Spanish released

No-no, you run your VPS and deploy it there. So you define your storage, it can be homeVPS

I agree, though there is a difference in case you rovided and mine. It is a human-directed work. Thousands of libraries, Kubernetes, Kubernetes still live and license is valid.

Thanks for the suggestions, those are good points.

CSP is something I plan to tighten over time, but enabling a strict policy right now would require refactoring some inline JS patterns used in the templates. It’s definitely on the roadmap as part of security hardening.

Regarding CORS, the application currently runs as a same-origin server-rendered app rather than a cross-origin API, so CORS headers aren’t enabled by default. If external clients or integrations are added in the future, I’d likely introduce a restricted allowlist for specific API routes.

It is a greap project, mine is not a replacement, but a little bit different approach. It’s a self-hosted web application that you run on infrastructure you control and access from multiple devices. In Drip you can export or import data, but this step is a payment for privacy. Mine offers privacy but from a different perspective.

I do use AI tools while developing this project, but I also have a BSc in Computer Science. AI is a productivity tool.

Security is something I take seriously, especially since the project deals with health data. All code has test and you’re welcome to inspect the repository yourself or point out any specific security concerns if you notice them.

Regarding licensing: the AGPL license applies to the project as a whole regardless of the tools used to write parts of the code.

If you have concrete technical feedback or security issues, I’d genuinely appreciate it.