Admin Control Center

Session-gated admin shell for `admin.cardoso.uk` capabilities. Write actions remain closed by default and only open in approved windows.

Read-Only-First Mode

Routing: `admin domain` -> `website` service (`/admin.html`)

Mode: Session-gated telemetry with write windows closed by default

Safety: Existing `www/play/banker/chat` routes remain unchanged

Admin Session: Checking...

Token Source: `localStorage.empire_admin_token`

Runtime Write Gate: Checking...

Content Write Gate: Checking...

Customization Write Gate: Checking...

Finance Write Gate: Checking...

RBAC Source: Checking...

Content Capabilities: Checking...

Runtime Capabilities: Checking...

Customization Capability: Checking...

Finance Capability: Checking...

Open Banker Login

Teams

Awaiting auth

Bookings

Awaiting auth

Tickets

Awaiting auth

Payments Enabled

Awaiting auth

Customers

Awaiting auth

RBAC Role

Awaiting auth

Audit Feed

Awaiting auth

Finance Net

Awaiting auth

UI Settings

Awaiting auth

Content Pages

Awaiting auth

Runtime Mode

Awaiting auth

Active Teams

Awaiting auth

[init] ready

Quick Start (5-Min Check)

Use this to prove the panel is working end-to-end without changing live data.

Click Refresh Telemetry and confirm Admin Session: Verified.
Check both gates show CLOSED (Default) for safe read-only mode.
Click Run Proof Check and review PASS/FAIL lines in the log panel.
In Event Snapshot and Team Runtime Snapshot, test filters + paging + Details.
Click Clear Admin Token to confirm access blocks, then use Open Banker Login to restore.

Access

Admin session validation now gates telemetry. RBAC mutation controls remain disabled in this phase.

Status Legend

Quick reference for interpreting session/gate/capability lines.

RBAC Source: `admin_roles` means explicit role record was found; `legacy` means fallback allow mode is active.
Gate CLOSED: write actions are blocked even if capability is `YES`.
Gate OPEN: write actions still require capability `YES` and valid state transitions.
Capability YES: your role is allowed for that action when gate/state checks also pass.
Capability NO: action remains disabled regardless of gate state.

Events

Event/team runtime controls expose read-only snapshots by default; mutation controls stay disabled pending explicit approval gates.

Theme

Theme/content controls remain disabled here; read-only customization summary is now visible via `UI Settings` telemetry.

Awaiting auth

Customization actions locked (write window closed)

Finance

Bookkeeping module with Jersey-aligned ledger reporting. Write actions are gated and audited.

Add entries with reason + preview first. Use receipt references for invoices/bills.

Awaiting auth

Report context unavailable

Finance actions locked (write window closed)

Add Ledger Entry

Gated

Reconciled

Reason required. No PII in notes/source.

Awaiting auth

Content & Legal

Planned managed editing for public rules, privacy policy, terms, and support copy with preview + staged publish.

Guardrail: immutable change log + rollback snapshot before publish.

Awaiting auth

Content actions locked (write window closed)

Event Snapshot

Read-only list of current event context.

Awaiting auth

Actions locked (write window closed)

Team Runtime Snapshot

Read-only list of recent team runtime states.

Awaiting auth

Registered Customers

Read-only registry of customer accounts and onboarding/email status.

Awaiting auth