security
Installation
SKILL.md
Security Guidelines
Critical Security Rules
🚨 NEVER commit code that bypasses these security requirements.
1. Authentication & Authorization Middleware
ALL API routes that handle user data MUST use appropriate middleware:
// ✅ CORRECT: Use withEmailAccount for email-scoped operations
export const GET = withEmailAccount(async (request, { params }) => {
const { emailAccountId } = request.auth;
// ...
});