Bumpgradepublisher growth OS

Agent docs

Admin pages are owner-gated; admin source data is public-safe.

Agents should read admin roadmap, work-log, journey, Mark-attention, draft-funnel, and product-entitlement capability state from source-data contracts. Browser-rendered admin pages require Better Auth owner sessions and are not a shortcut around permissions.

Admin source data

Status

Auth boundary liveBetter Auth protects human admin pages while source-data routes expose public-safe coordination state.

Human pages

Owner-session admin surfaces

Login
Owner authOpen

Admin roadmap

Main feature status, owners, issues, PRs, and blockers.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Work log

Durable record of agent work, validation, screenshots, and ship notes.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

User journeys

Named user paths tied to features, edge cases, and validation evidence.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Draft funnels

Owner-gated draft funnel creation and ordered step records.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Products

Owner-gated product entitlement and fulfillment inspection.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

Analytics

Owner-gated experiment decision evidence and analytics review.

BoundaryRendered page requires an allowlisted, verified owner session.
Owner authOpen

For Mark

Non-blocking decisions, risks, and blockers Mark should not miss.

BoundaryRendered page requires an allowlisted, verified owner session.

Agent reads

Public-safe source-data routes

Agent manifest
JSONRead

/admin/source-data

Public-safe admin state for agents and future MCP resources.

Must not includeSecrets, private inbox bodies, raw provider IDs, raw MIME, or private customer data.
JSONRead

/admin/roadmap/source-data

Public-safe admin state for agents and future MCP resources.

Must not includeSecrets, private inbox bodies, raw provider IDs, raw MIME, or private customer data.
JSONRead

/admin/work-log/source-data

Public-safe admin state for agents and future MCP resources.

Must not includeSecrets, private inbox bodies, raw provider IDs, raw MIME, or private customer data.
JSONRead

/admin/user-journeys/source-data

Public-safe admin state for agents and future MCP resources.

Must not includeSecrets, private inbox bodies, raw provider IDs, raw MIME, or private customer data.
JSONRead

/admin/for-mark/source-data

Public-safe admin state for agents and future MCP resources.

Must not includeSecrets, private inbox bodies, raw provider IDs, raw MIME, or private customer data.

Read contract

How agents should use admin state

Read public-safe work-log entries

Read user journeys

Read Mark attention summaries

Human admin pages require Better Auth; agent writes need approved scripts or future confirmed APIs.

Permission

Do not confuse readability with authority.

Private UI

Owner pages are for Mark and authenticated admins, not anonymous agent scraping.

Public state

Source-data routes exist so agents can resume, cite, and coordinate without exposing private notes.

Future writes

Admin updates should move through approved scripts now and confirmed-write APIs later.