anonymous
preview-only access before worker login is enforced
Allowed
- #start
- #levels
- #role-quiz
- #role-guide
- #workers
- #guides
Blocked
- #profile
- #quests
- #forms
- #proof
- #admin
This page tracks the worker/admin privacy gate before the RaveFocus worker hub becomes a real production site. It confirms the protected route plan is prepared, while keeping the live site in public preview until Microsoft Entra roles are ready.
| # | Item | Status | Proof needed |
|---|---|---|---|
| 1 | configure Microsoft Entra authentication for Azure Static Web Apps | manual required | Azure Static Web Apps authentication provider is configured for Microsoft Entra ID |
| 2 | assign users to authenticated, worker, and admin roles | manual required | approved workers can sign in and admin-only users are assigned admin role |
| 3 | keep sensitive output files admin-only | prepared, not active | protected config gates /outputs/* to admin |
| 4 | keep data manifests signed-in only | prepared, not active | protected config gates /assets/data/* to authenticated/admin |
| 5 | replace preview password behavior with Microsoft sign-in status | manual/frontend follow-up | profile area displays signed-in Microsoft user state, not a mock password field |
| 6 | deploy protected config after roles are ready | waiting | set-static-web-app-auth-mode.ps1 -Mode apply has been run and deployed |
| 7 | verify authenticated and admin access | waiting | signed-in worker can reach worker areas and non-admin cannot reach /outputs/* |
preview-only access before worker login is enforced
approved worker baseline after Microsoft sign-in
assigned worker role; actual quest access still depends on role seat and admin approval
Jupiter/admin operations, review queues, setup guides, proof routing, and sensitive index oversight
| # | Route | Allowed roles | Current state |
|---|---|---|---|
| 1 | /outputs/* |
|
prepared only |
| 2 | /assets/data/* |
|
prepared only |
| 3 | /api/* |
|
prepared only |