import type { SessionOrNull } from "@public-web-portals/shared";

/**
 * Placeholder session. Replace with OIDC/OAuth 2.0 when identity provider is configured.
 * TECH_POLICIES: use httpOnly cookies / secure token storage.
 */
export async function getSession(): Promise<SessionOrNull> {
  // TODO: read session from cookie or header (e.g. NextAuth, OIDC)
  return null;
}