Method and system for automated verification of supplier compliance
By collecting micro-behavioral data in IT service outsourcing scenarios, constructing cognitive behavioral feature vectors and performance correlation graphs, the problem of not being able to identify functional mimicry fraud and quantify risk transmission in existing technologies is solved, enabling accurate verification of outsourcing performance and monitoring of process stability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Filing Date
- 2026-06-11
- Publication Date
- 2026-07-14
AI Technical Summary
Existing technologies cannot identify functional mimicry fraud such as "senior personnel nominally employed while junior personnel impersonate others" or "machine script subcontracting" in IT service outsourcing scenarios. Furthermore, they cannot quantify the impact of external risk potential energy on specific functional modules after penetrating personnel, making it difficult to achieve full-chain performance consistency verification.
By collecting micro-behavioral data in a secure desktop terminal environment, a cognitive behavior feature vector is constructed. A cognitive coupling degree model is used to identify cognitive outliers. Risk penetration potential is calculated by combining the performance correlation graph, generating a real-time dynamic acceptance threshold. Furthermore, performance consistency collapse early warning is generated by calculating the interactive information entropy based on the interactive topology network.
It enables accurate verification of the authenticity of outsourced personnel's performance, quantifies the transmission of external risks to internal technical debt, identifies process collapse risks, and improves performance stability and management transparency.
Smart Images

Figure CN122390570A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of information technology management, and more specifically, to a method and system for automated verification of supplier performance consistency. Background Technology
[0002] With the acceleration of enterprise digital transformation, IT service outsourcing has become a mainstream model. However, in actual delivery scenarios, supplier performance management generally faces a "black box" dilemma. Existing verification methods mostly focus on single-point checks of explicit result data, ignoring the physical entanglement between the micro-level cognitive input and macro-level output logic of outsourced personnel during the performance process. This makes it difficult to identify functional mimicry fraud such as "senior personnel nominally employed while junior personnel are actually replaced" or "machine script-based outsourcing." Furthermore, existing risk control systems often treat external operational risks of suppliers separately from internal project delivery quality, failing to quantify the impact of external risk potential energy penetrating personnel and affecting specific functional modules. More importantly, traditional project progress management relies solely on reported data, ignoring the entropy increase effect caused by repeated rollbacks and communication dissipation within team collaboration. This often leads to projects falling into substantial process collapse under the cover of superficial progress compliance.
[0003] In the prior art, Chinese patent CN121256233A discloses a method, system, equipment, and medium for intelligent supervision of business outsourcing. This system generates accurate supervision results by integrating horizontal node features and vertical correlation features, providing intelligent technical support for monitoring the business outsourcing process. Chinese patent CN121329225A discloses a dynamic performance evaluation system for service outsourcing personnel based on federated learning and multi-source data fusion. This system ensures data security through the Paillier encryption algorithm and differential privacy technology, and adjusts the evaluation strategy by combining an improved multi-armed gambling machine algorithm, achieving accurate and secure evaluation of outsourcing personnel performance.
[0004] However, while the two existing technologies mentioned above have some innovative value in business outsourcing supervision and personnel performance evaluation, they fail to address the core pain points of "black box" performance fraud, risk transmission across the entire chain, and process entropy increase monitoring in IT service outsourcing scenarios. Specifically, the Chinese patent with publication number CN121256233A focuses on feature modeling of time-series data and output of supervision results, without addressing the correlation analysis between the cognitive input and output logic of outsourced personnel, and cannot identify functional mimicry fraud such as "senior personnel nominally employed while junior personnel are replaced" or "machine script subcontracting." The Chinese patent with publication number CN121329225A focuses on the safe dynamic evaluation of personnel performance, but treats external operational risks of suppliers and internal project delivery quality as separate entities, lacking quantitative transmission analysis of risk potential energy penetrating through personnel, and failing to consider the entropy increase effect caused by backsliding dissipation in team collaboration. Both methods remain at the level of single-dimensional process monitoring or result evaluation, failing to achieve dynamic cognitive behavior verification or build a full-link potential energy transmission defense system, and thus failing to meet the needs of refined performance consistency verification in the context of information technology service outsourcing. Summary of the Invention
[0005] To address the shortcomings of existing technologies, this invention aims to provide an automated verification method and system for supplier performance consistency. This invention is applicable to IT service outsourcing scenarios of various scales, such as fintech R&D or large-scale system integration projects, and can meet the complex management needs of multi-supplier collaborative delivery. It collects micro-behavioral data through a behavior listener in a secure desktop terminal environment, constructs a cognitive behavior feature vector by combining code change data, and uses a cognitive coupling degree model to identify cognitive outliers, achieving accurate verification of the authenticity of outsourced personnel's performance. The performance correlation graph heterogeneously integrates external risk event data, effective personnel sets, and functional module nodes. By calculating the risk penetration potential and generating real-time dynamic acceptance thresholds, it achieves quantitative assessment and proactive defense against the transmission of external risks to internal technical debt. Based on an interactive topology network, it calculates interactive information entropy and triggers performance consistency collapse early warning by monitoring the deviation between the entropy growth rate and the progress rate, effectively identifying process collapse risks and ensuring the stability of outsourced service performance.
[0006] To achieve the above objectives, the present invention provides the following technical solution:
[0007] Automated verification methods for supplier performance consistency include:
[0008] We acquire micro-behavioral data representing the cognitive engagement of outsourced personnel in outsourcing delivery scenarios, perform segmentation processing on the micro-behavioral data to obtain the code change volume, perform multi-dimensional feature extraction on the micro-behavioral data and code change volume to obtain a cognitive feature set, and perform compliance verification based on the cognitive feature set to obtain a cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel.
[0009] External risk event data is acquired and combined with the cognitive state distribution set to construct a multi-level risk transmission path performance correlation map. Based on the performance correlation map, risk energy transmission calculation is performed to obtain the risk penetration potential energy, which characterizes the impact of external risks on functional module nodes. Dynamic compensation is performed using the risk penetration potential energy to obtain the real-time dynamic acceptance threshold.
[0010] An interactive topology network is constructed based on a real-time dynamic acceptance threshold. The interactive information entropy, which represents the orderliness of performance cooperation, is calculated through the interactive topology network. The deviation degree is calculated based on the interactive information entropy, and a performance consistency collapse warning is triggered based on the deviation degree.
[0011] Furthermore, the method for obtaining the amount of code changes includes:
[0012] Micro-behavioral data includes key scan codes, key press timestamps, key release timestamps, mouse trajectory, and information on the mouse cursor's position in the code editor;
[0013] A dynamic time window is defined, starting from the moment the outsourced worker begins coding. Multiple consecutive time windows are then defined. At the end of each time window, the amount of code changes made by the outsourced worker within that time window is extracted. Specifically, all source code files opened or edited by the outsourced worker in the secure desktop terminal environment are obtained. A one-way cryptographic hash algorithm is used to calculate the file status fingerprint, which serves as a unique content identifier. The file status fingerprints at the start and end of each time window are recorded. If the file status fingerprints are inconsistent, the set of code lines that have changed within the time window is extracted and serialized to obtain the amount of code changes.
[0014] Furthermore, the cognitive feature set includes:
[0015] Set a pause threshold, extract the key press timestamp and key release timestamp corresponding to each key action within the time window, arrange them in chronological order to obtain the key press timestamp sequence and key release timestamp sequence respectively;
[0016] Calculate the difference between the key press time of the second key press and the key release time of the first key press in two consecutive key presses to obtain the time interval. If the time interval is greater than the pause threshold, it is determined as a long pause event. Calculate the cumulative duration of all long pause events as a percentage of the total duration of the time window to obtain the thinking density feature.
[0017] The code change volume is parsed using an abstract syntax tree parser to generate an abstract syntax tree. The abstract syntax tree is traversed to extract the maximum nesting depth and the number of branch nodes. The maximum nesting depth and the number of branch nodes are normalized and then added together to obtain the logical complexity characteristics.
[0018] The cognitive feature set is obtained by combining the thinking density feature with the logical complexity feature.
[0019] Furthermore, the method for obtaining the cognitive state distribution set includes:
[0020] The cognitive feature set is vectorized and encapsulated to obtain the cognitive behavior feature vector;
[0021] The cognitive behavior feature vector is input into a pre-constructed cognitive coupling degree model for verification to obtain the cognitive coupling degree.
[0022] A truth baseline is established, and the cognitive coupling degree is compared with the truth baseline. If the cognitive coupling degree corresponding to the current outsourced personnel is greater than or equal to the truth baseline, the cognitive behavior feature vector is marked as a cognitive truth point and the corresponding outsourced personnel is included in the effective worker set. If the cognitive coupling degree is less than the truth baseline, the cognitive behavior feature vector is marked as a cognitive outlier. The cognitive truth points and cognitive outliers are combined to obtain the cognitive state distribution set. The effective worker set refers to the candidate subject list consisting of all outsourced personnel marked as cognitive truth points, including the name and job level of the outsourced personnel and the corresponding cognitive coupling degree.
[0023] Furthermore, the method for constructing the performance association graph includes:
[0024] Extract the set of valid workers corresponding to the cognitive real points from the cognitive state distribution set, and obtain the functional module node to which the code change volume belongs;
[0025] For external risk event data, create risk source nodes; for outsourced personnel in the effective set of workers, create transmission medium nodes; use the name, job level, and corresponding cognitive coupling degree of outsourced personnel as attributes of transmission medium nodes; and create recipient nodes for functional module nodes.
[0026] The contract performance association graph is obtained by establishing employment association edges from the risk source node to the transmission medium node and development association edges from the transmission medium node to the recipient node.
[0027] Furthermore, the method for obtaining the risk penetration potential energy includes:
[0028] The initial risk potential of risk source nodes is determined based on external risk event data;
[0029] The risk transmission coefficient is calculated based on the cognitive coupling degree of the transmission medium node, and the risk transmission coefficient is a value minus the cognitive coupling degree.
[0030] Identify all risk transmission paths in the performance association graph from the risk source node through the transmission medium node to the recipient node. The risk transmission path refers to a directed connected sequence from the risk source node through the employment association edge to the transmission medium node, and then through the development association edge to the recipient node. Based on the risk transmission path, determine the set of risk source nodes as the starting point and the set of transmission medium nodes as intermediate nodes.
[0031] For each risk transmission path, the initial risk potential energy at the starting point is multiplied by the risk transmission coefficient of the intermediate nodes on the path to obtain the risk energy.
[0032] By superimposing the risk energies of all risk transmission paths, we obtain the risk penetration potential energy.
[0033] Furthermore, the method for obtaining the real-time dynamic acceptance threshold includes:
[0034] Obtain the static acceptance criteria corresponding to the functional module nodes. The static acceptance criteria include the code annotation rate benchmark, the unit test coverage benchmark, and the cyclomatic complexity tolerance benchmark.
[0035] A multiplication operation is performed based on a preset risk sensitivity coefficient and risk penetration potential energy to obtain a dynamic compensation increment.
[0036] The dynamic compensation increment is added to the code annotation rate benchmark and the unit test coverage benchmark, and the dynamic compensation increment is subtracted from the cyclomatic complexity tolerance benchmark to generate a real-time dynamic acceptance threshold.
[0037] Furthermore, the interactive information entropy includes:
[0038] Obtain the operation log stream of task work orders constrained by real-time dynamic acceptance thresholds, reconstruct each task work order to obtain the task flow trajectory, which is a sequence of "operator-action-receiver" triples ordered by time.
[0039] The operator and receiver in the task flow trajectory are identified as collaborating nodes. A directed edge is established between two collaborating nodes. The total number of flow actions between the two collaborating nodes within a preset unit time window is counted and used as the interaction weight of the directed edge. A weighted directed graph consisting of collaborating nodes, directed edges, and interaction weights is obtained, which is the interaction topology network.
[0040] Traverse the interactive topology network, identify task rollback events, statistically analyze the rollback probability of various task rollback events, and combine them into a rollback frequency probability distribution set;
[0041] Based on the Shannon entropy principle, the interaction information entropy is obtained by calculating the probability distribution set of backtracking frequencies.
[0042] Furthermore, the aforementioned performance consistency collapse warning includes:
[0043] Obtain the task completion rate curve submitted by the supplier, and perform time-series alignment and normalization processing on the interaction information entropy and the task completion rate curve;
[0044] Calculate the derivative of the normalized interaction information entropy with respect to time to obtain the entropy growth rate, and calculate the derivative of the normalized task completion rate curve with respect to time to obtain the progress rate.
[0045] The difference between the entropy growth rate and the progress rate is calculated to obtain the deviation degree.
[0046] If the deviation exceeds the preset safety deviation limit, the project is determined to have entered a process collapse state, triggering a performance consistency collapse warning.
[0047] An automated supplier performance consistency verification system, used to implement the aforementioned automated supplier performance consistency verification method, the system comprising:
[0048] Cognitive Verification Module: Used to acquire micro-behavioral data representing the cognitive engagement state of outsourced personnel in outsourced delivery scenarios, perform segmentation processing on the micro-behavioral data to obtain the code change volume, perform multi-dimensional feature extraction on the micro-behavioral data and code change volume to obtain a cognitive feature set, and perform compliance verification based on the cognitive feature set to obtain a cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel;
[0049] Potential Energy Defense Module: Used to acquire external risk event data and combine it with the cognitive state distribution set to construct a multi-level risk transmission path performance correlation graph. Based on the performance correlation graph, risk energy transmission calculation is performed to obtain the risk penetration potential energy that characterizes the impact of external risks on functional module nodes. Dynamic compensation is performed using the risk penetration potential energy to obtain the real-time dynamic acceptance threshold.
[0050] Entropy increase monitoring module: Used to construct an interactive topology network based on real-time dynamic acceptance thresholds, calculate interactive information entropy that represents the orderliness of performance cooperation through the interactive topology network, calculate the deviation degree based on the interactive information entropy, and trigger performance consistency collapse warning based on the deviation degree.
[0051] Compared with the prior art, the beneficial effects of the present invention are as follows:
[0052] This invention achieves precise matching and confidence verification of the physical input and logical output of outsourced personnel by mapping micro-behavioral data with code changes and constructing cognitive behavioral feature vectors using a cognitive coupling model. This addresses the pain point of traditional solutions that rely solely on attendance or result acceptance and cannot identify "functional mimicry" fraud. The performance correlation graph, combined with risk penetration potential energy calculation, transforms discrete external risk event data into quantitative impact indicators on functional module nodes. Real-time dynamic acceptance thresholds enable proactive defense, reducing the risk of delivery quality decline. Based on interactive topology network calculation of interactive information entropy, it identifies performance consistency collapse warnings by monitoring deviations, penetrating the fog of on-paper performance progress and intuitively reflecting the energy dissipation state within the task flow process, thus improving the performance stability and management transparency of outsourced services. Attached Figure Description
[0053] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0054] Figure 1 A flowchart of the automated verification method for supplier performance consistency provided in this embodiment of the invention;
[0055] Figure 2 A schematic diagram of feature extraction logic based on temporal analysis and topology analysis is provided for an embodiment of the present invention;
[0056] Figure 3 This invention provides a schematic diagram of the interaction information entropy change trend and task flow topology.
[0057] Figure 4 This is a functional template diagram of the supplier performance consistency automated verification system provided in the embodiments of the present invention. Detailed Implementation
[0058] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0059] Example 1
[0060] Please see Figure 1As shown, this embodiment provides an automated verification method for supplier performance consistency, including:
[0061] Step S10: Obtain micro-behavioral data representing the cognitive input status of outsourced personnel in the outsourced delivery scenario; perform segmentation processing on the micro-behavioral data to obtain the code change volume; perform multi-dimensional feature extraction on the micro-behavioral data and code change volume to obtain a cognitive feature set; perform compliance verification based on the cognitive feature set to obtain a cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel.
[0062] Further, step S10 includes:
[0063] Step S11: Obtain micro-behavioral data representing the cognitive input state of outsourced personnel in the outsourcing delivery scenario, perform segmentation processing on the micro-behavioral data, and obtain the amount of code changes representing the logical output results of outsourced personnel.
[0064] In the delivery scenario of IT service outsourcing, the outsourced personnel's performance is essentially a process of transforming their cognitive abilities into digital assets. To overcome the limitations of traditional physical attendance tracking in verifying the actual cognitive input of outsourced personnel, a data capture mechanism is needed to fully map their physical actions to their digital output.
[0065] Specifically, a behavior listener is deployed in the secure desktop terminal environment used by outsourced personnel. This secure desktop terminal environment refers to a virtualized desktop infrastructure or dedicated physical terminal provided by the purchaser, integrating authentication and operation auditing functions, and running a secure terminal operating system. The behavior listener acquires real-time micro-behavioral data of outsourced personnel during coding tasks. This behavior listener is a software probe developed based on an IDE plugin interface, capable of silently recording physical events of interaction between outsourced personnel and computer input devices without interfering with their normal work. Regarding the data collection actions performed by the behavior listener and the collected micro-behavioral data, this disclosure strictly adheres to Article 13 of the Personal Information Protection Law concerning user authorization. The data types collected by the behavior listener are strictly limited to device operation data provided by outsourced personnel with authorization and de-identified personal characteristic data. The collection targets are limited to adult outsourced personnel who voluntarily use the product corresponding to this technical solution and have completed authorization. No information from unauthorized users or minors may be collected. The micro-behavioral data collected in this embodiment of the invention has been explicitly authorized by the data subject, i.e., the outsourced personnel (e.g., the outsourced personnel have signed a "Data Use Authorization Agreement" to confirm authorization). The scope of authorization covers the data collection, analysis, and application stages required for the implementation of this technical solution and does not exceed the usage scenarios authorized by the outsourced personnel. The purpose of collecting micro-behavioral data in this disclosure is to provide outsourced personnel and enterprises with performance certification services that meet their needs. This purpose does not violate social morality and does not involve any discriminatory applications. The micro-behavioral data does not record sensitive code text content, but rather records the time sequence of physical actions of outsourced personnel interacting with computer input devices. Micro-behavioral data specifically includes key scan codes, key press timestamps, key release timestamps, mouse trajectory, and information on the mouse cursor's position in the code editor.Among them, the key scan code refers to the unique physical code sent by the keyboard hardware to the secure terminal operating system when a key is pressed. To further protect the data privacy and code confidentiality of outsourced personnel, the behavior listener performs irreversible hash desensitization processing on the key scan code at the collection end, ensuring that the specific characters entered by the outsourced personnel (such as passwords, personal accounts, etc.) cannot be restored. Only the physical attributes of the key press action are retained for subsequent time-series analysis. Furthermore, the storage period for the collected personal information and feature data of outsourced personnel is strictly controlled to no more than 6 months, and the data is automatically deleted upon expiration. The key press timestamp and key release timestamp refer to the times when the key press action occurs. The secure terminal operating system clock value, key press timestamp, and key release timestamp are used to calculate the duration of key presses and the interval between key presses; the mouse trajectory refers to the set of a series of screen position points traversed by the mouse cursor as it moves in the screen coordinate system, recording the spatial movement path of the outsourced personnel during the operation; the screen coordinate system is constructed based on the pixel resolution of the display device in the secure desktop terminal environment. The screen coordinate system is a two-dimensional Cartesian coordinate system, defining the lower left corner vertex of the effective display area of the display device as the origin (0,0), defining the horizontal rightward direction as the positive X-axis direction, and defining the vertical upward direction as the positive Y-axis direction. A screen position point is defined as a coordinate pair consisting of a unique horizontal coordinate value and a unique vertical coordinate value in the screen coordinate system. The dwell position information refers to the row number and column number of the mouse cursor in the code editor. The text display area in the code editor is divided into a logical grid composed of rows and columns. The text display area is vertically divided into several rows according to the row height in the code editor, and horizontally divided into several columns according to the character width. The row index where the mouse cursor is currently located is the row number, and the column index is the column number. The row number and column number together represent the code logic area that the outsourced personnel are currently editing.
[0066] To ensure the purity and relevance of micro-behavioral data, a dynamic time window is established. The duration of this time window is set based on the physiological cycle of human short-term memory and cognitive load, for example, between 15 and 30 minutes. The aim is to cover the complete cognitive cycle experienced by humans when performing complex programming tasks, from conceptualizing logic to transforming it into code, ensuring that the collected data has analytical value. Starting from the moment the outsourced worker begins coding, multiple consecutive time windows are continuously divided. At the end of each time window, the amount of code changes made by the outsourced worker within that time window is extracted. The amount of code changes refers to the incremental segments of source code files submitted or saved by the outsourced worker in their local workspace within the secure desktop terminal environment. Specifically: for all source code files opened or edited by the outsourced worker in the secure desktop terminal environment, a one-way cryptographic hash algorithm is used to calculate the file status fingerprint, which serves as a unique content identifier. The system records the file state fingerprint at the start and end of the time window. By comparing these fingerprints, if they don't match, it extracts the set of code lines that changed within the time window. This set is an ordered list of all newly added and modified code lines and their corresponding logical line numbers in the source code file version at the end of the time window, relative to the file state at the start. Deleted lines are removed from the set, retaining only the valid code text actually produced by the outsourced personnel within the time window. The set is then serialized into a structured text stream for analysis, representing the code change volume. Deleted lines are removed because they no longer exist in the source code file version at the end of the time window and cannot be used as valid input.
[0067] Step S12: Perform multidimensional feature extraction on the micro-behavioral data and code change amount to obtain a cognitive feature set representing the behavior of outsourced personnel.
[0068] After obtaining the raw micro-behavioral data and code changes, in order to transform the physical actions and digital outputs of outsourced personnel into quantifiable cognitive physical quantities, a feature extraction mechanism based on cognitive psychology and graph theory is established.
[0069] Temporal analysis is performed on micro-behavioral data to extract thinking density characteristics that characterize the cognitive load of outsourced personnel. These thinking density characteristics refer to the proportion of higher-order cognitive time spent on logical conceptualization and code design within a time window. Specifically, the micro-behavioral data collected within the time window is serialized and organized. All key presses are arranged chronologically according to their physical occurrence time. The key press timestamps for each key press are extracted and sequentially compiled into a key press timestamp sequence; the key release timestamps for each key press are also extracted and sequentially compiled into a key release timestamp sequence. Based on the burst-pause rhythm of human creative programming activities, a pause threshold is set to distinguish between mechanical input and logical thinking, for example, between 2000 and 5000 milliseconds. The keystroke press timestamp sequence and keystroke release timestamp sequence are traversed. The difference between the keystroke press timestamp and the keystroke release timestamp of the subsequent keystroke in two adjacent keystrokes is calculated to obtain the time interval. If the time interval is greater than a pause threshold, it is determined to be a valid long pause event, representing that the outsourced personnel are deducing code logic or consulting documents, belonging to higher-order cognitive activities. If the time interval is less than or equal to the pause threshold, it is determined to be a continuous input event, representing that the outsourced personnel are converting conceived logic into characters, belonging to lower-order execution activities. The duration of all long pause events within the time window is summed to obtain the total thinking time. The total thinking time is divided by the total duration of the time window to obtain the dimensionless thinking density feature. The physical meaning of the thinking density feature is that the process of genuine original code writing is inevitably accompanied by intermittent deep thinking, thus causing the thinking density feature to remain within a specific range; while copy-paste or mechanical code generation behavior is characterized by continuous low-pause input, resulting in a significantly lower thinking density feature.
[0070] A topological analysis is performed on the code changes to extract logical complexity features that characterize the structural complexity of the outsourced personnel's logical output. These logical complexity features are weighted combinations of the nesting depth and branch breadth of the code logic structures contained within the code changes. Specifically, an abstract syntax tree (AST) parser is used to parse the code changes and generate corresponding ASTs. An AST is an intermediate representation of the source code's syntax structure using a tree structure. Each node in the AST represents a structural construct in the source code, such as a variable declaration, control flow statement, or function call. The generated AST is traversed to extract the maximum nesting depth and the number of branch nodes. The maximum nesting depth refers to the number of levels from the root node to the farthest leaf node in the AST, reflecting the vertical complexity of the code logic, such as the depth of multiple loops or recursive calls. The number of branch nodes refers to the total number of nodes representing conditional statements or loop control in the AST, such as the number of if, switch, for, and while statements, reflecting the horizontal complexity of the code logic. A linear weighted formula is constructed to normalize the maximum nesting depth and the number of branch nodes before summing them to obtain the logical complexity features. The mathematical expression of the linear weighting formula is: Where F, D, and A represent the logical complexity characteristics, maximum nesting depth, and number of branch nodes, respectively. The baseline depth constant is obtained by statistically analyzing the standard code sample set and taking the average nesting depth of all functions in the standard code sample set. For example, it is set to 5. The standard code sample set is selected from high-quality open-source software projects (such as Linux Kernel or Apache Hadoop) and the code modules with good structure have been confirmed by manual code review. The baseline number of branches is a constant, obtained by statistically analyzing the standard code sample set to find the average number of branch nodes for all functions in the standard code sample set. For example, it is set to 10. For depth weighting coefficients, This is the breadth-weighting coefficient. and The value of is determined by the syntax characteristics of the current programming language. For example, in indentation-sensitive languages such as Python, the logical structure relies more on depth, hence the setting is... For structured languages like Java, the logical structure relies more on the breadth of classes and methods, hence the setting... The physical meaning of the aforementioned logical complexity feature is that high-level outsourced personnel typically produce highly cohesive code with reasonable nesting depth and a moderate number of branches, while low-level personnel or automated scripts may produce low-quality code that is flattened, overly nested, or excessively complex. Combining the aforementioned thought density feature with the logical complexity feature yields a cognitive feature set; such as... Figure 2The diagram illustrates a feature extraction logic based on temporal and topological analysis provided by an embodiment of the present invention. As shown, the logic flow is divided into two parallel processing channels. The left parallel processing channel demonstrates the temporal analysis process of micro-behavioral data. The waveforms in the diagram represent the time sequence of keystrokes. Short, low-level pulse intervals represent rapid keystrokes by outsourced personnel, i.e., low-order execution activities; long, high-level pulse intervals correspond to high-order cognitive activities, as shown in the gray shaded area. The right parallel processing channel demonstrates the topological analysis process of code changes. In the tree diagram, light gray dots represent leaf nodes, such as variable assignments and function calls; dark gray dots represent root nodes; and diamond-shaped nodes represent branch control nodes. The vertical lines on the right indicate the number of levels from the root node to the deepest leaf node, i.e., the maximum nesting depth; the total number of all diamond-shaped nodes in the diagram represents the number of branch nodes.
[0071] Step S13: Construct cognitive behavior feature vectors based on cognitive feature set, perform compliance verification on cognitive behavior feature vectors, and obtain cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel.
[0072] After extracting the cognitive feature set containing the characteristics of thinking density and logical complexity, an anomaly detection mechanism based on data distribution statistics is established in order to determine whether the actual input and output of outsourced personnel conform to the law of conservation of physics.
[0073] The cognitive feature set is vectorized and encapsulated to construct a cognitive behavior feature vector representing the outsourced personnel's dual-modal state of input and output within the current time window. This cognitive behavior feature vector is a two-dimensional numerical vector, denoted as V, where V = T, L, and T and L represent the thought density feature and logical complexity feature, respectively. The cognitive behavior feature vector is then input into a pre-defined cognitive coupling degree model for verification. This cognitive coupling degree model is a nonlinear mapping discriminant model based on the law of conservation of cognitive energy, used to measure the matching confidence between the outsourced personnel's physical behavioral input and logical output results. The construction process is as follows: A massive amount of historical, compliant outsourced personnel's work data is collected as a positive sample set. Each sample in the positive sample set contains thought density and logical complexity features that have been manually verified and confirmed to be true and valid. The number of positive samples must cover statistical significance requirements. For example, the positive sample set contains no less than 100,000 work data records that have been manually verified and confirmed to be true and valid. The sample coverage must include no less than 5 mainstream programming languages and no less than 3 levels of outsourced personnel job titles to ensure sufficient generalization ability for different development scenarios. A two-dimensional feature space is constructed with thought density features as the horizontal axis and logical complexity features as the vertical axis. A cognitive conservation baseline curve is generated in the two-dimensional feature space using the positive sample set. The cognitive conservation baseline curve represents the ideal trajectory of code logical complexity changing with thought density under normal cognitive conditions. Its physical principle is: statistical laws show that true high-quality programming behavior exhibits a "positively correlated coupling" distribution pattern, that is, code output with high logical complexity is necessarily accompanied by high thought density, while code output with low logical complexity corresponds to low thought density. Based on this physical principle, the least squares method is used to perform nonlinear regression analysis on the positive sample set to obtain a quadratic function curve characterizing the ideal cognitive state, namely the cognitive conservation baseline curve, whose expression is: ,in, , and To find the regression coefficients that minimize the sum of squared residuals using the least squares method, for example, in the Java language... , and They were set to 0.8, 1.2, and 0.1 respectively.
[0074] Based on the cognitive conservation baseline curve, an anisotropic Gaussian potential field is constructed to quantify the degree of deviation. The shortest Euclidean distance from any point in the two-dimensional feature space to the cognitive conservation baseline curve is defined as the cognitive deviation. Based on the cognitive deviation, a potential energy calculation formula is constructed using a Gaussian kernel function. Specifically, an arbitrary point P is taken in the two-dimensional feature space, where the coordinates of point P are composed of a specific thought density feature value and a specific logical complexity feature value. The shortest Euclidean distance from point P to the cognitive conservation baseline curve is calculated as the cognitive deviation of point P, denoted as B. This cognitive deviation is then substituted into the potential energy calculation formula constructed using the Gaussian kernel function. ,in, Let P be the potential energy value, defined as the cognitive coupling degree at point P; C is the standard deviation parameter, determined by calculating the root mean square error of all sample points in the positive sample set to the cognitive conservation baseline curve, which characterizes the allowable fluctuation range of compliant operating behavior. This is an exponentiation operation with the natural constant e as the base. Based on the cognitive coupling degree model, the cognitive coupling degree of the current cognitive behavior feature vector is calculated. A truth baseline is set for binary classification decisions. This truth baseline is a decision threshold between 0 and 1, set according to the confidence interval theory based on Gaussian distribution, aiming to cover the core region in the Gaussian potential field where the cumulative probability density reaches a preset proportion (e.g., 95%). For example, it is set to 0.6. The truth baseline serves to distinguish between normal fluctuations that conform to the laws of cognitive conservation and abnormal deviations that violate physical laws. If the cognitive coupling degree of the current cognitive behavior feature vector corresponding to the outsourced personnel is greater than or equal to the truth baseline, it indicates that the current input-output ratio of the outsourced personnel conforms to the normal cognitive laws of humans, and the performance behavior is judged to be genuine and effective. The cognitive behavior feature vector is marked as a cognitive truth point, and the corresponding outsourced personnel are included in the set of effective workers. The set of effective workers refers to a candidate list consisting of all outsourced personnel marked as cognitive truth points, including the outsourced personnel's names, job levels, and corresponding cognitive coupling degrees. If the cognitive coupling degree of the current cognitive behavior feature vector is less than the truth baseline, it indicates that the current input-output ratio of the outsourced personnel violates the law of conservation of cognitive energy, and there is an abnormal performance. It is marked as a cognitive outlier. The physical meaning of the cognitive outlier is that the behavior pattern of the outsourced personnel violates the normal cognitive laws of humans, and there is a high probability of behaviors such as "copying and pasting ready-made code," "using automated scripts to generate code," or "accounts being impersonated by others for nominal delivery." The cognitive truth points and cognitive outliers are combined into a cognitive state distribution set. The output of the cognitive coupling degree model is a cognitive behavior feature vector, regression coefficients, and standard deviation parameters. Its outputs are cognitive coupling degree, cognitive true point, and cognitive outlier. Its hierarchical structure is as follows: spatial coordinate mapping, cognitive deviation calculation, Gaussian potential quantification, and binary classification decision. Among them, spatial coordinate mapping corresponds to establishing the spatial position of the current cognitive behavior feature vector in the two-dimensional feature space; cognitive deviation calculation corresponds to the calculation process of cognitive deviation; Gaussian potential quantification corresponds to the calculation process of cognitive coupling degree; and binary classification decision is the process of judging cognitive true point or cognitive outlier.
[0075] Step S10, by acquiring micro-behavioral data and code change data, and performing multi-dimensional feature extraction and compliance verification, solves the technical challenges of traditional supplier management relying solely on physical attendance and result acceptance, which cannot identify "functional mimicry" fraud where the actual cognitive input and output of outsourced personnel do not match, and the inability of single-dimensional data to penetrate hidden outsourcing behaviors. It achieves dual verification of physical and cognitive aspects of the outsourcing performance process, precise micro-level identification of fraud risks, and automated screening of effective workers. Specifically, acquiring micro-behavioral data and code change data establishes a comprehensive mapping between physical actions and digital outputs, overcoming the limitations of single attendance data; multi-dimensional feature extraction transforms ambiguous cognitive states into quantifiable physical indicators by calculating thought density and logical complexity features; and compliance verification identifies cognitive outliers that violate the law of conservation of cognitive energy, eliminating fraudulent performance entities at the source.
[0076] Step S20: Obtain external risk event data and construct a performance correlation graph of multi-level risk transmission paths by combining the cognitive state distribution set. Perform risk energy transmission calculation based on the performance correlation graph to obtain the risk penetration potential energy that characterizes the impact of external risks on functional module nodes. Use the risk penetration potential energy to perform dynamic compensation and obtain the real-time dynamic acceptance threshold.
[0077] Further, step S20 includes:
[0078] Step S21: Obtain external risk event data and construct a performance correlation map of multi-level risk transmission paths by combining the cognitive state distribution set.
[0079] After obtaining the cognitive state distribution set, to address the disconnect between external operational risks of suppliers and internal project delivery quality, a data fusion model capable of transcending enterprise boundaries is constructed. Specifically, real-time status data of suppliers is captured from third-party enterprise credit information disclosure systems or judicial big data platforms, and external risk event data is identified and extracted from this data. These external risk event data refer to negative operational signals that may affect the stability of supplier performance, specifically including inclusion in the list of abnormal business operations, changes in legal representative, involvement in major litigation, equity freezes, or administrative penalty records. Among these, being listed in the list of abnormal business operations refers to administrative records showing that a supplier is marked as having an abnormal business status by the market supervision and management department for reasons such as failing to disclose annual reports within the prescribed period, failing to disclose relevant corporate information within the period ordered by the industrial and commercial administration department, concealing the truth or falsifying information in the disclosed corporate information, or being unable to be contacted through the registered address; a change of legal representative refers to industrial and commercial registration change records showing a change in the legal representative of the supplier, which usually means a change in the company's top decision-making level and may trigger adjustments to management strategies; being involved in major litigation refers to judicial records of civil or criminal cases in which the supplier is the defendant or the person subject to enforcement, indicating the legal risks and financial pressure faced by the company; equity freeze refers to judicial records of compulsory measures taken by the people's court during the trial or enforcement process, such as prohibiting the transfer or pledge of the equity held by the supplier's shareholders, indicating the potential instability of the company's ownership structure; and administrative penalty records refer to enforcement records of the supplier being given warnings, fines, confiscation of illegal gains, or orders to suspend production or business operations by administrative agencies for violating laws, regulations, or rules, indicating the company's compliance risks.
[0080] Based on the cognitive state distribution set, the effective set of operators corresponding to the cognitive reality points is extracted. Simultaneously, the functional module nodes associated with the code change volume are obtained. These functional module nodes refer to the logical functional units to which the source code files contained in the code change volume belong, representing the digital asset objects ultimately affected by the risk. Specifically, by performing path parsing on the code change volume, the hierarchical path string of each source code file in the code change volume is parsed. The root directory name in the path string is extracted as the project identifier, and the first-level subdirectory name in the path string is extracted as the functional module identifier. Source code files with the same functional module identifier are mapped to the same independent functional module node. Based on the effective set of operators and the functional module nodes, a multi-level heterogeneous graph is constructed, defined as the performance association graph. The performance correlation graph comprises three types of nodes: The first type is risk source nodes, representing the starting point and type of risk. A graph node is created for each external risk event data point as a risk source node, and the external risk event data is converted into structured data and stored as node attributes. The second type is transmission medium nodes, representing the intermediate carriers of risk propagation. A graph node is created for each outsourced worker in the effective workforce set as a transmission medium node, and the name and job level of the effective workforce set, as well as the cognitive coupling degree corresponding to the outsourced worker, are written as node attributes. The third type is recipient nodes, representing the digital asset objects ultimately affected by the risk. A graph node is created for each independent functional module node as a recipient node, and the functional module node name and its associated project identifier are stored as node attributes. Directed connections are established between nodes to represent the risk transmission path. Specifically, an employment-related edge is established from the risk source node to the transmission medium node under its supplier, representing the impact of external risk events on specific outsourced personnel through the employment legal relationship between the enterprise and its employees; a development-related edge is established from the transmission medium node to the recipient node it is responsible for, representing the impact of the outsourced personnel's performance status on specific functional modules through code writing activities. This integrates the originally discrete external business information, personnel performance status, and internal code modules into a single topological space, providing a structured data foundation for subsequent calculations.
[0081] Step S22: Perform risk energy transmission calculation based on the performance correlation graph to obtain the risk penetration potential energy that characterizes the impact of external risks on functional module nodes.
[0082] After the performance correlation graph is constructed, in order to quantify the specific impact of external risk event data on internal digital assets, multi-level risk penetration potential calculations are performed based on the performance correlation graph.
[0083] Specifically, risk source nodes in the performance correlation graph are initialized and assigned values, defined as initial risk potential. Specifically, external risk event data is read from the risk source nodes and converted into quantitative values. These values are set based on the conditional probability statistics of different types of risk events triggering contract defaults in historical supply chain default cases. For example, if the probability of being listed in the abnormal business directory leading to subsequent performance interruption is 80%, then its initial risk potential is assigned a value of 0.8. This value represents the destructive potential of the risk source node in the early stages of an outbreak.
[0084] In the process of initial risk potential energy propagating from the risk source node to the receiver node via the transmission medium node, the performance capability of outsourced personnel plays a crucial filtering and buffering role, that is, outsourced personnel are regarded as "damping media" blocking the transmission of external risks to the internal level. To quantify this damping effect, cognitive coupling degree is used as the core indicator to measure the stability of outsourced personnel's performance capability. The risk transmission coefficient is calculated based on cognitive coupling degree, which is numerically one minus the cognitive coupling degree. This establishes an inverse mapping relationship between the outsourced personnel's capability and the risk transmission path. That is, when the outsourced personnel's cognitive coupling degree approaches 1, it indicates that their "input and output" are highly matched, their technical capabilities are solid, and their work status is stable. The corresponding risk transmission coefficient approaches 0. At this time, the outsourced personnel acts as a "high-resistance" medium, which can effectively absorb the initial risk potential energy and prevent it from being transmitted to subsequent levels. Conversely, when the cognitive coupling degree is low, it indicates that the personnel's capability is questionable or their status fluctuates greatly. The corresponding risk transmission coefficient increases. At this time, the outsourced personnel acts as a "low-resistance" medium, making it easier for the initial risk potential energy to penetrate the defense line, thereby affecting code quality.
[0085] Based on the topological structure of the performance correlation graph, the risk penetration potential energy of each recipient node is calculated. This risk penetration potential energy refers to the initial risk potential energy carried by external risk event data, which, after being attenuated by multiple damping attenuation points through the transmission medium nodes, ultimately acts on the recipient node. Specifically, for any recipient node, all risk transmission paths in the performance correlation graph that can reach that recipient node are identified. These risk transmission paths are directed connected sequences from risk source nodes via employment-related edges to transmission medium nodes, and then via development-related edges to the recipient node. Based on the identified risk transmission paths, the set of risk source nodes as starting points and the set of transmission medium nodes as intermediate nodes are determined. For each risk transmission path, the initial risk potential energy at the starting point is multiplied by the risk transmission coefficient of the intermediate node to obtain the risk energy after damping attenuation. The risk energies of all risk transmission paths are then summed to obtain the risk penetration potential energy. The higher the value of the risk penetration potential energy, the more severely the functional module node corresponding to the recipient node is affected by external disturbances, and the greater the probability of future quality defects or delivery delays.
[0086] Step S23: Utilize the risk penetration potential energy to perform dynamic compensation and obtain the real-time dynamic acceptance threshold.
[0087] After assessing the potential for risk penetration and quantifying the external risk pressures faced by each functional module node, differentiated dynamic management is implemented by breaking away from the "one-size-fits-all" static standards in traditional SLAs. Specifically, the static acceptance standards corresponding to the functional module nodes are retrieved from the procurement contracts. The static acceptance criteria refer to the basic quality indicators that the code deliverables of the functional module node should meet under the condition of no external risks as stipulated in the outsourcing procurement contract. These include the code annotation rate benchmark, the unit test coverage benchmark, and the cyclomatic complexity tolerance benchmark. The code annotation rate benchmark refers to the minimum percentage requirement of the number of lines of commented text in the code to the total number of lines of code. It is set based on the standardized coding specifications within the R&D company or the statistical baseline of similar historical projects. For example, it is set to 20%. The unit test coverage benchmark refers to the minimum percentage requirement of the set of code lines executed by the test cases to the total number of lines of code. It is set based on the business importance level of the functional module node in the system architecture. For example, it is set to 80% for core business modules. The cyclomatic complexity tolerance benchmark refers to the maximum number of branch nodes of a single function extracted based on the abstract syntax tree. It is set based on industry-standard software complexity metrics, such as the McCabe metric and code maintainability requirements. For example, it is set to 15.
[0088] A dynamic weighted compensation model for static acceptance standards is constructed based on risk penetration potential. The core logic of this model lies in "risk hedging," which involves dynamically tightening internal acceptance standards to offset potential quality degradation risks. Specifically, a positive risk sensitivity coefficient is set to adjust the responsiveness to external risks. This coefficient is set based on the business importance level of the functional module node. For example, for core businesses involving financial transactions or user privacy, a higher risk sensitivity coefficient is used to achieve a more sensitive response to risks. The dynamic compensation increment is calculated based on this risk sensitivity coefficient by multiplying it by the risk penetration potential of the corresponding functional module node.
[0089] The calculated dynamic compensation increment is used to perform targeted correction calculations on the specific benchmark values included in the static acceptance criteria, generating real-time dynamic acceptance thresholds. Specifically, for positive indicators such as code annotation rate and unit test coverage benchmark values, the dynamic compensation increment is added to these benchmark values to obtain the real-time dynamic acceptance threshold, thus raising the pass threshold. For negative indicators such as cyclomatic complexity tolerance benchmark values, the dynamic compensation increment is subtracted from these benchmark values to obtain the real-time dynamic acceptance threshold, thus tightening the tolerance upper limit. The generated real-time dynamic acceptance thresholds are then pushed to the automated code hosting and build platform for implementation, such as in a continuous integration / continuous delivery (CI / CD) pipeline. During the stage where outsourced personnel initiate code import requests, compliance checks are automatically performed on the extracted code changes. If the check result is unsatisfactory, the merging of the code changes is blocked, and a rectification notice is triggered to relevant personnel. It achieves "risk-oriented" quality defense, which means that as soon as the external environment deteriorates, such as abnormal supplier operations causing fluctuations in personnel morale, the internal quality control is automatically tightened, and higher technical standards are used to offset management uncertainties, thereby preventing the decline in delivery quality caused by fluctuations in supplier operations from the source.
[0090] Step S20 addresses the semantic disconnect between external operational risks and internal project delivery quality, leading to opaque risk transmission paths and the inability of traditional static acceptance standards to cope with dynamic external shocks and the lag of quality control behind risk occurrence, by constructing a performance correlation graph, performing risk energy transmission calculations, and implementing dynamic compensation. This achieves quantitative assessment of external risk transmission to internal technical debt, accurate prediction of risk exposure levels in key modules, and adaptive defense of acceptance standards. Specifically, the performance correlation graph integrates discrete external risk event data, effective personnel sets, and functional module nodes into a multi-level heterogeneous network, visualizing the risk transmission path; the risk energy transmission calculation uses risk transmission coefficients and initial risk potential energy to simulate the attenuation process of risk passing through personnel, quantifying the risk penetration potential energy of each receptor node; and dynamic compensation generates real-time dynamic acceptance thresholds through risk sensitivity coefficients and dynamic compensation increments, constructing a proactive quality dam during the code submission phase.
[0091] Step S30: Construct an interactive topology network based on the real-time dynamic acceptance threshold, calculate the interactive information entropy representing the orderliness of performance cooperation through the interactive topology network, calculate the deviation degree based on the interactive information entropy, and trigger a performance consistency collapse warning based on the deviation degree.
[0092] Further, step S30 includes:
[0093] Step S31: Construct an interactive topology network based on the real-time dynamic acceptance threshold, and calculate the interactive information entropy that represents the orderliness of performance cooperation through the interactive topology network.
[0094] After the real-time dynamic acceptance threshold takes effect, every code submission from outsourced personnel will face more stringent quality checks, leading to more frequent interactions and feedback between the development and testing phases. To capture the true state of team collaboration under this high-pressure environment, an information theory-based process entropy increase monitoring mechanism is established.
[0095] Specifically, operation log streams for task orders are obtained from the automated code hosting and build platform. These log streams record the status change actions performed by different personnel at different times for each task order, such as "create," "assign," "resolve," "return," and "close." Based on these log streams, each task order is reconstructed to obtain a task flow trajectory. This trajectory consists of a series of time-ordered "operator-action-recipient" triples. Based on these task flow trajectories, an interactive topology network is constructed. Specifically, this interactive topology network is a directed weighted graph structure used to characterize the tightness of collaboration within the fulfillment team and the directionality of task flow. Specifically, the process involves identifying all personnel entities appearing in the task flow trajectory, namely the operator and the receiver; mapping all personnel entities to collaborative nodes; and for each action in the task flow trajectory that moves from the "operator" to the "receiver," establishing a directed edge between the corresponding two collaborative nodes by analyzing the temporal sequence and logical direction of the action. This directed edge is a vector line connecting the action initiator and the action receiver, representing the transfer of task control. A unit time window is set, the duration of which is determined according to the iteration rhythm of software development; for example, it is set to one working day to capture high-frequency interaction features within a short period. The total number of flow actions occurring between the two collaborative nodes within the unit time window is counted, and the normalized total number is used as the interaction weight of the directed edge. This generates a weighted directed graph, i.e., an interaction topology network, composed of collaborative nodes, directed edges, and interaction weights.
[0096] After constructing the interactive topology network, the interactive information entropy, representing the orderliness of task flow, is calculated based on the Shannon entropy principle. Specifically, the directed edges in the interactive topology network are traversed. If a directed edge points to an upstream collaborative node that has already appeared in the task flow trajectory (e.g., a tester returns a work order to a developer, or a developer reopens a closed work order), this flow is marked as a task rollback event. Task rollback events are classified into code quality rollbacks and requirement change rollbacks. Code quality rollbacks refer to work order status rollbacks caused by code failing automated testing, code review failure, or defects discovered by testers. Requirement change rollbacks refer to work order resets caused by adjustments to business requirements or changes to design documents. The frequency of each type of task rollback event in the total flow events is statistically analyzed within a unit time window. In addition to code quality rollbacks and requirement change rollbacks, normal forward flow events also exist, which refer to status change actions where the task work order progresses sequentially from upstream to downstream stages according to the standard workflow. Dividing the frequency of each type of task rollback event by the total number of flow events yields the corresponding flow frequency rate, defined as the rollback probability. Combining these rollback probabilities across different task rollback events creates a rollback frequency probability distribution set. The sum of the flow frequency rates for all types of task rollback events in this distribution set equals 1. Based on this distribution set, the interaction information entropy within the current unit time window is calculated. Specifically, for each rollback probability in the distribution set, its base-2 logarithm is calculated. This logarithm is multiplied by the corresponding rollback probability to obtain a partial entropy value. All partial entropy values are summed and their negatives are taken to obtain the interaction information entropy. The physical significance of this interaction information entropy calculation process is that if team collaboration is orderly and tasks flow linearly forward, the probability of task rollback events is low, and the calculated interaction information entropy remains low. Conversely, if the team is chaotic and code is repeatedly returned for modification due to quality issues, the probability of task rollback events surges, and the interaction information entropy shows a significant upward trend. In this way, interactive information entropy can penetrate the surface-level time data and intuitively reflect the energy dissipation state within the task flow process. See also Figure 3This diagram illustrates the relationship between the change trend of interactive information entropy and the task flow topology, as provided in this embodiment of the invention. The diagram contains two interconnected coordinate regions, with the horizontal axis representing the time axis. The upper part shows an example of an interactive information entropy curve changing over time. The left side of the curve represents a low-entropy stable phase, indicating that the interactive information entropy remains in a low value range, corresponding to a smooth task flow. The right side of the curve represents a high-entropy surge phase, indicating that the interactive information entropy increases exponentially, corresponding to a chaotic task flow. The lower part shows snapshots of the interactive topology network structure corresponding to the aforementioned low-entropy stable and high-entropy surge phases. G1, G2, and G3 represent three types of collaborative nodes and their corresponding personnel; for example, G1 represents outsourced personnel, G2 represents testers, and G3 represents product managers. The snapshot of the linear flow structure on the left shows the linear flow structure between collaborative nodes, with the black solid arrows between collaborative nodes representing normal forward directed edges. The snapshot of the mesh loop structure on the right shows the mesh loop structure between collaborative nodes. In addition to the forward flow directed edges, several backward flow directed edges, represented by black dashed arrows, appear. For example, the dashed arrow pointing from G2 to G1 represents code quality-related backward flow, and the dashed arrow pointing from G3 to G1 represents requirement change-related backward flow. These backward flow directed edges lead to the formation of closed-loop paths in the interactive topology network, which in turn leads to an increase in interactive information entropy.
[0097] Step S32: Calculate the deviation degree based on the interactive information entropy, and trigger a performance consistency collapse warning based on the deviation degree.
[0098] After obtaining the interaction information entropy, to further verify the consistency between the supplier's reported project progress and the actual collaboration status within the performance team, a risk warning mechanism based on entropy increase divergence is constructed. Specifically, the task completion rate curve reported by the supplier is obtained. The task completion rate curve refers to the time-series data of the percentage change in the number of closed task orders relative to the total number of tasks as the project cycle progresses, representing the supplier's publicly displayed performance progress.
[0099] The interaction information entropy and task completion rate curves are aligned temporally, and their deviation is calculated. The deviation refers to the degree of contrast between the reported performance progress and the degree of chaos in the team's collaboration at any given moment. Specifically: the temporal data of the interaction information entropy and the task completion rate curve are normalized separately; the derivative of the normalized interaction information entropy with respect to time is calculated and defined as the entropy growth rate; simultaneously, the derivative of the normalized task completion rate curve with respect to time is calculated and defined as the progress advancement rate. The difference between the entropy growth rate and the progress advancement rate is defined as the deviation. A safe deviation threshold is set, which is a threshold determined based on the statistical characteristics of the deviation before the collapse of historical out-of-control projects; for example, it is set to 0.5. The purpose is to serve as a critical point for judging whether the performance status is healthy, distinguishing between normal project adjustment fluctuations and malignant signs of impending collaboration collapse. If the deviation exceeds the safe deviation limit, it indicates that the entropy growth rate significantly exceeds the progress rate, and the project is judged to have entered a process collapse state. This means that although the project's progress is still increasing on paper, the project team is inefficiently operating or even on the verge of losing control due to excessively high frequency of task rollback events and interactive information entropy. At this point, an automatic performance consistency collapse warning is triggered, and a diagnostic report containing the abnormal entropy increase period and high-frequency rollback nodes is sent to the client's management. The abnormal entropy increase period refers to the time interval during which the calculated deviation value continuously exceeds the safe deviation limit; high-frequency rollback nodes refer to collaborative nodes in the interactive topology network that are the main recipients of task rollback events. This prompts client management to intervene, thereby proactively correcting deviations before the code delivery quality of functional module nodes deteriorates across the board, ensuring the performance stability of outsourced services.
[0100] Step S30 addresses the problem of "false prosperity" in traditional project management, which relies solely on paper progress reports and fails to perceive the internal chaos of team collaboration, leading to a situation where projects nominally meet progress targets but are actually out of control internally. This is achieved by constructing an interactive topology network, calculating interactive information entropy, and triggering a performance consistency collapse warning. Specifically, the interactive topology network reconstructs the collaborative relationships and flow directions within the team by analyzing task flow trajectories; the interactive information entropy quantifies the degree of system chaos caused by task rollback events using a probability distribution set of rollback frequencies; and the performance consistency collapse warning provides client managers with the ability to see through the fog of paper data.
[0101] Example 2
[0102] This embodiment, based on embodiment 1, provides an automated supplier performance consistency verification system, such as... Figure 4 As shown, it includes:
[0103] Cognitive Verification Module: Used to acquire micro-behavioral data representing the cognitive engagement state of outsourced personnel in outsourced delivery scenarios, perform segmentation processing on the micro-behavioral data to obtain the code change volume, perform multi-dimensional feature extraction on the micro-behavioral data and code change volume to obtain a cognitive feature set, and perform compliance verification based on the cognitive feature set to obtain a cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel;
[0104] Potential Energy Defense Module: Used to acquire external risk event data and combine it with the cognitive state distribution set to construct a multi-level risk transmission path performance correlation graph. Based on the performance correlation graph, risk energy transmission calculation is performed to obtain the risk penetration potential energy that characterizes the impact of external risks on functional module nodes. Dynamic compensation is performed using the risk penetration potential energy to obtain the real-time dynamic acceptance threshold.
[0105] Entropy increase monitoring module: Used to construct an interactive topology network based on real-time dynamic acceptance thresholds, calculate interactive information entropy that represents the orderliness of performance cooperation through the interactive topology network, calculate the deviation degree based on the interactive information entropy, and trigger performance consistency collapse warning based on the deviation degree.
[0106] In the cognitive verification module, the process involves acquiring micro-behavioral data representing the cognitive engagement state of outsourced personnel in the outsourcing delivery scenario, performing segmentation processing on the micro-behavioral data to obtain code change volume, performing multi-dimensional feature extraction on the micro-behavioral data and code change volume to obtain a cognitive feature set, and performing compliance verification based on the cognitive feature set to obtain a cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel, including:
[0107] Step S11: Obtain micro-behavioral data representing the cognitive input state of outsourced personnel in the outsourcing delivery scenario, perform segmentation processing on the micro-behavioral data, and obtain the amount of code changes representing the logical output results of outsourced personnel.
[0108] Step S12: Perform multidimensional feature extraction on the micro-behavioral data and code change volume to obtain a cognitive feature set representing the behavior of outsourced personnel;
[0109] Step S13: Construct cognitive behavior feature vectors based on cognitive feature set, perform compliance verification on cognitive behavior feature vectors, and obtain cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel.
[0110] In the potential energy defense module, the acquisition of external risk event data and the construction of a multi-level risk transmission path performance correlation graph based on the cognitive state distribution set are performed. Risk energy transmission calculation is then performed based on the performance correlation graph to obtain the risk penetration potential energy, which characterizes the impact of external risks on functional module nodes. Dynamic compensation is then performed using the risk penetration potential energy to obtain a real-time dynamic acceptance threshold, including:
[0111] Step S21: Obtain external risk event data and construct a performance correlation map of multi-level risk transmission paths by combining the cognitive state distribution set;
[0112] Step S22: Perform risk energy transmission calculation based on the performance correlation graph to obtain the risk penetration potential energy characterizing the impact of external risks on functional module nodes;
[0113] Step S23: Utilize the risk penetration potential energy to perform dynamic compensation and obtain the real-time dynamic acceptance threshold.
[0114] In the entropy increase monitoring module, the step of constructing an interactive topology network based on a real-time dynamic acceptance threshold, calculating the interactive information entropy representing the orderliness of performance cooperation through the interactive topology network, calculating the deviation degree based on the interactive information entropy, and triggering a performance consistency collapse warning based on the deviation degree includes:
[0115] Step S31: Construct an interactive topology network based on the real-time dynamic acceptance threshold, and calculate the interactive information entropy that represents the orderliness of performance cooperation through the interactive topology network;
[0116] Step S32: Calculate the deviation degree based on the interactive information entropy, and trigger a performance consistency collapse warning based on the deviation degree.
[0117] In addition, the parts of the technical solutions provided in the embodiments of this application that are consistent with the implementation principles of the corresponding technical solutions in the prior art have not been described in detail, so as to avoid excessive elaboration.
[0118] The specific embodiments described above further illustrate the purpose, technical solution, and beneficial effects of the present invention. It should be understood that the above descriptions are merely specific embodiments of the present invention and are not intended to limit the invention. Any modifications, equivalent substitutions, or improvements made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.
Claims
1. An automated verification method for supplier performance consistency, characterized in that, The method includes: We acquire micro-behavioral data representing the cognitive engagement of outsourced personnel in outsourcing delivery scenarios, perform segmentation processing on the micro-behavioral data to obtain the code change volume, perform multi-dimensional feature extraction on the micro-behavioral data and code change volume to obtain a cognitive feature set, and perform compliance verification based on the cognitive feature set to obtain a cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel. External risk event data is acquired and combined with the cognitive state distribution set to construct a multi-level risk transmission path performance correlation map. Based on the performance correlation map, risk energy transmission calculation is performed to obtain the risk penetration potential energy, which characterizes the impact of external risks on functional module nodes. Dynamic compensation is performed using the risk penetration potential energy to obtain the real-time dynamic acceptance threshold. An interactive topology network is constructed based on a real-time dynamic acceptance threshold. The interactive information entropy, which represents the orderliness of performance cooperation, is calculated through the interactive topology network. The deviation degree is calculated based on the interactive information entropy, and a performance consistency collapse warning is triggered based on the deviation degree.
2. The automated verification method for supplier performance consistency as described in claim 1, characterized in that, The method for obtaining the amount of code changes includes: Micro-behavioral data includes key scan codes, key press timestamps, key release timestamps, mouse trajectory, and information on the mouse cursor's position in the code editor; A dynamic time window is defined, starting from the moment the outsourced worker begins coding. Multiple consecutive time windows are then defined. At the end of each time window, the amount of code changes made by the outsourced worker within that time window is extracted. Specifically, all source code files opened or edited by the outsourced worker in the secure desktop terminal environment are obtained. A one-way cryptographic hash algorithm is used to calculate the file status fingerprint, which serves as a unique content identifier. The file status fingerprints at the start and end of each time window are recorded. If the file status fingerprints are inconsistent, the set of code lines that have changed within the time window is extracted and serialized to obtain the amount of code changes.
3. The automated supplier performance consistency verification method according to claim 2, characterized in that, The cognitive feature set includes: Set a pause threshold, extract the key press timestamp and key release timestamp corresponding to each key action within the time window, arrange them in chronological order to obtain the key press timestamp sequence and key release timestamp sequence respectively; Calculate the difference between the key press time of the second key press and the key release time of the first key press in two consecutive key presses to obtain the time interval. If the time interval is greater than the pause threshold, it is determined as a long pause event. Calculate the cumulative duration of all long pause events as a percentage of the total duration of the time window to obtain the thinking density feature. The code change volume is parsed using an abstract syntax tree parser to generate an abstract syntax tree. The abstract syntax tree is traversed to extract the maximum nesting depth and the number of branch nodes. The maximum nesting depth and the number of branch nodes are normalized and then added together to obtain the logical complexity characteristics. The cognitive feature set is obtained by combining the thinking density feature with the logical complexity feature.
4. The automated supplier performance consistency verification method according to claim 3, characterized in that, The method for obtaining the cognitive state distribution set includes: The cognitive feature set is vectorized and encapsulated to obtain the cognitive behavior feature vector; The cognitive behavior feature vector is input into a pre-constructed cognitive coupling degree model for verification to obtain the cognitive coupling degree. A truth baseline is established, and the cognitive coupling degree is compared with the truth baseline. If the cognitive coupling degree corresponding to the current outsourced personnel is greater than or equal to the truth baseline, the cognitive behavior feature vector is marked as a cognitive truth point and the corresponding outsourced personnel is included in the effective worker set. If the cognitive coupling degree is less than the truth baseline, the cognitive behavior feature vector is marked as a cognitive outlier. The cognitive truth points and cognitive outliers are combined to obtain the cognitive state distribution set. The effective worker set refers to the candidate subject list consisting of all outsourced personnel marked as cognitive truth points, including the name and job level of the outsourced personnel and the corresponding cognitive coupling degree.
5. The automated supplier performance consistency verification method according to claim 1, characterized in that, The method for constructing the performance association graph includes: Extract the set of valid workers corresponding to the cognitive real points from the cognitive state distribution set, and obtain the functional module node to which the code change volume belongs; For external risk event data, create risk source nodes; for outsourced personnel in the effective set of workers, create transmission medium nodes; use the name, job level, and corresponding cognitive coupling degree of outsourced personnel as attributes of transmission medium nodes; and create recipient nodes for functional module nodes. The contract performance association graph is obtained by establishing employment association edges from the risk source node to the transmission medium node and development association edges from the transmission medium node to the recipient node.
6. The automated verification method for supplier performance consistency as described in claim 5, characterized in that, The method for obtaining the risk penetration potential energy includes: The initial risk potential of risk source nodes is determined based on external risk event data; The risk transmission coefficient is calculated based on the cognitive coupling degree of the transmission medium node, and the risk transmission coefficient is a value minus the cognitive coupling degree. Identify all risk transmission paths in the performance association graph from the risk source node through the transmission medium node to the recipient node. The risk transmission path refers to a directed connected sequence from the risk source node through the employment association edge to the transmission medium node, and then through the development association edge to the recipient node. Based on the risk transmission path, determine the set of risk source nodes as the starting point and the set of transmission medium nodes as intermediate nodes. For each risk transmission path, the initial risk potential energy at the starting point is multiplied by the risk transmission coefficient of the intermediate nodes on the path to obtain the risk energy. By superimposing the risk energies of all risk transmission paths, we obtain the risk penetration potential energy.
7. The automated verification method for supplier performance consistency as described in claim 1, characterized in that, The method for obtaining the real-time dynamic acceptance threshold includes: Obtain the static acceptance criteria corresponding to the functional module nodes. The static acceptance criteria include the code annotation rate benchmark, the unit test coverage benchmark, and the cyclomatic complexity tolerance benchmark. A multiplication operation is performed based on a preset risk sensitivity coefficient and risk penetration potential energy to obtain a dynamic compensation increment. The dynamic compensation increment is added to the code annotation rate benchmark and the unit test coverage benchmark, and the dynamic compensation increment is subtracted from the cyclomatic complexity tolerance benchmark to generate a real-time dynamic acceptance threshold.
8. The automated verification method for supplier performance consistency as described in claim 7, characterized in that, The interactive information entropy includes: Obtain the operation log stream of task work orders constrained by real-time dynamic acceptance thresholds, reconstruct each task work order to obtain the task flow trajectory, which is a sequence of "operator-action-receiver" triples ordered by time. The operator and receiver in the task flow trajectory are identified as collaborating nodes. A directed edge is established between two collaborating nodes. The total number of flow actions between the two collaborating nodes within a preset unit time window is counted and used as the interaction weight of the directed edge. A weighted directed graph consisting of collaborating nodes, directed edges, and interaction weights is obtained, which is the interaction topology network. Traverse the interactive topology network, identify task rollback events, statistically analyze the rollback probability of various task rollback events, and combine them into a rollback frequency probability distribution set; Based on the Shannon entropy principle, the interaction information entropy is obtained by calculating the probability distribution set of backtracking frequencies.
9. The automated verification method for supplier performance consistency as described in claim 8, characterized in that, The aforementioned performance consistency collapse warning includes: Obtain the task completion rate curve submitted by the supplier, and perform time-series alignment and normalization processing on the interaction information entropy and the task completion rate curve; Calculate the derivative of the normalized interaction information entropy with respect to time to obtain the entropy growth rate, and calculate the derivative of the normalized task completion rate curve with respect to time to obtain the progress rate. The difference between the entropy growth rate and the progress rate is calculated to obtain the deviation degree. If the deviation exceeds the preset safety deviation limit, the project is determined to have entered a process collapse state, triggering a performance consistency collapse warning.
10. An automated supplier performance consistency verification system, used to implement the automated supplier performance consistency verification method according to any one of claims 1-9, characterized in that, The system includes: Cognitive Verification Module: Used to acquire micro-behavioral data representing the cognitive engagement state of outsourced personnel in outsourced delivery scenarios, perform segmentation processing on the micro-behavioral data to obtain the code change volume, perform multi-dimensional feature extraction on the micro-behavioral data and code change volume to obtain a cognitive feature set, and perform compliance verification based on the cognitive feature set to obtain a cognitive state distribution set representing the cognitive performance authenticity of outsourced personnel; Potential Energy Defense Module: Used to acquire external risk event data and combine it with the cognitive state distribution set to construct a multi-level risk transmission path performance correlation graph. Based on the performance correlation graph, risk energy transmission calculation is performed to obtain the risk penetration potential energy that characterizes the impact of external risks on functional module nodes. Dynamic compensation is performed using the risk penetration potential energy to obtain the real-time dynamic acceptance threshold. Entropy increase monitoring module: Used to construct an interactive topology network based on real-time dynamic acceptance thresholds, calculate interactive information entropy that represents the orderliness of performance cooperation through the interactive topology network, calculate the deviation degree based on the interactive information entropy, and trigger performance consistency collapse warning based on the deviation degree.