Security Model
Security is enforced at multiple layers:
1. Authentication Layer
- JWT-based authentication
- HTTP-only secure cookies
- Token expiration
2. Device Enforcement
- Each login tied to a unique device ID
- Maximum active instances enforced
- Manual device revocation supported
3. Transport Security
- HTTPS encrypted communication
- Secure headers
4. Access Control
- Protected API routes
- Dashboard route validation
Security violations result in account suspension.