{"ok":true,"meta":{"generatedAt":"2026-06-30T13:15:57.108Z"},"data":{"version":"tzv3-security-v1","appLevelProtection":{"proxyMatcher":["/","/api/:path*"],"apiRateLimit":{"provider":"edge-memory","limit":100,"windowSeconds":60,"headers":["X-RateLimit-Limit","X-RateLimit-Remaining","X-RateLimit-Reset"],"enforcedOn":"/api/*"},"scrapingProtection":{"blockedUserAgents":["scrapy","beautifulsoup","httrack","sqlmap","nikto","masscan","zgrab","libwww-perl"],"smokeCheck":"curl -A Scrapy/2.11 https://domain.example/api/profiles should return 403"}},"externalProtectionRequired":{"cloudflareProxy":true,"wafManagedRules":true,"rateLimiting":true,"turnstileForSuspiciousTraffic":true,"mirrorMonitoring":true},"notes":["Local proxy protection reduces accidental scraping but does not replace Cloudflare WAF.","Production rate-limit state should move to Upstash Redis or Cloudflare rules before launch."]}}