492 lines
31 KiB
YAML
492 lines
31 KiB
YAML
# Fischer AgentKit — 等保三级控制点清单
|
||
#
|
||
# 按 GB/T 22239-2019 第三级 6 维度组织。每个控制点含:
|
||
# id — 控制点唯一标识(DIM-NN)
|
||
# dimension — 维度(physical / network / host / application / data / management)
|
||
# title — 控制点名称
|
||
# requirement — GB/T 22239-2019 三级要求摘要
|
||
# implementation — AgentKit 实现映射(含状态说明)
|
||
# status — implemented / p0 / p1 / 待评估
|
||
# implemented = 已实现,代码/配置已落地
|
||
# p0 = 认证 readiness 必需,POC 采购关闭前补齐
|
||
# p1 = 下一阶段补齐,写入整改计划
|
||
# 待评估 = 依赖客户侧或需进一步评估
|
||
# references — AgentKit 代码/配置文件绝对路径(file:/// 链接)
|
||
#
|
||
# 总计 44 个控制点:implemented=26, p0=6, p1=3, 待评估=9
|
||
|
||
# =============================================================================
|
||
# 1. 物理安全(6 个,全部待评估 — 依赖客户机房)
|
||
# =============================================================================
|
||
|
||
- id: "PHY-01"
|
||
dimension: physical
|
||
title: "物理访问控制"
|
||
requirement: "机房出入口配置电子门禁,记录进入人员和时间"
|
||
implementation: "AgentKit 不运维物理机房。K8s 部署在客户内网,物理访问由客户机房运营方控制。AgentKit 仅提供部署形态证明(非 root 容器 + Helm Chart)。"
|
||
status: "待评估"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml"
|
||
|
||
- id: "PHY-02"
|
||
dimension: physical
|
||
title: "防盗窃和防破坏"
|
||
requirement: "主要设备设置防盗标识,机房设置监控系统"
|
||
implementation: "无物理设备责任。K8s worker node 由客户运维,机房监控由客户方提供。"
|
||
status: "待评估"
|
||
references: []
|
||
|
||
- id: "PHY-03"
|
||
dimension: physical
|
||
title: "防雷击"
|
||
requirement: "机房设置防雷保安器,接地电阻符合要求"
|
||
implementation: "无防雷责任。依赖客户机房防雷设施。"
|
||
status: "待评估"
|
||
references: []
|
||
|
||
- id: "PHY-04"
|
||
dimension: physical
|
||
title: "防火"
|
||
requirement: "机房设置火灾自动消防系统,检测报警器"
|
||
implementation: "无消防责任。依赖客户机房消防系统。"
|
||
status: "待评估"
|
||
references: []
|
||
|
||
- id: "PHY-05"
|
||
dimension: physical
|
||
title: "防水和防潮"
|
||
requirement: "机房安装水敏检测装置,防止水管安装"
|
||
implementation: "无防水责任。依赖客户机房防水设施。"
|
||
status: "待评估"
|
||
references: []
|
||
|
||
- id: "PHY-06"
|
||
dimension: physical
|
||
title: "防静电"
|
||
requirement: "机房采用防静电地板,设置静电消除器"
|
||
implementation: "无防静电责任。依赖客户机房防静电设施。"
|
||
status: "待评估"
|
||
references: []
|
||
|
||
# =============================================================================
|
||
# 2. 网络安全(8 个)
|
||
# =============================================================================
|
||
|
||
- id: "NET-01"
|
||
dimension: network
|
||
title: "网络架构"
|
||
requirement: "划分网络区域,避免单点故障"
|
||
implementation: "单 Ingress 入口 + ClusterIP Service 架构。Ingress 是唯一对外入口,Redis/PG/OTel 全部 ClusterIP 内部访问。API 与 GUI 走分离路径(/api 与 /)。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
|
||
- id: "NET-02"
|
||
dimension: network
|
||
title: "边界防护(Ingress TLS)"
|
||
requirement: "边界实施访问控制和安全过滤"
|
||
implementation: "Ingress 启用 TLS 终止,所有外网流量强制 HTTPS。TLS 证书通过 cert-manager 自动续期或手动签发(365 天轮换),私钥通过 Sealed Secret / External Secret 注入(KTD-4 / R2a)。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
|
||
- id: "NET-03"
|
||
dimension: network
|
||
title: "访问控制(NetworkPolicy)"
|
||
requirement: "网络层访问控制策略,最小权限"
|
||
implementation: "P0 补齐项。Helm Chart 暂无 NetworkPolicy 模板,Pod 间东西向流量默认全通。计划新增 networkpolicy.yaml,默认 deny-all + 白名单放行(Ingress→Pod, Pod→Redis/PG/OTel)。当前缓解:Service 全部 ClusterIP,Redis/PG 由客户 K8s 网络策略保护。"
|
||
status: "p0"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml"
|
||
|
||
- id: "NET-04"
|
||
dimension: network
|
||
title: "入侵防范"
|
||
requirement: "网络入侵检测,恶意流量检测"
|
||
implementation: "应用层已实现 RateLimiter 滑动窗口限流 + Webhook 独立限流 + JWT/SCIM token 恒定时间比较。网络层 IDS/IPS 依赖客户骨干网络。P1:接入客户 SIEM,将 OTel 日志投递到客户入侵检测平台。"
|
||
status: "p1"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
|
||
|
||
- id: "NET-05"
|
||
dimension: network
|
||
title: "安全审计(OTel)"
|
||
requirement: "网络审计日志,覆盖关键网络活动"
|
||
implementation: "OpenTelemetry(U1 强制依赖)实现网络活动审计:FastAPI Instrumentor 自动埋点每个 HTTP 请求 span;RBAC 变更/SCIM 失败/终端命令写入审计 + OTel span event;OTLP gRPC 导出到内部 collector。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/setup.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
|
||
|
||
- id: "NET-06"
|
||
dimension: network
|
||
title: "恶意代码防范"
|
||
requirement: "网络边界恶意代码检测"
|
||
implementation: "AgentKit 不在网络边界位置,恶意代码检测由客户网络骨干(防病毒网关/沙箱)负责。AgentKit 侧缓解:容器镜像来自可信 CI 构建,不在运行时下载可执行文件;终端命令受 6 层白名单 + 危险检测约束。"
|
||
status: "待评估"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
|
||
|
||
- id: "NET-07"
|
||
dimension: network
|
||
title: "安全审计日志保留(180 天)"
|
||
requirement: "日志保留期满足合规要求(≥180 天)"
|
||
implementation: "P0 补齐项。auth_audit_log 与 terminal_audit_logs 表无自动清理/归档策略。计划:Helm values 增加 audit.retentionDays=180(KTD-9),实现归档 CronJob 导出超过 180 天记录到对象存储并清理主表,OTel collector 配置 180 天保留策略。"
|
||
status: "p0"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
|
||
|
||
- id: "NET-08"
|
||
dimension: network
|
||
title: "资源控制(会话/带宽)"
|
||
requirement: "会话与带宽限制,防止资源耗尽"
|
||
implementation: "容器层 Pod resources requests/limits(CPU 250m~1000m / Mem 512Mi~2Gi);应用层 RateLimiter IP 滑动窗口 + Webhook 独立限流;终端 session 1800s 闲置断开;JWT access 15min 强制重新认证。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/terminal_server.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
|
||
|
||
# =============================================================================
|
||
# 3. 主机安全(7 个,以容器/Pod 为单元)
|
||
# =============================================================================
|
||
|
||
- id: "HST-01"
|
||
dimension: host
|
||
title: "身份鉴别(ServiceAccount)"
|
||
requirement: "设备/系统身份标识与鉴别"
|
||
implementation: "AgentKit Pod 使用专用 ServiceAccount(不共享 default SA),Helm Chart 自动创建。可选 workload identity 注入 projected SA token 用于访问云 KMS/STS。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/serviceaccount.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
|
||
- id: "HST-02"
|
||
dimension: host
|
||
title: "访问控制(Pod 安全上下文)"
|
||
requirement: "操作系统/账户权限最小化,远程管理受控"
|
||
implementation: "podSecurityContext.runAsNonRoot=true(UID/GID 1000);securityContext.allowPrivilegeEscalation=false + capabilities.drop=[ALL];readOnlyRootFilesystem=false(需写临时文件,通过 emptyDir 挂载 /tmp 隔离);未启用特权模式。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/Dockerfile"
|
||
|
||
- id: "HST-03"
|
||
dimension: host
|
||
title: "安全审计(容器日志标准化采集)"
|
||
requirement: "设备审计日志,覆盖系统管理活动"
|
||
implementation: "已实现基础审计:stdout/stderr 由 K8s 采集 + OTel trace 导出 + auth_audit_log 表 + terminal_audit_logs 表 + OTel span event。P0 补齐:容器日志到客户日志平台的标准化采集链路 + 审计日志 JSON 化便于 SIEM 解析 + 180 天保留(与 NET-07 协同)。"
|
||
status: "p0"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/setup.py"
|
||
|
||
- id: "HST-04"
|
||
dimension: host
|
||
title: "入侵防范(容器层)"
|
||
requirement: "主机入侵检测,系统加固"
|
||
implementation: "容器层已实现:非 root + drop ALL capabilities 限制系统调用;allowPrivilegeEscalation=false 阻止提权;资源 limits 防失控;Liveness/Readiness 探针故障自动重启。node 层 HIDS(Falco/OSSEC)依赖客户侧。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml"
|
||
|
||
- id: "HST-05"
|
||
dimension: host
|
||
title: "恶意代码防范(主机防病毒)"
|
||
requirement: "主机防病毒,恶意代码检测"
|
||
implementation: "AgentKit 容器内不部署防病毒(无文件系统持久化,镜像来自可信 CI)。K8s node 层主机防病毒/HIDS 由客户运维。依赖客户机房 node 安全基线。"
|
||
status: "待评估"
|
||
references: []
|
||
|
||
- id: "HST-06"
|
||
dimension: host
|
||
title: "资源控制(CPU/内存/磁盘)"
|
||
requirement: "CPU/内存/磁盘限制,会话超时"
|
||
implementation: "Pod resources requests/limits(CPU 250m~1000m / Mem 512Mi~2Gi);应用层 RateLimiter;终端 session 1800s 闲置断开;JWT access 15min / refresh 7d。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py"
|
||
|
||
- id: "HST-07"
|
||
dimension: host
|
||
title: "镜像与补丁管理"
|
||
requirement: "系统补丁及时更新,镜像来源可信"
|
||
implementation: "P0 补齐项。已实现:多阶段构建 + 非 root appuser(UID 1001)+ python:3.11-slim 基础镜像 + HEALTHCHECK。P0 待补:CI 集成 Trivy 镜像漏洞扫描(HIGH/CRITICAL 阻断)+ image.digest 不可变引用。P1 增强:distroless 基础镜像 + cosign 签名。"
|
||
status: "p0"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/Dockerfile"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
|
||
# =============================================================================
|
||
# 4. 应用安全(8 个,全部已实现 — AgentKit 核心责任)
|
||
# =============================================================================
|
||
|
||
- id: "APP-01"
|
||
dimension: application
|
||
title: "身份鉴别(SSO 多 IDP + JWT)"
|
||
requirement: "用户身份标识与鉴别,口令复杂度,登录失败处理"
|
||
implementation: "U4 SSO 多 IDP(OIDC authlib + SAML python3-saml,热证书轮换,R1a 按 sub 关联禁止邮箱合并);本地密码 bcrypt rounds=12;JWT HS256 access 15min + refresh 7d(30d 记住我)含 sid+jti claims;refresh token 轮换 + reuse 检测撤销全 session;OAuth state CSRF 防护 TTL 5min 一次性消费。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/oidc.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/saml.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/password.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/denylist.py"
|
||
|
||
- id: "APP-02"
|
||
dimension: application
|
||
title: "访问控制(RBAC 3 级 + 终端 6 层)"
|
||
requirement: "基于角色的访问控制,最小权限,默认拒绝"
|
||
implementation: "3 级 RBAC(member/operator/admin)+ 9 权限位(CHAT/KB_QUERY/KB_WRITE/WORKFLOW_EXECUTE/TERMINAL_LOCAL_USE/TERMINAL_SERVER_USE/TERMINAL_WHITELIST_MANAGE/USER_MANAGE/SYSTEM_CONFIG)。R7a 终端安全 6 层白名单(blocklist→builtin→global→user→session→danger),shell 操作符永远绕过白名单强制走 danger detection。终端双层授权(RBAC 角色 + 个人授权标志)。SCIM token 恒定时间比较。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/permissions.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
|
||
|
||
- id: "APP-03"
|
||
dimension: application
|
||
title: "安全审计(OTel + audit.py)"
|
||
requirement: "应用审计日志,覆盖用户操作关键事件"
|
||
implementation: "U1 OTel 强制依赖。审计事件:role_change / deprovision(含 break_glass 标记),写入 auth_audit_log 表 + OTel span event(OTel 不可用降级 SQLite+日志)。SCIM 推送失败 span event scim.push.failure。终端命令审计 terminal_audit_logs(决策 + cwd + exit_code)。OTel 指标:agent.request.total / pii_filter.coverage 等。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py"
|
||
|
||
- id: "APP-04"
|
||
dimension: application
|
||
title: "通信完整性(TLS + JWT + Webhook 签名)"
|
||
requirement: "传输完整性保护,防篡改"
|
||
implementation: "传输层 Ingress TLS 终止(HTTPS);JWT HS256 签名校验(篡改即失败);Webhook 入站 fail-closed 签名校验失败返回 401;mTLS 客户端证书(Helm 预留 secrets.mtlsClientCert slot 用于下游 KMS/HSM)。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/ingress.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py"
|
||
|
||
- id: "APP-05"
|
||
dimension: application
|
||
title: "软件容错(fallback + fail-closed)"
|
||
requirement: "错误处理,故障隔离,降级机制"
|
||
implementation: "LLM 网关多 provider fallback;OTel 运行时错误降级 NoOpTracer 不崩溃;PII 脱敏 fail-closed(异常拒绝发送不降级原文,默认 fail_closed=True);专家团队全失败回退单 agent;U3 DR-fixes(bitable 字段校验 DR-1 / LastViewDeletionError DR-4 / 工具调用容错 DR-5)。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/gateway.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/tracer.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/bitable/repository.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/bitable/service.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/tools/bitable_tool.py"
|
||
|
||
- id: "APP-06"
|
||
dimension: application
|
||
title: "资源控制(限流 + 会话超时)"
|
||
requirement: "会话并发控制,超时自动断开"
|
||
implementation: "RateLimiter IP 滑动窗口 + Webhook 独立限流 + nonce dedup;终端 session 1800s 闲置断开;JWT access 15min 过期;专家名称正则校验防注入;HandoffTransport 有界队列 maxsize=1024 + sentinel 关闭模式。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/middleware.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/terminal_server.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
|
||
|
||
- id: "APP-07"
|
||
dimension: application
|
||
title: "应用账户生命周期(SCIM 2.0 + JIT + deprovision)"
|
||
requirement: "开户/变更/销户审计,SCIM 自动化"
|
||
implementation: "SCIM 2.0 端点(POST/PATCH/GET Users,bearer token 恒定时间比较);OIDC/SAML JIT 创建本地用户 + user_idp_links(R1a 按 sub 关联禁止邮箱合并,随机密码不可本地登录);deprovision 端点禁用账户 + 撤销全 session + 审计(含 break_glass 标记)。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/providers/oidc.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
|
||
|
||
- id: "APP-08"
|
||
dimension: application
|
||
title: "代码安全(输入验证 + 依赖管理)"
|
||
requirement: "输入验证,输出编码,依赖漏洞管理"
|
||
implementation: "Pydantic v2 模型校验(extra=forbid 拒绝未知字段,SCIM/IDP 配置均启用);禁止 any 类型(项目规则,用 Pydantic 模型或 Unknown);专家名称正则 _EXPERT_NAME_RE 防 SQL/命令注入;API Key 恒定时间比较 hmac.compare_digest;Ruff lint+format(py311);pyproject.toml 锁定精确版本;终端 6 层白名单防命令注入链。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/models.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/terminal_security.py"
|
||
|
||
# =============================================================================
|
||
# 5. 数据安全(8 个)
|
||
# =============================================================================
|
||
|
||
- id: "DAT-01"
|
||
dimension: data
|
||
title: "数据完整性(PG + pgvector)"
|
||
requirement: "数据传输/存储完整性,校验机制"
|
||
implementation: "PostgreSQL 事务 ACID 保证 + pgvector 扩展存储向量记忆;SQLAlchemy 2 async ORM 应用层事务;JWT HS256 签名防篡改;Webhook fail-closed 签名校验;Pydantic extra=forbid 防数据注入。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/channels.py"
|
||
|
||
- id: "DAT-02"
|
||
dimension: data
|
||
title: "数据保密性(PII 脱敏 U2)"
|
||
requirement: "敏感数据加密存储/传输,密钥管理"
|
||
implementation: "U2 PII 脱敏 hook:正则版(手机/邮箱/身份证/银行卡)+ ner_hook(客户内网 NER 模型优先)+ fail-closed(异常拒绝发送不降级原文,默认 fail_closed=True)+ hash 审计(sha256 前 8 位,仅 hash 不含原文)。身份证正则优先于手机避免误匹配。OTel 指标 pii_filter.coverage / pii_filter.redacted。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py"
|
||
|
||
- id: "DAT-03"
|
||
dimension: data
|
||
title: "数据备份与恢复(PG backup runbook)"
|
||
requirement: "重要数据定期备份,恢复演练"
|
||
implementation: "P0 补齐项。已实现:PostgreSQL 持久化 + WAL 默认开启 + Redis AOF/RDB(客户运维)。P0 待补:新增 docs/deployment/pg-backup-runbook.md(每日 pg_dump 保留 7 天 + WAL 归档 PITR + 季度恢复演练 + 备份加密 SM4/AES-256);Helm Chart 增加 backup 段(可选 pg-backup sidecar/CronJob)。"
|
||
status: "p0"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
|
||
- id: "DAT-04"
|
||
dimension: data
|
||
title: "剩余信息保护(session revoke)"
|
||
requirement: "鉴别信息/文件/内存空间释放前清理"
|
||
implementation: "JWT V2 含 sid+jti claims,中间件校验 session 是否服务端撤销;销户撤销全 session;refresh token 轮换旧 token 进 denylist 30s 窗口;token reuse 检测撤销全 session;denylist 存 SHA-256 hash 不存明文;JIT/SCIM 用户随机密码不可本地登录。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/denylist.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/scim/router.py"
|
||
|
||
- id: "DAT-05"
|
||
dimension: data
|
||
title: "个人信息保护(PII 最小化)"
|
||
requirement: "PII 采集/处理/传输最小化与脱敏"
|
||
implementation: "PII 脱敏后原文不落盘(仅 hash 用于审计),LLM prompt 不含原文 PII;PII 按类型分级(id_card/phone/email/bank_card),不同类型 hash 独立记录;记忆 4 层架构(SOUL/USER/MEMORY/DAILY)按敏感度存储;数据最小化原则。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
|
||
|
||
- id: "DAT-06"
|
||
dimension: data
|
||
title: "数据采集与分类分级"
|
||
requirement: "按敏感度分级保护"
|
||
implementation: "PII 按 4 类分级(id_card/phone/email/bank_card)独立 hash 审计;记忆 4 层架构(SOUL 最敏感→DAILY 最不敏感);PII 脱敏覆盖发送至 LLM 的 prompt(边界:不覆盖终端命令/上传文档/bitable 结构化数据,由客户自行控制)。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
|
||
|
||
- id: "DAT-07"
|
||
dimension: data
|
||
title: "数据销毁"
|
||
requirement: "数据销毁审计,不可恢复"
|
||
implementation: "账户销户 deprovision 禁用账户+撤销全 session;审计记录不可删除(审计表无 delete 接口,admin 不可删除审计);PII 原文脱敏后不落盘无需专门销毁;PG 数据销毁由客户 DBA 发起 SQL 记录审计。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
|
||
|
||
- id: "DAT-08"
|
||
dimension: data
|
||
title: "国密算法合规(R11a)"
|
||
requirement: "敏感数据加密使用国密算法(政企客户要求)"
|
||
implementation: "P1 参考。当前使用国际算法:TLS(AES-GCM)/ bcrypt 密码哈希 / HS256 JWT / SHA-256 PII hash。未使用国密(SM2/SM3/SM4/SM9)。P1 升级路径:JWT 签名→SM2-HMAC、密码哈希→SM3(双算法并行兼容)、PII hash→SM3、TLS→国密套件、PG 字段级加密→SM4 TDE。注:国密不阻碍等保三级认证(三级要求加密而非国密),但政企客户常要求国密合规。"
|
||
status: "p1"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/jwt_utils.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/password.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/llm/pii_filter.py"
|
||
|
||
# =============================================================================
|
||
# 6. 管理安全(7 个)
|
||
# =============================================================================
|
||
|
||
- id: "MGT-01"
|
||
dimension: management
|
||
title: "密钥管理(10 secret slot + 轮换 runbook)"
|
||
requirement: "密钥生成/存储/分发/轮换/销毁"
|
||
implementation: "U5 10 个 secret slot(JWT/API Key/DB/IDP/第三方API/TLS/mTLS/KMS-HSM/OTel/Redis-PG)含轮换周期(90~365 天)。禁止明文 K8s Secret+Git 提交(KTD-4/R2a),后端二选一:Sealed Secrets 或 External Secrets Operator。SAML IDP 证书热轮换(不重启即时生效,idp_registry.update_certificate)。通用原则:零停机双密钥并行+审计先行+回滚预案+权限最小化。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/secret-inventory.md"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/idp_registry.py"
|
||
|
||
- id: "MGT-02"
|
||
dimension: management
|
||
title: "变更管理(CI/CD 规范)"
|
||
requirement: "变更审批/测试/回滚/审计"
|
||
implementation: "P0 补齐项。已实现:Git 版本控制所有代码/配置/Helm Chart;Helm Chart checksum/config annotation ConfigMap 变更触发 rollout;config_sync.py 配置版本管理+轮询同步;审计记录 RBAC 变更。P0 待补:新增 docs/CI-CD-STANDARDS.md(分支策略+CI 检查 ruff/pytest/镜像扫描+部署审批+回滚流程);CI 集成镜像漏洞扫描(与 HST-07 协同);部署变更审计接入。"
|
||
status: "p0"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/templates/deployment.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/config_sync.py"
|
||
|
||
- id: "MGT-03"
|
||
dimension: management
|
||
title: "应急响应"
|
||
requirement: "应急事件处置流程,隔离/恢复"
|
||
implementation: "待评估。AgentKit 自身应急隔离能力已实现(销户+session 撤销+密钥紧急轮换,见 MGT-06/MGT-07),但完整应急响应预案需与客户安全团队协同:事件分级标准+响应时限+通报链路+恢复流程。建议客户基于本套等保文档+AgentKit 应急能力构建完整预案,认证前完成至少一次桌面演练。"
|
||
status: "待评估"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
|
||
|
||
- id: "MGT-04"
|
||
dimension: management
|
||
title: "安全审计与评估"
|
||
requirement: "定期安全评估,漏洞管理"
|
||
implementation: "P1 参考。已实现:审计日志覆盖 RBAC 变更/deprovision/终端命令/SCIM 操作;OTel 指标监控异常。P1 补齐:每月依赖漏洞扫描(pip-audit/safety);每次重大版本发布前 SAST 扫描(Bandit/Semgrep);认证后每年至少一次渗透测试(客户侧组织);admin 每季度审查审计日志异常模式(P1 可引入 SIEM 自动告警)。"
|
||
status: "p1"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/telemetry/metrics.py"
|
||
|
||
- id: "MGT-05"
|
||
dimension: management
|
||
title: "配置管理(Helm values + 配置同步)"
|
||
requirement: "基线配置,配置变更审计"
|
||
implementation: "Helm values 标准化所有可配置项含注释;配置优先级 CLI>agentkit.yaml>环境变量>.env>硬编码默认;config_sync.py 配置版本管理+轮询同步;密钥与配置分离(含密钥段由 env 注入不进 ConfigMap,非密配置进 ConfigMap)。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/deploy/helm/agentkit/values.yaml"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/config_sync.py"
|
||
|
||
- id: "MGT-06"
|
||
dimension: management
|
||
title: "应急通道(break-glass)"
|
||
requirement: "高权限应急通道,审计追溯"
|
||
implementation: "U4 R1b break-glass deprovisioning:/admin/users/{id}/deprovision 端点支持 break_glass=true 标记,审计记录 source=break_glass(SOURCE_BREAKGLASS)。流程:隔离(销户)→撤销全 session→审计(actor/target/reason/source/timestamp)→OTel span event audit.deprovision 接入审计通道→人工通报。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/routes/auth.py"
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/src/agentkit/server/auth/audit.py"
|
||
|
||
- id: "MGT-07"
|
||
dimension: management
|
||
title: "密钥泄露响应"
|
||
requirement: "泄露检测/隔离/轮换/通报"
|
||
implementation: "key-rotation-runbook.md §紧急轮换(泄露响应)段落:1.隔离(撤销泄露密钥 provider控制台/HSM/CA)→2.轮换(按对应 slot 步骤紧急轮换,不遵循双密钥并行直接切换废弃旧密钥)→3.审计(检索泄露密钥使用日志确认无异常)→4.通报(安全团队+受影响用户)→5.复盘(记录原因加固访问控制)。"
|
||
status: "implemented"
|
||
references:
|
||
- "file:///Users/chiguyong/Code/Fischer-agentkit/docs/deployment/key-rotation-runbook.md"
|