Multi-language firewall, IP allow/deny lists, and session management

The firewall now normalizes input with Unicode NFKC and evaluates rules across seven languages, closing bypasses that relied on alphabet swapping or compatibility characters. Tenants can define IP allow and deny lists with CIDR ranges, enforced at the edge before a request reaches the model pool. Administrators can list active sessions per device and revoke them individually, so a lost laptop is a two-click containment rather than a password reset.

No action required.