# Project Memories & Security Notes

## Security
- **Admin Seed Route**: The route `/api/admin/seed` MUST remain restricted to `development` environment only. It allows creating a Super Admin without authentication.
- **Middleware Protection**: Admin API routes (`/api/admin/*`) are protected by `admin_session` cookie verification. Failed verification returns 401 JSON.

## Repetitivas

- Sempre suba o container apos alteracaoes!
- Sempre verifique o terminal atrás de problemas de problemas no terminal