Skip to main content

Admin Console

V2 only — invite-only edition. This is part of AI Partner V2 and is not in the open-source V1 you self-host from the Quick Start. V2 is available now, by invite. See V1 vs V2.

What it is

When authentication is enabled (see Authentication), users with the admin flag get an extra sidebar item: the Admin Console. It is the operator view of a multi-user deployment — six tabs that answer what is happening, who is doing it, what does it cost, and what knowledge/skills are shared org-wide.

Regular members never see it; every endpoint behind it returns 403 for non-admins.

TabWhat it showsWhat admins can do
OverviewLive tiles (users, goals running, cost today, pending skill shares, pending approvals, failures last 24h) + a real-time activity feed of all users' lifecycle eventsClick a tile to jump to its tab
UsersMember list with join/last-login datesGenerate single-use invite codes (optional expiry), promote/demote admins, delete users
ActivityThe org-wide audit log — every tool call, auth event, goal, and security event across all usersFilter by user, category, severity, action; paginate
Usage & CostLLM spend aggregated per user (calls, tokens, cost, latency) for daily/weekly/monthly periodsSpot expensive users/workflows
Skill GovernanceSkills members have requested to share org-wideReview the full template, approve (re-runs the security scan — failing templates are auto-rejected) or reject with a reason; deprecate org skills back to private
Knowledge SourcesExternal sources (Notion / Slack / Google Drive) synced into the shared knowledge baseAdd/test/pause/delete sources, set schedules, trigger Sync now, see per-source status and errors
Agent AccessThe inbound Agent API (A2A) and outbound mesh toggles + external agent consumersEnable/disable inbound A2A, create consumers (service account + API key in one step), rotate/revoke keys, see per-consumer cost, export billing statements

The live activity feed

Admins' browser sessions join a dedicated socket room (admin:events). Lifecycle events from all users — goal started/completed/failed, sub-agents, approvals waiting, skill share requests, delegation updates, knowledge sync completions — stream into the Overview tab in real time, each attributed to its user.

High-frequency streams (message tokens, browser frames, reasoning traces) are deliberately not mirrored: the feed is an activity overview, not a firehose, and users' private content stays in their own rooms.


Skill Governance

The trust layer for org-wide skill sharing:

  1. A member clicks Share with org on one of their learned skills → it enters the pending queue (badge: pending review).
  2. The admin opens Skill Governance, views the full template (the exact script every user would be able to run), strategy, and provenance.
  3. Approve re-runs the code security scan; a failing template is automatically rejected with the reason. On success the skill becomes recallable by every member (badge: org).
  4. Reject records a reason the owner sees on their skill. Deprecate reverts an org skill to private (the owner keeps it).

Nothing is ever shared automatically — sharing requires both the owner's request and an admin's approval. See Skills for the member-side flow.


Knowledge Sources

Connect an external source once and its content syncs into the knowledge base on a schedule, searchable by every member (docs appear in their Knowledge view with an org badge; only admins can remove them).

Adding a source

  1. First connect the service's credentials under Integrations (Notion API key, Slack bot token, or Google Drive token) — syncing uses your credentials, stored encrypted per-user.
  2. Admin Console → Knowledge SourcesAdd Source.
  3. Pick the type and enter its identifier:
TypeIdentifierWhat gets synced
NotionDatabase ID (32-char ID from the database URL)Each page's properties + block text; changed pages are re-synced (no duplicates)
SlackChannel name (#handbook) or IDNew messages since the last sync, batched into timestamped documents
Google DriveFolder ID (from the folder URL)Text-extractable files (Docs, Sheets as CSV, plain text) modified since the last sync
  1. Test connection validates credentials + identifier before saving.
  2. Pick a schedule — every hour, every 6 hours, or daily — and save. The first sync runs shortly after.

Operating sources

  • Sync now runs immediately and shows stats (ingested / updated / skipped).
  • Pause/Resume stops the schedule without deleting anything.
  • Errors (e.g. an expired token) appear as a red chip with the message; the schedule keeps running and recovers when credentials are fixed.
  • Delete asks whether to also remove the documents the source ingested.

API

GET /api/admin/knowledge-sources # list with status + doc counts
POST /api/admin/knowledge-sources # {type, name, config, schedule_minutes}
PATCH /api/admin/knowledge-sources/:id # update config/schedule/enabled
DELETE /api/admin/knowledge-sources/:id?deleteDocs=true
POST /api/admin/knowledge-sources/test # validate a draft source
POST /api/admin/knowledge-sources/:id/sync # manual sync, returns stats

All admin endpoints live under /api/admin/* and require an authenticated admin.


Agent Access

The operator side of the Agent API: toggle Inbound Agent API (external agents with a key can run goals here) and Outbound Agent Mesh (this server may delegate to registered external agents), and manage consumers — each external customer gets a service account whose API key, workspace, usage metering, and 3-concurrent-goal cap are all isolated. Per-consumer monthly cost shows inline; Statement downloads a CSV (goals, calls, tokens, cost, by-model) for invoicing. Keys are shown exactly once at mint time and can be rotated or revoked at any moment.


Privacy model

The console is read-only across users (plus governance actions that change sharing state, never content). What admins see: activity metadata, usage numbers, skill templates submitted for sharing, goal lifecycle events. What admins do not see: members' chat content, message streams, browser screenshots, DM/phone proxy content — those stay in each user's own socket room and are never mirrored to the admin feed.