2876cca8fe
Includes: CLAUDE.md, settings.json, agents, commands, rules, skills, hooks, contexts, evals, get-shit-done, plugin configs (installed list and marketplace sources). Excludes credentials, runtime caches, telemetry, session data, and plugin binary cache.
1020 B
1020 B
paths
| paths | ||
|---|---|---|
|
Swift Security
This file extends common/security.md with Swift specific content.
Secret Management
- Use Keychain Services for sensitive data (tokens, passwords, keys) — never
UserDefaults - Use environment variables or
.xcconfigfiles for build-time secrets - Never hardcode secrets in source — decompilation tools extract them trivially
let apiKey = ProcessInfo.processInfo.environment["API_KEY"]
guard let apiKey, !apiKey.isEmpty else {
fatalError("API_KEY not configured")
}
Transport Security
- App Transport Security (ATS) is enforced by default — do not disable it
- Use certificate pinning for critical endpoints
- Validate all server certificates
Input Validation
- Sanitize all user input before display to prevent injection
- Use
URL(string:)with validation rather than force-unwrapping - Validate data from external sources (APIs, deep links, pasteboard) before processing