EDDI

遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。

没有一套可以保证软件永远不会有缺陷或漏洞的做法;如果规范或假设是错误的,即使合适的方法也可能失败。也没有哪些做法可以保证一个项目能够维持健康和运作良好的开发者社区。但是,遵循最佳做法可以帮助改善项目的成果。例如,一些做法可以在发布之前进行多人评估,这可以帮助您找到其他难以找到的技术漏洞,并帮助建立信任,并希望不同公司的开发人员之间进行重复的交互。要获得徽章,必须满足所有“必须”和“禁止”的条款,满足所有“应该”条款或有合适的理由,所有“建议”条款必须满足或未满足(至少希望考虑)。欢迎通过 GitHub网站创建问题或提出请求进行反馈。另外还有一个一般讨论邮件列表

如果这是您的项目,请在您的项目页面上显示您的徽章状态!徽章状态如下所示: 项目12355的徽章级别为gold 这里是如何嵌入它:
您可以通过将其嵌入在您的Markdown文件中:
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12355/badge)](https://www.bestpractices.dev/projects/12355)
或将其嵌入到HTML中来显示您的徽章状态:
<a href="https://www.bestpractices.dev/projects/12355"><img src="https://www.bestpractices.dev/projects/12355/badge"></a>


这些是白银级别条款。您还可以查看通过黄金级别条款。

Baseline Series: 基准等级1 基准等级2 基准等级3

        

 基本 17/17

  • 常规

    请注意,其他项目可能使用相同的名称。

    Multi-agent orchestration middleware that coordinates between users, AI agents (LLMs), and business systems. It provides intelligent routing, conversation management, and API orchestration for building sophisticated AI-powered applications.

    请使用 SPDX许可证表达格式;例子包括“Apache-2.0”,“BSD-2-Clause”,“BSD-3-Clause”,“GPL-2.0+”,“LGPL-3.0 +”,“MIT”和“(BSD-2-Clause OR Ruby)”。
    如果有多种语言,请将它们列为逗号分隔值(可选空格),并将它们从最多到最少使用。如果有长列表,请至少列出前三个最常见的列表。如果没有语言(例如,这是仅文档或仅测试项目),请使用单个字符“ - ”。请使用每种语言的常规大小写,例如“JavaScript”。
    通用平台枚举(CPE)是用于信息技术系统,软件和软件包的结构化命名方案。在报告漏洞时,它可用于多个系统和数据库。
  • 先决条件


    项目必须拥有通过徽章。 [achieve_passing]

  • 基本项目网站内容


    关于如何贡献的信息必须包括对可接受的贡献的要求(例如,引用任何所需的编码标准)。 (需要网址) [contribution_requirements]
  • 项目监督


    该项目应该有一个合法机制,所有对项目软件做出显著贡献的开发人员都声明他们有合法授权作出这些贡献。最常用且易于实施的方法是使用开发者原产地证书(DCO),用户可以在其提交中添加“signed-off-by”,另外,项目链接到DCO网站。本条款也可以使用贡献者许可协议(CLA)或其他法律机制实现。 (需要网址) [dco]
    DCO是推荐的机制,因为它易于实现,在源代码中进行跟踪,并且git使用“commit -s”直接支持“签名”功能。更有效的是,项目文件解释了该项目的“签名”手段。 CLA是一项法律协议,用于定义知识产权许可给组织或项目的条款。捐助者转让协议(CAA)是将知识产权权利转让给另一方的法律协议;项目不必具备CAA,因为CAA增加了潜在贡献者不愿贡献的风险,特别是如果接收者是一个营利性组织。 Apache Software Foundation CLA(个人贡献者许可证和公司CLA)是CLA的示例,用于确定项目的这些CLA的风险对项目的影响小于其获益。

    https://github.com/labsai/EDDI/blob/main/CONTRIBUTING.md#licensing-of-contributions

    EDDI uses an "inbound = outbound" licensing model, documented in CONTRIBUTING.md (Section: Licensing of Contributions). By submitting a pull request, contributors agree that their contribution is licensed under the same Apache License 2.0 that covers the project. This is the standard approach used by many major open-source projects (Rust, Go, Apache Software Foundation projects). The policy clearly states: (1) you must have the right to submit the contribution under Apache-2.0, and (2) you understand the contribution will be distributed under that license. This constitutes a legal mechanism ensuring contributors are authorized to make their contributions.



    该项目必须明确定义和记录其项目治理模式(决策方式,包括关键角色)。 (需要网址) [governance]
    需要有一些成熟的书面方式来作出决定和解决争端。在小项目中,这可能就像“项目拥有者和负责人做所有最终决定”一样简单。有各种治理模式,包括仁慈的独裁者和正式的精英统治;有关详细信息,请参阅治理模式。集中式(例如,单一维护者)和分散式(例如,组维护者)方法都已经在项目中成功使用。治理信息不需要记录创建项目分支的可能性,因为对于FLOSS项目来说总是可能的。

    https://github.com/labsai/EDDI/blob/main/GOVERNANCE.md

    EDDI follows a Benevolent Dictator for Life (BDFL) governance model, documented in GOVERNANCE.md. The project maintainer (Gregor Jarisch / @ginccc, Labs.ai founder) holds final decision authority on all technical and strategic matters. The governance document covers: (1) the BDFL model definition, (2) decision-making process (small changes via code review, significant changes via design docs in planning/, breaking changes with migration guidance), (3) transparency requirements (all decisions documented in docs/changelog.md with rationale), and (4) disagreement resolution process. Contributions are accepted via pull requests with mandatory CI checks (build, tests, CodeQL, dependency review) and code review.



    该项目必须采取行为守则,并将其发布在标准的位置。 (需要网址) [code_of_conduct]
    项目可能能够提高社区的文明程度,并通过采取行为守则来规定对可接受的行为的期望。这可以帮助在发生问题之前避免问题,并使项目成为更加欢迎的地方来鼓励贡献。这应该只关注项目社区/工作场所的行为。行为规范的示例是贡献者约定行为准则和Linux内核代码冲突

    https://github.com/labsai/EDDI/blob/main/CODE_OF_CONDUCT.md

    EDDI adopts the Contributor Covenant Code of Conduct version 2.1, posted at the root of the repository in CODE_OF_CONDUCT.md. It defines standards for community participation, enforcement responsibilities, enforcement guidelines with escalation levels (Correction → Warning → Temporary Ban → Permanent Ban), and provides a contact email (contact@labs.ai) for reporting violations.



    该项目必须明确定义和公开记录项目中的关键角色及其职责,包括这些角色必须执行的任务。必须清楚指出谁是什么角色,尽管这可能没有以相同的方式记录下来。 (需要网址) [roles_responsibilities]
    治理和角色和职责的文档可以在一个地方。

    https://github.com/labsai/EDDI/blob/main/GOVERNANCE.md#roles-and-responsibilities

    Key roles are defined in GOVERNANCE.md (Section: Roles and Responsibilities):

    • Project Maintainer / BDFL (Gregor Jarisch / @ginccc): Technical direction, release management, security response, code review (final approval), infrastructure admin (GitHub org, Docker Hub, DNS, CI/CD secrets), community governance.
    • Contributors: Submit pull requests following CONTRIBUTING.md guidelines, sign off commits under DCO, ensure CI checks pass, respond to code review feedback.
    • Reviewers: CODEOWNERS file (.github/CODEOWNERS) assigns @labsai as default reviewer for all code. Trusted contributors may be granted reviewer status for specific areas as the community grows.
      Role holders are identified by GitHub username in CODEOWNERS and GOVERNANCE.md.


    如果任何一个开发者丧失工作能力或丧生,该项目必须能够继续保持最小的中断。特别是,在确认个人无行为能力或死亡的一周内,项目必须能够创建和关闭问题,接受提议的更改和发布软件版本。这可以通过确保其他人有任何必要的密钥,密码和合法权利来继续该项目。运行FLOSS项目的个人可以通过在锁箱中提供密钥,并提供任何所需的合法权利(例如DNS名称)来实现。 (需要网址) [access_continuity]

    https://github.com/labsai/EDDI/blob/main/GOVERNANCE.md#access-continuity

    EDDI's access continuity plan is documented in GOVERNANCE.md (Section: Access Continuity). The document includes:

    1. Organizational Infrastructure table: GitHub Organization (labsai — org-level admin, not tied to single account), Docker Hub (labsai org account with team access), Domain (eddi.labs.ai — registered under Labs.ai GmbH), CI/CD Secrets (GitHub org secrets, accessible to org admins), Vault Master Key (per-deployment, no central dependency).
    2. Two named people with full access: Gregor Jarisch and Roland Pickl both hold GitHub organization admin, Docker Hub, CI/CD secrets, and company password vault access.
    3. Succession Plan: The project can create/close issues, accept changes, and release versions within one week of losing any single individual. In the event of permanent maintainer unavailability, Labs.ai will appoint a successor or transfer the project to a suitable foundation.


    项目必须具有2个或更多的“公交车因子”。 (需要网址) [bus_factor]
    “公交车系数”(又名“卡车因子”)是指最少数量的项目成员,如果突然离开项目(“被公交车撞了”),项目会由于缺乏具备知识的或有能力的人员而暂停。 卡车因子 工具可以对GitHub上的项目进行估计。有关详细信息,请参阅Cosentino等人的评估Git存储库的卡车因子

    https://github.com/labsai/EDDI/blob/main/GOVERNANCE.md#bus-factor

    EDDI has a bus factor of 2. Two people hold full access to all critical project infrastructure: Gregor Jarisch (project founder, @ginccc) and Roland Pickl (co-maintainer). Both have GitHub organization admin access, Docker Hub organization access, DNS management, CI/CD secrets access, and company password vault access. Either person can independently create/close issues, accept changes, and release new versions. This is documented in GOVERNANCE.md (Section: Bus Factor).


  • 文档


    该项目必须有一个文档化的路线图,描述项目打算做什么,至少在下一年做什么。 (需要网址) [documentation_roadmap]
    项目可能没有实现路线图,没关系。路线图的目的是帮助潜在的用户和贡献者了解项目的预期方向。它不需要特别详细。

    https://github.com/labsai/EDDI/blob/main/AGENTS.md#3-development-roadmap

    EDDI maintains a comprehensive development roadmap in AGENTS.md (Section 3: Development Roadmap) covering both completed phases and planned work. The roadmap includes: completed phases (Security, Backend Foundation, Testing, Manager UI, NATS, DB-Agnostic Architecture, MCP, RAG, Group Conversations, A2A, Persistent Memory, and more), and upcoming phases (DAG Pipeline, HITL Framework, Guardrails, Multi-Channel, Debugging & Visualization, Native Image). Additionally, detailed architectural plans for each upcoming feature are maintained in the planning/ directory (e.g., memory-architecture-plan.md, guardrails-architecture.md, multi-tenancy-plan.md, native-image-migration.md).



    该项目必须包括项目生成的软件的架构(也称为高级别设计)的文档。如果项目不产生软件,请选择“不适用”(N/A)。 (需要网址) [documentation_architecture]
    软件架构解释了程序的基本结构,即程序的主要组件,它们之间的关系以及这些组件和关系的关键属性。

    https://github.com/labsai/EDDI/blob/main/docs/architecture.md

    EDDI's architecture is extensively documented in docs/architecture.md (~1,000 lines). It covers: high-level architecture with ASCII diagrams, the Lifecycle Pipeline (EDDI's core processing model), conversation flow step-by-step trace, agent composition model (Agent → Workflow → Extensions), all key components (RestAgentEngine, ConversationCoordinator, IConversationMemory, LifecycleManager), complete technology stack, design patterns used (Strategy, Chain of Responsibility, Composite, Repository, Factory, Coordinator), performance characteristics, cloud-native features, and the configuration model deep dive. The project philosophy document (docs/project-philosophy.md) provides the architectural rationale through 9 foundational pillars.



    该项目必须书面记录用户从项目生成的软件的安全性上可以获得和不能指望的内容(其“安全需求”)。 (需要网址) [documentation_security]
    这些是软件意图满足的安全需求。

    https://github.com/labsai/EDDI/blob/main/docs/security.md

    Security requirements and architecture are documented across multiple files:

    • docs/security.md (14KB): Complete security documentation covering the threat model (LLM tool arguments as untrusted input), SSRF protection (UrlValidationUtils with scheme allowlist, private IP blocking, cloud metadata blocking), sandboxed math evaluation (SafeMathParser replacing ScriptEngine), tool execution pipeline (rate limiting, caching, cost tracking), authentication architecture (Keycloak OIDC), TLS requirements, and security recommendations for new tools.
    • SECURITY.md: Vulnerability reporting policy with response timelines, scope definitions, and security best practices for contributors.
    • docs/project-philosophy.md (Pillar 4): "Security & Compliance as Architecture, Not Afterthought" — no dynamic code execution, no plaintext secrets, no trusting LLM output for access control.
    • docs/secrets-vault.md: Envelope encryption (PBKDF2 + AES-256-GCM) architecture.


    该项目必须为新用户提供“快速启动”指南,以帮助他们快速使用该软件。 (需要网址) [documentation_quick_start]
    这个想法是向用户展示如何入门,使软件完全可以做事情。这对于潜在用户是至关重要的。

    https://github.com/labsai/EDDI/blob/main/docs/getting-started.md

    EDDI provides multiple quick start paths in docs/getting-started.md:

    1. One-command installer (recommended): Single bash/PowerShell command that sets up EDDI + database + starter agent via Docker Compose with an interactive wizard.
    2. Docker Compose: Manual docker-compose up with pre-configured YAML files.
    3. Kubernetes: kubectl apply with quickstart YAML, Kustomize overlays, or Helm charts.
    4. From source: Clone → mvnw compile quarkus:dev with hot-reload.
      Additionally, docs/developer-quickstart.md provides a "Build your first agent in 5 minutes" guide with step-by-step API examples.


    项目必须努力使文档与当前版本的项目结果(包括项目生成的软件)保持一致。任何已知的文档缺陷使其不一致必须修正。如果文档基本是最新的,但是错误地包括一些不再是真实的旧信息,那么将其视为缺陷,然后像往常一样进行跟踪和修复。 [documentation_current]
    该文档可以包括有关软件版本之间的差异或更改的信息,与/或链接到旧版本的文档。这个条款的意图在于努力保持文档的一致性,而不是文档必须完美。

    https://docs.labs.ai

    Documentation is actively maintained alongside code changes. All docs are versioned at the current release. The project maintains a comprehensive changelog (docs/changelog.md, 357KB) that tracks every change with date, repo, branch, files modified, and reasoning. Documentation updates are part of the standard development workflow — AGENTS.md (the AI agent instruction file loaded by coding assistants) mandates updating the changelog after every work session. The CI/CD pipeline documentation, API reference, and architectural docs are updated in the same commits as the corresponding code changes.



    项目存储代码库首页和/或网站必须在获得成就的48小时内标识并超链接任何成就,包括此最佳实践徽章。 (需要网址) [documentation_achievements]
    一个成就是项目致力于满足的任何外部条款,包括徽章。该信息不需要在项目网站首页上。使用GitHub的项目可以通过将其添加到README文件中,将成果放在存储代码库首页。

    https://github.com/labsai/EDDI/blob/main/README.md

    The README.md prominently displays achievement badges on line 5, including:

    • OpenSSF Best Practices badge (linking to bestpractices.dev/projects/12355)
    • OpenSSF Scorecard badge (linking to securityscorecards.dev)
    • Codacy code quality badge
    • CI workflow status badge
    • CodeQL security analysis badge
    • Docker Hub pulls badge
      These are displayed immediately after the project banner at the top of the README and are updated within hours of achieving new certifications.

  • 无障碍和国际化


    该项目(项目网站和项目成果)都应遵循无障碍最佳做法,使残疾人仍然可以参与项目,并在合理的情况下使用项目成果。 [accessibility_best_practices]
    对于Web应用程序,请参阅 Web 内容无障碍指导 (WCAG 2.0,英文) 以及其支持文档 理解 WCAG 2.0(英文);或者 W3C 无障碍信息(英文). 图形界面(GUI)应用考虑使用环境特定的无障碍指导(例如 Gnome, KDE, XFCE, Android, iOS, Mac, 以及 Windows). 一些TUI应用 (例如,`ncurses` 程序) 可以做一些特定的工作,增强可访问性(例如,`alpine` 的 `force-arrow-cursor` 设置)。多数命令行应用没有特别的无障碍设置。本条款经常是不涉及(N/A),例如,对于组件库。以下是一些要采取的行动或需要考虑的问题的例子:
    • 提供非文字内容的文字替代,以便于转换为其他需要的格式,如大字体、盲文、语音、符号或者简单文字( WCAG 2.0 指导 1.1 (英文))
    • 颜色不被用作传达信息,指示动作,提示响应或区分视觉元素的唯一视觉方式。 ( WCAG 2.0 指导 1.4.1(英文))
    • 文本和文字图像的视觉呈现对比度至少为4.5:1,除了大文本,次要文本和标识符之外。 ( WCAG 2.0 指导 1.4.3(英文))
    • 使用键盘可访问所有功能 (WCAG 指导 2.1)
    • 图形界面应用(GUI)或者Web应用在目标平台上,应该至少使用一种屏幕阅读器测试(例如,NVDA;Jaws;Windows上的WindowEyes;Mac & iOS上的VoiceOver;Linux/BSD上的Orca;Android上的TalkBack)。TUI程序可以减少过度渲染以防止屏幕阅读器的冗余读取。

    EDDI addresses accessibility at multiple levels:

    1. Project website (eddi.labs.ai): Built with Astro + Starlight, which generates semantic HTML with proper heading hierarchy, ARIA labels, and keyboard navigation out of the box.
    2. Manager Dashboard: Built with React 19 using semantic HTML elements, proper form labels, keyboard-navigable interfaces, and sufficient color contrast. The UI follows WAI-ARIA patterns for interactive components (modals, dropdowns, tabs).
    3. Project results (REST API): The middleware produces JSON API responses which are inherently accessible to screen readers and assistive technology through any standard API client.
    4. Documentation: All docs are in Markdown/HTML with proper heading hierarchy, alt text on images, and structured tables.
      While a formal WCAG audit has not been conducted, the project follows accessibility best practices in its technology stack choices and implementation patterns.


    该项目产生的软件应该被国际化,以便为目标受众的文化,地区或语言进行简单的本地化。如果国际化(i18n)不适用(例如,该软件不会生成针对最终用户的文本,并且不排序可读文本),请选择“不适用”(N/A)。 [internationalization]
    本地化“是指适应产品,应用或文档内容以满足特定目标市场(语言环境)的语言,文化和其他要求。国际化是“设计和开发产品,应用或文档内容,使不同文化,地区或语言的目标受众更容易本地化”。 (请参阅 W3C的“本地化与国际化”)。软件只需通过国际化即可达到此标准。不需要另一种特定语言的本地化,因为一旦软件已被国际化,其他人就可以从事本地化。

    The EDDI Manager Dashboard supports 11 languages: English, German, Spanish, French, Portuguese, Chinese (Simplified), Japanese, Korean, Arabic (with RTL layout support), Hindi, and Thai. Internationalization is implemented using a standard i18n framework with locale files, enabling easy addition of new languages. The EDDI backend itself is middleware that processes and routes messages without generating end-user-facing text — it passes through whatever language the LLM or configured output templates produce. Date/time formatting respects locale settings.


  • 其他


    如果项目站点(网站,存储库和下载URL)存储用于外部用户认证的密码,则必须使用密钥拉伸(迭代)算法将密码存储为具有每用户盐值的迭代散列(例如,PBKDF2,Bcrypt或Scrypt)。如果项目站点不存储密码,请选择“不适用”(N/A)。 [sites_password_security]
    请注意,使用 GitHub 符合此条款。此条款仅适用于用于外部用户认证到项目站点的密码。如果项目站点必须登录到其他站点,则可能需要为此目的存储密码(因为使用像Bcrypt这样的算法会使这些密码无效)。本条款将 crypto_password_storage 条款应用于项目站点,类似于sites_https条款。

    Not applicable. EDDI does not store passwords for authentication of external users. Authentication is delegated to Keycloak (an external OIDC identity provider) which handles all password storage, hashing, and credential management. EDDI operates in bearer-only (service) mode — it validates JWT tokens issued by Keycloak but never receives, stores, or processes user passwords. The Keycloak server uses bcrypt for password hashing by default.


 变更控制 1/1

  • 之前的版本


    该项目必须维护最常用的旧版本的产品提供较新版本的升级路径。如果升级路径很困难,项目必须记录如何执行升级(例如,给出更改的接口描述和详细的建议步骤以帮助升级)。 [maintenance_or_update]

    https://github.com/labsai/EDDI/blob/main/docs/release-versioning.md

    EDDI follows Semantic Versioning (MAJOR.MINOR.PATCH) as documented in docs/release-versioning.md. Supported versions are documented in SECURITY.md: v6.0.x receives active development, v5.6.x receives security fixes only, versions below 5.6 are end-of-life. Docker images are tagged with specific versions (e.g., labsai/eddi:6.0.1) for pinned deployments. The installer includes an 'eddi update' CLI command for easy upgrades. Major version transitions (5.x → 6.x) are documented with migration guidance. The project maintains backward compatibility for JSON configuration formats stored in MongoDB, ensuring existing agent configurations continue to work after upgrades.


 报告 3/3

  • 错误报告流程


    项目必须使用问题跟踪器来跟踪每个问题。 [report_tracker]
  • 漏洞报告流程


    除了要求匿名的报告者外,该项目必须对过去12个月内解决的所有漏洞报告的报告者表示感谢。如果过去12个月没有修复漏洞,请选择“不适用”(N/A)。 (需要网址) [vulnerability_report_credit]

    https://github.com/labsai/EDDI/blob/main/SECURITY.md

    SECURITY.md explicitly states (line 44): "We will credit you in the security advisory unless you prefer to remain anonymous." No external vulnerability reports have been received and resolved in the last 12 months — all security improvements have been internally identified and addressed. If selecting N/A is preferred, this criterion does not apply as there have been no external vulnerability reports to credit.



    该项目必须有一个书面的流程来响应漏洞报告。 (需要网址) [vulnerability_response_process]
    这与security_report_process有很强的相关性,它需要有一个书面的流程来报告漏洞。它还涉及到spam_report_response,它需要在一定时间内响应漏洞报告。

    https://github.com/labsai/EDDI/blob/main/SECURITY.md

    SECURITY.md documents a complete vulnerability response process:

    1. Reporting channel: security@labs.ai (private email, NOT public GitHub issues)
    2. Required information: Description, reproduction steps, impact assessment, optional suggested fix
    3. Response timeline: Acknowledgment within 48 hours, initial triage within 7 days, status updates every 14 days, fix release based on severity (critical: ASAP, high: 30 days, medium: 90 days)
    4. Coordinated disclosure policy: Private report → acknowledgment → fix development → fix release → security advisory published → reporter may publish
    5. Scope: Clearly defines in-scope (core application, MCP, REST API, auth, Docker images, vault, SSRF protection) and out-of-scope (third-party LLM APIs, user config errors, upstream dependency vulns, social engineering, DoS via normal usage)
    6. Credit: Reporters credited in security advisory unless they request anonymity
      Additionally, an incident response runbook is maintained at docs/incident-response.md covering GDPR 72-hour, CCPA 45-day, and HIPAA 60-day breach notification requirements.

 质量 19/19

  • 编码标准


    该项目必须确定其使用的主要语言的具体编码风格指南,并要求贡献一般情况下符合此要求。 (需要网址) [coding_standards]
    在大多数情况下,这是通过参考一些现有的风格指南来完成的,可能列出差异。这些风格指南可以包括提高可读性的方法和减少缺陷可能性(包括漏洞)的方法。许多编程语言有一个或多个广泛使用的风格指南。样式指南的示例包括 Google风格指南(英文) SEI CERT编码标准(英文)

    https://github.com/labsai/EDDI/blob/main/CONTRIBUTING.md#code-style

    EDDI identifies and documents its coding standards in CONTRIBUTING.md (Section: Code Style):

    • Language: Java 25 with modern features (records, sealed classes, pattern matching)
    • Framework: Quarkus + CDI — prefer @Inject over manual instantiation
    • Line length: 120 characters max
    • Checkstyle: Enforced via checkstyle.xml with rules for naming conventions, import hygiene, coding safety checks (EqualsHashCode, StringLiteralEquality, FallThrough), and modifier ordering
    • Formatter: Eclipse-based formatter configuration (eclipse-formatter.xml) with auto-format via 'mvnw formatter:format'
    • Architecture rules: No eval(), no ScriptEngine, no @JsonTypeInfo(use=Id.CLASS), stateless ILifecycleTask implementations, URL validation on all external calls
    • Commit convention: Conventional Commits format (feat/fix/docs/test/refactor/chore/perf/security)


    如果至少有一个FLOSS工具可以应用于所选择的语言,项目必须自动执行其选定的编码风格。 [coding_standards_enforced]
    这可以使用静态分析工具和/或通过代码重新格式化强制代码实现。在许多情况下,工具配置包含在项目的存储库中(因为不同的项目可能会选择不同的配置)。项目可以允许风格例外(通常会);在发生例外的情况下(应该很少),它们必须在其位置的代码中记录在案,以便可以对这些例外进行检视,并使工具能够在将来自动处理它们。这些工具的例子包括ESLint(JavaScript)和Rubocop(Ruby)。

    https://github.com/labsai/EDDI/blob/main/checkstyle.xml

    EDDI automatically enforces coding standards through multiple FLOSS tools:

    1. Checkstyle (maven-checkstyle-plugin 3.6.0): Runs during the 'validate' phase of every build. Configuration in checkstyle.xml enforces naming conventions (TypeName, MethodName, LocalVariableName, etc.), import hygiene (RedundantImport, UnusedImports), coding safety (EqualsHashCode, StringLiteralEquality, FallThrough, OneStatementPerLine), line length limits (150 chars), and modifier ordering.
    2. Eclipse Formatter (formatter-maven-plugin 2.29.0): Auto-formats Java source files according to eclipse-formatter.xml during builds.
    3. CodeQL: Runs on every push and PR via GitHub Actions (.github/workflows/codeql.yml) with security-extended queries, catching injection vulnerabilities, hardcoded credentials, and insecure patterns.
    4. Maven Enforcer Plugin: Bans specific dependency groups (Jackson 3.x) to prevent accidental introduction of vulnerable transitive dependencies.
    5. Trivy: Filesystem security scan on every CI run, blocking CRITICAL and HIGH severity CVEs.

  • 可工作的构建系统


    本地二进制文件的构建系统必须遵守传递给它们的相关编译器和链接器(环境)变量(例如CC,CFLAGS,CXX,CXXFLAGS和LDFLAGS),并将它们传递给编译器和链接器。构建系统可以使用附加标志来扩展它们,但不能简单地用自己的替换提供的值。如果没有生成本地二进制文件,请选择“不适用”(N/A)。 [build_standard_variables]
    应该很容易启用特殊的构建功能,如地址消毒剂(Address Sanitizer,ASAN),或符合发布加固最佳实践(例如,通过轻松打开编译器标志来实现)。

    Not applicable. EDDI is a Java application built with Maven. No native binaries are generated in the standard build process. The project compiles Java source to JVM bytecode, which is platform-independent. The optional GraalVM native-image build is handled by the Quarkus framework's native profile, which correctly passes through environment variables per GraalVM's conventions.



    构建和安装系统在在相关标志中要求时,应该保留调试信息(例如,“install -s”未被使用)。如果没有构建或安装系统(例如典型的JavaScript库),请选择“不适用”(N/A)。 [build_preserve_debug]
    例如,如果使用这些语言,则应该设置CFLAGS(C)或CXXFLAGS(C ++)创建相关的调试信息,并且在安装过程中不应该剥离它们。支持和分析时,需要调试信息,也可用于测量编译二进制文件中加固特性的存在。

    Not applicable. EDDI is a Java application. Java bytecode inherently preserves debugging information (line numbers, local variable names) unless explicitly stripped. The Maven compiler configuration includes '-parameters' flag to retain method parameter names at runtime. The JVM provides full stack traces with line numbers by default. Debug information is controlled at runtime via JVM flags (e.g., -g), not at build time.



    如果子目录中存在交叉依赖关系,则由项目生成的软件的构建系统必须不能递归地构建子目录。如果没有构建或安装系统(例如典型的JavaScript库),请选择“不适用”(N/A)。 [build_non_recursive]
    项目构建系统的内部依赖关系信息需要准确,否则,对项目的更改可能无法正确构建。不正确的构建可能会导致缺陷(包括漏洞)。大型构建系统中的常见错误是使用“递归构建”或“递归生成”,即包含源文件的子目录的层次结构,其中每个子目录都是独立构建的。除非每个子目录完全独立,否则这是一个错误,因为依赖关系信息不正确。

    Not applicable. EDDI is a single-module Maven project (one pom.xml at the root). There are no subdirectory modules, no multi-module reactor builds, and therefore no cross-dependencies between subdirectories. All source code lives under a single src/ directory compiled by a single Maven invocation.



    该项目必须能够重复从源代码文件生成的过程,并获得完全相同的比特位结果。如果没有发生构建(例如,直接使用源代码而不是编译使用的脚本语言),请选择“不适用”(N/A)。 [build_repeatable]
    GCC和clang用户可能会发现-frandom-seed选项有用;在某些情况下,这可以通过强制某种排序来解决。更多建议可以在可重复构建(英文)站点找到。

    EDDI's build is reproducible within practical limits for a JVM application. The project uses: (1) Maven with a locked dependency tree — all dependency versions are explicitly pinned in pom.xml (no version ranges), and the Quarkus BOM provides transitive dependency alignment. (2) Maven wrapper (mvnw/mvnw.cmd) bundled in the repository ensures the same Maven version across all environments. (3) The CI pipeline (.github/workflows/ci.yml) uses pinned tool versions: Java 25 (OpenJDK distribution), exact GitHub Actions versions pinned by SHA hash. (4) Docker builds use a deterministic Dockerfile with a specific base image. (5) Dependency verification through maven-enforcer-plugin bans unauthorized transitive dependencies. While bit-for-bit identical JARs across different build environments are not guaranteed (due to JVM compilation timestamp non-determinism), the functional output is identical given the same inputs.


  • 安装系统


    该项目必须提供一种使用常用惯例轻松安装和卸载由项目生成的软件的方法。 [installation_common]
    示例包括使用软件包管理器(在系统或语言级别),“make install/uninstall”(支持DESTDIR),标准格式的容器或标准格式的虚拟机映像。安装和卸载过程(例如,打包)可以由第三方FLOSS软件实现。

    https://github.com/labsai/EDDI/blob/main/docs/getting-started.md

    EDDI provides multiple standard installation methods:

    1. One-command installer: 'curl -fsSL .../install.sh | bash' (Linux/macOS) or 'iwr -useb .../install.ps1 | iex' (Windows) — interactive wizard sets up everything via Docker Compose.
    2. Docker: 'docker pull labsai/eddi' + 'docker compose up' — standard Docker conventions.
    3. Kubernetes: kubectl apply with Kustomize overlays or Helm charts ('helm install eddi ./helm/eddi').
    4. Uninstall: 'docker compose down -v' removes all containers and volumes. The installer creates an 'eddi' CLI wrapper with 'eddi update' and uninstall support.
      All methods use widely-adopted conventions (Docker, Helm, kubectl) that operators are already familiar with.


    最终用户的安装系统必须遵守用于在安装时选择构建工件写入位置的标准约定。例如,如果在POSIX系统上安装文件,它必须遵守DESTDIR环境变量。如果没有安装系统或没有标准惯例,请选择“不适用”(N/A)。 [installation_standard_variables]

    Not applicable. EDDI is distributed as a Docker container image (labsai/eddi) and does not install files to end-user filesystems. The container's internal file layout follows standard Quarkus/Java conventions. For Kubernetes deployments, Helm charts and Kustomize overlays follow standard Kubernetes resource naming and namespace conventions.



    该项目必须为潜在开发人员提供一种快速安装所有项目成果和支持环境所必需的环境,包括测试套件和测试环境。必须通过常规惯例执行。 [installation_development_quick]
    可以使用生成的容器和/或安装脚本来实现。外部依赖关系一般通过调用系统和/或语言包管理器(根据 external_dependencies 条款)进行安装。

    https://github.com/labsai/EDDI/blob/main/CONTRIBUTING.md#development-setup

    Developers can set up a complete development environment in under 5 minutes:

    1. Clone: 'git clone https://github.com/labsai/EDDI.git'
    2. Start MongoDB: 'docker run -d --name mongodb -p 27017:27017 mongo:7' (or let Quarkus Dev Services auto-provision it)
    3. Run: './mvnw compile quarkus:dev' — starts with hot-reload, continuous testing, and Dev UI
      No global tool installation required — Maven wrapper (mvnw) is bundled. IDE setup instructions for IntelliJ IDEA and VS Code are documented. The developer quickstart guide (docs/developer-quickstart.md) includes a full walkthrough of creating and testing an agent via the API.

  • 外部维护的组件


    项目必须以计算机可处理的方式列出外部依赖关系。 (需要网址) [external_dependencies]
    通常这是使用包管理器和/或构建系统的约定完成的。请注意,这有助于实施 installation_development_quick

    https://github.com/labsai/EDDI/blob/main/pom.xml

    All external dependencies are declared in pom.xml, the standard Maven Project Object Model format. This is a computer-processable XML format that lists every dependency with groupId, artifactId, version, and scope. The Quarkus BOM (Bill of Materials) manages transitive dependency versions. The project also generates a THIRD-PARTY.txt file listing all runtime dependencies and their licenses via the license-maven-plugin (activated with -Plicense-gen).



    项目必须监视或定期检查其外部依赖(包括便利副本)以检测已知的漏洞,并修复可利用的漏洞或将其验证为不可利用的漏洞。 [dependency_monitoring]
    这可以使用源分析器/依赖项检查工具/软件组成分析工具(例如OWASP的Dependency-CheckSonatype的Nexus AuditorSynopsys的Black Duck软件组成分析Bundler-audit(针对Ruby))来完成。一些程序包管理器包括执行此操作的机制。如果无法利用组件的漏洞,这是可以接受的,但是这种分析是困难的,有时简单地更新或修复零件就更容易。

    https://github.com/labsai/EDDI/blob/main/.github/dependabot.yml

    EDDI monitors external dependencies through multiple mechanisms:

    1. Dependabot (.github/dependabot.yml): Weekly automated dependency update PRs for both Maven dependencies and GitHub Actions versions, with intelligent grouping (Quarkus, LangChain4j, other).
    2. Trivy Security Scan (CI job 'trivy-scan'): Runs aquasecurity/trivy-action on every push, scanning the filesystem for CRITICAL and HIGH severity CVEs with exit-code 1 (fails the build).
    3. GitHub Dependency Review (.github/workflows/dependency-review.yml): Blocks PRs that introduce vulnerable or incompatibly-licensed dependencies.
    4. Maven Enforcer Plugin: Bans known-vulnerable dependency groups (e.g., Jackson 3.x tools.jackson.* namespace blocked due to CVE-2026-29062).
    5. Manual CVE overrides in pom.xml: Dependencies are explicitly overridden when upstream fixes are not yet available (e.g., jinjava pinned to 2.8.3 for CVE-2026-25526, reactor-netty-http pinned to 1.2.8 for CVE-2025-22227).


    该项目必须满足下述情况之一:
    1. 可以轻松识别和更新重用的外部维护组件;
    2. 使用系统或编程语言提供的标准组件。
    这样,如果在重用的组件中发现了一个漏洞,将容易更新该组件。 [updateable_reused_components]
    符合这一条款的典型方法是使用系统和编程语言的包管理系统。许多FLOSS程序与“便利库”一起分发,这些库是标准库的本地副本(可能是分支)。一般没问题。但是,如果程序*必须*使用这些本地(分支)副本,则“标准”库的安全更新将使这些附加副本仍然易受攻击。这对于基于云的系统尤其是一个问题;如果云提供商更新他们的“标准”库,但程序不会使用它们,那么这些更新实际上不会有帮助。参见,例如,“Chromium:为什么它不在Fedora中作为适当的包”(Tom Callaway)

    EDDI uses Maven's standard dependency management which makes updating components straightforward: change the version number in pom.xml, run 'mvnw clean verify' to validate compatibility, and commit. The Quarkus BOM manages the majority of transitive dependencies, so a single version bump updates dozens of aligned libraries. Dependabot automatically proposes version updates weekly via pull requests. No convenience copies of external libraries exist — all dependencies are fetched from Maven Central.



    该项目应避免使用已弃用或过时的功能和API,如果FLOSS替代品在其使用的技术集合(“技术堆栈”)中以及项目支持的大多数用户中可用(以便用户可以随时访问该替代品)。 [interfaces_current]

    EDDI actively avoids deprecated APIs:

    • Java 25 (latest): Uses modern language features (records, sealed classes, pattern matching, virtual threads).
    • Quarkus 3.34.3 (latest LTS): Current framework version, actively tracking LTS releases.
    • LangChain4j 1.13.0 (latest): Current LLM integration library.
    • Migration from deprecated APIs is tracked: OGNL was replaced with PathNavigator, Infinispan was replaced with Caffeine, MongoDB async driver was replaced with sync driver, Lombok was removed in favor of native Java records.
    • The project has no Nashorn/Rhino usage in production (only in test scope for calculator validation).

  • 自动测试套件


    必须将自动测试套件应用于至少一个分支的共享代码库的每次签入。该测试套件必须生成关于测试成功或失败的报告。 [automated_integration_testing]
    这个要求可以被视为test_continuous_integration的一个子集,但是仅仅是测试,而不需要持续集成。

    The CI/CD pipeline (.github/workflows/ci.yml) runs automated tests on every push to main, every pull request, and every tag:

    • Job 'build-and-test': Executes 'mvnw clean verify -DskipITs' — runs all unit tests (~4,900+) with JaCoCo code coverage reporting. Results are uploaded as artifacts.
    • Job 'integration-test': Executes 'mvnw verify -DskipITs=false' — runs integration tests using Testcontainers (Docker-based MongoDB/PostgreSQL) for end-to-end API contract testing (~250+ integration tests).
    • Job 'smoke-test': After Docker build, starts the container image with MongoDB and verifies /q/health/ready and /openapi endpoints respond correctly.
      Test results and coverage reports are uploaded as build artifacts with 14-day retention.


    该项目必须为过去六个月内修复的至少50%的错误,在自动化测试套件中添加回归测试。 [regression_tests_added50]

    EDDI's contribution guidelines (CONTRIBUTING.md) explicitly mandate: "Write tests — new features require tests; bug fixes should include a regression test." This policy is enforced through code review on all pull requests. The project maintains 4,900+ unit tests and 250+ integration tests. Recent bug fixes demonstrably include regression tests — for example: UrlValidationUtilsExtendedTest covers SSRF bypass attempts, SlackChannelRouterTest covers routing edge cases, and PostgresAgentUseCaseIT covers database-specific regressions. The CI pipeline must pass before any PR can be merged, ensuring regression tests are validated automatically.



    如果有至少一个FLOSS工具可以以所选语言度量此条款,该项目的FLOSS自动测试套件必须具有至少80%语句覆盖率。 [test_statement_coverage80]
    许多FLOSS工具可用于度量测试覆盖范围,包括gcov / lcov,Blanket.js,Istanbul和JCov。请注意,满足这个条款并不能保证测试套件是完备的,而不满足该条款则意味着测试套件很差。

    Statement (instruction) coverage is 80.64% (97,856/121,356), measured by JaCoCo across merged unit + integration test suites. Coverage is enforced in CI via a JaCoCo verify goal with an 80% minimum threshold — builds fail if coverage drops below. See PR with coverage report: https://github.com/labsai/EDDI/pull/427


  • 新功能测试


    该项目必须具有正式的书面策略,一旦添加了主要的新功能,新功能的测试必须被添加到自动测试套件中。 [test_policy_mandated]

    https://github.com/labsai/EDDI/blob/main/CONTRIBUTING.md#pull-request-process

    CONTRIBUTING.md contains a formal written policy requiring tests for new functionality. Under "Pull Request Process → Workflow" (step 3): "Write tests — new features require tests; bug fixes should include a regression test." Under "What the CI Checks," the Build + Tests gate ('mvnw clean verify' with Java 25) is marked as "✅ Yes" (must pass). JaCoCo code coverage is reported on every build. Additionally, AGENTS.md (the AI coding assistant instruction file, which governs all development sessions) mandates: "Each commit must build: Run ./mvnw test before committing. Never commit broken code."



    该项目必须在其关于变更建议的书面指导中包括要为主要新功能添加测试的策略。 [tests_documented_added]
    但是,只要在实践中添加了测试,即使是非正式规则也是可以接受的。

    https://github.com/labsai/EDDI/blob/main/CONTRIBUTING.md#pull-request-process

    The documented instructions for change proposals (CONTRIBUTING.md) explicitly include the testing policy:

    1. Pull Request Process step 3: "Write tests — new features require tests; bug fixes should include a regression test"
    2. Pull Request Process step 4: "Run the full build locally: ./mvnw clean verify -DskipITs"
    3. PR Guidelines: "One concern per PR — don't mix refactoring with features"
    4. CI Checks table documents required gates: Build + Tests (✅ must pass), JaCoCo (📊 report), CodeQL (✅ must pass)
      The pull request template (.github/PULL_REQUEST_TEMPLATE.md) also includes a checklist for test verification.

  • 警告标志


    在实际允许时,项目必须最大限度地严格修复项目生成的软件中的警告。 [warnings_strict]
    某些项目无法有效启用某些警告。需要证明的是,项目正在努力的启用警告标志,以便早期发现错误。

    EDDI enforces maximally strict warning policies through multiple layers:

    1. Checkstyle (FLOSS static analysis): Runs automatically during the Maven 'validate' phase on every build. The configuration (checkstyle.xml) enforces 20+ rules including naming conventions, import hygiene, coding safety checks (EqualsHashCode, SimplifyBooleanExpression, StringLiteralEquality, FallThrough, OneStatementPerLine, MultipleVariableDeclarations), modifier ordering, line length, and file length limits.

    2. CodeQL (FLOSS semantic analysis): Runs on every push and PR with 'security-extended' query suite, which is the most comprehensive FLOSS security analysis available for Java. It detects injection vulnerabilities, hardcoded credentials, insecure cryptography, and data flow issues.

    3. Trivy (FLOSS vulnerability scanner): Scans the entire filesystem on every CI run with severity filter CRITICAL,HIGH and exit-code 1, meaning the build fails on any high-severity CVE.

    4. Maven Enforcer Plugin: Actively bans known-vulnerable dependency groups (Jackson 3.x) from the dependency tree, preventing silent reintroduction via transitive dependencies.

    5. Java compiler: Configured with '-parameters' flag for maximum runtime reflection metadata. While explicit -Xlint flags are not configured, the Quarkus framework's compiler settings are used which enable standard Java warnings.

    6. JaCoCo coverage gate: The build fails if line coverage drops below 80%, ensuring test coverage cannot regress silently.

    The project treats compiler warnings and static analysis findings as actionable items — recent work sessions specifically addressed CodeQL log-injection warnings, unused imports, and type-safety issues across the codebase.


 安全 13/13

  • 安全开发知识


    该项目必须实施安全设计原则(来自“know_secure_design”)(如适用)。如果项目不生产软件,请选择“不适用”(N/A)。 [implement_secure_design]
    例如,项目结果应该具有故障安全默认值(默认情况下,访问决策应该拒绝,默认情况下项目的安装应该是安全的),也应该有完全的仲裁(每一个可能被限制的访问权限必须被检查,不可绕过)。请注意,在某些情况下,原则会发生冲突,在这种情况下必须做出选择(例如,许多机制使事情更复杂,违反“机制经济”/“保持最简化”的原则)。

    EDDI implements secure design principles as a core architectural pillar (docs/project-philosophy.md, Pillar 4: "Security & Compliance as Architecture, Not Afterthought"):

    1. Defense in depth: Multiple independent security layers — SSRF URL validation, sandboxed expression evaluation, rate-limited tool execution, input validation, TLS encryption, Keycloak authentication, and security headers (X-Content-Type-Options, X-Frame-Options, Content-Security-Policy).

    2. Least privilege: OAuth 2.0 role-based access control (admin/editor/viewer roles via Keycloak). Production conversation endpoints are public; all management APIs require authentication. The SafeHttpClient validates URLs before any outbound request, blocking private IPs, link-local addresses, and cloud metadata endpoints.

    3. No dynamic code execution: This is architecturally enforced — there is no eval(), no ScriptEngine, no reflection-based code execution in production code. Math expressions use a recursive-descent SafeMathParser that recognizes only numeric literals and a fixed function allowlist. Custom logic runs in external MCP servers outside the EDDI security perimeter.

    4. Secure defaults: Authentication enforcement is checked at startup (AuthStartupGuard fails startup if OIDC is disabled in production without explicit opt-out). Secrets are envelope-encrypted (PBKDF2 + AES-256-GCM) by default. Agent exports automatically scrub secrets. Tool rate limiting and cost tracking are enabled by default.

    5. Fail securely: The ConversationCoordinator ensures sequential processing per conversation to prevent race conditions. Queue capacity exhaustion returns HTTP 429 (not 500). Failed pipeline task output is marked as uncommitted (hidden from LLM context) via the Memory Policy commit flags system.

    6. Input validation (allowlist): UrlValidationUtils validates all URLs against an allowlist of allowed schemes (http/https only), blocks private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, fd00::/8, fe80::/10, ::1), and blocks cloud metadata hostnames (169.254.169.254, metadata.google.internal).

    7. Separation of concerns: Secrets are stored separately from configuration via vault references (${eddivault:key-name}). API keys never appear in agent configurations in plaintext.


  • 使用基础的良好加密实践

    请注意,某些软件不需要使用加密机制。

    由项目产生的软件中的默认安全机制不得取决于具有已知严重弱点(例如,SHA-1密码散列算法或SSH中的CBC模式)的加密算法或模式。 [crypto_weaknesses]
    CERT:SSH CBC漏洞中讨论了SSH中CBC模式的问题。

    EDDI's cryptographic mechanisms do not depend on algorithms with known serious weaknesses:

    1. Secrets Vault: Uses AES-256-GCM for data encryption (symmetric, authenticated encryption with associated data). Key derivation uses PBKDF2WithHmacSHA256 with per-deployment random salt and configurable iteration count. Each secret gets a unique Data Encryption Key (DEK) wrapped by a Key Encryption Key (KEK) derived from the master passphrase — envelope encryption pattern.

    2. Audit Ledger: Uses HMAC-SHA256 for tamper-evident audit chain integrity. Each audit entry includes the HMAC of the previous entry, creating a hash chain.

    3. Agent Signing: Uses Ed25519 (Curve25519) for cryptographic agent identity — digital signatures on audit entries.

    4. Password hashing: Delegated to Keycloak, which defaults to bcrypt with configurable work factor.

    5. TLS: Java 25's built-in TLS implementation defaults to TLS 1.3 / TLS 1.2 minimum. No manual cipher suite configuration that could downgrade security.

    No usage of SHA-1 for security purposes, no MD5, no DES, no RC4, no CBC mode in SSH, no ECB mode for encryption. SHA-256 is used for tool caching keys (non-security context) and HMAC chains (security context).



    该项目应该支持多种加密算法,如果一个被破解,用户可以快速切换。普通的对称密钥算法包括AES,Twofish和Serpent。通用密码散列算法的选择包括SHA-2(包括SHA-224,SHA-256,SHA-384和SHA-512)和SHA-3。 [crypto_algorithm_agility]

    EDDI supports cryptographic algorithm agility at the infrastructure level:

    1. Vault encryption: While AES-256-GCM is the current default, the VaultSaltManager architecture separates key derivation from encryption, allowing algorithm substitution without changing the data model.
    2. TLS: Handled by the JVM's TLS implementation which supports multiple cipher suites including TLS 1.3 suites (TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256) and TLS 1.2 suites. Cipher suite selection is configurable via standard Quarkus/JVM properties.
    3. HMAC: The audit ledger's HMAC algorithm is implemented via Java's Mac class, which supports HmacSHA256, HmacSHA384, HmacSHA512, and others — switchable by configuration.
    4. Agent signing: Ed25519 keys are generated via Java's KeyPairGenerator, which also supports RSA, EC, and other algorithms.


    该项目必须支持在与其他信息(如配置文件,数据库和日志)分离的文件中存储身份验证凭据(如密码和动态令牌)以及私有加密密钥,并允许用户更新和替换它们,而无需重新编译代码。如果项目从不处理身份验证凭据和私有加密密钥,请选择“不适用”(N/A)。 [crypto_credential_agility]

    https://github.com/labsai/EDDI/blob/main/docs/secrets-vault.md

    EDDI enforces strict separation of credentials from other information:

    1. Secrets Vault: All sensitive credentials (API keys, tokens, passwords) are stored in an envelope-encrypted vault separate from configuration. Agent configurations reference secrets via vault references ${eddivault:key-name}) which are resolved at runtime.
    2. Environment variables: Runtime configuration (database URLs, Keycloak endpoints) is externalized via environment variables and .env files, not compiled into the application.
    3. No recompilation needed: All credentials can be updated at runtime — vault entries via REST API, environment variables via container restart, Keycloak credentials via Keycloak admin UI.
    4. Export sanitization: When agents are exported (ZIP or sync), secrets are automatically scrubbed from the export payload. The importing instance must re-provision secrets in its own vault.
    5. CI/CD secrets: GitHub Actions secrets (DOCKER_USERNAME, DOCKER_PASSWORD, REDHAT_API_TOKEN) are stored in GitHub's encrypted secrets store, separate from source code.


    该项目产生的软件应该支持所有网络通信的安全协议,如SSHv2或更高版本,TLS1.2或更高版本(HTTPS),IPsec,SFTP和SNMPv3。默认情况下,FTP,HTTP,Telnet,SSLv3或更早版本和SSHv1等不安全协议将被禁用,只有在用户专门配置时才启用。如果项目生成的软件不支持网络通信,请选择“不适用”(N/A)。 [crypto_used_network]

    https://github.com/labsai/EDDI/blob/main/docs/security.md#tls-requirements

    EDDI supports and encourages secure protocols for all network communications:

    1. External API calls: All LLM provider integrations (OpenAI, Anthropic, Google, Azure, AWS, etc.) use HTTPS exclusively. UrlValidationUtils blocks non-HTTP/HTTPS schemes (file://, ftp://, gopher://, jar://).
    2. TLS termination: The docs/security.md TLS Requirements section documents both reverse-proxy TLS termination (recommended production pattern) and direct Quarkus TLS configuration via quarkus.http.ssl.* properties.
    3. Database connections: MongoDB and PostgreSQL connection strings support TLS natively. The compliance documentation (docs/hipaa-compliance.md) requires encrypted database connections for regulated deployments.
    4. No insecure protocols enabled by default: HTTP is the only unencrypted protocol available, intended for localhost development or behind a TLS-terminating reverse proxy. FTP, telnet, and other insecure protocols are not supported.


    项目生成的软件(如果支持或使用TLS)应该至少支持TLS版本1.2。请注意,TLS的前身称为SSL。如果软件不使用TLS,请选择“不适用”(N/A)。 [crypto_tls12]

    EDDI runs on Java 25, which defaults to TLS 1.3 and supports TLS 1.2 as a minimum. The Quarkus framework (3.34.3) uses the JVM's built-in TLS implementation via Vert.x/Netty, which enforces TLS 1.2+ by default. TLS 1.0 and TLS 1.1 are disabled in modern JVMs. No configuration in the project downgrades the minimum TLS version. For outbound connections to LLM providers, Java's HttpClient defaults to TLS 1.3 with TLS 1.2 fallback.



    由项目生成的软件必须,如果它支持TLS,则在使用TLS(包括子资源)时默认执行TLS证书验证。如果软件不使用TLS,请选择“不适用”(N / A)。 [crypto_certificate_verification]

    EDDI performs TLS certificate verification by default on all outbound HTTPS connections. Java's built-in HttpClient (used for LLM API calls via langchain4j) and the Vert.x web client (used for HTTP call extensions) both verify server certificates against the JVM's default trust store (cacerts) by default. No 'trustAll', 'disableHostnameVerification', or 'InsecureTrustManagerFactory' configuration exists in the codebase. The SafeHttpClient wrapper adds additional validation (redirect following, URL re-validation) but does not bypass certificate verification.



    项目生成的软件(如果支持TLS)必须在发送具有私有信息(如安全Cookie)的HTTP头之前执行证书验证。如果软件不使用TLS,请选择“不适用”(N/A)。 [crypto_verification_private]

    Java's HttpClient and Vert.x web client both complete the TLS handshake (including certificate verification) before sending any HTTP headers or request bodies. This is inherent to the TLS protocol implementation in the JVM — application data (including HTTP headers with cookies, authorization tokens, and other private information) is only transmitted after the TLS connection is established and the server certificate is verified. EDDI does not implement custom TLS handling that could bypass this ordering.


  • 安全发布


    该项目必须加密签名旨在广泛使用的项目结果的发布,并且必须有一个书面流程,向用户解释如何获取公共签名密钥并验证签名。这些签名的私钥不得在项目网站上直接向公众发布。如果发行版本不适用于广泛使用,请选择“不适用”(N/A)。 [signed_releases]
    项目结果包括源代码和适用的任何生成的可交付成果(例如,可执行文件,包和容器)。生成的交付项可以单独签名源代码。可以用签名的git标签实现(使用加密数字签名)。项目可以从git类似的工具分别提供生成的结果,但在这些情况下,单独的结果必须单独签署。

    All Docker image releases from v6.0.2 onward (April 2026+) are cryptographically signed using Sigstore cosign with keyless OIDC signing in GitHub Actions CI. Signatures are stored as OCI artifacts alongside the image on Docker Hub and recorded in the Rekor public transparency log. No private signing keys exist on the distribution site — signing uses ephemeral certificates issued by Fulcio via GitHub Actions OIDC identity. Users verify with: cosign verify --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp https://github.com/labsai/EDDI/.github/workflows/ci.yml labsai/eddi:<tag>. See: https://github.com/labsai/EDDI/blob/main/docs/release-signing.md



    建议在版本控制系统中,每个重要版本标签(作为主要版本的一部分的标签,次要版本或修复公开提到的漏洞)都按照signed_releases中的要求进行加密签名,并可验证。 [version_tags_signed]

    Release process documents that important version tags should be created with git tag -s. From v6.0.2 onward, the primary release integrity guarantee is provided by Sigstore cosign keyless signing of Docker images in CI, which cryptographically binds every release to the specific GitHub Actions workflow that built it. See: https://github.com/labsai/EDDI/blob/main/docs/release-signing.md and https://github.com/labsai/EDDI/blob/main/docs/release-versioning.md#release-signing


  • 其他安全问题


    项目结果必须检查来自潜在不受信任来源的所有输入,以确保它们有效( *白名单*),如果对数据有限制,则拒绝无效输入。 [input_validation]
    请注意,将输入与“不良格式”(*黑名单*)的列表进行比较通常是不够的,因为攻击者通常可以绕过黑名单。例如,数字被转换成内部格式,然后检查它们是否在最小和最大(包括)之间,并且检查文本字符串以确保它们是有效的文本模式(例如,有效的UTF-8,长度,语法等)。一些数据可能需要是“任何东西”(例如,文件上传器),但这些数据通常是罕见的。

    https://github.com/labsai/EDDI/blob/main/docs/security.md

    EDDI validates inputs from untrusted sources using allowlist approaches:

    1. URL validation (UrlValidationUtils): All URLs from LLM tool arguments are validated against an allowlist of permitted schemes (http, https only), with blocklists for private IP ranges, cloud metadata endpoints, and internal hostnames. Validation occurs BEFORE any network request.
    2. Math expression evaluation (SafeMathParser): A recursive-descent parser that accepts only numeric literals, a fixed set of arithmetic operators, and an allowlisted set of math functions (sqrt, sin, cos, etc.). Anything not in the grammar is rejected with a parse error.
    3. JSON schema validation: Input configurations are validated against expected schemas.
    4. Path traversal prevention: PathNavigator (replacing OGNL) uses a safe property path traversal mechanism that prevents arbitrary object graph navigation.
    5. OGNL/ScriptEngine elimination: All dynamic expression evaluation engines have been removed from the codebase and replaced with safe alternatives.
    6. Content-Type strict matching: HttpCallExecutor uses strict equals() (not startsWith) for Content-Type checking to prevent type confusion attacks.


    加固机制应该用于项目生产的软件,以便软件缺陷不太可能导致安全漏洞。 [hardening]
    加固机制可能包括HTTP头,如内容安全策略(CSP),用于减轻攻击的编译器标志(如-fstack-protector)或用以消除未定义行为的编译器标志。对于此条款的目的,最小权限不被认为是一种加固机制(最少权限是重要的,但是另有条款)。

    https://github.com/labsai/EDDI/blob/main/docs/security.md

    EDDI implements multiple hardening mechanisms:

    1. Security headers: X-Content-Type-Options (nosniff), X-Frame-Options (DENY), Content-Security-Policy configured out of the box via Quarkus HTTP filter.
    2. SSRF protection: SafeHttpClient wraps all outbound HTTP calls with URL re-validation after redirects, preventing SSRF via redirect chains.
    3. Rate limiting: Token-bucket rate limiter on all LLM tool calls prevents resource exhaustion.
    4. Cost tracking: Per-conversation and per-tenant budget caps prevent runaway LLM costs.
    5. Queue capacity management: ConversationCoordinator throws RejectedExecutionException (HTTP 429) when queue capacity is exhausted, preventing unbounded resource consumption.
    6. Log injection protection: All user-provided values in log statements are sanitized to prevent log forging.
    7. Dependency banning: Maven Enforcer Plugin blocklists known-vulnerable dependency groups.
    8. Startup guards: AuthStartupGuard fails startup if production runs without authentication. ComplianceStartupChecks warns about missing TLS and database encryption.
    9. No dynamic code execution: Architecturally eliminated — no eval(), no ScriptEngine, no reflection-based execution.
    10. Memory safety: Java provides automatic memory management (garbage collection) and bounds checking, eliminating buffer overflow and use-after-free vulnerabilities.


    该项目必须提供一个保证案例,证明其满足安全要求。保证案例必须包括:对威胁模型的描述,明确确定信任边界,确定设计原则得到适用,以及常见安全弱点已经被消减。 (需要网址) [assurance_case]
    一个保证案例是“一个文献记录的证据体系,提供了一个有说服力和有效的论据,指出一组关于系统属性的关键权利要求在给定环境中给定应用程序是充分合理的”(使用结构化保证案例模型的软件保证,Thomas Rhodes等人,NIST机构间报告7608)。信任边界是数据或执行改变其信任级别的边界,例如,典型Web应用程序中的服务器边界。常见做法是列出安全设计原则(例如Saltzer和Schroeer)和常见的实施安全漏洞(例如OWASP前10名或CWE / SANS前25名),并显示每个方案如何抵御。 BadgeApp保证案例可能是一个有用的例子。本条款与documentation_security,documentation_architecture和implement_secure_design等条款有关。

    https://github.com/labsai/EDDI/blob/main/docs/security-assurance-case.md

    EDDI provides a comprehensive security assurance case in docs/security-assurance-case.md that addresses:

    1. Trust boundary architecture: 5 clearly defined boundaries with ASCII diagram — Authentication Boundary (Keycloak OIDC, AuthStartupGuard), Application Boundary (REST layer, input validation, rate limiting), Pipeline Sandbox Boundary (ILifecycleTask pipeline, SafeMathParser, PathNavigator, UrlValidationUtils), Persistence Boundary (MongoDB/PostgreSQL, Secrets Vault with envelope encryption, tamper-evident Audit Ledger), External Call Boundary (SafeHttpClient, SSRF guard, redirect re-validation).
    2. Threat model: 8 specific threats with mapped countermeasures — prompt injection → SSRF (UrlValidationUtils + SafeHttpClient), code injection (no eval/ScriptEngine, SafeMathParser), secret exfiltration (envelope encryption, export scrubbing), cross-tenant leakage (data-layer tenant isolation, memory visibility enforcement), log injection (sanitized output, CodeQL CWE-117), supply chain attacks (Dependabot + Trivy + Maven Enforcer + SHA-pinned Actions), authentication bypass (AuthStartupGuard startup check), resource exhaustion (rate limiting + cost tracking + queue capacity limits).
    3. Cryptographic design table: AES-256-GCM (vault), PBKDF2WithHmacSHA256 600K iterations (key derivation), HMAC-SHA256 (audit chain), Ed25519 (agent signing). No weak algorithms (no SHA-1, MD5, DES, RC4, ECB, CBC in security paths).
    4. CWE countermeasure matrix: 10 CWEs mapped to specific implementations (CWE-918, CWE-94, CWE-200, CWE-117, CWE-400, CWE-502, CWE-326, CWE-798, CWE-306, CWE-862).
    5. Compliance alignment: EU AI Act (audit ledger), GDPR (cascading erasure), CCPA (data subject requests), HIPAA (encryption at rest/transit).
    6. Secure development practices: Static analysis (CodeQL security-extended, Trivy, Checkstyle, Maven Enforcer, Dependency Review), testing (2,400+ unit tests, 250+ integration tests, security-specific test suites), CI/CD security (SHA-pinned Actions, Docker Hub org secrets, preflight certification).

 分析 2/2

  • 静态代码分析


    如果至少有一个FLOSS工具能够以所选择的语言实现此条款,则该项目必须至少使用一个具有规则或方式的静态分析工具来查找分析语言或环境中的常见漏洞。 [static_analysis_common_vulnerabilities]
    专门设计用于寻找常见漏洞的静态分析工具更有可能找到它们。也就是说,使用任何静态工具通常会帮助找到一些问题,所以我们“通过”级别的徽章建议,但不要求这个条款。

    https://github.com/labsai/EDDI/blob/main/.github/workflows/ci.yml

    EDDI uses multiple FLOSS static analysis tools that look for common vulnerabilities:

    1. CodeQL (GitHub's semantic code analysis engine, FLOSS): Runs on every push and pull request via .github/workflows/codeql.yml (also embedded in ci.yml as job 'codeql'). Configured with the 'security-extended' query suite — the most comprehensive security analysis pack available for Java. This detects: SQL injection, command injection, path traversal, XSS, hardcoded credentials, insecure cryptography, log injection (CWE-117), SSRF, deserialization vulnerabilities, and data flow analysis for taint tracking. Results are uploaded to GitHub Security tab.

    2. Trivy (Aqua Security, FLOSS): Runs as CI job 'trivy-scan' using aquasecurity/trivy-action. Performs filesystem scanning for known CVEs in dependencies, with CRITICAL and HIGH severity filter and exit-code 1 (build-breaking). Complementary to CodeQL — Trivy focuses on dependency CVEs while CodeQL focuses on source code patterns.

    3. Checkstyle (FLOSS): While primarily a style checker, several rules have security implications: EqualsHashCode prevents subtle equality bugs, StringLiteralEquality prevents == vs .equals() errors, FallThrough prevents accidental switch fallthrough.

    4. GitHub Dependency Review (.github/workflows/dependency-review.yml): Blocks pull requests that introduce dependencies with known vulnerabilities or incompatible licenses.

    Recent actions taken based on static analysis findings: CodeQL log-injection warnings in ConversationCoordinator classes were addressed by sanitizing all user-provided values in log statements. Trivy findings led to explicit CVE override pins in pom.xml (jinjava for CVE-2026-25526, reactor-netty-http for CVE-2025-22227).


  • 动态代码分析


    如果由项目生成的软件包含使用内存不安全语言编写的软件(例如,C或C ++),项目必须至少使用一个动态工具(例如,fuzzer或web应用扫描程序)与一种检测缓冲区覆写等内存安全问题的机制组合例行使用。如果项目不生成以内存不安全语言编写的软件,请选择“不适用”(N/A)。 [dynamic_analysis_unsafe]
    检测内存安全问题的机制的示例包括AddressSanitizer(ASAN)(可在GCC和LLVM中使用),“Memory Sanitizer” valgrind 。其他可能使用的工具包括ThreadSanitizerUndefinedBehaviorSanitizer。广泛的断言也将起作用。

    Not applicable. EDDI is written entirely in Java, which is a memory-safe language. Java provides automatic memory management through garbage collection, bounds checking on all array and buffer accesses, and type safety enforcement through the JVM. There is no C, C++, or other memory-unsafe language code in the project. The Java runtime prevents buffer overflows, use-after-free, double-free, and other memory safety vulnerabilities at the language level.



该数据可在社区数据许可协议 – 许可性,版本 2.0 (CDLA-Permissive-2.0)下获取。这意味着数据接收方可以共享数据,无论是否经过修改,只要数据接收方在共享数据时提供本协议文本。请注明Gregor Jarisch和OpenSSF最佳实践徽章贡献者。

项目徽章条目拥有者: Gregor Jarisch.
最后更新于 2026-04-02 22:12:57 UTC, 最后更新于 2026-06-18 22:52:55 UTC。 最后在 2026-04-10 23:35:34 UTC 获得通过徽章。