Initial commit: InternalAuditInterprise

backend/app/config.py

@@ -0,0 +1,70 @@
+"""应用配置。
+
+通过环境变量加载，区分 dev / prod 运行环境。
+prod 环境强制执行"数据零出域"红线：禁用任何公网 LLM Provider。
+"""
+
+from __future__ import annotations
+
+from enum import Enum
+
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+
+class AppEnv(str, Enum):
+    dev = "dev"
+    prod = "prod"
+
+
+class LLMProviderName(str, Enum):
+    dashscope = "dashscope"  # 公网千问，仅 dev
+    vllm = "vllm"  # 本地，prod
+
+
+# 被认定为"公网/出域"的 Provider，prod 下禁止使用
+EGRESS_PROVIDERS: frozenset[LLMProviderName] = frozenset({LLMProviderName.dashscope})
+
+
+class Settings(BaseSettings):
+    model_config = SettingsConfigDict(
+        env_prefix="",
+        env_file=".env",
+        extra="ignore",
+        case_sensitive=False,
+    )
+
+    aiaudit_env: AppEnv = AppEnv.dev
+
+    database_url: str = "postgresql+psycopg://freedak@localhost:5432/aiaudit"
+    redis_url: str = "redis://localhost:6379/0"
+
+    llm_provider: LLMProviderName = LLMProviderName.dashscope
+    dashscope_api_key: str = ""
+    dashscope_model: str = "qwen-plus"
+    vllm_base_url: str = "http://localhost:8001/v1"
+    vllm_model: str = "qwen2.5-72b-instruct"
+
+    @property
+    def is_prod(self) -> bool:
+        return self.aiaudit_env == AppEnv.prod
+
+    def validate_egress_policy(self) -> None:
+        """数据零出域红线校验：prod 环境禁用公网 Provider。
+
+        在应用启动时调用；违反则抛出异常阻断启动。
+        """
+        if self.is_prod and self.llm_provider in EGRESS_PROVIDERS:
+            raise RuntimeError(
+                f"数据零出域红线违规：prod 环境禁止使用公网 LLM Provider "
+                f"'{self.llm_provider.value}'。请改用本地 Provider（如 vllm）。"
+            )
+
+
+_settings: Settings | None = None
+
+
+def get_settings() -> Settings:
+    global _settings
+    if _settings is None:
+        _settings = Settings()
+    return _settings