Principal access

Principal Login

This page doesn't authenticate you — it hands you off to the protected app host where identity is enforced upstream. WorkMan does not store your credentials and grants no runtime execution authority from this page.

Backend host https://app.ai-workman.ai
Auth model Upstream identity gate
Protected Surface

Continue to the protected app

You'll be redirected to the protected app host. The upstream identity gate verifies your session before any protected surface loads. No identity claim is accepted from the browser.

Continue to Principal Login

No account? This isn't a signup page. WorkMan Principal/Admin access is granted out-of-band by the upstream identity gate, not by a form on this page.

Local laptop MVP

Running WorkMan on this laptop?

The laptop-hosted WorkMan-on-WorkMan MVP serves the Principal Console from a loopback dev-proxy on this machine instead of the protected host above. Start the bring-up supervisor in a local terminal: 

WORKMAN_PROTECTED_APP_DEV_AUTH=1 \
  ./deploy/protected-app/local-bringup.sh

Then open the Principal Console in any browser tab. The dev-proxy strips and re-injects the synthetic identity header, so no extension is required:

Open local Principal Console (127.0.0.1:8090)

The dev-proxy is inert in production: it refuses to run unless WORKMAN_PROTECTED_APP_DEV_AUTH=1 is set and NODE_ENV is not production. The hosted adapter on 127.0.0.1:8443 still fails closed at HTTP 403 for any direct request without an identity header.

Back to WorkMan · GitHub