- No authentication is included for local development.
- Add authentication, authorization, HTTPS, access controls, audit logging, backup policies, and secret management before public deployment.
- Do not expose the app publicly without security review.
- Do not commit real datasets, secrets, or patient data.
- Keep MAMMAL command execution restricted to trusted configured commands.
- No raw SQL endpoints are included.
- Use parameterized SQL for database access.
MAMMAL execution is controlled by MAMMAL_COMMAND from .env. User-submitted scripts are not executed directly.