Auth app

The auth app owns sign-in, session cookies, API-key issuance, and role checks used by the portal and admin surfaces. It is infrastructure for the rest of Cuitty rather than a standalone observability module.

Responsibilities

• Bootstrap the first administrator for a new install
• Issue and revoke project API keys
• Maintain session state for browser users
• Expose authorization context to app and module routes

Operational notes

Production installs should run the portal over HTTPS so browser cookies can be marked secure. API keys are shown once when created; store them in your secret manager and rotate them from the portal when needed.