HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jaycobski

no profile record

Submissions

Show HN: I built an OSHA compliance SaaS for oilfields using only LLMs

basincheck.com
2 points·by jaycobski·il y a 6 mois·2 comments

comments

jaycobski
·il y a 6 mois·discuss
Thanks! This is definitely the part that kept me up at night as a non-traditional dev.

My philosophy was to write as little security code as possible myself and rely on battle-tested infrastructure:

Auth & User Data: I rely entirely on Supabase Auth (which is based on the GoTrue API). I don't touch password hashing or session management logic directly.

Data Access: I use PostgreSQL Row Level Security (RLS) policies extensively. Every request to the DB has to pass a policy like auth.uid() = company_id. This ensures that even if there’s a bug in my frontend code, the database layer rejects unauthorized access.

Inputs: I use Zod for strict schema validation on all API routes to prevent weird injections before they even hit the DB.

Since this is for Oil & Gas (sensitive compliance data), I also made a hard rule: No AI agents have write-access to the database. The AI only suggests text/codes in the UI, and a logged-in human must click "Save."