Security

Security controls include:

• HTTPS-only enforcement
• Security headers via Helmet (with fallback headers)
• Input validation and query sanitization
• Scope-based authorization
• Tenant boundary enforcement
• Optional IP allowlisting
• Request audit logs for forensic review

Sensitive internals are excluded from responses.