security_id,data_category,sensitivity,entities,protection_strategy,notes
SEC-01,设计文件内容,低,ENT-CAPABILITY ENT-MODULE ENT-ENTITY ENT-VALUE-FLOW ENT-USER-JOURNEY ENT-INTEGRATION ENT-DATA-FLOW ENT-DESIGN-DOC ENT-TRACEABILITY-LINK ENT-CHANGE-LOG-ENTRY ENT-ADR ENT-SHARED-TERM ENT-DOMAIN ENT-UBIQUITOUS-TERM ENT-SCENARIO ENT-DOMAIN-MODULE ENT-DOMAIN-ENTITY ENT-SCOPE-AND-GOALS ENT-SYSTEM-CONTEXT ENT-SOLUTION-LAYER ENT-API-CONTRACT ENT-CODEBASE-ALIGNMENT ENT-MODULE-BOUNDARY-RULE ENT-DATA-SECURITY ENT-TECH-SELECTION ENT-RUNTIME-TOPOLOGY ENT-RUNTIME-COMPONENT ENT-ENVIRONMENT ENT-OPERATIONAL-BASELINE ENT-RELEASE-PLAN ENT-EXTERNAL-SYSTEM,无特殊保护（本身是给 AI agent 和团队看的公开设计文档）,通过网络隔离保护
SEC-02,关系图和扫描结果,低,ENT-GRAPH-NODE ENT-GRAPH-EDGE ENT-GRAPH-VIEW ENT-SCAN-RESULT,无特殊保护（运行时派生数据）,从设计文件实时计算无需持久化保护
SEC-03,项目注册信息,中,ENT-PROJECT,文件路径不暴露在前端 URL 中（前端用项目 ID 后端查路径）,包含本地文件路径泄露可能暴露服务器目录结构
SEC-04,代码仓库路径,中,ENT-IMPL-PROGRESS ENT-EDITABLE-FILE,同 SEC-03（路径不暴露到前端）,Phase2
SEC-05,LLM API 密钥,高,,存服务器环境变量不通过 API 返回不写入设计文件,Phase2