Identity & Access Strategy

1. Domain Architecture

Traffic segregation is the first line of defense.

Environment	URL	Audience	Access Control
Local	`localhost:3000`	Developers	Mock Users (Cookie Bypass)
Dev	`dev.singulardream.org`	Internal Team	Team Only (Magic Link or GitHub)
Staging	`stg.singulardream.org`	Stakeholders / QA	Magic Link Invites (Strict Allowlist)
Production	`singulardream.org`	Public / Residents	Permanent Accounts (Phone/Email)

Goal: Rapid iteration / Internal Alpha.

Audience: Core Team Only.
Can I preview here? Yes, for Internal reviews (e.g. "Hey, does this button look right?").
External Access? NO. Do not invite stakeholders here. It changes too fast and might be broken.
Emulator Note: External users CANNOT access the Emulator. It lives inside your computer. To show them work, you MUST deploy to Cloud Dev or Staging.

Goal: Demos, QA, and Selected Member Previews.

Strategy: Disposable Access via Magic Links.
Implementation:
Create a "Demo Account" in Staging (e.g., unit-101-demo).
When you want to demo to a stakeholder (or give a resident a "sneak peek"), send them a Magic Link to stg.singulardream.org.
Why? It is stable. It mirrors production. You can trust it won't crash during the demo.

Goal: Permanent Residency.

Strategy: Identity Claim Protocol.
Real users must "Claim" their unit via the Wizard.
Access is tied to the Unit Deed, not just the User.
Magic Links: Used only for Waitlist or Admin Emergency Access, not general login (use Phone/Email).

For your specific need (Demoing/Previewing):

Use Staging + Magic Links.

Version	Date	Author	Change
0.1.0	2026-01-29	Antigravity	Initial Audit & Metadata Injection