Permissions
✓Tightened row-level permissions on board card comments — reads and writes are now strictly scoped to members of the card's project organization
✓Added a defense-in-depth check on comment creation so the caller must be a member of the target card's org, not just the author of the row
Dependencies
✓npm audit clean at release — zero known vulnerabilities across production dependencies