Commit Graph

26 Commits

Author SHA1 Message Date
Hermes Agent
7c14384fb2 feat(intake): 扩展 IntakePayload 字段集 + candidate_province 必填
IntakePayload 新增 14 个字段覆盖完整志愿填报偏好:
- 学校地域/类型偏好 (school_region_preferences / school_preference_types)
- 目标学校/不喜欢的专业 (target_schools / disliked_majors)
- 优先策略/毕业计划/学费偏好/就业地区偏好
- 家庭背景/行业资源/额外备注
- 兴趣评估三字段 (type/result/notes)
- candidate_province 提交时必填(与 portal 表单对齐)

public_flow / deletion_service 同步更新字段引用
requirements-dev: 补 httpx2 (HTTP/2 测试支持)
2026-06-25 09:26:31 +08:00
Hermes Agent
2e9d668d1e fix(tests): admin conftest RouteClient.post headers bug + intake candidate_province
- conftest.py: RouteClient.post() 在 mock webhook 分支引用未定义 headers 变量
- test_web_public_alipay_sim_e2e.py: submit payload 漏传 candidate_province(schema 升级后变必填)
- web_public.py: 删除未使用的 primary_action_label/href 变量(ruff F841)
- test_schema.py: 修正 import 位置(E402)+ 补充 IntakePayload import

根因: 之前改动留下的回归 bug,dev-verify 全绿后再次验证通过
2026-06-24 22:30:22 +08:00
hermes
187b2ae634 fix(compliance): A-2 admin/外部渠道补录同意审计统一化
LEGAL_PRIVACY_BASELINE §4/§6 要求任何订单创建路径必须记录同意审计字段。
portal 路径已落 consent_channel=portal / consent_operator=guardian (见
web_public.py + intake_store.save), admin 路径 6/20 之前完全不入任何 consent
字段 (admin/routes/orders.py grep 'consent' 0 命中), 形成合规盲区。

落地:
- CreateOrderRequest 新增必填 consent: ConsentInfo
  - consent_method Literal: verbal_chat / phone_recording / screenshot /
    written_form / self_declared
  - consent_note Optional[str]
  - 缺失或非法 → HTTP 422
- Order 模型 + DAO _WRITABLE_COLUMNS 加 consent_method / consent_given_at
  (冗余落库避免每次列表 join order_intakes)
- schema 增量: ALTER TABLE orders ADD COLUMN consent_method / consent_given_at
  (幂等)
- create_order 同步写 order_intakes (独立 IntakeStore.for_db, 不复用 OrdersDAO
  conn — T12-D conn ownership 修复保驾)
  - consent_channel = payload.source (xianyu/wechat/school/web)
  - consent_operator 严格按基线白名单 self/guardian/admin_import:
    - web 渠道: 'guardian' (与 intake_store.save 默认值一致)
    - 其他渠道: 'admin_import' (后台代录, 同意来源是渠道商)
  - consent_method / consent_given_at / consent_note 落库

测试:
- test_create_order_rejects_missing_consent_block[xianyu|wechat|school|web] (4 个)
- test_create_order_writes_intake_record_with_consent_audit
- test_create_order_external_channel_marks_consent_operator_as_admin
- test_create_order_rejects_invalid_consent_method
- test_order_detail_returns_consent_method_and_given_at
- 更新 test_create_order_returns_masked_payload_with_history (加 consent)
- 更新 test_admin_orders_alias_list_and_detail (加 consent)

验证:
- 25/25 admin/tests/{test_routes_orders,test_admin_alias_routes} 通过
- ruff + mypy 通过
- 端到端 smoke: 4 笔订单 (2 terminal + 1 pending + 1 paid-in-window) 实测
  包含 consent 字段全部通过
- dev-verify: 1186 passed / 2 failed (失败的 2 个均为 worktree 环境限制:
  test_backup_restore_service_level 的 subprocess 路径假设 + 6/19 已知问题,
  与本改动无关; main 上单跑同样测试通过)
2026-06-20 15:29:06 +08:00
hermes
bcb1e68587 fix(retention): T12-D acceptance — OrdersDAO conn ownership
- OrdersDAO.__init__ 新增 owns_conn=False 参数
- __exit__ 仅在 owns_conn=True 时 close
- connect() classmethod 创建的 conn 自动 owns_conn=True
- 修复 retention_cleanup 一次命中 ≥2 笔终端态订单时
  第二笔起 Cannot operate on a closed database 的 bug
- 新增 test_retention_cleanup_apply_anonymizes_multiple_old_orders_in_sequence
  锁住多订单连续 anonymize 契约
- runbook §8 新增 T12-D 端到端本地 acceptance 步骤 + 部署前 checklist
- CHANGELOG 加 v2.1.1 (2026-06-20) 段
2026-06-20 14:25:19 +08:00
Hermes
2893a45d8b feat(6/19): 保留期门禁 + 支付失败持久化 + 文档校准
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
A1 删除/匿名化 180 天保留期门禁 (P0):
- admin/errors/codes.py + BIZ_ORDER_RETENTION_NOT_EXPIRED (E02002) -> HTTP 409
- admin/config.py + retention_days / GAOKAO_RETENTION_DAYS (默认 180)
- admin/routes/orders.py + _assert_retention_expired 守卫
- data/orders/deletion_service.py + RETENTION_GUARDED_STATUSES
- admin/tests/test_order_deletion.py + _expire_retention_window + 3 测试

B1 支付失败 webhook 持久化 (P1):
- data/payments/dao.py + failed_at/failure_reason/provider_trade_no/callback_payload
- data/payments/models.py + PaymentRecord 新字段
- data/payments/service.py handle_webhook 失败分支持久化
- data/payments/tests/test_webhook.py test_handle_webhook_persists_failed_status

A2 文档校准 (P1):
- README / PRD / ROADMAP / TECH_ARCHITECTURE 顶部对齐 6/19

B2 真相源分层 (P1):
- 6/13 整改板/执行板加历史快照前缀
- 新建 6/19 整改板/执行板
- CURRENT_STATE 顶部加 6/19 增量段 (在 6/13 真相源之上叠加)

dev-verify: 1175 passed (A1+B1+A2+B2) -> 1179 passed (+ T12-C),
coverage overall=85.05% / core=100%
2026-06-20 00:27:15 +08:00
Hermes Agent
2da926bb5e fix: tighten audit exposure and consent data handling 2026-06-18 15:36:24 +08:00
Hermes Agent
a82c5b3cca fix: align retention cleanup across notifications logs and share telemetry 2026-06-18 15:20:16 +08:00
Hermes Agent
246f21c7f2 feat(review): land unified remediation and rules evidence closure
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-18 10:21:38 +08:00
Hermes Agent
8a61b8fe4a fix(rules): close phase15 verify and legacy checker migration
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-17 09:01:43 +08:00
Hermes Agent
9d239fe2c3 feat(t12): harden public checkout and add admin manual order page
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-16 12:16:45 +08:00
Hermes Agent
c03ed7a4ba feat(web): tighten portal privacy and cleanup flows
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-15 21:24:55 +08:00
Hermes Agent
eb06990b82 feat(t12): add multi-file upload limits and ops alert monitoring surfaces
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-15 19:01:21 +08:00
Hermes Agent
4026b8f55f feat(t12): productize portal status and structured intake flow
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-15 17:13:05 +08:00
Hermes Agent
7fabc23715 fix(t12): close payment delivery and governance remediation
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-15 11:39:31 +08:00
Hermes Agent
7fe4ddcbc4 feat: harden T12 backup and portal workflows
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-14 23:12:18 +08:00
Hermes Agent
8787600eee feat: add retention cleanup workflow
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-14 20:55:06 +08:00
Hermes Agent
9d1a6a11b0 feat: harden delivery and deletion workflows
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-14 20:37:39 +08:00
Hermes Agent
4b0390a255 feat: move delivery notification into dao transitions
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-14 17:35:37 +08:00
Hermes Agent
08148fe282 feat: add consent gating and dev verify
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-14 13:02:03 +08:00
Hermes Agent
cb9728fb4e feat: complete web self-service mvp flow
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-14 05:26:27 +08:00
Hermes Agent
3f46811e49 release: cut v2.1
Some checks failed
CI / pytest (Python 3.10) (push) Has been cancelled
CI / pytest (Python 3.11) (push) Has been cancelled
CI / pytest (Python 3.12) (push) Has been cancelled
2026-06-13 14:49:58 +08:00
coder
9168a10d75 feat(orders): T4.2 DAO 数据访问层 (CRUD + 事务 + 加密 + 状态机)
- data/orders/dao.py (530 lines): OrdersDAO class
  * CRUD: create / get / get_by_external_id / find_by_phone / list / count / stats_by_status / update / delete
  * 事务: transaction() 上下文 + 嵌套深度计数(外层事务中内层不重复 commit)
  * 加密透明化: API 入口 Order dataclass 走明文 PII,DAO 内部 to_db_row/from_db_row 转换
  * 状态机守护: transition_status() 单事务内 UPDATE orders + INSERT order_status_history
    + 时间戳联动 (paid_at/started_at/delivered_at/completed_at COALESCE 保留首次值)
  * 幂等 upsert_by_external_id: 4 种 action 与 data/channel_sync/dao_extension 对齐
  * 防御: update() 显式拒绝 status 字段; _row_factory_ctx() 不污染外部 row_factory
  * 异常: OrderNotFound(LookupError) / DuplicateOrder(ValueError)

- data/orders/tests/test_dao.py (51 cases): 加密透明化、状态机合法/非法路径、
  事务回滚、upsert 4 种 action、状态历史时间线、row_factory 隔离、删除 cascade、
  与 dao_extension 的契约对齐

- data/orders/__init__.py: 导出 OrdersDAO / UpsertResult / StatusChange /
  OrderNotFound / DuplicateOrder

- 验证: data/orders/tests/ 163/163, data/ 386/386, ruff 0 warning, py_compile clean
2026-06-12 16:36:51 +08:00
coder
ef4bb46295 docs(orders): T4.2 DAO 文档 + 实施记录 + CHANGELOG
- data/orders/README.md: 增加 DAO API 一览表 + 加密透明化边界表
- docs/plans/T4-2-orders-dao.md: 实施记录 (设计原则 / DoD / 验证 / 风险)
- CHANGELOG.md: T4.2 条目(51 用例 / 163 总 / 386 data 全绿)
2026-06-12 16:36:32 +08:00
Hermes Agent
e18abedb4f feat(orders): T11.2 敏感字段展示脱敏工具 + to_dict 三态策略
- 新增 data/orders/masking.py (141 行):
  - mask_phone: 11 位 → 138****1234;支持 +86/86 国家码剥离、空格/横杠分隔符
  - mask_id_card: 18 位 → 430102********1234(保留前 6 行政区划 + 末 4);15 位老版兼容;13-14 位非标准也走前 6 后 4 遮罩
  - mask_name: 1 字原样 / 2 字 张* / 3 字 张*丰 / 4+ 字 张**;非中日韩字符全遮
  - mask_sensitive_dict: 一键遮罩订单字典中所有已知 PII 字段,不动 _enc/_hash 索引/密文
  - 默认安全:None/空串/非字符串均不抛错,统一返回 None/''

- 扩展 Order.to_dict(decrypt_sensitive) 三态策略:
  - True   : 完整明文(权限内接口使用,如后台人工核对)
  - False  : 完全移除明文(对外公开统计/审计日志)
  - 'mask' : 部分遮罩(默认,推荐;列表/详情直接可用)
  - 未知字符串策略值回退为 mask(防误传 plaintext 导致明文泄露)

- 新增 data/orders/tests/test_masking.py (246 行,32 个 pytest 用例):
  - 覆盖各 mask 函数边界(标准/带 +86/短串/非法输入)
  - 覆盖 Order.to_dict 三态与默认 mask 的串联通路

- 验证:
  - data/orders/tests 全套 112 用例通过(原 80 + 新增 32)
  - 全仓 344/344 通过
  - ruff check 0 warning / ruff format --check 已规范

- 与 T4.1 落盘加密的关系:crypto 负责'落盘形态'(密文+hash),
masking 负责'展示形态'(部分遮罩),两者正交互补。
2026-06-12 16:26:57 +08:00
Hermes Agent
bdd361e50f docs(orders): T11.2 展示脱敏文档 + 字段分类表更新
- data/orders/README.md 新增 T11.2 段:展示脱敏三态策略示例代码
- 文件结构表新增 masking.py / test_masking.py
- 字段分类表:强/弱敏感 PII 增加'展示遮罩'列
- DoD 勾选'展示脱敏'项
- 版本号 v1.0 → v1.1

代码改动见下个 feat commit(分离便于回滚/review)。
2026-06-12 16:26:32 +08:00
Hermes Agent
a11480cf10 feat(orders): add encrypted sqlite order model 2026-06-12 15:24:20 +08:00