Knowledge
Search knowledge... ⌘K
Knowledge · Framework · Capabilities
Security
Auth rules, data classification, input validation.
Overview
Auth rules, data classification, input validation.
Security protects data integrity and enforces access controls at every system boundary. In SBX, security is enforced at the HTTP handler layer through credential masking, input validation, and the client registry pattern. External API clients must use clientregistry.Registry — never constructing HTTP clients directly in route handlers.
Layer Guidance
- PD
- Input validation: preconditions enforce field constraints, data: internal
- MD
- Row-level security: workspace_id filter, data: confidential
- SI
- Auth: requireAuth middleware, role: editor, CORS restricted
- UI
- CSP headers, XSS prevention via Svelte escaping, auth state check