init
This commit is contained in:
kaspa
parent
678ff5eb19
commit
c59ad6cb70
28
README.md
28
README.md
|
|
@ -590,34 +590,6 @@ Bill Tracker intentionally separates full-system backups from user exports.
|
|||
|
||||
---
|
||||
|
||||
## Development Notes
|
||||
|
||||
When changing the app:
|
||||
|
||||
- Keep Profile as the user/account/data hub.
|
||||
- Keep Settings focused on app-level preferences.
|
||||
- Keep Admin tools admin-only.
|
||||
- Keep user import/export separate from admin backup/restore.
|
||||
- Do not expose admin backup tools to regular users.
|
||||
- Keep user ownership checks on all object routes.
|
||||
- Use existing Tailwind/shadcn/Radix patterns.
|
||||
- Update `HISTORY.md` when behavior changes.
|
||||
|
||||
---
|
||||
|
||||
## Limitations
|
||||
|
||||
Known limitations:
|
||||
|
||||
- Admin backup encryption is not implemented.
|
||||
- CSP is not fully implemented.
|
||||
- authentik live flow requires testing against a real authentik instance.
|
||||
- OIDC single logout is not implemented.
|
||||
- Rate limiting uses in-memory storage, suitable for single-instance deployments.
|
||||
- XLSX parsing remains a sensitive area and is mitigated through authentication, file limits, validation, and preview/apply flow.
|
||||
|
||||
---
|
||||
|
||||
## License
|
||||
|
||||
License: Not specified.
|
||||
|
|
|
|||
Loading…
Reference in New Issue