FIELD NOTE 01
Identity and access
Access tokens use pinned verification, refresh tokens are stored as hashes and rotated atomically, and password resets revoke refresh sessions. Sensitive artifact endpoints verify ownership and hide cross-account existence.
- Hashed refresh sessions
- Atomic rotation
- Owner-scoped artifacts