mirror of
https://github.com/duthaho/claudekit.git
synced 2026-06-11 12:44:56 +03:00
duthaho
13 lines
512 B
Markdown
13 lines
512 B
Markdown
# Security Rules
|
|
|
|
- Never hardcode secrets, API keys, or credentials in source code
|
|
- Use parameterized queries only — never string concatenation for SQL
|
|
- No `eval()`, `new Function()`, or dynamic code execution
|
|
- No `any` types in TypeScript — use proper typing
|
|
- Validate all user inputs at API boundaries
|
|
- Output encoding for all rendered content
|
|
- Secrets via environment variables only
|
|
- No disabled security headers
|
|
- Authentication required on all protected endpoints
|
|
- Rate limiting on public APIs
|