Auth shell / invite first

Enter your shell

Invite and membership persistence is modeled. Real sessions remain provider/env-gated until an auth provider is configured.

01

Admin creates invite.

02

Person receives link or code.

03

Person registers or logs in.

04

System binds the user to workspace, bundles, roles and scopes.

05

User lands in /me.

06

User sees only authorized scope.

Provider readiness

Statusconfigured
BlockerSupabase Auth helpers, canonical URLs and server env are configured. Founder traversal is still required before B1/D1 can be treated as accepted.
Required envAUTH_PUBLIC_URL, AUTH_CALLBACK_URL, NEXT_PUBLIC_SITE_URL, NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY or NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY, D1_FOUNDER_EMAIL
Persistenceactive
Migrationpr26_lio_shell_baseline + 0017_pr26_d1_dynamic_artifact_workspace.sql

Roles

OwnerAdminOperatorPartnerSupplierCustomerAdvisorCounselInvestorAuthorized resellerViewer

Invite model

Operator Demo Workspace

operator / workspace / active

Marketplace Supplier Scope

supplier / marketplace / active

Public Counsel Review Scope

counsel / gate / active