docs: project docs, scripts, deployment configs, and evidence

docs/evidence/ops/2026-03-24/sca/SCA_SUMMARY_20260324-071730.md

@@ -0,0 +1,32 @@
+# SCA Summary
+
+- Generated at: 2026-03-24 07:18:02 +08:00
+- Project root: $projectRoot
+
+## Commands
+
+- cd frontend/admin && npm.cmd audit --omit=dev --json
+- cd frontend/admin && npm.cmd audit --json
+- go run golang.org/x/vuln/cmd/govulncheck@latest -json ./...
+
+## Exit Codes
+
+- npm audit production: 1
+- npm audit full: 1
+- govulncheck: 0
+
+## Findings
+
+- npm audit production: unavailable
+- npm audit full: unavailable
+- govulncheck findings: 4
+
+## Evidence Files
+
+- $(Split-Path D:\project\docs\evidence\ops\2026-03-24\sca\npm-audit-prod-20260324-071730.json -Leaf)
+- $(Split-Path D:\project\docs\evidence\ops\2026-03-24\sca\npm-audit-prod-20260324-071730.stderr.txt -Leaf)
+- $(Split-Path D:\project\docs\evidence\ops\2026-03-24\sca\npm-audit-full-20260324-071730.json -Leaf)
+- $(Split-Path D:\project\docs\evidence\ops\2026-03-24\sca\npm-audit-full-20260324-071730.stderr.txt -Leaf)
+- $(Split-Path D:\project\docs\evidence\ops\2026-03-24\sca\govulncheck-20260324-071730.jsonl -Leaf)
+- $(Split-Path D:\project\docs\evidence\ops\2026-03-24\sca\govulncheck-20260324-071730.stderr.txt -Leaf)
+

docs/evidence/ops/2026-03-24/sca/SCA_SUMMARY_20260324-072045.md

@@ -0,0 +1,33 @@
+# SCA Summary
+
+- Generated at: 2026-03-24 07:21:06 +08:00
+- Project root: D:\project
+
+## Commands
+
+- `cd frontend/admin && npm.cmd audit --omit=dev --json --registry=https://registry.npmjs.org/`
+- `cd frontend/admin && npm.cmd audit --json --registry=https://registry.npmjs.org/`
+- `go run golang.org/x/vuln/cmd/govulncheck@latest -json ./...`
+
+## Exit Codes
+
+- npm audit production: 0
+- npm audit full: 0
+- govulncheck: 0
+
+## Findings
+
+- npm audit production: info=0 low=0 moderate=0 high=0 critical=0 total=0
+- npm audit full: info=0 low=0 moderate=0 high=0 critical=0 total=0
+- govulncheck reachable findings: 4
+- govulncheck reachable IDs: GO-2025-3488, GO-2025-3553
+
+## Evidence Files
+
+- npm-audit-prod-20260324-072045.json
+- npm-audit-prod-20260324-072045.stderr.txt
+- npm-audit-full-20260324-072045.json
+- npm-audit-full-20260324-072045.stderr.txt
+- govulncheck-20260324-072045.jsonl
+- govulncheck-20260324-072045.stderr.txt
+

docs/evidence/ops/2026-03-24/sca/SCA_SUMMARY_20260324-072144.md

@@ -0,0 +1,33 @@
+# SCA Summary
+
+- Generated at: 2026-03-24 07:22:02 +08:00
+- Project root: D:\project
+
+## Commands
+
+- `cd frontend/admin && npm.cmd audit --omit=dev --json --registry=https://registry.npmjs.org/`
+- `cd frontend/admin && npm.cmd audit --json --registry=https://registry.npmjs.org/`
+- `go run golang.org/x/vuln/cmd/govulncheck@latest -json ./...`
+
+## Exit Codes
+
+- npm audit production: 0
+- npm audit full: 0
+- govulncheck: 0
+
+## Findings
+
+- npm audit production: info=0 low=0 moderate=0 high=0 critical=0 total=0
+- npm audit full: info=0 low=0 moderate=0 high=0 critical=0 total=0
+- govulncheck reachable findings: 0
+- govulncheck reachable IDs: none
+
+## Evidence Files
+
+- npm-audit-prod-20260324-072144.json
+- npm-audit-prod-20260324-072144.stderr.txt
+- npm-audit-full-20260324-072144.json
+- npm-audit-full-20260324-072144.stderr.txt
+- govulncheck-20260324-072144.jsonl
+- govulncheck-20260324-072144.stderr.txt
+

docs/evidence/ops/2026-03-24/sca/govulncheck-20260324-071730.stderr.txt

@@ -0,0 +1,6 @@
+go: downloading golang.org/x/vuln v1.1.4
+go: downloading golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7
+go: downloading golang.org/x/tools v0.29.0
+go: downloading golang.org/x/mod v0.22.0
+go: downloading golang.org/x/sync v0.10.0
+go: downloading golang.org/x/sys v0.29.0

docs/evidence/ops/2026-03-24/sca/npm-audit-full-20260324-071730.json

@@ -0,0 +1,45 @@
+{
+  "message": "404 Not Found - POST https://registry.npmmirror.com/-/npm/v1/security/advisories/bulk - [NOT_IMPLEMENTED] /-/npm/v1/security/* not implemented yet",
+  "method": "POST",
+  "uri": "https://registry.npmmirror.com/-/npm/v1/security/advisories/bulk",
+  "headers": {
+    "server": [
+      "Tengine"
+    ],
+    "date": [
+      "Mon, 23 Mar 2026 23:17:33 GMT"
+    ],
+    "content-type": [
+      "application/json"
+    ],
+    "transfer-encoding": [
+      "chunked"
+    ],
+    "connection": [
+      "keep-alive"
+    ],
+    "strict-transport-security": [
+      "max-age=5184000"
+    ],
+    "via": [
+      "kunlun13.cn7892[,404666]"
+    ],
+    "timing-allow-origin": [
+      "*"
+    ],
+    "eagleid": [
+      "b7f0ed2117743078539362653e"
+    ],
+    "x-fetch-attempts": [
+      "1"
+    ]
+  },
+  "statusCode": 404,
+  "body": {
+    "error": "[NOT_IMPLEMENTED] /-/npm/v1/security/* not implemented yet"
+  },
+  "error": {
+    "summary": "",
+    "detail": ""
+  }
+}

docs/evidence/ops/2026-03-24/sca/npm-audit-full-20260324-071730.stderr.txt

@@ -0,0 +1,5 @@
+npm warn Unknown user config "//git@github.com/" (git config --global url."https://github.com/".insteadOf ssh://git@github.com/). This will stop working in the next major version of npm.
+npm warn audit 404 Not Found - POST https://registry.npmmirror.com/-/npm/v1/security/advisories/bulk - [NOT_IMPLEMENTED] /-/npm/v1/security/* not implemented yet
+npm error audit endpoint returned an error
+npm error Log files were not written due to an error writing to the directory: C:\Users\Admin\AppData\Local\npm-cache\_logs
+npm error You can rerun the command with `--loglevel=verbose` to see the logs in your terminal

docs/evidence/ops/2026-03-24/sca/npm-audit-full-20260324-072045.json

@@ -0,0 +1,22 @@
+{
+  "auditReportVersion": 2,
+  "vulnerabilities": {},
+  "metadata": {
+    "vulnerabilities": {
+      "info": 0,
+      "low": 0,
+      "moderate": 0,
+      "high": 0,
+      "critical": 0,
+      "total": 0
+    },
+    "dependencies": {
+      "prod": 83,
+      "dev": 297,
+      "optional": 34,
+      "peer": 8,
+      "peerOptional": 0,
+      "total": 379
+    }
+  }
+}

docs/evidence/ops/2026-03-24/sca/npm-audit-full-20260324-072045.stderr.txt

@@ -0,0 +1 @@
+npm warn Unknown user config "//git@github.com/" (git config --global url."https://github.com/".insteadOf ssh://git@github.com/). This will stop working in the next major version of npm.

docs/evidence/ops/2026-03-24/sca/npm-audit-full-20260324-072144.json

@@ -0,0 +1,22 @@
+{
+  "auditReportVersion": 2,
+  "vulnerabilities": {},
+  "metadata": {
+    "vulnerabilities": {
+      "info": 0,
+      "low": 0,
+      "moderate": 0,
+      "high": 0,
+      "critical": 0,
+      "total": 0
+    },
+    "dependencies": {
+      "prod": 83,
+      "dev": 297,
+      "optional": 34,
+      "peer": 8,
+      "peerOptional": 0,
+      "total": 379
+    }
+  }
+}

docs/evidence/ops/2026-03-24/sca/npm-audit-full-20260324-072144.stderr.txt

@@ -0,0 +1 @@
+npm warn Unknown user config "//git@github.com/" (git config --global url."https://github.com/".insteadOf ssh://git@github.com/). This will stop working in the next major version of npm.

docs/evidence/ops/2026-03-24/sca/npm-audit-prod-20260324-071730.json

@@ -0,0 +1,45 @@
+{
+  "message": "404 Not Found - POST https://registry.npmmirror.com/-/npm/v1/security/advisories/bulk - [NOT_IMPLEMENTED] /-/npm/v1/security/* not implemented yet",
+  "method": "POST",
+  "uri": "https://registry.npmmirror.com/-/npm/v1/security/advisories/bulk",
+  "headers": {
+    "server": [
+      "Tengine"
+    ],
+    "date": [
+      "Mon, 23 Mar 2026 23:17:31 GMT"
+    ],
+    "content-type": [
+      "application/json"
+    ],
+    "transfer-encoding": [
+      "chunked"
+    ],
+    "connection": [
+      "keep-alive"
+    ],
+    "strict-transport-security": [
+      "max-age=5184000"
+    ],
+    "via": [
+      "kunlun3.cn7892[,404666]"
+    ],
+    "timing-allow-origin": [
+      "*"
+    ],
+    "eagleid": [
+      "b7f0ed1717743078519287314e"
+    ],
+    "x-fetch-attempts": [
+      "1"
+    ]
+  },
+  "statusCode": 404,
+  "body": {
+    "error": "[NOT_IMPLEMENTED] /-/npm/v1/security/* not implemented yet"
+  },
+  "error": {
+    "summary": "",
+    "detail": ""
+  }
+}

docs/evidence/ops/2026-03-24/sca/npm-audit-prod-20260324-071730.stderr.txt

@@ -0,0 +1,5 @@
+npm warn Unknown user config "//git@github.com/" (git config --global url."https://github.com/".insteadOf ssh://git@github.com/). This will stop working in the next major version of npm.
+npm warn audit 404 Not Found - POST https://registry.npmmirror.com/-/npm/v1/security/advisories/bulk - [NOT_IMPLEMENTED] /-/npm/v1/security/* not implemented yet
+npm error audit endpoint returned an error
+npm error Log files were not written due to an error writing to the directory: C:\Users\Admin\AppData\Local\npm-cache\_logs
+npm error You can rerun the command with `--loglevel=verbose` to see the logs in your terminal

docs/evidence/ops/2026-03-24/sca/npm-audit-prod-20260324-072045.json

@@ -0,0 +1,22 @@
+{
+  "auditReportVersion": 2,
+  "vulnerabilities": {},
+  "metadata": {
+    "vulnerabilities": {
+      "info": 0,
+      "low": 0,
+      "moderate": 0,
+      "high": 0,
+      "critical": 0,
+      "total": 0
+    },
+    "dependencies": {
+      "prod": 83,
+      "dev": 297,
+      "optional": 34,
+      "peer": 8,
+      "peerOptional": 0,
+      "total": 379
+    }
+  }
+}

docs/evidence/ops/2026-03-24/sca/npm-audit-prod-20260324-072045.stderr.txt

@@ -0,0 +1 @@
+npm warn Unknown user config "//git@github.com/" (git config --global url."https://github.com/".insteadOf ssh://git@github.com/). This will stop working in the next major version of npm.

docs/evidence/ops/2026-03-24/sca/npm-audit-prod-20260324-072144.json

@@ -0,0 +1,22 @@
+{
+  "auditReportVersion": 2,
+  "vulnerabilities": {},
+  "metadata": {
+    "vulnerabilities": {
+      "info": 0,
+      "low": 0,
+      "moderate": 0,
+      "high": 0,
+      "critical": 0,
+      "total": 0
+    },
+    "dependencies": {
+      "prod": 83,
+      "dev": 297,
+      "optional": 34,
+      "peer": 8,
+      "peerOptional": 0,
+      "total": 379
+    }
+  }
+}

docs/evidence/ops/2026-03-24/sca/npm-audit-prod-20260324-072144.stderr.txt

@@ -0,0 +1 @@
+npm warn Unknown user config "//git@github.com/" (git config --global url."https://github.com/".insteadOf ssh://git@github.com/). This will stop working in the next major version of npm.