docs(plan): gateway admin token recovery flow #401

jason.woltje · 2026-04-05T05:06:09Z

jason.woltje commented

2026-04-05 05:06:09 +00:00

Plan document for mission cli-unification-20260404 task CU-03-01.

Captures the BetterAuth cookie-based admin token recovery design locked in Session 1: mosaic gateway login persists a session cookie, and mosaic gateway config recover-token / rotate-token reuse the existing POST /api/admin/tokens endpoint (no new server endpoints required — AdminGuard already accepts BetterAuth session cookies).

Sections: problem statement, design summary, surface contract (server + CLI commands + file touch list), installer fix preview for CU-03-06, test strategy for CU-03-07, and risks. Feasibility confirmed during investigation — AdminGuard.validateSession reads cookies via fromNodeHeaders.

Planning only — no runtime code changes.

Plan document for mission cli-unification-20260404 task CU-03-01. Captures the BetterAuth cookie-based admin token recovery design locked in Session 1: mosaic gateway login persists a session cookie, and mosaic gateway config recover-token / rotate-token reuse the existing POST /api/admin/tokens endpoint (no new server endpoints required — AdminGuard already accepts BetterAuth session cookies). Sections: problem statement, design summary, surface contract (server + CLI commands + file touch list), installer fix preview for CU-03-06, test strategy for CU-03-07, and risks. Feasibility confirmed during investigation — AdminGuard.validateSession reads cookies via fromNodeHeaders. Planning only — no runtime code changes.

jason.woltje added 1 commit 2026-04-05 05:06:10 +00:00

docs(plan): gateway admin token recovery flow

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

37545de79c

jason.woltje merged commit 651426cf2e into main

2026-04-05 05:11:34 +00:00

jason.woltje referenced this issue from a commit

2026-04-05 05:11:36 +00:00

docs(plan): gateway admin token recovery flow (#401)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaicstack/stack#401