playbooks / ai habits
Raise Your AI Right
Rules files and review prompts that turn your AI assistant from a happy path machine into a paranoid pair.

duck@duckaudit
Your AI is not careless. It is obedient. So give it orders about the sad path.
how it burns you
AI assistants optimize for code that runs, not code that survives contact with strangers. Left alone they hardcode keys, skip auth checks, concatenate SQL, and log secrets, because the happy path is what they were asked for. The fix is not typing angrier, it is standing instructions.
Give your AI standing orders
Every serious AI coding tool reads a rules file: AGENTS.md, CLAUDE.md, or .cursor/rules. Security rules that live there apply to every session, so you stop relying on remembering to ask.
## Security rules (AGENTS.md)
- Secrets only via env vars, never hardcoded, never NEXT_PUBLIC_
- Every API route and server action verifies session and authorization first
- All user input validated with zod before use
- Database access through parameterized queries only
- New dependencies: prefer stdlib or existing deps; justify anything new
- Never log tokens, passwords, or full request bodiesAsk for the sad path by name
After a feature works, make the assistant attack it. One extra prompt per feature is the cheapest security review you will ever get.
Now review the feature you just wrote as an attacker.
What happens with no session, someone else's id, garbage input,
a replayed request, and a 10x request flood?
List the failures and fix them.Review AI diffs for the four classics
Before accepting a diff, scan for the recurring misses: a secret in code, a route without an auth check, string built SQL, and user input flowing somewhere unvalidated. Four glances, most disasters averted.
Distrust hallucinated APIs and packages
Assistants invent plausible package names and outdated APIs with total confidence. Anything you have never heard of gets verified against the registry and the official docs before it earns an npm install.
npm view some-suggested-package # no result means it was imagined, or worse, squattedRun a dedicated security pass before merging
A fresh session with a review only prompt catches what the building session normalized. Tools like Claude Code's security review or Semgrep make this a command, not a ceremony.
Make your AI do it
Paste this into Cursor or Claude Code from your project root.
Create or update the rules file for this repo (AGENTS.md or equivalent) with a security section covering: secret handling, mandatory auth checks on every route and server action, input validation with the validation library already in this repo, parameterized database access, dependency discipline, and logging hygiene. Derive each rule from how this codebase actually works, citing one existing file per rule as the example to follow. Then scan the last 20 commits for violations of these rules and list them by severity.
The 10 minute check
0/5receipts · every claim has a source
next playbook
Trust No Package →