niuniu/lijiaoqiao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
222 Commits 4 Branches 0 Tags
bb67f30be0d8e91fb5745dc2d033a67219b9d661
Commit Graph

52 Commits

Author SHA1 Message Date
Your Name
687c4535f8 fix: P0-1 RateLimiter并发写安全 + P0-2工单操作错误码区分 + P1 rows.Close修复 
P0-1 (limits.go): Allow()方法改为全程使用写锁保护counters map读写,避免RLock写入时的data race
P0-2 (ticket_workflow.go+ticket_handler.go): Assign/Resolve/Close操作先查询ticket存在性和状态,返回明确的CS_TICKET_4001/CS_TKT_4002/CS_TICKET_4092/CS_TICKET_4093错误码,handler根据错误前缀路由HTTP状态码
P1-1 (ticket_store.go): 移除GetStats中3处手动rows.Close(),只保留defer Close()
 2026-05-01 20:56:25 +08:00
Your Name
23b2a7c17f docs: 报告验证结果 - 专业工具链独立检查 
所有数据经验证真实可信:
- 构建/vet/测试全部通过
- 覆盖率误差<0.1%
- P1问题确认存在
- 依赖版本验证通过
 2026-04-21 22:19:38 +08:00
Your Name
7f4be9be2c docs: 审查报告验证结果 - 所有数据真实可信 
验证结论: 报告完全真实
- 三服务构建/go vet/测试通过率全部匹配
- 覆盖率数据误差<0.1%(不同时间生成)
- TokenVerifyMiddleware 40.4%/parseRSAPublicKey 0% 验证确认
- SQL参数化验证确认/依赖版本验证确认
 2026-04-21 22:08:01 +08:00
Your Name
e1203cfb3c docs: 项目全面系统性审查报告 - 构建/测试/安全/覆盖率分析 
审查结果: A- (优秀)
- 三服务 57/57 测试包全部通过,零失败
- go vet 三服务零警告
- 无 SQL 注入/硬编码凭证/敏感日志风险
- P1 优先项: TokenVerifyMiddleware覆盖率40.4%需补充、db_token_backend goroutine可靠性
 2026-04-21 20:57:09 +08:00
Your Name
07614339cb P4-C: IAM闭环 - SubjectID审计注入/Scope-UserType匹配校验 
audit.Event: 新增OperatorID字段 + WithSubjectID/EnrichEventWithSubjectID工具函数
domain service: account/package/settlement三处emitAudit已注入EnrichEventWithSubjectID
WithIAMClaims: auth中间件同时注入SubjectID到审计context
scope model: 新增ValidateUserTypeScopeMatch函数(supply用户不能用consumer:* scope)
scope_auth: 新增RequireScopeWithUserType中间件 + ValidateScopeCodeMatch
scope_usertype_test: 覆盖supply跨租户访问consumer资源的403拦截场景
docs: 2026-04-21-iam-tenant-operator-scope-analysis.md 完整闭环分析
 2026-04-21 20:29:48 +08:00
Your Name
b193e0aab9 P4-B: supply-api大文件拆分分析 + InvariantChecker接入决策 
supply_api.go(1048行): 6分区记录(Account/Package/Billing/Settlement/Earning/Helpers)
runtime.go(589行): 8分区记录(input解析/资源初始化/storeBundle/securityBundle等)
auth.go(891行): 9分区记录(bruteforce/queryReject/bearer/verify/authz等)

gateway未接入能力: compliance/rules 清单已记录
InvariantChecker决策: 接入真实写路径(非删除),CheckWithdrawBalance等有业务价值
拆分执行计划: 按Account→Package→Billing→Settlement顺序小步执行
 2026-04-21 19:04:03 +08:00
Your Name
3b70fe1865 P4-A: 三服务共享auth/logging能力 - 共享包边界定义/golden测试/契约测试 
- gateway/internal/shared/: 新建 shared/auth 和 shared/logging 包
- shared/logging: LogEntry/Logger/NewLogger/sanitizeFields, 7个golden output测试
- shared/auth: ExtractBearerToken/HasExternalQueryKey/WriteAuthError/AuditEvent, 8个契约测试
- docs/plans/2026-04-21-shared-auth-logging-analysis.md: P4-A完整分析文档

迁移顺序: logging(第一步) -> auth基础(第二步) -> audit(第三步) -> 契约测试(第四步)
共享边界: JWT验证/token状态查询/授权策略/BruteForce保持服务特有
 2026-04-21 19:00:25 +08:00
Your Name
1fec3e981d feat(ci): 实现 Phase 1/2 严格退出标准的所有代码实现 
Phase 1 Criterion 4: contract tests 场景清单 → backend-verify.sh --phase1-contract-gate(含四个场景:合法token全链路、吊销拒绝、scope不足拒绝、runtime快速失败),repo_integrity_check.sh 集成调用

Phase 2 Criterion 1: manifest.json 系统(lib/manifest_lib.sh + staging_release_pipeline.sh),run_id 作为硬门禁,manifest_hard_gate_run_id() 验证非空

Phase 2 Criterion 2: superpowers_stage_validate.sh exit 1 条件从 NO_GO 扩展到 CONDITIONAL_GO,staging 硬门禁不再放行条件通过

Phase 2 Criterion 3: DEFERRED 语义修正,CONDITIONAL_GO 不再出现在复审结论选项中;CONDITIONAL_GO 在 pipeline 中强制 exit 1

Phase 2 Criterion 5: cross_service_smoke.sh 从 DESIGN_ONLY 变为可执行(exit 0=PASS/1=FAIL/2=SKIP_LOCAL_PLACEHOLDER),纳入 staging_release_pipeline.sh STEP-03

Phase 2 Criterion 4: 配置分离(已之前落地,本次确认)

环境问题记录: docs/plans/2026-04-21-environmental-issues-log.md
- P3-A: HTTP timeout + cache eviction(需要真实 staging env + env var 热加载支持)
- P3-B/C: /metrics 端点(需要 Prometheus scrape 配置 + 运维介入)
- P3-D: graceful shutdown(需要 staging 流量压测验证)
 2026-04-21 12:14:50 +08:00
Your Name
c59204049a docs(ci): define cross-service smoke taxonomy 2026-04-21 09:38:37 +08:00
Your Name
b3e34c6e36 feat(ci): normalize shared environment semantics 2026-04-21 09:34:29 +08:00
Your Name
3f509d1a6c docs(ci): define real staging gate rules 2026-04-21 09:28:27 +08:00
Your Name
3aeddc0b43 docs(ci): define release manifest contract 
Add the run_id and manifest contract doc, reserve the reports/releases tree, record the decision in the execution log, and annotate the four release scripts with their planned manifest-based inputs.
 2026-04-21 09:23:54 +08:00
Your Name
d98b1fb262 docs(ci): define phase1 contract gate 
Add the cross-service contract gate documentation, create the Phase 1 checklist, wire explicit contract-gate design slots into backend-verify and repo integrity scripts, and mark P1-D complete in the plan.
 2026-04-21 09:20:33 +08:00
Your Name
fb659e8c96 docs(plan): complete auth rollback and comms notes 
Add explicit rollback conditions and the compatibility-window README/ADR draft, record the rollback target in the execution log, and mark P1-C-07 and P1-C-08 complete in the plan.
 2026-04-21 09:16:56 +08:00
Your Name
c3ac7cdbae docs(plan): capture auth convergence rollout 
Add the auth implementation convergence notes for gateway and supply-api, record the agreed rollout strategy in the execution log, and mark P1-C-01 through P1-C-06 complete in the master plan.
 2026-04-21 09:15:18 +08:00
Your Name
a9108dd390 docs(plan): record token schema alignment decision 
Add the token runtime schema alignment notes, record the keep-and-thread-through decision in the execution log, and mark P1-B analysis tasks complete in the master plan.
 2026-04-21 09:08:20 +08:00
Your Name
c5de0220a0 docs(plan): align service authority boundaries 
Update the supply-api and platform-token-runtime READMEs to reflect the single token authority model, record the changes in the execution log, and mark P1-A-07 and P1-A-08 complete in the master plan.
 2026-04-21 09:03:05 +08:00
Your Name
b864a4ef1b docs(plan): tighten token authority contract 
Record the OpenAPI vs canonical principal gap, add tenant_id to the introspection response contract, and make the gateway README explicit that non-dev environments must use remote introspection.
 2026-04-21 08:01:07 +08:00
Your Name
46152f50fd docs(plan): record phase1 authority baseline 
Record the current identity entry points in the execution log and update the minimal token runtime spec with a single authority rule and canonical principal fields. Mark P1-A-01 through P1-A-03 complete in the optimization plan so subsequent batches can continue from the verified baseline.
 2026-04-21 07:53:22 +08:00
Your Name
1f56b32257 feat(logging): unify structured startup logs 2026-04-20 19:55:38 +08:00
Your Name
b9b3678fe3 docs(review): finalize remediation closure confirmation 2026-04-20 17:56:47 +08:00
Your Name
679a98dd9b docs(plan): add remediation execution checklist 2026-04-17 21:12:49 +08:00
Your Name
f48fca565b docs(sql): clarify active schema boundaries and status constraints 2026-04-17 20:12:05 +08:00
Your Name
8eab2a10f7 refactor(supply-api): reduce runtime aggregation density 2026-04-16 12:03:57 +08:00
Your Name
7e945868a5 refactor(supply-api): narrow runtime background surface 2026-04-16 11:38:56 +08:00
Your Name
45029b44d1 refactor(supply-api): narrow runtime http surface 2026-04-16 09:07:28 +08:00
Your Name
44780d1d29 refactor(supply-api): declarify runtime http adapter 2026-04-16 07:45:47 +08:00
Your Name
df8d73b4e3 refactor(supply-api): declarify bootstrap server assembly 2026-04-16 07:24:13 +08:00
Your Name
b9b875ac39 refactor(supply-api): split bootstrap http assembly 2026-04-16 07:11:33 +08:00
Your Name
39c4a11ff9 refactor(supply-api): split runtime store bundle builders 2026-04-15 23:27:11 +08:00
Your Name
22575bdd82 refactor(supply-api): split background startup helpers 2026-04-15 22:58:12 +08:00
Your Name
6e5a36bda1 refactor(supply-api): split runtime assembly helpers 2026-04-15 22:31:50 +08:00
Your Name
56cb40c1f9 refactor(supply-api): normalize app server defaults 2026-04-15 21:54:49 +08:00
Your Name
bec2a7bd1d refactor(supply-api): precheck main env before config load 2026-04-15 20:14:59 +08:00
Your Name
5ae0861fc3 refactor(supply-api): guard unsupported env values 2026-04-15 19:24:20 +08:00
Your Name
d348d5a2c6 refactor(supply-api): normalize runtime startup defaults 2026-04-15 19:12:27 +08:00
Your Name
6940ff52b6 refactor(supply-api): layer runtime startup flow 2026-04-15 18:42:06 +08:00
Your Name
bdacc4452c refactor(supply-api): deduplicate bootstrap assembly 2026-04-15 17:30:10 +08:00
Your Name
1776862768 refactor(supply-api): remove panic-only helper paths 
Return explicit errors from AlertAPI construction instead of panicking inside the library layer, and let main own process-level failure handling.

Also delete the unused config.MustLoad helper and lock the supported config loading paths with tests.
 2026-04-15 15:38:57 +08:00
Your Name
3bedb37fb8 refactor(review): automate machine-review source governance 2026-04-15 10:19:05 +08:00
Your Name
46c409156f docs(review): constrain live machine-review references 
Add a single current machine-review source policy to active review and planning docs.
Mark legacy tok007 references as historical snapshots and point executable examples at the current review draft.
 2026-04-14 22:53:06 +08:00
Your Name
88d842648d chore(repo): align integrity entrypoints with current state 
Rewrite module READMEs around the current verified run and test paths, tighten repo_integrity_check.sh with fact-source checks, update supply-api migration baseline, and remove the platform-token-runtime audit query placeholder response.
 2026-04-14 12:29:13 +08:00
Your Name
d28f83a6a8 chore(repo): add integrity baseline check 2026-04-14 10:38:24 +08:00
Your Name
ecdead0a03 docs(plan): define gate archive admission roadmap 2026-04-13 21:15:32 +08:00
Your Name
10d79be2c3 docs(cleanup): add committable cleanup plan 2026-04-13 20:31:05 +08:00
Your Name
cb3c503152 docs: 更新实施状态 v1.4 - R-05/R-06完成 2026-04-03 12:06:40 +08:00
Your Name
7254971918 feat(supply-api): 完成IAM和Audit数据库-backed Repository实现 
- 新增 iam_schema_v1.sql DDL脚本 (iam_roles, iam_scopes, iam_role_scopes, iam_user_roles, iam_role_hierarchy)
- 新增 PostgresIAMRepository 实现数据库-backed IAM仓储
- 新增 DatabaseIAMService 使用数据库-backed Repository
- 新增 PostgresAuditRepository 实现数据库-backed Audit仓储
- 新增 DatabaseAuditService 使用数据库-backed Repository
- 更新实施状态文档 v1.3

R-07~R-09 完成。
 2026-04-03 11:57:15 +08:00
Your Name
cf2c8d5e5c docs: 更新实施状态 - P1/P2任务100%完成 
2026-04-03更新:
- Audit HTTP Handler已完成 (AUD-05, AUD-06)
- IAM Middleware覆盖率提升至83.5%

状态总结:
- 规划任务:33个
- 已完成:33个 (100%)
- P1/P2核心功能全部完成
 2026-04-03 11:21:30 +08:00
Your Name
f6c6269ccb docs: 更新P1/P2实施状态为准确版本 
1. 新增 docs/plans/2026-04-03-p1-p2-implementation-status-v1.md
   - 准确反映33个任务的实际完成状态
   - 更新测试覆盖率数据
   - 分析实施与规划的一致性

2. 更新原计划文档进度追踪
   - IAM-01~08:  已完成
   - AUD-01~08: ⚠️ 6/8完成(Audit Handler未实现)
   - ROU-01~09:  已完成
   - CMP-01~08:  已完成

实际完成率:31/33 (94%)
 2026-04-03 11:11:56 +08:00
Your Name
89104bd0db feat(P1/P2): 完成TDD开发及P1/P2设计文档 
## 设计文档
- multi_role_permission_design: 多角色权限设计 (CONDITIONAL GO)
- audit_log_enhancement_design: 审计日志增强 (CONDITIONAL GO)
- routing_strategy_template_design: 路由策略模板 (CONDITIONAL GO)
- sso_saml_technical_research: SSO/SAML调研 (CONDITIONAL GO)
- compliance_capability_package_design: 合规能力包设计 (CONDITIONAL GO)

## TDD开发成果
- IAM模块: supply-api/internal/iam/ (111个测试)
- 审计日志模块: supply-api/internal/audit/ (40+测试)
- 路由策略模块: gateway/internal/router/ (33+测试)
- 合规能力包: gateway/internal/compliance/ + scripts/ci/compliance/

## 规范文档
- parallel_agent_output_quality_standards: 并行Agent产出质量规范
- project_experience_summary: 项目经验总结 (v2)
- 2026-04-02-p1-p2-tdd-execution-plan: TDD执行计划

## 评审报告
- 5个CONDITIONAL GO设计文档评审报告
- fix_verification_report: 修复验证报告
- full_verification_report: 全面质量验证报告
- tdd_module_quality_verification: TDD模块质量验证
- tdd_execution_summary: TDD执行总结

依据: Superpowers执行框架 + TDD规范
 2026-04-02 23:35:53 +08:00