* **Major Security Flaw:** The committed `google-services.json` exposes critical API keys, demanding immediate rotation and robust secrets management implementation. * **Networking Debt:** Refactor API calls in `SendMessageToServer` to use the request body, minimizing URL-based parameter exposure during POST requests. * **Configuration Management:** Externalize hardcoded URLs, like the Railway production endpoint, into secure environment configuration variables for flexibility. * **Credential Leak:** Remove all hardcoded Python credentials and placeholder paths from the `server/firebase-auth.py` script immediately. * **Architectural Clarity:** The codebase exhibits clear structural separation between the Expo/TSX frontend and the distinct Python backend utilities.
Detailed description is only visible to project members.