Skip to main content

Centralized SSO Token

Implemented as centralized web session via the Mekari Session SDK. Related SSO operational documentation (force-logout handbook, session reference) lives under ../sso.

Initiative owned by the Bifrost team. Replaces per-product web session handling with a single centralized session, integrated through the Mekari Session SDK (@mekari/sdk). Each Qontak web surface — Launchpad, Hub, Hub Chat v2, CRM — consumes the shared session and current-company state instead of managing auth/SSO locally. Driven by the Account & Launchpad squad (SDK / Session Manager owner); Hub, Hub Chat v2, and CRM are integration consumers.

Scope Changes

  • Frontend — Mekari Session SDK integration across Launchpad, Hub, Hub Chat v2, and CRM web frontends; replacing local auth/SSO/session logic with the shared SDK; current-company sync wiring.
  • Backend — current-company sync support for the Launchpad SDK integration (cross-repo RFC).

RFCs

The initiative is specified as one authoritative cross-repo RFC plus one per consuming surface. Each RFC has a co-located -review.md (rfc-reviewer report) and .task-breakdown.md.

QA Lane

Lane B — keeps a human QA gate. Security/isolation-sensitive: centralized authentication/session and cross-company (current-company) state shared across products; a silent failure could leak or cross sessions between companies. No E2E test specs exist for this initiative yet, so the Lane-A entry bar (100% E2E, spec-mapped coverage) is unmet regardless. Owner/classification: TBD, 2026-06-29.