mirror of
https://github.com/duthaho/claudekit.git
synced 2026-06-10 12:14:57 +03:00
duthaho
512 B
512 B
Security Rules
- Never hardcode secrets, API keys, or credentials in source code
- Use parameterized queries only — never string concatenation for SQL
- No
eval(),new Function(), or dynamic code execution - No
anytypes in TypeScript — use proper typing - Validate all user inputs at API boundaries
- Output encoding for all rendered content
- Secrets via environment variables only
- No disabled security headers
- Authentication required on all protected endpoints
- Rate limiting on public APIs