docs(policy): enforce server-side data ownership and backend LLM mediation
- clarify frontend may only rely on backend-issued session token cookie for auth - forbid frontend browser storage for domain/business data - require backend-mediated LLM calls across agent workflows
This commit is contained in:
2
.github/agents/orchestrator.agent.md
vendored
2
.github/agents/orchestrator.agent.md
vendored
@@ -159,6 +159,8 @@ Read the new version from `frontend/package.json` after bumping.
|
||||
- ALWAYS verify `git status` is clean before creating the branch.
|
||||
- ALWAYS use `gh pr create` (GitHub CLI) for pull requests — never instruct the user to open one manually unless `gh` is unavailable.
|
||||
- If `gh` is not installed, clearly tell the user and provide the exact PR title and body to paste into the GitHub UI.
|
||||
- ALWAYS enforce backend ownership of business/domain data; do not accept frontend browser storage solutions for domain persistence.
|
||||
- ALWAYS enforce backend-mediated LLM calls; frontend must never call LLM providers directly.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user