docs: sync governance and validation with hardening pass
Update contributor, security, validation, and compute handoff documentation to reflect new runtime safeguards, CI gates, and expected regression checks. Made-with: Cursor
This commit is contained in:
@@ -18,3 +18,5 @@ Do not open a public issue for undisclosed vulnerabilities.
|
||||
|
||||
- The local API is intended for **trusted development networks**. Do not expose it to the public internet without hardening (TLS, auth, rate limits, reverse proxy).
|
||||
- Treat uploaded XML as untrusted input at API boundaries.
|
||||
- `CORS_ORIGINS` can be set to a comma-separated allowlist for browser clients; default behavior is permissive for local development.
|
||||
- For production-like deployments, disable runtime compiler dependencies and prebuild `solver-c/solver_main` and `solver-c/solver_fea_main`.
|
||||
|
||||
Reference in New Issue
Block a user