Context: We need the Meshspaces UX to be fully implementable for humans, including login, initial admin setup, permissions, and safe switching between meshspaces. This issue is planning-only.
Goal: Review the current Canopy auth/session model and identify what must be decided or added for Meshspaces UI/UX to work cleanly.
Focus areas:
- new mesh creation -> initial admin bootstrap -> first login flow
- shell auth vs child runtime auth boundaries
- cookie/session/CSRF behavior across separate mesh runtimes
- per-mesh API keys, approval, quarantine, and permission posture
- dangerous actions and confirmation patterns for reset/archive/delete
- multi-tab and back-button confusion risks
Expected deliverable:
- Open a PR from a Copilot branch with a findings/spec report in
docs/meshspaces-review/auth-and-permissions.md
- Optionally improve existing docs where that clarifies current auth assumptions, but do not implement Meshspaces.
Ground rules:
- No new auth architecture implementation in this PR.
- Focus on requirements, edge cases, and UI/API contract gaps.
- Be explicit about what must remain per-mesh vs machine-global.
Context: We need the Meshspaces UX to be fully implementable for humans, including login, initial admin setup, permissions, and safe switching between meshspaces. This issue is planning-only.
Goal: Review the current Canopy auth/session model and identify what must be decided or added for Meshspaces UI/UX to work cleanly.
Focus areas:
Expected deliverable:
docs/meshspaces-review/auth-and-permissions.mdGround rules: