Why: protect admin endpoints with thalos session validation. What: add edge auth guard call to thalos session/me, preserve anonymous health endpoints, and add auth enforcement docs. Rule: keep identity ownership in thalos and standardize edge auth behavior.
Why: baseline pending admin config edge handlers and runtime assets before security wave. What: add set service window contracts/handlers, service adapter updates, and docs/docker assets. Rule: keep technical intent and align repository workflow.
