- Prevent raw exception messages from being exposed to users
- Log full exceptions to stderr for admin review
- Return generic 'Internal Server Error' on failure
- Update hardcoded year to dynamic datetime.now().year
- Add regression test scripts/test_web_dashboard_security.py
- Update .jules/sentinel.md with security learning
- Added daisy.ns.cloudflare.com and rocco.ns.cloudflare.com to Cloudflare guide.
- Unified domain name to lengkundee01.org in CNAME and PWA guide.
- Verified active domain using dig.
- Updated sentinel journal with documentation learnings.
- Changed `check_authorized` in `scripts/telegram_deploy_bot.py` to fail closed (deny all) if `TELEGRAM_ALLOWED_USER_IDS` is unset or empty.
- Updated `scripts/TELEGRAM_BOT_SETUP.md` and `QUICK_DEPLOY.md` to document that `TELEGRAM_ALLOWED_USER_IDS` is now mandatory for bot access.
- Added Sentinel Journal entry in `.jules/sentinel.md` documenting the vulnerability and learning.
- Verified fix with reproduction script.
