“alexvisualmakers”
a893084a88
- Add paths frontmatter to frontend, backend, and security rules so they only load when editing relevant files - Add mandatory new-project detection to general rules that redirects to /requirements before any implementation - Add write-then-verify protocol for feature tracking updates to prevent hallucinated file edits Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.1 KiB
1.1 KiB
paths
| paths | ||||
|---|---|---|---|---|
|
Security Rules
Secrets Management
- NEVER commit secrets, API keys, or credentials to git
- Use
.env.localfor local development (already in .gitignore) - Use
NEXT_PUBLIC_prefix ONLY for values safe to expose in browser - Document all required env vars in
.env.local.examplewith dummy values
Input Validation
- Validate ALL user input on the server side with Zod
- Never trust client-side validation alone
- Sanitize data before database insertion
Authentication
- Always verify authentication before processing API requests
- Use Supabase RLS as a second line of defense
- Implement rate limiting on authentication endpoints
Security Headers
- X-Frame-Options: DENY
- X-Content-Type-Options: nosniff
- Referrer-Policy: origin-when-cross-origin
- Strict-Transport-Security with includeSubDomains
Code Review Triggers
- Any changes to RLS policies require explicit user approval
- Any changes to authentication flow require explicit user approval
- Any new environment variables must be documented in .env.local.example