id.didi.sh is live — the full loop, clicked
DNS validated, the Let's Encrypt cert issued, and the operator clicked a production magic link end to end: an email from no-reply@didi.sh, the scanner-proof /access confirm page at https://id.didi.sh, and a didi_session cookie scoped to .didi.sh. The platform's one-login promise works in production, on the canonical URL, same day the domain was bought.