WHWord Hamster

WP7 Auth Foundation

Sharper words, tighter loops.

Word Hamster now runs with a restricted production auth posture: public signin for pre-provisioned users, no public signup, redirect sanitization, and a fail-closed protected surface.

Sign inCheck health JSON

Public marketing surface

This landing page is the public shell for early messaging, smoke tests, and deploy verification.

Public auth surface

Login remains public for invited users while production signup is temporarily disabled behind one shared policy path.

Protected app gate

The `/app` surface verifies a real Supabase session and still fails closed when auth config is missing.

Persistence API

WP6 adds a repository-controlled Drizzle path at `/api/lexicon` so migrations and live reads can be verified without dashboard edits.