| Local auth | POST /auth/login, POST /auth/refresh, POST /auth/logout |
| Registration, signup, and recovery | POST /auth/register (development only), POST /auth/signup, POST /auth/verify-email, POST /auth/forgot-password, POST /auth/reset-password, POST /auth/resend-verification |
| Profile | GET /auth/profile, PATCH /auth/profile, POST /auth/avatar, POST /auth/change-password |
| API keys | GET /auth/api-keys, POST /auth/api-keys, PATCH /auth/api-keys/{id}, DELETE /auth/api-keys/{id} |
| OAuth | GET /auth/google, GET /auth/google/callback, GET /auth/github, GET /auth/github/callback |
| TOTP | POST /auth/totp/setup, POST /auth/totp/verify-setup, POST /auth/totp/verify, POST /auth/totp/disable |
| Workspace preference | GET /auth/workspaces, PATCH /auth/workspace |