Reference for how authentication, users, tenants, and per-tenant configuration work in sv0-platform. For the operational end-to-end flow, see [Authentication, end-to-end](../runbooks/authentication-end-to-end.md).
Quick-reference runbook for any agent, CI job, connector, or external script that needs to authenticate against the sv0-platform API. Covers the three live machine-auth paths and explicitly forbids replicating the deprecated personal-agent bridge.
Four-PR plan to delete the personal-agent bridge, collapse three super-admin allowlists to one, and clean up the legacy authMiddleware + OIDC + redirect/cookie env duplications. Reduction-only — no new features. The plan is itself a simplification of an earlier six-step draft that mirrored the accretion pattern it was trying to fix.
The single end-to-end overview of how authentication works on the sv0-platform. Read this first if you are a developer or agent landing here. Covers the human (cookie session) and machine (bearer JWT / API key) flows, the four-middleware pipeline, the network perimeter, and where each piece of code lives. Links to the deep-dive docs.