Authentication and Permissions

Auth.js handles sign-in state and session cookies for authenticated surfaces.

Middleware enforces access-gate behavior and rewrites public handle routes.

Dashboard and cpanel surfaces enforce role checks server-side for protected actions.

UI visibility can reflect role state, but authorization decisions must remain server-authoritative.

For privileged changes, include documentation updates and validate migration requirements before deploy.