Broker-connected security for dry-run-first trading workflows

Broker credentials should never be exposed in public frontend routes or shared through support chats. Sensitive values belong in encrypted server-side storage with controlled access.

Dry-run mode gives users and operators a safer path to validate broker setup, symbol resolution, and risk checks before enabling live execution.

A broker-connected workflow should make it clear who sent a command, what the system parsed, which checks passed, who confirmed, and what the broker returned.