Triatu Security
Quick start
- •Validate inputs with Zod before any infrastructure call.
- •Apply rate limiting in critical Server Actions.
- •Avoid PII in logs; use
lib/loggeranddebugonly in dev. - •Rely on Supabase RLS for data isolation.
Workflow
- •Identify entry points (Server Actions or route handlers).
- •Add Zod validation for inputs.
- •Add rate limiting where abuse is possible.
- •Use security logging for suspicious events.
- •Ensure adapters enforce least-privilege access.
- •Record new risks in
docs/PROJECT_AUDIT.md.
References
- •
docs/SECURITY.md - •
docs/DEVELOPMENT.md - •
docs/PROJECT_AUDIT.md