feat(P1/P2): 完成TDD开发及P1/P2设计文档

## 设计文档
- multi_role_permission_design: 多角色权限设计 (CONDITIONAL GO)
- audit_log_enhancement_design: 审计日志增强 (CONDITIONAL GO)
- routing_strategy_template_design: 路由策略模板 (CONDITIONAL GO)
- sso_saml_technical_research: SSO/SAML调研 (CONDITIONAL GO)
- compliance_capability_package_design: 合规能力包设计 (CONDITIONAL GO)

## TDD开发成果
- IAM模块: supply-api/internal/iam/ (111个测试)
- 审计日志模块: supply-api/internal/audit/ (40+测试)
- 路由策略模块: gateway/internal/router/ (33+测试)
- 合规能力包: gateway/internal/compliance/ + scripts/ci/compliance/

## 规范文档
- parallel_agent_output_quality_standards: 并行Agent产出质量规范
- project_experience_summary: 项目经验总结 (v2)
- 2026-04-02-p1-p2-tdd-execution-plan: TDD执行计划

## 评审报告
- 5个CONDITIONAL GO设计文档评审报告
- fix_verification_report: 修复验证报告
- full_verification_report: 全面质量验证报告
- tdd_module_quality_verification: TDD模块质量验证
- tdd_execution_summary: TDD执行总结

依据: Superpowers执行框架 + TDD规范

supply-api/internal/audit/events/cred_events.go

@@ -0,0 +1,186 @@
+package events
+
+import (
+	"strings"
+)
+
+// CRED事件类别常量
+const (
+	CategoryCRED         = "CRED"
+	SubCategoryEXPOSE    = "EXPOSE"
+	SubCategoryINGRESS   = "INGRESS"
+	SubCategoryROTATE    = "ROTATE"
+	SubCategoryREVOKE    = "REVOKE"
+	SubCategoryVALIDATE  = "VALIDATE"
+	SubCategoryDIRECT    = "DIRECT"
+)
+
+// CRED事件列表
+var credEvents = []string{
+	// 凭证暴露事件 (CRED-EXPOSE)
+	"CRED-EXPOSE-RESPONSE", // 响应中暴露凭证
+	"CRED-EXPOSE-LOG",      // 日志中暴露凭证
+	"CRED-EXPOSE-EXPORT",   // 导出文件中暴露凭证
+
+	// 凭证入站事件 (CRED-INGRESS)
+	"CRED-INGRESS-PLATFORM",  // 平台凭证入站
+	"CRED-INGRESS-SUPPLIER", // 供应商凭证入站
+
+	// 凭证轮换事件 (CRED-ROTATE)
+	"CRED-ROTATE",
+
+	// 凭证吊销事件 (CRED-REVOKE)
+	"CRED-REVOKE",
+
+	// 凭证验证事件 (CRED-VALIDATE)
+	"CRED-VALIDATE",
+
+	// 直连绕过事件 (CRED-DIRECT)
+	"CRED-DIRECT-SUPPLIER", // 直连供应商
+	"CRED-DIRECT-BYPASS",   // 绕过直连
+}
+
+// CRED事件结果码映射
+var credResultCodes = map[string]string{
+	"CRED-EXPOSE-RESPONSE": "SEC_CRED_EXPOSED",
+	"CRED-EXPOSE-LOG":      "SEC_CRED_EXPOSED",
+	"CRED-EXPOSE-EXPORT":   "SEC_CRED_EXPOSED",
+	"CRED-INGRESS-PLATFORM": "CRED_INGRESS_OK",
+	"CRED-INGRESS-SUPPLIER": "CRED_INGRESS_OK",
+	"CRED-DIRECT-SUPPLIER":  "SEC_DIRECT_BYPASS",
+	"CRED-DIRECT-BYPASS":    "SEC_DIRECT_BYPASS",
+	"CRED-ROTATE":           "CRED_ROTATE_OK",
+	"CRED-REVOKE":           "CRED_REVOKE_OK",
+	"CRED-VALIDATE":         "CRED_VALIDATE_OK",
+}
+
+// CRED指标名称映射
+var credMetricNames = map[string]string{
+	"CRED-EXPOSE-RESPONSE":    "supplier_credential_exposure_events",
+	"CRED-EXPOSE-LOG":         "supplier_credential_exposure_events",
+	"CRED-EXPOSE-EXPORT":      "supplier_credential_exposure_events",
+	"CRED-INGRESS-PLATFORM":   "platform_credential_ingress_coverage_pct",
+	"CRED-INGRESS-SUPPLIER":   "platform_credential_ingress_coverage_pct",
+	"CRED-DIRECT-SUPPLIER":    "direct_supplier_call_by_consumer_events",
+	"CRED-DIRECT-BYPASS":      "direct_supplier_call_by_consumer_events",
+}
+
+// GetCREDEvents 返回所有CRED事件
+func GetCREDEvents() []string {
+	return credEvents
+}
+
+// GetCREDExposeEvents 返回所有凭证暴露事件
+func GetCREDExposeEvents() []string {
+	return []string{
+		"CRED-EXPOSE-RESPONSE",
+		"CRED-EXPOSE-LOG",
+		"CRED-EXPOSE-EXPORT",
+	}
+}
+
+// GetCREDFngressEvents 返回所有凭证入站事件
+func GetCREDFngressEvents() []string {
+	return []string{
+		"CRED-INGRESS-PLATFORM",
+		"CRED-INGRESS-SUPPLIER",
+	}
+}
+
+// GetCREDDnirectEvents 返回所有直连绕过事件
+func GetCREDDnirectEvents() []string {
+	return []string{
+		"CRED-DIRECT-SUPPLIER",
+		"CRED-DIRECT-BYPASS",
+	}
+}
+
+// GetCREDEventCategory 返回CRED事件的类别
+func GetCREDEventCategory(eventName string) string {
+	if strings.HasPrefix(eventName, "CRED-") {
+		return CategoryCRED
+	}
+	if eventName == "CRED-ROTATE" || eventName == "CRED-REVOKE" || eventName == "CRED-VALIDATE" {
+		return CategoryCRED
+	}
+	return ""
+}
+
+// GetCREDEventSubCategory 返回CRED事件的子类别
+func GetCREDEventSubCategory(eventName string) string {
+	if strings.HasPrefix(eventName, "CRED-EXPOSE") {
+		return SubCategoryEXPOSE
+	}
+	if strings.HasPrefix(eventName, "CRED-INGRESS") {
+		return SubCategoryINGRESS
+	}
+	if strings.HasPrefix(eventName, "CRED-DIRECT") {
+		return SubCategoryDIRECT
+	}
+	if strings.HasPrefix(eventName, "CRED-ROTATE") {
+		return SubCategoryROTATE
+	}
+	if strings.HasPrefix(eventName, "CRED-REVOKE") {
+		return SubCategoryREVOKE
+	}
+	if strings.HasPrefix(eventName, "CRED-VALIDATE") {
+		return SubCategoryVALIDATE
+	}
+	return ""
+}
+
+// IsValidCREDEvent 检查事件名称是否为有效的CRED事件
+func IsValidCREDEvent(eventName string) bool {
+	for _, e := range credEvents {
+		if e == eventName {
+			return true
+		}
+	}
+	return false
+}
+
+// IsCREDExposeEvent 检查是否为凭证暴露事件（M-013相关）
+func IsCREDExposeEvent(eventName string) bool {
+	return strings.HasPrefix(eventName, "CRED-EXPOSE")
+}
+
+// IsCREDFngressEvent 检查是否为凭证入站事件（M-014相关）
+func IsCREDFngressEvent(eventName string) bool {
+	return strings.HasPrefix(eventName, "CRED-INGRESS")
+}
+
+// IsCREDDnirectEvent 检查是否为直连绕过事件（M-015相关）
+func IsCREDDnirectEvent(eventName string) bool {
+	return strings.HasPrefix(eventName, "CRED-DIRECT")
+}
+
+// GetCREDMetricName 获取CRED事件对应的指标名称
+func GetCREDMetricName(eventName string) string {
+	if metric, ok := credMetricNames[eventName]; ok {
+		return metric
+	}
+	return ""
+}
+
+// GetCREDEventResultCode 获取CRED事件对应的结果码
+func GetCREDEventResultCode(eventName string) string {
+	if code, ok := credResultCodes[eventName]; ok {
+		return code
+	}
+	return ""
+}
+
+// IsCREDExposeEvent 检查是否为M-013事件（凭证暴露）
+func IsM013RelatedEvent(eventName string) bool {
+	return IsCREDExposeEvent(eventName)
+}
+
+// IsCREDFngressEvent 检查是否为M-014事件（凭证入站）
+func IsM014RelatedEvent(eventName string) bool {
+	return IsCREDFngressEvent(eventName)
+}
+
+// IsCREDDnirectEvent 检查是否为M-015事件（直连绕过）
+func IsM015RelatedEvent(eventName string) bool {
+	return IsCREDDnirectEvent(eventName)
+}