Enhance localization and entity type management

- Updated built-in sensitive data types to include SYS suffix for consistency across documentation and code.
- Implemented functionality to disable and enable entity types for tenants, allowing for more flexible data security configurations.
- Added user language preference handling during login and updated language detection logic to prioritize user settings.
- Improved frontend components to reflect changes in entity type codes and added language switcher for better user experience.

Author: ThomasLWang

CHANGELOG.md

@@ -159,7 +159,7 @@ curl -X POST "http://localhost:5001/v1/guardrails" \
   * Three risk levels: low, medium, high
   * Six masking methods: replace, mask, hash, encrypt, shuffle, random
   * Configurable input/output direction detection
-  * Built-in types: ID_CARD_NUMBER, PHONE_NUMBER, EMAIL, BANK_CARD_NUMBER, PASSPORT_NUMBER, IP_ADDRESS
+  * Built-in types: ID_CARD_NUMBER_SYS, PHONE_NUMBER_SYS, EMAIL_SYS, BANK_CARD_NUMBER_SYS, PASSPORT_NUMBER_SYS, IP_ADDRESS_SYS
 
 * 📊 **Enhanced Detection Results**
 
@@ -199,9 +199,9 @@ curl -X POST "http://localhost:5001/v1/guardrails" \
       "result": {
         "compliance": {"risk_level": "Safe", "categories": []},
         "security": {"risk_level": "Safe", "categories": []},
-        "data": {"risk_level": "High", "categories": ["PHONE_NUMBER", "ID_CARD_NUMBER"]}
+        "data": {"risk_level": "High", "categories": ["PHONE_NUMBER_SYS", "ID_CARD_NUMBER_SYS"]}
       },
-      "suggest_answer": "My phone is <PHONE_NUMBER>, ID is <ID_CARD_NUMBER>"
+      "suggest_answer": "My phone is <PHONE_NUMBER_SYS>, ID is <ID_CARD_NUMBER_SYS>"
     }
     ```
 

README.md

@@ -982,7 +982,7 @@ Xiangxin AI Guardrails v2.4.0 introduces **Data Leak Detection** capability to p
 - **Three Risk Levels**: Low, Medium, High risk classification
 - **Configurable Detection Direction**: Input/Output detection control
 - **Multiple Masking Methods**:
-  - **Replace**: Replace with placeholder tokens (e.g., `<PHONE_NUMBER>`)
+  - **Replace**: Replace with placeholder tokens (e.g., `<PHONE_NUMBER_SYS>`)
   - **Mask**: Partial masking (e.g., `139****5678`)
   - **Hash**: SHA256 hashing
   - **Encrypt**: Encryption processing
@@ -991,12 +991,12 @@ Xiangxin AI Guardrails v2.4.0 introduces **Data Leak Detection** capability to p
 
 ### 📋 Built-in Sensitive Data Types
 
-- **ID_CARD_NUMBER**: Chinese ID card numbers
-- **PHONE_NUMBER**: Mobile phone numbers
-- **EMAIL**: Email addresses
-- **BANK_CARD_NUMBER**: Bank card numbers
-- **PASSPORT_NUMBER**: Passport numbers
-- **IP_ADDRESS**: IP addresses
+- **ID_CARD_NUMBER_SYS**: Chinese ID card numbers
+- **PHONE_NUMBER_SYS**: Mobile phone numbers
+- **EMAIL_SYS**: Email addresses
+- **BANK_CARD_NUMBER_SYS**: Bank card numbers
+- **PASSPORT_NUMBER_SYS**: Passport numbers
+- **IP_ADDRESS_SYS**: IP addresses
 - **CREDIT_CARD**: Credit card numbers
 - **SSN**: Social Security Numbers
 
@@ -1017,22 +1017,22 @@ Prevents models from leaking sensitive data to users.
 ```json
 {
     "id": "guardrails-6048ed54e2bb482d894d6cb8c3842153",
-    "overall_risk_level": "高风险",
-    "suggest_action": "代答",
-    "suggest_answer": "我的电话号码是<PHONE_NUMBER>,银行卡号是<BANK_CARD_NUMBER>,身份证号是<ID_CARD_NUMBER>",
+    "overall_risk_level": "high_risk",
+    "suggest_action": "replace",
+    "suggest_answer": "My phone number is <PHONE_NUMBER_SYS>, bank card number is <BANK_CARD_NUMBER_SYS>, ID card number is <ID_CARD_NUMBER_SYS>",
     "score": 0.999998927117538,
     "result": {
         "compliance": {
-            "risk_level": "无风险",
+            "risk_level": "no_risk",
             "categories": []
         },
         "security": {
-            "risk_level": "无风险",
+            "risk_level": "no_risk",
             "categories": []
         },
         "data": {
-            "risk_level": "高风险",
-            "categories": ["BANK_CARD_NUMBER", "ID_CARD_NUMBER", "PHONE_NUMBER"]
+            "risk_level": "high_risk",
+            "categories": ["BANK_CARD_NUMBER_SYS", "ID_CARD_NUMBER_SYS", "PHONE_NUMBER_SYS"]
         }
     }
 }
@@ -1095,7 +1095,7 @@ response = requests.post(
     headers={"Authorization": "Bearer your-api-key"},
     json={
         "name": "High Risk Behavior Ban",
-        "risk_level": "高风险",
+        "risk_level": "high_risk",
         "trigger_count": 3,
         "time_window_minutes": 60,
         "ban_duration_minutes": 1440,

README_ZH.md

@@ -995,7 +995,7 @@ def chat_with_openai(prompt, model="Xiangxin-Guardrails-Text"):
 - **三级风险等级**：低、中、高风险分类
 - **可配置检测方向**：输入/输出检测控制
 - **多种脱敏方法**：
-  - **替换(Replace)**：替换为占位符标记（如：`<PHONE_NUMBER>`）
+  - **替换(Replace)**：替换为占位符标记（如：`<PHONE_NUMBER_SYS>`）
   - **掩码(Mask)**：部分掩码显示（如：`139****5678`）
   - **哈希(Hash)**：SHA256哈希加密
   - **加密(Encrypt)**：加密处理
@@ -1004,12 +1004,12 @@ def chat_with_openai(prompt, model="Xiangxin-Guardrails-Text"):
 
 ### 📋 内置敏感数据类型
 
-- **ID_CARD_NUMBER**：身份证号
-- **PHONE_NUMBER**：手机号
-- **EMAIL**：邮箱地址
-- **BANK_CARD_NUMBER**：银行卡号
-- **PASSPORT_NUMBER**：护照号
-- **IP_ADDRESS**：IP地址
+- **ID_CARD_NUMBER_SYS**：身份证号
+- **PHONE_NUMBER_SYS**：手机号
+- **EMAIL_SYS**：邮箱地址
+- **BANK_CARD_NUMBER_SYS**：银行卡号
+- **PASSPORT_NUMBER_SYS**：护照号
+- **IP_ADDRESS_SYS**：IP地址
 - **CREDIT_CARD**：信用卡号
 - **SSN**：社会保障号
 
@@ -1030,22 +1030,22 @@ def chat_with_openai(prompt, model="Xiangxin-Guardrails-Text"):
 ```json
 {
     "id": "guardrails-6048ed54e2bb482d894d6cb8c3842153",
-    "overall_risk_level": "高风险",
-    "suggest_action": "代答",
-    "suggest_answer": "我的电话号码是<PHONE_NUMBER>,银行卡号是<BANK_CARD_NUMBER>,身份证号是<ID_CARD_NUMBER>",
+    "overall_risk_level": "high_risk",
+    "suggest_action": "replace",
+    "suggest_answer": "My phone number is <PHONE_NUMBER_SYS>, bank card number is <BANK_CARD_NUMBER_SYS>, ID card number is <ID_CARD_NUMBER_SYS>",
     "score": 0.999998927117538,
     "result": {
         "compliance": {
-            "risk_level": "无风险",
+            "risk_level": "no_risk",
             "categories": []
         },
         "security": {
-            "risk_level": "无风险",
+            "risk_level": "no_risk",
             "categories": []
         },
         "data": {
-            "risk_level": "高风险",
-            "categories": ["BANK_CARD_NUMBER", "ID_CARD_NUMBER", "PHONE_NUMBER"]
+            "risk_level": "no_risk",
+            "categories": ["BANK_CARD_NUMBER_SYS", "ID_CARD_NUMBER_SYS", "PHONE_NUMBER_SYS"]
         }
     }
 }
@@ -1108,7 +1108,7 @@ response = requests.post(
     headers={"Authorization": "Bearer your-api-key"},
     json={
         "name": "高风险行为封禁",
-        "risk_level": "高风险",
+        "risk_level": "no_risk",
         "trigger_count": 3,
         "time_window_minutes": 60,
         "ban_duration_minutes": 1440,

backend/DATA_SECURITY_IMPROVEMENTS.md

@@ -0,0 +1,162 @@
+# 数据安全功能改进总结
+
+## 修改概述
+
+本次修改主要解决了以下问题：
+
+1. **系统默认实体类型命名规范化**：将系统自带的6个实体类型名称添加`_SYS`后缀
+2. **租户级别的实体类型禁用功能**：允许租户禁用系统实体类型
+3. **租户实体类型重名检查**：确保同一租户内实体类型不重名
+4. **全局实体类型管理**：确保管理员对全局实体类型的修改影响所有租户
+
+## 具体修改内容
+
+### 1. 系统默认实体类型名称修改
+
+**文件**: `backend/services/data_security_service.py`
+
+将以下实体类型名称添加`_SYS`后缀：
+- `ID_CARD_NUMBER` → `ID_CARD_NUMBER_SYS`
+- `PHONE_NUMBER` → `PHONE_NUMBER_SYS`
+- `EMAIL` → `EMAIL_SYS`
+- `BANK_CARD_NUMBER` → `BANK_CARD_NUMBER_SYS`
+- `PASSPORT_NUMBER` → `PASSPORT_NUMBER_SYS`
+- `IP_ADDRESS` → `IP_ADDRESS_SYS`
+
+### 2. 新增数据库表
+
+**文件**: `backend/database/migrations/add_tenant_entity_type_disables.sql`
+
+创建了`tenant_entity_type_disables`表，用于存储租户禁用的实体类型：
+- `id`: 主键
+- `tenant_id`: 租户ID
+- `entity_type`: 被禁用的实体类型代码
+- `disabled_at`: 禁用时间
+- 唯一约束：`(tenant_id, entity_type)`
+
+### 3. 新增数据库模型
+
+**文件**: `backend/database/models.py`
+
+添加了`TenantEntityTypeDisable`模型类，对应`tenant_entity_type_disables`表。
+
+### 4. 数据安全服务增强
+
+**文件**: `backend/services/data_security_service.py`
+
+#### 新增方法：
+- `disable_entity_type_for_tenant()`: 禁用租户的实体类型
+- `enable_entity_type_for_tenant()`: 启用租户的实体类型
+- `get_tenant_disabled_entity_types()`: 获取租户禁用的实体类型列表
+
+#### 修改方法：
+- `_get_user_entity_types()`: 在获取实体类型时排除被租户禁用的实体类型
+
+### 5. API路由增强
+
+**文件**: `backend/routers/data_security.py`
+
+#### 新增API端点：
+- `POST /api/v1/config/data-security/entity-types/{entity_type}/disable`: 禁用实体类型
+- `POST /api/v1/config/data-security/entity-types/{entity_type}/enable`: 启用实体类型
+- `GET /api/v1/config/data-security/disabled-entity-types`: 获取禁用的实体类型列表
+
+#### 修改现有API：
+- 创建实体类型时检查租户内重名（`create_entity_type`）
+
+## 功能特性
+
+### 1. 租户级别的实体类型管理
+
+- **禁用系统实体类型**：租户可以禁用系统提供的实体类型，使其对自己不生效
+- **启用系统实体类型**：租户可以重新启用之前禁用的系统实体类型
+- **查看禁用状态**：租户可以查看当前禁用的实体类型列表
+
+### 2. 实体类型重名检查
+
+- **租户内唯一性**：同一租户内不能创建相同名称的实体类型
+- **跨租户允许**：不同租户之间可以创建相同名称的实体类型
+
+### 3. 全局实体类型管理
+
+- **管理员权限**：只有超级管理员可以创建、修改、删除全局实体类型
+- **全局影响**：管理员对全局实体类型的修改会立即影响所有租户
+- **租户禁用**：租户可以禁用全局实体类型，但不影响其他租户
+
+## 使用示例
+
+### 1. 租户禁用系统实体类型
+
+```bash
+# 禁用身份证号检测
+POST /api/v1/config/data-security/entity-types/ID_CARD_NUMBER_SYS/disable
+
+# 禁用手机号检测
+POST /api/v1/config/data-security/entity-types/PHONE_NUMBER_SYS/disable
+```
+
+### 2. 租户启用系统实体类型
+
+```bash
+# 启用身份证号检测
+POST /api/v1/config/data-security/entity-types/ID_CARD_NUMBER_SYS/enable
+```
+
+### 3. 查看租户禁用的实体类型
+
+```bash
+GET /api/v1/config/data-security/disabled-entity-types
+
+# 响应示例
+{
+    "disabled_entity_types": ["ID_CARD_NUMBER_SYS", "PHONE_NUMBER_SYS"]
+}
+```
+
+## 数据库迁移
+
+执行以下命令来应用数据库迁移：
+
+```bash
+cd backend
+python -c "
+from database.connection import get_db_session
+from sqlalchemy import text
+
+with open('database/migrations/add_tenant_entity_type_disables.sql', 'r') as f:
+    sql = f.read()
+
+db = get_db_session()
+try:
+    db.execute(text(sql))
+    db.commit()
+    print('Migration executed successfully')
+except Exception as e:
+    print(f'Migration failed: {e}')
+    db.rollback()
+finally:
+    db.close()
+"
+```
+
+## 注意事项
+
+1. **向后兼容性**：现有的实体类型配置不会受到影响
+2. **权限控制**：只有超级管理员可以管理全局实体类型
+3. **数据一致性**：租户禁用实体类型不会影响其他租户
+4. **性能考虑**：禁用检查在每次检测时都会执行，但查询效率较高
+
+## 测试建议
+
+1. **功能测试**：
+   - 测试租户禁用/启用系统实体类型
+   - 测试租户内实体类型重名检查
+   - 测试管理员全局实体类型管理
+
+2. **权限测试**：
+   - 测试普通租户无法管理全局实体类型
+   - 测试超级管理员可以管理全局实体类型
+
+3. **数据一致性测试**：
+   - 测试租户禁用不影响其他租户
+   - 测试管理员修改全局实体类型影响所有租户

backend/database/migrations/add_language_field_to_tenants.sql

@@ -0,0 +1,8 @@
+-- 添加language字段到tenants表
+-- 创建时间: 2025-01-27
+
+-- 添加language字段
+ALTER TABLE tenants ADD COLUMN IF NOT EXISTS language VARCHAR(10) DEFAULT 'en' NOT NULL;
+
+-- 添加注释
+COMMENT ON COLUMN tenants.language IS 'User language preference';

backend/database/migrations/add_tenant_entity_type_disables.sql

@@ -0,0 +1,25 @@
+-- 添加租户级别的实体类型禁用功能
+-- 创建时间: 2025-01-27
+
+-- 租户实体类型禁用表
+CREATE TABLE IF NOT EXISTS tenant_entity_type_disables (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
+    entity_type VARCHAR(100) NOT NULL,  -- 实体类型代码，如 ID_CARD_NUMBER_SYS
+    disabled_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    
+    -- 确保每个租户对每个实体类型只能有一条禁用记录
+    UNIQUE(tenant_id, entity_type)
+);
+
+-- 创建索引
+CREATE INDEX IF NOT EXISTS idx_tenant_entity_type_disables_tenant_id ON tenant_entity_type_disables(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_tenant_entity_type_disables_entity_type ON tenant_entity_type_disables(entity_type);
+
+-- 添加注释
+COMMENT ON TABLE tenant_entity_type_disables IS '租户实体类型禁用表';
+COMMENT ON COLUMN tenant_entity_type_disables.tenant_id IS '租户ID';
+COMMENT ON COLUMN tenant_entity_type_disables.entity_type IS '被禁用的实体类型代码';
+COMMENT ON COLUMN tenant_entity_type_disables.disabled_at IS '禁用时间';

backend/database/models.py

@@ -16,6 +16,7 @@ class Tenant(Base):
     is_verified = Column(Boolean, default=False)  # Whether the email has been verified
     is_super_admin = Column(Boolean, default=False)  # Whether to be a super admin
     api_key = Column(String(64), unique=True, nullable=False, index=True)
+    language = Column(String(10), default='en', nullable=False)  # User language preference
     created_at = Column(DateTime(timezone=True), server_default=func.now())
     updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
 
@@ -355,3 +356,22 @@ class DataSecurityEntityType(Base):
 
     # Association relationships
     tenant = relationship("Tenant")
+
+class TenantEntityTypeDisable(Base):
+    """Tenant entity type disable table"""
+    __tablename__ = "tenant_entity_type_disables"
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4, index=True)
+    tenant_id = Column(UUID(as_uuid=True), ForeignKey("tenants.id"), nullable=False, index=True)
+    entity_type = Column(String(100), nullable=False, index=True)  # Entity type code, such as ID_CARD_NUMBER_SYS
+    disabled_at = Column(DateTime(timezone=True), server_default=func.now())
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now())
+
+    # Association relationships
+    tenant = relationship("Tenant")
+
+    # Unique constraint
+    __table_args__ = (
+        UniqueConstraint('tenant_id', 'entity_type', name='_tenant_entity_type_disable_uc'),
+    )