Management panel.

The management panel at /manage/* is a platform operator dashboard for managing tenants, billing, and reviewing audit logs. It is protected by Cloudflare Access with full JWT verification.

Authentication

Management routes verify the Cf-Access-Jwt-Assertion header:

1. Cloudflare Access: Handles the login flow and issues a signed JWT
2. JWT verification: Concierge fetches the team's JWKS, verifies the RS256 signature, checks the aud claim against CF_ACCESS_AUD, and extracts the email

Anyone with a valid Access JWT (matching your Access policy) is authorized. Scope access via your Cloudflare Access policy.

Dashboard

The main dashboard (/manage) shows:

• The authenticated operator's email
• Total tenant count
• Links to tenant management, billing, and audit log

Tenant Management

At /manage/tenants, operators can:

• List all tenants with their email, plan, and creation date
• View individual tenant details including connected accounts
• See a tenant's billing state (credits remaining, used, granted)
• Grant free reply credits to a tenant

Billing Controls

At /manage/billing, operators can:

• View credit packs: See all defined packs with their reply counts, prices, and status
• Create packs: Add new credit packs with name, reply count, INR price, USD price, and sort order
• Update packs: Edit existing pack details
• Activate/Deactivate packs: Control which packs are visible to tenants
• Delete packs: Remove packs entirely
• Grant credits: Give free reply credits to a specific tenant (at /manage/billing/grant/{tenant_id})

Persona Catalog

At /manage/personas, operators curate the platform‑wide catalog of persona archetypes that the public demo persona picker and the tenant onboarding wizard read from. Each row is a slug + label + description + a serialized PersonaSource (the editable middle, either builder with archetype + sample business fields or custom raw text) + a greeting + a safety verdict.

• List: every row, including drafts and rejects. Tenants and the public demo only see approved rows.
• Create / edit: the same builder fields a tenant fills in (voice archetype, business name + type, city, goal, catch‑phrases, off‑topics, handoff conditions). Every save resets safety_status to draft and enqueues a SafetyJob on SAFETY_QUEUE keyed by slug. The classifier's verdict (approved or rejected with a vague user‑facing reason) lands back on the row.
• System rows: rows with is_system=1 are undeletable. The seed migration ships one — concierge — which powers the homepage live demo.
• Audit: create_persona, update_persona, delete_persona all write to the audit log with the actor email and the slug.

Audit Log

At /manage/audit, operators can review a chronological log of all management actions. Each entry records:

Field	Description
actor_email	The operator who performed the action
action	What was done (e.g., grant_replies, create_pack, update_pack, delete_pack)
resource_type	The type of resource affected (e.g., billing, credit_pack)
resource_id	The specific resource identifier (optional)
details	JSON payload with action-specific details
created_at	Timestamp

The audit log shows the most recent 100 entries.

Setup

1. In the Cloudflare dashboard, go to Zero Trust > Access > Applications
2. Create a Self-hosted application with the path your-domain/manage* (no slash before the asterisk)
3. Copy the Application Audience (AUD) Tag from the application overview
4. Set CF_ACCESS_TEAM (your team name) and CF_ACCESS_AUD as plain‑text variables in Workers › concierge › Settings › Variables and Secrets
5. Add a policy allowing the emails that should have management access
6. Deploy with wrangler deploy