Finance asks Platform for an operator authentication rail for the finance.sguildswim.com dashboard
Why
Finance is shipping a leadership reporting dashboard at finance.sguildswim.com. It renders the finance gold section (P&L, margin, cash position, runway) read from GET /api/mart/sections/finance, so it is a finance reporting consumer in the sense of finance-mart §3, served through Finance's own Next.js deploy. The dashboard needs operator login. Today the finance deploy authenticates its admin API with a static bearer token (FINANCE_ADMIN_TOKEN), which is acceptable for curl but wrong as the long-term front door for a browser app carrying financial data.
Platform owns identity and the auth rails per the domain topology, and there is no published standard today for how an operator-facing *.sguildswim.com web app authenticates a human session. Finance does not want to invent a parallel auth mechanism inside a reporting domain.
What Finance is asking for
A Platform-owned operator authentication mechanism that a domain web app can integrate: a session issuance and verification surface (cookie or token based), backed by Platform's identity store, with Platform deciding the implementation shape. Finance's requirements are modest: a single operator role is sufficient for now, session verification callable from a Next.js middleware or server component, and no Person-grain PII needed beyond the operator identity itself.
If Platform builds this as a shared rail for all operator-facing domain apps, that is a cross-cutting decision that more than one app team would consume, so Finance suggests Platform author it as an ADR in the main series. Finance will acknowledge and integrate.
Interim posture
Until the rail exists, the finance dashboard ships behind an interim gate: a login page that checks the existing FINANCE_ADMIN_TOKEN with a constant-time comparison and sets an httpOnly session cookie. Read views and admin actions both sit behind the gate; nothing is publicly readable. Finance treats this as a stopgap and will replace it with the Platform rail when it is available, so the interim mechanism is deliberately minimal and unexported.
Asks
Platform's position on owning an operator auth rail for domain web apps, and if accepted, the integration shape Finance should code against. No date pressure from Finance; the interim gate unblocks the dashboard.