npm - @umacloud/knowledge - Versions diffs - 1.0.1 - Mend

@umacloud/knowledge 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (418) hide show

package/00-governance/governance-capabilities.md +557 -0
package/00-governance/knowledge-map.md +39 -0
package/00-governance/maintenance-policy.md +76 -0
package/00-governance/review-checklist.md +81 -0
package/README.md +13 -0
package/ai/01-standards/agent-development-complete.md +691 -0
package/ai/01-standards/llm-application-complete.md +488 -0
package/ai/01-standards/mlops-complete.md +798 -0
package/ai/01-standards/prompt-engineering-complete.md +646 -0
package/ai/01-standards/rag-architecture-complete.md +649 -0
package/ai/02-playbooks/llm-evaluation-playbook.md +847 -0
package/ai/03-checklists/ai-project-checklist.md +215 -0
package/ai/04-antipatterns/ai-antipatterns.md +661 -0
package/ai/05-cases/case-rag-production.md +147 -0
package/ai/06-glossary/ai-glossary.md +162 -0
package/ai/agent-evaluation-benchmark.md +53 -0
package/ai/ai-agent-memory-context-management.md +41 -0
package/ai/ai-cost-capacity-optimization-playbook.md +42 -0
package/ai/ai-data-security-and-compliance-playbook.md +37 -0
package/ai/ai-domain-index-and-checklist.md +40 -0
package/ai/ai-governance-maturity-model.md +50 -0
package/ai/ai-model-selection-and-routing-strategy.md +47 -0
package/ai/ai-observability-and-oncall-runbook.md +52 -0
package/ai/ai-rag-engineering-playbook.md +42 -0
package/ai/ai-red-team-and-safety-evaluation.md +42 -0
package/ai/ai-release-readiness-and-rollback-gate.md +42 -0
package/ai/llm-agent-engineering-deep-dive.md +57 -0
package/ai/prompt-and-tool-guardrails.md +52 -0
package/api/01-standards/enterprise-api-standards.md +198 -0
package/api/01-standards/rest-api-design-guide.md +63 -0
package/api/02-playbooks/api-pagination-playbook.md +93 -0
package/api/02-playbooks/graphql-production-playbook.md +176 -0
package/api/03-checklists/api-review-checklist.md +55 -0
package/api/04-antipatterns/api-antipatterns.md +112 -0
package/architecture/01-standards/api-gateway-patterns.md +496 -0
package/architecture/01-standards/cloud-native-patterns.md +644 -0
package/architecture/01-standards/distributed-systems-patterns.md +591 -0
package/architecture/01-standards/event-driven-architecture.md +595 -0
package/architecture/01-standards/microservices-patterns-complete.md +968 -0
package/architecture/01-standards/microservices-patterns.md +495 -0
package/architecture/01-standards/system-design-interview.md +664 -0
package/architecture/02-playbooks/microservices-patterns-playbook.md +137 -0
package/architecture/02-playbooks/migration-playbook.md +780 -0
package/architecture/02-playbooks/system-design-playbook.md +779 -0
package/architecture/03-checklists/architecture-decision-checklist.md +297 -0
package/architecture/04-antipatterns/architecture-antipatterns.md +417 -0
package/architecture/05-cases/case-netflix-microservices.md +413 -0
package/architecture/06-glossary/architecture-glossary.md +164 -0
package/architecture/adr-template-and-examples.md +38 -0
package/architecture/api-gateway-deep-dive.md +1291 -0
package/architecture/configuration-management.md +1162 -0
package/architecture/distributed-transactions.md +1220 -0
package/architecture/microservices-complete.md +735 -0
package/architecture/resilience-and-disaster-patterns.md +37 -0
package/architecture/service-governance.md +1198 -0
package/architecture/system-architecture-deep-dive.md +37 -0
package/backend/01-standards/analytics-and-growth.md +65 -0
package/backend/01-standards/api-and-error-conventions.md +120 -0
package/backend/01-standards/application-layering-and-packaging.md +160 -0
package/backend/01-standards/auth-implementation.md +104 -0
package/backend/01-standards/backend-framework-idioms.md +74 -0
package/backend/01-standards/background-jobs-and-async.md +66 -0
package/backend/01-standards/caching-strategies-complete.md +390 -0
package/backend/01-standards/config-and-observability.md +77 -0
package/backend/01-standards/data-modeling-and-persistence.md +94 -0
package/backend/01-standards/django-complete.md +1765 -0
package/backend/01-standards/email-and-notifications.md +64 -0
package/backend/01-standards/fastapi-complete.md +925 -0
package/backend/01-standards/file-upload-and-storage.md +66 -0
package/backend/01-standards/graphql-api-complete.md +416 -0
package/backend/01-standards/llm-application-standard.md +78 -0
package/backend/01-standards/message-queue-patterns.md +379 -0
package/backend/01-standards/microservices-and-distributed.md +78 -0
package/backend/01-standards/nestjs-complete.md +2167 -0
package/backend/01-standards/payment-integration.md +80 -0
package/backend/01-standards/rate-limiting-complete.md +451 -0
package/backend/01-standards/realtime-and-websocket.md +65 -0
package/backend/01-standards/search-and-filtering.md +64 -0
package/backend/01-standards/spring-boot-complete.md +445 -0
package/backend/02-playbooks/api-design-playbook.md +718 -0
package/backend/02-playbooks/email-send-playbook.md +130 -0
package/backend/02-playbooks/file-upload-s3-playbook.md +153 -0
package/backend/02-playbooks/typescript-enterprise-playbook.md +133 -0
package/backend/02-playbooks/websocket-realtime-playbook.md +154 -0
package/backend/03-checklists/api-launch-checklist.md +189 -0
package/backend/04-antipatterns/backend-antipatterns.md +1051 -0
package/blockchain/01-standards/blockchain-basics.md +557 -0
package/blockchain/01-standards/smart-contract-development.md +1315 -0
package/cicd/01-standards/deployment-and-delivery-standard.md +96 -0
package/cicd/01-standards/github-actions-complete.md +473 -0
package/cicd/01-standards/release-and-store-submission.md +75 -0
package/cicd/02-playbooks/cicd-pipeline-playbook.md +144 -0
package/cicd/02-playbooks/release-management-playbook.md +605 -0
package/cicd/03-checklists/pipeline-security-checklist.md +168 -0
package/cicd/04-antipatterns/cicd-antipatterns.md +589 -0
package/cicd/05-cases/case-deployment-automation.md +221 -0
package/cicd/05-cases/case-gitops-transformation.md +212 -0
package/cicd/06-glossary/cicd-glossary.md +114 -0
package/cicd/cicd-blueprint-deep-dive.md +38 -0
package/cicd/release-readiness-gate.md +37 -0
package/cloud-native/01-standards/container-security.md +741 -0
package/cloud-native/01-standards/kubernetes-complete.md +812 -0
package/cloud-native/02-playbooks/api-gateway-playbook.md +155 -0
package/cloud-native/02-playbooks/gitops-with-argocd.md +760 -0
package/cloud-native/02-playbooks/k8s-troubleshooting-playbook.md +1942 -0
package/cloud-native/02-playbooks/message-queue-playbook.md +129 -0
package/cloud-native/02-playbooks/multicloud-governance.md +726 -0
package/cloud-native/02-playbooks/serverless-patterns.md +788 -0
package/cloud-native/02-playbooks/service-mesh-playbook.md +612 -0
package/cloud-native/02-playbooks/terraform-iac-playbook.md +143 -0
package/cloud-native/03-checklists/container-security-checklist.md +431 -0
package/cloud-native/03-checklists/k8s-production-readiness-checklist.md +460 -0
package/cloud-native/04-antipatterns/container-antipatterns.md +660 -0
package/cloud-native/04-antipatterns/k8s-antipatterns.md +743 -0
package/cloud-native/05-cases/case-k8s-migration.md +478 -0
package/cloud-native/05-cases/case-k8s-scaling.md +642 -0
package/cloud-native/05-cases/case-k8s-security-incident.md +397 -0
package/cloud-native/06-glossary/cloud-native-glossary.md +337 -0
package/cross-platform/01-standards/cross-platform-frameworks.md +83 -0
package/cross-platform/01-standards/platform-selection-and-architecture.md +77 -0
package/data/01-standards/elasticsearch-complete.md +2098 -0
package/data/01-standards/postgresql-complete.md +1613 -0
package/data/01-standards/redis-complete.md +1527 -0
package/data/02-playbooks/database-optimization-playbook.md +403 -0
package/data/02-playbooks/elasticsearch-production-playbook.md +132 -0
package/data/03-checklists/database-launch-checklist.md +187 -0
package/data/04-antipatterns/database-antipatterns.md +873 -0
package/data/05-cases/case-database-migration.md +310 -0
package/data/06-glossary/database-glossary.md +440 -0
package/data/data-governance-and-modeling-deep-dive.md +39 -0
package/data-engineering/01-standards/airflow-complete.md +523 -0
package/data-engineering/01-standards/kafka-complete.md +1521 -0
package/data-engineering/02-playbooks/spark-etl-playbook.md +496 -0
package/data-engineering/03-checklists/pipeline-launch-checklist.md +194 -0
package/data-engineering/04-antipatterns/data-pipeline-antipatterns.md +684 -0
package/data-engineering/05-cases/case-real-time-pipeline.md +355 -0
package/data-engineering/06-glossary/data-engineering-glossary.md +429 -0
package/database/01-standards/database-schema-standards.md +147 -0
package/database/02-playbooks/postgresql-optimization-quick.md +52 -0
package/database/02-playbooks/postgresql-performance-optimization.md +58 -0
package/database/02-playbooks/postgresql-production-playbook.md +146 -0
package/database/02-playbooks/redis-caching-playbook.md +117 -0
package/database/03-checklists/database-review-checklist.md +50 -0
package/database/04-antipatterns/database-antipatterns.md +112 -0
package/design/01-standards/ui-design-system-complete.md +423 -0
package/design/02-playbooks/design-handoff-playbook.md +254 -0
package/design/02-playbooks/design-review-playbook.md +388 -0
package/design/03-checklists/design-review-checklist.md +246 -0
package/design/04-antipatterns/design-antipatterns.md +378 -0
package/design/05-cases/case-design-system-adoption.md +328 -0
package/design/06-glossary/design-glossary.md +329 -0
package/design/ui-full-lifecycle-cross-platform-playbook.md +571 -0
package/design/ux-system-deep-dive.md +38 -0
package/design-systems/00-craft-rules.md +71 -0
package/design-systems/aesthetic-families.md +43 -0
package/design-systems/anti-ai-slop.md +162 -0
package/design-systems/bold-geometric.md +120 -0
package/design-systems/brutalist-bold.md +103 -0
package/design-systems/editorial-clean.md +109 -0
package/design-systems/glass-aurora.md +108 -0
package/design-systems/modern-minimal.md +145 -0
package/design-systems/premium-luxury.md +106 -0
package/design-systems/product-type-design-map.md +48 -0
package/design-systems/soft-warm.md +123 -0
package/design-systems/tech-utility.md +113 -0
package/desktop/01-standards/desktop-app-standard.md +72 -0
package/desktop/01-standards/desktop-design.md +71 -0
package/development/00-governance/document-template.md +41 -0
package/development/01-standards/api-versioning-strategies.md +432 -0
package/development/01-standards/authentication-patterns-complete.md +479 -0
package/development/01-standards/css-architecture-complete.md +550 -0
package/development/01-standards/database-migration-strategies.md +484 -0
package/development/01-standards/elasticsearch-complete.md +347 -0
package/development/01-standards/git-complete.md +371 -0
package/development/01-standards/golang-complete.md +1565 -0
package/development/01-standards/graphql-complete.md +298 -0
package/development/01-standards/javascript-bundlers-complete.md +469 -0
package/development/01-standards/javascript-typescript-complete.md +528 -0
package/development/01-standards/jest-complete.md +275 -0
package/development/01-standards/linux-complete.md +234 -0
package/development/01-standards/logging-observability-complete.md +526 -0
package/development/01-standards/microservices-communication.md +502 -0
package/development/01-standards/mongodb-complete.md +406 -0
package/development/01-standards/oauth2-complete.md +285 -0
package/development/01-standards/performance-optimization-complete.md +289 -0
package/development/01-standards/playwright-complete.md +247 -0
package/development/01-standards/postgresql-complete.md +456 -0
package/development/01-standards/pytest-complete.md +340 -0
package/development/01-standards/python-async-programming.md +902 -0
package/development/01-standards/python-complete.md +956 -0
package/development/01-standards/python-decorators-complete.md +799 -0
package/development/01-standards/python-design-patterns.md +2854 -0
package/development/01-standards/python-packaging-distribution.md +420 -0
package/development/01-standards/python-testing-strategies.md +607 -0
package/development/01-standards/python-web-frameworks-comparison.md +471 -0
package/development/01-standards/redis-complete.md +317 -0
package/development/01-standards/rest-api-complete.md +316 -0
package/development/01-standards/rust-complete.md +578 -0
package/development/01-standards/typescript-advanced-types.md +1513 -0
package/development/01-standards/web-security-complete.md +292 -0
package/development/02-playbooks/api-design-playbook.md +810 -0
package/development/02-playbooks/database-migration-playbook.md +580 -0
package/development/02-playbooks/debugging-playbook.md +692 -0
package/development/02-playbooks/feature-delivery-playbook.md +430 -0
package/development/02-playbooks/incident-hotfix-playbook.md +387 -0
package/development/02-playbooks/performance-optimization-playbook.md +531 -0
package/development/02-playbooks/performance-tuning-playbook.md +652 -0
package/development/02-playbooks/refactor-playbook.md +403 -0
package/development/02-playbooks/release-playbook.md +469 -0
package/development/03-checklists/architecture-review-checklist.md +168 -0
package/development/03-checklists/data-migration-checklist.md +157 -0
package/development/03-checklists/oncall-handover-checklist.md +173 -0
package/development/03-checklists/pr-checklist.md +158 -0
package/development/03-checklists/production-readiness-checklist.md +190 -0
package/development/03-checklists/release-readiness-checklist.md +154 -0
package/development/03-checklists/security-review-checklist.md +182 -0
package/development/04-antipatterns/api-antipatterns.md +657 -0
package/development/04-antipatterns/architecture-antipatterns.md +686 -0
package/development/04-antipatterns/backend-antipatterns.md +648 -0
package/development/04-antipatterns/cicd-antipatterns.md +540 -0
package/development/04-antipatterns/code-smell-antipatterns.md +571 -0
package/development/04-antipatterns/data-antipatterns.md +658 -0
package/development/04-antipatterns/database-antipatterns.md +578 -0
package/development/04-antipatterns/frontend-antipatterns.md +635 -0
package/development/04-antipatterns/reliability-antipatterns.md +700 -0
package/development/04-antipatterns/security-antipatterns.md +747 -0
package/development/05-cases/case-api-version-migration.md +428 -0
package/development/05-cases/case-authorization-hardening.md +383 -0
package/development/05-cases/case-bluegreen-rollback.md +466 -0
package/development/05-cases/case-cache-snowball-protection.md +485 -0
package/development/05-cases/case-ci-cd-pipeline.md +544 -0
package/development/05-cases/case-database-scaling.md +500 -0
package/development/05-cases/case-db-hotspot-optimization.md +487 -0
package/development/05-cases/case-incident-mttr-reduction.md +563 -0
package/development/05-cases/case-microservice-migration.md +375 -0
package/development/05-cases/case-performance-optimization.md +406 -0
package/development/05-cases/case-security-incident-response.md +345 -0
package/development/06-glossary/full-stack-glossary.md +166 -0
package/development/09-maturity/quarterly-audit-template.md +35 -0
package/development/11-ui-excellence/ui-aesthetic-system.md +41 -0
package/development/11-ui-excellence/ui-engineering-excellence.md +435 -0
package/development/12-scenarios/development-scenarios-guide.md +565 -0
package/development/13-implementation-assets/implementation-toolkit.md +282 -0
package/development/13-implementation-assets/knowledge-gates-execution.md +43 -0
package/development/14-full-lifecycle/software-lifecycle-gates.md +511 -0
package/development/15-lifecycle-templates/project-templates-collection.md +791 -0
package/development/api-contract-and-versioning-guide.md +36 -0
package/development/api-governance-complete.md +43 -0
package/development/backend-engineering-complete.md +43 -0
package/development/code-review-quality-complete.md +43 -0
package/development/concurrency-reliability-complete.md +43 -0
package/development/database-engineering-complete.md +43 -0
package/development/engineering-effectiveness-complete.md +43 -0
package/development/engineering-standards-deep-dive.md +38 -0
package/development/frontend-engineering-complete.md +43 -0
package/development/performance-capacity-complete.md +43 -0
package/development/refactor-migration-complete.md +42 -0
package/development/refactoring-and-techdebt-playbook.md +37 -0
package/development/security-in-development-complete.md +43 -0
package/devops/01-standards/cicd-pipeline-complete.md +262 -0
package/devops/01-standards/docker-complete.md +1490 -0
package/devops/01-standards/github-actions-complete.md +337 -0
package/devops/01-standards/kubernetes-complete.md +638 -0
package/devops/01-standards/terraform-complete.md +2117 -0
package/devops/02-playbooks/docker-compose-playbook.md +233 -0
package/devops/02-playbooks/docker-k8s-production-playbook.md +186 -0
package/devops/02-playbooks/docker-production-playbook.md +952 -0
package/edge-iot/01-standards/edge-iot-complete.md +473 -0
package/experts/architect/api-design.md +178 -0
package/experts/architect/methodology.md +124 -0
package/experts/architect/security.md +75 -0
package/experts/backend-lead/methodology.md +216 -0
package/experts/devops/methodology.md +160 -0
package/experts/frontend-lead/methodology.md +178 -0
package/experts/product-manager/industry/ecommerce.md +43 -0
package/experts/product-manager/industry/saas.md +40 -0
package/experts/product-manager/methodology.md +97 -0
package/experts/qa-lead/methodology.md +123 -0
package/experts/qa-lead/test-strategy.md +128 -0
package/experts/uiux-designer/methodology.md +125 -0
package/frontend/01-standards/accessibility-complete.md +532 -0
package/frontend/01-standards/accessibility-standard.md +74 -0
package/frontend/01-standards/admin-dashboard-and-crud.md +72 -0
package/frontend/01-standards/design-tokens-complete.md +444 -0
package/frontend/01-standards/forms-and-validation.md +77 -0
package/frontend/01-standards/frontend-architecture-and-layering.md +119 -0
package/frontend/01-standards/i18n-and-localization.md +65 -0
package/frontend/01-standards/nextjs-complete.md +451 -0
package/frontend/01-standards/react-complete.md +713 -0
package/frontend/01-standards/react-hooks-complete-guide.md +1100 -0
package/frontend/01-standards/react-hooks-complete.md +1171 -0
package/frontend/01-standards/seo-and-web-vitals.md +77 -0
package/frontend/01-standards/state-management-complete.md +444 -0
package/frontend/01-standards/vue-complete.md +499 -0
package/frontend/01-standards/vue3-complete.md +2002 -0
package/frontend/01-standards/web-framework-best-practices.md +64 -0
package/frontend/01-standards/web-performance-complete.md +495 -0
package/frontend/02-playbooks/accessibility-a11y-playbook.md +161 -0
package/frontend/02-playbooks/frontend-performance-playbook.md +707 -0
package/frontend/02-playbooks/i18n-internationalization-playbook.md +120 -0
package/frontend/02-playbooks/performance-optimization-playbook.md +163 -0
package/frontend/02-playbooks/react-nextjs-production-playbook.md +167 -0
package/frontend/02-playbooks/react-state-management-playbook.md +173 -0
package/frontend/03-checklists/component-quality-checklist.md +166 -0
package/frontend/03-checklists/frontend-launch-checklist.md +299 -0
package/frontend/04-antipatterns/frontend-antipatterns.md +886 -0
package/frontend/05-cases/case-performance-optimization.md +274 -0
package/harmony/01-standards/harmonyos-arkts-standard.md +75 -0
package/harmony/01-standards/harmonyos-design.md +65 -0
package/high-quality-engineering-playbook.md +54 -0
package/incident/01-standards/incident-response-complete.md +303 -0
package/incident/02-playbooks/chaos-engineering-playbook.md +883 -0
package/incident/02-playbooks/postmortem-playbook.md +398 -0
package/incident/03-checklists/incident-readiness-checklist.md +181 -0
package/incident/04-antipatterns/incident-antipatterns.md +490 -0
package/incident/05-cases/case-cascade-failure.md +176 -0
package/incident/06-glossary/incident-glossary.md +114 -0
package/incident/postmortem-and-response-deep-dive.md +39 -0
package/industries/ecommerce/ecommerce-complete.md +631 -0
package/industries/education/education-complete.md +555 -0
package/industries/fintech/fintech-complete.md +501 -0
package/industries/gaming/gaming-complete.md +587 -0
package/industries/healthcare/healthcare-complete.md +452 -0
package/low-code/01-standards/low-code-complete.md +944 -0
package/miniprogram/01-standards/ai-common-mistakes.md +61 -0
package/miniprogram/01-standards/miniprogram-custom-navbar-capsule.md +77 -0
package/miniprogram/01-standards/miniprogram-design.md +61 -0
package/miniprogram/01-standards/miniprogram-standard.md +81 -0
package/mobile/01-standards/android-material-design.md +70 -0
package/mobile/01-standards/flutter-complete.md +384 -0
package/mobile/01-standards/ios-design-hig.md +78 -0
package/mobile/01-standards/mobile-app-standard.md +85 -0
package/mobile/01-standards/react-native-complete.md +352 -0
package/mobile/02-playbooks/mobile-cross-platform-playbook.md +175 -0
package/mobile/02-playbooks/mobile-performance.md +473 -0
package/mobile/03-checklists/mobile-release-checklist.md +234 -0
package/mobile/04-antipatterns/mobile-antipatterns.md +798 -0
package/mobile/05-cases/case-app-performance.md +500 -0
package/mobile/05-cases/case-app-startup-optimization.md +218 -0
package/mobile/06-glossary/mobile-glossary.md +484 -0
package/observability/01-standards/observability-standards.md +103 -0
package/observability/02-playbooks/prometheus-grafana-playbook.md +135 -0
package/observability/02-playbooks/structured-logging-playbook.md +73 -0
package/observability/03-checklists/observability-checklist.md +54 -0
package/observability/04-antipatterns/observability-antipatterns.md +106 -0
package/operations/01-standards/prometheus-monitoring-complete.md +1578 -0
package/operations/02-playbooks/capacity-planning-playbook.md +620 -0
package/operations/03-checklists/production-launch-checklist.md +365 -0
package/operations/04-antipatterns/operations-antipatterns.md +664 -0
package/operations/05-cases/case-sre-practices.md +581 -0
package/operations/06-glossary/operations-glossary.md +120 -0
package/operations/aiops-anomaly-detection.md +758 -0
package/operations/capacity-planning.md +1061 -0
package/operations/chaos-engineering.md +659 -0
package/operations/incident-command-system.md +38 -0
package/operations/observability-complete.md +442 -0
package/operations/slo-sli-playbook.md +517 -0
package/operations/sre-operations-deep-dive.md +39 -0
package/package.json +8 -0
package/performance/01-standards/performance-and-scalability.md +80 -0
package/performance/01-standards/performance-standards.md +156 -0
package/performance/02-playbooks/query-optimization-playbook.md +103 -0
package/performance/03-checklists/performance-checklist.md +56 -0
package/performance/04-antipatterns/performance-antipatterns.md +146 -0
package/product/01-standards/product-management-complete.md +285 -0
package/product/02-playbooks/feature-launch-playbook.md +207 -0
package/product/02-playbooks/user-research-playbook.md +532 -0
package/product/03-checklists/feature-launch-checklist.md +275 -0
package/product/04-antipatterns/product-antipatterns.md +355 -0
package/product/05-cases/case-mvp-to-scale.md +384 -0
package/product/06-glossary/product-glossary.md +462 -0
package/product/feature-prioritization-framework.md +40 -0
package/product/kpi-and-metric-tree.md +37 -0
package/product/product-discovery-and-prd-deep-dive.md +41 -0
package/quantum/01-standards/quantum-complete.md +1186 -0
package/security/01-standards/api-security-complete.md +511 -0
package/security/01-standards/container-runtime-security.md +574 -0
package/security/01-standards/data-protection-gdpr.md +543 -0
package/security/01-standards/owasp-top10-complete.md +1890 -0
package/security/01-standards/secure-coding-baseline.md +90 -0
package/security/01-standards/supply-chain-security.md +441 -0
package/security/01-standards/web-security-checklist.md +108 -0
package/security/01-standards/zero-trust-architecture.md +521 -0
package/security/02-playbooks/auth-sso-playbook.md +166 -0
package/security/02-playbooks/incident-response-security-playbook.md +588 -0
package/security/02-playbooks/owasp-api-security-playbook.md +129 -0
package/security/02-playbooks/payment-integration-playbook.md +119 -0
package/security/02-playbooks/penetration-testing-playbook.md +517 -0
package/security/03-checklists/security-audit-checklist.md +356 -0
package/security/04-antipatterns/security-coding-antipatterns.md +580 -0
package/security/05-cases/case-log4shell-incident.md +537 -0
package/security/05-cases/case-major-breaches.md +468 -0
package/security/06-glossary/security-glossary.md +212 -0
package/security/compliance-automation.md +993 -0
package/security/container-security.md +680 -0
package/security/devsecops-complete.md +426 -0
package/security/sast-dast-sca.md +775 -0
package/security/secrets-management.md +594 -0
package/security/security-architecture-deep-dive.md +37 -0
package/security/threat-modeling-stride-playbook.md +40 -0
package/seed-templates/auth-system.md +59 -0
package/seed-templates/blog-content.md +94 -0
package/seed-templates/dashboard.md +89 -0
package/seed-templates/docs-site.md +73 -0
package/seed-templates/e-commerce.md +50 -0
package/seed-templates/saas-landing.md +92 -0
package/seed-templates/settings-page.md +51 -0
package/testing/01-standards/test-strategy-and-layering.md +83 -0
package/testing/01-standards/testing-strategy-complete.md +422 -0
package/testing/01-standards/unit-testing-best-practices.md +118 -0
package/testing/02-playbooks/e2e-testing-playbook.md +988 -0
package/testing/02-playbooks/testing-strategy-playbook.md +126 -0
package/testing/03-checklists/test-strategy-checklist.md +208 -0
package/testing/04-antipatterns/testing-antipatterns.md +718 -0
package/testing/05-cases/case-testing-transformation.md +300 -0
package/testing/06-glossary/testing-glossary.md +110 -0
package/testing/risk-based-test-matrix.md +36 -0
package/testing/testing-strategy-deep-dive.md +37 -0

package/security/compliance-automation.md ADDED Viewed

@@ -0,0 +1,993 @@
+---
+id: compliance-automation
+title: 合规自动化完整指南
+domain: security
+category: compliance-automation.md
+difficulty: intermediate
+tags: [automation, code, compliance, security, 合规工作流, 合规报告, 合规框架, 审计日志]
+quality_score: 70
+last_updated: 2026-06-15
+---
+# 合规自动化完整指南
+## 概述
+合规自动化(Compliance as Code)将合规要求转化为可执行代码,实现持续监控、自动检查和快速审计,降低合规成本和风险。
+## 合规框架
+### 1. 常见合规标准
+#### GDPR(通用数据保护条例)
+```yaml
+核心要求:
+  - 数据主体权利(访问、删除、移植)
+  - 数据处理合法性
+  - 数据最小化原则
+  - 数据安全保护
+  - 隐私设计(Privacy by Design)
+  - 数据泄露通知(72 小时)
+  - DPO(数据保护官)任命
+  - 跨境数据传输合规
+技术控制:
+  - 数据加密(传输、存储)
+  - 访问控制和审计
+  - 数据分类和标记
+  - 同意管理系统
+  - 数据保留策略
+  - 备份和恢复
+```
+#### SOC 2 Type II
+```yaml
+信任服务标准:
+  - 安全性(Security)
+  - 可用性(Availability)
+  - 处理完整性(Processing Integrity)
+  - 机密性(Confidentiality)
+  - 隐私性(Privacy)
+控制域:
+  - 访问控制
+  - 加密管理
+  - 变更管理
+  - 事件响应
+  - 备份恢复
+  - 网络安全
+  - 供应商管理
+```
+#### PCI-DSS(支付卡行业数据安全标准)
+```yaml
+12 项核心要求:
+  1. 防火墙配置
+  2. 默认密码修改
+  3. 存储卡数据保护
+  4. 传输加密
+  5. 防病毒软件
+  6. 安全系统开发
+  7. 访问限制
+  8. 身份认证
+  9. 物理访问控制
+  10. 日志审计
+  11. 安全测试
+  12. 信息安全策略
+技术控制:
+  - 网络分段
+  - 数据加密(TLS 1.2+)
+  - 密钥管理
+  - 漏洞扫描(季度)
+  - 渗透测试(年度)
+  - 文件完整性监控
+```
+#### ISO 27001
+```yaml
+控制域(Annex A):
+  A.5 - 信息安全策略
+  A.6 - 信息安全组织
+  A.7 - 人力资源安全
+  A.8 - 资产管理
+  A.9 - 访问控制
+  A.10 - 密码学
+  A.11 - 物理和环境安全
+  A.12 - 操作安全
+  A.13 - 通信安全
+  A.14 - 系统获取、开发和维护
+  A.15 - 供应商关系
+  A.16 - 信息安全事件管理
+  A.17 - 业务连续性管理
+  A.18 - 合规性
+```
+## 合规即代码(Compliance as Code)
+### 1. 策略定义
+#### Open Policy Agent(OPA)
+```rego
+# policy.rego
+package authz
+# RBAC 策略
+default allow = false
+allow {
+  some i
+  input.user.roles[i] = "admin"
+}
+allow {
+  some i
+  input.user.roles[i] = "viewer"
+  input.method = "GET"
+}
+# 数据访问控制
+allow {
+  input.user.department = input.resource.department
+  input.method in ["GET", "POST"]
+}
+# 拒绝敏感数据访问
+deny[msg] {
+  input.resource.sensitive = true
+  not input.user.clearance_level in ["confidential", "secret"]
+  msg := "用户无权访问敏感数据"
+}
+```
+#### Checkov(IaC 扫描)
+```yaml
+# custom_check.yaml
+metadata:
+  id: "CKV_CUSTOM_001"
+  name: "确保 S3 存储桶启用加密"
+  category: "ENCRYPTION"
+definition:
+  cond_type: attribute
+  resource_types:
+    - aws_s3_bucket
+  attribute: server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.sse_algorithm
+  operator: exists
+```
+```python
+# Python 自定义检查
+from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
+class S3EncryptionCheck(BaseResourceValueCheck):
+    def __init__(self):
+        name = "确保 S3 存储桶启用加密"
+        id = "CKV_CUSTOM_001"
+        supported_resources = ['aws_s3_bucket']
+        categories = ['encryption']
+        super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
+    def scan_resource_conf(self, conf):
+        if 'server_side_encryption_configuration' in conf:
+            return CheckResult.PASSED
+        return CheckResult.FAILED
+```
+### 2. 自动化检查
+#### Kubernetes 准入控制
+```yaml
+# Gatekeeper 约束模板
+apiVersion: templates.gatekeeper.sh/v1
+kind: ConstraintTemplate
+metadata:
+  name: k8srequiredlabels
+spec:
+  crd:
+    spec:
+      names:
+        kind: K8sRequiredLabels
+      validation:
+        openAPIV3Schema:
+          properties:
+            labels:
+              type: array
+              items:
+                type: string
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package k8srequiredlabels
+        violation[{"msg": msg}] {
+          provided := {label | input.review.object.metadata.labels[label]}
+          required := {label | label := input.parameters.labels[_]}
+          missing := required - provided
+          count(missing) > 0
+          msg := sprintf("缺少必需标签: %v", [missing])
+        }
+---
+# 应用约束
+apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: K8sRequiredLabels
+metadata:
+  name: require-compliance-labels
+spec:
+  match:
+    kinds:
+      - apiGroups: [""]
+        kinds: ["Pod", "Deployment"]
+  parameters:
+    labels:
+      - "owner"
+      - "environment"
+      - "compliance-level"
+```
+#### 云资源合规检查
+```python
+# AWS Config 规则
+import json
+import boto3
+def lambda_handler(event, context):
+    config = boto3.client('config')
+    # 检查 S3 加密
+    invoking_event = json.loads(event['invokingEvent'])
+    configuration_item = invoking_event['configurationItem']
+    if configuration_item['resourceType'] != 'AWS::S3::Bucket':
+        return {'compliance_type': 'NOT_APPLICABLE'}
+    bucket_encryption = configuration_item['supplementaryConfiguration'].get('ServerSideEncryptionConfiguration')
+    if bucket_encryption:
+        return {
+            'compliance_type': 'COMPLIANT',
+            'annotation': 'S3 存储桶已启用加密'
+        }
+    else:
+        return {
+            'compliance_type': 'NON_COMPLIANT',
+            'annotation': 'S3 存储桶未启用加密'
+        }
+```
+### 3. 持续监控
+#### Prowler(AWS 安全检查)
+```bash
+# 运行 CIS 合规检查
+prowler aws --cis-levels 1,2 --severity high critical
+# 自定义检查
+prowler aws --checks custom_check_001,custom_check_002
+# 输出报告
+prowler aws --output-formats json-ocsF csv html
+```
+#### Scout Suite(多云安全审计)
+```bash
+# AWS 审计
+scout aws
+# Azure 审计
+scout azure
+# GCP 审计
+scout gcp
+# 生成报告
+open scout-report/scoutsuite-results/scoutsuite_results_*.html
+```
+## 数据合规
+### 1. 数据分类
+```yaml
+# 数据分类策略
+data_classification:
+  public:
+    description: 公开信息,无限制访问
+    examples: [产品文档, 营销材料]
+    controls: []
+  internal:
+    description: 内部信息,仅限员工访问
+    examples: [内部政策, 组织架构]
+    controls:
+      - 访问控制
+      - 传输加密
+  confidential:
+    description: 机密信息,需授权访问
+    examples: [客户数据, 财务数据]
+    controls:
+      - 严格访问控制
+      - 传输和存储加密
+      - 审计日志
+      - 数据掩码
+  restricted:
+    description: 高度机密,严格限制访问
+    examples: [密钥, PII, 医疗数据]
+    controls:
+      - 最小权限访问
+      - 端到端加密
+      - 完整审计追踪
+      - 数据丢失防护(DLP)
+      - 定期审查
+```
+### 2. 数据保留策略
+```python
+# 数据保留自动化
+from datetime import datetime, timedelta
+from dataclasses import dataclass
+@dataclass
+class RetentionPolicy:
+    data_type: str
+    retention_days: int
+    legal_hold: bool = False
+    def should_delete(self, created_at: datetime) -> bool:
+        if self.legal_hold:
+            return False
+        expiry_date = created_at + timedelta(days=self.retention_days)
+        return datetime.now() > expiry_date
+# 应用保留策略
+policies = {
+    'user_logs': RetentionPolicy('user_logs', 90),
+    'financial_records': RetentionPolicy('financial_records', 2555, legal_hold=True),  # 7 年
+    'marketing_data': RetentionPolicy('marketing_data', 365),
+    'pii_data': RetentionPolicy('pii_data', 180)
+}
+def enforce_retention():
+    for data_type, policy in policies.items():
+        records = get_records(data_type)
+        for record in records:
+            if policy.should_delete(record.created_at):
+                delete_record(record.id)
+                log_deletion(record.id, data_type)
+```
+### 3. 隐私保护
+```python
+# 数据匿名化
+import hashlib
+from faker import Faker
+fake = Faker()
+def anonymize_pii(data: dict) -> dict:
+    """匿名化 PII 数据"""
+    anonymized = data.copy()
+    # 哈希化邮箱
+    if 'email' in anonymized:
+        anonymized['email'] = hashlib.sha256(
+            anonymized['email'].encode()
+        ).hexdigest()[:10] + '@anonymized.com'
+    # 替换姓名
+    if 'name' in anonymized:
+        anonymized['name'] = fake.name()
+    # 掩码电话号码
+    if 'phone' in anonymized:
+        phone = anonymized['phone']
+        anonymized['phone'] = phone[:3] + '****' + phone[-4:]
+    # 泛化地址
+    if 'address' in anonymized:
+        anonymized['address'] = fake.city()
+    return anonymized
+# 数据掩码
+def mask_sensitive_data(data: str, visible_chars: int = 4) -> str:
+    """掩码敏感数据"""
+    if len(data) <= visible_chars:
+        return '*' * len(data)
+    visible = data[:visible_chars]
+    masked = '*' * (len(data) - visible_chars)
+    return visible + masked
+```
+## 访问控制合规
+### 1. RBAC 实施
+```yaml
+# Kubernetes RBAC
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: compliance-viewer
+  namespace: production
+rules:
+- apiGroups: [""]
+  resources: ["pods", "configmaps"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get"]
+  resourceNames: ["non-sensitive-secret"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: compliance-auditor-binding
+  namespace: production
+subjects:
+- kind: User
+  name: auditor@company.com
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: compliance-viewer
+  apiGroup: rbac.authorization.k8s.io
+```
+### 2. 权限审查
+```python
+# 权限审查自动化
+import boto3
+def audit_iam_permissions():
+    iam = boto3.client('iam')
+    findings = []
+    # 获取所有用户
+    users = iam.list_users()['Users']
+    for user in users:
+        username = user['UserName']
+        # 检查活动访问密钥
+        access_keys = iam.list_access_keys(UserName=username)['AccessKeyMetadata']
+        active_keys = [k for k in access_keys if k['Status'] == 'Active']
+        if len(active_keys) > 1:
+            findings.append({
+                'user': username,
+                'finding': '多个活动访问密钥',
+                'severity': 'medium'
+            })
+        # 检查密码使用情况
+        if 'PasswordLastUsed' in user:
+            last_used = user['PasswordLastUsed']
+            days_since_use = (datetime.now() - last_used).days
+            if days_since_use > 90:
+                findings.append({
+                    'user': username,
+                    'finding': f'密码 {days_since_use} 天未使用',
+                    'severity': 'low'
+                })
+        # 检查附加策略
+        attached_policies = iam.list_attached_user_policies(UserName=username)['AttachedPolicies']
+        for policy in attached_policies:
+            if 'AdministratorAccess' in policy['PolicyName']:
+                findings.append({
+                    'user': username,
+                    'finding': '拥有管理员权限',
+                    'severity': 'high'
+                })
+    return findings
+```
+## 审计日志
+### 1. 日志收集
+```yaml
+# Elasticsearch 日志收集
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: audit-log-config
+data:
+  fluent.conf: |
+    <source>
+      @type tail
+      path /var/log/audit/*.log
+      pos_file /var/log/audit.log.pos
+      tag audit
+      format json
+      time_key timestamp
+      time_format %Y-%m-%dT%H:%M:%S.%NZ
+    </source>
+    <filter audit>
+      @type record_transformer
+      <record>
+        hostname ${hostname}
+        environment #{ENV['ENVIRONMENT']}
+        compliance_tag pci-dss,gdpr
+      </record>
+    </filter>
+    <match audit>
+      @type elasticsearch
+      host elasticsearch
+      port 9200
+      index_name audit-logs
+      type_name _doc
+    </match>
+```
+### 2. 审计事件
+```json
+{
+  "timestamp": "2025-03-20T10:00:00Z",
+  "event_type": "data_access",
+  "actor": {
+    "user_id": "user-123",
+    "username": "john.doe",
+    "ip_address": "10.0.1.100",
+    "user_agent": "Mozilla/5.0",
+    "session_id": "sess-abc123"
+  },
+  "resource": {
+    "type": "customer_record",
+    "id": "cust-456",
+    "classification": "confidential",
+    "contains_pii": true
+  },
+  "action": {
+    "type": "read",
+    "result": "success",
+    "details": {
+      "fields_accessed": ["name", "email", "phone"],
+      "records_count": 1
+    }
+  },
+  "compliance": {
+    "gdpr": {
+      "lawful_basis": "legitimate_interest",
+      "data_subject_consent": true
+    },
+    "pci_dss": {
+      "requirement": "7.1",
+      "control": "need_to_know"
+    }
+  },
+  "location": {
+    "country": "CN",
+    "region": "Beijing"
+  }
+}
+```
+### 3. 日志分析
+```python
+# 合规日志分析
+from elasticsearch import Elasticsearch
+es = Elasticsearch(['http://elasticsearch:9200'])
+def analyze_access_patterns():
+    """分析异常访问模式"""
+    query = {
+        "query": {
+            "bool": {
+                "must": [
+                    {"range": {"timestamp": {"gte": "now-7d"}}},
+                    {"term": {"resource.contains_pii": True}}
+                ]
+            }
+        },
+        "aggs": {
+            "users": {
+                "terms": {"field": "actor.user_id"},
+                "aggs": {
+                    "access_count": {"value_count": {"field": "_id"}},
+                    "unique_resources": {"cardinality": {"field": "resource.id"}}
+                }
+            }
+        }
+    }
+    result = es.search(index='audit-logs', body=query)
+    anomalies = []
+    for bucket in result['aggregations']['users']['buckets']:
+        access_count = bucket['access_count']['value']
+        unique_resources = bucket['unique_resources']['value']
+        # 检测异常访问
+        if access_count > 1000 and unique_resources > 100:
+            anomalies.append({
+                'user_id': bucket['key'],
+                'finding': '高频 PII 数据访问',
+                'access_count': access_count,
+                'unique_resources': unique_resources,
+                'severity': 'high'
+            })
+    return anomalies
+```
+## 合规报告
+### 1. 自动生成报告
+```python
+# 合规报告生成器
+from datetime import datetime, timedelta
+from reportlab.lib.pagesizes import A4
+from reportlab.pdfgen import canvas
+class ComplianceReport:
+    def __init__(self, framework: str):
+        self.framework = framework
+        self.controls = []
+    def add_control(self, control_id: str, status: str, evidence: str):
+        self.controls.append({
+            'id': control_id,
+            'status': status,
+            'evidence': evidence,
+            'timestamp': datetime.now()
+        })
+    def generate_pdf(self, output_path: str):
+        c = canvas.Canvas(output_path, pagesize=A4)
+        width, height = A4
+        # 标题
+        c.setFont("Helvetica-Bold", 20)
+        c.drawString(100, height - 50, f"{self.framework} Compliance Report")
+        # 日期
+        c.setFont("Helvetica", 12)
+        c.drawString(100, height - 80, f"Generated: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
+        # 控制项
+        y_position = height - 150
+        for control in self.controls:
+            c.setFont("Helvetica-Bold", 10)
+            c.drawString(100, y_position, f"{control['id']} - {control['status']}")
+            c.setFont("Helvetica", 9)
+            c.drawString(120, y_position - 15, f"Evidence: {control['evidence']}")
+            y_position -= 50
+            if y_position < 100:
+                c.showPage()
+                y_position = height - 50
+        c.save()
+# 生成 SOC 2 报告
+report = ComplianceReport('SOC 2 Type II')
+report.add_control('CC6.1', 'COMPLIANT', 'Access control policy reviewed 2025-03-01')
+report.add_control('CC6.6', 'COMPLIANT', 'MFA enabled for all users')
+report.add_control('CC7.1', 'NON_COMPLIANT', 'Missing vulnerability scan for Q1')
+report.generate_pdf('/reports/soc2-report.pdf')
+```
+### 2. 仪表板
+```yaml
+# Grafana 仪表板配置
+apiVersion: 1
+providers:
+  - name: 'Compliance Dashboard'
+    folder: 'Security'
+    type: file
+    options:
+      path: /var/lib/grafana/dashboards
+dashboards:
+  - uid: compliance-overview
+    title: Compliance Overview
+    panels:
+      - title: Control Compliance Rate
+        type: gauge
+        gridPos:
+          x: 0
+          y: 0
+          w: 8
+          h: 6
+        targets:
+          - expr: (sum(compliant_controls) / sum(total_controls)) * 100
+      - title: Non-Compliant Controls by Framework
+        type: piechart
+        gridPos:
+          x: 8
+          y: 0
+          w: 8
+          h: 6
+        targets:
+          - expr: sum(non_compliant_controls) by (framework)
+      - title: Control Status Trend
+        type: graph
+        gridPos:
+          x: 0
+          y: 6
+          w: 16
+          h: 8
+        targets:
+          - expr: sum(compliant_controls)
+            legendFormat: Compliant
+          - expr: sum(non_compliant_controls)
+            legendFormat: Non-Compliant
+```
+## 合规工作流
+### 1. 事件响应
+```yaml
+# 合规事件响应流程
+name: compliance_incident_response
+trigger:
+  type: compliance_violation
+  severity: [high, critical]
+steps:
+  - name: assess_impact
+    action: analyze_violation
+    params:
+      control_id: "{{ event.control_id }}"
+      framework: "{{ event.framework }}"
+  - name: notify_stakeholders
+    condition: impact == "high"
+    action: send_notification
+    params:
+      channels:
+        - "#compliance-alerts"
+        - "#security-team"
+      message: |
+        合规违规告警
+        框架: {{ event.framework }}
+        控制项: {{ event.control_id }}
+        严重性: {{ event.severity }}
+        详情: {{ event.details }}
+  - name: create_remediation_task
+    action: create_jira_ticket
+    params:
+      project: "COMPLIANCE"
+      issue_type: "Bug"
+      priority: "{{ event.severity }}"
+      summary: "修复合规违规: {{ event.control_id }}"
+      description: |
+        框架: {{ event.framework }}
+        控制项: {{ event.control_id }}
+        证据: {{ event.evidence }}
+        影响: {{ impact }}
+  - name: escalate_to_dpo
+    condition: framework == "GDPR" and contains_pii == True
+    action: notify_user
+    params:
+      user: "dpo@company.com"
+      subject: "GDPR 合规违规需审查"
+      message: "{{ event.details }}"
+```
+### 2. 变更管理
+```yaml
+# 变更审批流程
+name: change_approval_workflow
+trigger:
+  type: pull_request
+  paths:
+    - "terraform/**"
+    - "kubernetes/**"
+steps:
+  - name: compliance_check
+    action: run_compliance_scan
+    params:
+      frameworks:
+        - pci-dss
+        - soc2
+        - gdpr
+  - name: impact_assessment
+    condition: compliance_check.status == "non_compliant"
+    action: assess_impact
+    params:
+      changes: "{{ git.diff }}"
+  - name: require_approval
+    condition: impact == "high"
+    action: request_review
+    params:
+      reviewers:
+        - "compliance-team"
+        - "security-team"
+      auto_approve: false
+  - name: document_change
+    action: create_record
+    params:
+      type: "change_log"
+      data:
+        change_id: "{{ git.commit_sha }}"
+        framework_impact: "{{ impact.frameworks }}"
+        approved_by: "{{ reviewers.approved_by }}"
+        timestamp: "{{ now }}"
+```
+## 供应商合规管理
+### 1. 供应商评估
+```yaml
+# 供应商安全评估清单
+vendor_assessment:
+  general:
+    - name: 公司注册信息
+      required: true
+    - name: 财务稳定性证明
+      required: true
+    - name: 保险覆盖
+      required: true
+  security:
+    - name: 安全认证(ISO 27001, SOC 2)
+      required: true
+    - name: 渗透测试报告
+      required: true
+      frequency: annual
+    - name: 漏洞扫描报告
+      required: true
+      frequency: quarterly
+    - name: 事件响应计划
+      required: true
+    - name: BCP/DR 计划
+      required: true
+  privacy:
+    - name: 隐私政策
+      required: true
+    - name: DPA(数据处理协议)
+      required: true
+    - name: 数据处理地点
+      required: true
+    - name: 数据保留政策
+      required: true
+  compliance:
+    - name: GDPR 合规声明
+      required: condition
+      condition: 处理 EU 居民数据
+    - name: PCI-DSS 合规证明
+      required: condition
+      condition: 处理支付数据
+    - name: HIPAA 合规证明
+      required: condition
+      condition: 处理医疗数据
+```
+### 2. 持续监控
+```python
+# 供应商风险监控
+from datetime import datetime, timedelta
+class VendorMonitor:
+    def __init__(self):
+        self.vendors = {}
+    def check_certification_expiry(self, vendor_id: str):
+        """检查认证过期"""
+        vendor = self.vendors[vendor_id]
+        for cert in vendor['certifications']:
+            expiry_date = datetime.strptime(cert['expiry_date'], '%Y-%m-%d')
+            days_until_expiry = (expiry_date - datetime.now()).days
+            if days_until_expiry < 0:
+                self.alert(f"[CRITICAL] {vendor['name']} 认证已过期: {cert['name']}")
+            elif days_until_expiry < 30:
+                self.alert(f"[WARNING] {vendor['name']} 认证即将过期: {cert['name']} (剩余 {days_until_expiry} 天)")
+    def check_security_incidents(self, vendor_id: str):
+        """检查安全事件"""
+        vendor = self.vendors[vendor_id]
+        # 检查公开漏洞
+        vulns = self.query_vulnerability_database(vendor['products'])
+        if vulns:
+            self.alert(f"[HIGH] {vendor['name']} 存在公开漏洞: {len(vulns)} 个")
+    def assess_risk_score(self, vendor_id: str) -> int:
+        """评估供应商风险评分"""
+        vendor = self.vendors[vendor_id]
+        score = 0
+        # 认证过期风险
+        for cert in vendor['certifications']:
+            if cert['status'] != 'valid':
+                score += 20
+        # 安全事件风险
+        incidents = vendor.get('security_incidents', [])
+        score += len(incidents) * 15
+        # 数据访问风险
+        if vendor.get('access_to_pii'):
+            score += 25
+        # 合规违规风险
+        violations = vendor.get('compliance_violations', [])
+        score += len(violations) * 30
+        return min(score, 100)  # 最高 100 分
+```
+## 实施检查清单
+### GDPR
+- [ ] 数据处理活动记录(ROPA)
+- [ ] 隐私影响评估(DPIA)
+- [ ] 数据主体权利流程
+- [ ] 数据泄露响应计划
+- [ ] DPO 任命
+- [ ] 同意管理机制
+- [ ] 数据保留政策
+- [ ] 跨境数据传输协议
+### SOC 2
+- [ ] 控制目标定义
+- [ ] 策略和程序文档
+- [ ] 访问控制实施
+- [ ] 变更管理流程
+- [ ] 事件响应计划
+- [ ] 备份和恢复测试
+- [ ] 定期风险评估
+- [ ] 第三方审计安排
+### PCI-DSS
+- [ ] 网络分段
+- [ ] 数据加密
+- [ ] 访问控制
+- [ ] 日志审计
+- [ ] 漏洞扫描
+- [ ] 渗透测试
+- [ ] 文件完整性监控
+- [ ] 安全培训
+### ISO 27001
+- [ ] 信息安全管理体系(ISMS)
+- [ ] 风险评估方法
+- [ ] 适用性声明(SoA)
+- [ ] 控制措施实施
+- [ ] 内部审计计划
+- [ ] 管理评审
+- [ ] 持续改进机制
+- [ ] 认证审核
+## 工具链
+| 类别 | 工具 | 用途 |
+|------|------|------|
+| 策略引擎 | OPA, Kyverno | 策略执行 |
+| IaC 扫描 | Checkov, tfsec | 基础设施合规 |
+| 云审计 | Prowler, Scout Suite | 云资源检查 |
+| 日志分析 | ELK, Splunk | 审计分析 |
+| 报告生成 | Custom Scripts | 合规报告 |
+| 供应商管理 | OneTrust, BitSight | 第三方风险 |
+## 参考资料
+- [GDPR Official Text](https://gdpr-info.eu/)
+- [SOC 2 Guide](https://www.aicpa.org/soc2)
+- [PCI-DSS Standards](https://www.pcisecuritystandards.org/)
+- [ISO 27001 Requirements](https://www.iso.org/isoiec-27001-information-security.html)
+- [Open Policy Agent](https://www.openpolicyagent.org/)