Security and Compliance Rules Tile

Problem/Feature Description

A fintech startup needs to ensure that all AI-assisted code changes follow their security and compliance requirements. They have identified several categories of rules:

1. Secrets Management — Credentials and API keys must never be hardcoded or logged. This applies to every single piece of code the AI writes, without exception.

2. PCI-DSS Data Handling — When working with payment card data, the AI must always mask card numbers (show only last 4 digits), never store CVV values, and use encryption for data at rest. This only applies when the AI is working on code that handles payment data.

3. API Rate Limiting — All new API endpoints must include rate limiting middleware. Client-facing endpoints should be limited to 100 requests per minute, internal endpoints to 1000 requests per minute. This only applies when building or modifying API endpoints.

Create a Tessl tile at ./security-rules/ in workspace "fintech-co" named "fintech-co/security-compliance", version 1.0.0, summary "Security and compliance rules for fintech development". This should be a private tile.

Output Specification

Produce the complete tile directory at ./security-rules/ containing:

1. tile.json — properly configured manifest
2. Rule files for each category with appropriate content
3. Each rule file should contain concise, actionable constraints (not lengthy explanations)