draconian_rls_audit
Installation
SKILL.md
Draconian RLS Audit Protocol
1. Zero Trust (Default-Deny)
- Mandate: Every Table MUST have RLS enabled.
- Policy: The default state of any table should be NO ACCESS. Access is granted explicitly via Policy.
- Detector: Run
SELECT ... WHERE rowsecurity = falseto hunt down naked tables.
2. The "WITH CHECK" Imperative
- Vulnerability: An
INSERTorUPDATEpolicy withoutWITH CHECKallows users to write data they cannot read, or worse, escalate privileges (e.g., "Give myself admin role"). - Rule: ALL modification policies MUST have a
WITH CHECKclause matching theUSINGclause (or stricter).
3. Client-Side Key Ban
- Strict Rule: The string
service_roleMUST NOT exist in any file withinsrc/. - Enforcement: Grep for it. If found, STOP and warn the user.
4. Explicit auth.uid() Binding
Related skills
More from cityfish91159/maihouses
agentic_architecture
Enforces high-level architectural thinking, separation of concerns, and scalability checks before coding.
19code-review-excellence
程式碼審查最佳實踐指南。當進行 PR review、代碼審查或用戶提到「review」、「審查」時使用。
19nasa_typescript_safety
Adapts NASA's "Power of 10" safety rules for high-reliability TypeScript code.
18frontend_mastery
Advanced React patterns, performance optimization, and state management rules.
18code-simplifier
|
18type-checker
執行 TypeScript 類型檢查並修復類型錯誤。當遇到類型錯誤、需要類型定義、或用戶提到「type」、「類型」時使用。
18