feat(p1): complete P1 foundation stage
- monorepo: pnpm workspace + go.work + pyproject.toml + commitlint/husky - infra: docker-compose (minimal + full profiles) + init-sql + prometheus - arch-scan: multi-language scanner skeleton (TS/Go/Python/Proto) - shared-proto: buf v2 + classes.proto (ClassService CRUD contract) - api-gateway: Go/Gin + JWT HS256 auth + reverse proxy + request ID - classes: NestJS golden template (error system + observability + middleware + CRUD + tests) - teacher-portal: Next.js + paper-feel UI design system - CI/CD: 4 workflows (go/ts/py/proto) - docs: migration guide + project_rules + coding-standards + git-workflow + ui-design-system + 004 + 9 module READMEs + known-issues + spec/plan migration + roadmap
This commit is contained in:
13
SECURITY.md
Normal file
13
SECURITY.md
Normal file
@@ -0,0 +1,13 @@
|
||||
# Security Policy
|
||||
|
||||
## 报告漏洞
|
||||
|
||||
发现安全漏洞请勿公开提交 issue,请发送邮件至 security@example.com。
|
||||
|
||||
## 安全架构
|
||||
|
||||
- JWT RS256 非对称签名(IAM 私钥签发,Gateway/服务公钥校验)
|
||||
- DataScope 6 级数据范围过滤
|
||||
- 参数化 SQL 查询(禁止字符串拼接)
|
||||
- 环境变量校验(@t3-oss/env-nextjs / viper / pydantic-settings)
|
||||
- 密钥管理:开发用 .env + docker secrets,生产用 Vault(P6)
|
||||
Reference in New Issue
Block a user