Security model

Trust boundaries

Generation

• generate / generate-batch: JWT + org membership + project editor
• generation-webhook: shared secret or provider signature; SSRF allow-list on output URLs
• generation-process: project editor (aligned with cancel)
• Credit RPCs: service_role only

Billing

• Plan changes in production: apply_billing_subscription via verified webhooks
• update_organization_plan: gated by private.platform_settings.self_serve_billing (off by default; seed enables for local mock)

Tables

generation_jobs, credit_balances, credit_transactions — SELECT for org members; no authenticated INSERT on jobs.

See Production hardening for the full backlog and P0/P1 checklist.