What's improved
- Legacy compatibility contact and journey-trigger routes now require
x-switchbord-compat-secretbefore they resolve the default workspace or write tenant data. - Middleware now lets the explicitly route-authenticated legacy compatibility paths reach their route-level shared-secret auth while keeping standard security headers applied.
- Compatibility route tests now cover unsigned rejection paths and signed happy paths.
Verification
pnpm --filter api test -- __tests__/compatibility.test.tspnpm --filter api typecheckpnpm lint