fix(security): P0 安全修复 — 审计日志 PII 脱敏 + AI Token 计量 + backup.sh 拼写 + CI audit

1. 审计日志 PII 脱敏: audit_service.rs 中 old_value/new_value 自动 mask patient/consultation/follow_up 等资源类型的 PII 字段(id_number/phone/name 等) 2. AI Token 计量: chat_handler.rs 从 Provider response 和 AgentOrchestrator 提取实际 input_tokens/output_tokens，替代硬编码 0 3. AI display_hints: 从 AgentOrchestrator 传递 display_hints 给前端 ChatResponse 4. backup.sh: PGDATABSE 拼写错误修复为 PGDATABASE 5. CI: npm audit 移除 || true，高危漏洞阻止合并 6. 新增六维度深度分析报告 docs/discussions/2026-05-28
2026-05-29 07:56:29 +08:00
parent ddf5c196e4
commit 03ead44385
5 changed files with 376 additions and 9 deletions
--- a/docker/backup.sh
+++ b/docker/backup.sh
@@ -13,7 +13,7 @@ BACKUP_DIR="${BACKUP_DIR:-/backups}"
 PG_HOST="${PGHOST:-postgres}"
 PG_PORT="${PGPORT:-5432}"
 PG_USER="${PGUSER:-erp}"
-PG_DB="${PGDATABSE:-erp}"
+PG_DB="${PGDATABASE:-erp}"
 KEEP_DAYS="${KEEP_DAYS:-7}"
 TIMESTAMP=$(date +%Y%m%d_%H%M%S)
 FILENAME="${PG_DB}_${TIMESTAMP}.sql.gz"