Security Patterns Comprehensive security patterns for building hardened applications. Each category has individual rule files in rules/ loaded on-demand. Quick Reference Category Rules Impact When to Use Authentication 3 CRITICAL JWT tokens, OAuth 2.1/PKCE, RBAC/permissions Defense-in-Depth 2 CRITICAL Multi-layer security, zero-trust architecture Input Validation 3 HIGH Schema validation (Zod/Pydantic), output encoding, file uploads OWASP Top 10 2 CRITICAL Injection prevention, broken authentication fixes LLM Safety 3 HIGH Prompt injection defense, output guardrails, content filtering PII Masking 2 HIGH PII detection/redaction with Presidio, Langfuse, LLM Guard Scanning 3 HIGH Dependency audit, SAST (Semgrep/Bandit), secret detection Advanced Guardrails 2 CRITICAL NeMo/Guardrails AI validators, red-teaming, OWASP LLM Total: 20 rules across 8 categories Quick Start

Argon2id password hashing

from argon2 import PasswordHasher ph = PasswordHasher ( ) password_hash = ph . hash ( password ) ph . verify ( password_hash , password )

JWT access token (15-min expiry)

import jwt from datetime import datetime , timedelta , timezone payload = { 'sub' : user_id , 'type' : 'access' , 'exp' : datetime . now ( timezone . utc ) + timedelta ( minutes = 15 ) , } token = jwt . encode ( payload , SECRET_KEY , algorithm = 'HS256' ) // Zod v4 schema validation import { z } from 'zod' ; const UserSchema = z . object ( { email : z . string ( ) . email ( ) , name : z . string ( ) . min ( 2 ) . max ( 100 ) , role : z . enum ( [ 'user' , 'admin' ] ) . default ( 'user' ) , } ) ; const result = UserSchema . safeParse ( req . body ) ;

PII masking with Langfuse

import re from langfuse import Langfuse def mask_pii ( data , ** kwargs ) : if isinstance ( data , str ) : data = re . sub ( r'\b[\w.-]+@[\w.-]+.\w+\b' , '[REDACTED_EMAIL]' , data ) data = re . sub ( r'\b\d{3}-\d{2}-\d{4}\b' , '[REDACTED_SSN]' , data ) return data langfuse = Langfuse ( mask = mask_pii ) Authentication Secure authentication with OAuth 2.1, Passkeys/WebAuthn, JWT tokens, and role-based access control. Rule Description auth-jwt.md JWT creation, verification, expiry, refresh token rotation auth-oauth.md OAuth 2.1 with PKCE, DPoP, Passkeys/WebAuthn auth-rbac.md Role-based access control, permission decorators, MFA Key Decisions: Argon2id > bcrypt | Access tokens 15 min | PKCE required | Passkeys > TOTP > SMS Defense-in-Depth Multi-layer security architecture with no single point of failure. Rule Description defense-layers.md 8-layer security architecture (edge to observability) defense-zero-trust.md Immutable request context, tenant isolation, audit logging Key Decisions: Immutable dataclass context | Query-level tenant filtering | No IDs in LLM prompts Input Validation Validate and sanitize all untrusted input using Zod v4 and Pydantic. Rule Description validation-input.md Schema validation with Zod v4 and Pydantic, type coercion validation-output.md HTML sanitization, output encoding, XSS prevention validation-schemas.md Discriminated unions, file upload validation, URL allowlists Key Decisions: Allowlist over blocklist | Server-side always | Validate magic bytes not extensions OWASP Top 10 Protection against the most critical web application security risks. Rule Description owasp-injection.md SQL/command injection, parameterized queries, SSRF prevention owasp-broken-auth.md JWT algorithm confusion, CSRF protection, timing attacks Key Decisions: Parameterized queries only | Hardcode JWT algorithm | SameSite=Strict cookies LLM Safety Security patterns for LLM integrations including context separation and output validation. Rule Description llm-prompt-injection.md Context separation, prompt auditing, forbidden patterns llm-guardrails.md Output validation pipeline: schema, grounding, safety, size llm-content-filtering.md Pre-LLM filtering, post-LLM attribution, three-phase pattern Key Decisions: IDs flow around LLM, never through | Attribution is deterministic | Audit every prompt PII Masking PII detection and masking for LLM observability pipelines and logging. Rule Description pii-detection.md Microsoft Presidio, regex patterns, LLM Guard Anonymize pii-redaction.md Langfuse mask callback, structlog/loguru processors, Vault deanonymization Key Decisions: Presidio for enterprise | Replace with type tokens | Use mask callback at init Scanning Automated security scanning for dependencies, code, and secrets. Rule Description scanning-dependency.md npm audit, pip-audit, Trivy container scanning, CI gating scanning-sast.md Semgrep and Bandit static analysis, custom rules, pre-commit scanning-secrets.md Gitleaks, TruffleHog, detect-secrets with baseline management Key Decisions: Pre-commit hooks for shift-left | Block on critical/high | Gitleaks + detect-secrets baseline Advanced Guardrails Production LLM safety with NeMo Guardrails, Guardrails AI validators, and DeepTeam red-teaming. Rule Description guardrails-nemo.md NeMo Guardrails, Colang 2.0 flows, Guardrails AI validators, layered validation guardrails-llm-validation.md DeepTeam red-teaming (40+ vulnerabilities), OWASP LLM Top 10 compliance Key Decisions: NeMo for flows, Guardrails AI for validators | Toxicity 0.5 threshold | Red-team pre-release + quarterly Managed Hook Hierarchy (CC 2.1.49) Plugin settings follow a 3-tier precedence: Tier Source Overridable? 1. Managed (plugin settings.json ) Plugin author ships defaults Yes, by user 2. Project ( .claude/settings.json ) Repository config Yes, by user 3. User ( ~/.claude/settings.json ) Personal preferences Final authority Security hooks shipped by OrchestKit are managed defaults — users can disable them but are warned. Enterprise admins can lock settings via managed profiles. Anti-Patterns (FORBIDDEN)

Authentication

user . password = request . form [ 'password' ]

Plaintext password storage

response_type

token

Implicit OAuth grant (deprecated)

return "Email not found"

Information disclosure

Input Validation

"SELECT * FROM users WHERE name = '" + name + "'"

SQL injection

if ( file . type == = 'image/png' ) { . . . }

Trusting Content-Type header

LLM Safety

prompt

f"Analyze for user { user_id } "

ID in prompt

artifact . user_id = llm_output [ "user_id" ]

Trusting LLM-generated IDs

PII

logger . info ( f"User email: { user . email } " )

Raw PII in logs

langfuse . trace ( input = raw_prompt )

Unmasked observability data

Detailed Documentation Load on demand with Read("${CLAUDE_SKILL_DIR}/references/") : File Content oauth-2.1-passkeys.md OAuth 2.1, PKCE, DPoP, Passkeys/WebAuthn request-context-pattern.md Immutable request context for identity flow tenant-isolation.md Tenant-scoped repository, vector/full-text search audit-logging.md Sanitized structured logging, compliance zod-v4-api.md Zod v4 types, coercion, transforms, refinements vulnerability-demos.md OWASP vulnerable vs secure code examples context-separation.md LLM context separation architecture output-guardrails.md Output validation pipeline implementation pre-llm-filtering.md Tenant-scoped retrieval, content extraction post-llm-attribution.md Deterministic attribution pattern prompt-audit.md Prompt audit patterns, safe prompt builder presidio-integration.md Microsoft Presidio setup, custom recognizers langfuse-mask-callback.md Langfuse SDK mask implementation llm-guard-sanitization.md LLM Guard Anonymize/Deanonymize with Vault logging-redaction.md structlog/loguru pre-logging redaction