Security

Phase 1 security posture.

PulseLore Studio Phase 1 is primarily static and browser-local. Future account systems, uploads, and saved histories need server-side authentication before public use.

Current model

Current public tools use browser-only behavior where possible. Audio files selected in Music Meter are not uploaded by that page.

Future backend requirement

Any future file uploads, AI chat history, user accounts, or evidence archives must use server-side access control, storage rules, deletion controls, and audit logging.

Private routes

Soft locks are not high-security authentication. They are private access gates for limited personal or internal use until a real auth layer is added.