Hardcoded WebSocket endpoints without integrity validation

WebSocket endpoint URLs were hardcoded in the codebase. Once the connection was established, messages were consumed without integrity validation (no per-message signatures, no origin or token-bound validation), so a MITM or compromised CDN scenario that swapped the WebSocket destination or tampered with messages would not be detected by the client.

Increased blast radius if any layer between the client and the configured endpoint is compromised. State derived from WebSocket messages could be manipulated, leading to UI desync or user actions taken on falsified data.

• Move endpoint URLs into environment configuration rather than hardcoding.
• Sign WebSocket messages on the server or include a session-bound HMAC the client verifies.
• Validate the origin of incoming messages against the expected backend identity.

Ipal Network: Confirmed. Zealynx: Fixed.