构建缓存完整性与污染防护治理（哈希-重用门禁）最佳实践

核心要点缓存条目必须包含 `SHA-256`；校验失败拒绝重用并清理。门禁策略：仅在输入一致与哈希匹配时允许重用。实现示例type CacheEntry = { key: string; sha256: string; inputs: string[] } function hex64(h: string): boolean { return /^[A-Fa-f0-9]{64}$/.test(h) } function inputsMatch(a: string[], b: string[]): boolean { if (a.length !== b.length) return false const sa = [...a].sort().join('|') const sb = [...b].sort().join('|') return sa === sb } function validEntry(e: CacheEntry): boolean { return !!e.key && hex64(e.sha256) && e.inputs.length > 0 } function allowReuse(candidate: CacheEntry, expected: CacheEntry): boolean { if (!validEntry(candidate) || !validEntry(expected)) return false if (candidate.key !== expected.key) return false if (!inputsMatch(candidate.inputs, expected.inputs)) return false return candidate.sha256.toLowerCase() === expected.sha256.toLowerCase() } 审计与CI门禁审计记录包含键、哈希与输入摘要；污染检出阻断并清理缓存。回退到最近可信缓存或触发重新构建并输出证据。