> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.panicly.lol/llms.txt.
> For full documentation content, see https://docs.panicly.lol/llms-full.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.panicly.lol/_mcp/server.

# Known risks and drift

These notes are intentionally blunt. They prevent the docs from overpromising or flattening implementation drift.

Business logic is split across `apps/api/src/routes/*`, web dashboard API routes, web project API routes, and the web gateway catch-all.

The gateway handles key auth, quota, credit-backed capacity, rules, IP/geo/model enforcement, provider selection, and request logging.

Plan limits are request-based, but credit packages include log allowance language. Usage docs must normalize the terms.

The product talks broadly about providers, but project storage currently allows one provider-key row per project.

JSON fallback files under `.panicly/` can differ from Supabase-backed truth.

Dashboard auth uses WorkOS and sealed cookies. Chatbot auth uses separate NextAuth and guest-session logic.

The app is adapted from a template and still contains older labels, README text, and test expectations in places.

Current notes warn against claiming a complete light/dark pair without verifying implementation.

Some surfaces differ on extra request or log allowance wording. Verify intended billing semantics before publishing hard promises.

Acceptable for local bootstrap, risky if production envs drift into fallback behavior.

When in doubt, document what the system actually enforces in the gateway and dashboard backend, not only what the UI says.