np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9c835ec4ac5ef869d65ecb62053e2661ecb2ad78
lcbp3/.agent/rules/03-security-rules.md
T
admin 6b89df874e
CI / CD Pipeline / deploy (push) Has been cancelled
Details
CI / CD Pipeline / build (push) Has been cancelled
Details
690401:0823 Update agent rules
2026-04-01 08:23:31 +07:00

1.4 KiB
Raw Blame History

trigger
trigger
always_on

🛡️ Security Rules (Non-Negotiable)

  1. Idempotency: All critical POST/PUT/PATCH MUST validate Idempotency-Key header
  2. Two-Phase File Upload: Upload → Temp → Commit → Permanent
  3. Race Conditions: Redis Redlock + TypeORM @VersionColumn for Document Numbering
  4. Validation: Zod (frontend) + class-validator (backend DTO)
  5. AI Isolation (ADR-018): Ollama on Admin Desktop ONLY — NO direct DB/storage access

🚫 Forbidden Actions

Forbidden Correct Approach
SQL Triggers for business logic NestJS Service methods
TypeORM migration files Edit schema SQL directly (ADR-009)
any TypeScript type Proper types / generics
console.log in committed code NestJS Logger (backend) / remove (frontend)
Direct file operations bypassing StorageService StorageService for all file moves
Inline email/notification sending BullMQ queue job
parseInt() on UUID values Use UUID string directly (ADR-019)
Reference in New Issue View Git Blame Copy Permalink