TravelMate Admin
Trusted access for back-office decisions.
Flow 2.1 now enforces protected routes with seeded admin roles, MFA where required, and an auditable mock session model that mirrors the real back-office shape.
Auth scope
Role-aware access, MFA challenge flow, signed session cookies, and finance-only route protection are active.
Mock environment note
Local verification uses seeded admin fixtures, but credentials are intentionally not exposed on the sign-in surface.
Admin Access