np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

690401:0823 Update agent rules
CI / CD Pipeline / deploy (push) Has been cancelled
Details
CI / CD Pipeline / build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
admin
2026-04-01 08:23:31 +07:00
parent b5960ba24c
commit 6b89df874e
7 changed files with 154 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.agent/rules/03-security-rules.md
+23
View File
@@ -0,0 +1,23 @@
---
trigger: always_on
---
# 🛡️ Security Rules (Non-Negotiable)
1. **Idempotency:** All critical `POST`/`PUT`/`PATCH` MUST validate `Idempotency-Key` header
2. **Two-Phase File Upload:** Upload → Temp → Commit → Permanent
3. **Race Conditions:** Redis Redlock + TypeORM `@VersionColumn` for Document Numbering
4. **Validation:** Zod (frontend) + class-validator (backend DTO)
5. **AI Isolation (ADR-018):** Ollama on Admin Desktop ONLY — NO direct DB/storage access
## 🚫 Forbidden Actions
| ❌ Forbidden | ✅ Correct Approach |
| ----------------------------------------------- | --------------------------------------------- |
| SQL Triggers for business logic | NestJS Service methods |
| TypeORM migration files | Edit schema SQL directly (ADR-009) |
| `any` TypeScript type | Proper types / generics |
| `console.log` in committed code | NestJS Logger (backend) / remove (frontend) |
| Direct file operations bypassing StorageService | `StorageService` for all file moves |
| Inline email/notification sending | BullMQ queue job |
| `parseInt()` on UUID values | Use UUID string directly (ADR-019) |