Authenticate to manage the platform
Uses the same magic-code flow as the main app. Codes set the `auth_token` cookie required by the secure admin endpoints.
Checking session…
The backend enforces RBAC (admin / super_admin) and immutable audit logs as defined in ADMIN.md.
Why this flow?
Magic-link redirect targets the main app. The admin console uses the code-based verifier so the cookie is set in this origin. Use your admin or super_admin account.
Direct login is disabled; use code-based verification only.