docs: enterprise refactor plan with ralph specs

dist/server/middleware/auth.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * API Key authentication middleware.
+ * Reads ABE_API_KEY env var; if not set, dev mode (no auth).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.apiKeyAuth = apiKeyAuth;
+function apiKeyAuth(req, res, next) {
+    const apiKey = process.env['ABE_API_KEY'];
+    if (!apiKey) {
+        // Dev mode: no auth required
+        next();
+        return;
+    }
+    const provided = req.headers['x-abe-api-key'];
+    if (!provided || provided !== apiKey) {
+        res.status(401).json({ error: 'Invalid or missing API key' });
+        return;
+    }
+    next();
+}