Commit Graph

53 Commits

Author SHA1 Message Date
Your Name
3f509d1a6c docs(ci): define real staging gate rules 2026-04-21 09:28:27 +08:00
Your Name
3aeddc0b43 docs(ci): define release manifest contract
Add the run_id and manifest contract doc, reserve the reports/releases tree, record the decision in the execution log, and annotate the four release scripts with their planned manifest-based inputs.
2026-04-21 09:23:54 +08:00
Your Name
d98b1fb262 docs(ci): define phase1 contract gate
Add the cross-service contract gate documentation, create the Phase 1 checklist, wire explicit contract-gate design slots into backend-verify and repo integrity scripts, and mark P1-D complete in the plan.
2026-04-21 09:20:33 +08:00
Your Name
fb659e8c96 docs(plan): complete auth rollback and comms notes
Add explicit rollback conditions and the compatibility-window README/ADR draft, record the rollback target in the execution log, and mark P1-C-07 and P1-C-08 complete in the plan.
2026-04-21 09:16:56 +08:00
Your Name
c3ac7cdbae docs(plan): capture auth convergence rollout
Add the auth implementation convergence notes for gateway and supply-api, record the agreed rollout strategy in the execution log, and mark P1-C-01 through P1-C-06 complete in the master plan.
2026-04-21 09:15:18 +08:00
Your Name
a9108dd390 docs(plan): record token schema alignment decision
Add the token runtime schema alignment notes, record the keep-and-thread-through decision in the execution log, and mark P1-B analysis tasks complete in the master plan.
2026-04-21 09:08:20 +08:00
Your Name
c5de0220a0 docs(plan): align service authority boundaries
Update the supply-api and platform-token-runtime READMEs to reflect the single token authority model, record the changes in the execution log, and mark P1-A-07 and P1-A-08 complete in the master plan.
2026-04-21 09:03:05 +08:00
Your Name
b864a4ef1b docs(plan): tighten token authority contract
Record the OpenAPI vs canonical principal gap, add tenant_id to the introspection response contract, and make the gateway README explicit that non-dev environments must use remote introspection.
2026-04-21 08:01:07 +08:00
Your Name
46152f50fd docs(plan): record phase1 authority baseline
Record the current identity entry points in the execution log and update the minimal token runtime spec with a single authority rule and canonical principal fields. Mark P1-A-01 through P1-A-03 complete in the optimization plan so subsequent batches can continue from the verified baseline.
2026-04-21 07:53:22 +08:00
Your Name
1f56b32257 feat(logging): unify structured startup logs 2026-04-20 19:55:38 +08:00
Your Name
b9b3678fe3 docs(review): finalize remediation closure confirmation 2026-04-20 17:56:47 +08:00
Your Name
414ecbb08c fix(token-runtime): preserve fingerprint on refresh and revoke 2026-04-20 10:47:59 +08:00
Your Name
45c4160eed docs: 清理架构文档中Kafka/etcd误填内容,标记废弃说明
- 00_PROJECT_OVERVIEW.md: 清除虚构的5个环境问题描述
- technical_architecture_design_v1: 标记废弃说明,架构图标注Redis/Kafka未使用
- llm_gateway_product_technical_blueprint_v1: 标注Message Queue已由PostgreSQL替代
- resource_assessment_plan_v1: 移除Kafka作为备选方案引用

代码库中无任何Kafka/etcd/CloudWatch运行时依赖,详见TEST_ENVIRONMENT_ISSUES.md
2026-04-18 11:48:29 +08:00
Your Name
014c183c84 fix: correct environment issues doc and add missing config improvements
- Remove fabricated etcd/Kafka/AWS issues from TEST_ENVIRONMENT_ISSUES.md
  (codebase contains zero references to these dependencies)
- Add Kafka/etcd/CloudWatch clarification: early design docs discuss
  these but actual implementation uses none of them
- Add getEnvInt() for GATEWAY_PORT env variable support
- Add devtest stack scripts for local development
- Update verification report and repair plan status
2026-04-18 11:34:58 +08:00
Your Name
421817c0c9 docs: add full verification report for all P0/P1 security fixes 2026-04-18 11:27:47 +08:00
Your Name
8fcdfe400e docs: enrich environment issues analysis and correct repair plan status
- Expand TEST_ENVIRONMENT_ISSUES.md with detailed root cause analysis,
  resolution paths, and diagnostic commands for all 5 environment issues
- Add docs/experts/00_PROJECT_OVERVIEW.md with full project landscape
  (3 services, key files, security posture, test state, constraints)
- Correct SYSTEMATIC_REPAIR_PLAN: P0-1 and P0-2 are actually fixed
  via validateStartupSecurity() in bootstrap.go (not residual issues)
- All P0/P1 fixes confirmed verified against source code
2026-04-18 09:34:21 +08:00
Your Name
0d81a53b7a docs: summarize remediation lessons and refresh project standards 2026-04-17 22:37:19 +08:00
Your Name
4d83f942bc docs(product): add page flow tree and button matrix 2026-04-17 22:28:07 +08:00
Your Name
b06dd8ccda docs(product): add completed feature inventory 2026-04-17 22:21:46 +08:00
Your Name
679a98dd9b docs(plan): add remediation execution checklist 2026-04-17 21:12:49 +08:00
Your Name
f48fca565b docs(sql): clarify active schema boundaries and status constraints 2026-04-17 20:12:05 +08:00
Your Name
8eab2a10f7 refactor(supply-api): reduce runtime aggregation density 2026-04-16 12:03:57 +08:00
Your Name
7e945868a5 refactor(supply-api): narrow runtime background surface 2026-04-16 11:38:56 +08:00
Your Name
45029b44d1 refactor(supply-api): narrow runtime http surface 2026-04-16 09:07:28 +08:00
Your Name
44780d1d29 refactor(supply-api): declarify runtime http adapter 2026-04-16 07:45:47 +08:00
Your Name
df8d73b4e3 refactor(supply-api): declarify bootstrap server assembly 2026-04-16 07:24:13 +08:00
Your Name
b9b875ac39 refactor(supply-api): split bootstrap http assembly 2026-04-16 07:11:33 +08:00
Your Name
39c4a11ff9 refactor(supply-api): split runtime store bundle builders 2026-04-15 23:27:11 +08:00
Your Name
22575bdd82 refactor(supply-api): split background startup helpers 2026-04-15 22:58:12 +08:00
Your Name
6e5a36bda1 refactor(supply-api): split runtime assembly helpers 2026-04-15 22:31:50 +08:00
Your Name
56cb40c1f9 refactor(supply-api): normalize app server defaults 2026-04-15 21:54:49 +08:00
Your Name
bec2a7bd1d refactor(supply-api): precheck main env before config load 2026-04-15 20:14:59 +08:00
Your Name
5ae0861fc3 refactor(supply-api): guard unsupported env values 2026-04-15 19:24:20 +08:00
Your Name
d348d5a2c6 refactor(supply-api): normalize runtime startup defaults 2026-04-15 19:12:27 +08:00
Your Name
6940ff52b6 refactor(supply-api): layer runtime startup flow 2026-04-15 18:42:06 +08:00
Your Name
bdacc4452c refactor(supply-api): deduplicate bootstrap assembly 2026-04-15 17:30:10 +08:00
Your Name
1776862768 refactor(supply-api): remove panic-only helper paths
Return explicit errors from AlertAPI construction instead of panicking inside the library layer, and let main own process-level failure handling.

Also delete the unused config.MustLoad helper and lock the supported config loading paths with tests.
2026-04-15 15:38:57 +08:00
Your Name
3bedb37fb8 refactor(review): automate machine-review source governance 2026-04-15 10:19:05 +08:00
Your Name
46c409156f docs(review): constrain live machine-review references
Add a single current machine-review source policy to active review and planning docs.
Mark legacy tok007 references as historical snapshots and point executable examples at the current review draft.
2026-04-14 22:53:06 +08:00
Your Name
88d842648d chore(repo): align integrity entrypoints with current state
Rewrite module READMEs around the current verified run and test paths, tighten repo_integrity_check.sh with fact-source checks, update supply-api migration baseline, and remove the platform-token-runtime audit query placeholder response.
2026-04-14 12:29:13 +08:00
Your Name
d28f83a6a8 chore(repo): add integrity baseline check 2026-04-14 10:38:24 +08:00
Your Name
ecdead0a03 docs(plan): define gate archive admission roadmap 2026-04-13 21:15:32 +08:00
Your Name
10d79be2c3 docs(cleanup): add committable cleanup plan 2026-04-13 20:31:05 +08:00
Your Name
aecba5ff27 docs(review): add remediation plans and readiness artifacts
Add design, review, and production-readiness documents for the April remediation cycle.\nInclude supporting SQL and supply-api operational design notes so review conclusions and implementation guidance stay versioned together.
2026-04-13 18:54:45 +08:00
Your Name
9e47ba56b7 docs(metrics): sync audit design and gate snapshots
Finalize the audit design notes, record the token auth naming alignment, and refresh the 2026-04-11 gate snapshots against the latest stage validation evidence. The metrics snapshot intentionally keeps M-018 as FAIL because PHASE-07 remains deferred.
2026-04-11 09:35:11 +08:00
Your Name
cb3c503152 docs: 更新实施状态 v1.4 - R-05/R-06完成 2026-04-03 12:06:40 +08:00
Your Name
7254971918 feat(supply-api): 完成IAM和Audit数据库-backed Repository实现
- 新增 iam_schema_v1.sql DDL脚本 (iam_roles, iam_scopes, iam_role_scopes, iam_user_roles, iam_role_hierarchy)
- 新增 PostgresIAMRepository 实现数据库-backed IAM仓储
- 新增 DatabaseIAMService 使用数据库-backed Repository
- 新增 PostgresAuditRepository 实现数据库-backed Audit仓储
- 新增 DatabaseAuditService 使用数据库-backed Repository
- 更新实施状态文档 v1.3

R-07~R-09 完成。
2026-04-03 11:57:15 +08:00
Your Name
cf2c8d5e5c docs: 更新实施状态 - P1/P2任务100%完成
2026-04-03更新:
- Audit HTTP Handler已完成 (AUD-05, AUD-06)
- IAM Middleware覆盖率提升至83.5%

状态总结:
- 规划任务:33个
- 已完成:33个 (100%)
- P1/P2核心功能全部完成
2026-04-03 11:21:30 +08:00
Your Name
f6c6269ccb docs: 更新P1/P2实施状态为准确版本
1. 新增 docs/plans/2026-04-03-p1-p2-implementation-status-v1.md
   - 准确反映33个任务的实际完成状态
   - 更新测试覆盖率数据
   - 分析实施与规划的一致性

2. 更新原计划文档进度追踪
   - IAM-01~08:  已完成
   - AUD-01~08: ⚠️ 6/8完成(Audit Handler未实现)
   - ROU-01~09:  已完成
   - CMP-01~08:  已完成

实际完成率:31/33 (94%)
2026-04-03 11:11:56 +08:00
Your Name
849699e014 docs: 更新项目经验总结v2
基于2026-04-03深度质量审查结果更新:
1. 添加P0-P2修复完整记录
2. 新增代码安全规范(SafeDSN、正则表达式、Context、并发)
3. 固化问题优先级定义
4. 更新测试覆盖率基线
5. 添加代码审查清单
2026-04-03 10:55:11 +08:00