Objective
Protect the app if it grows beyond a tiny internal audience.
Tasks
- Decide whether network-level restriction is enough
- If not, add auth middleware appropriate for Workers
- Add workspace scoping if multiple teams will use the app
- Add audit logging for admin changes if config becomes mutable
Acceptance criteria
- Access model is documented
- Auth and scoping are only added if the distribution model requires them
Note
Do not front-load auth complexity if the audience is still small and internal.
Objective
Protect the app if it grows beyond a tiny internal audience.
Tasks
Acceptance criteria
Note
Do not front-load auth complexity if the audience is still small and internal.