SECURITY Threat model (starter) Credential leakage (logs, UI, API, backups) Unauthorized LAN access to WebDAV/UI Path traversal and namespace escape Data corruption due to partial writes or cache eviction Denial-of-service due to throttling/backoff failures Baseline mitigations Secrets never emitted in logs/API; stored encrypted at rest Local auth + rate limiting; optional mTLS Strict path normalization; block internal namespaces Stage→verify→promote; job checkpoints and safe resume Adaptive tuning and safe mode transitions