Cloudflare-native security posture

The current product uses Cloudflare Pages for the public shell, Workers for intake handling, and D1 for build-plan request persistence. This keeps the early product compact and reduces credential sprawl.

The mounted-growth model also benefits from keeping operational boundaries clear: public content delivery, worker execution, and request storage are explicitly separated in the repo and deploy flow.