Arxivga qaytish
II. Klinik AI va tibbiy platformalarqo'shimchaishtirokchimijoz anonimlashtirilgan

Anon Service — PII ↔ PHI ko'prigi

"Kanonik" PII foydalanuvchi identifikatorlari bilan PHI yozuvlari uchun anonim UUID'lar o'rtasida 1:1 muvofiqlikni saqlaydigan ichki mikroservis; shifrlash HashiCorp Vault orqali, servislararo avtorizatsiya Keycloak orqali.

Holat
faol
Davr
2025-10-13 → 2025-12-09
AI sessiyalar
Stek
Tillar
TypeScript
Freymvorklar · Infra
BunElysiaDrizzle ORMPostgresHashiCorp Vault (node-vault)Keycloak/jose JWTBiome
§01

Umumiy ko'rinish

  • Bu nima: healthcare-platform healthcare ekotizimi ichidagi maxfiylik/anonimizatsiya mikroservisi (realm healthcare-platform-internal-service). piiUserId qabul qiladi → deterministik anonim UUID (anonUserId) qaytaradi; teskari qayta identifikatsiya (qat'iy cheklangan), rotatsiya va GDPR bo'yicha o'chirishni qo'llab-quvvatlaydi. Qardosh servislar pii-service va phi-service bilan integratsiya qiladi (ular ham tahlil navbatida — #46, #44).
  • Turi / holati / roli: api (ichki REST mikroservis) / active (oxirgi kommit 2025-12-09, CI/deploy o'rnatilgan) / contributor — asosiy domen mantiqini Ramiro yozgan (28+1 kommit), foydalanuvchi Davron Yuldashev — 11 kommit, asosan DevOps/infra.
  • Faol davri: 2025-10-13 → 2025-12-09 (~2 oy), 40 kommit, fix/health-endpoints branchi va merge oqimi bilan faol ishlab chiqish.
§02

Stek

  • Tillar: TypeScript (strict), runtime Bun.
  • Freymvorklar/kutubxonalar (`package.json` va koddan):
  • Elysia 1.4 (+ @elysiajs/cors, @elysiajs/openapi/Swagger) — Bun ustidagi HTTP freymvork.
  • Drizzle ORM 0.44 + drizzle-kit + postgres (postgres.js) — Postgres bilan ishlash va migratsiyalar.
  • HashiCorp Vault node-vault orqali — Transit shifrlash (AES-256-GCM) + KV + AppRole.
  • Keycloak + jose 6 — servislararo autentifikatsiya uchun JWKS orqali RS256 JWT tekshiruvi.
  • Biome — lint/format (ESLint/Prettier o'rniga).
  • Infra/deploy: Docker multi-stage (bun:1.3.3-slim, non-root foydalanuvchi), alohida Dockerfile.migrate, healthcheck'lar bilan docker-compose.yml + docker-compose-dev.yml. CI: GitLab CI (.gitlab/ci/_common.yml, build.yml, deploy.yml) + GitHub workflow'lar. Vault host https://vt.ksa.healthcare-platform.com.
  • Ma'lumotlar: PostgreSQL. 2 ta jadval (drizzle/schema.ts): id_mappings (ciphertext'lar + bytea blind index, status enum active/rotated/deleted, versiya, soft-delete deletedAt) va mapping_audit (audit jurnali: caller, action, realm, faqat indekslar — plaintext yo'q). customType orqali maxsus bytea tipi (Drizzle uni tayyor holda bermaydi).
  • E'tiborga molik tooling: OpenAPI spetsifikatsiyasi (docs/openapi.yaml), Mermaid bilan arxitektura hujjatlari (docs/ARCHITECTURE.md, DATA_FLOW.md, SEQUENCE_DIAGRAMS.md).
§03

Nima qilindi

Butun loyiha bo'yicha xronologiya (kontekst uchun) va alohida — foydalanuvchi nima qilgani.

Loyiha umuman (asosan Ramiro):

  • Servisni ishga tushirish, yadro: app/db/vault/health (cd4658a, 366813a).
  • Auth + shifrlash + metrikalar: JWT tekshiruvi, HMAC, Transit encrypt/decrypt (b8f608f).
  • Mappings kontroller → identities deb qayta nomlangan (GDPR semantikasi), create/lookup/delete endpoint'lari (f8fa0c2, e8c5c3d).
  • Keycloak orqali servislararo auth + RBAC plaginlari (f08945b), CORS + ichki route'lar (e97f8ff).
  • Vault/Keycloak konfiguratsiyasi, init/status skriptlari (d0935fe); maxsus bytea + boolean success + created_at bo'yicha indeks (4b67b1a).

Foydalanuvchining hissasi (git log --author="Davron", 11 kommit — DevOps/infra tomonga og'gan):

  • CI/CD + Docker dev muhiti (1d99301, 8 fayl): GitLab CI pipeline (build/deploy bosqichlari), Postgres bilan docker-compose-dev.yml, Dockerfile.migrate, multi-stage Dockerfile.
  • Konteynerni mustahkamlash (37c72d8, b9081c0): non-root foydalanuvchi (groupadd/useradd), ownership tuzatish, builder va prod uchun bun:1.3-slim.
  • Health probe'lar (f0ae025, 385+/1492−): tiplashtirilgan javob sxemalari + OpenAPI tavsiflari bilan liveness/readiness endpoint'lari; bog'liqliklarni yangilash (bun.lock qayta qurish).
  • Swagger/config (e674d63, c2b1e1a, 47bbfc2), docker-compose depends_on/healthcheck (bc95012), yakuniy CI/deploy tuzatishlari (ae86fe6).
  • Vault path + debug logging (4a1a524) — ⚠️ "Texnik chellenjlar" bo'limiga qarang.
  • Hajmi: 40 tadan 11 kommit (~28%), infratuzilma va operatsion tayyorlikka jamlangan, domen kripto mantig'iga emas.
§04

Texnik chellenjlar

Faqat kodda tasdiqlangan narsalar (path/hash'lar bilan).

  • Shifrlangan ma'lumot ustidan deterministik qidiruvblind index patterni: pii_user_id shifrlangan holda saqlanadi (Vault Transit, crypto.ts/mapping-service.ts:62), lookup uchun esa HMAC-SHA256(key, value) hisoblanadi (services/hmac.ts:23) va bytea ustunga joylanadi. Lookup indeks orqali sodir bo'ladi (mapping-service.ts:41-44), DB'da plaintext yo'q. Kuchli privacy-engineering yechimi (Senior daraja) — *Ramiro mualliligi*.
  • PII sizib chiqmasdan auditmapping_audit jadvali faqat blind indekslar va metama'lumotlarni yozadi (caller, action, success), identifikatorlarning o'zini emas (schema.ts:43-55, mapping-service.ts:8-28). GDPR uchun qulay. *Ramiro mualliligi.* ⚠️ audit() xatolarni bo'sh catch {} bilan yutib yuboradi — audit yozuvidagi nosozliklar sezilmay qoladi.
  • Keycloak ustida servislararo RBACmiddleware/service-auth.ts: createRemoteJWKSet orqali RS256 tekshiruvi, iss tekshiruvi, service-account talabi (preferred_username service-account- bilan boshlanadi), realm + client rollarini ajratib olish; kompozitsiyalanadigan Elysia plaginlari requireServiceRole/requireServiceClient/requireServiceClientWithRole. Toza va yaxshi tiplashtirilgan. *Ramiro mualliligi.*
  • Soft-delete + status mashinasi → enum active/rotated/deleted, versiyalash, deletedAt (GDPR o'chirishni marker sifatida, mapping-service.ts:120-173).
  • Foydalanuvchining hissasi — operatsion tayyorlik: konteynerizatsiya (multi-stage, non-root), CI/CD pipeline (GitLab), Kubernetes uslubidagi liveness/readiness probe'lari OpenAPI sxemalari bilan, compose'da healthcheck bog'liqliklari. Xavfsizlik uchun kritik servis uchun haqiqiy DevOps/platform mahorati.
  • ⚠️ Topilgan xavfsizlik muammolari (halol — omma oldida bu holicha KO'RSATMANG): 1. config/vault.ts:31-33strictSSL: false / rejectUnauthorized: false: Vault'ga TLS tekshiruvi o'chirilgan. 2. services/hmac.ts:8,11,19-22 va mapping-service.ts:35-37console.log HMAC kalitini, plaintext `piiUserId`ni, blind indeksni va Vault javobini chop etadi. Bu servis himoya qilishi kerak bo'lgan aynan o'sha sirlar/PII loglarga sizib chiqadi; README aniq "No raw IDs in logs" deb e'lon qiladi. Bu debug loglari foydalanuvchi tomonidan 4a1a524 kommitida qo'shilgan ("Added console logging ... of piiUserId and computed indices", "Enhanced logging in hmac service"). Haqiqiy bug + reputatsion risk.
§05

AI yordamida ishlab chiqish

  • Topilgan sessiyalar: 0. Ushbu loyiha uchun to'liq-path normalizatsiya kaliti orqali tekshirildi — mos kelishlar yo'q. (Kommit-xabar uslubi va repodagi .cursor/ Cursor'dan foydalanilgan bo'lishi mumkinligiga ishora qiladi, ammo lokal Claude Code sessiyalari katalogida to'g'ridan-to'g'ri dalil yo'q.)
  • AI bilan nima qilingan: ma'lumot yo'q.
  • AI-workflow patternlari: yo'q.
  • Sessiyalar yo'q.
§06

Yutuqlar va metrikalar

Kod/hujjatlardan, taxminsiz:

  • Identity mapping bo'yicha 5 ta rolga asoslangan operatsiya (write/read/reidentify/delete/rotate), Keycloak anon:* rollariga bog'langan.
  • 2 ta jadval + 3 ta migratsiya; enum status mashinasi + versiyalash + soft-delete.
  • To'liq health probe'lar to'plami: /health/live, /health/ready, /api/v1/internal/health (+ JWKS statusi).
  • 3 ta tizim bilan integratsiya: Vault (Transit+KV+AppRole), Keycloak (JWKS/JWT), Postgres.
  • 2 ta platformada CI/CD (GitLab + GitHub Actions), Docker multi-stage + migratsiya obrazi.
  • Load/scale metrikalari yo'q (ichki proprietar servis).
§07

Hissa qo'shganlar

git shortlog · barcha branchlar

  1. Dave9311
  2. Ramiro29
2 hissadorjami 40 ta kommit
Hozirda

Senior / Staff muhandis rollari va tanlab olingan frilansga ochiqman — prodakshn AI, platforma va full-stack ishlar.

Bog'lanish