{"summary":{"pass":1,"warn":3,"fail":0},"checks":[{"id":"jwt-secret","label":"JWT secret length","status":"pass","detail":"Length: 35 chars"},{"id":"node-env","label":"NODE_ENV","status":"warn","detail":"NODE_ENV=development","recommendation":"Set NODE_ENV=production in production deployments"},{"id":"cors","label":"CORS origins","status":"warn","detail":"18 non-localhost http:// origin(s) permitted","recommendation":"Prefer https:// for production origins"},{"id":"security-headers","label":"Security headers","status":"warn","detail":"helmet not installed; recommended headers missing: Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Content-Security-Policy, Referrer-Policy, Permissions-Policy","recommendation":"Run \"bun add helmet\" and call app.use(helmet())"}],"timestamp":"2026-06-13T12:40:22.792Z"}