18 May 2026
Security hardening
- · Atomic max_views enforcement (closes parallel-view race)
- · NDA acceptance now strictly DB-backed; session bypass removed
- · Real client IP recovered from Cloudflare for audit logs + watermarks
- · Optional recipient verification on per-recipient links (single-use magic link to recipient_email)
- · Server-side baked watermark on downloaded PDFs (viewer email · IP · timestamp, diagonal, per page)
- · New public download endpoint at /v/[token]/doc/[id]/download
- · Rate limit on /q/[slug] (anti-enumeration) and /v/[token]/request-access
- · Webhook signing secrets encrypted at rest (AES-256-GCM)