feat: sync lijiaoqiao implementation and staging validation artifacts

platform-token-runtime/internal/token/audit_test_template_test.go

@@ -0,0 +1,87 @@
+package token_test
+
+import "testing"
+
+type auditTemplateCase struct {
+	ID         string
+	Name       string
+	TriggerCase string
+	Assertions []string
+}
+
+func TestTokenAuditTemplateCases(t *testing.T) {
+	t.Parallel()
+
+	cases := []auditTemplateCase{
+		{
+			ID:          "TOK-AUD-001",
+			Name:        "签发成功事件",
+			TriggerCase: "TOK-LIFE-001",
+			Assertions: []string{
+				"存在 token.issue.success",
+				"event_id/request_id/result_code/route/created_at 齐全",
+			},
+		},
+		{
+			ID:          "TOK-AUD-002",
+			Name:        "签发失败事件",
+			TriggerCase: "TOK-LIFE-002",
+			Assertions: []string{
+				"存在 token.issue.fail",
+				"result_code 准确",
+			},
+		},
+		{
+			ID:          "TOK-AUD-003",
+			Name:        "鉴权失败事件",
+			TriggerCase: "无效 token 访问受保护接口",
+			Assertions: []string{
+				"存在 token.authn.fail",
+				"包含 request_id",
+			},
+		},
+		{
+			ID:          "TOK-AUD-004",
+			Name:        "越权事件",
+			TriggerCase: "TOK-LIFE-008",
+			Assertions: []string{
+				"存在 token.authz.denied",
+				"包含 subject_id",
+			},
+		},
+		{
+			ID:          "TOK-AUD-005",
+			Name:        "吊销事件",
+			TriggerCase: "TOK-LIFE-005",
+			Assertions: []string{
+				"存在 token.revoke.success",
+				"包含 token_id",
+			},
+		},
+		{
+			ID:          "TOK-AUD-006",
+			Name:        "query key 拒绝事件",
+			TriggerCase: "query key 访问受保护接口",
+			Assertions: []string{
+				"存在 token.query_key.rejected",
+				"不含敏感值",
+			},
+		},
+		{
+			ID:          "TOK-AUD-007",
+			Name:        "事件不可篡改",
+			TriggerCase: "重复读取同 event_id",
+			Assertions: []string{
+				"核心字段不可变",
+				"时间顺序正确",
+			},
+		},
+	}
+
+	for _, tc := range cases {
+		tc := tc
+		t.Run(tc.ID, func(t *testing.T) {
+			t.Skipf("模板用例，待接入实现: %s", tc.Name)
+		})
+	}
+}