Admin workspace: auth and RBAC required before production accessCashouts and settlements remain backend-approved onlySchool and employer admins are represented in approval workflowsTreasury is read-only from the browserAudit logs required before mutation routes are enabledAdmin workspace: auth and RBAC required before production accessCashouts and settlements remain backend-approved onlySchool and employer admins are represented in approval workflowsTreasury is read-only from the browserAudit logs required before mutation routes are enabled
Mutation guard onRBAC requiredTreasury read-only
Workspace navigation
Operator login

Authentication form placeholder

The form is intentionally disabled until a secure server-side auth route is connected. This avoids implying that browser-only authentication is protecting the admin portal.

Required
Credentials are submitted only to the server-side auth endpoint.

Launch guardrails

Access readiness

Production access depends on these controls being connected server-side.

Server-side sessionsRequired

Connect secure session storage before accepting credentials.

Role permissionsPrepared

Super admin, finance, compliance, support and external admin roles are modelled.

Mutation guardProtected

POST and PATCH routes stay disabled until RBAC and audit logs are enforced.

Wallet signature loginPlanned

Future Polygon wallet challenge-response flow can be added after core auth.