AccessIQ is a security-sensitive reference project. The repository demonstrates an authorization-aware architecture, but it does not guarantee production-grade hardening out of the box.

Do not deploy this project to production without a full security review.

Users of this repository are responsible for implementing and validating:

• Secure Auth0 tenant configuration and claim design
• Strong secret management and credential rotation
• Encryption for data in transit and at rest
• Audit logging, monitoring, alerting, and incident response
• Dependency, container, and infrastructure vulnerability management
• Environment-specific hardening for backend, MCP, frontend, and database services

If you discover a security issue in this repository, report it privately to the project maintainers. Do not open a public issue with exploit details until the maintainers have had a reasonable chance to investigate and remediate the problem.