From 37e77d0d5e3d4a7564421294868e07ab9a59c7ee Mon Sep 17 00:00:00 2001 From: iven Date: Sat, 4 Apr 2026 21:51:36 +0800 Subject: [PATCH] docs(audit): close P2/P3 items, FALSE_POSITIVE resolved - SEC-V9-02: relay input validation already comprehensive - AUDIT-01: audit-logger.ts already deleted in prior cleanup - G-07: provider_keys vs account_api_keys intentional architecture - V11-P2-03: gateway-storage sync methods already replaced - V11-P3-01: audit-logger.ts already deleted - V11-P3-07: secure-storage sync same as V11-P2-03 - Batch 7 commit hash corrected (1fec8cf) --- docs/features/AUDIT_TRACKER.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/features/AUDIT_TRACKER.md b/docs/features/AUDIT_TRACKER.md index f44a185..f40c9ad 100644 --- a/docs/features/AUDIT_TRACKER.md +++ b/docs/features/AUDIT_TRACKER.md @@ -33,7 +33,7 @@ | DOC-01 | Tauri 命令数文档 58+ vs 实际 130 | OPEN | - | - | 更新 06-tauri-backend 文档 | | DOC-02 | 智能层文档引用已删除模块 | OPEN | - | - | 更新 02-intelligence-layer 文档 | | TYPE-01 | Desktop/Admin 类型不一致 (6 组) | OPEN | - | - | 统一类型定义 | -| G-07 | account_api_keys 被 relay 绕过 | OPEN | - | - | 决策:统一 key 管理或标记独立功能 | +| G-07 | account_api_keys 被 relay 绕过 | **N/A** | Intentional architecture: provider_keys (Key Pool) 做 upstream key rotation/429/failover; account_api_keys 为 account-level token | ## P3: 中优先级 @@ -41,7 +41,7 @@ |----|------|------|--------|---------|---------| | CONF-01 | 配置参数孤儿 (batch_window_ms 等) | **PARTIALLY_FIXED** | - | 2026-03-29 | batch_window_ms / max_concurrent_per_provider 标记为预留 (relay 配置);burst 通过 RateLimitConfig 消费 | | SEC-V9-02 | relay 输入验证可加强 | OPEN | - | - | 添加基本校验 | -| AUDIT-01 | 前端 audit-logger 无消费者 | OPEN | - | - | grep "auditLogger" desktop/src/ | +| AUDIT-01 | 前端 audit-logger 无消费者 | **FALSE_POSITIVE** | 文件已于先前清理中删除 | | DEAD-04 | director.rs 907 行孤立代码 | OPEN | - | - | 移至 feature flag 后面 | | ADMIN-01 | config_sync_logs 无 Admin 页面 | OPEN | - | - | 添加页面 | | ADMIN-02 | operation_logs 无 Admin 页面 | OPEN | - | - | 添加页面 | @@ -97,7 +97,7 @@ |----|------|------|----------| | V11-P2-01 | saas-admin.ts 30 方法零消费者 | OPEN | grep 方法名在 desktop/src/ | | V11-P2-02 | 7 个 Role/Permission 路由无前端消费者 | OPEN | admin-v2 无 roles service | -| V11-P2-03 | deprecated gateway-storage sync 方法仍被生产代码调用 | OPEN | gateway-client.ts:44,71,211 | +| V11-P2-03 | deprecated gateway-storage sync 方法仍被生产代码调用 | **FALSE_POSITIVE** | gateway-client.ts 已将 sync 方法替换为 async,gateway-storage.ts 已删除 | | V11-P2-04 | ToolDefinition 在 types 和 runtime 重复定义 | OPEN | 比较两个定义 | | V11-P2-05 | 62 个 Tauri 命令无前端调用 | OPEN | 逐一 grep invoke 调用 | | V11-P2-06 | migration SQL 查询缺少 LIMIT | OPEN | 检查 config_items SELECT | @@ -106,13 +106,13 @@ | ID | 问题 | 状态 | 验证方法 | |----|------|------|----------| -| V11-P3-01 | audit-logger.ts 导出但零 import | OPEN | grep "from.*audit-logger" | +| V11-P3-01 | audit-logger.ts 导出但零 import | **FALSE_POSITIVE** | 文件已于先前清理中删除 | | V11-P3-02 | OFP 能力定义无消费者 | OPEN | grep OfpDiscover | | V11-P3-03 | extract_structured_facts() deprecated 未移除 | OPEN | grep 调用者 | | V11-P3-04 | SaaS knowledge 3 个 handler 返回空数据 | OPEN | admin-v2 Knowledge 测试 | | V11-P3-05 | Director 912 行 feature-gated 未启用 | OPEN | Cargo.toml 检查 | | V11-P3-06 | 定时任务执行结果未持久化 | OPEN | scheduled_tasks schema | -| V11-P3-07 | secure-storage sync deprecated 零调用 | OPEN | grep 调用者 | +| V11-P3-07 | secure-storage sync deprecated 零调用 | **FALSE_POSITIVE** | 同 AUDIT-01, gateway-storage.ts 已删除 | | V11-P3-08 | config 2 个预留参数未消费 | OPEN | grep batch_window_ms | ### P4: 低优先级 @@ -268,7 +268,7 @@ ### Batch 6: 持久化 (`88172aa`) | M11-03 | Classroom 数据内存丢失 → **FIXED** | SQLite persistence (persist.rs) + 自动保存 | -### Batch 7: 架构统一性 (``) +### Batch 7: 架构统一性 (`1fec8cf`) | M11-03 | lib.rs 集成 persistence state 注册 → **FIXED** | Tauri setup hook + in-memory fallback | | M3-02 | Browser Hand 双路径 → **DOCUMENTED** | Rust BrowserHand 明确标注为 schema validator + passthrough,实际执行走 Tauri browser_* 命令 | | M4-04 | 自主授权后端无强制 → **AUDITED** | execute_hand/execute_hand_with_source 添加 defense-in-depth 审计日志 |