|
30855
|
23390
|
6
|
5
|
91f125bd289d82c469493539589d79318bb96269
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26995
|
1
|
1779786702
|
1779786934
|
1779786701
|
1779786934
|
|
0
|
|
0
|
Edit
Delete
|
|
30856
|
23390
|
6
|
5
|
91f125bd289d82c469493539589d79318bb96269
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26996
|
1
|
1779786934
|
1779787662
|
1779786701
|
1779787663
|
|
0
|
|
0
|
Edit
Delete
|
|
30857
|
23390
|
6
|
5
|
91f125bd289d82c469493539589d79318bb96269
|
0
|
Unit Tests (HARD GATE)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (HARD GATE)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26998
|
2
|
1779787721
|
1779788257
|
1779786701
|
1779788257
|
|
1
|
|
0
|
Edit
Delete
|
|
30858
|
23390
|
6
|
5
|
91f125bd289d82c469493539589d79318bb96269
|
0
|
Governance Audit (HARD GATE)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (HARD GATE)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit 多租户隔离(HARD GATE / 红线1,不豁免)
run: pnpm -C backend run audit:tenant
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Audit Money Decimal Purity (CFO-P0 防御)
run: node --import tsx scripts/audit-money-decimal-purity.ts
continue-on-error: true
- name: Audit Nested Transaction (CFO-P0-1 + RO-P0-3 防御)
run: node --import tsx scripts/audit-nested-transaction.ts
continue-on-error: true
- name: Audit Test Assertion Density (QA-P0 防御)
run: node --import tsx scripts/audit-test-assertion-density.ts
continue-on-error: true
- name: Audit API Test Coverage (probe-only / read-covered / action-covered / complete-crud)
run: pnpm -C backend run audit:api-test-coverage
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
reports/money-decimal-purity-audit.latest.json
reports/nested-transaction-audit.latest.json
reports/test-assertion-density-audit.latest.json
reports/api-test-coverage.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 治理硬门禁 — 豁免感知 verdict(HARD)
run: node --import tsx scripts/harness/governance-gate.ts
- name: 文档对账 — CLAUDE.md GOVERNANCE-BASELINE ↔ reports 实测(HARD)
run: node --import tsx scripts/harness/baseline-reconcile.ts
- name: Harness Gate 综合 PR 验收(HARD)
run: pnpm harness gate
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26999
|
2
|
1779788257
|
1779788550
|
1779786701
|
1779788550
|
|
1
|
|
0
|
Edit
Delete
|
|
30859
|
23390
|
6
|
5
|
91f125bd289d82c469493539589d79318bb96269
|
0
|
Gate Integrity (meta-gate · HARD)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
gate-integrity:
name: Gate Integrity (meta-gate · HARD)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: 校验治理硬门禁未被软化
run: node --import tsx scripts/harness/gate-integrity-check.ts
...
|
gate-integrity
|
null
|
["ubuntu-latest"]
|
26997
|
1
|
1779787664
|
1779787721
|
1779786701
|
1779787721
|
|
0
|
|
0
|
Edit
Delete
|
|
30860
|
23391
|
13
|
5
|
6c80c00976d1c5ac4aaa5f76d10cf1e7b4f59448
|
0
|
Analyze (java)
|
1
|
name: CodeQL Analysis
"on":
push:
name: CodeQL Analysis
"on":
push:
branches: [develop, master, main]
pull_request:
branches: [develop, master, main]
schedule:
# 每周一凌晨3点运行
- cron: '0 3 * * 1'
jobs:
analyze:
name: Analyze (java)
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
cache: gradle
distribution: temurin
java-version: "17"
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: +security-extended,security-and-quality
- name: Grant Execute Permission
run: chmod +x ./gradlew
- name: Build
run: ./gradlew assembleDebug --stacktrace
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: /language:${{ matrix.language }}
timeout-minutes: "30"
strategy:
fail-fast: "false"
matrix:
language:
- java
permissions:
actions: read
contents: read
security-events: write
...
|
analyze
|
null
|
["ubuntu-latest"]
|
27000
|
2
|
1780282828
|
1780282919
|
1780282828
|
1780282919
|
|
0
|
|
0
|
Edit
Delete
|
|
30861
|
23392
|
13
|
5
|
6c80c00976d1c5ac4aaa5f76d10cf1e7b4f59448
|
0
|
Analyze (java)
|
1
|
name: CodeQL Analysis
"on":
push:
name: CodeQL Analysis
"on":
push:
branches: [develop, master, main]
pull_request:
branches: [develop, master, main]
schedule:
# 每周一凌晨3点运行
- cron: '0 3 * * 1'
jobs:
analyze:
name: Analyze (java)
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
cache: gradle
distribution: temurin
java-version: "17"
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
queries: +security-extended,security-and-quality
- name: Grant Execute Permission
run: chmod +x ./gradlew
- name: Build
run: ./gradlew assembleDebug --stacktrace
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: /language:${{ matrix.language }}
timeout-minutes: "30"
strategy:
fail-fast: "false"
matrix:
language:
- java
permissions:
actions: read
contents: read
security-events: write
...
|
analyze
|
null
|
["ubuntu-latest"]
|
27001
|
2
|
1780887629
|
1780887670
|
1780887628
|
1780887670
|
|
0
|
|
0
|
Edit
Delete
|
|
30862
|
23393
|
6
|
5
|
c32dc69661d18fedc3e6939936535f3f5906bf7d
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
27002
|
1
|
1780924424
|
1780925027
|
1780924423
|
1780925027
|
|
0
|
|
0
|
Edit
Delete
|
|
30863
|
23393
|
6
|
5
|
c32dc69661d18fedc3e6939936535f3f5906bf7d
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
27003
|
1
|
1780925028
|
1780925955
|
1780924423
|
1780925955
|
|
0
|
|
0
|
Edit
Delete
|
|
30864
|
23393
|
6
|
5
|
c32dc69661d18fedc3e6939936535f3f5906bf7d
|
0
|
Unit Tests (HARD GATE)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (HARD GATE)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
27005
|
2
|
1780926013
|
1780926415
|
1780924423
|
1780926415
|
|
1
|
|
0
|
Edit
Delete
|
|
30865
|
23393
|
6
|
5
|
c32dc69661d18fedc3e6939936535f3f5906bf7d
|
0
|
State Machine Model-Based (HARD GATE)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
state-machine-model:
name: State Machine Model-Based (HARD GATE)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run state machine model-based tests
run: pnpm -C backend run test:state-machines:model
...
|
state-machine-model
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
27006
|
1
|
1780926415
|
1780926753
|
1780924423
|
1780926753
|
|
1
|
|
0
|
Edit
Delete
|
|
30866
|
23393
|
6
|
5
|
c32dc69661d18fedc3e6939936535f3f5906bf7d
|
0
|
Governance Audit (HARD GATE)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (HARD GATE)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit 多租户隔离(HARD GATE / 红线1,不豁免)
run: pnpm -C backend run audit:tenant
- name: Audit Prisma Schema 镜像一致性(HARD GATE)
run: pnpm run audit:prisma-schema-source
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit 前端权限键 ↔ 后端真源(HARD GATE / 防按钮 fail-closed 隐藏)
run: pnpm run audit:permission-keys
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Audit Money Decimal Purity (CFO-P0 防御)
run: node --import tsx scripts/audit-money-decimal-purity.ts
continue-on-error: true
- name: Audit Nested Transaction (CFO-P0-1 + RO-P0-3 防御)
run: node --import tsx scripts/audit-nested-transaction.ts
continue-on-error: true
- name: Audit Test Assertion Density (QA-P0 防御)
run: node --import tsx scripts/audit-test-assertion-density.ts
continue-on-error: true
- name: Audit API Test Coverage (probe-only / read-covered / action-covered / complete-crud)
run: pnpm -C backend run audit:api-test-coverage
continue-on-error: true
- name: Audit Consumer Test Authenticity (断言剧场防御 / 假绿防御)
run: node --import tsx scripts/audit-consumer-test-authenticity.ts
continue-on-error: true
- name: Audit Consumer Idempotency (去重路径假覆盖防御)
run: node --import tsx scripts/audit-consumer-idempotency.ts
continue-on-error: true
- name: Audit State Machine Unwired Guards (死守卫 / 假保护防御)
run: node --import tsx scripts/audit-state-machine-unwired-guards.ts
continue-on-error: true
- name: Audit Migration Topology (影子迁移防御)
run: node --import tsx scripts/audit-migration-topology.ts
continue-on-error: true
- name: Audit API Test Fixed IDs (并行化降债棘轮 / write-pk)
run: pnpm -C backend run audit:api-test-fixed-ids
continue-on-error: true
- name: 30d Evidence - Launch Smoke Scope
run: pnpm run audit:launch-smoke-scope
continue-on-error: true
- name: 30d Evidence - Rollout Scope Freeze
run: pnpm run audit:rollout-scope-freeze
continue-on-error: true
- name: 30d Evidence - Production Foundation
run: pnpm run audit:production-foundation-evidence
continue-on-error: true
- name: 30d Evidence - RLS Staging Canary Plan
run: pnpm run audit:rls-staging-canary
continue-on-error: true
- name: 30d Evidence - Customer Signoff Status
run: node --import tsx scripts/harness/customer-signoff-status.ts
continue-on-error: true
- name: 30d Evidence - Production Gate Projection
run: node --import tsx scripts/production-release-gate.ts --no-fail
continue-on-error: true
- name: 30d Evidence - Gate Integrity
run: pnpm run audit:production-release-gate-integrity
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- name: 30d Evidence - Harness Meta Tests
run: pnpm run harness:test
- name: 30d Evidence - War Plan Markdown
run: node --import tsx scripts/governance-30d-war-plan.ts
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
reports/money-decimal-purity-audit.latest.json
reports/nested-transaction-audit.latest.json
reports/test-assertion-density-audit.latest.json
reports/api-test-coverage.latest.json
reports/api-test-fixed-ids-audit.latest.json
reports/consumer-test-authenticity-audit.latest.json
reports/consumer-idempotency-audit.latest.json
reports/state-machine-unwired-guards-audit.latest.json
reports/migration-topology-audit.latest.json
reports/customer-signoff-status.latest.json
reports/p0-customer-input-status.latest.json
reports/rollout-scope-freeze.latest.json
reports/rollout-scope-freeze.latest.md
reports/production-foundation-evidence.latest.json
reports/production-foundation-evidence.latest.md
reports/launch-smoke-scope.latest.json
reports/launch-smoke-scope.latest.md
reports/rls-staging-canary.latest.json
reports/rls-staging-canary.latest.md
reports/production-release-gate.latest.json
reports/production-release-gate.latest.md
reports/production-release-actions.latest.json
reports/production-release-actions.latest.md
reports/production-release-gate-integrity.latest.json
reports/production-release-gate-integrity.latest.md
reports/governance-30d-war-plan.latest.md
retention-days: "14"
- if: always()
name: 输出 governance summary
run: node --import tsx scripts/ci-governance-summary.ts --title "Governance Audit Summary" --include-rules
- name: 治理硬门禁 — 豁免感知 verdict(HARD)
run: node --import tsx scripts/harness/governance-gate.ts
- name: 文档对账 — CLAUDE.md GOVERNANCE-BASELINE ↔ reports 实测(HARD)
run: node --import tsx scripts/harness/baseline-reconcile.ts
- name: Harness Gate 综合 PR 验收(HARD)
run: pnpm harness gate
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
27007
|
2
|
1780926753
|
1780928762
|
1780924423
|
1780928762
|
|
1
|
|
0
|
Edit
Delete
|
|
30867
|
23393
|
6
|
5
|
c32dc69661d18fedc3e6939936535f3f5906bf7d
|
0
|
Gate Integrity (meta-gate · HARD)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
gate-integrity:
name: Gate Integrity (meta-gate · HARD)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: 校验治理硬门禁未被软化
run: node --import tsx scripts/harness/gate-integrity-check.ts
...
|
gate-integrity
|
null
|
["ubuntu-latest"]
|
27004
|
1
|
1780925956
|
1780926012
|
1780924423
|
1780926013
|
|
0
|
|
0
|
Edit
Delete
|
|
30138
|
22805
|
6
|
5
|
a46d1a8248b62d039fbdf3815bc192399beb6ce5
|
0
|
Frontend Type Check
|
2
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26306
|
2
|
1778722289
|
1778722380
|
1778721836
|
1778722380
|
|
0
|
|
0
|
Edit
Delete
|
|
30139
|
22805
|
6
|
5
|
a46d1a8248b62d039fbdf3815bc192399beb6ce5
|
0
|
Lint & Type Check
|
2
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26307
|
2
|
1778722380
|
1778722471
|
1778721836
|
1778722471
|
|
0
|
|
0
|
Edit
Delete
|
|
30717
|
23342
|
6
|
5
|
a5c6ac6d84d0c6aef2a832c4d0dbdffefe4d9eb3
|
0
|
Frontend Type Check
|
2
|
name: Gitea CI
"on":
push:
bra name: Gitea CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26893
|
2
|
1778889923
|
1778890014
|
1778885718
|
1778890014
|
|
0
|
|
0
|
Edit
Delete
|
|
30718
|
23342
|
6
|
5
|
a5c6ac6d84d0c6aef2a832c4d0dbdffefe4d9eb3
|
0
|
Lint & Type Check
|
2
|
name: Gitea CI
"on":
push:
bra name: Gitea CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26894
|
2
|
1778890014
|
1778890044
|
1778885718
|
1778890044
|
|
0
|
|
0
|
Edit
Delete
|