktop-mobile-navigation`
+
+The new `email-activation` scenario verified:
+
+1. create a self-service account with email
+2. receive a real SMTP-delivered activation email through the local SMTP capture service
+3. extract the activation link generated by the backend
+4. open the frontend activation page in the real browser
+5. complete backend activation successfully
+6. return to login and sign in with the newly activated account
+
+## Real Boundary
+
+- This closes the product loop and supported-browser validation loop.
+- It does not prove live external SMTP provider deliverability or third-party mailbox delivery behavior.
+- External production evidence for real SMTP providers remains a separate environment-governance topic and should not be conflated with this closure.
--- a/docs/evidence/ops/2026-03-27/e2e/SELF_SERVICE_REGISTER_CLOSURE_20260327-000848.md
+++ b/docs/evidence/ops/2026-03-27/e2e/SELF_SERVICE_REGISTER_CLOSURE_20260327-000848.md
@@ -0,0 +1,45 @@
+# SELF_SERVICE_REGISTER_CLOSURE_20260327-000848
+
+## Scope
+
+- PRD `1.1 多种注册方式`
+- frontend self-service registration entry, page, route, and public workflow
+- SMS register-code request contract normalization
+- normal-user first-login redirect away from admin-only dashboard
+
+## Implemented Closure
+
+- Backend:
+  - retained the existing `POST /api/v1/auth/register` product API and closed the remaining client contract gap.
+  - `POST /api/v1/auth/send-code` now accepts both `purpose` and the legacy `scene` field, normalizing both onto the same SMS-purpose path for backward compatibility.
+- Frontend:
+  - added `/register` as a real public route with username/password registration, optional nickname/email, and capability-gated phone registration.
+  - added a login-to-register product entry on `/login`.
+  - fixed SMS register/login send-code requests to use `purpose` instead of the mismatched `scene` payload.
+  - after registration, normal users are no longer dropped onto an admin-only dashboard path; `/dashboard` is now admin-guarded and non-admin first login lands on `/profile`.
+  - `/register` was added to the public-session whitelist so expired refresh-token cleanup does not incorrectly force-register users back to `/login`.
+
+## Validation
+
+- `go test ./... -count=1`
+- `go build ./cmd/server`
+- `cd D:\project\frontend\admin && npm.cmd run lint`
+- `cd D:\project\frontend\admin && npm.cmd run test:run`
+- `cd D:\project\frontend\admin && npm.cmd run build`
+- `cd D:\project\frontend\admin && powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1`
+
+## Real Browser Result
+
+- `public-registration` now passes in the supported raw-CDP browser path.
+- verified path:
+  - `/login` -> `创建账号`
+  - `/register` -> submit self-service registration
+  - success page -> `返回登录`
+  - login with newly registered normal user
+  - redirect settles on `/profile` instead of an admin-only dashboard error path
+
+## Boundary
+
+- phone registration remains capability-gated by configured Aliyun/Tencent SMS delivery.
+- email activation still depends on SMTP-backed activation capability; the frontend supports the loop, but live SMTP delivery proof remains environment-dependent.
+- this closes the product loop and supported-browser regression path; it does not change the separate boundary around live third-party OAuth provider evidence or external production delivery governance evidence.