Ragnor Comerford db3683eb26 docs(rfc-002): scope auth ban + fix migration prefix (3rd review) ... Address the third review (4 points): 1. serve.auth conflict: the lower-trust auth ban applied too broadly. Scope it to servers.<name>.auth (client credential sourcing); serve.auth (secret-free server-side accept config) stays valid in a committed deployment manifest. Tightened the same wording in section 6 and 7 for consistency. 2. legacy URI split preserves the path prefix: strip only the trailing /graphs/{gid}; endpoint keeps host + any reverse-proxy path. 3. define the explicit-credential surface: a project-only server is unauthenticated/local-dev by default; authenticated use needs promotion to a trusted layer or an operator-supplied --token-from flag (future, listed in 10). 4. OAuth no longer leaks into the V3 CLI surface: login OAuth device flow marked V6 in the CLI bullet and the N11 breadboard row.		2026-06-02 14:20:32 +02:00
..
dev	docs(rfc-002): scope auth ban + fix migration prefix (3rd review)	2026-06-02 14:20:32 +02:00
releases	docs: rename runs.md/runs.rs → writes and repoint all references (#131)	2026-05-30 23:20:56 +02:00
user	Stored-query registry foundation + config/CLI RFC-002 (#128)	2026-06-01 22:50:31 +02:00