Email Delivery Monitoring
Monitor admin notifications and customer confirmations from Gmail. Failed email should not block database persistence.
IN_PROGRESS · MEDIUM
Trust Layer
Security and operational governance for serious systems.
A public view of access, backup, compliance, and operational security practices. Internal security checks can be managed in admin and summarized here.
Redirect Governance
Review active redirect records monthly so old campaign links resolve correctly and no unsafe destination is published.
PENDING · MEDIUM
Public Form Validation
Contact, support, and newsletter endpoints validate required fields and normalize email or priority before saving records.
PASSED · MEDIUM
Supabase Backup and Recovery Review
Confirm Supabase backup policy, recovery window, and export process before major data or schema changes.
IN_PROGRESS · HIGH
Production Environment Secrets
DATABASE_URL, DIRECT_URL, NEXTAUTH_SECRET, NEXTAUTH_URL, Gmail credentials, and ADMIN_PASSWORD are managed through Vercel environment variables for production.
PASSED · CRITICAL
Admin RBAC and Protected Routes
Admin routes require a valid NextAuth session. User roles are stored in the database and admin operations assert a server-side session before mutations.
PASSED · HIGH