requiresStepUp
Requires the calling session to hold a fresh step-up grant for the named policy scope. When no grant exists, the directive returns a typed GraphQL error (extensions.code = "STEP_UP_REQUIRED") so the dashboard's stepUpErrorLink can open the StepUpModal automatically and retry on success.
ttlSeconds and consumeOnFirstUse are advisory — the server enforces the policy in internal/authz/stepup.PolicyForScope; the arguments here document the intent at the resolver site for code review.
directive @requiresStepUp(
scope: String!
ttlSeconds: Int = 300
consumeOnFirstUse: Boolean = false
) on FIELD_DEFINITION