Jonnenpijonne/local-first-wordpress-devsecops-kit
GitHub: Jonnenpijonne/local-first-wordpress-devsecops-kit
一套面向受监管 WordPress 开发场景的本地优先 DevSecOps 基线启动包,提供可审计的容器化开发环境、隐私数据处理规范和治理模板。
Stars: 0 | Forks: 0
# 本地优先的 WordPress DevSecOps 套件
针对受监管的 WordPress 开发提供的本地优先 DevSecOps 启动套件:Docker Compose、隐私安全的数据处理、AI 边界、操作手册和审计证据模板。
**适用于受监管的基于 WordPress 平台的轻量级、可审计且可恢复的本地开发模型。**
## 验证状态
在 Windows 上通过 WSL2、Docker Desktop 和 Git Bash 进行了本地验证。
运行时结果:
- WordPress 可通过 `http://localhost:8080` 访问
- Mailpit 可通过 `http://localhost:8025` 访问
- MariaDB 达到健康状态
- 测试了 Docker Compose 生命周期:`up`、`ps`、`down`、`up -d`、`exec`
- 通过 `docker compose exec wordpress bash` 验证了 WordPress 容器 shell 访问权限
- 捕获了针对 `http://localhost:8080/wp-admin/plugins.php` 的本地 Lighthouse 审计结果
详细证据:
- `docs/evidence/LOCAL_VALIDATION_2026-06-15.md`
- `docs/evidence/LIGHTHOUSE_AUDIT_2026-06-15.md`
- `docs/ops/DOCKER_COMPOSE_LIFECYCLE_AUDIT.md`
## 目的
本仓库展示了一个**本地优先的 DevSecOps 开发基准**,适用于后续可能需要在受监管、注重隐私或多租户环境中运行的基于 WordPress 的平台。
目标并不是在本地创建一个生产平台。
目标是使本地开发变得:
* 可重复
* 可恢复
* 可理解
* 默认安全
* 易于上手
* 具备足够的可审计性以满足早期治理
* 免受意外的生产数据和 AI 上下文泄露影响
简而言之:
## 核心理念
大多数本地开发环境都以相同的方式失败:
* 环境搭建依赖于某一个人
* 生产数据被随意复制
* 密钥最终留在代码仓库或聊天记录中
* 在未真正了解 Docker 隔离内容的情况下盲目使用 Docker
* 赋予了 AI 工具过多的上下文权限
* 没人知道重置哪些内容是安全的
* 环境发生配置漂移,最终变成了“雪花”(独特且不可复制)
本套件通过一个小巧、明确且有文档记录的基准来解决这些问题:
```
Docker Compose runtime
+ WordPress development stack
+ Git / SSH / signed commit workflow
+ no production data in development
+ anonymized dataset handling model
+ local AI boundary model
+ developer runbooks
+ evidence templates
```
## 架构概览
```
flowchart TB
DEV["Developer workstation"]
DEV --> GIT["Git / SSH / signed commits"]
DEV --> DOCKER["Docker Compose"]
DEV --> AI["Local AI tools
Ollama / Open WebUI"] DOCKER --> WP["WordPress container"] DOCKER --> DB["MariaDB container"] DOCKER --> MAIL["Mailpit container"] DOCKER --> VOL["Docker volumes
local persistent data"] WP --> DB WP --> MAIL GOV["Governance docs"] PRIV["Privacy & anonymization docs"] EVID["Evidence templates"] GIT --> GOV GIT --> PRIV GIT --> EVID PRIV --> DATA["Anonymized / generated dev data"] DATA --> DB AI -. "assistive only
no secrets / no prod data" .-> DEV AI -. "docs, logs, troubleshooting" .-> GOV classDef local fill:#eef,stroke:#447,stroke-width:1px; classDef governance fill:#efe,stroke:#474,stroke-width:1px; classDef risk fill:#fee,stroke:#944,stroke-width:1px; class DEV,GIT,DOCKER,AI,WP,DB,MAIL,VOL local; class GOV,PRIV,EVID governance; class DATA risk; ``` ## 架构原则 **代码即债务。** 这并不是因为代码不好,而是因为每一行代码都会产生未来的责任:维护、安全、文档、测试、所有权和运营风险。 当文档使系统变得可理解、可转移和可恢复时,它就是一项资产。 测试和审计证据能够防止技术债务演变成组织风险。 **复杂性并不等同于成熟度。** **真正的成熟度是知道目前暂不应该构建什么。** 本套件刻意保持轻量。 它不是 Kubernetes。 它不是生产级编排平台。 它不是企业级 IAM 系统。 它不是解决安全问题的银弹。 它是一个受控的本地开发基础。 ## 本项目是什么 本项目是: * 一个本地 WordPress 开发运行时 * 一个 Docker Compose 入门模型 * 一种注重隐私的开发工作流 * 一个面向治理的文档基准 * 一个本地优先的 AI 工作流边界模型 * 一套面向受监管或对合规敏感的开发团队的启动套件 本项目不是: * 一种生产部署策略 * 一套经过加固的生产架构 * 一个完整的 CI/CD 发布平台 * 一个完整的数据匿名化产品 * 一个企业级 GRC 系统 * 正式安全审查的替代品 * 生产级密钥管理的替代品 ## 目标用例 当团队需要开发基于 WordPress 或基于 PHP 的系统,且本地开发仍必须遵守操作规范时,此套件非常有用。 适用场景: * WordPress 平台开发 * 受监管或半监管的 Web 平台 * 早期的医疗科技 / 健康科技 / 涉及公共部门的项目 * 多租户或合作伙伴门户概念验证 * 在开发中使用 AI 工具的团队 * 需要安全入门和可重复本地环境的团队 * 希望在扩展之前建立治理机制,同时又不想增加企业级官僚主义的团队 不适用场景: * 生产级 Kubernetes 运维 * 现成的大型企业级平台工程 * 无人管理的业余服务器 * 不希望编写文档、进行审查或设立边界的团队 ## 设计目标 ### 1. 一条命令启动开发环境 开发者应该能够运行: ``` docker compose up -d ``` 并获得一个可正常运行的本地 WordPress 技术栈。 ### 2. 降低认知负担 环境应减轻记忆负担。 开发者不需要记住冗长的操作流程。工作流应通过以下方式自我解释: * 服务名称 * 脚本 * 操作手册 * 健康检查 * 重置例程 ### 3. 开发环境中不包含生产数据 严禁将生产数据直接复制到本地环境中。 开发数据集必须: * 最小化 * 匿名化或假名化 * 经过密钥扫描 * 即使匿名化后也必须被视为机密 * 在替换后被销毁 ### 4. AI 是辅助性的,而非自主性的 AI 可以协助进行: * 编写文档 * 代码建议 * 故障排除 * 内容总结 * 本地开发推理 AI 严禁自主进行以下操作: * 部署 * 合并到受保护的分支 * 标记发布版本 * 修改生产控制措施 * 窃取数据 * 接收生产数据集 * 未经明确批准,通过外部 SaaS 工具接收敏感的本地开发数据集 ### 5. 在扩展之前先建立治理 重点并不是构建一台庞大的治理机器。 重点在于尽早明确以下基础事项: * 运行了什么 * 谁更改了什么 * 使用了什么数据 * 对什么内容进行了匿名化 * 可以重置什么 * 绝对不能发送给外部 AI 的是什么 * 什么是仅限本地的 * 什么是未来的生产工作 ## 参考仓库结构 推荐结构: ``` local-first-wordpress-devsecops-kit/ │ ├── README.md ├── docker-compose.yml ├── .env.example ├── .gitignore │ ├── scripts/ │ ├── dev-up.sh │ ├── dev-down.sh │ ├── dev-health.sh │ ├── dev-reset.sh │ ├── scan-secrets.sh │ └── anonymize-placeholder.py │ ├── docs/ │ ├── dev/ │ │ ├── LOCAL_DEV_ENVIRONMENT.md │ │ ├── DOCKER_WORDPRESS_RUNBOOK.md │ │ └── DEBUG_AND_RESET.md │ │ │ ├── privacy/ │ │ ├── DATA_ANONYMIZATION_GUIDE.md │ │ ├── DATA_CLASSIFICATION_TEMPLATE.md │ │ └── DEVELOPMENT_DATA_RULES.md │ │ │ ├── governance/ │ │ ├── AI_BOUNDARY_MODEL.md │ │ ├── SSOT_AND_AUTHORITY_MODEL.md │ │ ├── CHANGE_CONTROL.md │ │ └── RISK_REGISTER.md │ │ │ └── evidence/ │ ├── ANONYMIZATION_LOG_TEMPLATE.md │ ├── LOCAL_ENVIRONMENT_VALIDATION_CHECKLIST.md │ └── SECRET_SCAN_LOG_TEMPLATE.md │ └── wp-content/ └── .gitkeep ``` ## 快速开始 ### 前置条件 安装: * Docker Desktop 或 Docker Engine + Docker Compose * Git * 兼容 Bash 的 Shell 检查: ``` docker compose version git --version ``` ### 克隆 ``` git clone git@github.com:YOUR-USERNAME/local-first-wordpress-devsecops-kit.git cd local-first-wordpress-devsecops-kit ``` ### 配置环境 ``` cp .env.example .env ``` ### 启动技术栈 ``` docker compose up -d ``` ### 检查容器 ``` docker compose ps ``` ### 打开 WordPress ``` http://localhost:8080 ``` ## Docker Compose 基准 `docker-compose.yml` 示例: ``` services: wordpress: image: wordpress:latest container_name: local_wp ports: - "127.0.0.1:8080:80" environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: wp WORDPRESS_DB_PASSWORD: wp WORDPRESS_DB_NAME: local_wp volumes: - ./wp-content:/var/www/html/wp-content depends_on: db: condition: service_healthy networks: - app-net db: image: mariadb:11 container_name: local_wp_db environment: MYSQL_DATABASE: local_wp MYSQL_USER: wp MYSQL_PASSWORD: wp MYSQL_ROOT_PASSWORD: root volumes: - db_data:/var/lib/mysql healthcheck: test: ["CMD", "mariadb-admin", "ping", "-h", "localhost", "-uroot", "-proot"] interval: 10s timeout: 5s retries: 5 networks: - app-net mailpit: image: axllent/mailpit:latest container_name: local_mailpit ports: - "127.0.0.1:8025:8025" networks: - app-net volumes: db_data: networks: app-net: driver: bridge ``` ### 为什么 localhost 绑定很重要 请使用: ``` 127.0.0.1:8080:80 ``` 而不是: ``` 8080:80 ``` 这可以减少意外暴露到本地机器之外的风险。 ## 日常工作流 ### 启动 ``` docker compose up -d ``` ### 停止 ``` docker compose down ``` ### 查看状态 ``` docker compose ps ``` ### 查看日志 ``` docker compose logs -f ``` ### 查看单个服务的日志 ``` docker compose logs -f wordpress docker compose logs -f db ``` ### 进入 WordPress 容器 ``` docker compose exec wordpress bash ``` ## 重置与重建模型 目标是通过例程进行恢复,而不是凭记忆。 ### 软重启 ``` docker compose restart ``` ### 在依赖或 Dockerfile 发生更改后重建 ``` docker compose up -d --build ``` ### 彻底清除并重置 警告:将删除持久化的数据库卷。 ``` docker compose down -v docker compose up -d --build ``` 仅当本地数据不再需要时才使用彻底重置。 ## 推荐脚本 ### `scripts/dev-up.sh` ``` #!/usr/bin/env bash set -euo pipefail echo "Starting local development stack..." docker compose up -d echo echo "Current containers:" docker compose ps echo echo "WordPress should be available at:" echo "http://localhost:8080" ``` ### `scripts/dev-down.sh` ``` #!/usr/bin/env bash set -euo pipefail echo "Stopping local development stack..." docker compose down ``` ### `scripts/dev-health.sh` ``` #!/usr/bin/env bash set -euo pipefail echo "Docker Compose version:" docker compose version echo echo "Container status:" docker compose ps echo echo "Database health:" docker compose exec db mariadb-admin ping -h localhost -uroot -proot || true echo echo "Recent logs:" docker compose logs --tail=50 ``` ### `scripts/dev-reset.sh` ``` #!/usr/bin/env bash set -euo pipefail echo "WARNING: this will remove local containers and volumes." echo "Local database data will be deleted." read -r -p "Type RESET to continue: " confirm if [[ "$confirm" != "RESET" ]]; then echo "Aborted." exit 1 fi docker compose down -v docker compose up -d --build docker compose ps ``` ### `scripts/scan-secrets.sh` ``` #!/usr/bin/env bash set -euo pipefail TARGET="${1:-.}" echo "Scanning for common secret patterns in: $TARGET" grep -RInE \ "password|secret|token|BEGIN PRIVATE KEY|sk_live|smtp|license|api[_-]?key" \ "$TARGET" \ --exclude-dir=.git \ --exclude-dir=node_modules \ --exclude-dir=vendor || true echo echo "Review all matches manually. False positives are possible." ``` ## 隐私基准 ### 规则 1:开发环境中不包含生产数据 严禁将生产数据直接复制到本地开发环境中。 允许: * 生成的模拟数据 * 手动创建的测试数据 * 最小化且匿名化的数据集 * 经批准的假名化开发数据提取 不允许: * 原始生产数据库转储 * 真实客户数据 * 真实的患者/用户/客户标识符 * 生产上传文件夹 * API token、SMTP 凭证或许可证密钥 * 粘贴到 AI 工具或聊天中的密钥 ## 开发数据流 ``` flowchart LR PROD["Production data
(not copied directly)"] REVIEW["Data classification review"] MIN["Minimized extract"] ANON["Anonymization / pseudonymization"] SCAN["Secret scan"] IMPORT["Import into local Docker DB"] VALIDATE["Validation"] EVIDENCE["Evidence log"] DESTROY["Destroy old local dataset"] PROD --> REVIEW REVIEW --> MIN MIN --> ANON ANON --> SCAN SCAN --> IMPORT IMPORT --> VALIDATE VALIDATE --> EVIDENCE EVIDENCE --> DESTROY BLOCK["External AI / SaaS LLMs"] ANON -. "must not be uploaded
without explicit approval" .-> BLOCK classDef safe fill:#eef,stroke:#447,stroke-width:1px; classDef control fill:#efe,stroke:#474,stroke-width:1px; classDef danger fill:#fee,stroke:#944,stroke-width:1px; class REVIEW,ANON,SCAN,VALIDATE,EVIDENCE control; class MIN,IMPORT,DESTROY safe; class PROD,BLOCK danger; ``` ## 数据分类模板 创建 `docs/privacy/DATA_CLASSIFICATION_TEMPLATE.md`: ``` # 数据分类模板 | Table / Field | Classification | Development Handling | Notes | | --- | --- | --- | --- | | wp_users.user_email | Personal data | Replace with generated address | Stable pseudonym preferred | | wp_users.user_login | Personal data | Replace with generated login | Keep referential consistency | | wp_usermeta.meta_value | Personal data / mixed | Review and scrub | May contain phone, address, metadata | | wp_options.option_value | Secret / configuration risk | Remove or replace | API keys, tokens, licenses | | wp_posts.post_content | Mixed content risk | Scan and anonymize | Free text may contain personal data | | wp_comments.comment_author_email | Personal data | Replace | | | wp_comments.comment_author_IP | Personal data | Truncate or replace | | | wp-content/uploads | High-risk files | Do not copy by default | May contain PDFs, images, EXIF | ``` ## 开发数据规则 创建 `docs/privacy/DEVELOPMENT_DATA_RULES.md`: ``` # 开发数据规则 ## 强制规则 1. No raw production data in local development. 2. No secrets in repositories, chats or AI prompts. 3. Anonymized datasets remain confidential. 4. Old local datasets must be deleted after refresh. 5. Uploads folders are not copied from production by default. 6. External AI tools must not receive local development datasets unless explicitly approved. 7. Dataset handling must leave an evidence trail. ## 本地数据集生命周期 request → classification review → minimized extract → anonymization → secret scan → local import → validation → destruction after replacement ## 销毁 Use: docker compose down -v rm -f anonymized_dump_old.sql when local data is no longer needed. ``` ## 匿名化模型 创建 `docs/privacy/DATA_ANONYMIZATION_GUIDE.md`: ``` # 数据匿名化指南 ## 原则 Anonymization reduces risk, but anonymized development data is still treated as confidential. ## 最小化处理 1. Review data classification. 2. Export only required tables. 3. Replace personal data. 4. Remove secrets. 5. Preserve referential consistency where needed. 6. Round timestamps where appropriate. 7. Scan output for secrets. 8. Record evidence. ## 稳定的假名化 Random replacement is not always enough. For relational data, the same source value should map to the same pseudonym across tables. Example: def stable_pseudonym(value: str) -> str: import hashlib return hashlib.sha256(f"project_seed_{value}".encode()).hexdigest()[:12] ## Secret scan grep -RiE \ "password|secret|token|BEGIN PRIVATE KEY|sk_live|smtp|license|api[_-]?key" \ anonymized_dump.sql If matches are found, fix the anonymization process and regenerate the dataset. ## 证据 Record each anonymization run in: docs/evidence/ANONYMIZATION_LOG_TEMPLATE.md ``` ## AI 边界模型 ``` flowchart TB AI["AI assistant"] ALLOWED["Allowed"] DENIED["Denied"] AI --> ALLOWED AI --> DENIED ALLOWED --> DOCS["Draft documentation"] ALLOWED --> LOGS["Explain logs"] ALLOWED --> TESTS["Suggest tests"] ALLOWED --> LOCAL["Assist local troubleshooting"] ALLOWED --> REVIEW["Review non-sensitive config"] DENIED --> DEPLOY["Deploy"] DENIED --> MERGE["Merge to protected branches"] DENIED --> TAG["Create releases / tags"] DENIED --> SECRETS["Receive secrets"] DENIED --> PRODDATA["Receive production data"] DENIED --> CONTROLS["Modify production controls"] classDef ok fill:#e9f7ef,stroke:#2e7d32,stroke-width:1px; classDef no fill:#fdecea,stroke:#c62828,stroke-width:1px; class ALLOWED,DOCS,LOGS,TESTS,LOCAL,REVIEW ok; class DENIED,DEPLOY,MERGE,TAG,SECRETS,PRODDATA,CONTROLS no; ``` 创建 `docs/governance/AI_BOUNDARY_MODEL.md`: ``` # AI 边界模型 ## 原则 AI is assistive, not autonomous. AI can support development, documentation and troubleshooting, but it must not independently control delivery, production access or sensitive data movement. ## 允许 AI may assist with: - documentation drafts - local troubleshooting - explaining logs - generating test ideas - summarizing architecture - suggesting scripts - reviewing non-sensitive configuration - helping with local development workflows ## 不允许 AI must not independently: - deploy - merge to protected branches - create release tags - archive repositories - modify production controls - receive secrets - receive raw production data - receive local anonymized datasets through external SaaS tools without approval - bypass governance review ## 本地 AI Local models may be used for lower-risk development support when data remains on the developer machine. Recommended local tools: - Ollama - Open WebUI - local coding models ## 外部 AI External AI services must be treated as third-party processors. Do not paste: - secrets - customer data - production dumps - anonymized datasets - tenant-specific data - confidential internal architecture unless explicitly approved through governance review. ``` ## SSOT 与授权模型 创建 `docs/governance/SSOT_AND_AUTHORITY_MODEL.md`: ``` # 单一真理与权威来源模型 ## 目的 This document defines which source wins when documentation, repository state and operational summaries disagree. ## 权威层级 1. Governance repository documentation 2. Current repository state 3. Approved issue / pull request history 4. Operational summaries 5. Informal notes or chat history ## 规则 If conflict exists, governance docs and repository state override informal summaries. ## 重要性说明 AI-generated summaries and operational notes can drift. The repository must remain the source of enforceable truth for: - code - configuration - scripts - validation - governance policies - evidence templates ``` ## 变更控制 创建 `docs/governance/CHANGE_CONTROL.md`: ``` # Change Control ## 原则 Small local development changes do not need enterprise bureaucracy, but they still need clarity. ## 风险等级 ### Class 1 — 仅限文档 Examples: - README edits - comments - non-operational documentation - spelling fixes Required: - clear commit message ### Class 2 — 本地 workflow 或开发 runtime 变更 Examples: - docker-compose changes - script changes - anonymization process changes - AI boundary updates - local development tooling Required: - change summary - test command or validation note - rollback note ### Class 3 — 影响生产或敏感控制变更 Examples: - production deployment - tenant isolation logic - authentication and authorization controls - secrets handling - release process - data export/import controls Required: - formal review - risk assessment - rollback plan - evidence trail - approval before merge ``` ## 风险登记册 创建 `docs/governance/RISK_REGISTER.md`: ``` # Risk Register | Risk | Impact | Mitigation | | --- | --- | --- | | Scope creep | Stack becomes too complex | Add services only when needed | | Production data leakage | GDPR / confidentiality risk | No production data in dev | | Secrets in repo | Credential compromise | .gitignore + secret scanning | | AI context leakage | Sensitive information exposure | AI boundary model | | Docker misconfiguration | Accidental network exposure | Bind ports to localhost | | Tenant boundary mistakes | Data isolation failure | Tenant isolation first | | Unowned scripts | Operational risk | Document scripts and ownership | | Environment drift | Onboarding failure | Docker Compose + scripts | | No evidence trail | Audit weakness | Evidence templates | ``` ## 证据模板 ### `docs/evidence/ANONYMIZATION_LOG_TEMPLATE.md` ``` # 匿名化日志 | Field | Value | | --- | --- | | Timestamp | YYYY-MM-DDTHH:MM:SSZ | | Operator | | | Source environment | | | Dataset scope | | | Data classification reviewed | yes / no | | Anonymization script/version | | | Secret scan completed | yes / no | | Secret scan result | pass / fail | | Local import completed | yes / no | | Old dataset destroyed | yes / no | | Notes | | ## 使用的命令 Paste commands here. ## 验证说明 Describe how anonymization was verified. ``` ### `docs/evidence/LOCAL_ENVIRONMENT_VALIDATION_CHECKLIST.md` ``` # 本地环境验证清单 | Check | Result | Notes | | --- | --- | --- | | Docker Compose version works | pass / fail | | | Stack starts with one command | pass / fail | | | WordPress opens on localhost | pass / fail | | | Database container healthy | pass / fail | | | Mailpit opens on localhost | pass / fail | | | No production data used | pass / fail | | | No secrets committed | pass / fail | | | Reset command tested | pass / fail | | | Documentation reviewed | pass / fail | | ``` ### `docs/evidence/SECRET_SCAN_LOG_TEMPLATE.md` ``` # Secret Scan 日志 | Field | Value | | --- | --- | | Timestamp | | | Operator | | | Target path | | | Tool / command | | | Result | pass / fail | | Follow-up actions | | ## 命令 ./scripts/scan-secrets.sh . ## 发现结果 Document findings or false positives here. ``` ## 安全说明 Docker 能提供帮助,但它不会自动使系统变得安全。 优点: * 服务是明确的 * 本地端口可以绑定到 localhost * 依赖项是可见的 * 运行时可以重建 * 数据卷可以重置 * 可以减少网络暴露 使用不当的缺点: * 永远以 root 身份运行所有进程 * 暴露所有端口 * 将密钥存储在 compose 文件中 * 复制生产环境上传的文件 * 使用未更新的陈旧镜像 * 认为本地就等于安全 * 将开发数据发送到外部 AI 工具 ## 本地 AI 说明 推荐的本地使用模式: ``` Desktop = build / debug / document Local AI = assist / explain / summarize Repository = source of truth Governance docs = rules and boundaries ``` 本地 AI 可用于: * 解释日志 * 起草文档 * 生成测试用例 * 总结项目背景 * 审查非敏感的本地脚本 本地 AI 不能替代: * 代码审查 * 安全审查 * 治理批准 * 生产发布流程 * 密钥管理 * 数据保护影响评估 ## 为什么这很重要 本套件减少了: * 入门阻力 * 本地环境配置漂移 * 生产数据的误用 * AI 上下文泄露 * 未记录的设置知识 * “只有一个人知道它如何运作”的风险 * 对重置和重建的恐惧 * 隐藏的运营复杂性 它提升了: * 可重复性 * 可恢复性 * 可审计性 * 开发者信心 * 运营透明度 * 隐私纪律 * 治理成熟度 ## 作品集总结 本项目展示了: * 基于 Docker Compose 的 WordPress 本地开发 * 本地优先的 DevSecOps 思维 * 注重隐私的开发工作流 * 匿名化数据处理模型 * AI 边界模型 * 审计证据模板 * 操作手册编写 * 在扩展前建立轻量级治理 技术价值不仅在于技术栈本身。 其价值在于使技术栈变得可理解、可恢复和可转移。 ## 建议的 GitHub 描述 ``` Local-first DevSecOps starter kit for regulated WordPress development: Docker Compose, privacy-safe data handling, AI boundaries, runbooks and audit evidence templates. ``` ## 建议的话题 ``` wordpress docker docker-compose devsecops local-development governance privacy gdpr ai-boundary audit-evidence developer-onboarding technical-documentation ``` ## 许可证 公开作品集版本推荐使用的许可证: ``` MIT License ``` 对于内部/私营公司的使用,请根据组织政策选择许可证。 ## 结语 本项目有意避免了不必要的复杂性。 目标不是构建最大的平台。 目标是构建一个团队可以理解、运行、重置、审查和改进的最小可用操作模型。
Ollama / Open WebUI"] DOCKER --> WP["WordPress container"] DOCKER --> DB["MariaDB container"] DOCKER --> MAIL["Mailpit container"] DOCKER --> VOL["Docker volumes
local persistent data"] WP --> DB WP --> MAIL GOV["Governance docs"] PRIV["Privacy & anonymization docs"] EVID["Evidence templates"] GIT --> GOV GIT --> PRIV GIT --> EVID PRIV --> DATA["Anonymized / generated dev data"] DATA --> DB AI -. "assistive only
no secrets / no prod data" .-> DEV AI -. "docs, logs, troubleshooting" .-> GOV classDef local fill:#eef,stroke:#447,stroke-width:1px; classDef governance fill:#efe,stroke:#474,stroke-width:1px; classDef risk fill:#fee,stroke:#944,stroke-width:1px; class DEV,GIT,DOCKER,AI,WP,DB,MAIL,VOL local; class GOV,PRIV,EVID governance; class DATA risk; ``` ## 架构原则 **代码即债务。** 这并不是因为代码不好,而是因为每一行代码都会产生未来的责任:维护、安全、文档、测试、所有权和运营风险。 当文档使系统变得可理解、可转移和可恢复时,它就是一项资产。 测试和审计证据能够防止技术债务演变成组织风险。 **复杂性并不等同于成熟度。** **真正的成熟度是知道目前暂不应该构建什么。** 本套件刻意保持轻量。 它不是 Kubernetes。 它不是生产级编排平台。 它不是企业级 IAM 系统。 它不是解决安全问题的银弹。 它是一个受控的本地开发基础。 ## 本项目是什么 本项目是: * 一个本地 WordPress 开发运行时 * 一个 Docker Compose 入门模型 * 一种注重隐私的开发工作流 * 一个面向治理的文档基准 * 一个本地优先的 AI 工作流边界模型 * 一套面向受监管或对合规敏感的开发团队的启动套件 本项目不是: * 一种生产部署策略 * 一套经过加固的生产架构 * 一个完整的 CI/CD 发布平台 * 一个完整的数据匿名化产品 * 一个企业级 GRC 系统 * 正式安全审查的替代品 * 生产级密钥管理的替代品 ## 目标用例 当团队需要开发基于 WordPress 或基于 PHP 的系统,且本地开发仍必须遵守操作规范时,此套件非常有用。 适用场景: * WordPress 平台开发 * 受监管或半监管的 Web 平台 * 早期的医疗科技 / 健康科技 / 涉及公共部门的项目 * 多租户或合作伙伴门户概念验证 * 在开发中使用 AI 工具的团队 * 需要安全入门和可重复本地环境的团队 * 希望在扩展之前建立治理机制,同时又不想增加企业级官僚主义的团队 不适用场景: * 生产级 Kubernetes 运维 * 现成的大型企业级平台工程 * 无人管理的业余服务器 * 不希望编写文档、进行审查或设立边界的团队 ## 设计目标 ### 1. 一条命令启动开发环境 开发者应该能够运行: ``` docker compose up -d ``` 并获得一个可正常运行的本地 WordPress 技术栈。 ### 2. 降低认知负担 环境应减轻记忆负担。 开发者不需要记住冗长的操作流程。工作流应通过以下方式自我解释: * 服务名称 * 脚本 * 操作手册 * 健康检查 * 重置例程 ### 3. 开发环境中不包含生产数据 严禁将生产数据直接复制到本地环境中。 开发数据集必须: * 最小化 * 匿名化或假名化 * 经过密钥扫描 * 即使匿名化后也必须被视为机密 * 在替换后被销毁 ### 4. AI 是辅助性的,而非自主性的 AI 可以协助进行: * 编写文档 * 代码建议 * 故障排除 * 内容总结 * 本地开发推理 AI 严禁自主进行以下操作: * 部署 * 合并到受保护的分支 * 标记发布版本 * 修改生产控制措施 * 窃取数据 * 接收生产数据集 * 未经明确批准,通过外部 SaaS 工具接收敏感的本地开发数据集 ### 5. 在扩展之前先建立治理 重点并不是构建一台庞大的治理机器。 重点在于尽早明确以下基础事项: * 运行了什么 * 谁更改了什么 * 使用了什么数据 * 对什么内容进行了匿名化 * 可以重置什么 * 绝对不能发送给外部 AI 的是什么 * 什么是仅限本地的 * 什么是未来的生产工作 ## 参考仓库结构 推荐结构: ``` local-first-wordpress-devsecops-kit/ │ ├── README.md ├── docker-compose.yml ├── .env.example ├── .gitignore │ ├── scripts/ │ ├── dev-up.sh │ ├── dev-down.sh │ ├── dev-health.sh │ ├── dev-reset.sh │ ├── scan-secrets.sh │ └── anonymize-placeholder.py │ ├── docs/ │ ├── dev/ │ │ ├── LOCAL_DEV_ENVIRONMENT.md │ │ ├── DOCKER_WORDPRESS_RUNBOOK.md │ │ └── DEBUG_AND_RESET.md │ │ │ ├── privacy/ │ │ ├── DATA_ANONYMIZATION_GUIDE.md │ │ ├── DATA_CLASSIFICATION_TEMPLATE.md │ │ └── DEVELOPMENT_DATA_RULES.md │ │ │ ├── governance/ │ │ ├── AI_BOUNDARY_MODEL.md │ │ ├── SSOT_AND_AUTHORITY_MODEL.md │ │ ├── CHANGE_CONTROL.md │ │ └── RISK_REGISTER.md │ │ │ └── evidence/ │ ├── ANONYMIZATION_LOG_TEMPLATE.md │ ├── LOCAL_ENVIRONMENT_VALIDATION_CHECKLIST.md │ └── SECRET_SCAN_LOG_TEMPLATE.md │ └── wp-content/ └── .gitkeep ``` ## 快速开始 ### 前置条件 安装: * Docker Desktop 或 Docker Engine + Docker Compose * Git * 兼容 Bash 的 Shell 检查: ``` docker compose version git --version ``` ### 克隆 ``` git clone git@github.com:YOUR-USERNAME/local-first-wordpress-devsecops-kit.git cd local-first-wordpress-devsecops-kit ``` ### 配置环境 ``` cp .env.example .env ``` ### 启动技术栈 ``` docker compose up -d ``` ### 检查容器 ``` docker compose ps ``` ### 打开 WordPress ``` http://localhost:8080 ``` ## Docker Compose 基准 `docker-compose.yml` 示例: ``` services: wordpress: image: wordpress:latest container_name: local_wp ports: - "127.0.0.1:8080:80" environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: wp WORDPRESS_DB_PASSWORD: wp WORDPRESS_DB_NAME: local_wp volumes: - ./wp-content:/var/www/html/wp-content depends_on: db: condition: service_healthy networks: - app-net db: image: mariadb:11 container_name: local_wp_db environment: MYSQL_DATABASE: local_wp MYSQL_USER: wp MYSQL_PASSWORD: wp MYSQL_ROOT_PASSWORD: root volumes: - db_data:/var/lib/mysql healthcheck: test: ["CMD", "mariadb-admin", "ping", "-h", "localhost", "-uroot", "-proot"] interval: 10s timeout: 5s retries: 5 networks: - app-net mailpit: image: axllent/mailpit:latest container_name: local_mailpit ports: - "127.0.0.1:8025:8025" networks: - app-net volumes: db_data: networks: app-net: driver: bridge ``` ### 为什么 localhost 绑定很重要 请使用: ``` 127.0.0.1:8080:80 ``` 而不是: ``` 8080:80 ``` 这可以减少意外暴露到本地机器之外的风险。 ## 日常工作流 ### 启动 ``` docker compose up -d ``` ### 停止 ``` docker compose down ``` ### 查看状态 ``` docker compose ps ``` ### 查看日志 ``` docker compose logs -f ``` ### 查看单个服务的日志 ``` docker compose logs -f wordpress docker compose logs -f db ``` ### 进入 WordPress 容器 ``` docker compose exec wordpress bash ``` ## 重置与重建模型 目标是通过例程进行恢复,而不是凭记忆。 ### 软重启 ``` docker compose restart ``` ### 在依赖或 Dockerfile 发生更改后重建 ``` docker compose up -d --build ``` ### 彻底清除并重置 警告:将删除持久化的数据库卷。 ``` docker compose down -v docker compose up -d --build ``` 仅当本地数据不再需要时才使用彻底重置。 ## 推荐脚本 ### `scripts/dev-up.sh` ``` #!/usr/bin/env bash set -euo pipefail echo "Starting local development stack..." docker compose up -d echo echo "Current containers:" docker compose ps echo echo "WordPress should be available at:" echo "http://localhost:8080" ``` ### `scripts/dev-down.sh` ``` #!/usr/bin/env bash set -euo pipefail echo "Stopping local development stack..." docker compose down ``` ### `scripts/dev-health.sh` ``` #!/usr/bin/env bash set -euo pipefail echo "Docker Compose version:" docker compose version echo echo "Container status:" docker compose ps echo echo "Database health:" docker compose exec db mariadb-admin ping -h localhost -uroot -proot || true echo echo "Recent logs:" docker compose logs --tail=50 ``` ### `scripts/dev-reset.sh` ``` #!/usr/bin/env bash set -euo pipefail echo "WARNING: this will remove local containers and volumes." echo "Local database data will be deleted." read -r -p "Type RESET to continue: " confirm if [[ "$confirm" != "RESET" ]]; then echo "Aborted." exit 1 fi docker compose down -v docker compose up -d --build docker compose ps ``` ### `scripts/scan-secrets.sh` ``` #!/usr/bin/env bash set -euo pipefail TARGET="${1:-.}" echo "Scanning for common secret patterns in: $TARGET" grep -RInE \ "password|secret|token|BEGIN PRIVATE KEY|sk_live|smtp|license|api[_-]?key" \ "$TARGET" \ --exclude-dir=.git \ --exclude-dir=node_modules \ --exclude-dir=vendor || true echo echo "Review all matches manually. False positives are possible." ``` ## 隐私基准 ### 规则 1:开发环境中不包含生产数据 严禁将生产数据直接复制到本地开发环境中。 允许: * 生成的模拟数据 * 手动创建的测试数据 * 最小化且匿名化的数据集 * 经批准的假名化开发数据提取 不允许: * 原始生产数据库转储 * 真实客户数据 * 真实的患者/用户/客户标识符 * 生产上传文件夹 * API token、SMTP 凭证或许可证密钥 * 粘贴到 AI 工具或聊天中的密钥 ## 开发数据流 ``` flowchart LR PROD["Production data
(not copied directly)"] REVIEW["Data classification review"] MIN["Minimized extract"] ANON["Anonymization / pseudonymization"] SCAN["Secret scan"] IMPORT["Import into local Docker DB"] VALIDATE["Validation"] EVIDENCE["Evidence log"] DESTROY["Destroy old local dataset"] PROD --> REVIEW REVIEW --> MIN MIN --> ANON ANON --> SCAN SCAN --> IMPORT IMPORT --> VALIDATE VALIDATE --> EVIDENCE EVIDENCE --> DESTROY BLOCK["External AI / SaaS LLMs"] ANON -. "must not be uploaded
without explicit approval" .-> BLOCK classDef safe fill:#eef,stroke:#447,stroke-width:1px; classDef control fill:#efe,stroke:#474,stroke-width:1px; classDef danger fill:#fee,stroke:#944,stroke-width:1px; class REVIEW,ANON,SCAN,VALIDATE,EVIDENCE control; class MIN,IMPORT,DESTROY safe; class PROD,BLOCK danger; ``` ## 数据分类模板 创建 `docs/privacy/DATA_CLASSIFICATION_TEMPLATE.md`: ``` # 数据分类模板 | Table / Field | Classification | Development Handling | Notes | | --- | --- | --- | --- | | wp_users.user_email | Personal data | Replace with generated address | Stable pseudonym preferred | | wp_users.user_login | Personal data | Replace with generated login | Keep referential consistency | | wp_usermeta.meta_value | Personal data / mixed | Review and scrub | May contain phone, address, metadata | | wp_options.option_value | Secret / configuration risk | Remove or replace | API keys, tokens, licenses | | wp_posts.post_content | Mixed content risk | Scan and anonymize | Free text may contain personal data | | wp_comments.comment_author_email | Personal data | Replace | | | wp_comments.comment_author_IP | Personal data | Truncate or replace | | | wp-content/uploads | High-risk files | Do not copy by default | May contain PDFs, images, EXIF | ``` ## 开发数据规则 创建 `docs/privacy/DEVELOPMENT_DATA_RULES.md`: ``` # 开发数据规则 ## 强制规则 1. No raw production data in local development. 2. No secrets in repositories, chats or AI prompts. 3. Anonymized datasets remain confidential. 4. Old local datasets must be deleted after refresh. 5. Uploads folders are not copied from production by default. 6. External AI tools must not receive local development datasets unless explicitly approved. 7. Dataset handling must leave an evidence trail. ## 本地数据集生命周期 request → classification review → minimized extract → anonymization → secret scan → local import → validation → destruction after replacement ## 销毁 Use: docker compose down -v rm -f anonymized_dump_old.sql when local data is no longer needed. ``` ## 匿名化模型 创建 `docs/privacy/DATA_ANONYMIZATION_GUIDE.md`: ``` # 数据匿名化指南 ## 原则 Anonymization reduces risk, but anonymized development data is still treated as confidential. ## 最小化处理 1. Review data classification. 2. Export only required tables. 3. Replace personal data. 4. Remove secrets. 5. Preserve referential consistency where needed. 6. Round timestamps where appropriate. 7. Scan output for secrets. 8. Record evidence. ## 稳定的假名化 Random replacement is not always enough. For relational data, the same source value should map to the same pseudonym across tables. Example: def stable_pseudonym(value: str) -> str: import hashlib return hashlib.sha256(f"project_seed_{value}".encode()).hexdigest()[:12] ## Secret scan grep -RiE \ "password|secret|token|BEGIN PRIVATE KEY|sk_live|smtp|license|api[_-]?key" \ anonymized_dump.sql If matches are found, fix the anonymization process and regenerate the dataset. ## 证据 Record each anonymization run in: docs/evidence/ANONYMIZATION_LOG_TEMPLATE.md ``` ## AI 边界模型 ``` flowchart TB AI["AI assistant"] ALLOWED["Allowed"] DENIED["Denied"] AI --> ALLOWED AI --> DENIED ALLOWED --> DOCS["Draft documentation"] ALLOWED --> LOGS["Explain logs"] ALLOWED --> TESTS["Suggest tests"] ALLOWED --> LOCAL["Assist local troubleshooting"] ALLOWED --> REVIEW["Review non-sensitive config"] DENIED --> DEPLOY["Deploy"] DENIED --> MERGE["Merge to protected branches"] DENIED --> TAG["Create releases / tags"] DENIED --> SECRETS["Receive secrets"] DENIED --> PRODDATA["Receive production data"] DENIED --> CONTROLS["Modify production controls"] classDef ok fill:#e9f7ef,stroke:#2e7d32,stroke-width:1px; classDef no fill:#fdecea,stroke:#c62828,stroke-width:1px; class ALLOWED,DOCS,LOGS,TESTS,LOCAL,REVIEW ok; class DENIED,DEPLOY,MERGE,TAG,SECRETS,PRODDATA,CONTROLS no; ``` 创建 `docs/governance/AI_BOUNDARY_MODEL.md`: ``` # AI 边界模型 ## 原则 AI is assistive, not autonomous. AI can support development, documentation and troubleshooting, but it must not independently control delivery, production access or sensitive data movement. ## 允许 AI may assist with: - documentation drafts - local troubleshooting - explaining logs - generating test ideas - summarizing architecture - suggesting scripts - reviewing non-sensitive configuration - helping with local development workflows ## 不允许 AI must not independently: - deploy - merge to protected branches - create release tags - archive repositories - modify production controls - receive secrets - receive raw production data - receive local anonymized datasets through external SaaS tools without approval - bypass governance review ## 本地 AI Local models may be used for lower-risk development support when data remains on the developer machine. Recommended local tools: - Ollama - Open WebUI - local coding models ## 外部 AI External AI services must be treated as third-party processors. Do not paste: - secrets - customer data - production dumps - anonymized datasets - tenant-specific data - confidential internal architecture unless explicitly approved through governance review. ``` ## SSOT 与授权模型 创建 `docs/governance/SSOT_AND_AUTHORITY_MODEL.md`: ``` # 单一真理与权威来源模型 ## 目的 This document defines which source wins when documentation, repository state and operational summaries disagree. ## 权威层级 1. Governance repository documentation 2. Current repository state 3. Approved issue / pull request history 4. Operational summaries 5. Informal notes or chat history ## 规则 If conflict exists, governance docs and repository state override informal summaries. ## 重要性说明 AI-generated summaries and operational notes can drift. The repository must remain the source of enforceable truth for: - code - configuration - scripts - validation - governance policies - evidence templates ``` ## 变更控制 创建 `docs/governance/CHANGE_CONTROL.md`: ``` # Change Control ## 原则 Small local development changes do not need enterprise bureaucracy, but they still need clarity. ## 风险等级 ### Class 1 — 仅限文档 Examples: - README edits - comments - non-operational documentation - spelling fixes Required: - clear commit message ### Class 2 — 本地 workflow 或开发 runtime 变更 Examples: - docker-compose changes - script changes - anonymization process changes - AI boundary updates - local development tooling Required: - change summary - test command or validation note - rollback note ### Class 3 — 影响生产或敏感控制变更 Examples: - production deployment - tenant isolation logic - authentication and authorization controls - secrets handling - release process - data export/import controls Required: - formal review - risk assessment - rollback plan - evidence trail - approval before merge ``` ## 风险登记册 创建 `docs/governance/RISK_REGISTER.md`: ``` # Risk Register | Risk | Impact | Mitigation | | --- | --- | --- | | Scope creep | Stack becomes too complex | Add services only when needed | | Production data leakage | GDPR / confidentiality risk | No production data in dev | | Secrets in repo | Credential compromise | .gitignore + secret scanning | | AI context leakage | Sensitive information exposure | AI boundary model | | Docker misconfiguration | Accidental network exposure | Bind ports to localhost | | Tenant boundary mistakes | Data isolation failure | Tenant isolation first | | Unowned scripts | Operational risk | Document scripts and ownership | | Environment drift | Onboarding failure | Docker Compose + scripts | | No evidence trail | Audit weakness | Evidence templates | ``` ## 证据模板 ### `docs/evidence/ANONYMIZATION_LOG_TEMPLATE.md` ``` # 匿名化日志 | Field | Value | | --- | --- | | Timestamp | YYYY-MM-DDTHH:MM:SSZ | | Operator | | | Source environment | | | Dataset scope | | | Data classification reviewed | yes / no | | Anonymization script/version | | | Secret scan completed | yes / no | | Secret scan result | pass / fail | | Local import completed | yes / no | | Old dataset destroyed | yes / no | | Notes | | ## 使用的命令 Paste commands here. ## 验证说明 Describe how anonymization was verified. ``` ### `docs/evidence/LOCAL_ENVIRONMENT_VALIDATION_CHECKLIST.md` ``` # 本地环境验证清单 | Check | Result | Notes | | --- | --- | --- | | Docker Compose version works | pass / fail | | | Stack starts with one command | pass / fail | | | WordPress opens on localhost | pass / fail | | | Database container healthy | pass / fail | | | Mailpit opens on localhost | pass / fail | | | No production data used | pass / fail | | | No secrets committed | pass / fail | | | Reset command tested | pass / fail | | | Documentation reviewed | pass / fail | | ``` ### `docs/evidence/SECRET_SCAN_LOG_TEMPLATE.md` ``` # Secret Scan 日志 | Field | Value | | --- | --- | | Timestamp | | | Operator | | | Target path | | | Tool / command | | | Result | pass / fail | | Follow-up actions | | ## 命令 ./scripts/scan-secrets.sh . ## 发现结果 Document findings or false positives here. ``` ## 安全说明 Docker 能提供帮助,但它不会自动使系统变得安全。 优点: * 服务是明确的 * 本地端口可以绑定到 localhost * 依赖项是可见的 * 运行时可以重建 * 数据卷可以重置 * 可以减少网络暴露 使用不当的缺点: * 永远以 root 身份运行所有进程 * 暴露所有端口 * 将密钥存储在 compose 文件中 * 复制生产环境上传的文件 * 使用未更新的陈旧镜像 * 认为本地就等于安全 * 将开发数据发送到外部 AI 工具 ## 本地 AI 说明 推荐的本地使用模式: ``` Desktop = build / debug / document Local AI = assist / explain / summarize Repository = source of truth Governance docs = rules and boundaries ``` 本地 AI 可用于: * 解释日志 * 起草文档 * 生成测试用例 * 总结项目背景 * 审查非敏感的本地脚本 本地 AI 不能替代: * 代码审查 * 安全审查 * 治理批准 * 生产发布流程 * 密钥管理 * 数据保护影响评估 ## 为什么这很重要 本套件减少了: * 入门阻力 * 本地环境配置漂移 * 生产数据的误用 * AI 上下文泄露 * 未记录的设置知识 * “只有一个人知道它如何运作”的风险 * 对重置和重建的恐惧 * 隐藏的运营复杂性 它提升了: * 可重复性 * 可恢复性 * 可审计性 * 开发者信心 * 运营透明度 * 隐私纪律 * 治理成熟度 ## 作品集总结 本项目展示了: * 基于 Docker Compose 的 WordPress 本地开发 * 本地优先的 DevSecOps 思维 * 注重隐私的开发工作流 * 匿名化数据处理模型 * AI 边界模型 * 审计证据模板 * 操作手册编写 * 在扩展前建立轻量级治理 技术价值不仅在于技术栈本身。 其价值在于使技术栈变得可理解、可恢复和可转移。 ## 建议的 GitHub 描述 ``` Local-first DevSecOps starter kit for regulated WordPress development: Docker Compose, privacy-safe data handling, AI boundaries, runbooks and audit evidence templates. ``` ## 建议的话题 ``` wordpress docker docker-compose devsecops local-development governance privacy gdpr ai-boundary audit-evidence developer-onboarding technical-documentation ``` ## 许可证 公开作品集版本推荐使用的许可证: ``` MIT License ``` 对于内部/私营公司的使用,请根据组织政策选择许可证。 ## 结语 本项目有意避免了不必要的复杂性。 目标不是构建最大的平台。 目标是构建一个团队可以理解、运行、重置、审查和改进的最小可用操作模型。
标签:DevSecOps, Docker Compose, WordPress, 上游代理, 合规治理, 应用安全, 文件完整性监控, 本地开发环境, 版权保护, 网络安全, 逆向工具, 隐私保护