Track the path from current self-hosted appliance security posture to production-hardened 1.0.\n\nScope:\n- SECURITY.md threat model.\n- Document known gaps and deployment requirements.\n- Review admin console CSRF/log exposure posture.\n- Clarify decision log redaction guidance for PII-bearing inputs.\n- External security review / pentest before claiming production-hardening for direct internet-adjacent deployment.\n\nCurrent guidance remains: run behind a TLS reverse proxy, set a strong admin key, do not expose directly to the public internet.
Track the path from current self-hosted appliance security posture to production-hardened 1.0.\n\nScope:\n- SECURITY.md threat model.\n- Document known gaps and deployment requirements.\n- Review admin console CSRF/log exposure posture.\n- Clarify decision log redaction guidance for PII-bearing inputs.\n- External security review / pentest before claiming production-hardening for direct internet-adjacent deployment.\n\nCurrent guidance remains: run behind a TLS reverse proxy, set a strong admin key, do not expose directly to the public internet.