Hello!
You probably gained quite a lot of insights in the last 6 months - was wondering how you moved with your workflow and cursor rules.
I noticed that quite some "safety-needed" rules that I keep as user rules (universally across all projects) are also very needed like:
For every /api route:
- Require a valid JWT in the Authorization header
- Reject missing or invalid fields
- Rate-limit to <5 req/min/IP (return 429 if exceeded)
- Validate inputs with Zod
Then scan the repo for hardcoded tokens or private URLs.
I am really curious your take and learned lessons!
Cheers, really learned from this repo, thanks!
Hello!
You probably gained quite a lot of insights in the last 6 months - was wondering how you moved with your workflow and cursor rules.
I noticed that quite some "safety-needed" rules that I keep as user rules (universally across all projects) are also very needed like:
For every /api route:
Then scan the repo for hardcoded tokens or private URLs.
I am really curious your take and learned lessons!
Cheers, really learned from this repo, thanks!