OlyBench

Oly Platform

Account creation

Create your OlyBench account

Account creation starts with a pending email state. The UI preserves safe invite, product, checkout, and OlyGrant intent without exposing raw tokens.

First-run setup

The next action stays inside the canonical OlyBench app and waits for backend identity, tenant, and capability checks.

Registration

The backend owns password validation, rate limits, user creation, verification token delivery, and non-enumerating errors.

POST /auth/register

Backend mutation contract only. CSRF/session handling remains server-owned.

Verification required before protected actions

These controls are intentionally blocked in the UI contract and must also fail closed on the backend.

pending_email

Buy or start checkout

Email verification must complete before checkout can be configured or started.

Blocks /api/checkout/sessions with billing.checkout.create

Invite teammates

Team invitations require a verified identity plus an owner or admin role in a validated workspace.

Blocks /app/workspaces/{workspace_id}/team/invitations with members.invite

Run reports or tools

Job submission requires verified identity, workspace scope, input validation, readiness, and entitlement checks.

Blocks /api/workspaces/{workspace_id}/jobs with jobs.create

Access product MCP

Product MCP requires the gateway to verify identity, capability, rate limits, and audit context.

Blocks MCP gateway with mcp.product.access