user-system/docs/evidence/ops/2026-03-27/quality/QUALITY_AUDIT_20260327-182910.md

2026-03-27 全量测试与质量审计

1.3 2026-03-28 Q-004 latest remediation note XIII

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 89.72 / 77.57 / 84.48 / 90.64
  • src/app/App.tsx is now 100 / 100 / 100 / 100
  • src/app/RootLayout.tsx is now 100 / 100 / 100 / 100
  • src/components/common/ErrorBoundary/ErrorBoundary.tsx is now 100 / 83.33 / 100 / 100
• The latest remediation closed three more previously real frontend hotspots:
  • App.tsx is no longer an open Q-004 gap
  • RootLayout.tsx is no longer an open Q-004 gap
  • ErrorBoundary.tsx is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • after the shell and boundary layer were closed, the remaining higher-value frontend gaps narrow further to router, dashboard, and shared page-state coverage
• The validation hygiene note remains materially unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-110341.md

1.2 2026-03-28 Q-004 latest remediation note XII

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 89.06 / 77.14 / 83.56 / 89.96
  • src/pages/auth/ForgotPasswordPage/ForgotPasswordPage.tsx is now 100 / 75 / 100 / 100
  • src/pages/auth/ResetPasswordPage/ResetPasswordPage.tsx is now 95 / 94.44 / 100 / 95
• The latest remediation closed two more previously real frontend hotspots:
  • ForgotPasswordPage is no longer an open Q-004 gap
  • ResetPasswordPage is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • after the auth recovery pages were closed, the remaining higher-value frontend gaps shift more toward app shell, routing, error-boundary, and dashboard entry-point coverage
• The validation hygiene note remains materially unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-105226.md

1.1 2026-03-28 Q-004 latest remediation note XI

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 85.89 / 74.91 / 81.87 / 86.71
  • src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx is now 90.35 / 75.51 / 92.45 / 90.13
• The latest remediation closed one more previously real frontend hotspot:
  • src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • with client.ts and ProfileSecurityPage closed, the next highest-value frontend gaps now shift toward auth recovery pages such as ForgotPasswordPage and ResetPasswordPage
• The validation hygiene note remains materially unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-104341.md

1.0 2026-03-28 Q-004 latest remediation note X

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 83.86 / 72.68 / 79.87 / 84.72
  • src/lib/http/client.ts is now 100 / 92.30 / 100 / 100
• The latest remediation closed one more previously real frontend hotspot:
  • src/lib/http/client.ts is no longer an open Q-004 gap
• This pass also closed one real validation-hygiene defect in production code:
  • cached shared refresh waiters no longer leave an unhandled rejected promise behind when refresh fails
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • the remaining highest-value frontend gap is now more concentrated in deeper ProfileSecurityPage
• The validation hygiene note remains materially unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-102456.md

0.9 2026-03-28 Q-004 latest remediation note IX

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 80.06 / 67.61 / 78.00 / 80.91
  • src/lib/http/csrf.ts is now 100 / 88.46 / 100 / 100
• The latest remediation closed one more previously real frontend hotspot:
  • src/lib/http/csrf.ts is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • the remaining highest-value frontend gaps are now more concentrated in src/lib/http/client.ts and deeper ProfileSecurityPage
• The validation hygiene note remains materially unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-083841.md

0.8 2026-03-28 Q-004 latest remediation note VIII

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 78.91 / 66.06 / 77.07 / 79.73
  • src/pages/auth/RegisterPage/RegisterPage.tsx is now 93.42 / 85.24 / 87.5 / 95.89
• The latest remediation closed one more previously real frontend hotspot:
  • RegisterPage is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • the remaining highest-value frontend gaps are now more concentrated in deeper ProfileSecurityPage and lib/http
• The validation hygiene note remains materially unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-082843.md

0.7 2026-03-28 Q-004 latest remediation note VII

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 78.38 / 64.77 / 76.92 / 79.19
  • src/pages/auth/LoginPage/LoginPage.tsx is now 92.56 / 84.09 / 86.2 / 95.61
• The latest remediation closed one more previously real frontend hotspot:
  • LoginPage is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • the remaining highest-value frontend gaps are now more concentrated in RegisterPage, deeper ProfileSecurityPage, and lib/http
• The validation hygiene note remains materially unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
  • one concurrent lint + build attempt produced a transient Windows/Vite index.html emit-path failure, while the required standalone build rerun passed immediately afterward
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-081514.md

0.6 2026-03-28 Q-004 latest remediation note VI

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 76.00 / 63.91 / 75.07 / 76.84
  • src/app/providers is now 96.38 / 93.75
  • src/app/providers/AuthProvider.tsx is now 100%
• The latest remediation closed one more previously real frontend hotspot:
  • AuthProvider is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • the remaining highest-value frontend gaps are now more concentrated in LoginPage, RegisterPage, deeper ProfileSecurityPage, and lib/http
• The validation hygiene note remains unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-075725.md

0.5 2026-03-28 Q-004 latest remediation note V

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 74.54 / 63.57 / 74.61 / 75.35
  • src/pages/admin/UsersPage is now 95.06%
  • src/pages/admin/WebhooksPage is now 94.92%
  • internal/repository is now 67.1%
• The latest remediation closed two previously dominant frontend gap clusters:
  • UsersPage drawers/modals are no longer one of the main remaining blockers
  • WebhooksPage modal/drawer components are no longer one of the main remaining blockers
• A new real backend defect pair was discovered and fixed during this pass:
  • internal/repository/role.go
    • explicit status=0 role creation was previously persisted as enabled
  • internal/repository/permission.go
    • explicit status=0 permission creation was previously persisted as enabled
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • the remaining highest-value gaps are now more concentrated in deeper ProfileSecurityPage, LoginPage, RegisterPage, AuthProvider, lib/http, and still-remaining repository depth
• The validation hygiene note remains unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-011431.md

0.4 2026-03-28 Q-004 latest remediation note IV

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 68.32 / 54.12 / 68.15 / 69.28
  • src/pages/admin/RolesPage is now at 94.53%
  • src/pages/admin/PermissionsPage is now at 93.51%
  • src/pages/admin/ProfilePage/ProfilePage.tsx is now at 91.42%
  • internal/auth/providers is now 80.6%
  • internal/repository remains 37.1%
• The latest remediation changed the real gap map materially:
  • provider coverage is no longer one of the dominant blockers
  • RolesPage, PermissionsPage, and ProfilePage are no longer dominant uncovered admin page clusters
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • the remaining highest-value gaps are now concentrated in internal/repository depth plus still-uncovered frontend modal/drawer components, especially under UsersPage and WebhooksPage, and deeper remaining ProfileSecurityPage branches
• The validation hygiene note remains unchanged:
  • npm.cmd run test:coverage passed again, but still emitted one post-summary jsdom AggregateError network-noise line
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-003416.md

0.3 2026-03-27 Q-004 latest remediation note III

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 56.81 / 44.67 / 57.38 / 57.57
  • src/pages/admin/LoginLogsPage/LoginLogsPage.tsx is now at 93.1%
  • src/pages/admin/OperationLogsPage/OperationLogsPage.tsx is now at 91.52%
  • frontend services coverage remains 86.2%
  • internal/auth/providers is now 28.7%
  • internal/repository remains 37.1%
• The latest remediation reduced two real gaps materially:
  • admin log pages are no longer among the main page-level hotspots
  • provider coverage is no longer extremely shallow, but it is still far from closure-grade depth
• A new validation hygiene note also appeared during this pass:
  • npm.cmd run test:coverage passed, but still emitted one post-summary jsdom AggregateError network-noise line
  • this is not a failing gate for the current pass, but it is still real and should not be misrepresented as a perfectly clean run
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • the main remaining gaps are now concentrated in deeper internal/auth/providers paths and still-uncovered admin pages/components
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-233824.md

0.2 2026-03-27 Q-004 latest remediation note II

• Q-004 was remediated further after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 52.05 / 42.86 / 51.84 / 52.69
  • frontend services coverage is now 86.2%
  • internal/auth/providers is now 15.2%
  • internal/repository remains 37.1%
• The latest remediation reduced the frontend service-layer gap substantially.
• The updated real boundary is unchanged in principle:
  • internal/auth/providers is still too shallow to truthfully mark Q-004 closed
  • there are still multiple uncovered admin pages/components outside the already-remediated UsersPage and ProfileSecurityPage
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-224352.md

0.1 2026-03-27 Q-004 latest remediation note

• Q-004 has been remediated further after this audit, but it is still not closed.
• Newly verified outcomes:
  • frontend overall coverage is now 49.18 / 42.86 / 44.92 / 49.79
  • UsersPage.tsx is now at 90.98% statements and 68.75% branches
  • ProfileSecurityPage.tsx is now at 70.17% statements and 48.97% branches
  • internal/repository is now at 37.1%
  • internal/auth/providers is now at 8.5%
• A new real defect was discovered and fixed during this remediation pass:
  • internal/repository/device.go
  • device create requests with explicit status=0 were previously persisted as active because the DB default swallowed the zero value
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-221835.md
• Updated real boundary:
  • UsersPage and ProfileSecurityPage are no longer the primary blockers they were at audit time
  • internal/auth/providers still remains too shallow to truthfully mark Q-004 closed

0. 2026-03-27 优先级整改补充结论

以下内容覆盖本报告中 Q-001 / Q-002 / Q-003 的“当前真实状态”：

• Q-001 会话安全整改已完成并复验通过。
  • 浏览器端不再把 access token、refresh token、用户信息、角色信息持久化到 localStorage / sessionStorage。
  • refresh continuity 已切到后端 HttpOnly refresh cookie。
  • 为避免无会话用户访问受保护页时盲打 /auth/refresh 产生浏览器 400 Bad Request console error，后端新增了非敏感会话存在标记 cookie，前端先判断是否值得恢复，再决定是否发起 refresh。
• Q-002 OAuth 信任边界整改已完成并复验通过。
  • return_to 不再基于 X-Forwarded-* 推导的 request origin 做隐式同源放行。
  • 当前只接受绝对路径，或显式 allowlist origin。
• Q-003 随机降级 fail-open 已完成整改并复验通过。
  • crypto/rand 失败时不再静默退化到更弱随机源。
• 本轮补充整改还关闭了一个真实回归：
  • 鉴于会话模型从 Web Storage 切到 cookie + memory 后，真实浏览器 E2E 一度出现公开页/无会话访问时的刷新噪音与登录后路由竞态。
  • 该问题现已通过“会话存在标记 cookie + AuthProvider 恢复策略收敛 + 认证态导出去竞态 + E2E 基座修正”收口。

最新补充验证命令：

go test ./... -count=1
go vet ./...
go build ./cmd/server

cd D:\project\frontend\admin
npm.cmd run test:run
npm.cmd run lint
npm.cmd run build
powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1

最新补充真实结论：

• Q-001 / Q-002 / Q-003 已不再是本项目“当前进行时”的开放问题。
• Q-004 已完成一轮增补整改并通过真实复验，但当前仍是“部分收口、未完全关闭”状态。
  • Frontend overall coverage 已从审计时的 29.38 / 29.32 / 24.84 / 29.78 提升到 41.06 / 38.48 / 36.00 / 41.47。
  • 重点目标中：
    • router 已到 47.72%
    • RequireAuth / RequireAdmin 已到 100%
    • AdminLayout 已到 80.00%
    • ImportExportPage 已到 83.58%
    • WebhooksPage 已到 93.15%
    • services/webhooks.ts 已到 100%
    • internal/database 已到 83.2%
    • internal/repository 已到 15.1%
  • 本轮还顺带关闭了一个真实构建问题：
    • 在当前 Windows + Vite 8 + --configLoader native 组合下，默认 HTML 输入会导致绝对路径 index.html 发射错误；现已通过显式 rollupOptions.input = 'index.html' 收口。
  • 但 internal/auth/providers 仍仅 4.0%，前端 UsersPage / ProfileSecurityPage 仍有明显缺口。
• 当前剩余真实缺口收敛为：
  • Q-004 自动化覆盖率深度不足
  • Q-005 dev toolchain SCA 未清零
  • Q-006 外部告警交付证据未闭环

补充证据：

• docs/evidence/ops/2026-03-27/quality/AUTH_SESSION_REMEDIATION_20260327-194100.md
• docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-212336.md
• docs/evidence/ops/2026-03-27/quality/COVERAGE_REMEDIATION_20260327-214422.md

1. 审计方法

• 会话内可用 skill 中没有现成的通用 testing/quality skill。
• 使用 skill-installer 检索了可安装技能，识别到 playwright 与 security-best-practices 可覆盖真实浏览器验证与安全审计。
• 由于当前沙箱对 skill 安装临时目录写入有限制，未能将 skill 正式安装到本地目录；本轮直接拉取并按其规范执行：
  • playwright：以 CLI-first / real browser 为原则，沿用项目现有真实浏览器 E2E 路径验证。
  • security-best-practices：按 Go backend + React/TypeScript frontend 的安全审计规则做证据化检查。
• 同时严格按照项目自身质量基线执行：docs/team/QUALITY_STANDARD.md。

2. 已执行门禁

2.1 Backend

go vet ./...
go test ./... -count=1
go build ./cmd/server
go test ./... -cover

结论：通过。

2.2 Frontend

cd frontend/admin
npm.cmd run lint
npm.cmd run test:run
npm.cmd run build
npm.cmd run test:coverage

结论：通过。

2.3 Real Browser E2E

cd frontend/admin
powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1

结论：通过。

本轮真实浏览器场景包含：

• admin-bootstrap
• public-registration
• email-activation
• login-surface
• auth-workflow
• responsive-login
• desktop-mobile-navigation

2.4 运维治理与交付证据

powershell -ExecutionPolicy Bypass -File .\scripts\ops\run-sca-evidence.ps1
powershell -ExecutionPolicy Bypass -File .\scripts\ops\capture-local-baseline.ps1
powershell -ExecutionPolicy Bypass -File .\scripts\ops\validate-alerting-package.ps1
powershell -ExecutionPolicy Bypass -File .\scripts\ops\drill-alertmanager-render.ps1
powershell -ExecutionPolicy Bypass -File .\scripts\ops\drill-sqlite-backup-restore.ps1
powershell -ExecutionPolicy Bypass -File .\scripts\ops\drill-config-isolation.ps1
powershell -ExecutionPolicy Bypass -File .\scripts\ops\drill-local-rollback.ps1
powershell -ExecutionPolicy Bypass -File .\scripts\ops\validate-secret-boundary.ps1

结论：

• SCA：生产依赖通过，完整依赖树未清零。
• 本地观测基线：通过。
• Alerting 包结构校验：通过，但外部通知闭环未完成。
• Alertmanager 渲染演练：通过。
• SQLite 备份恢复演练：通过。
• 配置/环境隔离演练：通过。
• 本地回滚演练：通过。
• 密钥边界校验：通过。

3. 正向结论

• 当前项目“可执行质量门禁”整体较强：后端、前端、真实浏览器 E2E、本地治理演练都能真实跑通。
• 真实浏览器链路已经不是 smoke 假闭环，而是可重复执行的产品级主链路验证。
• 前端未发现明显高信号 DOM XSS 反模式：
  • 未扫到 dangerouslySetInnerHTML
  • 未扫到 eval/new Function/document.write
• Release 模式下对 wildcard CORS 有显式拒绝测试，基础安全头中间件也已接入。

4. 真实问题清单

Q-001 高风险：浏览器端仍将 access/refresh token 持久化到 Web Storage

• 位置：
  • frontend/admin/src/lib/storage/token-storage.ts:4-5
  • frontend/admin/src/lib/storage/token-storage.ts:25-27
  • frontend/admin/src/lib/http/auth-session.ts:5-6
  • frontend/admin/src/lib/http/auth-session.ts:121-123
  • frontend/admin/src/lib/http/auth-session.ts:140
  • frontend/admin/src/lib/http/auth-session.ts:153
• 证据：
  • refresh token 落在 localStorage
  • access token、用户信息、角色信息落在 sessionStorage
• 影响：
  • 一旦前端发生 XSS、浏览器扩展注入或同机恶意读取，令牌可被直接窃取。
  • 这不符合企业级生产产品对会话凭证的保守策略。
• 结论：
  • 当前“功能可用”不等于“会话安全成熟”。
  • 更稳妥的方向应是 HttpOnly + Secure + SameSite cookie，或 BFF / server session 模式。

Q-002 高风险：OAuth return_to 校验依赖未受信任代理证明的转发头

• 位置：
  • internal/api/handler/auth.go:511-524
  • internal/api/handler/auth.go:567-588
• 证据：
  • oauthRequestOrigin 直接信任 X-Forwarded-Proto 与 X-Forwarded-Host
  • resolveOAuthReturnTo 允许 return_to 与该 request origin 相同即通过
• 影响：
  • 如果边缘代理未明确剥离/重写这些头，攻击者可能伪造头值影响 OAuth 回跳来源判断。
  • 该问题至少会造成 origin trust 边界不清；在配置失误时可退化为开放跳转/回跳接收面扩大。
• 结论：
  • 这是典型的“代码层看见依赖 forwarded headers，但仓内没有可信代理证明”的问题。
  • 当前应视为高风险边界项，而不是默认安全。

Q-003 中风险：安全敏感随机值存在 fail-open 降级

• 位置：
  • internal/auth/jwt.go:62-65
  • internal/service/email.go:295-297
  • internal/service/captcha.go:142-145
• 证据：
  • crypto/rand 失败后，JWT JTI / email code / captcha ID 会退化到时间戳或 math/rand
• 影响：
  • 熵源异常时没有 fail closed，而是继续生成可预测性更强的值。
  • 这不是主路径问题，但不符合严格生产安全设计。
• 结论：
  • 应改为显式报错并阻断相关安全流程，而不是静默降级。

Q-004 中风险：自动化覆盖率不足，回归安全网偏薄

• Frontend 总覆盖率：
  • statements 29.38%
  • branches 29.32%
  • functions 24.84%
  • lines 29.78%
• Backend 覆盖率示例：
  • internal/service 51.8%
  • internal/api/handler 31.4%
  • internal/auth 34.3%
  • internal/auth/providers 1.5%
  • internal/repository 10.5%
  • internal/database 0.0%
• 影响：
  • 当前 E2E 很强，但底层模块和异常分支的自动回归网仍然偏弱。

Q-005 中风险：完整依赖树 SCA 未清零

• 结果：
  • npm audit production: 0
  • npm audit full: 22
  • 其中 21 moderate，1 high
  • govulncheck reachable findings: 0
• 主要链路：
  • picomatch 高危
  • vite / vitest / typescript-eslint / eslint 相关 dev toolchain 链路存在中危项
• 影响：
  • 生产依赖当前较干净。
  • 但工程供应链本身还不能称为“完全收口”。

Q-006 中风险：外部告警交付证据未闭环

• 结果：
  • Repo-level alerting package structurally ready: True
  • Repo-level oncall/delivery package fully closed: False
• 影响：
  • 仓内模板、结构、演练已具备。
  • 但真实外部通知联系人/渠道的交付闭环证据还缺。

5. 综合判断

5.1 已达到的水平

• 可以真实表述为：
  • “项目当前可执行质量门禁整体通过，后端/前端/真实浏览器 E2E/本地治理演练已形成一轮真实闭环。”

5.2 不能夸大的表述

• 目前不能真实表述为：
  • “已经完全达到企业级生产上线质量”
  • “安全与治理材料全部闭环”
  • “自动化测试覆盖已经充分”

5.3 真实状态

• 当前更准确的结论是：
  • 执行层面很强，产品主链路和真实浏览器验证已明显成熟。
  • 但安全会话模型、反向代理信任边界、覆盖率、dev 供应链漏洞、外部告警交付证据，仍是生产级质量的真实缺口。

6. 下一步优先级

1. 会话安全整改
   • 移除 Web Storage 中的 access/refresh token 持久化。
   • 切到 HttpOnly cookie 或 BFF / server session。
2. OAuth 信任边界整改
   • 不再直接信任 X-Forwarded-*。
   • 显式配置 trusted proxy / trusted origin，并补 runtime 证据。
3. fail-open 随机降级整改
   • crypto/rand 失败即报错，不再退化到时间戳或 math/rand。
4. 覆盖率提升
   • Frontend 优先补 AuthProvider、router、AdminLayout、UsersPage、WebhooksPage、ImportExportPage
   • Backend 优先补 internal/auth/providers、internal/repository、internal/database
5. 清理 dev toolchain SCA
   • 升级 vite/vitest/eslint/typescript-eslint 及其传递依赖，消除 picomatch 链路风险。
6. 补齐真实外部告警交付证据
   • 接入真实通知渠道并形成可审计投递记录。

7. 本轮证据

• docs/team/QUALITY_STANDARD.md
• docs/status/REAL_PROJECT_STATUS.md
• docs/PROJECT_REVIEW_REPORT.md
• docs/evidence/ops/2026-03-27/e2e/ADMIN_BOOTSTRAP_CLOSURE_20260327-173914.md
• docs/evidence/ops/2026-03-27/sca/SCA_SUMMARY_20260327-181910.md
• docs/evidence/ops/2026-03-27/observability/LOCAL_BASELINE_20260327-182005.md
• docs/evidence/ops/2026-03-27/alerting/ALERTING_PACKAGE_20260327-182058.md
• docs/evidence/ops/2026-03-27/backup-restore/20260327-182059/
• docs/evidence/ops/2026-03-27/config-isolation/20260327-182059/
• docs/evidence/ops/2026-03-27/rollback/20260327-182059/
• docs/evidence/ops/2026-03-27/secret-boundary/20260327-181910/

8. 2026-03-28 Q-004 Closure Update

• Real status update:
  • Q-004 is improved again, but still cannot be honestly declared closed.
• Newly closed frontend hotspot:
  • frontend/admin/src/app/router.tsx is now at 100 / 100 / 100 / 100.
• Validation evidence added:
  • targeted router test
  • full frontend test:run
  • lint
  • build
  • full frontend test:coverage
• Current frontend full coverage after this pass:
  • statements 90.74%
  • branches 77.74%
  • functions 87.40%
  • lines 90.87%
• Main remaining Q-004 frontend hotspots now narrow to:
  • src/pages/admin/DashboardPage/DashboardPage.tsx
  • src/components/feedback/PageState/PageState.tsx
  • additional lower-coverage shared/admin surfaces outside this pass
• Real hygiene gap still open:
  • the successful frontend coverage run still prints one post-summary jsdom AggregateError network-noise line
• Evidence:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-121611.md

9. 2026-03-28 Dashboard Closure Update

• Real status update:
  • Q-004 improved again, but still cannot be honestly declared closed.
• Newly closed frontend hotspot:
  • frontend/admin/src/pages/admin/DashboardPage/DashboardPage.tsx is now at 100 / 100 / 100 / 100.
• Validation evidence added:
  • targeted dashboard test
  • lint
  • build
  • full frontend test:coverage
• Current frontend full coverage after this pass:
  • statements 91.66%
  • branches 78.26%
  • functions 87.86%
  • lines 91.82%
• Main remaining Q-004 frontend hotspots now narrow to:
  • src/components/feedback/PageState/PageState.tsx
  • additional lower-coverage shared/admin surfaces outside this pass
• Real hygiene gap still open:
  • the successful frontend coverage run still prints one post-summary jsdom AggregateError network-noise line
• Evidence:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-122517.md

10. 2026-03-28 PageState Closure Update

• Real status update:
  • Q-004 improved again, but still cannot be honestly declared closed.
• Newly closed frontend hotspot:
  • frontend/admin/src/components/feedback/PageState/PageState.tsx is now at 100 / 100 / 100 / 100.
• Validation evidence added:
  • targeted PageState test
  • lint
  • build
  • full frontend test:coverage
• Current frontend full coverage after this pass:
  • statements 91.71%
  • branches 78.52%
  • functions 88.01%
  • lines 91.86%
• Main remaining Q-004 frontend hotspots now narrow to:
  • src/layouts/AdminLayout/AdminLayout.tsx
  • src/pages/admin/ImportExportPage/ImportExportPage.tsx
  • src/lib/errors/AppError.ts
  • src/lib/storage/token-storage.ts
  • additional lower-coverage shared/admin surfaces outside this pass
• Real hygiene gap still open:
  • the successful frontend coverage run still prints one post-summary jsdom AggregateError network-noise line
• Evidence:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-123228.md

11. 2026-03-28 AdminLayout Closure Update

• Real status update:
  • Q-004 improved again, but still cannot be honestly declared closed.
• Newly closed frontend hotspot:
  • frontend/admin/src/layouts/AdminLayout/AdminLayout.tsx is now at 100 / 100 / 100 / 100.
• Validation evidence added:
  • targeted AdminLayout test
  • lint
  • build
  • full frontend test:coverage
• Current frontend full coverage after this pass:
  • statements 92.06%
  • branches 79.29%
  • functions 89.09%
  • lines 92.22%
• Main remaining Q-004 frontend hotspots now narrow to:
  • src/lib/storage/token-storage.ts
  • src/lib/errors/AppError.ts
  • src/pages/admin/ImportExportPage/ImportExportPage.tsx
  • src/pages/NotFoundPage/NotFoundPage.tsx
  • additional lower-coverage shared/admin surfaces outside this pass
• Real hygiene gap still open:
  • the successful frontend coverage run still prints one post-summary jsdom AggregateError network-noise line
• Evidence:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-124756.md

12. 2026-03-28 Token Storage Closure Update

• Real status update:
  • Q-004 improved again, but still cannot be honestly declared closed.
• Newly closed frontend hotspot:
  • frontend/admin/src/lib/storage/token-storage.ts is now at 100 / 100 / 100 / 100.
• Validation evidence added:
  • targeted token-storage test
  • lint
  • build
  • full frontend test:coverage
• Current frontend full coverage after this pass:
  • statements 92.32%
  • branches 79.63%
  • functions 89.70%
  • lines 92.49%
• Main remaining Q-004 frontend hotspots now narrow to:
  • src/lib/errors/AppError.ts
  • src/pages/admin/ImportExportPage/ImportExportPage.tsx
  • src/pages/NotFoundPage/NotFoundPage.tsx
  • additional lower-coverage shared/admin surfaces outside this pass
• Real hygiene gap still open:
  • the successful frontend coverage run still prints one post-summary jsdom AggregateError network-noise line
• Evidence:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-125454.md

13. 2026-03-28 AppError Closure Update

• Real status update:
  • Q-004 improved again, but still cannot be honestly declared closed.
• Newly closed frontend hotspot:
  • frontend/admin/src/lib/errors/AppError.ts is now at 100 / 100 / 100 / 100.
  • frontend/admin/src/lib/errors/index.ts is now at 100 / 100 / 100 / 100.
• Validation evidence added:
  • targeted AppError module test
  • lint
  • build
  • full frontend test:coverage
• Current frontend full coverage after this pass:
  • statements 93.07%
  • branches 81.35%
  • functions 90.32%
  • lines 93.26%
• Main remaining Q-004 frontend hotspots now narrow to:
  • src/pages/admin/ImportExportPage/ImportExportPage.tsx
  • src/pages/NotFoundPage/NotFoundPage.tsx
  • src/lib/hooks/useBreadcrumbs.ts
  • src/app/providers/ThemeProvider.tsx
  • additional lower-coverage shared/admin surfaces outside this pass
• Real hygiene gap still open:
  • the successful frontend coverage run still prints one post-summary jsdom AggregateError network-noise line
• Evidence:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-140215.md

1.4 2026-03-28 Q-004 latest remediation note XIV

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 93.56 / 81.95 / 90.93 / 93.71
  • src/pages/admin/ImportExportPage/ImportExportPage.tsx is now 100 / 100 / 100 / 100
• The latest remediation closed one more previously real frontend hotspot:
  • ImportExportPage.tsx is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • after the import/export page was closed, the remaining higher-value frontend gaps narrow further to NotFoundPage, useBreadcrumbs, ThemeProvider, and the still-open coverage-noise hygiene issue
• The validation hygiene note changed slightly but remains materially open:
  • ImportExportPage tests no longer emit the extra jsdom window.getComputedStyle(..., pseudoElt) noise from rc-table
  • npm.cmd run test:coverage still passed again while emitting post-summary jsdom AggregateError network-noise lines
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-142248.md

1.5 2026-03-28 Q-004 latest remediation note XV

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 93.69 / 81.95 / 91.24 / 93.85
  • src/pages/NotFoundPage/NotFoundPage.tsx is now 100 / 100 / 100 / 100
• The latest remediation closed one more previously real frontend hotspot:
  • NotFoundPage.tsx is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • after the 404 page was closed, the remaining higher-value frontend gaps narrow further to useBreadcrumbs, ThemeProvider, and the still-open coverage-noise hygiene issue
• The validation hygiene note remains materially open:
  • npm.cmd run test:coverage still passed again while emitting post-summary jsdom AggregateError network-noise lines
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-143209.md

1.6 2026-03-28 Q-004 latest remediation note XVI

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 93.84 / 82.29 / 91.21 / 94.01
  • src/lib/hooks/useBreadcrumbs.ts is now 100 / 100 / 100 / 100
• The latest remediation closed one more previously real frontend hotspot:
  • useBreadcrumbs.ts is no longer an open Q-004 gap
• This pass also removed one small piece of dead frontend complexity:
  • the hook's parent-injection branch was redundant under the current route model and has been removed rather than artificially test-forced
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • after the breadcrumb hook was closed, the remaining higher-value frontend gaps narrow further to ThemeProvider plus the still-open coverage-noise hygiene issue
• The validation hygiene note remains materially open:
  • npm.cmd run test:coverage still passed again while emitting post-summary jsdom AggregateError network-noise lines
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-144036.md

1.7 2026-03-28 Q-004 latest remediation note XVII

• Q-004 was remediated further again after the previous addendum and still remains open.
• Newly verified outcomes:
  • frontend overall coverage is now 93.93 / 82.29 / 91.37 / 94.10
  • src/app/providers/ThemeProvider.tsx is now 100 / 100 / 100 / 100
• The latest remediation closed one more previously real frontend hotspot:
  • ThemeProvider.tsx is no longer an open Q-004 gap
• The updated real boundary remains:
  • Q-004 still cannot be truthfully closed
  • after the theme provider was closed, the remaining frontend gap for this closure track narrows to the still-open post-summary jsdom AggregateError coverage-noise issue
• The validation hygiene note remains materially open:
  • npm.cmd run test:coverage still passed again while emitting post-summary jsdom AggregateError network-noise lines
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-144756.md

1.8 2026-03-28 Q-004 latest remediation note XVIII

• Q-004 for the frontend/admin closure track can now be truthfully closed.
• Newly verified outcomes:
  • frontend overall coverage is now 93.98 / 82.29 / 91.37 / 94.15
  • src/app/router.tsx remains 100 / 100 / 100 / 100 in the latest full-suite coverage run
  • full frontend coverage completed with 54 passing test files and 248 passing tests
• The final materially open blocker is now closed:
  • the successful npm.cmd run test:coverage run no longer emits the previously recurring post-summary jsdom AggregateError network-noise lines
• The real closure boundary is now:
  • all previously identified frontend hotspots in this Q-004 closure track remain closed
  • the validation hygiene path is clean enough to honestly close Q-004
  • a separate npm global config warning still prints after command completion, but it is external environment noise rather than a project-generated failure
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-151952.md

1.9 2026-03-28 Q-005 SCA closure note XIX

• Q-005 can now be truthfully closed.
• Newly verified outcomes:
  • npm audit production is now 0
  • npm audit full is now 0
  • govulncheck reachable findings remain 0
• The remediation that closed the dev-toolchain supply-chain gap was:
  • upgrade vite to 8.0.3
  • upgrade vitest and @vitest/coverage-v8 to 4.1.2
  • upgrade typescript-eslint to 8.57.2
  • pin vulnerable transitive chains with overrides for picomatch and brace-expansion
• Re-verification after the dependency update also passed:
  • frontend/admin lint
  • frontend/admin production build
  • full frontend test:coverage
• The updated real boundary is now:
  • Q-004 and Q-005 are both closed for the current closure track
  • the next unclosed cross-cutting governance gap is Q-006 external alert delivery evidence
  • the separate product/external-proof boundary around live third-party OAuth provider browser evidence also still remains
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-28/sca/SCA_SUMMARY_20260328-220806.md

2.0 2026-03-29 Q-006 readiness note XX

• Q-006 still cannot be truthfully closed, but the repo-side closure path is stricter than before.
• Newly verified outcomes:
  • alerting package structural validation still passes on the latest run
  • render drill still passes on the latest run
  • a new strict live-delivery drill now exists and fails closed on placeholder/example values
• The latest repo-side hardening for this gap is:
  • add scripts/ops/drill-alertmanager-live-delivery.ps1
  • refuse unresolved placeholders, example.* addresses/hosts, and placeholder secrets before any network attempt
  • emit only redacted config artifacts and masked recipient evidence
  • remove the date-rollover false blocker in validate-alerting-package.ps1 by falling back to the latest available baseline evidence
• The updated real boundary is now:
  • repo-side alert delivery verification tooling is materially better prepared
  • Q-006 remains open because no real non-placeholder on-call delivery environment has been injected and no successful live SMTP acceptance evidence has yet been captured
  • the remaining closure work is external-environment proof, not another repo-local template/rendering fix
• Latest evidence for this addendum:
  • docs/evidence/ops/2026-03-29/alerting/ALERTING_PACKAGE_20260329-100316.md
  • docs/evidence/ops/2026-03-29/alerting/20260329-100315/ALERTMANAGER_RENDER_DRILL.md
  • docs/evidence/ops/2026-03-29/alerting/20260329-100315/ALERTMANAGER_LIVE_DELIVERY_DRILL.md