Site2API Studio is intended for authorized/public mapping only.

Do not publish:

• .env
• keys.txt
• generated data/, outputs/ or runs/
• real provider contracts from third-party websites
• API keys, cookies, tokens, session headers or private logs

Before deploying publicly, set strong values for:

ADMIN_PASSWORD=
MASTER_KEY=
JWT_SECRET=

The app includes basic private-host blocking and rate limiting, but it is not a security boundary. Run it with strict hosting limits and only enable browser automation where you understand the risk.