Security Fix

Find and fix security issues in $ARGUMENTS (or the whole app if no argument is given). Work through every step below in order. Every step that finds an issue must also fix it.

Step 1 — Map the attack surface

Read these files before checking anything:

• src/main.tsx / src/App.tsx — entry point, routing, auth gating
• vite.config.ts — dev server proxy, CORS, headers
• package.json — list of third-party dependencies
• Any file matching **/auth*, **/login*, **/token*, **/credential*

Identify:

• All pages/routes and whether each is behind an auth guard
• All places where external data enters the app (CDF SDK calls, fetch, user form input)
• All places where data is written back (CDF upsert, fetch POST/PUT/DELETE)