diff --git a/.planning/phases/07-phase-06-mention-upload/07-SECURITY.md b/.planning/phases/07-phase-06-mention-upload/07-SECURITY.md new file mode 100644 index 00000000..8d487ed1 --- /dev/null +++ b/.planning/phases/07-phase-06-mention-upload/07-SECURITY.md @@ -0,0 +1,59 @@ +--- +phase: 07 +slug: phase-06-mention-upload +status: verified +threats_open: 0 +asvs_level: 1 +created: 2026-04-17 +--- + +# Phase 07 — Security + +> Per-phase security contract: threat register, accepted risks, and audit trail. + +--- + +## Trust Boundaries + +| Boundary | Description | Data Crossing | +|----------|-------------|---------------| +| 输入框展示态 -> 提交态 payload | 同一条用户消息在展示与提交存在双态,需防止内部提示文案泄露到用户可见区 | 用户原文、拼接提示文本、附件/Skill 标识 | +| 前端组装器 -> 后端存档消息 | 拼接文案进入提交链路并可能回流,需要保证展示层过滤与提交层分离 | 提交消息正文、`additional_kwargs.files`、历史消息渲染内容 | + +--- + +## Threat Register + +| Threat ID | Category | Component | Disposition | Mitigation | Status | +|-----------|----------|-----------|-------------|------------|--------| +| T-07-01 | I (Information Disclosure) | `frontend/src/core/threads/hooks.ts` + `frontend/src/components/workspace/messages/message-list-item.tsx` | mitigate | 提交态使用 `submitText`,展示态经 `stripPriorityHintSuffix` 过滤;E2E 验证消息区不回显优先提示 | closed | +| T-07-02 | T (Tampering / flow bypass) | `frontend/src/components/workspace/input-box.tsx` | mitigate | 发送入口统一经 `requestSubmit -> handleSubmit` 透传 references/skills,避免分支漏传 | closed | +| T-07-03 | R (Repudiation / traceability) | `frontend/tests/e2e/input-and-compose.spec.ts` | mitigate | 增加请求拦截断言(DF-INPUT-008A),可审计提交内容含 `XClaw优先使用` 且 UI 不显示后缀 | closed | + +*Status: open · closed* +*Disposition: mitigate (implementation required) · accept (documented risk) · transfer (third-party)* + +--- + +## Accepted Risks Log + +No accepted risks. + +--- + +## Security Audit Trail + +| Audit Date | Threats Total | Closed | Open | Run By | +|------------|---------------|--------|------|--------| +| 2026-04-17 | 3 | 3 | 0 | Codex (`/gsd-secure-phase 7`) | + +--- + +## Sign-Off + +- [x] All threats have a disposition (mitigate / accept / transfer) +- [x] Accepted risks documented in Accepted Risks Log +- [x] `threats_open: 0` confirmed +- [x] `status: verified` set in frontmatter + +**Approval:** verified 2026-04-17