niuniu/llm-intelligence
1
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
567d1f89ec1cefee14bcc856e35db96d5ad8dc0d
llm-intelligence/scripts/official_import_signature_audit_lib.go
phamnazage-jpg 256975e10c feat(audit): add pricing signature guards and reporting 
Add snapshot, signature, and drift guard support for Vertex AI, Cloudflare Workers AI, and Perplexity API, backed by a queryable audit table and recent-window view.

This commit also wires the audit query layer into daily signal materialization and report generation so structure drift becomes a first-class signal instead of a log-only artifact.
2026-05-15 22:34:22 +08:00

112 lines
2.9 KiB
Go
Raw Blame History

//go:build llm_script
package main
import (
"database/sql"
"encoding/json"
"fmt"
"os"
"strings"
"time"
)
type officialImportSignatureAuditRecord struct {
SourceKey string
CheckedAt time.Time
Status string
DriftDetected bool
BaselineInitialized bool
SourceURL string
FixturePath string
SnapshotPath string
SignaturePath string
BaselinePath string
StructureSHA256 string
PreviousStructureSHA256 string
ByteSize int
SignaturePayload any
ErrorMessage string
}
func persistOfficialImportSignatureAuditIfConfigured(record officialImportSignatureAuditRecord) error {
if strings.TrimSpace(os.Getenv("DATABASE_URL")) == "" {
return nil
}
db, err := subscriptionImportDB()
if err != nil {
return fmt.Errorf("open db for official import signature audit: %w", err)
}
defer db.Close()
if err := insertOfficialImportSignatureAudit(db, record); err != nil {
return fmt.Errorf("insert official import signature audit: %w", err)
}
return nil
}
func insertOfficialImportSignatureAudit(db *sql.DB, record officialImportSignatureAuditRecord) error {
if db == nil {
return fmt.Errorf("official import signature audit db is nil")
}
var signaturePayload any
if record.SignaturePayload != nil {
payload, err := json.Marshal(record.SignaturePayload)
if err != nil {
return fmt.Errorf("marshal signature payload: %w", err)
}
signaturePayload = string(payload)
}
_, err := db.Exec(
`INSERT INTO official_import_signature_audit (
source_key, checked_at, status, drift_detected, baseline_initialized,
source_url, fixture_path, snapshot_path, signature_path, baseline_path,
structure_sha256, previous_structure_sha256, byte_size, signature_payload, error_message
) VALUES (
$1, $2, $3, $4, $5,
$6, $7, $8, $9, $10,
$11, $12, $13, $14::jsonb, $15
)`,
record.SourceKey,
record.CheckedAt,
record.Status,
record.DriftDetected,
record.BaselineInitialized,
nullIfBlank(record.SourceURL),
nullIfBlank(record.FixturePath),
nullIfBlank(record.SnapshotPath),
nullIfBlank(record.SignaturePath),
nullIfBlank(record.BaselinePath),
nullIfBlank(record.StructureSHA256),
nullIfBlank(record.PreviousStructureSHA256),
nullIfZeroIntCommon(record.ByteSize),
signaturePayload,
nullIfBlank(record.ErrorMessage),
)
if err != nil {
return fmt.Errorf("insert official_import_signature_audit: %w", err)
}
return nil
}
func officialImportSignatureAuditStatus(driftDetected bool, baselineInitialized bool, runErr error) string {
switch {
case driftDetected:
return "drift_detected"
case baselineInitialized:
return "baseline_initialized"
case runErr != nil:
return "failed"
default:
return "passed"
}
}
func errorMessageText(err error) string {
if err == nil {
return ""
}
return strings.TrimSpace(err.Error())
}
Reference in New Issue View Git Blame Copy Permalink