This document provides guidelines for maintaining high-quality Python code, specifically for AI coding agents. It covers principles, tools, style, documentation, testing, and security best practices.
**General Security Practices (Apply to All Users):**
* **Use End-to-End Encryption:** Adopt a secure messaging app like Signal (compatible with iOS & Android).
* **Secure Messaging App Hygiene:**
* Be wary of social engineering attempts (account compromise scams).
* Verify group invitations through separate channels.
* Be suspicious of unexpected security alerts *within* the app.
* Enable message expiration features (check organizational policies first).
* Regularly review and remove unintended linked devices.
* **Enable FIDO Authentication:** Use phishing-resistant MFA (hardware keys like Yubico/Google Titan preferred, passkeys acceptable) for valuable accounts (email, social media, etc.). Disable less secure MFA methods after enabling FIDO.
* **Migrate Away from SMS MFA:** Do *not* use SMS for two-factor authentication. Use authenticator apps (Google Authenticator, Microsoft Authenticator, Authy) as a better alternative, but FIDO is strongest. Disable SMS after enabling an authenticator app.
* **Use a Password Manager:** Store all passwords in a password manager (Apple Passwords, LastPass, 1Password, etc.). Use a strong passphrase to protect the vault. Regularly update passwords with the manager.
* **Set a Telco PIN:** Add a PIN/passcode to your mobile account with your provider to prevent SIM-swapping. Also, change your mobile account password.
* **Regularly Update Software:** Update operating systems and apps weekly; enable auto-updates.
* **Upgrade Hardware:** Use the latest hardware version from your phone manufacturer for optimal security features.
* **Avoid Personal VPNs:** They can increase the attack surface. Use organization-provided VPNs if required.
**iPhone-Specific:**
* **Enable Lockdown Mode:** Reduces the attack surface.
* **Disable "Send as Text Message":** Ensures iMessage (end-to-end encrypted) is used when available.
* **Protect DNS Queries:** Use Apple iCloud Private Relay or encrypted DNS services (Cloudflare, Google, Quad9).
* **Enroll in iCloud Private Relay:** Enhances privacy and security for Safari browsing.
* **Review App Permissions:** Restrict access to sensitive data (location, camera, microphone).
**Android-Specific:**
* **Prioritize Secure Manufacturers:** Choose Android phones from manufacturers with strong security track records and long-term update commitments (check Android Enterprise Recommended).
* **Use RCS with Encryption:** Only use RCS (Rich Communication Services) if end-to-end encryption is enabled (Google Messages).
* **Configure Android Private DNS:** Use a trusted DNS resolver (Cloudflare, Google, Quad9).
* **Enable Secure Connections in Chrome:** Ensure all website connections default to HTTPS.
* **Enable Enhanced Protection in Chrome:** Provides an extra layer of protection against malicious websites.
* **Enable Google Play Protect:** Regularly review app scans for threats. Be cautious with third-party app stores.
* **Review App Permissions:** Restrict access to sensitive data.
* **Use End-to-End Encryption:** Adopt a secure messaging app like Signal (compatible with iOS & Android).
* **Secure Messaging App Hygiene:**
* Be wary of social engineering attempts (account compromise scams).
* Verify group invitations through separate channels.
* Be suspicious of unexpected security alerts *within* the app.
* Enable message expiration features (check organizational policies first).
* Regularly review and remove unintended linked devices.
* **Enable FIDO Authentication:** Use phishing-resistant MFA (hardware keys like Yubico/Google Titan preferred, passkeys acceptable) for valuable accounts (email, social media, etc.). Disable less secure MFA methods after enabling FIDO.
* **Migrate Away from SMS MFA:** Do *not* use SMS for two-factor authentication. Use authenticator apps (Google Authenticator, Microsoft Authenticator, Authy) as a better alternative, but FIDO is strongest. Disable SMS after enabling an authenticator app.
* **Use a Password Manager:** Store all passwords in a password manager (Apple Passwords, LastPass, 1Password, etc.). Use a strong passphrase to protect the vault. Regularly update passwords with the manager.
* **Set a Telco PIN:** Add a PIN/passcode to your mobile account with your provider to prevent SIM-swapping. Also, change your mobile account password.
* **Regularly Update Software:** Update operating systems and apps weekly; enable auto-updates.
* **Upgrade Hardware:** Use the latest hardware version from your phone manufacturer for optimal security features.
* **Avoid Personal VPNs:** They can increase the attack surface. Use organization-provided VPNs if required.
**iPhone-Specific:**
* **Enable Lockdown Mode:** Reduces the attack surface.
* **Disable "Send as Text Message":** Ensures iMessage (end-to-end encrypted) is used when available.
* **Protect DNS Queries:** Use Apple iCloud Private Relay or encrypted DNS services (Cloudflare, Google, Quad9).
* **Enroll in iCloud Private Relay:** Enhances privacy and security for Safari browsing.
* **Review App Permissions:** Restrict access to sensitive data (location, camera, microphone).
**Android-Specific:**
* **Prioritize Secure Manufacturers:** Choose Android phones from manufacturers with strong security track records and long-term update commitments (check Android Enterprise Recommended).
* **Use RCS with Encryption:** Only use RCS (Rich Communication Services) if end-to-end encryption is enabled (Google Messages).
* **Configure Android Private DNS:** Use a trusted DNS resolver (Cloudflare, Google, Quad9).
* **Enable Secure Connections in Chrome:** Ensure all website connections default to HTTPS.
* **Enable Enhanced Protection in Chrome:** Provides an extra layer of protection against malicious websites.
* **Enable Google Play Protect:** Regularly review app scans for threats. Be cautious with third-party app stores.
* **Review App Permissions:** Restrict access to sensitive data.
Tips on improving your GitHub repository organization and structure. Bullet Points:
- Create meaningful branch names - Use descriptive commit messages - Keep a clean project history
- Separate your code into well-organized directories - Follow a consistent naming convention - Make use of pull requests
- Collaborate effectively by writing clear documentation - Maintain good communication within your team Keywords: GitHub, repository best practices, organization, structure, branch names, commit messages, project history, directories, naming conventions, pull requests, collaboration, documentation, effective communication
- Create meaningful branch names - Use descriptive commit messages - Keep a clean project history
- Separate your code into well-organized directories - Follow a consistent naming convention - Make use of pull requests
- Collaborate effectively by writing clear documentation - Maintain good communication within your team Keywords: GitHub, repository best practices, organization, structure, branch names, commit messages, project history, directories, naming conventions, pull requests, collaboration, documentation, effective communication
Best Practices for Running Containers and Kubernetes in Production
