Security Model
Security controls are explicit and deterministic for local and server-hosted flows.
Token model
- Confirmation tokens are signed and time-bound.
- Tokens include binding context for safer resume behavior.
- Replay prevention can be strengthened by storing consumed `jti` values server-side.
Secret policy
- Set `SDF_PLAN_TOKEN_SECRET` in production environments.
- Development fallback is for local convenience only.
- Rotate secrets using your standard operational process.