feat(Metrics&Alert): 完成告警规则调整记录

[acd19ml]

变更背景和解决方案

关联issue: #42

文档更新（架构文档、API文档、升级文档）

Checklist

• 确认是否有文档更新
• 确认是否自测
• 确认是否考虑兼容升级，不兼容升级需要有对应的解决方案
• 确认是否考虑添加监控指标
• API 设计是否符合 API 设计规范, 如果没有 API 变更，请忽略
• 我已经添加了相关人员到 Reviewers 列表中
• 我已经设置了 Development 关联的 Issue

[gemini-code-assist]

Summary of Changes

Hello @acd19ml, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

此拉取请求主要致力于增强指标和告警系统。它涉及将后端 Go 框架从 fox-gonic/fox 重构为 gin-gonic/gin，并调整 Prometheus 异常检测调度，使其检查频率更高。关键改进包括为告警处理提供更详细的日志记录、引入新的机制来记录告警规则元数据变更，以及移除次要的客户端持久化功能。这些更改旨在提高系统的响应能力、可观测性和可维护性。

Highlights

• 后端框架迁移: Go 后端框架从 fox-gonic/fox 迁移到 gin-gonic/gin，涉及多个 Go 文件中的导入和类型定义更新。
• Prometheus 调度器间隔调整: Prometheus 异常检测调度器的默认执行间隔从 6 小时大幅缩短至 5 分钟，以实现更频繁的告警检查。
• 告警规则 watch_time 格式统一: 告警规则配置文件 configs/alerting/rules.json 中 watch_time 字段的格式从 'X minutes' 统一为 'Xm' 简写形式。
• 异常检测客户端重命名: 将 PrometheusClient 和 PrometheusConfig 重命名为 AnomalyDetectClient 和 AnomalyDetectConfig，以更准确地反映其在异常检测中的作用。
• 新增告警元数据变更日志: 引入了新的 alert_meta_change_logs 数据库表，用于记录告警规则元数据的变更历史，增强了审计能力。
• 客户端本地存储移除: 前端代码移除了 localStorage 中服务版本告警状态的保存和加载逻辑，禁用了此功能的客户端持久化。
• Docker 基础镜像源更新: Dockerfile 中使用的 Go 和 Distroless 基础镜像源已更新为 docker.m.daocloud.io 和 gcr.m.daocloud.io，可能旨在优化构建环境或访问速度。
• Alertmanager Webhook 增强日志: Alertmanager Webhook 处理程序中增加了详细的日志输出，以提高调试和可观测性。

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🚀 Frontend deployed successfully!

📱 Preview URL: https://zeroops-jo7dnssco-liuscrafts-projects.vercel.app

✅ Build completed successfully

[gemini-code-assist]

Code Review

这个 PR 主要完成了告警规则调整记录的功能，并进行了一次大规模的后端框架从 fox 到 gin 的迁移。功能实现方面，通过新增 alert_meta_change_logs 表来记录阈值变更历史，并在 scheduler.go 中增加了动态调整阈值的逻辑，整体实现清晰。框架迁移涉及文件较多，但从代码来看迁移工作完成得比较彻底。

我主要有以下几点反馈：

1. 前端配置中存在硬编码的 IP 地址，这会给团队协作带来不便，建议使用环境变量进行配置。
2. scheduler.go 中新增了大量的调试日志，这对于功能追踪非常有帮助。但部分日志的可读性和效率可以进一步优化，使其在生产环境中更有价值。

整体来看，这是一个高质量的 PR，功能和重构都完成得很好。修改我提出的几个小问题后，代码会更加健壮和易于维护。

[gemini-code-assist]

代理目标地址被硬编码为 IP 地址 (http://10.210.10.33:8080)。这使得其他开发人员难以在本地环境中运行和调试，降低了项目的可移植性。建议使用环境变量来配置该地址，这样每位开发者都可以根据自己的环境进行设置。

Suggested change

	target: 'http://10.210.10.33:8080',
	target: process.env.VITE_API_BASE_URL || 'http://localhost:8080',

[niupilot]

Code Review Summary

Reviewed using specialized agents for code quality, performance, security, and documentation.

🚨 Critical Issues (Must Fix Before Merge)

1. SQL Injection - JSON interpolation in scheduler (scheduler.go:351, 442, 467)
2. No Authentication - All API endpoints unprotected except webhook (middleware/auth.go:7)
3. Insecure Default - Webhook auth disabled when not configured (receiver/auth.go:36)
4. 72x Performance Impact - Scheduler interval: 6h→5m without database optimization (scheduler.go:79)

⚠️ High Priority

• Missing database indexes (GIN on alert_rule_metas.labels, composite on alert_issues)
• N+1 query pattern in threshold updates
• Excessive logging (20+ statements per alert)

📋 Recommendations

Immediate:

• Fix SQL injection using json.Marshal() instead of fmt.Sprintf()
• Enable authentication or document security model
• Add database indexes before deploy
• Reconsider 5-minute scheduler interval or optimize queries

See inline comments for detailed fixes.