security

Installation

SKILL.md

Security Guidelines

Critical Security Rules

🚨 NEVER commit code that bypasses these security requirements.

1. Authentication & Authorization Middleware

ALL API routes that handle user data MUST use appropriate middleware:

// ✅ CORRECT: Use withEmailAccount for email-scoped operations
export const GET = withEmailAccount(async (request, { params }) => {
  const { emailAccountId } = request.auth;
  // ...
});

// ✅ CORRECT: Use withAuth for user-scoped operations
export const GET = withAuth(async (request) => {
  const { userId } = request.auth;

Related skills

security

Security Guidelines

Critical Security Rules

1. Authentication & Authorization Middleware

More from elie222/inbox-zero

ui-components

fullstack-workflow

test-feature

testing

project-structure

explain-changes