/v1/auth/logoutDelete the caller's `Session` row and clear the cookie. Previously this only deleted the cookie — leaving the server-side `Session` row intact. A stolen bearer (or a copy of the cookie value) could then be presented to `/v1/refresh` indefinitely, minting fresh 8h tokens long after the user clicked "log out". We now invalidate the session row so refresh + subsequent requests both fail closed.
curl -X POST '/api-proxy/v1/auth/logout' \
-H 'Authorization: Bearer <YOUR_TOKEN>'No response body documented
curl -X POST '/api-proxy/v1/auth/logout' \
-H 'Authorization: Bearer <YOUR_TOKEN>'No response body documented