diff --git a/docs/server-audit.md b/docs/server-audit.md
index d22f8b6..11b8604 100644
--- a/docs/server-audit.md
+++ b/docs/server-audit.md
@@ -19,10 +19,12 @@
 
 ---
 
-## Phase 1 — Безопасность (Security Foundation)
+## Phase 1 — Безопасность (Security Foundation) ✅ Выполнена
 
 **Цель:** Закрыть векторы, через которые злоумышленник может получить полный доступ к системе.
 
+**Коммит:** `175224e` (ветка `dev`)
+
 > **Блокер для следующих фаз:** нет смысла строить валидацию и обработку ошибок поверх дыр в аутентификации и SQL.
 
 ### 1.1 🔴 Аутентификация на REST API
diff --git a/server/Fury/Modules/ErrorHandler/ErrorHandler.php b/server/Fury/Modules/ErrorHandler/ErrorHandler.php
index 6fac360..dbd2b05 100644
--- a/server/Fury/Modules/ErrorHandler/ErrorHandler.php
+++ b/server/Fury/Modules/ErrorHandler/ErrorHandler.php
@@ -23,7 +23,7 @@
 	public function __construct(){
 		$this -> important_errors = FCONF["error_handler"]["important_errors"];
 		
-		if(!FCONF["debug"]){
+		if(FCONF["debug"]){
 			error_reporting(-1);
 		}else{
 			error_reporting(0);
@@ -38,7 +38,7 @@
 	public function set_err_handler(){
 		set_error_handler([$this, "error_handler"], E_ALL);
 		register_shutdown_function([$this, "fatal_error_handler"]);
-		// set_exception_handler([$this, "exception_handler"]);
+		set_exception_handler([$this, "exception_handler"]);
 	}
 
 	// FIXME
diff --git a/server/Fury/Modules/ThinBuilder/ThinBuilder.php b/server/Fury/Modules/ThinBuilder/ThinBuilder.php
index 3892238..9cfecdc 100644
--- a/server/Fury/Modules/ThinBuilder/ThinBuilder.php
+++ b/server/Fury/Modules/ThinBuilder/ThinBuilder.php
@@ -26,10 +26,9 @@
 
 		$response = $this -> pdo -> query($sql);
 		if(!$response) {
-			$result = null;
-		} else {
-			$result = $fetch_func ? $response -> $fetch_func($fetch_func_param) : $response;
+			throw new \PDOException("Query execution failed: {$sql}");
 		}
+		$result = $fetch_func ? $response -> $fetch_func($fetch_func_param) : $response;
 
 		if($this -> history_enabled){
 			$this -> history -> add($sql, $result);
diff --git a/server/Fury/Modules/ThinBuilder/ThinBuilderProcessing.php b/server/Fury/Modules/ThinBuilder/ThinBuilderProcessing.php
index 1e987a2..3ec9103 100644
--- a/server/Fury/Modules/ThinBuilder/ThinBuilderProcessing.php
+++ b/server/Fury/Modules/ThinBuilder/ThinBuilderProcessing.php
@@ -31,6 +31,22 @@
 		$this -> history = new History();
 	}
 
+	public function beginTransaction(): bool {
+		return $this -> pdo -> beginTransaction();
+	}
+
+	public function commit(): bool {
+		return $this -> pdo -> commit();
+	}
+
+	public function rollBack(): bool {
+		return $this -> pdo -> rollBack();
+	}
+
+	public function inTransaction(): bool {
+		return $this -> pdo -> inTransaction();
+	}
+
 	protected function create_connect($db_conf){
 		$dblib = "{$db_conf['dblib']}:host={$db_conf['host']};dbname={$db_conf['dbname']};charset={$db_conf['charset']}";
 		$pdo = new \PDO($dblib, $db_conf['user'], $db_conf['password']);
diff --git a/server/SHServ/Helpers/Validator.php b/server/SHServ/Helpers/Validator.php
deleted file mode 100644
index 369c23f..0000000
--- a/server/SHServ/Helpers/Validator.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-
-namespace \SHServ\Helders;
-
-class Validator {
-	
-}
\ No newline at end of file
diff --git a/server/SHServ/Models/Areas.php b/server/SHServ/Models/Areas.php
index 503e76b..3579865 100644
--- a/server/SHServ/Models/Areas.php
+++ b/server/SHServ/Models/Areas.php
@@ -100,7 +100,4 @@
 		return $areas;
 	}
 
-	public function remove_obsolete(Array $real_exists, Array $exists_in_db) {
-		
-	}
 }
\ No newline at end of file
diff --git a/server/SHServ/Models/Devices.php b/server/SHServ/Models/Devices.php
index 0a98013..5591c31 100644
--- a/server/SHServ/Models/Devices.php
+++ b/server/SHServ/Models/Devices.php
@@ -27,58 +27,60 @@
 			];
 		}
 
-		// create in table devices
+		// generate token
+		$device_token = app() -> utils -> generate_token(16);
 
-		$device_id = app() -> thin_builder -> insert(Device::$table_name, [
-			"alias" => $alias,
-			"name" => $name,
-			"device_type" => $device_info["data"]["device_type"],
-			"device_ip" => $device_info["data"]["ip_address"],
-			"device_mac" => $device_info["data"]["mac_address"],
-			"device_hard_id" => $device_info["data"]["device_id"],
-			"firmware_version" => $device_info["data"]["firmware_version"],
-			"connection_status" => "active",
-			"status" => "active",
-			"description" => $description,
-			"last_contact" => date("Y-m-d H:i:s"),
-			"create_at" => date("Y-m-d H:i:s")
-		]);
+		try {
+			app() -> thin_builder -> beginTransaction();
 
-		$device = $device_id ? new Device($device_id) : null;
+			// create in table devices
+			$device_id = app() -> thin_builder -> insert(Device::$table_name, [
+				"alias" => $alias,
+				"name" => $name,
+				"device_type" => $device_info["data"]["device_type"],
+				"device_ip" => $device_info["data"]["ip_address"],
+				"device_mac" => $device_info["data"]["mac_address"],
+				"device_hard_id" => $device_info["data"]["device_id"],
+				"firmware_version" => $device_info["data"]["firmware_version"],
+				"connection_status" => "active",
+				"status" => "active",
+				"description" => $description,
+				"last_contact" => date("Y-m-d H:i:s"),
+				"create_at" => date("Y-m-d H:i:s")
+			]);
 
-		if(!$device) {
+			$device = $device_id ? new Device($device_id) : null;
+			if(!$device) {
+				throw new \Exception("Device insert failed");
+			}
+
+			// create in table device_auth
+			$device_auth = app() -> thin_builder -> insert(DeviceAuth::$table_name, [
+				"device_id" => $device -> id(),
+				"device_token" => $device_token,
+				"status" => "active",
+				"create_at" => date("Y-m-d H:i:s")
+			]);
+
+			if(!$device_auth) {
+				throw new \Exception("Device auth insert failed");
+			}
+
+			app() -> thin_builder -> commit();
+
+			$device -> set_device_token($device_token);
+			$device -> device_api() -> set_device_name($name);
+
+			return $device;
+		} catch (\Exception $e) {
+			if(app() -> thin_builder -> inTransaction()) {
+				app() -> thin_builder -> rollBack();
+			}
 			return [
 				"result" => false,
 				"err_alias" => "db_error"
 			];
 		}
-
-		// generate token
-		
-		$device_token = app() -> utils -> generate_token(16); 
-		
-		// create in table device_auth
-		
-		$device_auth = app() -> thin_builder -> insert(DeviceAuth::$table_name, [
-			"device_id" => $device -> id(),
-			"device_token" => $device_token,
-			"status" => "active",
-			"create_at" => date("Y-m-d H:i:s")
-		]);
-
-		if(!$device_auth) {
-			app() -> thin_builder -> delete(Device::$table_name, [ "id", "=", $device -> id() ]);
-
-			return [
-				"result" => false,
-				"err_alias" => "device_error_of_auth"
-			];
-		}
-
-		$device -> set_device_token($device_token);
-		$device -> device_api() -> set_device_name($name);
-
-		return $device;
 	}
 
 	public function resetup_device(Device $device) {
diff --git a/server/SHServ/Utils.php b/server/SHServ/Utils.php
index 193af12..11b0db0 100644
--- a/server/SHServ/Utils.php
+++ b/server/SHServ/Utils.php
@@ -11,9 +11,10 @@
 		return $tb_instance -> count($tablename, [ [$field_name, "=", $value] ]) ? true : false;
 	}
 
-	public function response_error(String $error_alias, Array $failed_fields = [], Array $extra = []) {
+	public function response_error(String $error_alias, Array $failed_fields = [], Array $extra = [], Int $status_code = 400) {
+		http_response_code($status_code);
 		header("Content-Type: application/json");
-		return json_encode(array_merge([		
+		return json_encode(array_merge([
 			"status" => false,
 			"error_alias" => $error_alias,
 			"failed_fields" => $failed_fields,