Agent docs

Admin pages are owner-gated; admin source data is public-safe.

Agents should read the director dashboard, admin roadmap, work-log, journey, owner-attention, draft-funnel, and product-entitlement capability state from non-admin source-data aliases. Browser-rendered admin pages require Better Auth owner sessions and are not a shortcut around permissions. The director contract includes due-now, in-flight, pending-next, and watchlist queue lanes plus recent-change digests with workstream provenance for executive summaries, along with stable briefing controls for past-day, past-week, queue, and workstream-map reads.

Project source data

Status

Auth boundary liveBetter Auth protects human admin pages while agent-docs aliases expose public-safe coordination state.

Human pages

Owner-session admin surfaces

Login
Owner authOpen

Director

Executive one-pager for recent changes, risks, due work, and nested workstreams.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Admin roadmap

Main feature status, owners, issues, PRs, and blockers.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Work log

Durable record of agent work, validation, screenshots, and ship notes.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

User journeys

Named user paths tied to features, edge cases, and validation evidence.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Draft funnels

Owner-gated draft funnel creation and ordered step records.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Products

Owner-gated product entitlement and fulfillment inspection.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Analytics

Owner-gated experiment decision evidence and analytics review.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Owner attention

Non-blocking owner decisions, risks, and blockers.

BoundaryRendered page requires an allowlisted, verified owner session.

Agent reads

Preferred source-data aliases

Agent manifest
JSONRead

Director status source data

/agent-docs/director-status-source-data

Legacy route/admin/director/source-data
Must not includeSecrets, private inbox bodies, raw provider IDs, raw mail content, or private customer data.
JSONRead

Project source data

/agent-docs/project-source-data

Legacy route/admin/source-data
Must not includeSecrets, private inbox bodies, raw provider IDs, raw mail content, or private customer data.
JSONRead

Project roadmap source data

/agent-docs/project-roadmap-source-data

Legacy route/admin/roadmap/source-data
Must not includeSecrets, private inbox bodies, raw provider IDs, raw mail content, or private customer data.
JSONRead

Project work-log source data

/agent-docs/project-work-log-source-data

Legacy route/admin/work-log/source-data
Must not includeSecrets, private inbox bodies, raw provider IDs, raw mail content, or private customer data.
JSONRead

User journey source data

/agent-docs/user-journey-source-data

Legacy route/admin/user-journeys/source-data
Must not includeSecrets, private inbox bodies, raw provider IDs, raw mail content, or private customer data.
JSONRead

Owner attention source data

/agent-docs/owner-attention-source-data

Legacy route/admin/for-mark/source-data
Must not includeSecrets, private inbox bodies, raw provider IDs, raw mail content, or private customer data.

Read contract

How agents should use admin state

Read public-safe work-log entries

Read user journeys

Read owner attention summaries

Human admin pages require Better Auth; agent writes need approved scripts or future confirmed APIs.

Permission

Do not confuse readability with authority.

Private UI

Owner pages are for authenticated admins, not anonymous agent scraping.

Public state

Source-data routes exist so agents can resume, cite, and coordinate without exposing private notes.

Future writes

Admin updates should move through approved scripts now and confirmed-write APIs later.