- monorepo: pnpm workspace + go.work + pyproject.toml + commitlint/husky - infra: docker-compose (minimal + full profiles) + init-sql + prometheus - arch-scan: multi-language scanner skeleton (TS/Go/Python/Proto) - shared-proto: buf v2 + classes.proto (ClassService CRUD contract) - api-gateway: Go/Gin + JWT HS256 auth + reverse proxy + request ID - classes: NestJS golden template (error system + observability + middleware + CRUD + tests) - teacher-portal: Next.js + paper-feel UI design system - CI/CD: 4 workflows (go/ts/py/proto) - docs: migration guide + project_rules + coding-standards + git-workflow + ui-design-system + 004 + 9 module READMEs + known-issues + spec/plan migration + roadmap
455 B
455 B
Security Policy
报告漏洞
发现安全漏洞请勿公开提交 issue,请发送邮件至 security@example.com。
安全架构
- JWT RS256 非对称签名(IAM 私钥签发,Gateway/服务公钥校验)
- DataScope 6 级数据范围过滤
- 参数化 SQL 查询(禁止字符串拼接)
- 环境变量校验(@t3-oss/env-nextjs / viper / pydantic-settings)
- 密钥管理:开发用 .env + docker secrets,生产用 Vault(P6)