e9cd11735c
- Add userId guard in trace upsert to prevent cross-user overwrites - Move AUTH_SECRET, STRIPE_WEBHOOK_SECRET, POSTGRES_PASSWORD to .env - docker-compose.yml now references env vars instead of hardcoded secrets - Add .env.example with placeholder values for documentation