## Summary
- harden the web runtime with JSON body limits, stricter generation input validation, rate limiting, and trusted Origin/Referer checks for cookie-authenticated mutations
- redact password-reset tokens from debug email transport logs and fail closed for unsupported email providers
- scope generation idempotency keys per user with a Prisma migration and regression coverage
## Testing
- docker build -f infra/docker/web.Dockerfile -t nroxy-web-check .
- docker run --rm --entrypoint sh nroxy-web-check -lc "pnpm --filter @nproxy/providers test && pnpm --filter @nproxy/db test && pnpm --filter @nproxy/web test"
Closes#14Closes#7Closes#8
Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #21
Closes#2
## Summary
- make `markInvoicePaid` idempotent for already-paid invoices and reject invalid terminal transitions
- add admin actor metadata and audit-log writes for `mark-paid`, including replayed no-op calls
- add focused DB tests for first activation, replay safety, and invalid transition handling
- document the current payment system, including invoice creation, manual activation, quota reset, and current limitations
## Testing
- built `infra/docker/web.Dockerfile`
- ran `pnpm --filter @nproxy/db test` inside the built container
- verified `@nproxy/db build` and `@nproxy/web build` during the image build
Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #18
Closes#1
- hide exact quota values from GET /api/account
- keep only the approximate quota bucket in the public account payload
- add a regression test for the public account response contract
- document that completed tasks should end with a PR
Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #16
