Add Kiro IDE support (.kiro/) (#548)

Co-authored-by: Sungmin Hong <hsungmin@amazon.com>
2026-04-10 19:33:37 +08:00 · 2026-03-20 01:50:35 -07:00
parent c8f631b046
commit ce828c1c3c
85 changed files with 12110 additions and 0 deletions
--- a/.kiro/steering/security.md
+++ b/.kiro/steering/security.md
@@ -0,0 +1,34 @@
+---
+inclusion: auto
+description: Security best practices including mandatory checks, secret management, and security response protocol.
+---
+
+# Security Guidelines
+
+## Mandatory Security Checks
+
+Before ANY commit:
+- [ ] No hardcoded secrets (API keys, passwords, tokens)
+- [ ] All user inputs validated
+- [ ] SQL injection prevention (parameterized queries)
+- [ ] XSS prevention (sanitized HTML)
+- [ ] CSRF protection enabled
+- [ ] Authentication/authorization verified
+- [ ] Rate limiting on all endpoints
+- [ ] Error messages don't leak sensitive data
+
+## Secret Management
+
+- NEVER hardcode secrets in source code
+- ALWAYS use environment variables or a secret manager
+- Validate that required secrets are present at startup
+- Rotate any secrets that may have been exposed
+
+## Security Response Protocol
+
+If security issue found:
+1. STOP immediately
+2. Use **security-reviewer** agent
+3. Fix CRITICAL issues before continuing
+4. Rotate any exposed secrets
+5. Review entire codebase for similar issues