Bot protection strategy for all public-facing forms. Primary is Vercel's built-in Bot Protection (Firewall). Cloudflare Turnstile is retained as a backup/supplemental layer. Turnstile files not yet built in codebase.
Static code analysis that catches anti-patterns, security shortcuts, and failure handling gaps that functional testing misses
Canonical step-by-step runbook for rotating any API key or secret across all ChurchWiseAI portfolio surfaces. Mandatory — no rotation begins without consulting this document.
Complete audit of every protection mechanism for the ChurchWiseAI chatbot and voice agent, with gap analysis and the test/baseline/benchmark framework definition.
Incident response for exposed API keys or unauthorized access — immediate key rotation, scope assessment, Supabase RLS audit, customer notification if required, and post-incident review
Safely rotate a compromised or expiring API key across Vercel env vars, voice agent WSL config, and any downstream services — with zero-downtime swap procedure
Source of truth for all Supabase Auth redirect URLs. Any change to the Supabase dashboard must be reflected here.
Index of technical ops runbooks — DB migrations, performance, embedding regeneration, error triage, security incidents, Stripe webhook debugging, view refresh, cost audit, backup verification, and running tests