Record the April 11 correction and add April 12-13 metric snapshots, trend reports, and stage validation summaries.\nKeep only summary-level gate evidence needed to explain the real readiness progression across those runs.
Add design, review, and production-readiness documents for the April remediation cycle.\nInclude supporting SQL and supply-api operational design notes so review conclusions and implementation guidance stay versioned together.
Add broader e2e coverage for account, package, billing, tracing, and reliability scenarios.\nSupport Unix socket DSN formatting in config and cover it with unit tests.\nIgnore local assistant metadata and generated gate artifacts to reduce workspace noise.
1. 添加 slog_logger.go 实现基于 Go 1.21+ slog 的结构化日志
2. 支持 trace_id、request_id、tenant_id 等标准字段注入
3. 添加日志标准化重构方案文档
推荐使用 Go 内置 log/slog,无需第三方依赖。
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add regression tests for the shipped development and SMS sample configs, and fix the SMS example to match the runtime flat Config schema instead of nested provider blocks. Verified with fresh go test runs for ./internal/config and ./internal/sms before commit.
Add repository integration probes, repository policy tests, the compose-based integration runner, and the matching usage documentation. Align the runner environment with both repository and middleware integration test expectations, and verify with fresh repository tests, integration-tag test runs, bash -n, and docker-compose config before commit.
Add benchmark documentation and middleware benchmark coverage, fix the settlement benchmark mock to satisfy the current SettlementStore interface, and add reusable domain test helper packages. Verified with fresh go test runs for ./internal/testutil/... and go test -tags=slow -run '^$' ./internal/benchmark/... before commit.
Add the domain-level outbox processor implementation required by existing domain tests, and add regression coverage for compensation worker cancellation behavior. Verified with a fresh go test run for ./internal/domain before commit.
Add the outbox, partitioning, and token-status DDL files alongside the partition strategy regression test. These files map directly to already committed repository and middleware paths, and were verified with fresh repository, outbox, and middleware test runs before commit.
Add the untracked SMS service package and its security-focused tests, plus database-backed IAM service unit coverage. This keeps the verification surface small and brings previously validated test/runtime support sources into version control as an isolated change.
Check in the healthcheck, structured logging, outbox broker, partition manager, and token status repository files that the committed supply-api runtime already imports. Verified with fresh go test runs for cmd/supply-api, internal/httpapi, internal/pkg/logging, internal/repository, and internal/outbox.
Finalize the audit design notes, record the token auth naming alignment, and refresh the 2026-04-11 gate snapshots against the latest stage validation evidence. The metrics snapshot intentionally keeps M-018 as FAIL because PHASE-07 remains deferred.
Add nil and wildcard coverage for IAM claims helpers, ensure auth security tests run with authentication enabled, and make settlement mocks express pending-withdraw/error branches explicitly.
Reject non-whitelisted origins on actual requests and format Access-Control-Max-Age correctly. This keeps wildcard subdomain matching explicit and avoids silently serving blocked origins.
Changes:
- docs/testing_strategy_v1.md v1.1:
- Clarify test pyramid with build tags (unit/integration/e2e)
- Add Middleware to priority module list
- Add coverage run discrepancy warning (individual vs ./...)
- Update action items to reflect completed work
- Add race detector usage guidelines
- Add test cleanup patterns
- reports/test_coverage_report_2026-04-08.md:
- Clarify coverage run discrepancy (individual vs ./...)
- Add dual columns: individual run vs combined run
- Update status to ✅ all key modules passing
- Add week-over-week trending
- Remove incorrect "emergency" status
- audit/events: 73.5% → 97.6% (+24.1%)
- Add tests for IsM013/M014/M015RelatedEvent
- Add tests for FormatSECURITYEvent
- Add comprehensive coverage for all CRED and SECURITY event functions
- security: 67.2% → 88.8% (+21.6%)
- Add tests for ValidateKeyID, DecryptionError.Error()
- Add tests for ValidateQueryParams, GetAllowedParamNames
- Add tests for isHexString, looksLikeAPIKey
- Fix test cases to match actual implementation behavior
- audit/sanitizer: Fix MaskMap []string handling bug
- Add maskSliceInterface for []interface{} type
- Tests now pass for string slice sensitive fields
All tests pass
- Fix MaskMap to properly handle []string sensitive fields
- Add missing slice handling in sanitizer
- Add comprehensive tests for GetMetrics and CreateEventsBatch
- Improve audit/handler coverage from 49.8% to 68.8%
- Fix test expectations to match actual sanitizer behavior
- All tests pass
