## Overview Implement **TLS termination** in the Go Core and harden all security mechanisms described in the spec. ## Acceptance Criteria - [ ] Core manages TLS certificates and terminates HTTPS (HTTP/1.1 and HTTP/2) - [ ] Support for automatic certificate renewal (Let's Encrypt / ACME) - [ ] Header sanitization applied to all incoming requests - [ ] Workers run under restricted filesystem access (configurable) - [ ] Rate limiting enforced per IP and per token (configurable limits in `vyx.yaml`) - [ ] Global request timeout and maximum payload size limits - [ ] All access attempts logged with: `timestamp`, `route`, `user`, `status` ## References - Spec §7 – Security - Roadmap – Phase 3
Overview
Implement TLS termination in the Go Core and harden all security mechanisms described in the spec.
Acceptance Criteria
vyx.yaml)timestamp,route,user,statusReferences