sancho41/condado-newsletter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(policy): enforce server-side data ownership and backend LLM mediation

Browse Source 
- clarify frontend may only rely on backend-issued session token cookie for auth

- forbid frontend browser storage for domain/business data

- require backend-mediated LLM calls across agent workflows
This commit is contained in:
Gabriel Sancho
2026-03-27 02:49:16 -03:00
parent ebcea643c4
commit 11f80b9dd7
5 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/agents/backend.agent.md vendored
View File

@@ -98,3 +98,5 @@ cd backend
- DO NOT put business logic in controllers. - DO NOT put business logic in controllers.
- DO NOT put prompt construction logic outside `PromptBuilderService`. - DO NOT put prompt construction logic outside `PromptBuilderService`.
- DO NOT modify frontend code — your scope is `backend/` only. - DO NOT modify frontend code — your scope is `backend/` only.
- DO enforce server-side persistence for all business/domain data; frontend must not be required to persist domain data.
- DO model generated test-message history as backend-owned task-related data with referential integrity and cleanup on task deletion.

5
.github/agents/frontend.agent.md vendored
View File

@@ -39,6 +39,8 @@ frontend/src/
7. **Routes:** new pages go in `src/pages/`, registered in `src/router/index.tsx`, lazy-loaded. 7. **Routes:** new pages go in `src/pages/`, registered in `src/router/index.tsx`, lazy-loaded.
8. **Strings:** no hardcoded user-facing strings outside of constants. 8. **Strings:** no hardcoded user-facing strings outside of constants.
9. **No over-engineering:** only add what is explicitly needed — no extra abstractions, helpers, or features. 9. **No over-engineering:** only add what is explicitly needed — no extra abstractions, helpers, or features.
10. **Data ownership:** domain/business data must stay server-side; frontend never persists entities, tasks, generated messages, logs, or similar domain data in `localStorage`, `sessionStorage`, or `IndexedDB`.
11. **LLM calls:** frontend must never call OpenAI/Ollama/Llama directly; use backend APIs only.
## TDD Cycle ## TDD Cycle
@@ -59,4 +61,5 @@ frontend/src/
- DO NOT store server data in `useState`. - DO NOT store server data in `useState`.
- DO NOT build custom UI primitives when a shadcn/ui component exists. - DO NOT build custom UI primitives when a shadcn/ui component exists.
- DO NOT write implementation code before the failing test exists. - DO NOT write implementation code before the failing test exists.
- DO NOT modify backend code — your scope is `frontend/` only. - DO NOT modify backend code — your scope is `frontend/` only.
- DO NOT store business/domain data in browser storage; only the backend-issued `httpOnly` session cookie is allowed for auth state.

2
.github/agents/orchestrator.agent.md vendored
View File

@@ -159,6 +159,8 @@ Read the new version from `frontend/package.json` after bumping.
- ALWAYS verify `git status` is clean before creating the branch. - ALWAYS verify `git status` is clean before creating the branch.
- ALWAYS use `gh pr create` (GitHub CLI) for pull requests — never instruct the user to open one manually unless `gh` is unavailable. - ALWAYS use `gh pr create` (GitHub CLI) for pull requests — never instruct the user to open one manually unless `gh` is unavailable.
- If `gh` is not installed, clearly tell the user and provide the exact PR title and body to paste into the GitHub UI. - If `gh` is not installed, clearly tell the user and provide the exact PR title and body to paste into the GitHub UI.
- ALWAYS enforce backend ownership of business/domain data; do not accept frontend browser storage solutions for domain persistence.
- ALWAYS enforce backend-mediated LLM calls; frontend must never call LLM providers directly.
--- ---

2
.github/agents/planner.agent.md vendored
View File

@@ -52,6 +52,8 @@ For each step output:
- DO reference specific existing files by path when relevant (e.g., `backend/src/main/kotlin/.../EntityService.kt`). - DO reference specific existing files by path when relevant (e.g., `backend/src/main/kotlin/.../EntityService.kt`).
- ALWAYS check the existing codebase before planning — never assume something doesn't exist. - ALWAYS check the existing codebase before planning — never assume something doesn't exist.
- ALWAYS respect the architecture: business logic in services, thin controllers, API layer in `src/api/`, React Query for server state. - ALWAYS respect the architecture: business logic in services, thin controllers, API layer in `src/api/`, React Query for server state.
- ALWAYS enforce backend-first data ownership in plans: domain/business data persistence belongs to backend/database, not browser storage.
- NEVER plan frontend direct LLM calls; all LLM interactions must be backend-mediated endpoints.
## Delegation Hint ## Delegation Hint

13
CLAUDE.md
View File

@@ -363,6 +363,19 @@ docker compose down
--- ---
## Data Ownership Policy (Critical)
- **All business data must be persisted server-side** (PostgreSQL via backend APIs).
- The frontend must treat the backend as the single source of truth for entities, tasks,
generated preview messages/history, logs, and any other domain data.
- The frontend must **not** persist business/domain data in browser storage (`localStorage`,
`sessionStorage`, `IndexedDB`) or call LLM providers directly.
- The only browser-stored auth state is the backend-issued session token cookie (`httpOnly` JWT).
- If a required endpoint does not exist yet, implement it in the backend first; do not add
frontend-side persistence workarounds.
---
## Naming Conventions ## Naming Conventions
### Backend ### Backend