Commit Graph

106 Commits

Author SHA1 Message Date
Your Name
0d81a53b7a docs: summarize remediation lessons and refresh project standards 2026-04-17 22:37:19 +08:00
Your Name
49738f2119 test(supply-api): disable cache in integration runner 2026-04-17 22:10:34 +08:00
Your Name
f48fca565b docs(sql): clarify active schema boundaries and status constraints 2026-04-17 20:12:05 +08:00
Your Name
cccb76b72b feat(supply-api): make withdraw readiness depend on sms wiring 2026-04-17 19:26:20 +08:00
Your Name
9bb1d6ce3e feat(supply-api): gate and wire iam routes explicitly 2026-04-17 19:19:37 +08:00
Your Name
9279e65cd7 fix(supply-api): make compensation executor fail closed 2026-04-17 19:15:45 +08:00
Your Name
2e0f6e29aa fix(supply-api): restore uncached build health 2026-04-17 16:20:34 +08:00
Your Name
ad776e4079 fix: P0/P1 security fixes across gateway, token-runtime, and supply-api
P0 fixes:
- platform-token-runtime: Add store.Save() after Refresh token update (P0-3)
- platform-token-runtime: Add sync.RWMutex to InMemoryRuntimeStore (P0-4)
- platform-token-runtime: Add bearer token auth to /audit-events endpoint (P0-5)
- gateway: Fail startup in production if PASSWORD_ENCRYPTION_KEY uses default (P0-1)
- gateway: Require explicit CORS_ALLOW_ORIGINS in production (P0-2)

P1 fixes:
- gateway: Add TrustedProxies config field + env var GATEWAY_TRUSTED_PROXIES (P1-5)
- gateway: Sanitize X-Request-ID header to prevent log injection (P1-6)
- gateway: Strip internal error details from error responses to clients (P1-7)
- supply-api: Upgrade deriveDEK from trivial byte-rotation to HKDF-SHA256 (P1-1)
- supply-api: Reject HS256/HS384/HS512 in production, require RSA (P1-2)

Code quality fixes:
- supply-api: Add BruteForceMaxAttempts + BruteForceLockoutDuration to AuthConfig (MED-12)
- supply-api: Add TrustedProxies to token_auth_middleware (IP spoofing protection)
- supply-api: Use shared pathutil.SplitPath instead of duplicate splitPath
- supply-api: Fix query_key_reject_middleware call sites with trustedProxies param
- gateway: Wire TrustedProxies into AuthMiddlewareConfig and extractClientIP
- gateway: Add CORSAllowOrigins to AuthConfig, wire into CORSMiddleware
- gateway: Fix CompletionsHandle to have context and RecordResult like ChatCompletions
- gateway: Add sanitizeRequestID helper for X-Request-ID log injection prevention
- gateway: Add os import for PASSWORD_ENCRYPTION_KEY check
- gateway: Add strings import to handler.go for sanitizeRequestID

Environment issues documented in TEST_ENVIRONMENT_ISSUES.md
2026-04-17 14:36:02 +08:00
Your Name
6f35b3e1ad refactor(supply-api): slim runtime constructor prelude 2026-04-16 15:38:29 +08:00
Your Name
8eab2a10f7 refactor(supply-api): reduce runtime aggregation density 2026-04-16 12:03:57 +08:00
Your Name
7e945868a5 refactor(supply-api): narrow runtime background surface 2026-04-16 11:38:56 +08:00
Your Name
45029b44d1 refactor(supply-api): narrow runtime http surface 2026-04-16 09:07:28 +08:00
Your Name
44780d1d29 refactor(supply-api): declarify runtime http adapter 2026-04-16 07:45:47 +08:00
Your Name
df8d73b4e3 refactor(supply-api): declarify bootstrap server assembly 2026-04-16 07:24:13 +08:00
Your Name
b9b875ac39 refactor(supply-api): split bootstrap http assembly 2026-04-16 07:11:33 +08:00
Your Name
39c4a11ff9 refactor(supply-api): split runtime store bundle builders 2026-04-15 23:27:11 +08:00
Your Name
22575bdd82 refactor(supply-api): split background startup helpers 2026-04-15 22:58:12 +08:00
Your Name
6e5a36bda1 refactor(supply-api): split runtime assembly helpers 2026-04-15 22:31:50 +08:00
Your Name
56cb40c1f9 refactor(supply-api): normalize app server defaults 2026-04-15 21:54:49 +08:00
Your Name
bec2a7bd1d refactor(supply-api): precheck main env before config load 2026-04-15 20:14:59 +08:00
Your Name
5ae0861fc3 refactor(supply-api): guard unsupported env values 2026-04-15 19:24:20 +08:00
Your Name
d348d5a2c6 refactor(supply-api): normalize runtime startup defaults 2026-04-15 19:12:27 +08:00
Your Name
6940ff52b6 refactor(supply-api): layer runtime startup flow 2026-04-15 18:42:06 +08:00
Your Name
bdacc4452c refactor(supply-api): deduplicate bootstrap assembly 2026-04-15 17:30:10 +08:00
Your Name
1776862768 refactor(supply-api): remove panic-only helper paths
Return explicit errors from AlertAPI construction instead of panicking inside the library layer, and let main own process-level failure handling.

Also delete the unused config.MustLoad helper and lock the supported config loading paths with tests.
2026-04-15 15:38:57 +08:00
Your Name
0c370e9353 refactor(domain): simplify outbox retry policy
Reduce the domain outbox surface to the shared retry/backoff contract that is actually consumed by the runtime layer.

Also make batch compensation processing pick up retrying records explicitly and cover that path with tests.
2026-04-15 10:44:05 +08:00
Your Name
567446bb25 test(repo): cover untested core packages 2026-04-15 10:17:32 +08:00
Your Name
98b1c2a86f chore(supply-api): refresh idempotency bootstrap comments
Update stale main.go comments so they match the current single-path idempotency behavior and no longer describe the removed inline fallback path.
2026-04-14 12:35:01 +08:00
Your Name
88d842648d chore(repo): align integrity entrypoints with current state
Rewrite module READMEs around the current verified run and test paths, tighten repo_integrity_check.sh with fact-source checks, update supply-api migration baseline, and remove the platform-token-runtime audit query placeholder response.
2026-04-14 12:29:13 +08:00
Your Name
ab0b0cc031 fix(supply-api): close sms verify and audit flush gaps
Use a shared in-memory code store across mock, Tencent, and Aliyun SMS services so send and verify follow the same contract. Also surface batch flush failures through FlushNow and explicit error tracking hooks for audit buffering.
2026-04-14 12:22:10 +08:00
Your Name
ad8d4bda9e feat(supply-api): align schema with repository contract 2026-04-14 12:13:36 +08:00
Your Name
55a6e7424a refactor(supply-api): remove inline idempotency fallback 2026-04-14 12:00:17 +08:00
Your Name
6d7ef661e6 feat(supply-api): persist audit alerts 2026-04-14 11:52:45 +08:00
Your Name
d28f83a6a8 chore(repo): add integrity baseline check 2026-04-14 10:38:24 +08:00
Your Name
fc3c1fe0a8 docs(gates): consolidate legacy tok archives 2026-04-14 07:26:28 +08:00
Your Name
ec62c801d8 docs(gates): admit verified 2026-04 snapshots 2026-04-13 21:47:19 +08:00
Your Name
e54cba9feb docs(gates): admit local staging evidence 2026-04-13 21:45:35 +08:00
Your Name
af3b9943be chore(cleanup): resolve pending supply-api files 2026-04-13 21:20:24 +08:00
Your Name
ecdead0a03 docs(plan): define gate archive admission roadmap 2026-04-13 21:15:32 +08:00
Your Name
24e85cab43 docs(gates): backfill archive csv snapshots 2026-04-13 21:07:26 +08:00
Your Name
9ad3980ae2 docs(gates): add root archive index 2026-04-13 21:03:44 +08:00
Your Name
90d71eb4ca refactor(outbox): remove runner event copy 2026-04-13 20:59:14 +08:00
Your Name
64f99a45e6 refactor(compensation): use handler registry 2026-04-13 20:56:02 +08:00
Your Name
a94de1b32b refactor(outbox): share domain backoff policy 2026-04-13 20:54:38 +08:00
Your Name
7f8143e3ac chore(config): separate local override guidance 2026-04-13 20:52:53 +08:00
Your Name
10d79be2c3 docs(cleanup): add committable cleanup plan 2026-04-13 20:31:05 +08:00
Your Name
aecba5ff27 docs(review): add remediation plans and readiness artifacts
Add design, review, and production-readiness documents for the April remediation cycle.\nInclude supporting SQL and supply-api operational design notes so review conclusions and implementation guidance stay versioned together.
2026-04-13 18:54:45 +08:00
Your Name
a2f042f1c2 test(supply-api): expand e2e coverage and support unix socket dsn
Add broader e2e coverage for account, package, billing, tracing, and reliability scenarios.\nSupport Unix socket DSN formatting in config and cover it with unit tests.\nIgnore local assistant metadata and generated gate artifacts to reduce workspace noise.
2026-04-13 18:53:35 +08:00
Your Name
841d75191e refactor: 使用结构化日志替代标准 log 包
将所有 log.Printf/Println 调用替换为 logging.Logger 结构化日志输出:
- internal/middleware/auth.go: AUTH_WARNING 和 AUTH_ERROR 日志
- internal/middleware/middleware.go: Recovery 中间件 panic 日志
- internal/domain/account.go: emitAudit 审计错误日志
- internal/domain/settlement.go: emitAudit 审计错误日志
- internal/domain/package.go: emitAudit 审计错误日志
- internal/domain/compensation.go: 补偿处理器所有日志
- internal/compensation/compensation.go: 补偿执行器所有日志
- internal/outbox/outbox.go: OutboxProcessor 所有日志
- internal/iam/middleware/scope_auth.go: WILDCARD_SCOPE_ACCESS 审计日志

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 09:49:58 +08:00
Your Name
bf6fc09b88 refactor(cmd): main.go 使用结构化日志替代标准 log
1. 移除标准库 log 导入
2. 使用 jsonLogger 输出结构化 JSON 日志
3. 添加格式化日志方法 (Infof, Errorf, Fatalf)
4. Fatalf 现在会调用 os.Exit(1)

日志格式示例:
{"timestamp":"...","level":"INFO","service":"supply-api","message":"starting supply-api in prod mode"}

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-13 07:46:52 +08:00