Initial commit
This commit is contained in:
29
.cursor/rules/07-auth-permissions-audit.mdc
Normal file
29
.cursor/rules/07-auth-permissions-audit.mdc
Normal file
@@ -0,0 +1,29 @@
|
||||
---
|
||||
description: Identity, authorization, and auditability
|
||||
alwaysApply: true
|
||||
---
|
||||
|
||||
Auth, permissions, and audit requirements.
|
||||
|
||||
## Identity and access
|
||||
- Authentication is passwordless-first.
|
||||
- Prefer support for:
|
||||
- magic links
|
||||
- OIDC
|
||||
- passkeys
|
||||
- Roles and permissions are core architecture concerns and must not be deferred casually.
|
||||
|
||||
## Authorization
|
||||
- Never assume all authenticated users have broad access.
|
||||
- Design authorization around role-aware and context-aware access rules.
|
||||
- Support evolving permission models without hard-coding simplistic assumptions.
|
||||
|
||||
## Auditability
|
||||
- Important actions must be auditable.
|
||||
- This includes at minimum:
|
||||
- deletions
|
||||
- updates to sensitive records
|
||||
- role/permission changes
|
||||
- financial changes
|
||||
- document-related changes where relevant
|
||||
- Preserve historical traceability wherever practical.
|
||||
Reference in New Issue
Block a user