imran7714/GIE

# 🏛 治理智能引擎 ## 快速开始 ### 给 IT 管理员的说明 — 运行服务器 ``` # 1. 导航到服务器文件夹 cd server/ # 2. 安装依赖（仅一次） npm install # 3. 启动服务器 node server.js # 服务器启动地址：http://localhost:3000 # 在浏览器中打开该 URL 以查看所有违规行为 ``` **Environment variables (optional):** ``` PORT=8080 # Change port (default: 3000) API_KEY=mysecret # Require API key from employees (recommended) DATA_FILE=./logs.json # Where to persist logs (default: ./gie-logs.json) MAX_LOGS=50000 # Max violations to store (default: 10000) ``` Example with a key: ``` API_KEY=your-secret-key-here node server.js ``` ### 给员工的说明 — 安装扩展 1. Open Chrome → `chrome://extensions` 2. Enable **Developer Mode** (top right toggle) 3. Click **Load unpacked** 4. Select the `gie-v3/` folder *(NOT the `server/` subfolder)* 5. The GIE icon appears in your toolbar **Configure your identity:** 1. Click the GIE toolbar icon 2. Go to **⚙ Governance Policy** tab 3. Expand **👤 Employee Identity** — fill in your name, department 4. Expand **🖥 Admin Server Connection** - Enter the server URL: `http://localhost:3000` (or your IT team's IP/hostname) - Enter the API key if your admin set one - Click **⚡ Ping Server** to verify it's reachable 5. Click **💾 Save Governance Policy** That's it. Every policy violation you trigger will now appear in the admin dashboard. ## 架构 ``` Employee 1 Browser Employee 2 Browser Employee N Browser ┌──────────────────┐ ┌──────────────────┐ ┌──────────────────┐ │ GIE Extension │ │ GIE Extension │ │ GIE Extension │ │ │ │ │ │ │ │ Detects violation│ │ Detects violation│ │ Detects violation│ │ → Shows red border │ → Shows red border │ → Shows red border │ → Local audit log│ │ → Local audit log│ │ → Local audit log│ │ → POST /api/logs │ │ → POST /api/logs │ │ → POST /api/logs │ └────────┬─────────┘ └────────┬─────────┘ └────────┬─────────┘ │ │ │ └───────────────────────────┼────────────────────────────┘ │ HTTP POST ┌──────▼──────────┐ │ server/server.js │ │ (Node.js/Express)│ │ │ │ POST /api/logs │ ← receives from employees │ GET / │ ← admin dashboard HTML │ GET /api/stats │ ← aggregated stats │ GET /api/events │ ← live SSE stream │ GET /api/export │ ← CSV download └──────────────────┘ ``` **Offline behaviour:** If the server is unreachable, violations are saved to a local `gie_outbox` queue in the extension and automatically retried every 2 minutes. The admin dashboard header in the popup shows how many violations are queued. ## 管理员仪表板功能 - **Live updates** — new violations appear instantly (Server-Sent Events, no polling) - **Employee sidebar** — click any employee to filter the table to just their violations - **KPI bar** — click any severity badge to filter by level - **Sortable table** — click any column header - **Expandable rows** — click any row for full details (employee ID, source IP, violation tags) - **Export CSV** — downloads all visible violations as a spreadsheet - **Export PDF** — opens a print-ready report - **Clear all** — wipes the server log (with confirmation) ## 安全注意事项 - **Set an API key** in production: `API_KEY=secret node server.js` — employees must enter the same key in their extension settings - The server **only stores violation metadata** — never the actual sensitive text. Just labels like "Credit Card Number" or "UK National Insurance Number" - Logs are persisted to `gie-logs.json` in the server folder — back this up regularly - For company-wide deployment, run the server on a VM accessible from the office network and set `DATA_FILE` to a backed-up path ## 文件结构 ``` gie-v3/ ← Load this folder in Chrome ├── manifest.json ├── engine.js ← Background: relay + outbox queue ├── dashboard.html ← Employee popup UI ├── dashboard.js ← Employee popup logic ├── modules/ │ ├── storage/audit.js ← v3: fires GIE_RELAY after each log() │ ├── rules/ │ │ ├── rule-pii.js │ │ ├── rule-financial.js │ │ ├── rule-secrets.js │ │ └── rule-ai.js ← Gemini Nano + regex AI detection │ ├── ui/warning.js │ └── platforms/ │ ├── platform-chatgpt.js │ ├── platform-claude.js │ ├── platform-gemini.js │ └── platform-perplexity.js └── server/ ← Run this separately on admin machine ├── package.json ├── server.js ← Express server + embedded admin dashboard └── gie-logs.json ← Created automatically on first violation ``` ## 故障排除 **"Not reachable" when pinging server** - Check that `node server.js` is running in the server folder - Check that your firewall allows port 3000 (or your chosen PORT) - If employees are on a different machine, use the server's IP address instead of `localhost` **Violations not appearing in admin dashboard** - Open the extension popup → ⚙ Governance Policy → Admin Server — check the status widget - If it shows "Offline", violations are queued and will sync when the server comes back - Check the server console for incoming request logs **"Unauthorized — invalid API key" errors** - Make sure the API_KEY env var on the server matches exactly what's entered in each employee's extension settings - Keys are case-sensitive **Extension not detecting violations** - Make sure you're on one of the monitored platforms (ChatGPT, Claude.ai, Gemini, Perplexity) - Try typing a test SSN like `123-45-6789` or a fake credit card `4111-1111-1111-1111` - Check the browser console for `[GIE v3]` log messages ======= # GIE The Governance Intelligence Engine (GIE) is a state-of-the-art Manifest V3 browser extension architecture developed to address the critical security vacuum created by the rapid adoption of Large Language Models (LLMs) in the enterprise

标签：API密钥认证, CMS安全, GNU通用公共许可证, Governance Intelligence Engine, JavaScript, Manifest V3, MITM代理, Node.js, SEO标签, 企业安全, 企业级安全工具, 员工身份识别, 大型语言模型安全, 数据可视化, 日志持久化, 服务端管理, 治理智能引擎, 浏览器扩展, 环境变量配置, 策略治理, 管理员仪表盘, 网络资产管理, 自定义脚本, 违规监控