Validation & Security
- Zod schemas for forms and APIs (e.g.,
category/subcategory creation, credentials validation)
- Passwords hashed with bcrypt; sensitive env usage; Prisma client scoped per process
- Admin-only APIs short-circuit unauthorized requests with 401; typed payloads reduce misuse
