Spam accounts overwhelmed my database. Claude found the weaknesses, Codex wrote the fixes, and I deployed a new defense.
The optional getCss loader option is serialized into the generated module, so it must be a self-contained function without closed-over variables.