Files

T

“alexvisualmakers” a893084a88 feat: Add path scoping to rules and enforce project init workflow

- Add paths frontmatter to frontend, backend, and security rules so
  they only load when editing relevant files
- Add mandatory new-project detection to general rules that redirects
  to /requirements before any implementation
- Add write-then-verify protocol for feature tracking updates to
  prevent hallucinated file edits

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-10 15:11:43 +01:00

1.1 KiB

Raw Permalink Blame History

paths

src/app/api/**

.env*

supabase/**

next.config.*

Security Rules

Secrets Management

NEVER commit secrets, API keys, or credentials to git
Use .env.local for local development (already in .gitignore)
Use NEXT_PUBLIC_ prefix ONLY for values safe to expose in browser
Document all required env vars in .env.local.example with dummy values

Input Validation

Validate ALL user input on the server side with Zod
Never trust client-side validation alone
Sanitize data before database insertion

Authentication

Always verify authentication before processing API requests
Use Supabase RLS as a second line of defense
Implement rate limiting on authentication endpoints

Security Headers

X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Strict-Transport-Security with includeSubDomains

Code Review Triggers

Any changes to RLS policies require explicit user approval
Any changes to authentication flow require explicit user approval
Any new environment variables must be documented in .env.local.example

1.1 KiB Raw Permalink Blame History

Security Rules

Secrets Management

Input Validation

Authentication

Security Headers

Code Review Triggers

1.1 KiB

Raw Permalink Blame History