Establish a safe foundation before implementing the geology RAG system
Some checks failed
secret-scan / scan (push) Has been cancelled

The project begins with architecture, data governance, reproducible evaluation, deployment boundaries, and secret-handling contracts so later code has measurable acceptance criteria.

Constraint: Real provider credentials, workspace identities, and restricted geological data must never enter Git

Rejected: Add placeholder runnable services in the design commit | would imply unverified implementation readiness

Confidence: high

Scope-risk: narrow

Reversibility: clean

Directive: Run make verify before every commit and update ADRs when architecture boundaries change

Tested: Secret scan, Markdown links, YAML parse, shell syntax, and staged diff validation

Not-tested: Application runtime is intentionally deferred to the implementation stage
This commit is contained in:
2026-07-12 14:42:11 +08:00
commit ec1acb36b5
55 changed files with 2882 additions and 0 deletions

15
SECURITY.md Normal file
View File

@@ -0,0 +1,15 @@
# 安全策略
## 凭证管理
仓库不接受任何真实 API Key、数据库密码、Cookie、访问令牌、私钥或内部服务凭证。开发环境使用未提交的 `secrets/` 文件;部署环境优先使用 Docker Secret 或云密钥管理服务。`.env.example` 只能保留空值或明显占位符。
如果凭证被公开,应立即在上游平台禁用、重置或删除。不要继续使用“只在私人仓库出现过”的密钥,也不要把 Git 历史清理当作密钥轮换的替代品。
## 地质资料安全
只允许导入已确认公开或取得书面授权的资料。涉密等级、版权许可、精确坐标或商业秘密状态不明确时,默认拒绝入库。发送到云端模型的文本会离开本机边界,因此受限资料不得使用云模型处理。
## 报告问题
发现泄漏时不要在公开 Issue 中粘贴凭证或原文。请只记录受影响资源、时间范围和脱敏后的证据,并立即执行轮换与访问审计。