Security
Security-first foundations.
You’re building the right way: auth-guarded modules, tenant separation, and branded tokens. Next we’ll wire signup + tenant provisioning and then tighten policies.
Tenant separation
Data access scoped to the active tenant (memberships and module assignments).
Theme tokens
Brand styling driven by safe variables instead of hard-coded colors.
Audit-ready approach
Clear ownership boundaries: tenant admin vs platform admin vs user preferences.
Next steps
Add RLS policies after signup provisioning is stable and roles are finalised.