063595be31
Covers the matrix laid out in the plan: * bootstrap admin lands as Owner * owner / admin / member access matrices on the default app * bearer pic_ key and cookie session resolve to the same Principal * read-only key cannot write (scope intersection) * bound key cannot escape its app * member listing isolation at SQL for /admin/apps + /admin/scripts * deactivating a user expires every API key for them * mint rejects bound key carrying instance:* scopes (422) * list_active_owners returns the right set for the startup warning Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
22 KiB
22 KiB