fischer-agentkit/docs/compliance/dengbao-level3/control-points.yaml

492 lines
31 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Fischer AgentKit — 等保三级控制点清单
#
# 按 GB/T 22239-2019 第三级 6 维度组织。每个控制点含:
# id — 控制点唯一标识DIM-NN
# dimension — 维度physical / network / host / application / data / management
# title — 控制点名称
# requirement — GB/T 22239-2019 三级要求摘要
# implementation — AgentKit 实现映射(含状态说明)
# status — implemented / p0 / p1 / 待评估
# implemented = 已实现,代码/配置已落地
# p0 = 认证 readiness 必需POC 采购关闭前补齐
# p1 = 下一阶段补齐,写入整改计划
# 待评估 = 依赖客户侧或需进一步评估
# references — AgentKit 代码/配置文件绝对路径file:/// 链接)
#
# 总计 44 个控制点implemented=26, p0=6, p1=3, 待评估=9
# =============================================================================
# 1. 物理安全6 个,全部待评估 — 依赖客户机房)
# =============================================================================
- id: "PHY-01"
dimension: physical
title: "物理访问控制"
requirement: "机房出入口配置电子门禁,记录进入人员和时间"
implementation: "AgentKit 不运维物理机房。K8s 部署在客户内网物理访问由客户机房运营方控制。AgentKit 仅提供部署形态证明(非 root 容器 + Helm Chart。"
status: "待评估"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml"
- id: "PHY-02"
dimension: physical
title: "防盗窃和防破坏"
requirement: "主要设备设置防盗标识,机房设置监控系统"
implementation: "无物理设备责任。K8s worker node 由客户运维,机房监控由客户方提供。"
status: "待评估"
references: []
- id: "PHY-03"
dimension: physical
title: "防雷击"
requirement: "机房设置防雷保安器,接地电阻符合要求"
implementation: "无防雷责任。依赖客户机房防雷设施。"
status: "待评估"
references: []
- id: "PHY-04"
dimension: physical
title: "防火"
requirement: "机房设置火灾自动消防系统,检测报警器"
implementation: "无消防责任。依赖客户机房消防系统。"
status: "待评估"
references: []
- id: "PHY-05"
dimension: physical
title: "防水和防潮"
requirement: "机房安装水敏检测装置,防止水管安装"
implementation: "无防水责任。依赖客户机房防水设施。"
status: "待评估"
references: []
- id: "PHY-06"
dimension: physical
title: "防静电"
requirement: "机房采用防静电地板,设置静电消除器"
implementation: "无防静电责任。依赖客户机房防静电设施。"
status: "待评估"
references: []
# =============================================================================
# 2. 网络安全8 个)
# =============================================================================
- id: "NET-01"
dimension: network
title: "网络架构"
requirement: "划分网络区域,避免单点故障"
implementation: "单 Ingress 入口 + ClusterIP Service 架构。Ingress 是唯一对外入口Redis/PG/OTel 全部 ClusterIP 内部访问。API 与 GUI 走分离路径(/api 与 /)。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- id: "NET-02"
dimension: network
title: "边界防护Ingress TLS"
requirement: "边界实施访问控制和安全过滤"
implementation: "Ingress 启用 TLS 终止,所有外网流量强制 HTTPS。TLS 证书通过 cert-manager 自动续期或手动签发365 天轮换),私钥通过 Sealed Secret / External Secret 注入KTD-4 / R2a。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- id: "NET-03"
dimension: network
title: "访问控制NetworkPolicy"
requirement: "网络层访问控制策略,最小权限"
implementation: "P0 补齐项。Helm Chart 暂无 NetworkPolicy 模板Pod 间东西向流量默认全通。计划新增 networkpolicy.yaml默认 deny-all + 白名单放行Ingress→Pod, Pod→Redis/PG/OTel。当前缓解Service 全部 ClusterIPRedis/PG 由客户 K8s 网络策略保护。"
status: "p0"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml"
- id: "NET-04"
dimension: network
title: "入侵防范"
requirement: "网络入侵检测,恶意流量检测"
implementation: "应用层已实现 RateLimiter 滑动窗口限流 + Webhook 独立限流 + JWT/SCIM token 恒定时间比较。网络层 IDS/IPS 依赖客户骨干网络。P1接入客户 SIEM将 OTel 日志投递到客户入侵检测平台。"
status: "p1"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
- id: "NET-05"
dimension: network
title: "安全审计OTel"
requirement: "网络审计日志,覆盖关键网络活动"
implementation: "OpenTelemetryU1 强制依赖实现网络活动审计FastAPI Instrumentor 自动埋点每个 HTTP 请求 spanRBAC 变更/SCIM 失败/终端命令写入审计 + OTel span eventOTLP gRPC 导出到内部 collector。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/setup.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
- id: "NET-06"
dimension: network
title: "恶意代码防范"
requirement: "网络边界恶意代码检测"
implementation: "AgentKit 不在网络边界位置,恶意代码检测由客户网络骨干(防病毒网关/沙箱负责。AgentKit 侧缓解:容器镜像来自可信 CI 构建,不在运行时下载可执行文件;终端命令受 6 层白名单 + 危险检测约束。"
status: "待评估"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
- id: "NET-07"
dimension: network
title: "安全审计日志保留180 天)"
requirement: "日志保留期满足合规要求≥180 天)"
implementation: "P0 补齐项。auth_audit_log 与 terminal_audit_logs 表无自动清理/归档策略。计划Helm values 增加 audit.retentionDays=180KTD-9实现归档 CronJob 导出超过 180 天记录到对象存储并清理主表OTel collector 配置 180 天保留策略。"
status: "p0"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
- id: "NET-08"
dimension: network
title: "资源控制(会话/带宽)"
requirement: "会话与带宽限制,防止资源耗尽"
implementation: "容器层 Pod resources requests/limitsCPU 250m~1000m / Mem 512Mi~2Gi应用层 RateLimiter IP 滑动窗口 + Webhook 独立限流;终端 session 1800s 闲置断开JWT access 15min 强制重新认证。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/terminal_server.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
# =============================================================================
# 3. 主机安全7 个,以容器/Pod 为单元)
# =============================================================================
- id: "HST-01"
dimension: host
title: "身份鉴别ServiceAccount"
requirement: "设备/系统身份标识与鉴别"
implementation: "AgentKit Pod 使用专用 ServiceAccount不共享 default SAHelm Chart 自动创建。可选 workload identity 注入 projected SA token 用于访问云 KMS/STS。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/serviceaccount.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- id: "HST-02"
dimension: host
title: "访问控制Pod 安全上下文)"
requirement: "操作系统/账户权限最小化,远程管理受控"
implementation: "podSecurityContext.runAsNonRoot=trueUID/GID 1000securityContext.allowPrivilegeEscalation=false + capabilities.drop=[ALL]readOnlyRootFilesystem=false需写临时文件通过 emptyDir 挂载 /tmp 隔离);未启用特权模式。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/Dockerfile"
- id: "HST-03"
dimension: host
title: "安全审计(容器日志标准化采集)"
requirement: "设备审计日志,覆盖系统管理活动"
implementation: "已实现基础审计stdout/stderr 由 K8s 采集 + OTel trace 导出 + auth_audit_log 表 + terminal_audit_logs 表 + OTel span event。P0 补齐:容器日志到客户日志平台的标准化采集链路 + 审计日志 JSON 化便于 SIEM 解析 + 180 天保留(与 NET-07 协同)。"
status: "p0"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/setup.py"
- id: "HST-04"
dimension: host
title: "入侵防范(容器层)"
requirement: "主机入侵检测,系统加固"
implementation: "容器层已实现:非 root + drop ALL capabilities 限制系统调用allowPrivilegeEscalation=false 阻止提权;资源 limits 防失控Liveness/Readiness 探针故障自动重启。node 层 HIDSFalco/OSSEC依赖客户侧。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml"
- id: "HST-05"
dimension: host
title: "恶意代码防范(主机防病毒)"
requirement: "主机防病毒,恶意代码检测"
implementation: "AgentKit 容器内不部署防病毒(无文件系统持久化,镜像来自可信 CI。K8s node 层主机防病毒/HIDS 由客户运维。依赖客户机房 node 安全基线。"
status: "待评估"
references: []
- id: "HST-06"
dimension: host
title: "资源控制CPU/内存/磁盘)"
requirement: "CPU/内存/磁盘限制,会话超时"
implementation: "Pod resources requests/limitsCPU 250m~1000m / Mem 512Mi~2Gi应用层 RateLimiter终端 session 1800s 闲置断开JWT access 15min / refresh 7d。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py"
- id: "HST-07"
dimension: host
title: "镜像与补丁管理"
requirement: "系统补丁及时更新,镜像来源可信"
implementation: "P0 补齐项。已实现:多阶段构建 + 非 root appuserUID 1001+ python:3.11-slim 基础镜像 + HEALTHCHECK。P0 待补CI 集成 Trivy 镜像漏洞扫描HIGH/CRITICAL 阻断)+ image.digest 不可变引用。P1 增强distroless 基础镜像 + cosign 签名。"
status: "p0"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/Dockerfile"
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
# =============================================================================
# 4. 应用安全8 个,全部已实现 — AgentKit 核心责任)
# =============================================================================
- id: "APP-01"
dimension: application
title: "身份鉴别SSO 多 IDP + JWT"
requirement: "用户身份标识与鉴别,口令复杂度,登录失败处理"
implementation: "U4 SSO 多 IDPOIDC authlib + SAML python3-saml热证书轮换R1a 按 sub 关联禁止邮箱合并);本地密码 bcrypt rounds=12JWT HS256 access 15min + refresh 7d30d 记住我)含 sid+jti claimsrefresh token 轮换 + reuse 检测撤销全 sessionOAuth state CSRF 防护 TTL 5min 一次性消费。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/oidc.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/saml.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/password.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/denylist.py"
- id: "APP-02"
dimension: application
title: "访问控制RBAC 3 级 + 终端 6 层)"
requirement: "基于角色的访问控制,最小权限,默认拒绝"
implementation: "3 级 RBACmember/operator/admin+ 9 权限位CHAT/KB_QUERY/KB_WRITE/WORKFLOW_EXECUTE/TERMINAL_LOCAL_USE/TERMINAL_SERVER_USE/TERMINAL_WHITELIST_MANAGE/USER_MANAGE/SYSTEM_CONFIG。R7a 终端安全 6 层白名单blocklist→builtin→global→user→session→dangershell 操作符永远绕过白名单强制走 danger detection。终端双层授权RBAC 角色 + 个人授权标志。SCIM token 恒定时间比较。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/permissions.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
- id: "APP-03"
dimension: application
title: "安全审计OTel + audit.py"
requirement: "应用审计日志,覆盖用户操作关键事件"
implementation: "U1 OTel 强制依赖。审计事件role_change / deprovision含 break_glass 标记),写入 auth_audit_log 表 + OTel span eventOTel 不可用降级 SQLite+日志。SCIM 推送失败 span event scim.push.failure。终端命令审计 terminal_audit_logs决策 + cwd + exit_code。OTel 指标agent.request.total / pii_filter.coverage 等。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py"
- id: "APP-04"
dimension: application
title: "通信完整性TLS + JWT + Webhook 签名)"
requirement: "传输完整性保护,防篡改"
implementation: "传输层 Ingress TLS 终止HTTPSJWT HS256 签名校验篡改即失败Webhook 入站 fail-closed 签名校验失败返回 401mTLS 客户端证书Helm 预留 secrets.mtlsClientCert slot 用于下游 KMS/HSM。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py"
- id: "APP-05"
dimension: application
title: "软件容错fallback + fail-closed"
requirement: "错误处理,故障隔离,降级机制"
implementation: "LLM 网关多 provider fallbackOTel 运行时错误降级 NoOpTracer 不崩溃PII 脱敏 fail-closed异常拒绝发送不降级原文默认 fail_closed=True专家团队全失败回退单 agentU3 DR-fixesbitable 字段校验 DR-1 / LastViewDeletionError DR-4 / 工具调用容错 DR-5。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/gateway.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/tracer.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/bitable/repository.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/bitable/service.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/tools/bitable_tool.py"
- id: "APP-06"
dimension: application
title: "资源控制(限流 + 会话超时)"
requirement: "会话并发控制,超时自动断开"
implementation: "RateLimiter IP 滑动窗口 + Webhook 独立限流 + nonce dedup终端 session 1800s 闲置断开JWT access 15min 过期专家名称正则校验防注入HandoffTransport 有界队列 maxsize=1024 + sentinel 关闭模式。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/terminal_server.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
- id: "APP-07"
dimension: application
title: "应用账户生命周期SCIM 2.0 + JIT + deprovision"
requirement: "开户/变更/销户审计SCIM 自动化"
implementation: "SCIM 2.0 端点POST/PATCH/GET Usersbearer token 恒定时间比较OIDC/SAML JIT 创建本地用户 + user_idp_linksR1a 按 sub 关联禁止邮箱合并随机密码不可本地登录deprovision 端点禁用账户 + 撤销全 session + 审计(含 break_glass 标记)。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/oidc.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
- id: "APP-08"
dimension: application
title: "代码安全(输入验证 + 依赖管理)"
requirement: "输入验证,输出编码,依赖漏洞管理"
implementation: "Pydantic v2 模型校验extra=forbid 拒绝未知字段SCIM/IDP 配置均启用);禁止 any 类型(项目规则,用 Pydantic 模型或 Unknown专家名称正则 _EXPERT_NAME_RE 防 SQL/命令注入API Key 恒定时间比较 hmac.compare_digestRuff lint+formatpy311pyproject.toml 锁定精确版本;终端 6 层白名单防命令注入链。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/models.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
# =============================================================================
# 5. 数据安全8 个)
# =============================================================================
- id: "DAT-01"
dimension: data
title: "数据完整性PG + pgvector"
requirement: "数据传输/存储完整性,校验机制"
implementation: "PostgreSQL 事务 ACID 保证 + pgvector 扩展存储向量记忆SQLAlchemy 2 async ORM 应用层事务JWT HS256 签名防篡改Webhook fail-closed 签名校验Pydantic extra=forbid 防数据注入。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py"
- id: "DAT-02"
dimension: data
title: "数据保密性PII 脱敏 U2"
requirement: "敏感数据加密存储/传输,密钥管理"
implementation: "U2 PII 脱敏 hook正则版手机/邮箱/身份证/银行卡)+ ner_hook客户内网 NER 模型优先)+ fail-closed异常拒绝发送不降级原文默认 fail_closed=True+ hash 审计sha256 前 8 位,仅 hash 不含原文。身份证正则优先于手机避免误匹配。OTel 指标 pii_filter.coverage / pii_filter.redacted。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py"
- id: "DAT-03"
dimension: data
title: "数据备份与恢复PG backup runbook"
requirement: "重要数据定期备份,恢复演练"
implementation: "P0 补齐项。已实现PostgreSQL 持久化 + WAL 默认开启 + Redis AOF/RDB客户运维。P0 待补:新增 docs/deployment/pg-backup-runbook.md每日 pg_dump 保留 7 天 + WAL 归档 PITR + 季度恢复演练 + 备份加密 SM4/AES-256Helm Chart 增加 backup 段(可选 pg-backup sidecar/CronJob。"
status: "p0"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- id: "DAT-04"
dimension: data
title: "剩余信息保护session revoke"
requirement: "鉴别信息/文件/内存空间释放前清理"
implementation: "JWT V2 含 sid+jti claims中间件校验 session 是否服务端撤销;销户撤销全 sessionrefresh token 轮换旧 token 进 denylist 30s 窗口token reuse 检测撤销全 sessiondenylist 存 SHA-256 hash 不存明文JIT/SCIM 用户随机密码不可本地登录。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/denylist.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
- id: "DAT-05"
dimension: data
title: "个人信息保护PII 最小化)"
requirement: "PII 采集/处理/传输最小化与脱敏"
implementation: "PII 脱敏后原文不落盘(仅 hash 用于审计LLM prompt 不含原文 PIIPII 按类型分级id_card/phone/email/bank_card不同类型 hash 独立记录;记忆 4 层架构SOUL/USER/MEMORY/DAILY按敏感度存储数据最小化原则。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
- id: "DAT-06"
dimension: data
title: "数据采集与分类分级"
requirement: "按敏感度分级保护"
implementation: "PII 按 4 类分级id_card/phone/email/bank_card独立 hash 审计;记忆 4 层架构SOUL 最敏感→DAILY 最不敏感PII 脱敏覆盖发送至 LLM 的 prompt边界不覆盖终端命令/上传文档/bitable 结构化数据,由客户自行控制)。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
- id: "DAT-07"
dimension: data
title: "数据销毁"
requirement: "数据销毁审计,不可恢复"
implementation: "账户销户 deprovision 禁用账户+撤销全 session审计记录不可删除审计表无 delete 接口admin 不可删除审计PII 原文脱敏后不落盘无需专门销毁PG 数据销毁由客户 DBA 发起 SQL 记录审计。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
- id: "DAT-08"
dimension: data
title: "国密算法合规R11a"
requirement: "敏感数据加密使用国密算法(政企客户要求)"
implementation: "P1 参考。当前使用国际算法TLSAES-GCM/ bcrypt 密码哈希 / HS256 JWT / SHA-256 PII hash。未使用国密SM2/SM3/SM4/SM9。P1 升级路径JWT 签名→SM2-HMAC、密码哈希→SM3双算法并行兼容、PII hash→SM3、TLS→国密套件、PG 字段级加密→SM4 TDE。注国密不阻碍等保三级认证三级要求加密而非国密但政企客户常要求国密合规。"
status: "p1"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/password.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
# =============================================================================
# 6. 管理安全7 个)
# =============================================================================
- id: "MGT-01"
dimension: management
title: "密钥管理10 secret slot + 轮换 runbook"
requirement: "密钥生成/存储/分发/轮换/销毁"
implementation: "U5 10 个 secret slotJWT/API Key/DB/IDP/第三方API/TLS/mTLS/KMS-HSM/OTel/Redis-PG含轮换周期90~365 天)。禁止明文 K8s Secret+Git 提交KTD-4/R2a后端二选一Sealed Secrets 或 External Secrets Operator。SAML IDP 证书热轮换不重启即时生效idp_registry.update_certificate。通用原则零停机双密钥并行+审计先行+回滚预案+权限最小化。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md"
- "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/secret-inventory.md"
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py"
- id: "MGT-02"
dimension: management
title: "变更管理CI/CD 规范)"
requirement: "变更审批/测试/回滚/审计"
implementation: "P0 补齐项。已实现Git 版本控制所有代码/配置/Helm ChartHelm Chart checksum/config annotation ConfigMap 变更触发 rolloutconfig_sync.py 配置版本管理+轮询同步;审计记录 RBAC 变更。P0 待补:新增 docs/CI-CD-STANDARDS.md分支策略+CI 检查 ruff/pytest/镜像扫描+部署审批+回滚流程CI 集成镜像漏洞扫描(与 HST-07 协同);部署变更审计接入。"
status: "p0"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/config_sync.py"
- id: "MGT-03"
dimension: management
title: "应急响应"
requirement: "应急事件处置流程,隔离/恢复"
implementation: "待评估。AgentKit 自身应急隔离能力已实现(销户+session 撤销+密钥紧急轮换,见 MGT-06/MGT-07但完整应急响应预案需与客户安全团队协同事件分级标准+响应时限+通报链路+恢复流程。建议客户基于本套等保文档+AgentKit 应急能力构建完整预案,认证前完成至少一次桌面演练。"
status: "待评估"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
- id: "MGT-04"
dimension: management
title: "安全审计与评估"
requirement: "定期安全评估,漏洞管理"
implementation: "P1 参考。已实现:审计日志覆盖 RBAC 变更/deprovision/终端命令/SCIM 操作OTel 指标监控异常。P1 补齐每月依赖漏洞扫描pip-audit/safety每次重大版本发布前 SAST 扫描Bandit/Semgrep认证后每年至少一次渗透测试客户侧组织admin 每季度审查审计日志异常模式P1 可引入 SIEM 自动告警)。"
status: "p1"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py"
- id: "MGT-05"
dimension: management
title: "配置管理Helm values + 配置同步)"
requirement: "基线配置,配置变更审计"
implementation: "Helm values 标准化所有可配置项含注释;配置优先级 CLI>agentkit.yaml>环境变量>.env>硬编码默认config_sync.py 配置版本管理+轮询同步;密钥与配置分离(含密钥段由 env 注入不进 ConfigMap非密配置进 ConfigMap。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/config_sync.py"
- id: "MGT-06"
dimension: management
title: "应急通道break-glass"
requirement: "高权限应急通道,审计追溯"
implementation: "U4 R1b break-glass deprovisioning/admin/users/{id}/deprovision 端点支持 break_glass=true 标记,审计记录 source=break_glassSOURCE_BREAKGLASS。流程隔离销户→撤销全 session→审计actor/target/reason/source/timestamp→OTel span event audit.deprovision 接入审计通道→人工通报。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
- id: "MGT-07"
dimension: management
title: "密钥泄露响应"
requirement: "泄露检测/隔离/轮换/通报"
implementation: "key-rotation-runbook.md §紧急轮换泄露响应段落1.隔离(撤销泄露密钥 provider控制台/HSM/CA→2.轮换(按对应 slot 步骤紧急轮换不遵循双密钥并行直接切换废弃旧密钥→3.审计检索泄露密钥使用日志确认无异常→4.通报(安全团队+受影响用户→5.复盘(记录原因加固访问控制)。"
status: "implemented"
references:
- "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md"