# 2026-03-27 全量测试与质量审计 ## 1.3 2026-03-28 Q-004 latest remediation note XIII - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `89.72 / 77.57 / 84.48 / 90.64` - `src/app/App.tsx` is now `100 / 100 / 100 / 100` - `src/app/RootLayout.tsx` is now `100 / 100 / 100 / 100` - `src/components/common/ErrorBoundary/ErrorBoundary.tsx` is now `100 / 83.33 / 100 / 100` - The latest remediation closed three more previously real frontend hotspots: - `App.tsx` is no longer an open `Q-004` gap - `RootLayout.tsx` is no longer an open `Q-004` gap - `ErrorBoundary.tsx` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - after the shell and boundary layer were closed, the remaining higher-value frontend gaps narrow further to router, dashboard, and shared page-state coverage - The validation hygiene note remains materially unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-110341.md` ## 1.2 2026-03-28 Q-004 latest remediation note XII - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `89.06 / 77.14 / 83.56 / 89.96` - `src/pages/auth/ForgotPasswordPage/ForgotPasswordPage.tsx` is now `100 / 75 / 100 / 100` - `src/pages/auth/ResetPasswordPage/ResetPasswordPage.tsx` is now `95 / 94.44 / 100 / 95` - The latest remediation closed two more previously real frontend hotspots: - `ForgotPasswordPage` is no longer an open `Q-004` gap - `ResetPasswordPage` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - after the auth recovery pages were closed, the remaining higher-value frontend gaps shift more toward app shell, routing, error-boundary, and dashboard entry-point coverage - The validation hygiene note remains materially unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-105226.md` ## 1.1 2026-03-28 Q-004 latest remediation note XI - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `85.89 / 74.91 / 81.87 / 86.71` - `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx` is now `90.35 / 75.51 / 92.45 / 90.13` - The latest remediation closed one more previously real frontend hotspot: - `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - with `client.ts` and `ProfileSecurityPage` closed, the next highest-value frontend gaps now shift toward auth recovery pages such as `ForgotPasswordPage` and `ResetPasswordPage` - The validation hygiene note remains materially unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-104341.md` ## 1.0 2026-03-28 Q-004 latest remediation note X - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `83.86 / 72.68 / 79.87 / 84.72` - `src/lib/http/client.ts` is now `100 / 92.30 / 100 / 100` - The latest remediation closed one more previously real frontend hotspot: - `src/lib/http/client.ts` is no longer an open `Q-004` gap - This pass also closed one real validation-hygiene defect in production code: - cached shared refresh waiters no longer leave an unhandled rejected promise behind when refresh fails - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - the remaining highest-value frontend gap is now more concentrated in deeper `ProfileSecurityPage` - The validation hygiene note remains materially unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-102456.md` ## 0.9 2026-03-28 Q-004 latest remediation note IX - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `80.06 / 67.61 / 78.00 / 80.91` - `src/lib/http/csrf.ts` is now `100 / 88.46 / 100 / 100` - The latest remediation closed one more previously real frontend hotspot: - `src/lib/http/csrf.ts` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - the remaining highest-value frontend gaps are now more concentrated in `src/lib/http/client.ts` and deeper `ProfileSecurityPage` - The validation hygiene note remains materially unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-083841.md` ## 0.8 2026-03-28 Q-004 latest remediation note VIII - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `78.91 / 66.06 / 77.07 / 79.73` - `src/pages/auth/RegisterPage/RegisterPage.tsx` is now `93.42 / 85.24 / 87.5 / 95.89` - The latest remediation closed one more previously real frontend hotspot: - `RegisterPage` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - the remaining highest-value frontend gaps are now more concentrated in deeper `ProfileSecurityPage` and `lib/http` - The validation hygiene note remains materially unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-082843.md` ## 0.7 2026-03-28 Q-004 latest remediation note VII - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `78.38 / 64.77 / 76.92 / 79.19` - `src/pages/auth/LoginPage/LoginPage.tsx` is now `92.56 / 84.09 / 86.2 / 95.61` - The latest remediation closed one more previously real frontend hotspot: - `LoginPage` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - the remaining highest-value frontend gaps are now more concentrated in `RegisterPage`, deeper `ProfileSecurityPage`, and `lib/http` - The validation hygiene note remains materially unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - one concurrent `lint` + `build` attempt produced a transient Windows/Vite `index.html` emit-path failure, while the required standalone `build` rerun passed immediately afterward - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-081514.md` ## 0.6 2026-03-28 Q-004 latest remediation note VI - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `76.00 / 63.91 / 75.07 / 76.84` - `src/app/providers` is now `96.38 / 93.75` - `src/app/providers/AuthProvider.tsx` is now `100%` - The latest remediation closed one more previously real frontend hotspot: - `AuthProvider` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - the remaining highest-value frontend gaps are now more concentrated in `LoginPage`, `RegisterPage`, deeper `ProfileSecurityPage`, and `lib/http` - The validation hygiene note remains unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-075725.md` ## 0.5 2026-03-28 Q-004 latest remediation note V - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `74.54 / 63.57 / 74.61 / 75.35` - `src/pages/admin/UsersPage` is now `95.06%` - `src/pages/admin/WebhooksPage` is now `94.92%` - `internal/repository` is now `67.1%` - The latest remediation closed two previously dominant frontend gap clusters: - `UsersPage` drawers/modals are no longer one of the main remaining blockers - `WebhooksPage` modal/drawer components are no longer one of the main remaining blockers - A new real backend defect pair was discovered and fixed during this pass: - `internal/repository/role.go` - explicit `status=0` role creation was previously persisted as enabled - `internal/repository/permission.go` - explicit `status=0` permission creation was previously persisted as enabled - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - the remaining highest-value gaps are now more concentrated in deeper `ProfileSecurityPage`, `LoginPage`, `RegisterPage`, `AuthProvider`, `lib/http`, and still-remaining repository depth - The validation hygiene note remains unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-011431.md` ## 0.4 2026-03-28 Q-004 latest remediation note IV - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `68.32 / 54.12 / 68.15 / 69.28` - `src/pages/admin/RolesPage` is now at `94.53%` - `src/pages/admin/PermissionsPage` is now at `93.51%` - `src/pages/admin/ProfilePage/ProfilePage.tsx` is now at `91.42%` - `internal/auth/providers` is now `80.6%` - `internal/repository` remains `37.1%` - The latest remediation changed the real gap map materially: - provider coverage is no longer one of the dominant blockers - `RolesPage`, `PermissionsPage`, and `ProfilePage` are no longer dominant uncovered admin page clusters - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - the remaining highest-value gaps are now concentrated in `internal/repository` depth plus still-uncovered frontend modal/drawer components, especially under `UsersPage` and `WebhooksPage`, and deeper remaining `ProfileSecurityPage` branches - The validation hygiene note remains unchanged: - `npm.cmd run test:coverage` passed again, but still emitted one post-summary jsdom `AggregateError` network-noise line - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-003416.md` ## 0.3 2026-03-27 Q-004 latest remediation note III - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `56.81 / 44.67 / 57.38 / 57.57` - `src/pages/admin/LoginLogsPage/LoginLogsPage.tsx` is now at `93.1%` - `src/pages/admin/OperationLogsPage/OperationLogsPage.tsx` is now at `91.52%` - frontend `services` coverage remains `86.2%` - `internal/auth/providers` is now `28.7%` - `internal/repository` remains `37.1%` - The latest remediation reduced two real gaps materially: - admin log pages are no longer among the main page-level hotspots - provider coverage is no longer extremely shallow, but it is still far from closure-grade depth - A new validation hygiene note also appeared during this pass: - `npm.cmd run test:coverage` passed, but still emitted one post-summary jsdom `AggregateError` network-noise line - this is not a failing gate for the current pass, but it is still real and should not be misrepresented as a perfectly clean run - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - the main remaining gaps are now concentrated in deeper `internal/auth/providers` paths and still-uncovered admin pages/components - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-233824.md` ## 0.2 2026-03-27 Q-004 latest remediation note II - `Q-004` was remediated further after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `52.05 / 42.86 / 51.84 / 52.69` - frontend `services` coverage is now `86.2%` - `internal/auth/providers` is now `15.2%` - `internal/repository` remains `37.1%` - The latest remediation reduced the frontend service-layer gap substantially. - The updated real boundary is unchanged in principle: - `internal/auth/providers` is still too shallow to truthfully mark `Q-004` closed - there are still multiple uncovered admin pages/components outside the already-remediated `UsersPage` and `ProfileSecurityPage` - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-224352.md` ## 0.1 2026-03-27 Q-004 latest remediation note - `Q-004` has been remediated further after this audit, but it is still not closed. - Newly verified outcomes: - frontend overall coverage is now `49.18 / 42.86 / 44.92 / 49.79` - `UsersPage.tsx` is now at `90.98%` statements and `68.75%` branches - `ProfileSecurityPage.tsx` is now at `70.17%` statements and `48.97%` branches - `internal/repository` is now at `37.1%` - `internal/auth/providers` is now at `8.5%` - A new real defect was discovered and fixed during this remediation pass: - `internal/repository/device.go` - device create requests with explicit `status=0` were previously persisted as active because the DB default swallowed the zero value - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-221835.md` - Updated real boundary: - `UsersPage` and `ProfileSecurityPage` are no longer the primary blockers they were at audit time - `internal/auth/providers` still remains too shallow to truthfully mark `Q-004` closed ## 0. 2026-03-27 优先级整改补充结论 以下内容覆盖本报告中 Q-001 / Q-002 / Q-003 的“当前真实状态”: - Q-001 会话安全整改已完成并复验通过。 - 浏览器端不再把 access token、refresh token、用户信息、角色信息持久化到 `localStorage` / `sessionStorage`。 - refresh continuity 已切到后端 `HttpOnly` refresh cookie。 - 为避免无会话用户访问受保护页时盲打 `/auth/refresh` 产生浏览器 `400 Bad Request` console error,后端新增了非敏感会话存在标记 cookie,前端先判断是否值得恢复,再决定是否发起 refresh。 - Q-002 OAuth 信任边界整改已完成并复验通过。 - `return_to` 不再基于 `X-Forwarded-*` 推导的 request origin 做隐式同源放行。 - 当前只接受绝对路径,或显式 allowlist origin。 - Q-003 随机降级 fail-open 已完成整改并复验通过。 - `crypto/rand` 失败时不再静默退化到更弱随机源。 - 本轮补充整改还关闭了一个真实回归: - 鉴于会话模型从 Web Storage 切到 cookie + memory 后,真实浏览器 E2E 一度出现公开页/无会话访问时的刷新噪音与登录后路由竞态。 - 该问题现已通过“会话存在标记 cookie + AuthProvider 恢复策略收敛 + 认证态导出去竞态 + E2E 基座修正”收口。 最新补充验证命令: ```powershell go test ./... -count=1 go vet ./... go build ./cmd/server cd D:\project\frontend\admin npm.cmd run test:run npm.cmd run lint npm.cmd run build powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1 ``` 最新补充真实结论: - Q-001 / Q-002 / Q-003 已不再是本项目“当前进行时”的开放问题。 - Q-004 已完成一轮增补整改并通过真实复验,但当前仍是“部分收口、未完全关闭”状态。 - Frontend overall coverage 已从审计时的 `29.38 / 29.32 / 24.84 / 29.78` 提升到 `41.06 / 38.48 / 36.00 / 41.47`。 - 重点目标中: - `router` 已到 `47.72%` - `RequireAuth` / `RequireAdmin` 已到 `100%` - `AdminLayout` 已到 `80.00%` - `ImportExportPage` 已到 `83.58%` - `WebhooksPage` 已到 `93.15%` - `services/webhooks.ts` 已到 `100%` - `internal/database` 已到 `83.2%` - `internal/repository` 已到 `15.1%` - 本轮还顺带关闭了一个真实构建问题: - 在当前 Windows + `Vite 8` + `--configLoader native` 组合下,默认 HTML 输入会导致绝对路径 `index.html` 发射错误;现已通过显式 `rollupOptions.input = 'index.html'` 收口。 - 但 `internal/auth/providers` 仍仅 `4.0%`,前端 `UsersPage` / `ProfileSecurityPage` 仍有明显缺口。 - 当前剩余真实缺口收敛为: - Q-004 自动化覆盖率深度不足 - Q-005 dev toolchain SCA 未清零 - Q-006 外部告警交付证据未闭环 补充证据: - [`docs/evidence/ops/2026-03-27/quality/AUTH_SESSION_REMEDIATION_20260327-194100.md`](/D:/project/docs/evidence/ops/2026-03-27/quality/AUTH_SESSION_REMEDIATION_20260327-194100.md) - [`docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-212336.md`](/D:/project/docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-212336.md) - [`docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-214422.md`](/D:/project/docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-214422.md) ## 1. 审计方法 - 会话内可用 skill 中没有现成的通用 testing/quality skill。 - 使用 `skill-installer` 检索了可安装技能,识别到 `playwright` 与 `security-best-practices` 可覆盖真实浏览器验证与安全审计。 - 由于当前沙箱对 skill 安装临时目录写入有限制,未能将 skill 正式安装到本地目录;本轮直接拉取并按其规范执行: - `playwright`:以 CLI-first / real browser 为原则,沿用项目现有真实浏览器 E2E 路径验证。 - `security-best-practices`:按 Go backend + React/TypeScript frontend 的安全审计规则做证据化检查。 - 同时严格按照项目自身质量基线执行:`docs/team/QUALITY_STANDARD.md`。 ## 2. 已执行门禁 ### 2.1 Backend ```powershell go vet ./... go test ./... -count=1 go build ./cmd/server go test ./... -cover ``` 结论:通过。 ### 2.2 Frontend ```powershell cd frontend/admin npm.cmd run lint npm.cmd run test:run npm.cmd run build npm.cmd run test:coverage ``` 结论:通过。 ### 2.3 Real Browser E2E ```powershell cd frontend/admin powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1 ``` 结论:通过。 本轮真实浏览器场景包含: - `admin-bootstrap` - `public-registration` - `email-activation` - `login-surface` - `auth-workflow` - `responsive-login` - `desktop-mobile-navigation` ### 2.4 运维治理与交付证据 ```powershell powershell -ExecutionPolicy Bypass -File .\scripts\ops\run-sca-evidence.ps1 powershell -ExecutionPolicy Bypass -File .\scripts\ops\capture-local-baseline.ps1 powershell -ExecutionPolicy Bypass -File .\scripts\ops\validate-alerting-package.ps1 powershell -ExecutionPolicy Bypass -File .\scripts\ops\drill-alertmanager-render.ps1 powershell -ExecutionPolicy Bypass -File .\scripts\ops\drill-sqlite-backup-restore.ps1 powershell -ExecutionPolicy Bypass -File .\scripts\ops\drill-config-isolation.ps1 powershell -ExecutionPolicy Bypass -File .\scripts\ops\drill-local-rollback.ps1 powershell -ExecutionPolicy Bypass -File .\scripts\ops\validate-secret-boundary.ps1 ``` 结论: - SCA:生产依赖通过,完整依赖树未清零。 - 本地观测基线:通过。 - Alerting 包结构校验:通过,但外部通知闭环未完成。 - Alertmanager 渲染演练:通过。 - SQLite 备份恢复演练:通过。 - 配置/环境隔离演练:通过。 - 本地回滚演练:通过。 - 密钥边界校验:通过。 ## 3. 正向结论 - 当前项目“可执行质量门禁”整体较强:后端、前端、真实浏览器 E2E、本地治理演练都能真实跑通。 - 真实浏览器链路已经不是 smoke 假闭环,而是可重复执行的产品级主链路验证。 - 前端未发现明显高信号 DOM XSS 反模式: - 未扫到 `dangerouslySetInnerHTML` - 未扫到 `eval/new Function/document.write` - Release 模式下对 wildcard CORS 有显式拒绝测试,基础安全头中间件也已接入。 ## 4. 真实问题清单 ### Q-001 高风险:浏览器端仍将 access/refresh token 持久化到 Web Storage - 位置: - `frontend/admin/src/lib/storage/token-storage.ts:4-5` - `frontend/admin/src/lib/storage/token-storage.ts:25-27` - `frontend/admin/src/lib/http/auth-session.ts:5-6` - `frontend/admin/src/lib/http/auth-session.ts:121-123` - `frontend/admin/src/lib/http/auth-session.ts:140` - `frontend/admin/src/lib/http/auth-session.ts:153` - 证据: - refresh token 落在 `localStorage` - access token、用户信息、角色信息落在 `sessionStorage` - 影响: - 一旦前端发生 XSS、浏览器扩展注入或同机恶意读取,令牌可被直接窃取。 - 这不符合企业级生产产品对会话凭证的保守策略。 - 结论: - 当前“功能可用”不等于“会话安全成熟”。 - 更稳妥的方向应是 `HttpOnly + Secure + SameSite` cookie,或 BFF / server session 模式。 ### Q-002 高风险:OAuth return_to 校验依赖未受信任代理证明的转发头 - 位置: - `internal/api/handler/auth.go:511-524` - `internal/api/handler/auth.go:567-588` - 证据: - `oauthRequestOrigin` 直接信任 `X-Forwarded-Proto` 与 `X-Forwarded-Host` - `resolveOAuthReturnTo` 允许 `return_to` 与该 request origin 相同即通过 - 影响: - 如果边缘代理未明确剥离/重写这些头,攻击者可能伪造头值影响 OAuth 回跳来源判断。 - 该问题至少会造成 origin trust 边界不清;在配置失误时可退化为开放跳转/回跳接收面扩大。 - 结论: - 这是典型的“代码层看见依赖 forwarded headers,但仓内没有可信代理证明”的问题。 - 当前应视为高风险边界项,而不是默认安全。 ### Q-003 中风险:安全敏感随机值存在 fail-open 降级 - 位置: - `internal/auth/jwt.go:62-65` - `internal/service/email.go:295-297` - `internal/service/captcha.go:142-145` - 证据: - `crypto/rand` 失败后,JWT JTI / email code / captcha ID 会退化到时间戳或 `math/rand` - 影响: - 熵源异常时没有 fail closed,而是继续生成可预测性更强的值。 - 这不是主路径问题,但不符合严格生产安全设计。 - 结论: - 应改为显式报错并阻断相关安全流程,而不是静默降级。 ### Q-004 中风险:自动化覆盖率不足,回归安全网偏薄 - Frontend 总覆盖率: - statements `29.38%` - branches `29.32%` - functions `24.84%` - lines `29.78%` - Backend 覆盖率示例: - `internal/service` `51.8%` - `internal/api/handler` `31.4%` - `internal/auth` `34.3%` - `internal/auth/providers` `1.5%` - `internal/repository` `10.5%` - `internal/database` `0.0%` - 影响: - 当前 E2E 很强,但底层模块和异常分支的自动回归网仍然偏弱。 ### Q-005 中风险:完整依赖树 SCA 未清零 - 结果: - `npm audit production`: `0` - `npm audit full`: `22` - 其中 `21 moderate`,`1 high` - `govulncheck reachable findings`: `0` - 主要链路: - `picomatch` 高危 - `vite` / `vitest` / `typescript-eslint` / `eslint` 相关 dev toolchain 链路存在中危项 - 影响: - 生产依赖当前较干净。 - 但工程供应链本身还不能称为“完全收口”。 ### Q-006 中风险:外部告警交付证据未闭环 - 结果: - `Repo-level alerting package structurally ready: True` - `Repo-level oncall/delivery package fully closed: False` - 影响: - 仓内模板、结构、演练已具备。 - 但真实外部通知联系人/渠道的交付闭环证据还缺。 ## 5. 综合判断 ### 5.1 已达到的水平 - 可以真实表述为: - “项目当前可执行质量门禁整体通过,后端/前端/真实浏览器 E2E/本地治理演练已形成一轮真实闭环。” ### 5.2 不能夸大的表述 - 目前不能真实表述为: - “已经完全达到企业级生产上线质量” - “安全与治理材料全部闭环” - “自动化测试覆盖已经充分” ### 5.3 真实状态 - 当前更准确的结论是: - 执行层面很强,产品主链路和真实浏览器验证已明显成熟。 - 但安全会话模型、反向代理信任边界、覆盖率、dev 供应链漏洞、外部告警交付证据,仍是生产级质量的真实缺口。 ## 6. 下一步优先级 1. 会话安全整改 - 移除 Web Storage 中的 access/refresh token 持久化。 - 切到 HttpOnly cookie 或 BFF / server session。 2. OAuth 信任边界整改 - 不再直接信任 `X-Forwarded-*`。 - 显式配置 trusted proxy / trusted origin,并补 runtime 证据。 3. fail-open 随机降级整改 - `crypto/rand` 失败即报错,不再退化到时间戳或 `math/rand`。 4. 覆盖率提升 - Frontend 优先补 `AuthProvider`、`router`、`AdminLayout`、`UsersPage`、`WebhooksPage`、`ImportExportPage` - Backend 优先补 `internal/auth/providers`、`internal/repository`、`internal/database` 5. 清理 dev toolchain SCA - 升级 `vite/vitest/eslint/typescript-eslint` 及其传递依赖,消除 `picomatch` 链路风险。 6. 补齐真实外部告警交付证据 - 接入真实通知渠道并形成可审计投递记录。 ## 7. 本轮证据 - `docs/team/QUALITY_STANDARD.md` - `docs/status/REAL_PROJECT_STATUS.md` - `docs/PROJECT_REVIEW_REPORT.md` - `docs/evidence/ops/2026-03-27/e2e/ADMIN_BOOTSTRAP_CLOSURE_20260327-173914.md` - `docs/evidence/ops/2026-03-27/sca/SCA_SUMMARY_20260327-181910.md` - `docs/evidence/ops/2026-03-27/observability/LOCAL_BASELINE_20260327-182005.md` - `docs/evidence/ops/2026-03-27/alerting/ALERTING_PACKAGE_20260327-182058.md` - `docs/evidence/ops/2026-03-27/backup-restore/20260327-182059/` - `docs/evidence/ops/2026-03-27/config-isolation/20260327-182059/` - `docs/evidence/ops/2026-03-27/rollback/20260327-182059/` - `docs/evidence/ops/2026-03-27/secret-boundary/20260327-181910/` ## 8. 2026-03-28 Q-004 Closure Update - Real status update: - `Q-004` is improved again, but still cannot be honestly declared closed. - Newly closed frontend hotspot: - `frontend/admin/src/app/router.tsx` is now at `100 / 100 / 100 / 100`. - Validation evidence added: - targeted router test - full frontend `test:run` - `lint` - `build` - full frontend `test:coverage` - Current frontend full coverage after this pass: - statements `90.74%` - branches `77.74%` - functions `87.40%` - lines `90.87%` - Main remaining `Q-004` frontend hotspots now narrow to: - `src/pages/admin/DashboardPage/DashboardPage.tsx` - `src/components/feedback/PageState/PageState.tsx` - additional lower-coverage shared/admin surfaces outside this pass - Real hygiene gap still open: - the successful frontend coverage run still prints one post-summary jsdom `AggregateError` network-noise line - Evidence: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-121611.md` ## 9. 2026-03-28 Dashboard Closure Update - Real status update: - `Q-004` improved again, but still cannot be honestly declared closed. - Newly closed frontend hotspot: - `frontend/admin/src/pages/admin/DashboardPage/DashboardPage.tsx` is now at `100 / 100 / 100 / 100`. - Validation evidence added: - targeted dashboard test - `lint` - `build` - full frontend `test:coverage` - Current frontend full coverage after this pass: - statements `91.66%` - branches `78.26%` - functions `87.86%` - lines `91.82%` - Main remaining `Q-004` frontend hotspots now narrow to: - `src/components/feedback/PageState/PageState.tsx` - additional lower-coverage shared/admin surfaces outside this pass - Real hygiene gap still open: - the successful frontend coverage run still prints one post-summary jsdom `AggregateError` network-noise line - Evidence: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-122517.md` ## 10. 2026-03-28 PageState Closure Update - Real status update: - `Q-004` improved again, but still cannot be honestly declared closed. - Newly closed frontend hotspot: - `frontend/admin/src/components/feedback/PageState/PageState.tsx` is now at `100 / 100 / 100 / 100`. - Validation evidence added: - targeted PageState test - `lint` - `build` - full frontend `test:coverage` - Current frontend full coverage after this pass: - statements `91.71%` - branches `78.52%` - functions `88.01%` - lines `91.86%` - Main remaining `Q-004` frontend hotspots now narrow to: - `src/layouts/AdminLayout/AdminLayout.tsx` - `src/pages/admin/ImportExportPage/ImportExportPage.tsx` - `src/lib/errors/AppError.ts` - `src/lib/storage/token-storage.ts` - additional lower-coverage shared/admin surfaces outside this pass - Real hygiene gap still open: - the successful frontend coverage run still prints one post-summary jsdom `AggregateError` network-noise line - Evidence: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-123228.md` ## 11. 2026-03-28 AdminLayout Closure Update - Real status update: - `Q-004` improved again, but still cannot be honestly declared closed. - Newly closed frontend hotspot: - `frontend/admin/src/layouts/AdminLayout/AdminLayout.tsx` is now at `100 / 100 / 100 / 100`. - Validation evidence added: - targeted AdminLayout test - `lint` - `build` - full frontend `test:coverage` - Current frontend full coverage after this pass: - statements `92.06%` - branches `79.29%` - functions `89.09%` - lines `92.22%` - Main remaining `Q-004` frontend hotspots now narrow to: - `src/lib/storage/token-storage.ts` - `src/lib/errors/AppError.ts` - `src/pages/admin/ImportExportPage/ImportExportPage.tsx` - `src/pages/NotFoundPage/NotFoundPage.tsx` - additional lower-coverage shared/admin surfaces outside this pass - Real hygiene gap still open: - the successful frontend coverage run still prints one post-summary jsdom `AggregateError` network-noise line - Evidence: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-124756.md` ## 12. 2026-03-28 Token Storage Closure Update - Real status update: - `Q-004` improved again, but still cannot be honestly declared closed. - Newly closed frontend hotspot: - `frontend/admin/src/lib/storage/token-storage.ts` is now at `100 / 100 / 100 / 100`. - Validation evidence added: - targeted token-storage test - `lint` - `build` - full frontend `test:coverage` - Current frontend full coverage after this pass: - statements `92.32%` - branches `79.63%` - functions `89.70%` - lines `92.49%` - Main remaining `Q-004` frontend hotspots now narrow to: - `src/lib/errors/AppError.ts` - `src/pages/admin/ImportExportPage/ImportExportPage.tsx` - `src/pages/NotFoundPage/NotFoundPage.tsx` - additional lower-coverage shared/admin surfaces outside this pass - Real hygiene gap still open: - the successful frontend coverage run still prints one post-summary jsdom `AggregateError` network-noise line - Evidence: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-125454.md` ## 13. 2026-03-28 AppError Closure Update - Real status update: - `Q-004` improved again, but still cannot be honestly declared closed. - Newly closed frontend hotspot: - `frontend/admin/src/lib/errors/AppError.ts` is now at `100 / 100 / 100 / 100`. - `frontend/admin/src/lib/errors/index.ts` is now at `100 / 100 / 100 / 100`. - Validation evidence added: - targeted AppError module test - `lint` - `build` - full frontend `test:coverage` - Current frontend full coverage after this pass: - statements `93.07%` - branches `81.35%` - functions `90.32%` - lines `93.26%` - Main remaining `Q-004` frontend hotspots now narrow to: - `src/pages/admin/ImportExportPage/ImportExportPage.tsx` - `src/pages/NotFoundPage/NotFoundPage.tsx` - `src/lib/hooks/useBreadcrumbs.ts` - `src/app/providers/ThemeProvider.tsx` - additional lower-coverage shared/admin surfaces outside this pass - Real hygiene gap still open: - the successful frontend coverage run still prints one post-summary jsdom `AggregateError` network-noise line - Evidence: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-140215.md` ## 1.4 2026-03-28 Q-004 latest remediation note XIV - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `93.56 / 81.95 / 90.93 / 93.71` - `src/pages/admin/ImportExportPage/ImportExportPage.tsx` is now `100 / 100 / 100 / 100` - The latest remediation closed one more previously real frontend hotspot: - `ImportExportPage.tsx` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - after the import/export page was closed, the remaining higher-value frontend gaps narrow further to `NotFoundPage`, `useBreadcrumbs`, `ThemeProvider`, and the still-open coverage-noise hygiene issue - The validation hygiene note changed slightly but remains materially open: - `ImportExportPage` tests no longer emit the extra jsdom `window.getComputedStyle(..., pseudoElt)` noise from `rc-table` - `npm.cmd run test:coverage` still passed again while emitting post-summary jsdom `AggregateError` network-noise lines - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-142248.md` ## 1.5 2026-03-28 Q-004 latest remediation note XV - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `93.69 / 81.95 / 91.24 / 93.85` - `src/pages/NotFoundPage/NotFoundPage.tsx` is now `100 / 100 / 100 / 100` - The latest remediation closed one more previously real frontend hotspot: - `NotFoundPage.tsx` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - after the 404 page was closed, the remaining higher-value frontend gaps narrow further to `useBreadcrumbs`, `ThemeProvider`, and the still-open coverage-noise hygiene issue - The validation hygiene note remains materially open: - `npm.cmd run test:coverage` still passed again while emitting post-summary jsdom `AggregateError` network-noise lines - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-143209.md` ## 1.6 2026-03-28 Q-004 latest remediation note XVI - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `93.84 / 82.29 / 91.21 / 94.01` - `src/lib/hooks/useBreadcrumbs.ts` is now `100 / 100 / 100 / 100` - The latest remediation closed one more previously real frontend hotspot: - `useBreadcrumbs.ts` is no longer an open `Q-004` gap - This pass also removed one small piece of dead frontend complexity: - the hook's parent-injection branch was redundant under the current route model and has been removed rather than artificially test-forced - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - after the breadcrumb hook was closed, the remaining higher-value frontend gaps narrow further to `ThemeProvider` plus the still-open coverage-noise hygiene issue - The validation hygiene note remains materially open: - `npm.cmd run test:coverage` still passed again while emitting post-summary jsdom `AggregateError` network-noise lines - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-144036.md` ## 1.7 2026-03-28 Q-004 latest remediation note XVII - `Q-004` was remediated further again after the previous addendum and still remains open. - Newly verified outcomes: - frontend overall coverage is now `93.93 / 82.29 / 91.37 / 94.10` - `src/app/providers/ThemeProvider.tsx` is now `100 / 100 / 100 / 100` - The latest remediation closed one more previously real frontend hotspot: - `ThemeProvider.tsx` is no longer an open `Q-004` gap - The updated real boundary remains: - `Q-004` still cannot be truthfully closed - after the theme provider was closed, the remaining frontend gap for this closure track narrows to the still-open post-summary jsdom `AggregateError` coverage-noise issue - The validation hygiene note remains materially open: - `npm.cmd run test:coverage` still passed again while emitting post-summary jsdom `AggregateError` network-noise lines - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-144756.md` ## 1.8 2026-03-28 Q-004 latest remediation note XVIII - `Q-004` for the `frontend/admin` closure track can now be truthfully closed. - Newly verified outcomes: - frontend overall coverage is now `93.98 / 82.29 / 91.37 / 94.15` - `src/app/router.tsx` remains `100 / 100 / 100 / 100` in the latest full-suite coverage run - full frontend coverage completed with `54` passing test files and `248` passing tests - The final materially open blocker is now closed: - the successful `npm.cmd run test:coverage` run no longer emits the previously recurring post-summary jsdom `AggregateError` network-noise lines - The real closure boundary is now: - all previously identified frontend hotspots in this `Q-004` closure track remain closed - the validation hygiene path is clean enough to honestly close `Q-004` - a separate npm global config warning still prints after command completion, but it is external environment noise rather than a project-generated failure - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-151952.md` ## 1.9 2026-03-28 Q-005 SCA closure note XIX - `Q-005` can now be truthfully closed. - Newly verified outcomes: - `npm audit production` is now `0` - `npm audit full` is now `0` - `govulncheck reachable findings` remain `0` - The remediation that closed the dev-toolchain supply-chain gap was: - upgrade `vite` to `8.0.3` - upgrade `vitest` and `@vitest/coverage-v8` to `4.1.2` - upgrade `typescript-eslint` to `8.57.2` - pin vulnerable transitive chains with `overrides` for `picomatch` and `brace-expansion` - Re-verification after the dependency update also passed: - `frontend/admin` `lint` - `frontend/admin` production `build` - full frontend `test:coverage` - The updated real boundary is now: - `Q-004` and `Q-005` are both closed for the current closure track - the next unclosed cross-cutting governance gap is `Q-006` external alert delivery evidence - the separate product/external-proof boundary around live third-party OAuth provider browser evidence also still remains - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-28/sca/SCA_SUMMARY_20260328-220806.md` ## 2.0 2026-03-29 Q-006 readiness note XX - `Q-006` still cannot be truthfully closed, but the repo-side closure path is stricter than before. - Newly verified outcomes: - alerting package structural validation still passes on the latest run - render drill still passes on the latest run - a new strict live-delivery drill now exists and fails closed on placeholder/example values - The latest repo-side hardening for this gap is: - add `scripts/ops/drill-alertmanager-live-delivery.ps1` - refuse unresolved placeholders, `example.*` addresses/hosts, and placeholder secrets before any network attempt - emit only redacted config artifacts and masked recipient evidence - remove the date-rollover false blocker in `validate-alerting-package.ps1` by falling back to the latest available baseline evidence - The updated real boundary is now: - repo-side alert delivery verification tooling is materially better prepared - `Q-006` remains open because no real non-placeholder on-call delivery environment has been injected and no successful live SMTP acceptance evidence has yet been captured - the remaining closure work is external-environment proof, not another repo-local template/rendering fix - Latest evidence for this addendum: - `docs/evidence/ops/2026-03-29/alerting/ALERTING_PACKAGE_20260329-100316.md` - `docs/evidence/ops/2026-03-29/alerting/20260329-100315/ALERTMANAGER_RENDER_DRILL.md` - `docs/evidence/ops/2026-03-29/alerting/20260329-100315/ALERTMANAGER_LIVE_DELIVERY_DRILL.md`