Workspace sign-in
Private access starts with a real session.
Obsign's private workspace now uses a database-backed session boundary with HTTP-only cookies, explicit actor context, and production-safe gating. Public pages stay open; private pact, vault, and dispute workflows do not.
Need to rotate a password? Request a reset link.
Invite-only access is the intended live posture. Need an account? Create one from an invite.
Session notes
Public pages remain open. Private routes require a session-bound actor.
Cookie scope is HTTP-only and same-site by default.
Profile switching is session-bound, not cookie-driven.
Local setup expects generated `AUTH_SECRET`, `VAULT_ENCRYPTION_KEY`, and `NEXT_SERVER_ACTIONS_ENCRYPTION_KEY` values.