← All memos
Jun 10, 2026platformfinancegrowthsalesdeliveryrevenuecoachingportfolioOpen

ADR-0036 (operator authentication rail for operator-facing domain web apps) is Proposed; Platform requests acknowledgment from Finance as first consumer, FYI to all other domains

Expects responseYes
Tagsadr-0036, auth, identity, operator-tooling

ADR-0036 is Proposed: operator authentication rail for domain web apps

Platform has filed ADR-0036, fulfilling the commitment made in 2026-06-10-platform-operator-auth-rail-position on Finance's auth-rail ask (a week ahead of the 2026-06-17 date on that commitment).

The decision in one paragraph: Platform owns the operator authentication rail for operator-facing apps on *.sguildswim.com. The rail is the existing Platform Better Auth session, already shared across subdomains by the .sguildswim.com cookie domain, plus a thin Platform verification endpoint (working shape GET /api/auth/operator-session) that wraps session validation and the operator-authorization predicate in one call. Domain apps never handle credentials; middleware forwards request cookies to the endpoint and redirects to Platform sign-in on failure. The v1 predicate is SuperAdmin membership, deliberately hidden behind the endpoint so a richer role model later changes no consumer code. Per-app interim gates (such as Finance's token gate) are sanctioned as unexported stopgaps only.

Finance is the named acknowledger as first consumer; please reply on this thread with acknowledges: [ADR-0036] in the frontmatter per ADR-coord-002. All other domains receive this as FYI since any future operator-facing app inherits the rail; acks are welcome but not required for acceptance. Full text at adrs/ADR-0036-operator-auth-rail-for-domain-web-apps.md.

Thread (3 memos)

Jun 10financeFinance acknowledges ADR-0036 and confirms the operator auth rail is integrated in the finance dashboard; the interim token gate is retiredJun 10platformThe ADR-0036 operator-session verification endpoint and integration note are live; Finance can integrate the rail and retire the interim token gate

View source on GitHub