// Generated code must be aligned with security headers (e.g. no unsave JS eval). The permissions policy is especially relevant when changing any code related with the `navigator` object.
How to create and structure packages in the Trezor Suite monorepo, including scopes and sizing guidance. Use when creating new packages or resolving cyclic dependencies.
publishConfig rules for public npm packages in the Trezor Suite monorepo. Use when adding or editing publishConfig, exports, or preparing a package for npm publishing.
Use when writing component or hook tests in suite-native and need to choose between renderWithBasicProvider, renderWithStoreProvider, or store helpers like createStoreFromPreloadedState, createLightStore, or mergePreloadedState.
Trigger on any mention of Trezor wallet interaction, crypto addresses, sending crypto, checking balances, signing messages, or hardware wallet operations via MCP. Also trigger when users mention configuring or troubleshooting the Trezor MCP server connection.
How to create and implement IndexedDB storage migrations in the Trezor Suite web app. Use when writing migrations that transform persisted data between Suite versions.
If-else formatting, spacing, function parameters, and conditional rendering rules for the Trezor Suite codebase. Use when writing or reviewing TypeScript/React code.
| name | security-headers |
| description | Generated code must be aligned with security headers (e.g. no unsave JS eval). The permissions policy is especially relevant when changing any code related with the `navigator` object. |
Start local server with production build and applied security headers:
yarn workspace @trezor/suite-web preview
Build web app and run the preview command:
yarn workspace @trezor/suite-web build:preview
or
root level command:
yarn suite:build:web:preview
usb=(self):
packages/connect/src/index-browser.ts (window.navigator.usb.requestDevice(...))packages/transport/src/transports/webusb.browser.tscamera=(self):
packages/suite/src/components/suite/modals/ReduxModal/UserContextModal/QrScannerModal/CameraQRReader.tsx (react-zxing camera scanner used for QR input)clipboard-write=(self):
packages/dom-utils/src/copyToClipboard.ts (navigator.clipboard.writeText(...))packages/analytics-docs/src/components/AddEventModal/CopyButton.tsxpackages/analytics-docs/src/components/EventCard.tsxlocal-network-access=(self):
packages/suite/src/hooks/suite/useLocalNetworkAccessPermission.ts (navigator.permissions.query({ name: 'local-network-access' }))packages/connect-web/src/impl/core-in-suite-desktop.ts (permission state check for websocket connectivity error handling)clipboard-read is intentionally not enabled because current direct usage is test-only (suite/e2e/tests/wallet/receive.test.ts) rather than Suite Web runtime behavior.
Disabled directives (=()) are intentionally blocked because there is no direct web runtime use at this time.
packages/suite-web/constants/webSecurityHeaders.tspackages/suite-web/types/securityHeaders.tsMDN references: