Merge branch 'main' into feature/poe-provider

docs/channels/bluebubbles.md

@@ -218,6 +218,7 @@ Prefer `chat_guid` for stable routing:
 ## Security
 - Webhook requests are authenticated by comparing `guid`/`password` query params or headers against `channels.bluebubbles.password`. Requests from `localhost` are also accepted.
 - Keep the API password and webhook endpoint secret (treat them like credentials).
+- Localhost trust means a same-host reverse proxy can unintentionally bypass the password. If you proxy the gateway, require auth at the proxy and configure `gateway.trustedProxies`. See [Gateway security](/gateway/security#reverse-proxy-configuration).
 - Enable HTTPS + firewall rules on the BlueBubbles server if exposing it outside your LAN.
 
 ## Troubleshooting

docs/gateway/security-formal-verification.md

@@ -0,0 +1,12 @@
+---
+title: Formal Verification (Security Models)
+summary: Redirect to the canonical Formal Verification page.
+permalink: /gateway/security/formal-verification/
+---
+
+This page moved to: [/security/formal-verification/](/security/formal-verification/)
+
+<script>
+  // Best-effort client-side redirect for Mintlify/Next.
+  window.location.replace("/security/formal-verification/");
+</script>