nestjs-security-isolation

Installation
SKILL.md

Priority: P0 (CRITICAL)

Strict multi-tenant isolation. All child-centric data must secured via PostgreSQL RLS and service-level validation.

RLS Enforcement Workflow

  1. Migration: Create tables with ENABLE ROW LEVEL SECURITY. Define policies using current_setting('app.current_user_id').
  2. Entity Logic: Add @Security JSDoc to entity class.
  3. Security Doc: Update SECURITY.md with new table and its access logic.
  4. Service Validation: Call childrenService.validateChildAccess(childId, userId) before any persistence operation.

Core Guidelines

  1. Mandatory RLS: Every new table linking to child or family MUST RLS enabled in its creation migration.
  2. Centralized Validation: Never reimplement access logic. Use ChildrenService for child/family membership checks.
  3. Traceable Security: SECURITY.md source of truth. Any change to RLS policies must reflected there immediately.
  4. Nested Route Constraint: Data isolation enforced at controller level via nested routes: /children/:childId/....
  5. No Direct Entity exposure: Use Response DTOs to prevent leaking internal database IDs or metadata that could bypass security filters.

Anti-Patterns

Installs
1
GitHub Stars
521
First Seen
14 days ago
nestjs-security-isolation — hoangnguyen0403/agent-skills-standard