Back to Details

data-safety-auditor

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Data Safety Auditor

数据安全审计工具

Purpose: Comprehensive audit tool that identifies data loss risks in Vue 3 + Pinia + IndexedDB + PouchDB applications with actionable remediation guidance.
用途:一款全面的审计工具,可识别 Vue 3 + Pinia + IndexedDB + PouchDB 应用中的数据丢失风险,并提供可执行的修复指导。

Philosophy

设计理念

This skill provides rigorous data safety analysis with:
  • Zero tolerance for data loss - Identifies every potential failure point
  • Complete coverage - Storage, sync, hydration, integrity, testing
  • Evidence-based findings - Code locations, patterns, severity
  • Actionable fixes - Specific remediation with code examples
  • Test generation - Creates missing safety tests
该工具提供严格的数据分析安全分析,具备以下特性:
  • 零容忍数据丢失 - 识别每一个潜在故障点
  • 全面覆盖 - 存储、同步、水合、完整性、测试
  • 基于证据的发现 - 代码位置、模式、风险等级
  • 可执行修复方案 - 附带代码示例的具体修复建议
  • 测试用例生成 - 创建缺失的安全测试

What It Detects

检测范围

CRITICAL Risks (Deployment Blockers)

严重风险(部署阻断项)

  • QUOTA_EXCEEDED
    - Storage full, data can't save
  • SAFARI_ITP_EXPIRATION
    - 7-day data loss on Safari
  • UNHANDLED_QUOTA_ERROR
    - QuotaExceededError not caught
  • NO_CONFLICT_RESOLUTION
    - PouchDB conflicts not handled
  • NON_ATOMIC_UPDATES
    - Multi-item updates can partially fail
  • QUOTA_EXCEEDED
    - 存储已满,无法保存数据
  • SAFARI_ITP_EXPIRATION
    - Safari 浏览器中数据会在7天后丢失
  • UNHANDLED_QUOTA_ERROR
    - 未捕获 QuotaExceededError 异常
  • NO_CONFLICT_RESOLUTION
    - 未处理 PouchDB 冲突
  • NON_ATOMIC_UPDATES
    - 多条目更新可能部分失败

HIGH Risks (Must Fix)

高风险(必须修复)

  • HYDRATION_RACE_CONDITION
    - Pinia data loads after render
  • NO_SYNC_ERROR_HANDLING
    - Sync failures silently fail
  • INCOMPLETE_SYNC_UNDETECTED
    - Stranded data not detected
  • RACE_CONDITION_SAME_KEY
    - Concurrent LocalForage writes
  • UNHANDLED_STORAGE_ERROR
    - Storage calls have no try/catch
  • HYDRATION_RACE_CONDITION
    - Pinia 数据在渲染后加载
  • NO_SYNC_ERROR_HANDLING
    - 同步失败无提示
  • INCOMPLETE_SYNC_UNDETECTED
    - 未检测到滞留数据
  • RACE_CONDITION_SAME_KEY
    - LocalForage 并发写入
  • UNHANDLED_STORAGE_ERROR
    - 存储调用未添加 try/catch 捕获

MEDIUM Risks (Should Fix)

中风险(建议修复)

  • NO_CHECKSUM_VERIFICATION
    - Data corruption undetected
  • NO_PRIVATE_MODE_HANDLING
    - Private mode data loss unhandled
  • NO_PERSISTENT_STORAGE_REQUEST
    - PWA not requesting persist
  • STORAGE_PARTITIONING_UNACCOUNTED
    - iframe storage isolated
  • DRIVER_VALIDATION_MISSING
    - LocalForage driver not checked
  • NO_CHECKSUM_VERIFICATION
    - 未检测到数据损坏
  • NO_PRIVATE_MODE_HANDLING
    - 未处理隐私模式下的数据丢失问题
  • NO_PERSISTENT_STORAGE_REQUEST
    - PWA 未请求持久化存储
  • STORAGE_PARTITIONING_UNACCOUNTED
    - iframe 存储被隔离
  • DRIVER_VALIDATION_MISSING
    - 未校验 LocalForage 驱动

LOW Risks (Consider Fixing)

低风险(考虑修复)

  • NO_PERSISTENCE_TESTS
    - Missing persistence test coverage
  • NO_OFFLINE_TESTS
    - Offline sync not tested
  • MISSING_SAFARI_TESTS
    - Safari-specific tests missing
  • NO_PERSISTENCE_TESTS
    - 缺失持久化测试覆盖
  • NO_OFFLINE_TESTS
    - 未测试离线同步
  • MISSING_SAFARI_TESTS
    - 缺失 Safari 特定测试

Detection Categories

检测类别

A. Browser-Specific Data Loss Vectors

A. 浏览器特定的数据丢失风险

  • Storage quota limits and eviction policies per browser
  • Safari ITP 7-day storage limitations
  • Private/incognito mode behavior
  • Storage partitioning impacts
  • 各浏览器的存储配额限制和回收策略
  • Safari ITP 7天存储限制
  • 隐私/无痕模式行为
  • 存储分区的影响

B. Storage-Specific Patterns

B. 存储特定模式

  • LocalForage race conditions
  • Concurrent write conflicts
  • Driver fallback behavior
  • Configuration issues
  • LocalForage 竞争条件
  • 并发写入冲突
  • 驱动降级行为
  • 配置问题

C. Sync Patterns

C. 同步模式

  • PouchDB/CouchDB conflict detection
  • Network failure handling
  • Incomplete sync detection
  • Sync integrity verification
  • PouchDB/CouchDB 冲突检测
  • 网络故障处理
  • 未完成同步检测
  • 同步完整性校验

D. Vue/Pinia Risks

D. Vue/Pinia 风险

  • Hydration race conditions
  • beforeRestore/afterRestore hooks
  • Object reference breakage
  • Multiple persistence sources
  • 水合竞争条件
  • beforeRestore/afterRestore 钩子
  • 对象引用断裂
  • 多持久化源

E. Data Integrity Checks

E. 数据完整性检查

  • Schema validation on load
  • Checksum verification
  • Corruption detection
  • Backup/recovery validation
  • 加载时的 Schema 校验
  • 校验和验证
  • 损坏检测
  • 备份/恢复验证

F. Testing & Compliance

F. 测试与合规

  • Persistence test coverage
  • Quota failure tests
  • OWASP compliance
  • GDPR data integrity
  • 持久化测试覆盖
  • 配额失败测试
  • OWASP 合规性
  • GDPR 数据完整性

Usage

使用方法

javascript
const auditor = new DataSafetyAuditor();

// Full project audit
const report = await auditor.auditVueApp('./src');
console.log(report.toConsole());

// Targeted audits
const quotaFindings = await auditor.checkQuotaRisks(codeAST);
const itpFindings = await auditor.checkSafariCompat(codeAST);
const piniaFindings = await auditor.checkPiniaPersistence(piniaStore);
const syncFindings = await auditor.checkSyncIntegrity(pouchdbCode);

// Generate missing tests
const tests = await auditor.generateTestSuite();

// Get detailed remediation
const fixes = await auditor.suggestRemediations(findings);
javascript
const auditor = new DataSafetyAuditor();

// 全项目审计
const report = await auditor.auditVueApp('./src');
console.log(report.toConsole());

// 针对性审计
const quotaFindings = await auditor.checkQuotaRisks(codeAST);
const itpFindings = await auditor.checkSafariCompat(codeAST);
const piniaFindings = await auditor.checkPiniaPersistence(piniaStore);
const syncFindings = await auditor.checkSyncIntegrity(pouchdbCode);

// 生成缺失的测试用例
const tests = await auditor.generateTestSuite();

// 获取详细修复建议
const fixes = await auditor.suggestRemediations(findings);

Report Formats

报告格式

  • Console - Colored, readable CLI output with severity indicators
  • JSON - Machine-readable for CI/CD integration
  • Markdown - Documentation and reports
  • HTML - Interactive dashboard view
  • 控制台输出 - 带颜色、可读性强的 CLI 输出,包含风险等级标识
  • JSON - 机器可读格式,适用于 CI/CD 集成
  • Markdown - 用于文档和报告
  • HTML - 交互式仪表盘视图

Deployment Gate

部署门禁

The auditor enforces deployment gates:
  • CRITICAL findings = Deployment blocked
  • HIGH findings = Warning, recommend fixing
  • MEDIUM/LOW = Information only
审计工具强制执行部署门禁规则:
  • 严重风险 = 阻断部署
  • 高风险 = 警告,建议修复
  • 中/低风险 = 仅提示信息

When to Use

使用场景

Use this skill when:
  • Before deploying to production
  • After adding new persistence features
  • When debugging data loss issues
  • During code review of storage code
  • Setting up CI/CD quality gates
  • Auditing third-party storage libraries
在以下场景使用该工具:
  • 生产环境部署前
  • 添加新的持久化功能后
  • 调试数据丢失问题时
  • 存储代码的代码评审期间
  • 设置 CI/CD 质量门禁时
  • 审计第三方存储库时

Integration

集成方式

CI/CD Pipeline

CI/CD 流水线

javascript
const report = await auditor.auditVueApp('./src');
if (report.hasBlockers()) {
  console.error('DEPLOYMENT BLOCKED: Critical data safety issues found');
  process.exit(1);
}
javascript
const report = await auditor.auditVueApp('./src');
if (report.hasBlockers()) {
  console.error('DEPLOYMENT BLOCKED: Critical data safety issues found');
  process.exit(1);
}

Custom Rules

自定义规则

javascript
auditor.rules.addRule('MUST_USE_ENCRYPTION', (code) => {
  if (code.includes('sensitive_data') && !code.includes('crypto.subtle')) {
    return { severity: 'CRITICAL', msg: 'Sensitive data must be encrypted' };
  }
});
javascript
auditor.rules.addRule('MUST_USE_ENCRYPTION', (code) => {
  if (code.includes('sensitive_data') && !code.includes('crypto.subtle')) {
    return { severity: 'CRITICAL', msg: 'Sensitive data must be encrypted' };
  }
});

MANDATORY USER VERIFICATION REQUIREMENT

强制用户验证要求

Policy: No Safety Claims Without User Confirmation

政策:无用户确认不得声称安全

CRITICAL: Before claiming ANY data safety issue is "fixed", "resolved", or "safe", the following verification protocol is MANDATORY:
严重提示:在声称任何数据安全问题已“修复”、“解决”或“安全”之前,必须执行以下验证流程:

Step 1: Technical Verification

步骤1:技术验证

  • Run full audit with all detectors
  • Verify no CRITICAL or HIGH findings
  • Take screenshots/evidence of clean audit
  • 运行全量审计,启用所有检测器
  • 确认无严重或高风险发现
  • 截取审计通过的截图/证据

Step 2: User Verification Request

步骤2:请求用户验证

REQUIRED: Use the 
AskUserQuestion
tool to explicitly ask the user to verify:
"I've completed the data safety audit. Before confirming your app is safe, please verify:
1. [Specific storage operations to test]
2. [Sync scenarios to test]
3. [Browser-specific tests to run]

Please confirm the data persists correctly, or let me know what's failing."
必须执行:使用 
AskUserQuestion
工具明确请求用户验证:
"我已完成数据安全审计。在确认您的应用安全之前,请验证:
1. [需测试的特定存储操作]
2. [需测试的同步场景]
3. [需运行的浏览器特定测试]

请确认数据能正确持久化,或告知我哪些部分出现问题。"

Step 3: Wait for User Confirmation

步骤3:等待用户确认

  • DO NOT claim app is "data safe" until user confirms
  • DO NOT approve deployment without user verification
  • DO NOT skip any CRITICAL finding verification
Remember: The user is the final authority on data safety. No exceptions.
  • 不得在用户确认前声称应用“数据安全”
  • 不得在无用户验证的情况下批准部署
  • 不得跳过任何严重风险的验证
注意:用户是数据安全的最终权威,无例外。