# Fischer AgentKit — 等保三级控制点清单 # # 按 GB/T 22239-2019 第三级 6 维度组织。每个控制点含: # id — 控制点唯一标识(DIM-NN) # dimension — 维度(physical / network / host / application / data / management) # title — 控制点名称 # requirement — GB/T 22239-2019 三级要求摘要 # implementation — AgentKit 实现映射(含状态说明) # status — implemented / p0 / p1 / 待评估 # implemented = 已实现,代码/配置已落地 # p0 = 认证 readiness 必需,POC 采购关闭前补齐 # p1 = 下一阶段补齐,写入整改计划 # 待评估 = 依赖客户侧或需进一步评估 # references — AgentKit 代码/配置文件绝对路径(file:/// 链接) # # 总计 44 个控制点:implemented=26, p0=6, p1=3, 待评估=9 # ============================================================================= # 1. 物理安全(6 个,全部待评估 — 依赖客户机房) # ============================================================================= - id: "PHY-01" dimension: physical title: "物理访问控制" requirement: "机房出入口配置电子门禁,记录进入人员和时间" implementation: "AgentKit 不运维物理机房。K8s 部署在客户内网,物理访问由客户机房运营方控制。AgentKit 仅提供部署形态证明(非 root 容器 + Helm Chart)。" status: "待评估" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml" - id: "PHY-02" dimension: physical title: "防盗窃和防破坏" requirement: "主要设备设置防盗标识,机房设置监控系统" implementation: "无物理设备责任。K8s worker node 由客户运维,机房监控由客户方提供。" status: "待评估" references: [] - id: "PHY-03" dimension: physical title: "防雷击" requirement: "机房设置防雷保安器,接地电阻符合要求" implementation: "无防雷责任。依赖客户机房防雷设施。" status: "待评估" references: [] - id: "PHY-04" dimension: physical title: "防火" requirement: "机房设置火灾自动消防系统,检测报警器" implementation: "无消防责任。依赖客户机房消防系统。" status: "待评估" references: [] - id: "PHY-05" dimension: physical title: "防水和防潮" requirement: "机房安装水敏检测装置,防止水管安装" implementation: "无防水责任。依赖客户机房防水设施。" status: "待评估" references: [] - id: "PHY-06" dimension: physical title: "防静电" requirement: "机房采用防静电地板,设置静电消除器" implementation: "无防静电责任。依赖客户机房防静电设施。" status: "待评估" references: [] # ============================================================================= # 2. 网络安全(8 个) # ============================================================================= - id: "NET-01" dimension: network title: "网络架构" requirement: "划分网络区域,避免单点故障" implementation: "单 Ingress 入口 + ClusterIP Service 架构。Ingress 是唯一对外入口,Redis/PG/OTel 全部 ClusterIP 内部访问。API 与 GUI 走分离路径(/api 与 /)。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - id: "NET-02" dimension: network title: "边界防护(Ingress TLS)" requirement: "边界实施访问控制和安全过滤" implementation: "Ingress 启用 TLS 终止,所有外网流量强制 HTTPS。TLS 证书通过 cert-manager 自动续期或手动签发(365 天轮换),私钥通过 Sealed Secret / External Secret 注入(KTD-4 / R2a)。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - id: "NET-03" dimension: network title: "访问控制(NetworkPolicy)" requirement: "网络层访问控制策略,最小权限" implementation: "P0 补齐项。Helm Chart 暂无 NetworkPolicy 模板,Pod 间东西向流量默认全通。计划新增 networkpolicy.yaml,默认 deny-all + 白名单放行(Ingress→Pod, Pod→Redis/PG/OTel)。当前缓解:Service 全部 ClusterIP,Redis/PG 由客户 K8s 网络策略保护。" status: "p0" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml" - id: "NET-04" dimension: network title: "入侵防范" requirement: "网络入侵检测,恶意流量检测" implementation: "应用层已实现 RateLimiter 滑动窗口限流 + Webhook 独立限流 + JWT/SCIM token 恒定时间比较。网络层 IDS/IPS 依赖客户骨干网络。P1:接入客户 SIEM,将 OTel 日志投递到客户入侵检测平台。" status: "p1" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py" - id: "NET-05" dimension: network title: "安全审计(OTel)" requirement: "网络审计日志,覆盖关键网络活动" implementation: "OpenTelemetry(U1 强制依赖)实现网络活动审计:FastAPI Instrumentor 自动埋点每个 HTTP 请求 span;RBAC 变更/SCIM 失败/终端命令写入审计 + OTel span event;OTLP gRPC 导出到内部 collector。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/setup.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py" - id: "NET-06" dimension: network title: "恶意代码防范" requirement: "网络边界恶意代码检测" implementation: "AgentKit 不在网络边界位置,恶意代码检测由客户网络骨干(防病毒网关/沙箱)负责。AgentKit 侧缓解:容器镜像来自可信 CI 构建,不在运行时下载可执行文件;终端命令受 6 层白名单 + 危险检测约束。" status: "待评估" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py" - id: "NET-07" dimension: network title: "安全审计日志保留(180 天)" requirement: "日志保留期满足合规要求(≥180 天)" implementation: "P0 补齐项。auth_audit_log 与 terminal_audit_logs 表无自动清理/归档策略。计划:Helm values 增加 audit.retentionDays=180(KTD-9),实现归档 CronJob 导出超过 180 天记录到对象存储并清理主表,OTel collector 配置 180 天保留策略。" status: "p0" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py" - id: "NET-08" dimension: network title: "资源控制(会话/带宽)" requirement: "会话与带宽限制,防止资源耗尽" implementation: "容器层 Pod resources requests/limits(CPU 250m~1000m / Mem 512Mi~2Gi);应用层 RateLimiter IP 滑动窗口 + Webhook 独立限流;终端 session 1800s 闲置断开;JWT access 15min 强制重新认证。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/terminal_server.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py" # ============================================================================= # 3. 主机安全(7 个,以容器/Pod 为单元) # ============================================================================= - id: "HST-01" dimension: host title: "身份鉴别(ServiceAccount)" requirement: "设备/系统身份标识与鉴别" implementation: "AgentKit Pod 使用专用 ServiceAccount(不共享 default SA),Helm Chart 自动创建。可选 workload identity 注入 projected SA token 用于访问云 KMS/STS。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/serviceaccount.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - id: "HST-02" dimension: host title: "访问控制(Pod 安全上下文)" requirement: "操作系统/账户权限最小化,远程管理受控" implementation: "podSecurityContext.runAsNonRoot=true(UID/GID 1000);securityContext.allowPrivilegeEscalation=false + capabilities.drop=[ALL];readOnlyRootFilesystem=false(需写临时文件,通过 emptyDir 挂载 /tmp 隔离);未启用特权模式。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/Dockerfile" - id: "HST-03" dimension: host title: "安全审计(容器日志标准化采集)" requirement: "设备审计日志,覆盖系统管理活动" implementation: "已实现基础审计:stdout/stderr 由 K8s 采集 + OTel trace 导出 + auth_audit_log 表 + terminal_audit_logs 表 + OTel span event。P0 补齐:容器日志到客户日志平台的标准化采集链路 + 审计日志 JSON 化便于 SIEM 解析 + 180 天保留(与 NET-07 协同)。" status: "p0" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/setup.py" - id: "HST-04" dimension: host title: "入侵防范(容器层)" requirement: "主机入侵检测,系统加固" implementation: "容器层已实现:非 root + drop ALL capabilities 限制系统调用;allowPrivilegeEscalation=false 阻止提权;资源 limits 防失控;Liveness/Readiness 探针故障自动重启。node 层 HIDS(Falco/OSSEC)依赖客户侧。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml" - id: "HST-05" dimension: host title: "恶意代码防范(主机防病毒)" requirement: "主机防病毒,恶意代码检测" implementation: "AgentKit 容器内不部署防病毒(无文件系统持久化,镜像来自可信 CI)。K8s node 层主机防病毒/HIDS 由客户运维。依赖客户机房 node 安全基线。" status: "待评估" references: [] - id: "HST-06" dimension: host title: "资源控制(CPU/内存/磁盘)" requirement: "CPU/内存/磁盘限制,会话超时" implementation: "Pod resources requests/limits(CPU 250m~1000m / Mem 512Mi~2Gi);应用层 RateLimiter;终端 session 1800s 闲置断开;JWT access 15min / refresh 7d。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py" - id: "HST-07" dimension: host title: "镜像与补丁管理" requirement: "系统补丁及时更新,镜像来源可信" implementation: "P0 补齐项。已实现:多阶段构建 + 非 root appuser(UID 1001)+ python:3.11-slim 基础镜像 + HEALTHCHECK。P0 待补:CI 集成 Trivy 镜像漏洞扫描(HIGH/CRITICAL 阻断)+ image.digest 不可变引用。P1 增强:distroless 基础镜像 + cosign 签名。" status: "p0" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/Dockerfile" - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" # ============================================================================= # 4. 应用安全(8 个,全部已实现 — AgentKit 核心责任) # ============================================================================= - id: "APP-01" dimension: application title: "身份鉴别(SSO 多 IDP + JWT)" requirement: "用户身份标识与鉴别,口令复杂度,登录失败处理" implementation: "U4 SSO 多 IDP(OIDC authlib + SAML python3-saml,热证书轮换,R1a 按 sub 关联禁止邮箱合并);本地密码 bcrypt rounds=12;JWT HS256 access 15min + refresh 7d(30d 记住我)含 sid+jti claims;refresh token 轮换 + reuse 检测撤销全 session;OAuth state CSRF 防护 TTL 5min 一次性消费。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/oidc.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/saml.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/password.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/denylist.py" - id: "APP-02" dimension: application title: "访问控制(RBAC 3 级 + 终端 6 层)" requirement: "基于角色的访问控制,最小权限,默认拒绝" implementation: "3 级 RBAC(member/operator/admin)+ 9 权限位(CHAT/KB_QUERY/KB_WRITE/WORKFLOW_EXECUTE/TERMINAL_LOCAL_USE/TERMINAL_SERVER_USE/TERMINAL_WHITELIST_MANAGE/USER_MANAGE/SYSTEM_CONFIG)。R7a 终端安全 6 层白名单(blocklist→builtin→global→user→session→danger),shell 操作符永远绕过白名单强制走 danger detection。终端双层授权(RBAC 角色 + 个人授权标志)。SCIM token 恒定时间比较。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/permissions.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py" - id: "APP-03" dimension: application title: "安全审计(OTel + audit.py)" requirement: "应用审计日志,覆盖用户操作关键事件" implementation: "U1 OTel 强制依赖。审计事件:role_change / deprovision(含 break_glass 标记),写入 auth_audit_log 表 + OTel span event(OTel 不可用降级 SQLite+日志)。SCIM 推送失败 span event scim.push.failure。终端命令审计 terminal_audit_logs(决策 + cwd + exit_code)。OTel 指标:agent.request.total / pii_filter.coverage 等。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py" - id: "APP-04" dimension: application title: "通信完整性(TLS + JWT + Webhook 签名)" requirement: "传输完整性保护,防篡改" implementation: "传输层 Ingress TLS 终止(HTTPS);JWT HS256 签名校验(篡改即失败);Webhook 入站 fail-closed 签名校验失败返回 401;mTLS 客户端证书(Helm 预留 secrets.mtlsClientCert slot 用于下游 KMS/HSM)。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py" - id: "APP-05" dimension: application title: "软件容错(fallback + fail-closed)" requirement: "错误处理,故障隔离,降级机制" implementation: "LLM 网关多 provider fallback;OTel 运行时错误降级 NoOpTracer 不崩溃;PII 脱敏 fail-closed(异常拒绝发送不降级原文,默认 fail_closed=True);专家团队全失败回退单 agent;U3 DR-fixes(bitable 字段校验 DR-1 / LastViewDeletionError DR-4 / 工具调用容错 DR-5)。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/gateway.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/tracer.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/bitable/repository.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/bitable/service.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/tools/bitable_tool.py" - id: "APP-06" dimension: application title: "资源控制(限流 + 会话超时)" requirement: "会话并发控制,超时自动断开" implementation: "RateLimiter IP 滑动窗口 + Webhook 独立限流 + nonce dedup;终端 session 1800s 闲置断开;JWT access 15min 过期;专家名称正则校验防注入;HandoffTransport 有界队列 maxsize=1024 + sentinel 关闭模式。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/terminal_server.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py" - id: "APP-07" dimension: application title: "应用账户生命周期(SCIM 2.0 + JIT + deprovision)" requirement: "开户/变更/销户审计,SCIM 自动化" implementation: "SCIM 2.0 端点(POST/PATCH/GET Users,bearer token 恒定时间比较);OIDC/SAML JIT 创建本地用户 + user_idp_links(R1a 按 sub 关联禁止邮箱合并,随机密码不可本地登录);deprovision 端点禁用账户 + 撤销全 session + 审计(含 break_glass 标记)。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/oidc.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py" - id: "APP-08" dimension: application title: "代码安全(输入验证 + 依赖管理)" requirement: "输入验证,输出编码,依赖漏洞管理" implementation: "Pydantic v2 模型校验(extra=forbid 拒绝未知字段,SCIM/IDP 配置均启用);禁止 any 类型(项目规则,用 Pydantic 模型或 Unknown);专家名称正则 _EXPERT_NAME_RE 防 SQL/命令注入;API Key 恒定时间比较 hmac.compare_digest;Ruff lint+format(py311);pyproject.toml 锁定精确版本;终端 6 层白名单防命令注入链。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/models.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py" # ============================================================================= # 5. 数据安全(8 个) # ============================================================================= - id: "DAT-01" dimension: data title: "数据完整性(PG + pgvector)" requirement: "数据传输/存储完整性,校验机制" implementation: "PostgreSQL 事务 ACID 保证 + pgvector 扩展存储向量记忆;SQLAlchemy 2 async ORM 应用层事务;JWT HS256 签名防篡改;Webhook fail-closed 签名校验;Pydantic extra=forbid 防数据注入。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py" - id: "DAT-02" dimension: data title: "数据保密性(PII 脱敏 U2)" requirement: "敏感数据加密存储/传输,密钥管理" implementation: "U2 PII 脱敏 hook:正则版(手机/邮箱/身份证/银行卡)+ ner_hook(客户内网 NER 模型优先)+ fail-closed(异常拒绝发送不降级原文,默认 fail_closed=True)+ hash 审计(sha256 前 8 位,仅 hash 不含原文)。身份证正则优先于手机避免误匹配。OTel 指标 pii_filter.coverage / pii_filter.redacted。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py" - id: "DAT-03" dimension: data title: "数据备份与恢复(PG backup runbook)" requirement: "重要数据定期备份,恢复演练" implementation: "P0 补齐项。已实现:PostgreSQL 持久化 + WAL 默认开启 + Redis AOF/RDB(客户运维)。P0 待补:新增 docs/deployment/pg-backup-runbook.md(每日 pg_dump 保留 7 天 + WAL 归档 PITR + 季度恢复演练 + 备份加密 SM4/AES-256);Helm Chart 增加 backup 段(可选 pg-backup sidecar/CronJob)。" status: "p0" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - id: "DAT-04" dimension: data title: "剩余信息保护(session revoke)" requirement: "鉴别信息/文件/内存空间释放前清理" implementation: "JWT V2 含 sid+jti claims,中间件校验 session 是否服务端撤销;销户撤销全 session;refresh token 轮换旧 token 进 denylist 30s 窗口;token reuse 检测撤销全 session;denylist 存 SHA-256 hash 不存明文;JIT/SCIM 用户随机密码不可本地登录。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/denylist.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py" - id: "DAT-05" dimension: data title: "个人信息保护(PII 最小化)" requirement: "PII 采集/处理/传输最小化与脱敏" implementation: "PII 脱敏后原文不落盘(仅 hash 用于审计),LLM prompt 不含原文 PII;PII 按类型分级(id_card/phone/email/bank_card),不同类型 hash 独立记录;记忆 4 层架构(SOUL/USER/MEMORY/DAILY)按敏感度存储;数据最小化原则。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py" - id: "DAT-06" dimension: data title: "数据采集与分类分级" requirement: "按敏感度分级保护" implementation: "PII 按 4 类分级(id_card/phone/email/bank_card)独立 hash 审计;记忆 4 层架构(SOUL 最敏感→DAILY 最不敏感);PII 脱敏覆盖发送至 LLM 的 prompt(边界:不覆盖终端命令/上传文档/bitable 结构化数据,由客户自行控制)。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py" - id: "DAT-07" dimension: data title: "数据销毁" requirement: "数据销毁审计,不可恢复" implementation: "账户销户 deprovision 禁用账户+撤销全 session;审计记录不可删除(审计表无 delete 接口,admin 不可删除审计);PII 原文脱敏后不落盘无需专门销毁;PG 数据销毁由客户 DBA 发起 SQL 记录审计。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py" - id: "DAT-08" dimension: data title: "国密算法合规(R11a)" requirement: "敏感数据加密使用国密算法(政企客户要求)" implementation: "P1 参考。当前使用国际算法:TLS(AES-GCM)/ bcrypt 密码哈希 / HS256 JWT / SHA-256 PII hash。未使用国密(SM2/SM3/SM4/SM9)。P1 升级路径:JWT 签名→SM2-HMAC、密码哈希→SM3(双算法并行兼容)、PII hash→SM3、TLS→国密套件、PG 字段级加密→SM4 TDE。注:国密不阻碍等保三级认证(三级要求加密而非国密),但政企客户常要求国密合规。" status: "p1" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/password.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py" # ============================================================================= # 6. 管理安全(7 个) # ============================================================================= - id: "MGT-01" dimension: management title: "密钥管理(10 secret slot + 轮换 runbook)" requirement: "密钥生成/存储/分发/轮换/销毁" implementation: "U5 10 个 secret slot(JWT/API Key/DB/IDP/第三方API/TLS/mTLS/KMS-HSM/OTel/Redis-PG)含轮换周期(90~365 天)。禁止明文 K8s Secret+Git 提交(KTD-4/R2a),后端二选一:Sealed Secrets 或 External Secrets Operator。SAML IDP 证书热轮换(不重启即时生效,idp_registry.update_certificate)。通用原则:零停机双密钥并行+审计先行+回滚预案+权限最小化。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md" - "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/secret-inventory.md" - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py" - id: "MGT-02" dimension: management title: "变更管理(CI/CD 规范)" requirement: "变更审批/测试/回滚/审计" implementation: "P0 补齐项。已实现:Git 版本控制所有代码/配置/Helm Chart;Helm Chart checksum/config annotation ConfigMap 变更触发 rollout;config_sync.py 配置版本管理+轮询同步;审计记录 RBAC 变更。P0 待补:新增 docs/CI-CD-STANDARDS.md(分支策略+CI 检查 ruff/pytest/镜像扫描+部署审批+回滚流程);CI 集成镜像漏洞扫描(与 HST-07 协同);部署变更审计接入。" status: "p0" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/config_sync.py" - id: "MGT-03" dimension: management title: "应急响应" requirement: "应急事件处置流程,隔离/恢复" implementation: "待评估。AgentKit 自身应急隔离能力已实现(销户+session 撤销+密钥紧急轮换,见 MGT-06/MGT-07),但完整应急响应预案需与客户安全团队协同:事件分级标准+响应时限+通报链路+恢复流程。建议客户基于本套等保文档+AgentKit 应急能力构建完整预案,认证前完成至少一次桌面演练。" status: "待评估" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py" - id: "MGT-04" dimension: management title: "安全审计与评估" requirement: "定期安全评估,漏洞管理" implementation: "P1 参考。已实现:审计日志覆盖 RBAC 变更/deprovision/终端命令/SCIM 操作;OTel 指标监控异常。P1 补齐:每月依赖漏洞扫描(pip-audit/safety);每次重大版本发布前 SAST 扫描(Bandit/Semgrep);认证后每年至少一次渗透测试(客户侧组织);admin 每季度审查审计日志异常模式(P1 可引入 SIEM 自动告警)。" status: "p1" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py" - id: "MGT-05" dimension: management title: "配置管理(Helm values + 配置同步)" requirement: "基线配置,配置变更审计" implementation: "Helm values 标准化所有可配置项含注释;配置优先级 CLI>agentkit.yaml>环境变量>.env>硬编码默认;config_sync.py 配置版本管理+轮询同步;密钥与配置分离(含密钥段由 env 注入不进 ConfigMap,非密配置进 ConfigMap)。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/config_sync.py" - id: "MGT-06" dimension: management title: "应急通道(break-glass)" requirement: "高权限应急通道,审计追溯" implementation: "U4 R1b break-glass deprovisioning:/admin/users/{id}/deprovision 端点支持 break_glass=true 标记,审计记录 source=break_glass(SOURCE_BREAKGLASS)。流程:隔离(销户)→撤销全 session→审计(actor/target/reason/source/timestamp)→OTel span event audit.deprovision 接入审计通道→人工通报。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py" - "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py" - id: "MGT-07" dimension: management title: "密钥泄露响应" requirement: "泄露检测/隔离/轮换/通报" implementation: "key-rotation-runbook.md §紧急轮换(泄露响应)段落:1.隔离(撤销泄露密钥 provider控制台/HSM/CA)→2.轮换(按对应 slot 步骤紧急轮换,不遵循双密钥并行直接切换废弃旧密钥)→3.审计(检索泄露密钥使用日志确认无异常)→4.通报(安全团队+受影响用户)→5.复盘(记录原因加固访问控制)。" status: "implemented" references: - "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md"