Security

• No autonomous fund movement.
• Every transaction is user-signed.
• Secrets stay server-side; service-role keys never ship to the browser.
• Ratings, checks, and decisions include deterministic hashes.