No fake login
Auth is intentionally excluded. The app is ready to inherit upstream identity.
Security posture for the platform foundation.
Current static mode stores data locally in the browser. Production requires account gateway, database persistence, object storage, rate limits, audit retention, and encryption controls.
Local storage only
Vault data is browser-local until real persistence is wired.
Headers and CSP
Netlify headers are included as a hardening baseline.
Proof scripts
Validation scripts validate template contracts, pages, and API behavior.
Next production gate
Wire database, storage, payments, e-sign, email, and auth.
Data caution
Do not store sensitive production client documents in static localStorage-only mode.