fix(audit): use uuid.New() for ticket workflow audit IDs

Fixes 'invalid input syntax for type uuid' error when writing ticket workflow audit logs. The audit Event.ID field was using fmt.Sprintf with nanoseconds ('wf-%d') which doesn't match PostgreSQL's uuid type. Also adds uuid import to ticket_workflow.go. Verified: full chain webhook→assign→resolve→close produces 3 audit logs correctly, no more 'invalid uuid' errors in logs.
2026-05-04 13:44:39 +08:00
parent c7cb174c58
commit 087de4e102
23 changed files with 1459 additions and 195 deletions
--- a/prd/IDENTITY_AND_PERMISSION_STRATEGY.md
+++ b/prd/IDENTITY_AND_PERMISSION_STRATEGY.md
@@ -68,7 +68,7 @@
 | 查看运营大盘 | ❌ | ✅ | ✅ |
 | 敏感操作（退款） | ❌ | ✅ | ✅ |

-> **注**：权限模型**当前未落地**（无 RBAC 实现），所有接口均为平权访问。Phase 4 运营后台需补充完整权限校验。
+> **注**：Phase 1 已落地最小 header-based 鉴权与角色校验（`X-CS-Actor-ID` / `X-CS-Actor-Role`），用于保护 ticket/session 后台接口；完整 RBAC、用户级数据隔离与统一身份体系仍未落地，仍需在后续阶段补齐。

 ### 2.3 跨用户数据隔离

--- a/prd/PRODUCTION_CHECKLIST.md
+++ b/prd/PRODUCTION_CHECKLIST.md
@@ -22,7 +22,7 @@
 - 预生产门禁：未通过
 - 生产放行门禁：未通过

-因此：**当前仅可进入预生产整改与联调准备，不可按“生产已具备上线条件”放行。**
+因此：**当前仅可进入预生产整改与联调准备，不可按“生产已具备上线条件”或“可灰度发布”口径放行。**

 ---