Files
zclaw_openfang/docs/features/audit-v12/M9-communication-security.md
iven 442ec0eeef
Some checks failed
CI / Lint & TypeCheck (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Build Frontend (push) Has been cancelled
CI / Rust Check (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
CI / E2E Tests (push) Has been cancelled
docs(audit): V12 模块化端到端审计报告 — 11 模块 + 总报告
混合矩阵式审计:10 个功能模块 × 五维检查清单
- 项目整体健康度: 76/100
- 2 个 P0 (M4 双数据库 + 反思引擎 LLM 未接入)
- 15 个 P1 (跨 M2/M3/M4/M5/M6/M7/M11)
- 三类断链模式: 写了没接/接了不对/双实现未统一
- 三阶段修复路线图: P0(2-3天) → P1(5-7天) → P2(5-7天)
2026-04-04 17:55:03 +08:00

37 lines
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 模块 M9 通信与安全 审计报告
> **审计版本**: V12 | **日期**: 2026-04-04
## 1. 链路完整性
| 链路 | 状态 | 备注 |
|------|------|------|
| Kernel 模式连接 | ✅ | invoke → kernel_init → Kernel 启动 |
| Gateway 模式连接 | ✅ | WebSocket + Ed25519 签名握手 |
| SaaS Relay 模式连接 | ✅ | HTTP Cookie + SSE 流 |
| 三模式自动切换 | ✅ | connectionStore 按 admin routing → SaaS session → isTauriRuntime 分支 |
| Ed25519 设备认证 | ✅ | nacl.sign → SHA-256 derive deviceId → signDeviceAuth |
| 安全存储 (Keyring) | ✅ | OS Keyring 优先 → AES-256-GCM localStorage 降级 |
| MCP 工具发现 | ✅ | startMcpService → initialize → list_tools → 注册 |
| MCP 工具执行 | ✅ | callMcpTool → JSON-RPC tools/call → 解析 content blocks |
| Gateway 心跳/重连 | ✅ | 30s ping → 10s timeout → 3次丢失 → 指数退避重连(1.5^x, max 30s, 10次) |
| SaaS 降级 | ✅ | 401 → logout / 其他 → saasReachable:false → fall through Kernel |
**链路完整性评分: 90/100**
## 2. 问题清单
| ID | 文件 | 级别 | 描述 | 修复建议 |
|----|------|------|------|---------|
| M9-01 | `connectionStore.ts:501` | P2 | SaaS Relay 分支用 `require()` (CommonJS)ESM+Vite 环境可能报错 | 改为 `await import()` |
| M9-02 | `connectionStore.ts:546` | P2 | 同 M9-01浏览器模式同样使用 `require()` | 改为 `await import()` |
| M9-03 | `secure-storage.ts:186-188` | P2 | Keyring 不可用时 master key 明文存 localStorage作为加密根密钥暴露 | 从用户密码或设备指纹派生 master key |
| M9-04 | `gateway-client.ts:143` | P3 | REST 路径跳过 WebSocket 安全检查,非 localhost 无 TLS 强制 | REST 模式也增加 HTTPS 检查 |
| M9-05 | `gateway-client.ts:486-506` | P2 | chatStream() agentId 为空时异步获取runId callback 注册时序问题 | 改为 async/await 串行处理 |
| M9-06 | `securityStore.ts:260-270` | P2 | Kernel 模式下未调用 setSecurityStoreClient(),审计日志加载不出 | Kernel 分支也设置 securityStore client |
| M9-07 | `gateway-client.ts:280` | P3 | 端口检测 `includes(':4200')` 过于简单 | 改为 URL 解析后精确比对 port |
| M9-08 | `secure-storage.ts:255-259` | P3 | legacy 解密全失败时 fallback 返回明文原始值 | 仅在版本匹配时 fallback |
| M9-09 | `crypto-utils.ts:14` | P3 | LEGACY_SALT 硬编码v1 格式安全性依赖源码不可见 | 增加 v1→v2 迁移提示 |
**综合健康度: 86/100** — 三种连接模式+Ed25519+MCP 全链路完整。master key localStorage 和 require 混用是主要扣分项。