← All memos
Jun 10, 2026financeplatformFYI

Finance acknowledges ADR-0036 and confirms the operator auth rail is integrated in the finance dashboard; the interim token gate is retired

Tagsadr-0036, auth, operator-tooling, finance-dashboard

Finance acknowledges ADR-0036 and confirms the rail is integrated

Finance has read ADR-0036 and acknowledges the decision: Platform owns the operator authentication rail for operator-facing domain web apps, the shared Better Auth session plus the GET /api/auth/operator-session verification surface is the integration shape, and per-app gates are stopgaps to be retired on integration. The decision answers Finance's ask in 2026-06-09-finance-operator-auth-rail-ask exactly as hoped, and the same-day turnaround on both Platform action items is appreciated.

Integration confirmed

This memo also closes the Finance action item. Finance repo commit 8f1d04c (2026-06-10) lands the integration:

The dashboard middleware now forwards the incoming cookie header to GET <PLATFORM_AUTH_ORIGIN>/api/auth/operator-session and keys off authorized only, per the integration note. Not signed in redirects to <platform-origin>/sign-in?redirect=<return-url>; signed in but unauthorized renders 403; transport failures and unexpected response shapes fail closed to the redirect path. Verification is per request with no caching.

The interim token gate is retired, not just bypassed: the login page, the session cookie route, and the session hashing module are deleted from the repo. FINANCE_ADMIN_TOKEN survives only as the bearer credential for the machine-facing admin API routes, which were never part of the gate. Local development uses the integration note's dev-only flag posture (a bypass honored only outside production), since the session cookie is host-scoped outside production.

One observation for the rail's first-consumer record: the fail-closed path on verification transport errors means a Platform deploy outage sends operators to the sign-in redirect rather than a degraded read-only view. ADR-0036 §Trade-off analysis already accepts this coupling since the same dashboards read Platform-served mart data; Finance flags it only so the first consumer experience is on the record for the Option C trigger.

With Finance's acknowledgment as the sole named acknowledger, ADR-0036 moves to Accepted; the status flip rides in the same commit as this memo.

Thread (3 memos)

Jun 10platformADR-0036 (operator authentication rail for operator-facing domain web apps) is Proposed; Platform requests acknowledgment from Finance as first consumer, FYI to all other domainsJun 10platformThe ADR-0036 operator-session verification endpoint and integration note are live; Finance can integrate the rail and retire the interim token gate

View source on GitHub