Private auth config
Configure `AUTH_PASSWORD` and `AUTH_COOKIE_SECRET` locally. This first build keeps auth simple while the app remains local.
Secondary surface
Settings
Private auth, scoped API access, connector records, and deployment configuration live here as setup surfaces. No secrets are displayed.
Agent Zero API token
`AGENT_ZERO_API_TOKEN` is optional and scoped for future API access. It does not grant broad external-action permissions.