财务数据与税务合规安全

v20260423

fondo-security-basics

本技能集提供了处理高度敏感财务和税务数据的安全最佳实践。内容涵盖API密钥管理、Webhook签名验证、输入校验和个人身份信息（PII）脱敏，旨在帮助开发者构建符合SOC 2等合规标准的金融SaaS应用，确保社保号、税号和银行等核心数据的安全。

安全金融合规个人身份信息 OAuth 税务 API SOC2

获取技能

409 次下载

概览

Fondo Security Basics

Overview

Fondo handles startup tax preparation, bookkeeping, and R&D tax credits containing SSNs, EINs, bank account details, revenue figures, and complete tax returns. A breach exposes founder personal tax data, company financials, and IRS filing details. Protect OAuth connections to banking/payroll systems, exported financial documents, and team access controls with the same rigor as a CPA firm.

API Key Management

function createFondoClient(): { apiKey: string; baseUrl: string } {
  const apiKey = process.env.FONDO_API_KEY;
  if (!apiKey) {
    throw new Error("Missing FONDO_API_KEY — store in secrets manager, never in code");
  }
  // Fondo keys access tax returns and SSN/EIN data — treat as highest sensitivity
  console.log("Fondo client initialized (key suffix:", apiKey.slice(-4), ")");
  return { apiKey, baseUrl: "https://api.fondo.com/v1" };
}

Webhook Signature Verification

import crypto from "crypto";
import { Request, Response, NextFunction } from "express";

function verifyFondoWebhook(req: Request, res: Response, next: NextFunction): void {
  const signature = req.headers["x-fondo-signature"] as string;
  const secret = process.env.FONDO_WEBHOOK_SECRET!;
  const expected = crypto.createHmac("sha256", secret).update(req.body).digest("hex");
  if (!signature || !crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) {
    res.status(401).send("Invalid signature");
    return;
  }
  next();
}

Input Validation

import { z } from "zod";

const TaxFilingSchema = z.object({
  entity_id: z.string().uuid(),
  tax_year: z.number().int().min(2015).max(2030),
  filing_type: z.enum(["1120", "1120S", "1065", "941", "R&D_credit"]),
  ein: z.string().regex(/^\d{2}-\d{7}$/),
  revenue: z.number().nonnegative(),
  status: z.enum(["draft", "review", "filed", "amended"]),
});

function validateTaxFiling(data: unknown) {
  return TaxFilingSchema.parse(data);
}

Data Protection

const FONDO_PII_FIELDS = ["ssn", "ein", "bank_account", "routing_number", "tax_return_url", "revenue", "salary"];

function redactFondoLog(record: Record<string, unknown>): Record<string, unknown> {
  const redacted = { ...record };
  for (const field of FONDO_PII_FIELDS) {
    if (field in redacted) redacted[field] = "[REDACTED]";
  }
  return redacted;
}

Security Checklist

API keys stored in secrets manager, never in code
OAuth connections (Gusto, QuickBooks, Plaid, Stripe) reviewed quarterly
Financial exports never committed to git (.gitignore enforced)
SSN and EIN values never logged in plaintext
Team roles follow least-privilege (Owner/Admin/Viewer/CPA)
Two-factor authentication enabled on Fondo account
Exported tax documents encrypted with GPG before storage
Bank connections use Plaid (encrypted, not screen-scraping)

Error Handling

Vulnerability	Risk	Mitigation
Leaked API key	Full access to tax returns and SSN/EIN data	Secrets manager + rotation
Unencrypted financial exports	Tax data exposed via CSV on disk	GPG encryption + secure deletion
Stale OAuth tokens	Compromised banking/payroll connections	Quarterly OAuth review + revocation
Overly broad team access	Viewer sees SSN/salary data	Role-based access control enforcement
Tax data in application logs	IRS compliance violation	Field-level PII redaction

Resources

Next Steps

See fondo-prod-checklist.

信息

Category 编程开发

Name fondo-security-basics

版本 v20260423

大小 4.02KB

Source jeremylongshore/claude-code-plugins-plus-skills

更新时间 2026-04-28