replit-policy-guardrails

Featured

Enforce security and resource policies for Replit-hosted apps: secrets exposure prevention, resource limits, deployment visibility, and database access controls. Use when hardening a Replit app for production, auditing security posture, or setting up guardrails for team development. Trigger with phrases like "replit policy", "replit guardrails", "replit security audit", "replit hardening", "replit best practices check".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Replit Policy Guardrails ## Overview Policy enforcement for Replit-hosted applications. Replit's public-by-default Repls, shared hosting, and resource limits require specific guardrails around secrets exposure, resource consumption, deployment security, and endpoint protection. ## Prerequisites - Replit account with Deployment access - Understanding of Replit's security model - Awareness of Replit's Terms of Service ## Instructions ### Step 1: Secrets Exposure Prevention Replit Repls are **public by default** on free plans. Source code is visible to anyone. ```python # CRITICAL POLICY: Never hardcode secrets in source files # BAD — visible to anyone viewing your Repl API_KEY = "sk-live-abc123" DB_PASSWORD = "p@ssw0rd" # GOOD — use Replit Secrets (AES-256 encrypted) import os API_KEY = os.environ.get("API_KEY") if not API_KEY: raise RuntimeError("API_KEY not set. Add it in the Secrets tab (lock icon).") # Startup validation — fail fast if secrets missing REQUIRED_SECRETS = ["API_KEY", "DATABASE_URL", "JWT_SECRET"] missing = [s for s in REQUIRED_SECRETS if not os.environ.get(s)] if missing: raise RuntimeError(f"Missing required secrets: {missing}") ``` **Automated secret detection:** ```typescript // Pre-deploy check script: scripts/check-secrets.ts import { readFileSync, readdirSync, statSync } from 'fs'; import { join } from 'path'; const SECRET_PATTERNS = [ /sk[-_](?:live|test)[-_]\w{20,}/, // API keys /(?:password|passwd|pwd)\s*[:=]\s*['"][^'"]+...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

replit-security-basics

Apply Replit security best practices: Secrets management, REPL_IDENTITY tokens, Auth headers, and public Repl safety. Use when securing API keys, validating request identity, or auditing Replit security configuration. Trigger with phrases like "replit security", "replit secrets", "secure replit", "replit public safety", "replit identity token".

2,266 Updated today
jeremylongshore
AI & Automation Featured

replit-known-pitfalls

Avoid the top Replit anti-patterns: ephemeral filesystem, public secrets, port binding, Nix gotchas, and database limits. Use when reviewing Replit code, onboarding developers, or auditing existing Replit apps for common mistakes. Trigger with phrases like "replit mistakes", "replit anti-patterns", "replit pitfalls", "replit what not to do", "replit code review".

2,266 Updated today
jeremylongshore
AI & Automation Featured

replit-prod-checklist

Execute Replit production deployment checklist with rollback and health monitoring. Use when deploying Replit apps to production, preparing for launch, or implementing go-live procedures with Autoscale or Reserved VM. Trigger with phrases like "replit production", "deploy replit", "replit go-live", "replit launch checklist", "replit prod ready".

2,266 Updated today
jeremylongshore
AI & Automation Featured

replit-observability

Monitor Replit deployments with health checks, uptime tracking, resource usage, and alerting. Use when setting up monitoring for Replit apps, building health dashboards, or configuring alerting for deployment health and performance. Trigger with phrases like "replit monitoring", "replit metrics", "replit observability", "monitor replit", "replit alerts", "replit uptime".

2,266 Updated today
jeremylongshore
AI & Automation Featured

replit-data-handling

Implement secure data handling on Replit: PostgreSQL, KV Database, Object Storage, and data security patterns. Use when handling sensitive data, connecting databases, implementing data access patterns, or ensuring secure data flow in Replit-hosted applications. Trigger with phrases like "replit data", "replit database", "replit PostgreSQL", "replit storage", "replit data security", "replit GDPR".

2,266 Updated today
jeremylongshore