From b4f88d2c47a9791fea9542a5ed39d533903d5ed1 Mon Sep 17 00:00:00 2001
From: jester <admin@zerolaghub.com>
Date: Sun, 28 Dec 2025 22:28:40 +0000
Subject: [PATCH] =?UTF-8?q?Add=20Auth=20&=20Portal=20Drift=20Guardrails=20?=
 =?UTF-8?q?-=20forbidden=20APIv1/Pterodactyl/CSRF/cookie=20patterns,=20enf?=
 =?UTF-8?q?orce=20Portal=E2=86=92JWT=E2=86=92APIv2=20flow?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ANTI_DRIFT.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/ANTI_DRIFT.md b/ANTI_DRIFT.md
index 68815f2..b211944 100644
--- a/ANTI_DRIFT.md
+++ b/ANTI_DRIFT.md
@@ -42,4 +42,17 @@ If no, remove it.
 If drift is detected:
 1. Revert the change
 2. Document why it was tempting
-3. Re-apply only what serves usability
\ No newline at end of file
+3. Re-apply only what serves usability
+
+## Auth & Portal Drift Guardrails
+
+The following are explicitly disallowed:
+
+- Reintroducing APIv1 endpoints
+- Reintroducing Pterodactyl-based auth
+- CSRF token logic
+- Cookie-based authentication
+- Server-side portal sessions
+
+All auth must flow:
+Portal → JWT → APIv2