Security Checklist
Pre-deployment security audit
Pre-Deployment
- Copy
.env.local.exampleto.env.local - Set
AGENT_WEBHOOK_SECRETto secure random value (32+ bytes) - Never commit
.env.localto version control - Verify SSRF validation blocks internal IPs
- Test rate limiting on
/api/*endpoints
API Security
- All user inputs validated with Zod schemas
- Audit IDs validated against regex pattern
- Request body size limits enforced
- JWT tokens redacted from logs
Quick Security Audit
# Check for exposed secrets
grep -r "SECRET\|KEY\|TOKEN" --include="*.ts" --include="*.tsx"
# Verify .env.local in .gitignore
grep ".env.local" .gitignore
# Type check
npx tsc --noEmit
← Back to websiteAgentxploitor Documentation