Skip to content
ui.plan.ai

Auth & sessions

V1 browser auth uses Supabase Auth for plan.ai team members.

Browser session rule

Section titled “Browser session rule”
  • Use PKCE.
  • Persist the browser session in sessionStorage.
  • Do not use cookies as the default auth transport.
  • Do not use localStorage as the default session store.
  • Browser data access goes through Supabase RLS.

This follows the useful auth pattern from plan.ai-chat-turk as inspiration, while keeping the schema and product model specific to ui.plan.ai.

Identity boundary

Section titled “Identity boundary”

Team members authenticate as users. Agents authenticate with API keys. Agent scripts must not use team-member browser sessions.