Security
How Forge keeps tenants separated and actions protected.
Tenant isolation
All queries should scope by tenant_id and enforce access in the service layer.
Sessions
Use isolated session names for tenant app vs superadmin, secure cookie flags, and SameSite.
CSRF
Every POST form should include CSRF token verification.
Roles & permissions
Admin/manager gates for sensitive actions; read-only paths for standard users.
