We’ll send a single-use sign-in link to your work email.
Sign-off operations require a fresh re-authentication challenge bound to the specific attempt, never just an active session. (See docs/05-governance.md.)