Harden public routing and production security by DevCalebR · Pull Request #75 · DevCalebR/callbackcloser

DevCalebR · 2026-05-25T18:26:54Z

Summary

make public CTA and auth routing intentional for logged-out visitors, signed-in owners, and founder/admin pilot setup
add a dedicated public pilot entrypoint plus clear Create account / Sign in / Start Free Pilot messaging across the public site
harden authenticated mutations and production logging with same-origin checks, sanitized Twilio/app logs, and production CSP headers
add regression coverage for public routing, admin/auth boundaries, webhook rejection, CSP headers, tenant-isolation wiring, and log sanitization

the public simulator still depends on explicit environment flags and a dedicated simulator business; it is safer now, but it remains an intentionally separate demo surface
the CSP is conservative but still allows Clerk and Stripe inline/script requirements; future third-party embeds will need to be added deliberately

vercel · 2026-05-25T18:26:59Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
callbackcloser	Ready	Preview, Comment	May 25, 2026 6:27pm

Harden public routing and production security

7833bdc

vercel Bot deployed to Preview May 25, 2026 18:27 View deployment

DevCalebR merged commit 6613bc0 into main May 25, 2026
3 checks passed