Page de preuve pour revue sécurité: contrôles implémentés, limites opérateur et non-claims explicites, sans exposer de secrets, tokens, hashes, IP ou user-agent.
read_only_open_buildauth:not registered in open mode
public endpoints are GET-oriented; Pro writes live only behind the separate Pro service
token_in_url:falsestorage:sessionStorage
separate /api/pro/v1 service with scoped API keys
tokens_echoed:falsesecrets_in_payloads:false
security posture exposes controls and evidence links, never keys, hashes, IPs, user agents or request bodies
only trusted funds are eligible for scores, consensus and watchlist signals