AI App Security Checklist: React, Vercel, Headless CMS

Security Checklist for AI-Generated Apps: Auth, RBAC, Payments

AI can scaffold apps in minutes, but security debt compounds even faster. Use this opinionated checklist to harden projects built with headless CMS scaffolding AI, a React app generator, and a Vercel deploy for AI-generated apps.

Identity and Session Hardening

• Enforce OAuth2 PKCE and WebAuthn; disable password reuse; rotate refresh tokens on every use.
• Sign JWTs with short expirations; validate issuer, audience, and nonce on server only.
• Store sessions in HttpOnly, SameSite=strict cookies; never in localStorage.
• Scope access tokens by environment (dev, staging, prod) to prevent lateral movement.

Role and Data Guardrails

• Model RBAC with explicit allow lists: subject, action, resource, condition. Deny by default.
• Authorize at the edge and again in handlers; never trust client flags from a React app generator.
• Use row level security in your database; parameterize tenant_id everywhere.
• Log all privilege escalations and changes to policy.

Prompt, Input, and Output Safety

• Neutralize prompt injection: strip HTML/JS, sandbox tool outputs, and prefix system instructions per request.
• Validate model outputs with JSON Schema; reject on mismatch and alert.
• Rate limit by IP, token, and user; throttle costly tools separately.
• Set a conservative token window; cap context and attachment sizes.

Payments and Webhooks

• Use Payment Intents with idempotency keys; treat "paid" as a webhook event, not a client flag.
• Verify signatures and replay protect webhooks; pin IPs where providers support it.
• Separate billing admin roles from product roles; two person review for refunds and credits.
• Store only tokens; never raw PAN; run quarterly charge tests in a sandbox tenant.

Platform and Delivery

• For a Vercel deploy for AI-generated apps, lock environment variables to specific branches and rotate on every secret leak report.
• Enable strict CSP, X-Frame-Options, and Referrer-Policy via headers or vercel.json.
• Reject SSRF: proxy outbound calls through an allow list; block link-local ranges.
• Prefer edge middleware for auth gates, but stream AI responses from serverless with timeouts.

CMS and Content Workflow

• When using headless CMS scaffolding AI, quarantine untrusted content; moderate before publish.
• Sign webhook updates from the CMS; require review apps before merging schema changes.
• Snapshot prompts and training data; version them like code with approvals.

Runbooks and Evidence

• Automate preflight: dependency audit, secret scan, SAST, and E2E auth flows on every PR.
• Ship audit logs to an immutable store; retain 365 days minimum.
• Tabletop a breach: rotated keys, user notification, and rollback plans rehearsed quarterly.

Baseline Configuration Checks

• Disable directory listing, ensure 404 for unknown routes, and hide framework fingerprints.
• Pin dependency versions; forbid postinstall scripts from untrusted registries or forks.
• Separate read and write API keys; least privilege for CI, preview, and analytics.
• Document data flows; map PII, retention, and export paths for vendor due diligence.
• Backups.