Admin Platform
Platform admin features manage users, AI access, core rules, and ingestion settings. They are separate from campaign DM permissions.
Backend
Primary files:
server/app/routers/admin.pyserver/app/deps.pyserver/app/config.pyserver/app/serializers.pyserver/app/schemas.py
Admin access is User.isAdmin, with environment-admin protection from
ADMIN_EMAILS. Environment admins cannot be demoted or deleted from the admin
UI.
Frontend
Primary file:
web/src/screens/PlatformSettings.tsx
The admin UI includes user management, core-rule uploads, usage policy editing, and ingestion settings.
User Management
Admins can:
- List users.
- Promote/demote platform admins.
- Delete users when they do not own campaigns.
- Grant/revoke AI access for non-admin users.
Admin users implicitly have effective AI access even if the raw aiAccess flag
is false.
Core Rules
Admins can upload, download, re-index, process, rename, set usage policy, and delete core-rule documents. Core-rule files are stored privately.
Ingestion Settings
Settings exist per source type (core, campaign) and control extraction
method, chunk max chars, and overlap. The backend clamps invalid values and
returns stable DTOs for the UI.
Change Checklist
- Gate all admin routes with
require_admin. - Protect environment admins.
- Keep core-rule storage private.
- Reflect raw versus effective AI access correctly in serializers.
- Update campaign core-source behavior when core-rule usage changes.