{ "slug": "apps/auth", "title": "Auth app", "description": "Identity, sessions, and authorization boundaries used by Cuitty apps.", "url": "https://cuitty.com/docs/apps/auth", "markdown_url": "https://cuitty.com/docs/apps/auth.md", "json_url": "https://cuitty.com/docs/apps/auth.json", "frontmatter": { "title": "Auth app", "description": "Identity, sessions, and authorization boundaries used by Cuitty apps.", "order": 1, "section": "Apps", "updatedAt": "2026-05-10" }, "headings": [ { "depth": 1, "slug": "auth-app", "text": "Auth app" }, { "depth": 2, "slug": "responsibilities", "text": "Responsibilities" }, { "depth": 2, "slug": "operational-notes", "text": "Operational notes" } ], "body_markdown": "# Auth app\n\nThe auth app owns sign-in, session cookies, API-key issuance, and role checks used by the portal and admin surfaces. It is infrastructure for the rest of Cuitty rather than a standalone observability module.\n\n## Responsibilities\n\n- Bootstrap the first administrator for a new install\n- Issue and revoke project API keys\n- Maintain session state for browser users\n- Expose authorization context to app and module routes\n\n## Operational notes\n\nProduction installs should run the portal over HTTPS so browser cookies can be marked secure. API keys are shown once when created; store them in your secret manager and rotate them from the portal when needed.", "body_html": "

Auth app

\n

The auth app owns sign-in, session cookies, API-key issuance, and role checks used by the portal and admin surfaces. It is infrastructure for the rest of Cuitty rather than a standalone observability module.

\n

Responsibilities

\n\n

Operational notes

\n

Production installs should run the portal over HTTPS so browser cookies can be marked secure. API keys are shown once when created; store them in your secret manager and rotate them from the portal when needed.

", "links_out": [] }