- Hardcoded authority assignments
- No authority wildcard support (authority.images.*)
- No dynamic permission UI
- Cookie can be manually modified
- No persistent storage
- No audit logging
- No authority grouping
- No centralized permission service
- No permission caching layer
- No multi-tenant support
- Sidebar links are not dynamically filtered
- No testing suite
- Prisma integration
- Authority management dashboard
- Role bundles (authority groups)
- Wildcard permission support
- Secure authentication provider
- Server-only permission validation layer