Login
Local development authentication and Zerodha broker login entry point. The platform is local-first; broker credentials stay in backend-only configuration.
Local Access
Local-only authentication is acceptable for development. User accounts and role-based access will be added when the user model phase begins.
Zerodha Session
Zerodha is connected for Bharat Shripad Banavalikar. Profile, funds, holdings, and orders now read from the encrypted session.
Secret Handling
API secrets are stored in `.env`, never returned to the frontend, and broker access tokens are encrypted before persistence.