Own authentication, identity, token handling, and account lifecycle flows across backend and Next proxy routes.
src/api/routes/auth.py
src/api/middleware/auth.py
src/api/auth/**
app/api/auth/**
login/register/refresh/logout/me
password reset and email verification
cookie and bearer-token handling
secure-by-default ownership checks
browser-readable auth cookies
auth flow drift between backend and dashboard bootstrap
token refresh semantics
targeted auth route verification
python -m compileall src/api
npm run build when touching Next auth routes
npm run build
never reduce auth rigor to simplify UI
treat credential handling as high-risk work
require human approval for breaking auth or session changes
Last updated 5 hours ago
