Security
MFA readiness, session audit, IP allowlist, secrets, CSRF/rate-limit readiness, and production locks.
MFA
totp-ready
warnSession audits
1
Readiness checks
| Check | Status | Detail |
|---|---|---|
| Persistence mode | warn | Embedded seed DB, run production migration before launch |
| Database URL | warn | Running embedded seed DB |
| Stripe secret | warn | Stripe secret missing |
| Stripe webhook secret | warn | Webhook secret missing |
| Key encryption secret | warn | Using fallback development secret |
| Session secret | warn | Using fallback development secret |
| IP allowlist | warn | No allowlist configured |
Session audit
| Admin | Event | IP | Date |
|---|---|---|---|
| [email protected] | login | 127.0.0.1 | 6/30/2026, 9:15:00 AM |