Security defaults
Argon2id hashing, strict cookies, CSRF via Auth.js, CSP/HSTS headers, and rate limiting across the stack.
Developers
A developer surface that looks as deliberate as the backend behind it.
API domains are organized by responsibility, and the page now presents security defaults, launch flows, and tenant context with the same clarity as the rest of the site.
Route groups
5+
Auth, orgs, products, downloads, audit, and internal ops.
Tenant model
Shared
Launch path
Signed
Prepared for downstream product handoff.
Launch bridge
Short-lived signed launch token flow prepared for OIDC bridge into product domains and downstream apps.
API domains
Routes are organized by auth, orgs, products, downloads, audit, and internal operations instead of one oversized mixed surface.
Tenant context
Core authentication and organization context stay shared across the full stack, keeping integrations consistent.