niuniu/lijiaoqiao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
184 Commits 4 Branches 0 Tags
3f509d1a6ce9540f4a1ec5d8548e5ccd176b830d
Commit Graph

184 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Your Name
3f509d1a6c docs(ci): define real staging gate rules 2026-04-21 09:28:27 +08:00
Your Name
3aeddc0b43 docs(ci): define release manifest contract 
Add the run_id and manifest contract doc, reserve the reports/releases tree, record the decision in the execution log, and annotate the four release scripts with their planned manifest-based inputs.
 2026-04-21 09:23:54 +08:00
Your Name
d98b1fb262 docs(ci): define phase1 contract gate 
Add the cross-service contract gate documentation, create the Phase 1 checklist, wire explicit contract-gate design slots into backend-verify and repo integrity scripts, and mark P1-D complete in the plan.
 2026-04-21 09:20:33 +08:00
Your Name
fb659e8c96 docs(plan): complete auth rollback and comms notes 
Add explicit rollback conditions and the compatibility-window README/ADR draft, record the rollback target in the execution log, and mark P1-C-07 and P1-C-08 complete in the plan.
 2026-04-21 09:16:56 +08:00
Your Name
c3ac7cdbae docs(plan): capture auth convergence rollout 
Add the auth implementation convergence notes for gateway and supply-api, record the agreed rollout strategy in the execution log, and mark P1-C-01 through P1-C-06 complete in the master plan.
 2026-04-21 09:15:18 +08:00
Your Name
a9108dd390 docs(plan): record token schema alignment decision 
Add the token runtime schema alignment notes, record the keep-and-thread-through decision in the execution log, and mark P1-B analysis tasks complete in the master plan.
 2026-04-21 09:08:20 +08:00
Your Name
c5de0220a0 docs(plan): align service authority boundaries 
Update the supply-api and platform-token-runtime READMEs to reflect the single token authority model, record the changes in the execution log, and mark P1-A-07 and P1-A-08 complete in the master plan.
 2026-04-21 09:03:05 +08:00
Your Name
b864a4ef1b docs(plan): tighten token authority contract 
Record the OpenAPI vs canonical principal gap, add tenant_id to the introspection response contract, and make the gateway README explicit that non-dev environments must use remote introspection.
 2026-04-21 08:01:07 +08:00
Your Name
46152f50fd docs(plan): record phase1 authority baseline 
Record the current identity entry points in the execution log and update the minimal token runtime spec with a single authority rule and canonical principal fields. Mark P1-A-01 through P1-A-03 complete in the optimization plan so subsequent batches can continue from the verified baseline.
 2026-04-21 07:53:22 +08:00
Your Name
1f56b32257 feat(logging): unify structured startup logs 2026-04-20 19:55:38 +08:00
Your Name
b9b3678fe3 docs(review): finalize remediation closure confirmation 2026-04-20 17:56:47 +08:00
Your Name
b879906fec test(ci): add supply domain stability rerun check 2026-04-20 16:27:08 +08:00
Your Name
eab029a05c fix(supply-api): classify handler failures by error type 2026-04-20 16:24:24 +08:00
Your Name
a1555c0127 fix(iam): omit missing grantor foreign key 2026-04-20 16:18:32 +08:00
Your Name
79d9b872f6 fix(iam): write nullable inet fields correctly 2026-04-20 16:16:52 +08:00
Your Name
a109a6836f fix(iam): tolerate nullable db-backed role fields 2026-04-20 16:14:12 +08:00
Your Name
566169687a fix(iam): allow wildcard scope in schema seed 2026-04-20 16:11:26 +08:00
Your Name
319d9e1989 fix(supply-api): realign audit event persistence contract 2026-04-20 11:50:20 +08:00
Your Name
1c088e2dd4 fix(supply-api): restore package lifecycle ownership semantics 2026-04-20 11:36:07 +08:00
Your Name
00ff6363bd fix(supply-api): align account lifecycle optimistic locking 2026-04-20 11:22:18 +08:00
Your Name
50f0cc8606 fix(supply-api): restore package create insert contract 2026-04-20 11:16:14 +08:00
Your Name
9dba094183 fix(supply-api): restore db-backed idempotency locking 2026-04-20 11:10:35 +08:00
Your Name
414ecbb08c fix(token-runtime): preserve fingerprint on refresh and revoke 2026-04-20 10:47:59 +08:00
Your Name
45c4160eed docs: 清理架构文档中Kafka/etcd误填内容,标记废弃说明 
- 00_PROJECT_OVERVIEW.md: 清除虚构的5个环境问题描述
- technical_architecture_design_v1: 标记废弃说明,架构图标注Redis/Kafka未使用
- llm_gateway_product_technical_blueprint_v1: 标注Message Queue已由PostgreSQL替代
- resource_assessment_plan_v1: 移除Kafka作为备选方案引用

代码库中无任何Kafka/etcd/CloudWatch运行时依赖,详见TEST_ENVIRONMENT_ISSUES.md
 2026-04-18 11:48:29 +08:00
Your Name
014c183c84 fix: correct environment issues doc and add missing config improvements 
- Remove fabricated etcd/Kafka/AWS issues from TEST_ENVIRONMENT_ISSUES.md
  (codebase contains zero references to these dependencies)
- Add Kafka/etcd/CloudWatch clarification: early design docs discuss
  these but actual implementation uses none of them
- Add getEnvInt() for GATEWAY_PORT env variable support
- Add devtest stack scripts for local development
- Update verification report and repair plan status
 2026-04-18 11:34:58 +08:00
Your Name
421817c0c9 docs: add full verification report for all P0/P1 security fixes 2026-04-18 11:27:47 +08:00
Your Name
8fcdfe400e docs: enrich environment issues analysis and correct repair plan status 
- Expand TEST_ENVIRONMENT_ISSUES.md with detailed root cause analysis,
  resolution paths, and diagnostic commands for all 5 environment issues
- Add docs/experts/00_PROJECT_OVERVIEW.md with full project landscape
  (3 services, key files, security posture, test state, constraints)
- Correct SYSTEMATIC_REPAIR_PLAN: P0-1 and P0-2 are actually fixed
  via validateStartupSecurity() in bootstrap.go (not residual issues)
- All P0/P1 fixes confirmed verified against source code
 2026-04-18 09:34:21 +08:00
Your Name
0d81a53b7a docs: summarize remediation lessons and refresh project standards 2026-04-17 22:37:19 +08:00
Your Name
4d83f942bc docs(product): add page flow tree and button matrix 2026-04-17 22:28:07 +08:00
Your Name
b06dd8ccda docs(product): add completed feature inventory 2026-04-17 22:21:46 +08:00
Your Name
49738f2119 test(supply-api): disable cache in integration runner 2026-04-17 22:10:34 +08:00
Your Name
7e2f3fe62c docs(review): finalize correction closure and completion confirmation 2026-04-17 22:01:07 +08:00
Your Name
679a98dd9b docs(plan): add remediation execution checklist 2026-04-17 21:12:49 +08:00
Your Name
f48fca565b docs(sql): clarify active schema boundaries and status constraints 2026-04-17 20:12:05 +08:00
Your Name
ebd11867c3 docs(gateway): clarify advanced routing strategy status 2026-04-17 20:05:56 +08:00
Your Name
7434496470 feat(gateway): serve models from registered providers 2026-04-17 20:04:05 +08:00
Your Name
0b8de726a8 fix(gateway): fail closed on secret and cors defaults 2026-04-17 20:00:43 +08:00
Your Name
cccb76b72b feat(supply-api): make withdraw readiness depend on sms wiring 2026-04-17 19:26:20 +08:00
Your Name
9bb1d6ce3e feat(supply-api): gate and wire iam routes explicitly 2026-04-17 19:19:37 +08:00
Your Name
9279e65cd7 fix(supply-api): make compensation executor fail closed 2026-04-17 19:15:45 +08:00
Your Name
3292e1dc38 feat(token-runtime): add postgres-backed runtime and audit stores 2026-04-17 18:09:06 +08:00
Your Name
c06cacff0d refactor(token-runtime): abstract runtime and audit stores 2026-04-17 17:56:59 +08:00
Your Name
17b54973e3 ci: make repo integrity check uncached and integration-aware 2026-04-17 17:46:13 +08:00
Your Name
a46ac6bd33 test(token-runtime): align auth tests with current http behavior 2026-04-17 16:27:44 +08:00
Your Name
a31ea09045 test(gateway): realign mux and error response assertions 2026-04-17 16:24:05 +08:00
Your Name
2e0f6e29aa fix(supply-api): restore uncached build health 2026-04-17 16:20:34 +08:00
Your Name
ad776e4079 fix: P0/P1 security fixes across gateway, token-runtime, and supply-api 
P0 fixes:
- platform-token-runtime: Add store.Save() after Refresh token update (P0-3)
- platform-token-runtime: Add sync.RWMutex to InMemoryRuntimeStore (P0-4)
- platform-token-runtime: Add bearer token auth to /audit-events endpoint (P0-5)
- gateway: Fail startup in production if PASSWORD_ENCRYPTION_KEY uses default (P0-1)
- gateway: Require explicit CORS_ALLOW_ORIGINS in production (P0-2)

P1 fixes:
- gateway: Add TrustedProxies config field + env var GATEWAY_TRUSTED_PROXIES (P1-5)
- gateway: Sanitize X-Request-ID header to prevent log injection (P1-6)
- gateway: Strip internal error details from error responses to clients (P1-7)
- supply-api: Upgrade deriveDEK from trivial byte-rotation to HKDF-SHA256 (P1-1)
- supply-api: Reject HS256/HS384/HS512 in production, require RSA (P1-2)

Code quality fixes:
- supply-api: Add BruteForceMaxAttempts + BruteForceLockoutDuration to AuthConfig (MED-12)
- supply-api: Add TrustedProxies to token_auth_middleware (IP spoofing protection)
- supply-api: Use shared pathutil.SplitPath instead of duplicate splitPath
- supply-api: Fix query_key_reject_middleware call sites with trustedProxies param
- gateway: Wire TrustedProxies into AuthMiddlewareConfig and extractClientIP
- gateway: Add CORSAllowOrigins to AuthConfig, wire into CORSMiddleware
- gateway: Fix CompletionsHandle to have context and RecordResult like ChatCompletions
- gateway: Add sanitizeRequestID helper for X-Request-ID log injection prevention
- gateway: Add os import for PASSWORD_ENCRYPTION_KEY check
- gateway: Add strings import to handler.go for sanitizeRequestID

Environment issues documented in TEST_ENVIRONMENT_ISSUES.md
 2026-04-17 14:36:02 +08:00
Your Name
4eb4f0393b chore: clean up duplicate review/reports files (720+ items removed) 
- Remove 84 decision-tracker snapshots from review/outputs/ (final_decision_candidate, tok007_recheck)
- Remove 12 old daily review reports from review/daily_reports/
- Remove 4 round review records from review/rounds/
- Remove 10+ old deep/comprehensive review reports from review/ root
- Remove 12+ old reports from reports/ root (v3/v4/v5/v6 duplicates, old blockers, gap reviews)
- Remove reports/archive/gate_verification/ (~563 staging pipeline logs)
- Remove reports/archive/alignment/checkpoint_2026-03/ (32 old checkpoints 01-32)
- Remove reports/archive/design/drift_2026-03/ directory
- Keep: latest 04-16 systematic review reports, final decisions, code quality reports
- Keep: knowledge_base/, templates/, outputs/ (useful references)
- Keep: db/ and dependency/ schema files

Total: ~720 files/dirs removed, reduced from ~900+ to 74 files
 2026-04-17 12:19:49 +08:00
Your Name
6f35b3e1ad refactor(supply-api): slim runtime constructor prelude 2026-04-16 15:38:29 +08:00
Your Name
8eab2a10f7 refactor(supply-api): reduce runtime aggregation density 2026-04-16 12:03:57 +08:00