deerflow2/.planning/phases/07-phase-06-mention-upload/07-SECURITY.md

---
phase: 07
slug: phase-06-mention-upload
status: verified
threats_open: 0
asvs_level: 1
created: 2026-04-17
---

# Phase 07 — Security

> Per-phase security contract: threat register, accepted risks, and audit trail.

---

## Trust Boundaries

| Boundary | Description | Data Crossing |
|----------|-------------|---------------|
| 输入框展示态 -> 提交态 payload | 同一条用户消息在展示与提交存在双态，需防止内部提示文案泄露到用户可见区 | 用户原文、拼接提示文本、附件/Skill 标识 |
| 前端组装器 -> 后端存档消息 | 拼接文案进入提交链路并可能回流，需要保证展示层过滤与提交层分离 | 提交消息正文、`additional_kwargs.files`、历史消息渲染内容 |

---

## Threat Register

| Threat ID | Category | Component | Disposition | Mitigation | Status |
|-----------|----------|-----------|-------------|------------|--------|
| T-07-01 | I (Information Disclosure) | `frontend/src/core/threads/hooks.ts` + `frontend/src/components/workspace/messages/message-list-item.tsx` | mitigate | 提交态使用 `submitText`，展示态经 `stripPriorityHintSuffix` 过滤；E2E 验证消息区不回显优先提示 | closed |
| T-07-02 | T (Tampering / flow bypass) | `frontend/src/components/workspace/input-box.tsx` | mitigate | 发送入口统一经 `requestSubmit -> handleSubmit` 透传 references/skills，避免分支漏传 | closed |
| T-07-03 | R (Repudiation / traceability) | `frontend/tests/e2e/input-and-compose.spec.ts` | mitigate | 增加请求拦截断言（DF-INPUT-008A），可审计提交内容含 `XClaw优先使用` 且 UI 不显示后缀 | closed |

*Status: open · closed*  
*Disposition: mitigate (implementation required) · accept (documented risk) · transfer (third-party)*

---

## Accepted Risks Log

No accepted risks.

---

## Security Audit Trail

| Audit Date | Threats Total | Closed | Open | Run By |
|------------|---------------|--------|------|--------|
| 2026-04-17 | 3 | 3 | 0 | Codex (`/gsd-secure-phase 7`) |

---

## Sign-Off

- [x] All threats have a disposition (mitigate / accept / transfer)
- [x] Accepted risks documented in Accepted Risks Log
- [x] `threats_open: 0` confirmed
- [x] `status: verified` set in frontmatter

**Approval:** verified 2026-04-17