What does a real programmer do when Google blocks their project???

No Google is going to tell me what to do, and even less so block my project. By the way, the message from Google itself reads something like this:

"We're blocking your project because something happened that violated our policies. Fix it and let us know, and we'll unblock it..."

After this message, of course, everything was clear to me, and the clearest thing was that I'd better change the API keys and create a new project. Even better. I'll delegate this to my virtual developer, which I already have configured. He knows the code, knows how to use Google's Firestore database. He'll handle it in no time...

And so I did. Happy that I outsmarted Google, I went back to my tasks. And I was happy like that for two days. Until Google blocked my newly created project. Ohhh... that's not nice.

Following the old principle "When all else fails, read the instructions," I created a security specialist (AI, of course) who scrutinized the entire project. And the cat was let out of the bag.

It turned out that the functions/.env file wasn't added to .gitignore - explanation for mortals: there was a potential risk of data leakage. This file was created at some point by my AI developer. Although the repositories are private, there was a potential risk...

So you need to apply the old Cheka principle: ChK - If you're young, google it yourself ;-)

"Trust but verify"

I must admit that a security agent is not a bad idea. Apart from this most important problem, it also found several others + a few tips for improving application security.

All have been implemented! I must admit, this was a valuable lesson.

The code for future applications will also first be analyzed by our new security employee. More and more of these AI employees ;-)