sancho41/condado-newsletter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(policy): enforce server-side data ownership and backend LLM mediation

Browse Source 
- clarify frontend may only rely on backend-issued session token cookie for auth

- forbid frontend browser storage for domain/business data

- require backend-mediated LLM calls across agent workflows
This commit is contained in:
Gabriel Sancho
2026-03-27 02:49:16 -03:00
parent ebcea643c4
commit 11f80b9dd7
5 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/agents/backend.agent.md vendored
View File

@@ -98,3 +98,5 @@ cd backend
- DO NOT put business logic in controllers.
- DO NOT put prompt construction logic outside `PromptBuilderService`.
- DO NOT modify frontend code — your scope is `backend/` only.
- DO enforce server-side persistence for all business/domain data; frontend must not be required to persist domain data.
- DO model generated test-message history as backend-owned task-related data with referential integrity and cleanup on task deletion.