We ran a full audit of the user-facing app and tightened several layers of browser-level defense. Everything is invisible in normal use; nothing changes in how you work in Stela. A defense-in-depth pass across the app: Safer handling of external links — Links that arrive in Stela from outside sources are now strictly checked before they're made clickable. Anything unusual is shown as plain text instead of as a link. Signing in always lands you inside Stela — After you sign in, Stela will only ever send you to a page inside Stela itself — never to an external site. Stronger browser-level protections on every page — We extended and strengthened the standard browser security protections sent with every page, and added new monitoring that alerts us if anything in the app ever behaves in a way it shouldn't. Automated security scanning on every change — Every change to the app now runs through automated security scanning before it ships, plus recurring scans across the whole codebase, so common mistakes are caught before they can reach you.