Session
Get the current session
Resolution order: (1) a real, credentialed jt_session cookie whose org still exists and whose user is still a member ⇒ that identity; (2) otherwise, ONLY when the zero-auth dev session is allowed (never in production — readiness.ts hard-gates it, and JT_DISABLE_DEV_SESSION=true can additionally lock down an internet-exposed staging), auto-provision a single default org and mint a cookie for it; (3) otherwise 401. role is always resolved server-side from the membership store, never trusted from the cookie.
Get the current session