Security is the product, not an afterthought.

TraceLayer is designed to slow down risky changes just enough to make them reviewable. It does not silently publish, overwrite, delete, restart, redirect, or post to social platforms.

Dry-run first

Preview what would happen before a write or deployment is allowed.

Conflict detection

Block stale local working copies when the live server has changed.

Manual approval

Publishing actions require explicit confirmation.

Scoped access

Server file workflows start from allowed workspaces, not unrestricted root access.

Security needs readable signals.

TraceLayer diagnostics use consistent severity colors so operators can scan quickly: safe work stays calm, review items stay visible, warnings stand out, and blocked actions are unmistakable.

The same language can be shared by public pages, the public app, admin diagnostics, link checks, redirect checks, and release evidence reports.

SafeApproved, current, read-only, or ready.

ReviewNeeds operator attention before publish.

WarningBroken link, missing metadata, stale state, or backup needed.

BlockedPrivate boundary, failed check, destructive action, or missing confirmation.

Automated link and accessibility checks belong in release review.

TraceLayer should catch broken internal links, missing assets, weak page structure, missing alt text, unlabeled forms, and stale redirect assumptions before public pages ship.

Technical Details

A crawler-style public site audit can run against the local TraceLayer server, follow discovered internal links, verify assets and 301 redirects, and emit a retained JSON report for release evidence.

Spider discovered pages

Follow links from the homepage and canonical route map instead of relying only on a hand-written checklist.

Check semantic basics

Require titles, descriptions, one primary heading, main landmarks, alt text, and labeled forms.

Preserve evidence

Write machine-readable reports so future releases can compare failures instead of rediscovering them.

Redirects are part of safety.

A 301 redirect tool belongs in the TraceLayer feature set because route changes are publishing changes. Old paths should be inventoried, reviewed, tested, and preserved when a page moves.

Plan 301 redirects before renaming public routes.
Show source path, target path, status code, and reason in review.
Run link checks against old and new paths before release.
Keep redirect records auditable and rollback-aware.

Security posture for self-hosted and hosted use.

TraceLayer is a PWA-first workflow OS that can run with your own infrastructure. Users should be able to choose local/self-hosted operation, a licensed public PWA tester path, or a managed cloud option without blurring security boundaries.

Self-hosted installs should keep server credentials, secrets, and private registry files on the server side.
The public PWA should use license numbers and entitlement checks without storing plaintext keys after activation.
Hosted/cloud operation should remain an option, not a requirement for running TraceLayer with your own server.
TraceLayer OS should be portable across servers, storage providers, WordPress roots, static sites, and custom infrastructure.

What TraceLayer will not do by default

TraceLayer is intentionally conservative. It is built for review and coordination before automation.

No automatic live publishing.
No silent overwrites.
No automatic social posting.
No unreviewed redirect changes.
No destructive sync behavior.
No unrestricted frontend file access.
No secrets in frontend code.

Settings lives with Safety / Audit because controls affect risk.

The app now has a centralized Settings area for appearance, menu customization, workflow defaults, integration visibility, developer details, privacy/data controls, and strict safety posture.

Technical Details

Preferences are local, versioned, non-secret, and separate from credentials. Sensitive preference changes such as disabling guardrails, enabling developer details, changing default server profile, or resetting preferences create local audit entries.

Menu customization

Hide unused modules, pin favorites, and keep advanced workflows out of the way.

Guardrail defaults

Keep confirmation gates, dry-run requirements, destructive-action blocking, and risk warnings visible.

No secret editor

Settings can show safe status and visibility controls, but raw credentials stay out of the public UI and general preferences.