🛡️ Security Audit & Protocol Enforcement (v2.0)
Focus: Security Audit (7).
🏁 Real-time Security Audit
- •Vulnerability Detection: Real-time detection of SQLi, XSS, and PII leaks. Utilize strictly typed Drizzle templates to prevent injection.
- •Audit Logging (S4): Mandatory auditing of all state-changing operations via NestJS Interceptors and
audit_logstable. - •PII Protection (S7): Enforce AES-256-GCM encryption for all sensitive data at rest using
packages/encryption.
🚀 Root Solutions (Security)
- •Zero-Trust Access: Strictly enforce
TenantScopedGuardandAuthGuardon all non-public controller methods. - •Header Hardening (S8): Mandatory implementation of Helmet, CSP, and HSTS headers.
- •Validation Gates (S3): Global execution of
ZodValidationPipe. Manual DTOs without Zod schemas are a protocol breach.
⚖️ Engineering Constitution
- •Lego Philosophy: Strict modular isolation using DDD (Domain-Driven Design).
- •Zod as Truth: All types must derive from Zod schemas.
- •Monorepo Strategy:
apps/*must never import from anotherapps/*. Cross-app communication via shared packages only.