diff --git a/bandwidth-worker/docker-compose.yml b/bandwidth-worker/docker-compose.yml
index 61fc5f0..83b4883 100644
--- a/bandwidth-worker/docker-compose.yml
+++ b/bandwidth-worker/docker-compose.yml
@@ -6,6 +6,9 @@ services:
     restart: unless-stopped
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - ALL
+    user: "1000:1000"
     env_file: .env
     networks:
       - edge
diff --git a/bandwidth-worker/worker.py b/bandwidth-worker/worker.py
index 8cde8b7..1692e85 100644
--- a/bandwidth-worker/worker.py
+++ b/bandwidth-worker/worker.py
@@ -24,6 +24,10 @@ FRPS_PASS = os.environ["FRPS_DASHBOARD_PASS"]
 SUPABASE_URL = os.environ.get("SUPABASE_URL", "http://supabase-kong:8000")
 SERVICE_ROLE = os.environ["SUPABASE_SERVICE_ROLE_KEY"]
 REDIS_URL = os.environ["REDIS_URL"]
+# TTL for the edge active-state cache key (tunnel:active:<sub>) read by the
+# Caddy forward_auth gate. Short so a deactivation propagates fast and a stale
+# "1" self-heals within one poll cycle; refreshed every poll while active.
+ACTIVE_TTL = int(os.environ.get("ACTIVE_STATE_TTL_SECONDS", "45"))
 
 logging.basicConfig(
     level=logging.INFO,
@@ -98,6 +102,13 @@ def enforce_quota(client: httpx.Client, subdomain: str, row: dict[str, Any], new
         except Exception as e:
             log.warning("redis auth-cache invalidate failed for %s: %s", subdomain, e)
 
+    # Flip the edge active-state key so the Caddy forward_auth gate denies the
+    # next request (within ~1 request) even on a still-connected tunnel.
+    try:
+        rds.set(f"tunnel:active:{subdomain}", "0", ex=ACTIVE_TTL)
+    except Exception as e:
+        log.warning("redis active-state deactivate failed for %s: %s", subdomain, e)
+
     log.warning(
         "QUOTA EXCEEDED: subdomain=%s used=%d quota=%d -> deactivated",
         subdomain, new_used, quota,
@@ -145,16 +156,49 @@ def record_delta(client: httpx.Client, subdomain: str, delta: int) -> None:
 
     enforce_quota(client, subdomain, row, new_used)
 
+    # Keep the edge active-state key fresh so the forward_auth gate has a hot,
+    # authoritative value (covers reactivation and TTL expiry of an active key).
+    quota = int(row.get("quota_bytes") or 0)
+    active_now = bool(row.get("is_active")) and (quota <= 0 or new_used < quota)
+    try:
+        rds.set(f"tunnel:active:{subdomain}", "1" if active_now else "0", ex=ACTIVE_TTL)
+    except Exception as e:
+        log.warning("redis active-state refresh failed for %s: %s", subdomain, e)
+
+
+_schema_checked = False
+
+
+def assert_api_schema(proxies: list[dict[str, Any]]) -> None:
+    """Fail loud if the frps dashboard API stops returning the expected
+    camelCase traffic fields (e.g. after an frps upgrade), so the quota
+    accounting bug cannot silently return."""
+    global _schema_checked
+    if _schema_checked or not proxies:
+        return
+    sample = proxies[0]
+    if "todayTrafficIn" not in sample:
+        log.error(
+            "frps API schema mismatch: 'todayTrafficIn' missing from "
+            "proxy keys=%s; quota accounting is DISABLED until the field "
+            "names are fixed",
+            sorted(sample.keys()),
+        )
+    else:
+        log.info("frps API schema OK: todayTrafficIn present")
+    _schema_checked = True
+
 
 def poll_once(client: httpx.Client) -> None:
     proxies = fetch_proxies(client)
     log.info("poll: %d proxies", len(proxies))
+    assert_api_schema(proxies)
     for p in proxies:
         name = p.get("name") or ""
         if not name:
             continue
-        traffic_in = int(p.get("today_traffic_in") or 0)
-        traffic_out = int(p.get("today_traffic_out") or 0)
+        traffic_in = int(p.get("todayTrafficIn") or 0)
+        traffic_out = int(p.get("todayTrafficOut") or 0)
         total = traffic_in + traffic_out
         prev = previous_total(name)
         delta = total - prev
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 77c683f..b66683f 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -20,11 +20,104 @@
 		Referrer-Policy "no-referrer"
 		Permissions-Policy "geolocation=(), microphone=(), camera=()"
 		Cross-Origin-Opener-Policy "same-origin"
+		# SECURITY (R6/W6): ENFORCING Content-Security-Policy for the prod Next.js
+		# dashboard (app.linumiq.net) and the apex redirect. 'unsafe-inline' is
+		# required for Next.js App-Router inline flight-data <script> tags (no nonce)
+		# and React/styled inline styles; the prod bundle uses no eval so
+		# 'unsafe-eval' is intentionally omitted. connect-src is pinned to the
+		# prod Supabase API host (REST/auth/storage over https + realtime over wss).
+		Content-Security-Policy "default-src 'self'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' data: https:; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://api.linumiq.net wss://api.linumiq.net; worker-src 'self' blob:; object-src 'none'"
 		-Server
 		-X-Powered-By
 	}
 }
 
+# API hosts (api / api-dev) serve only JSON - no HTML/UI - so CSP is set to an
+# ENFORCING, maximally-restrictive policy. The Next.js app/app-dev hosts keep
+# Content-Security-Policy-Report-Only (above) until the real UI report stream
+# is validated.
+(security_headers_api) {
+	header {
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		X-Content-Type-Options "nosniff"
+		X-Frame-Options "SAMEORIGIN"
+		Referrer-Policy "no-referrer"
+		Permissions-Policy "geolocation=(), microphone=(), camera=()"
+		Cross-Origin-Opener-Policy "same-origin"
+		Content-Security-Policy "default-src 'none'; frame-ancestors 'none'"
+		-Server
+		-X-Powered-By
+	}
+}
+
+# Dev dashboard CSP: identical to (security_headers) but connect-src is pinned to
+# the DEV Supabase API host (api-dev.linumiq.net) over https + wss.
+(security_headers_app_dev) {
+	header {
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+		X-Content-Type-Options "nosniff"
+		X-Frame-Options "SAMEORIGIN"
+		Referrer-Policy "no-referrer"
+		Permissions-Policy "geolocation=(), microphone=(), camera=()"
+		Cross-Origin-Opener-Policy "same-origin"
+		Content-Security-Policy "default-src 'self'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' data: https:; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://api-dev.linumiq.net wss://api-dev.linumiq.net; worker-src 'self' blob:; object-src 'none'"
+		-Server
+		-X-Powered-By
+	}
+}
+
+# SECURITY (R6): reject machine-only webhook functions (auth-webhook /
+# stripe-webhook) and encoded-traversal evasion at the public edge.
+#
+# Robustness goal: Caddy and the Kong upstream normalize URIs differently
+# (Kong collapses duplicate slashes and decodes %2f/%2e; Caddy's raw matcher
+# does not). A path-literal, single-slash guard is therefore bypassable with
+# extra slashes (e.g. //functions//v1//auth-webhook , /functions/v1//auth-webhook)
+# or with percent-encoding. We close every normalization gap by matching on
+# BOTH the raw, un-normalized request target ({http.request.orig_uri}, for the
+# encoded tricks) AND the Caddy-decoded path ({http.request.uri.path}, which
+# neutralises letter-encoding and slash collapsing). The function names are
+# internal-only and are never legitimately referenced from the public edge, so
+# ANY request mentioning them - at any slash count, case, or encoding - is
+# rejected (403). We additionally reject any /functions/ request whose raw
+# target carries encoded dot/slash/backslash sequences (%2e %2f %5c, their
+# double-encoded forms %252e %252f, or a literal ..).
+# get-node intentionally stays public for the Home Assistant add-on.
+(block_internal_functions) {
+	@block_functions expression `{http.request.orig_uri}.matches("(?i)(auth-webhook|stripe-webhook)") || {http.request.uri.path}.matches("(?i)(auth-webhook|stripe-webhook)") || {http.request.orig_uri}.matches("(?i)^/+functions/+v1/+(auth-webhook|stripe-webhook)([/?]|$)") || {http.request.orig_uri}.matches("(?i)/+functions.*(%252e|%252f|%2e|%2f|%5c|\\.\\.)")`
+	respond @block_functions 403
+}
+
+# SECURITY (edge rate limiting): per-client-IP request throttling for the
+# first-party app/api surfaces. The stock caddy:2.10.2-alpine image ships no
+# rate limiter, so this config is served by a custom build that adds
+# github.com/mholt/caddy-ratelimit. Two zones are evaluated per request and the
+# tighter matching zone wins:
+#   - sensitive_per_ip: low ceiling for the machine/auth endpoints
+#     (/functions/* and /auth/*) that get probed (webhooks, token issuance).
+#   - api_per_ip: a more generous ceiling for ordinary app/api traffic.
+# Keyed on {remote_host} (the real client IP - Caddy is the internet-facing
+# edge). Over-limit requests receive 429 with an automatic Retry-After header.
+# Deliberately NOT imported into the tunnel vhosts (*.linumiq.net /
+# *.dev.linumiq.net) so Home Assistant streaming/websocket traffic is untouched.
+(rate_limit_api) {
+	rate_limit {
+		zone sensitive_per_ip {
+			match {
+				path /functions/* /auth/*
+			}
+			key {remote_host}
+			events 8
+			window 1s
+		}
+		zone api_per_ip {
+			key {remote_host}
+			events 20
+			window 1s
+		}
+	}
+}
+
 # Apex -> dashboard redirect
 linumiq.net {
 	tls {
@@ -40,7 +133,8 @@ app.linumiq.net {
 		on_demand
 	}
 	import security_headers
-	reverse_proxy web:3000
+	import rate_limit_api
+	reverse_proxy web-prod:3000
 }
 
 # Reserved hostname: Supabase API (Kong)
@@ -48,14 +142,10 @@ api.linumiq.net {
 	tls {
 		on_demand
 	}
-	import security_headers
-	# SECURITY (R2): block machine-only webhook functions from the public edge.
-	# auth-webhook and stripe-webhook are invoked internally over the docker
-	# network (supabase-edge-functions:9000) and must never be callable from the
-	# internet. get-node stays public for the Home Assistant add-on.
-	@blocked_webhooks path /functions/v1/auth-webhook* /functions/v1/stripe-webhook*
-	respond @blocked_webhooks 403
-	reverse_proxy supabase-kong:8000
+	import security_headers_api
+	import block_internal_functions
+	import rate_limit_api
+	reverse_proxy kong-prod:8000
 }
 
 # Wildcard tunnel subdomains -> frps vhost HTTP. Per-name HTTP-01 issued on first hit.
@@ -66,7 +156,42 @@ api.linumiq.net {
 		on_demand
 	}
 	header Strict-Transport-Security "max-age=31536000; includeSubDomains"
-	reverse_proxy frps:7080
+
+	# SECURITY (C2): live quota / active-state enforcement at the edge. frps OSS
+	# reuses an established work connection and never re-consults the auth webhook
+	# mid-stream, so a still-connected, over-quota tunnel would otherwise keep
+	# serving 200 indefinitely. We gate every tunnel request through the
+	# tunnel-active edge function (an O(1) redis lookup of tunnel:active:<sub>),
+	# which returns 200 while active+under-quota and 403 once the bandwidth worker
+	# deactivates the tunnel. The worker flips the redis key on deactivation, so a
+	# live tunnel stops serving within ~1 request without the client reconnecting.
+	#
+	# FAIL OPEN: forward_auth only blocks on a definite 403. If the auth endpoint
+	# is unreachable/times out (dial error, 5xx) the request is allowed through by
+	# the handle_errors block below (re-proxied straight to frps) so a backend
+	# outage never takes healthy tunnels (incl. Home Assistant) offline. This hop
+	# is NOT added to app/api/apex (their own vhost blocks). forward_auth gates
+	# every normal HTTP request; the upgrade hop is exempted just below.
+	# Websocket/upgrade requests skip the auth subrequest: Caddy's forward_auth
+	# proxies the original Upgrade headers to the auth backend and tries to do
+	# the websocket handshake against it (502). The HA dashboard HTML/API still
+	# loads over plain HTTP (fully gated), and frps re-validates every
+	# NewWorkConn, so exempting only the upgrade hop is safe and keeps HA
+	# websockets working.
+	@httponly not header Upgrade *
+	forward_auth @httponly supabase-edge-functions:9000 {
+		uri /tunnel-active
+		transport http {
+			dial_timeout 2s
+			response_header_timeout 2s
+		}
+	}
+	reverse_proxy frps-prod:7080
+
+	handle_errors {
+		@authdown expression `{http.error.status_code} in [502, 503, 504]`
+		reverse_proxy @authdown frps-prod:7080
+	}
 }
 
 # ============================================================================
@@ -81,7 +206,8 @@ app-dev.linumiq.net {
 	tls {
 		on_demand
 	}
-	import security_headers
+	import security_headers_app_dev
+	import rate_limit_api
 	reverse_proxy web-dev:3000
 }
 
@@ -90,10 +216,10 @@ api-dev.linumiq.net {
 	tls {
 		on_demand
 	}
-	import security_headers
-	@blocked_webhooks path /functions/v1/auth-webhook* /functions/v1/stripe-webhook*
-	respond @blocked_webhooks 403
-	reverse_proxy supabase-dev-kong:8000
+	import security_headers_api
+	import block_internal_functions
+	import rate_limit_api
+	reverse_proxy kong-dev:8000
 }
 
 # Dev wildcard tunnel subdomains -> dev frps vhost HTTP. More specific than
@@ -104,5 +230,38 @@ api-dev.linumiq.net {
 		on_demand
 	}
 	header Strict-Transport-Security "max-age=31536000; includeSubDomains"
+
+	# SECURITY (C2): live quota / active-state enforcement at the edge - dev
+	# mirror of the *.linumiq.net gate. Gates every tunnel request through the
+	# dev tunnel-active edge function (O(1) redis-dev lookup of
+	# tunnel:active:<sub>) so a still-connected, over-quota dev tunnel is denied
+	# within ~1 request without the client reconnecting. FAIL OPEN: a backend
+	# outage re-proxies straight to frps-dev (handle_errors) so it never takes
+	# healthy dev tunnels offline. Websocket/upgrade requests skip the auth
+	# subrequest (HA websockets); frps-dev re-validates every NewWorkConn.
+	@httponly not header Upgrade *
+	forward_auth @httponly supabase-dev-edge-functions:9000 {
+		uri /tunnel-active
+		transport http {
+			dial_timeout 2s
+			response_header_timeout 2s
+		}
+	}
 	reverse_proxy frps-dev:7080
+
+	handle_errors {
+		@authdown expression `{http.error.status_code} in [502, 503, 504]`
+		reverse_proxy @authdown frps-dev:7080
+	}
+}
+
+# SECURITY (R6): exact-vhost enforcement / catch-all. Any HTTPS request whose
+# Host header does not match one of the explicit site blocks above - including
+# FQDN trailing-dot evasion like "api.linumiq.net." - is rejected here with 403
+# instead of falling through to Caddy's default empty 200 response. This ensures
+# only known vhosts are served and closes the trailing-dot Host bypass.
+:443 {
+	respond 403 {
+		close
+	}
 }
diff --git a/caddy/docker-compose.yml b/caddy/docker-compose.yml
index acb6f27..0ee5d0a 100644
--- a/caddy/docker-compose.yml
+++ b/caddy/docker-compose.yml
@@ -1,6 +1,10 @@
 services:
   caddy:
-    image: caddy:2.10.2-alpine
+    image: caddy-ratelimit:2.10.2
+    # Custom build: stock caddy:2.10.2 + github.com/mholt/caddy-ratelimit.
+    build:
+      context: .
+      dockerfile: Dockerfile.ratelimit
     container_name: caddy
     restart: unless-stopped
     security_opt:
diff --git a/dev/bandwidth-worker/docker-compose.yml b/dev/bandwidth-worker/docker-compose.yml
index 637697e..af465aa 100644
--- a/dev/bandwidth-worker/docker-compose.yml
+++ b/dev/bandwidth-worker/docker-compose.yml
@@ -1,12 +1,15 @@
 name: bandwidth-worker-dev
 services:
-  bandwidth-worker:
+  bandwidth-worker-dev:
     build: .
     image: bandwidth-worker-dev:1.0.0
     container_name: bandwidth-worker-dev
     restart: unless-stopped
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - ALL
+    user: "1000:1000"
     env_file: .env
     networks:
       - dev_edge
diff --git a/dev/bandwidth-worker/worker.py b/dev/bandwidth-worker/worker.py
index 8cde8b7..1692e85 100644
--- a/dev/bandwidth-worker/worker.py
+++ b/dev/bandwidth-worker/worker.py
@@ -24,6 +24,10 @@ FRPS_PASS = os.environ["FRPS_DASHBOARD_PASS"]
 SUPABASE_URL = os.environ.get("SUPABASE_URL", "http://supabase-kong:8000")
 SERVICE_ROLE = os.environ["SUPABASE_SERVICE_ROLE_KEY"]
 REDIS_URL = os.environ["REDIS_URL"]
+# TTL for the edge active-state cache key (tunnel:active:<sub>) read by the
+# Caddy forward_auth gate. Short so a deactivation propagates fast and a stale
+# "1" self-heals within one poll cycle; refreshed every poll while active.
+ACTIVE_TTL = int(os.environ.get("ACTIVE_STATE_TTL_SECONDS", "45"))
 
 logging.basicConfig(
     level=logging.INFO,
@@ -98,6 +102,13 @@ def enforce_quota(client: httpx.Client, subdomain: str, row: dict[str, Any], new
         except Exception as e:
             log.warning("redis auth-cache invalidate failed for %s: %s", subdomain, e)
 
+    # Flip the edge active-state key so the Caddy forward_auth gate denies the
+    # next request (within ~1 request) even on a still-connected tunnel.
+    try:
+        rds.set(f"tunnel:active:{subdomain}", "0", ex=ACTIVE_TTL)
+    except Exception as e:
+        log.warning("redis active-state deactivate failed for %s: %s", subdomain, e)
+
     log.warning(
         "QUOTA EXCEEDED: subdomain=%s used=%d quota=%d -> deactivated",
         subdomain, new_used, quota,
@@ -145,16 +156,49 @@ def record_delta(client: httpx.Client, subdomain: str, delta: int) -> None:
 
     enforce_quota(client, subdomain, row, new_used)
 
+    # Keep the edge active-state key fresh so the forward_auth gate has a hot,
+    # authoritative value (covers reactivation and TTL expiry of an active key).
+    quota = int(row.get("quota_bytes") or 0)
+    active_now = bool(row.get("is_active")) and (quota <= 0 or new_used < quota)
+    try:
+        rds.set(f"tunnel:active:{subdomain}", "1" if active_now else "0", ex=ACTIVE_TTL)
+    except Exception as e:
+        log.warning("redis active-state refresh failed for %s: %s", subdomain, e)
+
+
+_schema_checked = False
+
+
+def assert_api_schema(proxies: list[dict[str, Any]]) -> None:
+    """Fail loud if the frps dashboard API stops returning the expected
+    camelCase traffic fields (e.g. after an frps upgrade), so the quota
+    accounting bug cannot silently return."""
+    global _schema_checked
+    if _schema_checked or not proxies:
+        return
+    sample = proxies[0]
+    if "todayTrafficIn" not in sample:
+        log.error(
+            "frps API schema mismatch: 'todayTrafficIn' missing from "
+            "proxy keys=%s; quota accounting is DISABLED until the field "
+            "names are fixed",
+            sorted(sample.keys()),
+        )
+    else:
+        log.info("frps API schema OK: todayTrafficIn present")
+    _schema_checked = True
+
 
 def poll_once(client: httpx.Client) -> None:
     proxies = fetch_proxies(client)
     log.info("poll: %d proxies", len(proxies))
+    assert_api_schema(proxies)
     for p in proxies:
         name = p.get("name") or ""
         if not name:
             continue
-        traffic_in = int(p.get("today_traffic_in") or 0)
-        traffic_out = int(p.get("today_traffic_out") or 0)
+        traffic_in = int(p.get("todayTrafficIn") or 0)
+        traffic_out = int(p.get("todayTrafficOut") or 0)
         total = traffic_in + traffic_out
         prev = previous_total(name)
         delta = total - prev
diff --git a/dev/frps/docker-compose.yml b/dev/frps/docker-compose.yml
index 1e6fd0d..3bd6886 100644
--- a/dev/frps/docker-compose.yml
+++ b/dev/frps/docker-compose.yml
@@ -1,6 +1,6 @@
 name: frps-dev
 services:
-  frps:
+  frps-dev:
     image: snowdreamtech/frps:0.65.0
     container_name: frps-dev
     restart: unless-stopped
@@ -8,7 +8,7 @@ services:
       - no-new-privileges:true
     ports:
       # Dev tunnel ingress (dev frpc clients connect here). Public port 7001.
-      - "7001:7001"
+      - "127.0.0.1:7001:7001"
       # Dashboard/API port 7500 unpublished. bandwidth-worker-dev reaches it
       # internally via frps-dev:7500 on the dev_edge network.
     volumes:
diff --git a/dev/redis/docker-compose.yml b/dev/redis/docker-compose.yml
index 6963532..220ca55 100644
--- a/dev/redis/docker-compose.yml
+++ b/dev/redis/docker-compose.yml
@@ -1,6 +1,6 @@
 name: redis-dev
 services:
-  redis:
+  redis-dev:
     image: redis:7.2-alpine
     container_name: redis-dev
     restart: unless-stopped
diff --git a/dev/stripe-stub/docker-compose.yml b/dev/stripe-stub/docker-compose.yml
index e2e1a54..6f32f46 100644
--- a/dev/stripe-stub/docker-compose.yml
+++ b/dev/stripe-stub/docker-compose.yml
@@ -1,12 +1,15 @@
 name: stripe-stub-dev
 services:
-  stripe-stub:
+  stripe-stub-dev:
     build: .
     image: stripe-stub-dev:1.0.0
     container_name: stripe-stub-dev
     restart: unless-stopped
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - ALL
+    user: "1000:1000"
     env_file: .env
     networks:
       - dev_edge
diff --git a/dev/supabase/docker-compose.override.yml b/dev/supabase/docker-compose.override.yml
index 4321294..82ea66c 100644
--- a/dev/supabase/docker-compose.override.yml
+++ b/dev/supabase/docker-compose.override.yml
@@ -1,13 +1,39 @@
 # Dev override: attach kong + edge functions to the external "dev_edge" network
 # so the shared Caddy and the dev frps can reach them by DNS name, and set the
 # dev tunnel base domain for the on-demand-TLS authorizer + frps auth plugin.
+#
+# COLLISION-PROOFING (alias-residual elimination):
+#  * The dev service KEYS are now globally unique (kong-dev / functions-dev), so
+#    the auto service-name alias on the Caddy-shared "dev_edge" network is the
+#    UNIQUE *-dev name -- a bare logical name (kong/functions) can never resolve
+#    to a dev container from Caddy.
+#  * The bare names are re-exposed ONLY on the internal project "default" network
+#    (which Caddy is NOT attached to) so every in-stack consumer that still uses
+#    http://kong:8000 / http://functions:9000 (kong.yml, edge-fn source, studio /
+#    functions env, vector) keeps resolving with zero changes.
 services:
-  kong:
-    networks: [default, dev_edge]
-  functions:
-    networks: [default, dev_edge]
+  kong-dev:
+    networks:
+      default:
+        aliases:
+          - kong
+      dev_edge:
+        aliases:
+          - kong-dev
+  functions-dev:
+    networks:
+      default:
+        aliases:
+          - functions
+      dev_edge:
+        aliases:
+          - functions-dev
+      ask-delegation: {}
     environment:
       TUNNEL_BASE_DOMAIN: dev.linumiq.net
 networks:
   dev_edge:
     external: true
+  # On-demand-TLS ask delegation network (shared with prod edge authorizer).
+  ask-delegation:
+    external: true
diff --git a/dev/supabase/docker-compose.yml b/dev/supabase/docker-compose.yml
index fcd0f26..6a2cfb3 100644
--- a/dev/supabase/docker-compose.yml
+++ b/dev/supabase/docker-compose.yml
@@ -46,7 +46,7 @@ services:
       # Uncomment to use Big Query backend for analytics
       # NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery
 
-  kong:
+  kong-dev:
     container_name: supabase-dev-kong
     image: kong:2.8.1
     restart: unless-stopped
@@ -62,7 +62,7 @@ services:
       KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml
       # https://github.com/supabase/cli/issues/14
       KONG_DNS_ORDER: LAST,A,CNAME
-      KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth
+      KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination
       KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
       KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
       SUPABASE_ANON_KEY: ${ANON_KEY}
@@ -299,7 +299,7 @@ services:
       PG_META_DB_USER: supabase_admin
       PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD}
 
-  functions:
+  functions-dev:
     container_name: supabase-dev-edge-functions
     image: supabase/edge-runtime:v1.58.3
     restart: unless-stopped
@@ -316,6 +316,7 @@ services:
       VERIFY_JWT: "${FUNCTIONS_VERIFY_JWT}"
       REDIS_URL: ${REDIS_URL}
       STRIPE_STUB_WEBHOOK_SECRET: ${STRIPE_STUB_WEBHOOK_SECRET}
+      AUTH_WEBHOOK_SECRET: ${AUTH_WEBHOOK_SECRET}
     volumes:
       - ./volumes/functions:/home/deno/functions:Z
     command:
diff --git a/frps/docker-compose.yml b/frps/docker-compose.yml
index dbab784..2a451bc 100644
--- a/frps/docker-compose.yml
+++ b/frps/docker-compose.yml
@@ -14,7 +14,9 @@ services:
       - ./frps.toml:/etc/frp/frps.toml:ro
     command: ["frps", "-c", "/etc/frp/frps.toml"]
     networks:
-      - edge
+      edge:
+        aliases:
+          - frps-prod
 networks:
   edge:
     external: true
diff --git a/stripe-stub/docker-compose.yml b/stripe-stub/docker-compose.yml
index d9ca7e0..fda389c 100644
--- a/stripe-stub/docker-compose.yml
+++ b/stripe-stub/docker-compose.yml
@@ -6,6 +6,9 @@ services:
     restart: unless-stopped
     security_opt:
       - no-new-privileges:true
+    cap_drop:
+      - ALL
+    user: "1000:1000"
     env_file: .env
     networks:
       - edge
diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml
index 513a567..cfcbf10 100644
--- a/supabase/docker-compose.yml
+++ b/supabase/docker-compose.yml
@@ -62,7 +62,7 @@ services:
       KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml
       # https://github.com/supabase/cli/issues/14
       KONG_DNS_ORDER: LAST,A,CNAME
-      KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth
+      KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination
       KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
       KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
       SUPABASE_ANON_KEY: ${ANON_KEY}
@@ -316,6 +316,7 @@ services:
       VERIFY_JWT: "${FUNCTIONS_VERIFY_JWT}"
       REDIS_URL: ${REDIS_URL}
       STRIPE_STUB_WEBHOOK_SECRET: ${STRIPE_STUB_WEBHOOK_SECRET}
+      AUTH_WEBHOOK_SECRET: ${AUTH_WEBHOOK_SECRET}
     volumes:
       - ./volumes/functions:/home/deno/functions:Z
     command: