np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

690404:1139 Modify ADR
CI / CD Pipeline / build (push) Successful in 4m34s
Details
CI / CD Pipeline / deploy (push) Successful in 7m33s
Details

Browse Source
This commit is contained in:
admin
2026-04-04 11:39:56 +07:00
parent d775d5ad85
commit c95e0f537e
87 changed files with 7046 additions and 422 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.windsurf/rules/02-security.md
+8 -1
View File
@@ -1,5 +1,5 @@
---
always_on: true
trigger: always_on
---
# Security Rules (Non-Negotiable)
@@ -14,6 +14,10 @@ always_on: true
6. **Rate Limiting:** `ThrottlerGuard` on all auth endpoints
7. **File Upload:** Whitelist PDF/DWG/DOCX/XLSX/ZIP, max 50MB, ClamAV scan
8. **AI Isolation (ADR-018):** Ollama on Admin Desktop ONLY — NO direct DB/storage access
9. **Error Handling (ADR-007):** Use layered error classification with user-friendly messages
10. **AI Integration (ADR-020):** RFA-First approach with unified pipeline architecture
11. **AI Audit Trail:** Log all AI interactions and human validations
12. **Rate Limiting:** Apply to AI endpoints to prevent abuse
## Full Documentation
@@ -26,4 +30,7 @@ always_on: true
- [ ] No SQL injection vulnerabilities
- [ ] File upload validation (whitelist + ClamAV)
- [ ] Rate limiting applied to auth endpoints
- [ ] AI boundary enforcement (ADR-018) - no direct DB/storage access
- [ ] AI audit logging implemented for AI interactions
- [ ] Error handling follows ADR-007 layered classification
- [ ] OWASP Top 10 review passed