olek/AI_template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3f4a98d42d7a931bebc4a00397c7e0f085d9c0ca
AI_template/docs/backend/security.md
olekhondera 3f4a98d42d create AI_template
2025-11-18 03:15:04 +02:00

2.2 KiB
Raw Blame History

Backend: Security (Template)

Last Updated: 2025-01-17
Phase: Phase 0 (Planning)
Status: Draft — finalize in Phase 1
Owner: Backend Architect, Security
References:

  • /docs/backend/architecture.md
  • /docs/backend/payment-flow.md
  • /docs/backend/api-design.md

1. Goals

  • Protect sensitive data and ensure tenant isolation.
  • Secure integrations (webhooks/OAuth) and billing.
  • Maintain auditability for all automated and manual actions.

2. Authentication & Authorization

  • Use managed auth (Clerk/Auth.js or equivalent) with secure sessions/tokens.
  • Enforce tenant-scoped RBAC; validate tenant context on every request.
  • Rate limit auth endpoints; protect refresh flows.

3. Data Protection

  • TLS everywhere; secure headers.
  • Least-privilege DB roles; encrypt secrets at rest; rotate keys.
  • Avoid logging sensitive payloads (bank data, webhook bodies, LLM prompts/responses beyond trace references).
  • Store reasoning_trace JSONB with care; avoid PII in traces.

4. Integrations & Webhooks

  • Verify signatures for all inbound webhooks (external providers, payment provider); reject invalid; log with trace IDs.
  • Idempotent processing with event ID dedupe; dead-letter queue for failures.
  • Expose webhook URLs only over HTTPS; regenerate secrets on rotation.

5. Payments (provideragnostic)

  • Use providerhosted Checkout/Portal; never handle raw card data.
  • Store minimal billing identifiers (customer/subscription IDs, status, timestamps, plan/price).
  • Enforce access based on subscription state; deny actions when inactive.

6. LLM Safety

  • All LLM calls go through a single helper; centralize redaction, logging, and parameter control.
  • Strip/obfuscate sensitive fields before sending to LLM; log only references in traces.

7. Audit & Events

  • Log domain events to EventLog with source_agent; include user ID, tenant, timestamps, and relevant context.
  • Provide read-only /api/events with pagination and filtering; protect by tenant/role.

8. Common Controls

  • OWASP Top 10 coverage (SQLi, XSS, CSRF, IDOR, SSRF, etc.).
  • Input validation on all external inputs; use allowlists for redirects/URLs.
  • Backup/restore plan and monitoring/alerting for infra and queues.
Reference in New Issue View Git Blame Copy Permalink