Bug Fixes & Stability

This release includes 2 updates focused on bug fixes & stability.

Bug Fixes

Secure demo API routes against unauthorized external acce...

Add origin/referer validation, CSRF-style session tokens, and fix IP extraction for /api/demo/scrape and /api/demo/crawl routes. External scripts and curl can no longer use these routes as an open proxy. - Add shared demo-security.ts with origin validation, HMAC token generation/verification, and

Route demo endpoint through unified consumer

The demo endpoint used mode "escalating" which routes to light_consumer_v2.process_escalating_scrape — a legacy engine that ignores max_tier, use_browser, and use_proxy controls. Switching to "unified" mode routes through unified_consumer.process_unified_scrape which passes the full options dict and