Public read-only API + scoped tokens (OAuth) #186
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Status: partial · Importance: High · Effort: L · Phase: 5–6
Bearer token is opaque session only;
TokenPurposelacks scopes; designedpublic.pynever built.Non-negotiable: Any scoped-token path routes through
person_visibility+ living-person redaction (NN#2/#3).Area: API & extensibility · P1 / should-have. From the product backlog gap analysis (docs/BACKLOG.md).