This change hardens several security- and lifecycle-critical flows: CLI auth now issues expiring one-time auth codes and stores only a SHA-256 token hash (with legacy plaintext fallback), rate limiting tightens client IP trust rules and bounds in-memory limiter growth, and Turso provisioning paths add compensating database cleanup plus retry/backoff metadata. It improves resilience and safety around authentication, billing/membership ordering (Stripe seat billing after membership commit), and account deletion (treat external cleanup failures as retryable 502s, delete auth first, and report pending profile cleanup), and also fixes web build compatibility by removing a Node-only import. Concerns include medium-risk behavioral changes in auth/rate limiting/provisioning that could cause lockouts or mis-rate-limiting if proxy headers/env flags are misconfigured, edge cases around token-hash migration/legacy fallback, and potential for orphaned resources if cleanup paths fail or error handling/order changes differ from existing expectations.