Secure operator access for the blended Universe platform.

Operational readiness

This control tower rolls package, domain, email, service, automation, identity, and usage health into one operator view.

Recent pressure and operator activity

Auth throttles and recovery freshness

Operator runbook evidence

Record drills here so recovery freshness stops living only in operator memory.

What the extraction already knows

Commercial baseline

Sellable bundles and add-ons

AI and automation pricing units

Current entitlement driver

Applying a package syncs the current workspace package subscription and grants plan-backed entitlements on the neutral Universe layer.

Upsert a sellable offer

Package offers can anchor a plan, include extra modules, and attach usage meters for AI or automation-heavy surfaces.

Workers AI orchestration map

Session and workspace resolution

Request a verification code first. In development, the code is also returned in the response.

Create a sellable workspace

Master-admin only. This creates tenant, workspace, owner membership, default package entitlements, branding, locale, domain, and email policy in one pass.

Default stack attached

Email-code, OIDC, Cloudflare Access, and enterprise SAML

Provider governance for bigger customers

Enterprise SSO provider records can be prepared now. Redirect login activation returns after the Ory bridge is wired.

Platform, tenant, and workspace white-label setup

Platform branding stays on Universe-owned hosts; tenant and workspace branding takes over on white-labeled runtime hosts.

Active theme, host behavior, and profile chain

Platform, tenant, and workspace language defaults

Locale defaults resolve through the same platform, tenant, and workspace chain used by branding and Wizer.

Active language chain and runtime fallback

Platform, tenant, and workspace AI behavior

This writes platform, tenant, or workspace prompt guidance into the shared Wizer layer without changing route selection.

Live profile chain reaching the worker

Neutral hostname inventory

Protected and editable records

Claim and assign routable domains

Claim the hostname first, then attach it to a tenant root, workspace root, or CMS domain.

Use `cms_primary` to project the claimed hostname into the current workspace CMS routing layer.

Manage only safe records

The backend blocks protected root and `www` routing records so platform hostnames stay hidden.

First extracted Info Global slice

Published and draft route inventory

This turns the imported CMS, publication, funnel, and domain data into an operator-facing launch checklist.

What still blocks public traffic

Open the battle-tested runtimes

The current Universe builder path preserves the proven Info Global runtimes instead of rewriting the page and funnel editing experience during the blend.

Preserve first, adapt second

Create or update routed brands

Use this to manage CMS labels and primary brand routing after the hostname is claimed in Domain Control.

Publish the current route shell

This writes the live route payload and normalizes landing-builder sections into the public CMS contract.

Localized CMS variants keep the same route and publish state while overriding user-facing copy for the selected locale.

Legacy and campaign path routing

Route old URLs without touching published pages

Use redirects for preserved campaigns, renamed pages, and launch aliases.

Resolved translation terms by locale

Wizer and future translation tooling will honor the active glossary chain once entries are saved.

Platform, tenant, and workspace terminology rules

Use glossary entries to keep Wizer, translations, and future localized slugs aligned on the same terminology.

Exact-match translation reuse by locale and context

Page and funnel localization writes will backfill exact-match translation memory here.

Save reusable source-to-target text mappings

Context types let the same source phrase resolve differently for page copy, funnels, and future editor-side translation tooling.

Media registry for the neutral builder layer

Register reusable media without tenant lock-in

This is the neutral asset inventory that future builder blocks and tenant themes can reuse.

Recent publish history across the workspace

Promote drafts and keep route history durable

Publish creates a durable snapshot and keeps the route path locked even if the page later returns to draft.

Route sequencing on top of the neutral CMS pages

Bind page paths into a sequenced offer journey

Steps can reference page IDs directly or page paths on the selected domain.

Locale-aware funnel overlays and step ordering

Override funnel copy and per-step routing metadata by locale

Use step localization JSON to reorder offers, localize offer keys, or attach locale-specific step metadata without cloning the base funnel.

Funnel-adjacent quiz inventory

Define quiz questions and results

Questions and results are optional but should be updated before publishing a quiz.

Latest quiz responses

What the public API will store

Live engagement telemetry

Baseline tracking contract

Behavior-triggered sequences

Define triggers and steps

Steps can reference template IDs or use webhook targets.

Managed providers, routing, and professional mail

Configure managed providers and backup routing

Provider governance is master-admin only. Tenants do not choose or see the backend provider chain.

Managed professional mail domain inventory

Attach managed mail to a governed domain

Platform-managed domains will lock Qbox MX/SPF and optional DMARC. Tenant-external mode leaves MX and sender policy under the customer.

Mailbox inventory for dashboard-native mail

Store mailbox inventory and optional vendor sync

Mailboxes default to API-enabled with vendor webmail disabled. Immediate vendor creation is optional and does not store the password in Universe.

Dashboard-native professional inbox

This inbox stays inside Universe. Vendor webmail remains disabled and hidden.

Selected mailbox thread

Automation messaging inventory

Store reusable email content

Templates stay tenant-owned, and delivery now resolves from workspace branding plus the active provider.

Latest automation triggers

Queue-first automation now runs through a recoverable execution layer before email delivery sweeps.

Queued or sent email activity

Use preview mode to validate branded sends before adding a live provider key.

Delivery blocks and recovery safety

Block sends without deleting automation

Suppressions turn matching outbox rows into skipped audit records instead of deleting queued automation history.

Protected delivery catalog

Create delivery records before checkout automation

This slice manages metadata and entitlements first. File upload automation can be added after the neutral pipeline settles.

Grant product and document access manually

Manual grants bridge the gap until checkout and member onboarding start issuing entitlements automatically.

What one member can access right now

This matches the public member-content flow that a verified member session can read from the public worker.

Neutral checkout catalog

Create products that issue member access

These products feed the live public checkout sandbox and automatically grant member product access after paid completion.

Live purchase records

Lead-first funnel inventory

Workspace-owned payment configuration

Keep checkout behavior and move key ownership into the workspace

Keep the provider inactive until both Stripe keys are ready. Empty fields will clear the stored values.

Credential changes without exposing stored secrets

Replace keys or re-seal existing secrets

Use this for key replacement or seal-key re-encryption. Blank fields preserve the current stored values.

One-click upsell and downsell inventory

Reusable payment methods captured from paid Stripe orders

Configure the one-click transition rules

This defines the reusable offer contract that the public one-click routes will execute.

Off-session Stripe baseline

Optional Veloxt service-pack operators

Customer service timeline inventory

Register dispatchable providers

Provider onboarding now uses the shared Universe flow; this form still supports direct operator edits.

Use the provider ID from the list above to move an application into review, verify it, or reject it.

Scheduled reminder automation now runs every 5 minutes. Use this as a manual override for the current workspace.

Create service orders manually or from a paid commerce order

If a commerce order is provided, customer and package fields can stay empty and Universe will bootstrap from the paid order.

Set windows and dispatch a provider

This controls the live shared service window, dispatch, reminders, and technician execution loop.

Attach before/after evidence to the customer timeline

Evidence now supports governed delivery URLs and audience-specific download policy on the live shared service layer.

Control who can see and download service evidence

These rules decide whether evidence stays downloadable, metadata-only, or hidden for each audience.

Retention controls can retire evidence access and delete expired R2 objects while keeping the audit record.

Route service milestones into the operator outbox

Routed events create dispatch rows and queued transactional outbox records for operator follow-up.