- **Security response headers:** Add `X-Content-Type-Options`, `X-Frame-Options`, `Strict-Transport-Security` in Caddy.
- **Security logging:** No audit trail for auth events, ACL changes, wiki deletions.
-
### Git remote push/pull security
-
Repository Management admin panel lets wiki owners store SSH keys that the platform executes. Should be gated or disabled in PLATFORM_MODE. Noted in [[Design/Admin_Panel_Reenablement]].
Repository Management panel hidden in PLATFORM_MODE (`@platform_mode_disabled` decorator + nav guard). Pull webhook also gated. `auto_push_if_enabled()` and `auto_pull_webhook()` return early in PLATFORM_MODE — prevents outbound SSH even if previously configured. Feature may be re-enabled with proper sandboxing if there's demand.
### Monitoring dashboard
Grafana or similar for service metrics. Currently health checks are binary (up/down) with no latency or throughput visibility.
