Security
- Wallet signature nonce verification protects upload route.
- Per-IP and per-wallet rate limiting protects backend resources.
- Private keys and Pinata secrets remain server-side only.
- Role-scoped data rendering avoids leaking unrelated project activity.
Recommended: rotate secrets periodically and monitor API route behavior in production logs.