supply-api/internal/audit/events/cred_events.go

package events

import (
	"strings"
)

// CRED事件类别常量
const (
	CategoryCRED         = "CRED"
	SubCategoryEXPOSE    = "EXPOSE"
	SubCategoryINGRESS   = "INGRESS"
	SubCategoryROTATE    = "ROTATE"
	SubCategoryREVOKE    = "REVOKE"
	SubCategoryVALIDATE  = "VALIDATE"
	SubCategoryDIRECT    = "DIRECT"
)

// CRED事件列表
var credEvents = []string{
	// 凭证暴露事件 (CRED-EXPOSE)
	"CRED-EXPOSE-RESPONSE", // 响应中暴露凭证
	"CRED-EXPOSE-LOG",      // 日志中暴露凭证
	"CRED-EXPOSE-EXPORT",   // 导出文件中暴露凭证

	// 凭证入站事件 (CRED-INGRESS)
	"CRED-INGRESS-PLATFORM",  // 平台凭证入站
	"CRED-INGRESS-SUPPLIER", // 供应商凭证入站

	// 凭证轮换事件 (CRED-ROTATE)
	"CRED-ROTATE",

	// 凭证吊销事件 (CRED-REVOKE)
	"CRED-REVOKE",

	// 凭证验证事件 (CRED-VALIDATE)
	"CRED-VALIDATE",

	// 直连绕过事件 (CRED-DIRECT)
	"CRED-DIRECT-SUPPLIER", // 直连供应商
	"CRED-DIRECT-BYPASS",   // 绕过直连
}

// CRED事件结果码映射
var credResultCodes = map[string]string{
	"CRED-EXPOSE-RESPONSE": "SEC_CRED_EXPOSED",
	"CRED-EXPOSE-LOG":      "SEC_CRED_EXPOSED",
	"CRED-EXPOSE-EXPORT":   "SEC_CRED_EXPOSED",
	"CRED-INGRESS-PLATFORM": "CRED_INGRESS_OK",
	"CRED-INGRESS-SUPPLIER": "CRED_INGRESS_OK",
	"CRED-DIRECT-SUPPLIER":  "SEC_DIRECT_BYPASS",
	"CRED-DIRECT-BYPASS":    "SEC_DIRECT_BYPASS",
	"CRED-ROTATE":           "CRED_ROTATE_OK",
	"CRED-REVOKE":           "CRED_REVOKE_OK",
	"CRED-VALIDATE":         "CRED_VALIDATE_OK",
}

// CRED指标名称映射
var credMetricNames = map[string]string{
	"CRED-EXPOSE-RESPONSE":    "supplier_credential_exposure_events",
	"CRED-EXPOSE-LOG":         "supplier_credential_exposure_events",
	"CRED-EXPOSE-EXPORT":      "supplier_credential_exposure_events",
	"CRED-INGRESS-PLATFORM":   "platform_credential_ingress_coverage_pct",
	"CRED-INGRESS-SUPPLIER":   "platform_credential_ingress_coverage_pct",
	"CRED-DIRECT-SUPPLIER":    "direct_supplier_call_by_consumer_events",
	"CRED-DIRECT-BYPASS":      "direct_supplier_call_by_consumer_events",
}

// GetCREDEvents 返回所有CRED事件
func GetCREDEvents() []string {
	return credEvents
}

// GetCREDExposeEvents 返回所有凭证暴露事件
func GetCREDExposeEvents() []string {
	return []string{
		"CRED-EXPOSE-RESPONSE",
		"CRED-EXPOSE-LOG",
		"CRED-EXPOSE-EXPORT",
	}
}

// GetCREDFngressEvents 返回所有凭证入站事件
func GetCREDFngressEvents() []string {
	return []string{
		"CRED-INGRESS-PLATFORM",
		"CRED-INGRESS-SUPPLIER",
	}
}

// GetCREDDnirectEvents 返回所有直连绕过事件
func GetCREDDnirectEvents() []string {
	return []string{
		"CRED-DIRECT-SUPPLIER",
		"CRED-DIRECT-BYPASS",
	}
}

// GetCREDEventCategory 返回CRED事件的类别
func GetCREDEventCategory(eventName string) string {
	if strings.HasPrefix(eventName, "CRED-") {
		return CategoryCRED
	}
	if eventName == "CRED-ROTATE" || eventName == "CRED-REVOKE" || eventName == "CRED-VALIDATE" {
		return CategoryCRED
	}
	return ""
}

// GetCREDEventSubCategory 返回CRED事件的子类别
func GetCREDEventSubCategory(eventName string) string {
	if strings.HasPrefix(eventName, "CRED-EXPOSE") {
		return SubCategoryEXPOSE
	}
	if strings.HasPrefix(eventName, "CRED-INGRESS") {
		return SubCategoryINGRESS
	}
	if strings.HasPrefix(eventName, "CRED-DIRECT") {
		return SubCategoryDIRECT
	}
	if strings.HasPrefix(eventName, "CRED-ROTATE") {
		return SubCategoryROTATE
	}
	if strings.HasPrefix(eventName, "CRED-REVOKE") {
		return SubCategoryREVOKE
	}
	if strings.HasPrefix(eventName, "CRED-VALIDATE") {
		return SubCategoryVALIDATE
	}
	return ""
}

// IsValidCREDEvent 检查事件名称是否为有效的CRED事件
func IsValidCREDEvent(eventName string) bool {
	for _, e := range credEvents {
		if e == eventName {
			return true
		}
	}
	return false
}

// IsCREDExposeEvent 检查是否为凭证暴露事件（M-013相关）
func IsCREDExposeEvent(eventName string) bool {
	return strings.HasPrefix(eventName, "CRED-EXPOSE")
}

// IsCREDFngressEvent 检查是否为凭证入站事件（M-014相关）
func IsCREDFngressEvent(eventName string) bool {
	return strings.HasPrefix(eventName, "CRED-INGRESS")
}

// IsCREDDnirectEvent 检查是否为直连绕过事件（M-015相关）
func IsCREDDnirectEvent(eventName string) bool {
	return strings.HasPrefix(eventName, "CRED-DIRECT")
}

// GetCREDMetricName 获取CRED事件对应的指标名称
func GetCREDMetricName(eventName string) string {
	if metric, ok := credMetricNames[eventName]; ok {
		return metric
	}
	return ""
}

// GetCREDEventResultCode 获取CRED事件对应的结果码
func GetCREDEventResultCode(eventName string) string {
	if code, ok := credResultCodes[eventName]; ok {
		return code
	}
	return ""
}

// IsCREDExposeEvent 检查是否为M-013事件（凭证暴露）
func IsM013RelatedEvent(eventName string) bool {
	return IsCREDExposeEvent(eventName)
}

// IsCREDFngressEvent 检查是否为M-014事件（凭证入站）
func IsM014RelatedEvent(eventName string) bool {
	return IsCREDFngressEvent(eventName)
}

// IsCREDDnirectEvent 检查是否为M-015事件（直连绕过）
func IsM015RelatedEvent(eventName string) bool {
	return IsCREDDnirectEvent(eventName)
}
-												feat(P1/P2): 完成TDD开发及P1/P2设计文档

## 设计文档
- multi_role_permission_design: 多角色权限设计 (CONDITIONAL GO)
- audit_log_enhancement_design: 审计日志增强 (CONDITIONAL GO)
- routing_strategy_template_design: 路由策略模板 (CONDITIONAL GO)
- sso_saml_technical_research: SSO/SAML调研 (CONDITIONAL GO)
- compliance_capability_package_design: 合规能力包设计 (CONDITIONAL GO)

## TDD开发成果
- IAM模块: supply-api/internal/iam/ (111个测试)
- 审计日志模块: supply-api/internal/audit/ (40+测试)
- 路由策略模块: gateway/internal/router/ (33+测试)
- 合规能力包: gateway/internal/compliance/ + scripts/ci/compliance/

## 规范文档
- parallel_agent_output_quality_standards: 并行Agent产出质量规范
- project_experience_summary: 项目经验总结 (v2)
- 2026-04-02-p1-p2-tdd-execution-plan: TDD执行计划

## 评审报告
- 5个CONDITIONAL GO设计文档评审报告
- fix_verification_report: 修复验证报告
- full_verification_report: 全面质量验证报告
- tdd_module_quality_verification: TDD模块质量验证
- tdd_execution_summary: TDD执行总结

依据: Superpowers执行框架 + TDD规范

											
										
										
											2026-04-02 23:35:53 +08:00
+								package events
 								import (
 									"strings"
 								)
 								// CRED事件类别常量
 								const (
 									CategoryCRED         = "CRED"
 									SubCategoryEXPOSE    = "EXPOSE"
 									SubCategoryINGRESS   = "INGRESS"
 									SubCategoryROTATE    = "ROTATE"
 									SubCategoryREVOKE    = "REVOKE"
 									SubCategoryVALIDATE  = "VALIDATE"
 									SubCategoryDIRECT    = "DIRECT"
 								)
 								// CRED事件列表
 								var credEvents = []string{
 									// 凭证暴露事件 (CRED-EXPOSE)
 									"CRED-EXPOSE-RESPONSE", // 响应中暴露凭证
 									"CRED-EXPOSE-LOG",      // 日志中暴露凭证
 									"CRED-EXPOSE-EXPORT",   // 导出文件中暴露凭证
 									// 凭证入站事件 (CRED-INGRESS)
 									"CRED-INGRESS-PLATFORM",  // 平台凭证入站
 									"CRED-INGRESS-SUPPLIER", // 供应商凭证入站
 									// 凭证轮换事件 (CRED-ROTATE)
 									"CRED-ROTATE",
 									// 凭证吊销事件 (CRED-REVOKE)
 									"CRED-REVOKE",
 									// 凭证验证事件 (CRED-VALIDATE)
 									"CRED-VALIDATE",
 									// 直连绕过事件 (CRED-DIRECT)
 									"CRED-DIRECT-SUPPLIER", // 直连供应商
 									"CRED-DIRECT-BYPASS",   // 绕过直连
 								}
 								// CRED事件结果码映射
 								var credResultCodes = map[string]string{
 									"CRED-EXPOSE-RESPONSE": "SEC_CRED_EXPOSED",
 									"CRED-EXPOSE-LOG":      "SEC_CRED_EXPOSED",
 									"CRED-EXPOSE-EXPORT":   "SEC_CRED_EXPOSED",
 									"CRED-INGRESS-PLATFORM": "CRED_INGRESS_OK",
 									"CRED-INGRESS-SUPPLIER": "CRED_INGRESS_OK",
 									"CRED-DIRECT-SUPPLIER":  "SEC_DIRECT_BYPASS",
 									"CRED-DIRECT-BYPASS":    "SEC_DIRECT_BYPASS",
 									"CRED-ROTATE":           "CRED_ROTATE_OK",
 									"CRED-REVOKE":           "CRED_REVOKE_OK",
 									"CRED-VALIDATE":         "CRED_VALIDATE_OK",
 								}
 								// CRED指标名称映射
 								var credMetricNames = map[string]string{
 									"CRED-EXPOSE-RESPONSE":    "supplier_credential_exposure_events",
 									"CRED-EXPOSE-LOG":         "supplier_credential_exposure_events",
 									"CRED-EXPOSE-EXPORT":      "supplier_credential_exposure_events",
 									"CRED-INGRESS-PLATFORM":   "platform_credential_ingress_coverage_pct",
 									"CRED-INGRESS-SUPPLIER":   "platform_credential_ingress_coverage_pct",
 									"CRED-DIRECT-SUPPLIER":    "direct_supplier_call_by_consumer_events",
 									"CRED-DIRECT-BYPASS":      "direct_supplier_call_by_consumer_events",
 								}
 								// GetCREDEvents 返回所有CRED事件
 								func GetCREDEvents() []string {
 									return credEvents
 								}
 								// GetCREDExposeEvents 返回所有凭证暴露事件
 								func GetCREDExposeEvents() []string {
 									return []string{
 										"CRED-EXPOSE-RESPONSE",
 										"CRED-EXPOSE-LOG",
 										"CRED-EXPOSE-EXPORT",
 									}
 								}
 								// GetCREDFngressEvents 返回所有凭证入站事件
 								func GetCREDFngressEvents() []string {
 									return []string{
 										"CRED-INGRESS-PLATFORM",
 										"CRED-INGRESS-SUPPLIER",
 									}
 								}
 								// GetCREDDnirectEvents 返回所有直连绕过事件
 								func GetCREDDnirectEvents() []string {
 									return []string{
 										"CRED-DIRECT-SUPPLIER",
 										"CRED-DIRECT-BYPASS",
 									}
 								}
 								// GetCREDEventCategory 返回CRED事件的类别
 								func GetCREDEventCategory(eventName string) string {
 									if strings.HasPrefix(eventName, "CRED-") {
 										return CategoryCRED
 									}
 									if eventName == "CRED-ROTATE" || eventName == "CRED-REVOKE" || eventName == "CRED-VALIDATE" {
 										return CategoryCRED
 									}
 									return ""
 								}
 								// GetCREDEventSubCategory 返回CRED事件的子类别
 								func GetCREDEventSubCategory(eventName string) string {
 									if strings.HasPrefix(eventName, "CRED-EXPOSE") {
 										return SubCategoryEXPOSE
 									}
 									if strings.HasPrefix(eventName, "CRED-INGRESS") {
 										return SubCategoryINGRESS
 									}
 									if strings.HasPrefix(eventName, "CRED-DIRECT") {
 										return SubCategoryDIRECT
 									}
 									if strings.HasPrefix(eventName, "CRED-ROTATE") {
 										return SubCategoryROTATE
 									}
 									if strings.HasPrefix(eventName, "CRED-REVOKE") {
 										return SubCategoryREVOKE
 									}
 									if strings.HasPrefix(eventName, "CRED-VALIDATE") {
 										return SubCategoryVALIDATE
 									}
 									return ""
 								}
 								// IsValidCREDEvent 检查事件名称是否为有效的CRED事件
 								func IsValidCREDEvent(eventName string) bool {
 									for _, e := range credEvents {
 										if e == eventName {
 											return true
 										}
 									}
 									return false
 								}
 								// IsCREDExposeEvent 检查是否为凭证暴露事件（M-013相关）
 								func IsCREDExposeEvent(eventName string) bool {
 									return strings.HasPrefix(eventName, "CRED-EXPOSE")
 								}
 								// IsCREDFngressEvent 检查是否为凭证入站事件（M-014相关）
 								func IsCREDFngressEvent(eventName string) bool {
 									return strings.HasPrefix(eventName, "CRED-INGRESS")
 								}
 								// IsCREDDnirectEvent 检查是否为直连绕过事件（M-015相关）
 								func IsCREDDnirectEvent(eventName string) bool {
 									return strings.HasPrefix(eventName, "CRED-DIRECT")
 								}
 								// GetCREDMetricName 获取CRED事件对应的指标名称
 								func GetCREDMetricName(eventName string) string {
 									if metric, ok := credMetricNames[eventName]; ok {
 										return metric
 									}
 									return ""
 								}
 								// GetCREDEventResultCode 获取CRED事件对应的结果码
 								func GetCREDEventResultCode(eventName string) string {
 									if code, ok := credResultCodes[eventName]; ok {
 										return code
 									}
 									return ""
 								}
 								// IsCREDExposeEvent 检查是否为M-013事件（凭证暴露）
 								func IsM013RelatedEvent(eventName string) bool {
 									return IsCREDExposeEvent(eventName)
 								}
 								// IsCREDFngressEvent 检查是否为M-014事件（凭证入站）
 								func IsM014RelatedEvent(eventName string) bool {
 									return IsCREDFngressEvent(eventName)
 								}
 								// IsCREDDnirectEvent 检查是否为M-015事件（直连绕过）
 								func IsM015RelatedEvent(eventName string) bool {
 									return IsCREDDnirectEvent(eventName)
 								}