- Design DNS/HTTP challenge verification flow (challenge signing, secret storage)
- Implement GitHub token/OIDC validation calls with proper error handling
- Update OpenAPI spec to document auth and publish endpoints with correct schemas
- Adjust error responses to match Problem JSON expectations per spec
- Re-test metrics and health outputs after auth refactor