lijiaoqiao

Author	SHA1	Message	Date
Your Name	a94de1b32b	refactor(outbox): share domain backoff policy	2026-04-13 20:54:38 +08:00
Your Name	7f8143e3ac	chore(config): separate local override guidance	2026-04-13 20:52:53 +08:00
Your Name	10d79be2c3	docs(cleanup): add committable cleanup plan	2026-04-13 20:31:05 +08:00
Your Name	aecba5ff27	docs(review): add remediation plans and readiness artifacts Add design, review, and production-readiness documents for the April remediation cycle.\nInclude supporting SQL and supply-api operational design notes so review conclusions and implementation guidance stay versioned together.	2026-04-13 18:54:45 +08:00
Your Name	a2f042f1c2	test(supply-api): expand e2e coverage and support unix socket dsn Add broader e2e coverage for account, package, billing, tracing, and reliability scenarios.\nSupport Unix socket DSN formatting in config and cover it with unit tests.\nIgnore local assistant metadata and generated gate artifacts to reduce workspace noise.	2026-04-13 18:53:35 +08:00
Your Name	841d75191e	refactor: 使用结构化日志替代标准 log 包将所有 log.Printf/Println 调用替换为 logging.Logger 结构化日志输出： - internal/middleware/auth.go: AUTH_WARNING 和 AUTH_ERROR 日志 - internal/middleware/middleware.go: Recovery 中间件 panic 日志 - internal/domain/account.go: emitAudit 审计错误日志 - internal/domain/settlement.go: emitAudit 审计错误日志 - internal/domain/package.go: emitAudit 审计错误日志 - internal/domain/compensation.go: 补偿处理器所有日志 - internal/compensation/compensation.go: 补偿执行器所有日志 - internal/outbox/outbox.go: OutboxProcessor 所有日志 - internal/iam/middleware/scope_auth.go: WILDCARD_SCOPE_ACCESS 审计日志 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 09:49:58 +08:00
Your Name	bf6fc09b88	refactor(cmd): main.go 使用结构化日志替代标准 log 1. 移除标准库 log 导入 2. 使用 jsonLogger 输出结构化 JSON 日志 3. 添加格式化日志方法 (Infof, Errorf, Fatalf) 4. Fatalf 现在会调用 os.Exit(1) 日志格式示例： {"timestamp":"...","level":"INFO","service":"supply-api","message":"starting supply-api in prod mode"} Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 07:46:52 +08:00
Your Name	789707e4f3	feat(logging): 添加 slog-based 结构化日志支持 1. 添加 slog_logger.go 实现基于 Go 1.21+ slog 的结构化日志 2. 支持 trace_id、request_id、tenant_id 等标准字段注入 3. 添加日志标准化重构方案文档推荐使用 Go 内置 log/slog，无需第三方依赖。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 07:41:37 +08:00
Your Name	826a17158c	fix(e2e): 添加 GetBillingSummary mock 实现修复 e2e 测试因 SettlementService 接口变更导致的编译错误。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 07:32:41 +08:00
Your Name	116eabf427	refactor(httpapi): 统一错误码格式 1. 创建 error_codes.go 定义标准化错误码常量 2. 替换所有硬编码错误码为常量引用 3. 修复 goroutine 未传递 context 的问题错误码格式： - HTTP 层通用错误: SUP_HTTP_XXXX - 业务错误码: SUP_XXX_NNNN 修复： - db_token_backend.go: goroutine 使用 ctx 而非 context.Background() Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-12 23:04:59 +08:00
Your Name	413a3bf0fa	feat(domain): 添加 SettlementService.GetBillingSummary 接口方法问题：settlementService.GetBillingSummary 方法存在但未在接口中暴露解决： 1. 在 SettlementService 接口添加 GetBillingSummary 方法 2. 添加 TestSettlementService_GetBillingSummary 测试 Coverage: - GetBillingSummary: 0% -> 100% - Total domain coverage: 72.0% -> 72.3% Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-12 22:58:41 +08:00
Your Name	2b1f4f10cd	chore(supply-api): add compiled binary	2026-04-12 19:33:20 +08:00
Your Name	5ea6750cf3	test(supply-api): validate shipped config samples Add regression tests for the shipped development and SMS sample configs, and fix the SMS example to match the runtime flat Config schema instead of nested provider blocks. Verified with fresh go test runs for ./internal/config and ./internal/sms before commit.	2026-04-11 11:31:05 +08:00
Your Name	2bc4a00ecd	test(supply-api): add repository integration suite and runner Add repository integration probes, repository policy tests, the compose-based integration runner, and the matching usage documentation. Align the runner environment with both repository and middleware integration test expectations, and verify with fresh repository tests, integration-tag test runs, bash -n, and docker-compose config before commit.	2026-04-11 11:25:19 +08:00
Your Name	ee569e7edb	test(supply-api): add benchmark and test helper support Add benchmark documentation and middleware benchmark coverage, fix the settlement benchmark mock to satisfy the current SettlementStore interface, and add reusable domain test helper packages. Verified with fresh go test runs for ./internal/testutil/... and go test -tags=slow -run '^$' ./internal/benchmark/... before commit.	2026-04-11 11:18:45 +08:00
Your Name	6a5730a261	feat(supply-api): restore domain outbox support and worker tests Add the domain-level outbox processor implementation required by existing domain tests, and add regression coverage for compensation worker cancellation behavior. Verified with a fresh go test run for ./internal/domain before commit.	2026-04-11 10:45:17 +08:00
Your Name	b0ca154e08	chore(supply-api): add runtime schema sql assets Add the outbox, partitioning, and token-status DDL files alongside the partition strategy regression test. These files map directly to already committed repository and middleware paths, and were verified with fresh repository, outbox, and middleware test runs before commit.	2026-04-11 10:29:15 +08:00
Your Name	193372ca95	test(supply-api): add sms module coverage and iam db service tests Add the untracked SMS service package and its security-focused tests, plus database-backed IAM service unit coverage. This keeps the verification surface small and brings previously validated test/runtime support sources into version control as an isolated change.	2026-04-11 10:28:26 +08:00
Your Name	90fc95bc27	fix(supply-api): add missing runtime support sources Check in the healthcheck, structured logging, outbox broker, partition manager, and token status repository files that the committed supply-api runtime already imports. Verified with fresh go test runs for cmd/supply-api, internal/httpapi, internal/pkg/logging, internal/repository, and internal/outbox.	2026-04-11 09:45:37 +08:00
Your Name	eefb68c5b3	test(supply-api): extend auth and iam guard coverage Add nil and wildcard coverage for IAM claims helpers, ensure auth security tests run with authentication enabled, and make settlement mocks express pending-withdraw/error branches explicitly.	2026-04-11 09:34:13 +08:00
Your Name	4adeee2e06	fix: close p0 auth and release gate gaps	2026-04-11 09:25:31 +08:00
Your Name	73eac84361	docs: 验证所有PRD对齐问题验证结果: - TASK-32: INV-SET-003 金额平衡 ✅ 已实现 - TASK-33: Outbox 消费幂等 ✅ FOR UPDATE SKIP LOCKED - TASK-34: 分区清理任务 ✅ 后台goroutine每小时运行 - TASK-35: Idempotency-Key ✅ middleware正确实现结论: PRD对齐问题已全部验证通过	2026-04-09 22:44:57 +08:00
Your Name	da385ee744	fix: P0-02 修复提现竞态条件使用 SELECT ... FOR UPDATE SKIP LOCKED 实现原子化提现创建问题: - HasPendingOrProcessingWithdraw 和 CreateInTx 分开调用导致竞态 - 两个并发请求可能同时通过检查并创建提现解决方案: - 新增 CreateWithdrawTx 方法，先锁定 pending 记录再检查插入 - 使用 FOR UPDATE SKIP LOCKED 防止并发插入涉及文件: - internal/repository/settlement.go: 新增 CreateWithdrawTx - internal/adapter/adapter.go: 实现 CreateWithdrawTx - internal/domain/settlement.go: 使用 CreateWithdrawTx - internal/storage/store.go: 实现内存存储版本 - sql/postgresql/settlement_withdraw_constraint_v1.sql: 文档说明测试: go test -short ./... 通过	2026-04-09 22:16:08 +08:00
Your Name	2012e23278	feat: 更新TDD任务清单并验证所有安全问题 - TASK-25: domain覆盖率已达72.0% (目标70%+) - TASK-27: DSN密码设计安全验证完成 - 确认请求超时中间件已正确实现 - 所有go vet问题已修复剩余未解决项： - SEC-005: 开发模式鉴权禁用(设计决定) - SEC-010: TokenCache多实例(需Redis)	2026-04-09 20:44:11 +08:00
Your Name	e9523ea7a3	fix: 修复验证报告SEC-001和SEC-003安全问题 SEC-001: 移除硬编码"123456"测试码 - 修改DefaultSMSVerifier.Verify返回错误，强制要求配置真实SMS服务 - 添加ErrSMSServiceNotConfigured错误定义 - 更新相关测试使用mock SMS verifier SEC-003: 添加IP欺骗防护 - AuthConfig添加TrustedProxies配置项 - getClientIP添加可信代理验证参数 - 仅在请求来自可信代理时信任X-Forwarded-For头 - 添加isTrustedProxy和containsCIDR辅助函数架构重构: - 创建internal/adapter包，包含存储适配器 - 创建internal/outbox包，包含OutboxProcessorRunner - 创建internal/compensation包，包含补偿执行器 - main.go从891行减少到349行 TDD方法: - 为每个修复编写测试用例 - 测试通过后再提交代码	2026-04-09 20:28:23 +08:00
Your Name	cdb3a453bb	docs: 更新项目文档，添加测试验证规范和经验总结新增内容： 1. CLAUDE.md - 添加测试验证规范 - 数据库连接配置 - 测试运行命令 - 性能基准参考值 - 覆盖率目标 - 常见问题与解决方案 2. project_experience_summary.md - 添加测试验证经验 - 集成测试环境配置 - 测试覆盖率要求 - 性能基准测试 - E2E测试常见问题 - 数据库表验证步骤 - 中间件鲁棒性验证	2026-04-09 14:32:36 +08:00
Your Name	e6ac812a0a	fix: 修复E2E测试编译错误修复e2e_test.go中的未使用导入和变量问题: - 移除未使用的context、assert、require导入 - 修复ctx变量声明但未使用的问题 E2E测试现已通过编译验证。	2026-04-09 14:28:17 +08:00
Your Name	efa4edcc15	fix: 修复提现唯一性检查问题 (PRD P0) 问题：Withdraw函数没有检查是否已有处理中的提现，可能导致并发提现修复内容： 1. 添加新错误码 ErrWithdrawAlreadyProcessing (SUP_SET_4093) 2. 在 SettlementStore 接口添加 HasPendingOrProcessingWithdraw 方法 3. 在 Withdraw 函数中添加检查：已有pending/processing状态提现时拒绝新的提现 4. 在 Repository 中实现 HasPendingOrProcessingWithdraw（检查 pending 和 processing 状态） 5. 在所有 mock 实现中添加该方法修改的文件： - domain/settlement.go: 接口定义和 Withdraw 逻辑 - domain/invariants.go: 新错误码 - repository/settlement.go: HasPendingOrProcessingWithdraw 实现 - storage/store.go: InMemorySettlementStore 实现 - cmd/supply-api/main.go: DBSettlementStore 和 InMemorySettlementStoreAdapter 实现 - test mocks: 添加 HasPendingOrProcessingWithdraw	2026-04-08 20:26:50 +08:00
Your Name	40ab7cf851	feat: 初始化ForeignKeyValidator和CompensationProcessor P0-07: 批量补偿处理器 - 添加NewCompensationProcessor构造函数 - 添加NoOpCompensationStats实现 - 添加defaultCompensationExecutor placeholder实现 - 在main.go中初始化CompensationProcessor P0-09: 外键校验器 - 修改ForeignKeyValidator使用pgxpool替代sql.DB - 在main.go中初始化ForeignKeyValidator - 在创建账户前调用ValidateSupplyAccountOwner - 在创建套餐前调用ValidatePackageSupplyAccount - SupplyAPI添加fkValidator字段修改的文件: - cmd/supply-api/main.go: 初始化组件 - internal/httpapi/supply_api.go: 添加外键校验 - internal/domain/compensation.go: 添加构造函数和Stats实现 - internal/repository/foreign_key_validator.go: 改用pgxpool	2026-04-08 19:00:06 +08:00
Your Name	2f0011b118	docs: 更新项目状态报告 - P1 TODO已完成修正TODO清单： - Settlement.GetByID 测试 ✅ 已完成 - Settlement.List 测试 ✅ 已完成 - Settlement.GetBillingSummary 测试 ✅ 已完成所有测试均已存在并通过race检测	2026-04-08 18:42:16 +08:00
Your Name	85dac3ad44	fix: 修复 TimeoutMiddleware 并发问题并更新测试文档问题修复： - 修复 TimeoutMiddleware 死锁问题（嵌套锁调用） - 修复竞态条件（responseSent 标志确保只发送一次响应） - 基准测试超时从 5ms 改为 100ms 避免 race 检测不稳定文档更新： - 添加中间件并发测试要点（testing_strategy_v1.md） - 添加 TimeoutMiddleware 并发安全经验（project_experience_summary.md） - 更新测试覆盖率报告 - 新建项目状态报告	2026-04-08 18:20:40 +08:00
Your Name	4349666ccb	docs: enhance testing strategy to v1.2 with industry best practices Based on expert review, key improvements: 1. Standardize testing pyramid to 3 layers (Unit/Integration/E2E) - Remove non-standard "Component" layer - Add target percentages per industry standards 2. Add test utilities infrastructure - testutil/factory/ - Test data factories - testutil/mock/ - Unified mock library - testutil/assert/ - Custom assertions 3. Add missing build tags - //go:build slow for performance tests - //go:build e2e for E2E tests 4. Add performance regression testing guidelines 5. Fix flaky test handling - Proper use of context timeout - Skip flaky tests in local dev, run in CI 6. Update references to Google Testing Blog and Atlassian Testing Guide Coverage targets remain aligned with industry: - Unit: 70-80% - Integration: 15-20% - E2E: 5-10%	2026-04-08 10:23:13 +08:00
Your Name	698759b665	docs: refine testing strategy based on code review Changes: - docs/testing_strategy_v1.md v1.1: - Clarify test pyramid with build tags (unit/integration/e2e) - Add Middleware to priority module list - Add coverage run discrepancy warning (individual vs ./...) - Update action items to reflect completed work - Add race detector usage guidelines - Add test cleanup patterns - reports/test_coverage_report_2026-04-08.md: - Clarify coverage run discrepancy (individual vs ./...) - Add dual columns: individual run vs combined run - Update status to ✅ all key modules passing - Add week-over-week trending - Remove incorrect "emergency" status	2026-04-08 10:15:45 +08:00
Your Name	e21021c88c	docs: add testing strategy and coverage report - docs/testing_strategy_v1.md: comprehensive testing strategy - Test pyramid definition (Unit/Integration/E2E) - File naming conventions - Mock interface guidelines - Coverage requirements - Test execution commands - Common issues solutions - reports/test_coverage_report_2026-04-08.md: current coverage status - Module-by-module breakdown - Coverage达标情况 - Mock implementations inventory - Next action items - CLAUDE.md: update test specifications - Add audit store mock signature - Detailed coverage targets per module - Test naming conventions	2026-04-08 10:08:33 +08:00
Your Name	879c09f6d3	test: improve domain and handler test coverage - domain: add comprehensive PackageService and SettlementService tests - handler: fix alert_handler_test mock audit store signature - invariants_test.go: add CheckAccountDelete/Activate tests - settlement_test.go: add Withdraw, Cancel, List, GetByID tests - package_test.go: add Clone, BatchUpdatePrice tests Coverage improvements: - domain: 40.7% -> 71.2% - middleware: 80.4% - audit/handler: 79.6% - audit/service: 83.0% Fixes: - mockAuditStore interface signature (interface{} -> audit.Event) - newMockAccountStore syntax error - Unlist test expects PackageStatusExpired not SoldOut	2026-04-08 10:01:41 +08:00
Your Name	862f313a74	test: improve audit/model coverage from 59.8% to 93.8% - Add comprehensive Alert model tests - Test NewAlert, generateAlertID, parseTenantID - Test Alert methods: IsActive, IsResolved, Resolve, Acknowledge, Suppress - Test UpdateLastSeen, AddEventID, SetMetadata, AddTag - Test Alert constants	2026-04-08 09:06:36 +08:00
Your Name	7280ef565c	test: improve coverage for audit/events and security modules - audit/events: 73.5% → 97.6% (+24.1%) - Add tests for IsM013/M014/M015RelatedEvent - Add tests for FormatSECURITYEvent - Add comprehensive coverage for all CRED and SECURITY event functions - security: 67.2% → 88.8% (+21.6%) - Add tests for ValidateKeyID, DecryptionError.Error() - Add tests for ValidateQueryParams, GetAllowedParamNames - Add tests for isHexString, looksLikeAPIKey - Fix test cases to match actual implementation behavior - audit/sanitizer: Fix MaskMap []string handling bug - Add maskSliceInterface for []interface{} type - Tests now pass for string slice sensitive fields All tests pass	2026-04-08 09:00:29 +08:00
Your Name	8ac23bf7d4	test: improve coverage and fix sanitizer bug - Fix MaskMap to properly handle []string sensitive fields - Add missing slice handling in sanitizer - Add comprehensive tests for GetMetrics and CreateEventsBatch - Improve audit/handler coverage from 49.8% to 68.8% - Fix test expectations to match actual sanitizer behavior - All tests pass	2026-04-08 07:44:58 +08:00
Your Name	6af341ac86	docs: 更新生产就绪度状态报告	2026-04-07 18:01:34 +08:00
Your Name	ac1209aa94	fix: 启用主动吊销机制和分区自动维护 - 启动Redis Pub/Sub订阅实现主动吊销失效 - 添加分区管理器后台维护(每小时预创建分区+清理过期分区)	2026-04-07 18:01:08 +08:00
Your Name	2689291e22	fix: 添加JWT RS256配置支持 - TokenConfig添加Algorithm和PublicKey字段 - 支持HS256(默认)和RS256/RS384/RS512 - 添加parseRSAPublicKey解析PEM格式公钥	2026-04-07 17:46:38 +08:00
Your Name	4bbd609ceb	fix: 修复C-04/C-05/C-06/C-07架构级问题 C-06: DBSettlementStore.GetWithdrawableBalance 使用AccountRepository真实查询余额 C-05: DBEarningStore 使用新建的UsageRepository实现ListRecords/GetBillingSummary C-04: 供应商ID从cfg.Server.DefaultSupplierID配置读取 C-07: PDF链接从cfg.Server.StatementBaseURL配置读取新增: - internal/repository/usage.go: 用量记录仓储	2026-04-07 17:24:26 +08:00
Your Name	d5b5a8ece0	fix: 系统性修复安全问题、性能问题和错误处理安全问题修复: - X-Forwarded-For越界检查(auth.go) - checkTokenStatus Context参数传递(auth.go) - Type Assertion安全检查(auth.go) 性能问题修复: - TokenCache过期清理机制 - BruteForceProtection过期清理 - InMemoryIdempotencyStore过期清理错误处理修复: - AuditStore.Emit返回error - domain层emitAudit辅助方法 - List方法返回空slice而非nil - 金额/价格负数验证架构一致性: - 统一使用model.RoleHierarchyLevels 新增功能: - Alert API完整实现(CRUD+Resolve) - pkg/error错误码集中管理	2026-04-07 07:41:25 +08:00
Your Name	12ce4913cd	fix: 修复复审中发现的NEW-P0和NEW-P1问题修复内容： 1. NEW-P0-03: 删除重复的api.Register(mux)调用 2. NEW-P0-04: 修复handler/mux链路混乱问题 3. NEW-P1-03: 添加tokenBackend和auditEmitter适配器修复nil问题 4. NEW-P1-04: 幂等中间件因repo为nil保持禁用，使用内联幂等逻辑 5. NEW-P1-05: 统一幂等方案为supply_api.go内联实现新增： - memoryTokenBackend: 内存token状态后端 - auditEmitterAdapter: auditStore到middleware.AuditEmitter的适配器注意：审计日志分页total问题(NEW-P2-02)需要架构重构修复	2026-04-03 12:54:14 +08:00
Your Name	f34333dc09	fix: 修复代码审查中发现的P0/P1/P2问题修复内容： 1. P0-01/P0-02: IAM Handler硬编码userID=1问题 - getUserIDFromContext现在从认证中间件的context获取真实userID - 添加middleware.GetOperatorID公开函数 - CheckScope方法添加未认证检查 2. P1-01: 审计服务幂等竞态条件 - 重构锁保护范围，整个检查和插入过程在锁保护下 - 使用defer确保锁正确释放 3. P1-02: 幂等中间件响应码硬编码 - 添加statusCapturingResponseWriter包装器 - 捕获实际的状态码和响应体用于幂等记录 4. P2-01: 事件ID时间戳冲突 - generateEventID改用UUID替代时间戳 5. P2-02: ListScopes硬编码 - 使用model.PredefinedScopes替代硬编码列表所有supply-api测试通过	2026-04-03 12:25:22 +08:00
Your Name	b933f06bdd	docs(supply-api): 添加README并更新TODO注释 - 添加 supply-api/README.md (R-06 文档完善) - 更新 main.go TODO注释标记 DatabaseAuditService 已创建 R-05, R-06 低优先级任务完成。	2026-04-03 12:06:08 +08:00
Your Name	7254971918	feat(supply-api): 完成IAM和Audit数据库-backed Repository实现 - 新增 iam_schema_v1.sql DDL脚本 (iam_roles, iam_scopes, iam_role_scopes, iam_user_roles, iam_role_hierarchy) - 新增 PostgresIAMRepository 实现数据库-backed IAM仓储 - 新增 DatabaseIAMService 使用数据库-backed Repository - 新增 PostgresAuditRepository 实现数据库-backed Audit仓储 - 新增 DatabaseAuditService 使用数据库-backed Repository - 更新实施状态文档 v1.3 R-07~R-09 完成。	2026-04-03 11:57:15 +08:00
Your Name	6fa703e02d	feat(audit): 实现Audit HTTP Handler并提升IAM Middleware覆盖率 1. 新增Audit HTTP Handler (AUD-05, AUD-06完成) - POST /api/v1/audit/events - 创建审计事件(支持幂等) - GET /api/v1/audit/events - 查询事件列表(支持分页和过滤) 2. 提升IAM Middleware测试覆盖率 - 从63.8%提升至83.5% - 新增SetRouteScopePolicy测试 - 新增RequireRole/RequireMinLevel中间件测试 - 新增hasAnyScope测试 TDD完成：33/33任务 (100%)	2026-04-03 11:19:42 +08:00
Your Name	aeeec34326	fix(supply-api): 修复P2-05数据库凭证日志泄露风险 1. 在DatabaseConfig中添加SafeDSN()方法，返回脱敏的连接信息 2. 在NewDB中使用SafeDSN()记录日志 3. 添加sanitizeErrorPassword()函数清理错误信息中的密码修复的问题：P2-05 数据库凭证日志泄露风险	2026-04-03 10:06:14 +08:00
Your Name	fd2322cd2b	chore(supply-api): 添加必要依赖添加github.com/google/uuid用于生成唯一ID 添加github.com/stretchr/testify用于测试框架	2026-04-03 09:59:47 +08:00

1 2

63 Commits