Action needed
Security posture
Supabase RLS enabled
Row-level security on all tables
RevenueCat webhook verified
Signature validation active
Sentry DSN environment only
Not hardcoded in source
Anthropic API key rotation
Intentionally deferred — not urgent
GitHub repo visibility
Private
App Store Connect 2FA
Not yet verified
API keys
Supabase anon key
Client-side, safe to expose
Anthropic API key
Rotation deferred
RevenueCat public key
No rotation needed
Sentry DSN
In .env only
Incident log
No incidents recorded.
security