niuniu/lijiaoqiao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
198 Commits 4 Branches 0 Tags
main
Commit Graph

198 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Your Name
23b2a7c17f docs: 报告验证结果 - 专业工具链独立检查 
所有数据经验证真实可信:
- 构建/vet/测试全部通过
- 覆盖率误差<0.1%
- P1问题确认存在
- 依赖版本验证通过
 2026-04-21 22:19:38 +08:00
Your Name
7f4be9be2c docs: 审查报告验证结果 - 所有数据真实可信 
验证结论: 报告完全真实
- 三服务构建/go vet/测试通过率全部匹配
- 覆盖率数据误差<0.1%(不同时间生成)
- TokenVerifyMiddleware 40.4%/parseRSAPublicKey 0% 验证确认
- SQL参数化验证确认/依赖版本验证确认
 2026-04-21 22:08:01 +08:00
Your Name
e1203cfb3c docs: 项目全面系统性审查报告 - 构建/测试/安全/覆盖率分析 
审查结果: A- (优秀)
- 三服务 57/57 测试包全部通过,零失败
- go vet 三服务零警告
- 无 SQL 注入/硬编码凭证/敏感日志风险
- P1 优先项: TokenVerifyMiddleware覆盖率40.4%需补充、db_token_backend goroutine可靠性
 2026-04-21 20:57:09 +08:00
Your Name
ecfde0e887 P4-D: secret治理和KMS表述清理 
domain/account.go: CredentialKMSKeyAlias → CredentialKeyAlias + 注释说明(非KMS)
repository/account.go: 字段映射同步更新(SQL列名credential_kms_key_alias保持不变避免迁移)
security/kms_service.go: 添加模块顶部注释,区分本地加密与真实KMS服务,明确ProviderType="local"为本地实现
 2026-04-21 20:32:31 +08:00
Your Name
07614339cb P4-C: IAM闭环 - SubjectID审计注入/Scope-UserType匹配校验 
audit.Event: 新增OperatorID字段 + WithSubjectID/EnrichEventWithSubjectID工具函数
domain service: account/package/settlement三处emitAudit已注入EnrichEventWithSubjectID
WithIAMClaims: auth中间件同时注入SubjectID到审计context
scope model: 新增ValidateUserTypeScopeMatch函数(supply用户不能用consumer:* scope)
scope_auth: 新增RequireScopeWithUserType中间件 + ValidateScopeCodeMatch
scope_usertype_test: 覆盖supply跨租户访问consumer资源的403拦截场景
docs: 2026-04-21-iam-tenant-operator-scope-analysis.md 完整闭环分析
 2026-04-21 20:29:48 +08:00
Your Name
b193e0aab9 P4-B: supply-api大文件拆分分析 + InvariantChecker接入决策 
supply_api.go(1048行): 6分区记录(Account/Package/Billing/Settlement/Earning/Helpers)
runtime.go(589行): 8分区记录(input解析/资源初始化/storeBundle/securityBundle等)
auth.go(891行): 9分区记录(bruteforce/queryReject/bearer/verify/authz等)

gateway未接入能力: compliance/rules 清单已记录
InvariantChecker决策: 接入真实写路径(非删除),CheckWithdrawBalance等有业务价值
拆分执行计划: 按Account→Package→Billing→Settlement顺序小步执行
 2026-04-21 19:04:03 +08:00
Your Name
3b70fe1865 P4-A: 三服务共享auth/logging能力 - 共享包边界定义/golden测试/契约测试 
- gateway/internal/shared/: 新建 shared/auth 和 shared/logging 包
- shared/logging: LogEntry/Logger/NewLogger/sanitizeFields, 7个golden output测试
- shared/auth: ExtractBearerToken/HasExternalQueryKey/WriteAuthError/AuditEvent, 8个契约测试
- docs/plans/2026-04-21-shared-auth-logging-analysis.md: P4-A完整分析文档

迁移顺序: logging(第一步) -> auth基础(第二步) -> audit(第三步) -> 契约测试(第四步)
共享边界: JWT验证/token状态查询/授权策略/BruteForce保持服务特有
 2026-04-21 19:00:25 +08:00
Your Name
8c5ab32e2e P3-D: supply-api后台worker shutdown纪律 - partition维护取消/outbox优雅停止 2026-04-21 18:53:01 +08:00
Your Name
e249a9160b P3-C: 三服务可观测面统一 - metrics端点统一/健康检查别名/traceID透传 
Gateway:
- remote_runtime.go: P3-C-08 从请求上下文透传 X-Request-Id 到 platform-token-runtime

Supply-api:
- 新建 internal/metrics/metrics.go: HTTP请求计数/latency/token发布/worker queue指标 (Prometheus-text)
- 新建 internal/metrics/metrics_test.go: 6个测试覆盖
- bootstrap.go: 注册 /metrics (P3-C-01/04)、/health、/healthz 别名 (P3-C-05)

Platform-token-runtime:
- bootstrap.go: 添加 /health 和 /livez 别名 (P3-C-05)

三服务 /metrics 统一为 text/plain; version=0.0.4
三服务 /health 端点统一别名
Gateway → platform-token-runtime 透传 trace ID
 2026-04-21 18:40:43 +08:00
Your Name
472d9ad4c1 P3-B: Router 熔断器实现 - 健康检查/状态机/半开试探 
Gateway:
- ProviderHealth 新增熔断器字段 (CircuitState, ConsecutiveFailures, LastStateChange, OpenReason)
- CircuitBreakerConfig 熔断器配置 (FailureRateThreshold=50%, ConsecutiveFailureThreshold=5, HalfOpenSuccessThreshold=3, OpenTimeout=30s)
- circuit.go: 熔断器状态机 (Closed→Open→HalfOpen→Closed)
- healthcheck.go: 后台健康检查循环 (ProviderHealthCheckInterval 探测 + 自动半开转换)
- RecordResult 集成熔断器状态转换
- isProviderAvailable: CircuitOpen=false, CircuitHalfOpen=true (允许试探)
- GetCircuitState/SetCircuitConfig 管理接口
- metrics.go: 新增 circuit_state_changes_total 指标
- bootstrap.go: BuildServer 返回 ServerBundle(含 Router 和 ShutdownFunc)
- main.go: 适配 ServerBundle,graceful shutdown 停止健康检查器
- bootstrap_test.go: 适配 ServerBundle

17 个新测试,50 个 router 测试全部通过
 2026-04-21 17:46:02 +08:00
Your Name
ae2b1bfe75 P3-A: Token Runtime 缓存层实现 - HTTPTimeout/LRU淘汰/命中率指标 
Phase 3-A 完整实现,包含:

Gateway (lijiaoqiao/gateway):
- RemoteTokenRuntime 缓存实现: active=30s/expired=2m/revoked=10m TTL淘汰
- LRU 容量淘汰 (max_entries=10000,插入顺序淘汰)
- HTTPTimeoutConfig: 4个环境变量 (Dial/KeepAlive/Read/Write/MaxIdle)
- 缓存命中率指标: GetCacheHitRate() + 实例级别统计
- 上游延迟指标: RecordTokenRuntime() histogram
- buildTimeoutClient: 基于 HTTPTimeoutConfig 的 HTTP 客户端工厂
- 新增测试: 22个矩阵测试 (remote_runtime_matrix_test.go, config_test.go)

Platform Token Runtime (lijiaoqiao/platform-token-runtime):
- metrics/metrics.go: GetCacheHitRate() 方法
- inmemory_runtime.go: GetCacheHitRate() 实现

变更文件 (8 modified + 5 new):
- gateway/internal/middleware/remote_runtime.go    # 核心缓存实现
- gateway/internal/middleware/remote_runtime_test.go
- gateway/internal/middleware/remote_runtime_cache_test.go
- gateway/internal/middleware/remote_runtime_matrix_test.go
- gateway/internal/middleware/remote_runtime_metrics_test.go
- gateway/internal/metrics/metrics.go             # 新增
- gateway/internal/config/config.go                # HTTPTimeoutConfig
- gateway/internal/config/config_test.go
- gateway/internal/app/bootstrap.go                # 初始化顺序
- gateway/internal/router/router.go                # 指标注入
- platform-token-runtime/internal/metrics/metrics.go  # 新增
- platform-token-runtime/internal/app/bootstrap.go
- platform-token-runtime/internal/auth/service/inmemory_runtime.go
 2026-04-21 17:27:51 +08:00
Your Name
1fec3e981d feat(ci): 实现 Phase 1/2 严格退出标准的所有代码实现 
Phase 1 Criterion 4: contract tests 场景清单 → backend-verify.sh --phase1-contract-gate(含四个场景:合法token全链路、吊销拒绝、scope不足拒绝、runtime快速失败),repo_integrity_check.sh 集成调用

Phase 2 Criterion 1: manifest.json 系统(lib/manifest_lib.sh + staging_release_pipeline.sh),run_id 作为硬门禁,manifest_hard_gate_run_id() 验证非空

Phase 2 Criterion 2: superpowers_stage_validate.sh exit 1 条件从 NO_GO 扩展到 CONDITIONAL_GO,staging 硬门禁不再放行条件通过

Phase 2 Criterion 3: DEFERRED 语义修正,CONDITIONAL_GO 不再出现在复审结论选项中;CONDITIONAL_GO 在 pipeline 中强制 exit 1

Phase 2 Criterion 5: cross_service_smoke.sh 从 DESIGN_ONLY 变为可执行(exit 0=PASS/1=FAIL/2=SKIP_LOCAL_PLACEHOLDER),纳入 staging_release_pipeline.sh STEP-03

Phase 2 Criterion 4: 配置分离(已之前落地,本次确认)

环境问题记录: docs/plans/2026-04-21-environmental-issues-log.md
- P3-A: HTTP timeout + cache eviction(需要真实 staging env + env var 热加载支持)
- P3-B/C: /metrics 端点(需要 Prometheus scrape 配置 + 运维介入)
- P3-D: graceful shutdown(需要 staging 流量压测验证)
 2026-04-21 12:14:50 +08:00
Your Name
c59204049a docs(ci): define cross-service smoke taxonomy 2026-04-21 09:38:37 +08:00
Your Name
b3e34c6e36 feat(ci): normalize shared environment semantics 2026-04-21 09:34:29 +08:00
Your Name
3f509d1a6c docs(ci): define real staging gate rules 2026-04-21 09:28:27 +08:00
Your Name
3aeddc0b43 docs(ci): define release manifest contract 
Add the run_id and manifest contract doc, reserve the reports/releases tree, record the decision in the execution log, and annotate the four release scripts with their planned manifest-based inputs.
 2026-04-21 09:23:54 +08:00
Your Name
d98b1fb262 docs(ci): define phase1 contract gate 
Add the cross-service contract gate documentation, create the Phase 1 checklist, wire explicit contract-gate design slots into backend-verify and repo integrity scripts, and mark P1-D complete in the plan.
 2026-04-21 09:20:33 +08:00
Your Name
fb659e8c96 docs(plan): complete auth rollback and comms notes 
Add explicit rollback conditions and the compatibility-window README/ADR draft, record the rollback target in the execution log, and mark P1-C-07 and P1-C-08 complete in the plan.
 2026-04-21 09:16:56 +08:00
Your Name
c3ac7cdbae docs(plan): capture auth convergence rollout 
Add the auth implementation convergence notes for gateway and supply-api, record the agreed rollout strategy in the execution log, and mark P1-C-01 through P1-C-06 complete in the master plan.
 2026-04-21 09:15:18 +08:00
Your Name
a9108dd390 docs(plan): record token schema alignment decision 
Add the token runtime schema alignment notes, record the keep-and-thread-through decision in the execution log, and mark P1-B analysis tasks complete in the master plan.
 2026-04-21 09:08:20 +08:00
Your Name
c5de0220a0 docs(plan): align service authority boundaries 
Update the supply-api and platform-token-runtime READMEs to reflect the single token authority model, record the changes in the execution log, and mark P1-A-07 and P1-A-08 complete in the master plan.
 2026-04-21 09:03:05 +08:00
Your Name
b864a4ef1b docs(plan): tighten token authority contract 
Record the OpenAPI vs canonical principal gap, add tenant_id to the introspection response contract, and make the gateway README explicit that non-dev environments must use remote introspection.
 2026-04-21 08:01:07 +08:00
Your Name
46152f50fd docs(plan): record phase1 authority baseline 
Record the current identity entry points in the execution log and update the minimal token runtime spec with a single authority rule and canonical principal fields. Mark P1-A-01 through P1-A-03 complete in the optimization plan so subsequent batches can continue from the verified baseline.
 2026-04-21 07:53:22 +08:00
Your Name
1f56b32257 feat(logging): unify structured startup logs 2026-04-20 19:55:38 +08:00
Your Name
b9b3678fe3 docs(review): finalize remediation closure confirmation 2026-04-20 17:56:47 +08:00
Your Name
b879906fec test(ci): add supply domain stability rerun check 2026-04-20 16:27:08 +08:00
Your Name
eab029a05c fix(supply-api): classify handler failures by error type 2026-04-20 16:24:24 +08:00
Your Name
a1555c0127 fix(iam): omit missing grantor foreign key 2026-04-20 16:18:32 +08:00
Your Name
79d9b872f6 fix(iam): write nullable inet fields correctly 2026-04-20 16:16:52 +08:00
Your Name
a109a6836f fix(iam): tolerate nullable db-backed role fields 2026-04-20 16:14:12 +08:00
Your Name
566169687a fix(iam): allow wildcard scope in schema seed 2026-04-20 16:11:26 +08:00
Your Name
319d9e1989 fix(supply-api): realign audit event persistence contract 2026-04-20 11:50:20 +08:00
Your Name
1c088e2dd4 fix(supply-api): restore package lifecycle ownership semantics 2026-04-20 11:36:07 +08:00
Your Name
00ff6363bd fix(supply-api): align account lifecycle optimistic locking 2026-04-20 11:22:18 +08:00
Your Name
50f0cc8606 fix(supply-api): restore package create insert contract 2026-04-20 11:16:14 +08:00
Your Name
9dba094183 fix(supply-api): restore db-backed idempotency locking 2026-04-20 11:10:35 +08:00
Your Name
414ecbb08c fix(token-runtime): preserve fingerprint on refresh and revoke 2026-04-20 10:47:59 +08:00
Your Name
45c4160eed docs: 清理架构文档中Kafka/etcd误填内容,标记废弃说明 
- 00_PROJECT_OVERVIEW.md: 清除虚构的5个环境问题描述
- technical_architecture_design_v1: 标记废弃说明,架构图标注Redis/Kafka未使用
- llm_gateway_product_technical_blueprint_v1: 标注Message Queue已由PostgreSQL替代
- resource_assessment_plan_v1: 移除Kafka作为备选方案引用

代码库中无任何Kafka/etcd/CloudWatch运行时依赖,详见TEST_ENVIRONMENT_ISSUES.md
 2026-04-18 11:48:29 +08:00
Your Name
014c183c84 fix: correct environment issues doc and add missing config improvements 
- Remove fabricated etcd/Kafka/AWS issues from TEST_ENVIRONMENT_ISSUES.md
  (codebase contains zero references to these dependencies)
- Add Kafka/etcd/CloudWatch clarification: early design docs discuss
  these but actual implementation uses none of them
- Add getEnvInt() for GATEWAY_PORT env variable support
- Add devtest stack scripts for local development
- Update verification report and repair plan status
 2026-04-18 11:34:58 +08:00
Your Name
421817c0c9 docs: add full verification report for all P0/P1 security fixes 2026-04-18 11:27:47 +08:00
Your Name
8fcdfe400e docs: enrich environment issues analysis and correct repair plan status 
- Expand TEST_ENVIRONMENT_ISSUES.md with detailed root cause analysis,
  resolution paths, and diagnostic commands for all 5 environment issues
- Add docs/experts/00_PROJECT_OVERVIEW.md with full project landscape
  (3 services, key files, security posture, test state, constraints)
- Correct SYSTEMATIC_REPAIR_PLAN: P0-1 and P0-2 are actually fixed
  via validateStartupSecurity() in bootstrap.go (not residual issues)
- All P0/P1 fixes confirmed verified against source code
 2026-04-18 09:34:21 +08:00
Your Name
0d81a53b7a docs: summarize remediation lessons and refresh project standards 2026-04-17 22:37:19 +08:00
Your Name
4d83f942bc docs(product): add page flow tree and button matrix 2026-04-17 22:28:07 +08:00
Your Name
b06dd8ccda docs(product): add completed feature inventory 2026-04-17 22:21:46 +08:00
Your Name
49738f2119 test(supply-api): disable cache in integration runner 2026-04-17 22:10:34 +08:00
Your Name
7e2f3fe62c docs(review): finalize correction closure and completion confirmation 2026-04-17 22:01:07 +08:00
Your Name
679a98dd9b docs(plan): add remediation execution checklist 2026-04-17 21:12:49 +08:00
Your Name
f48fca565b docs(sql): clarify active schema boundaries and status constraints 2026-04-17 20:12:05 +08:00
Your Name
ebd11867c3 docs(gateway): clarify advanced routing strategy status 2026-04-17 20:05:56 +08:00
Your Name
7434496470 feat(gateway): serve models from registered providers 2026-04-17 20:04:05 +08:00