diff --git a/apps/bff/src/app/bootstrap.ts b/apps/bff/src/app/bootstrap.ts
index 88e040c4..2254f72b 100644
--- a/apps/bff/src/app/bootstrap.ts
+++ b/apps/bff/src/app/bootstrap.ts
@@ -125,55 +125,7 @@ export async function bootstrap(): Promise<INestApplication> {
 
   const port = Number(configService.get("BFF_PORT", 4000));
 
-  // #region agent log
-  fetch("http://127.0.0.1:7242/ingest/a683e422-cfe7-4556-a583-809fbfbeeb4a", {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      location: "bootstrap.ts:before-listen",
-      message: "About to call app.listen",
-      data: { port },
-      timestamp: Date.now(),
-      sessionId: "debug-session",
-      hypothesisId: "D",
-    }),
-  }).catch(() => {});
-  // #endregion
-
-  try {
-    await app.listen(port, "0.0.0.0");
-    // #region agent log
-    fetch("http://127.0.0.1:7242/ingest/a683e422-cfe7-4556-a583-809fbfbeeb4a", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        location: "bootstrap.ts:after-listen",
-        message: "app.listen completed",
-        data: { port },
-        timestamp: Date.now(),
-        sessionId: "debug-session",
-        hypothesisId: "D",
-      }),
-    }).catch(() => {});
-    // #endregion
-  } catch (listenError) {
-    const err = listenError as Error;
-    // #region agent log
-    fetch("http://127.0.0.1:7242/ingest/a683e422-cfe7-4556-a583-809fbfbeeb4a", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        location: "bootstrap.ts:listen-error",
-        message: "app.listen failed",
-        data: { error: err?.message, stack: err?.stack, name: err?.name },
-        timestamp: Date.now(),
-        sessionId: "debug-session",
-        hypothesisId: "D",
-      }),
-    }).catch(() => {});
-    // #endregion
-    throw listenError;
-  }
+  await app.listen(port, "0.0.0.0");
 
   // Enhanced startup information
   logger.log(`🚀 BFF API running on: http://localhost:${port}/api`);
diff --git a/apps/bff/src/core/security/controllers/csrf.controller.ts b/apps/bff/src/core/security/controllers/csrf.controller.ts
index f6c19b21..48da2324 100644
--- a/apps/bff/src/core/security/controllers/csrf.controller.ts
+++ b/apps/bff/src/core/security/controllers/csrf.controller.ts
@@ -22,83 +22,35 @@ export class CsrfController {
   @Public()
   @Get("token")
   getCsrfToken(@Req() req: AuthenticatedRequest, @Res() res: Response) {
-    // #region agent log
-    fetch("http://127.0.0.1:7242/ingest/a683e422-cfe7-4556-a583-809fbfbeeb4a", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        location: "csrf.controller.ts:getCsrfToken-entry",
-        message: "CSRF token endpoint called",
-        data: {},
-        timestamp: Date.now(),
-        sessionId: "debug-session",
-        hypothesisId: "A",
-      }),
-    }).catch(() => {});
-    // #endregion
-    try {
-      const sessionId = this.extractSessionId(req) || undefined;
-      const userId = req.user?.id;
+    const sessionId = this.extractSessionId(req) || undefined;
+    const userId = req.user?.id;
 
-      // Generate new CSRF token
-      const tokenData = this.csrfService.generateToken(undefined, sessionId, userId);
-      const isProduction = this.configService.get("NODE_ENV") === "production";
-      const cookieName = this.csrfService.getCookieName();
+    // Generate new CSRF token
+    const tokenData = this.csrfService.generateToken(undefined, sessionId, userId);
+    const isProduction = this.configService.get("NODE_ENV") === "production";
+    const cookieName = this.csrfService.getCookieName();
 
-      // Set CSRF secret in secure cookie
-      res.cookie(cookieName, tokenData.secret, {
-        httpOnly: true,
-        secure: isProduction,
-        sameSite: "strict",
-        maxAge: this.csrfService.getTokenTtl(),
-        path: "/api",
-      });
+    // Set CSRF secret in secure cookie
+    res.cookie(cookieName, tokenData.secret, {
+      httpOnly: true,
+      secure: isProduction,
+      sameSite: "strict",
+      maxAge: this.csrfService.getTokenTtl(),
+      path: "/api",
+    });
 
-      this.logger.debug("CSRF token requested", {
-        userId,
-        sessionId,
-        userAgent: req.get("user-agent"),
-        ip: req.ip,
-      });
+    this.logger.debug("CSRF token requested", {
+      userId,
+      sessionId,
+      userAgent: req.get("user-agent"),
+      ip: req.ip,
+    });
 
-      // #region agent log
-      fetch("http://127.0.0.1:7242/ingest/a683e422-cfe7-4556-a583-809fbfbeeb4a", {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          location: "csrf.controller.ts:getCsrfToken-success",
-          message: "CSRF token generated successfully",
-          data: { hasToken: !!tokenData.token },
-          timestamp: Date.now(),
-          sessionId: "debug-session",
-          hypothesisId: "A",
-        }),
-      }).catch(() => {});
-      // #endregion
-
-      return res.json({
-        success: true,
-        token: tokenData.token,
-        expiresAt: tokenData.expiresAt.toISOString(),
-      });
-    } catch (error) {
-      // #region agent log
-      const err = error as Error;
-      fetch("http://127.0.0.1:7242/ingest/a683e422-cfe7-4556-a583-809fbfbeeb4a", {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          location: "csrf.controller.ts:getCsrfToken-error",
-          message: "CSRF token generation failed",
-          data: { error: err?.message, stack: err?.stack },
-          timestamp: Date.now(),
-          sessionId: "debug-session",
-          hypothesisId: "A",
-        }),
-      }).catch(() => {});
-      // #endregion
-      throw error;
-    }
+    return res.json({
+      success: true,
+      token: tokenData.token,
+      expiresAt: tokenData.expiresAt.toISOString(),
+    });
   }
 
   @Public()