pozylon updated the API auth flow to drop the jsonwebtoken dependency in favor of jose, making JWT signing/verification async and updating middleware accordingly. The logoutAllSessions mutation was simplified to return only a success response (schema + tests updated), and ACL sensitive action prefixes were tightened (e.g., manageUser/updateUser/createUser).