olek/AI_template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
12f3b625f50bd7c77308fb37328a177454c791d8
AI_template/docs/backend/security.md
olekhondera 3f4a98d42d create AI_template
2025-11-18 03:15:04 +02:00

52 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Backend: Security (Template)
---
**Last Updated:** 2025-01-17
**Phase:** Phase 0 (Planning)
**Status:** Draft — finalize in Phase 1
**Owner:** Backend Architect, Security
**References:**
- `/docs/backend/architecture.md`
- `/docs/backend/payment-flow.md`
- `/docs/backend/api-design.md`
---
## 1. Goals
- Protect sensitive data and ensure tenant isolation.
- Secure integrations (webhooks/OAuth) and billing.
- Maintain auditability for all automated and manual actions.
## 2. Authentication & Authorization
- Use managed auth (Clerk/Auth.js or equivalent) with secure sessions/tokens.
- Enforce tenant-scoped RBAC; validate tenant context on every request.
- Rate limit auth endpoints; protect refresh flows.
## 3. Data Protection
- TLS everywhere; secure headers.
- Least-privilege DB roles; encrypt secrets at rest; rotate keys.
- Avoid logging sensitive payloads (bank data, webhook bodies, LLM prompts/responses beyond trace references).
- Store `reasoning_trace` JSONB with care; avoid PII in traces.
## 4. Integrations & Webhooks
- Verify signatures for all inbound webhooks (external providers, payment provider); reject invalid; log with trace IDs.
- Idempotent processing with event ID dedupe; dead-letter queue for failures.
- Expose webhook URLs only over HTTPS; regenerate secrets on rotation.
## 5. Payments (provideragnostic)
- Use providerhosted Checkout/Portal; never handle raw card data.
- Store minimal billing identifiers (customer/subscription IDs, status, timestamps, plan/price).
- Enforce access based on subscription state; deny actions when inactive.
## 6. LLM Safety
- All LLM calls go through a single helper; centralize redaction, logging, and parameter control.
- Strip/obfuscate sensitive fields before sending to LLM; log only references in traces.
## 7. Audit & Events
- Log domain events to `EventLog` with `source_agent`; include user ID, tenant, timestamps, and relevant context.
- Provide read-only `/api/events` with pagination and filtering; protect by tenant/role.
## 8. Common Controls
- OWASP Top 10 coverage (SQLi, XSS, CSRF, IDOR, SSRF, etc.).
- Input validation on all external inputs; use allowlists for redirects/URLs.
- Backup/restore plan and monitoring/alerting for infra and queues.
Reference in New Issue View Git Blame Copy Permalink