feat(runtime): harden daily pipeline audit and verification

Tighten real-ingestion success rules, separate scheduled reports from historical rebuilds, and persist source-level runtime audit across daily pipeline runs. Also add the Phase 5 CI workflow contract plus verification updates and supporting docs so the full uncommitted change set can be validated together.
2026-05-14 16:17:39 +08:00
parent 618dff33da
commit a8999abcb0
17 changed files with 880 additions and 45 deletions
--- a/scripts/fetch_openrouter_test.go
+++ b/scripts/fetch_openrouter_test.go
@@ -4,6 +4,8 @@ package main

 import (
 	"encoding/json"
+	"net/http"
+	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"testing"
@@ -98,3 +100,33 @@ func TestRunNoAPIKey(t *testing.T) {
 		t.Error("models 为空")
 	}
 }
+
+func TestFetchModelsFailsInStrictRealModeWithoutAPIKey(t *testing.T) {
+	_, err := fetchModels(Config{StrictReal: true})
+	if err == nil {
+		t.Fatal("strict real mode should fail without API key")
+	}
+}
+
+func TestRunFailsInStrictRealModeWhenDBWriteFails(t *testing.T) {
+	tmpDir := t.TempDir()
+	outPath := filepath.Join(tmpDir, "models.json")
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		_, _ = w.Write([]byte(`{"data":[{"id":"openai/gpt-4o","name":"GPT-4o","context_length":128000,"pricing":{"input":2.5,"output":10.0}}]}`))
+	}))
+	defer server.Close()
+
+	err := run(Config{
+		APIKey:     "test-key",
+		APIURL:     server.URL,
+		OutPath:    outPath,
+		DBConn:     "postgres://invalid@127.0.0.1:1/invalid?sslmode=disable",
+		BatchSize:  10,
+		TimeoutSec: 1,
+		StrictReal: true,
+	})
+	if err == nil {
+		t.Fatal("strict real mode should fail when database write fails")
+	}
+}