Auth Contract

This page owns the authentication posture for this project.

Current Inbound Auth

ab-ticket-bot-jobs has no inbound HTTP interface
ab-ticket-bot-docs is publicly exposed at https://ab-ticket-bot-docs.mathbox.90.cz/
ab-ticket-bot-docs has no app-level login; publish only documentation that is safe for public access

Current Outbound Auth

WhatsApp Adapter uses Authorization: Bearer <token> from AUTO_SHIFT_LOCK_WHATSAPP_ADAPTER_API_TOKEN
Jira uses JIRA_EMAIL plus JIRA_API_TOKEN
scoped Jira tokens may also require JIRA_CLOUD_ID

Secret Handling

secrets are stored as encrypted SOPS files under secrets/local/ and secrets/prod/
plaintext .env.local and .env.server are materialized runtime artifacts only

Public Docs Change Rule

If the docs hostname, HAProxy route, TLS setup, or app-level auth posture changes, update this page together with docs/remote-server.md and the module runtime docs in the same change.

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search