One other question I thought about as well is CSRF token validation specific to Inertia/server-side rendered frameworks? I haven't come across that before while working mostly client side while submitting data.

Awesome thanks for your explanation 😀

When it comes to setting up authentication with Adonis but in the case of only using Adonis as your BE I am assuming it's the same steps but skipping the Inertia steps such as the GETs for the views? Also out of curiosity if you are using a client-side react app with Session Guard I am assuming you are doing no validation in terms of client-side validation for auth but instead relying on the response back from Adonis via an API call and letting the server manage the auth session?