Browse Articles Docs

9 lines | 349 Bytes

AGENTS.md — Security basics

Never commit secrets. .env* is gitignored, secrets injected by the platform.
Parameterised queries only. No string-concatenated SQL.
Validate untrusted input at the trust boundary with a schema.
Passwords: argon2id / scrypt. Tokens never appear in logs.
No PII in logs.
Dependency scanners run weekly.