AgentSkillsCN

Firebase Rules Hardening

对 Firestore 安全规则进行审查与优化,辅以明确的验证流程。

SKILL.md
--- frontmatter
name: Firebase Rules Hardening
description: Review and tighten Firestore security rules with explicit verification
owner: Undangan team
last_updated: 2026-01-24

Firebase Rules Hardening Skill

Purpose

Prevent overly broad Firestore access by tightening rules and documenting intent.

When to Use

  • firestore.rules changes
  • New collections or auth flows
  • Security review or incident response

Inputs

  • firestore.rules
  • firebase.json
  • Known access patterns (read/write flows)

Outputs

  • Rule review notes under .agent/artifacts/{conversation-id}/firebase_rules_review.md
  • Minimal diff to firestore.rules (if needed)
  • Verification results

Prerequisites

  • Clear understanding of required read/write paths
  • Firebase CLI available for emulator tests (optional)

Tools & Availability

  • Firebase CLI (optional for emulator tests)
  • If CLI unavailable, use manual rule review checklist

Methodology

  1. Identify all top-level match blocks and their coverage.
  2. Enforce deny-by-default and least-privilege access.
  3. Require request.auth checks for user data.
  4. Validate rule conditions are specific (avoid true catch-alls).
  5. Document intent for each major rule block.

Verification

  • No broad allow read, write: if true patterns
  • All user data paths require request.auth
  • Emulator tests run (firebase emulators:exec or firebase emulators:start) or manual checklist documented

Pass/Fail: Pass only if all checks above are satisfied.

Risks & Mitigations

  • Over-restriction → validate required flows in emulator
  • False sense of security → document untested paths explicitly