SECURITY

Tenant-first security posture with strict data separation.

Data access is scoped by tenant identifier and authenticated through OAuth flows with JWT-backed authorization.

Database and query paths enforce tenant-specific access control with no cross-tenant reads.

JWT OAuth support with role-based authorization gates for every protected operation.

Kubernetes policies, secret rotation, and observability through Prometheus metrics and alerts.