Tenant-scoped administration. Only visible to IDC staff.
Create a blank project or upload + commit a .neomimport file.
Tenant directory, role assignments, MFA, deactivation.
Last-active, login history, online-now badges per user.
Browse runtime errors logged into the errors table.
Inspect and retry background jobs.
AR/AP integration: connect, account map, draft review.
M365 SSO + Cloudflare inbound + ACS outbound configuration.
Scaffold only — operator-deferred indefinitely (2026-04-28). Do not build further.
Every state-changing action across the tenant. Tenant-scoped via RLS.
Capability matrix per role. Read-only matrix today; per-tenant overrides land next.
Tenant-scoped capability overrides on top of role defaults. Create + edit grants / revokes per role, gated on workspace.settings.update.
Tenant-wide counterparty register (head contractor, subs, vendors, consultants, clients). Create / edit / archive companies; per-project register at /projects/[id]/companies deep-links here.
Grant the finance.read_full capability without writing SQL. Toggle Financial Controller / Finance Officer membership per user to widen / narrow access to AP / AR finance routes.
In-app notification inbox. Sibling to the email outbox; watchdogs dual-write.
Outbox rows that exceeded the retry budget. Inspect last_error, requeue or archive after a fix.
Addresses we won't send to (hard bounces, complaints, manual opt-outs). Add / lift entries with an audit trail.
Recurring report digests routed to project distribution lists. Pause / resume per subscription.
Every .neomimport snapshot committed. Browse run metadata, per-kind insert counts, and live entity totals.
OAuth handshake + ledger pick-list for the AR/AP integration. Owner: admin.integrations.
Per-tenant Xero account codes for AR/AP dispatcher. Four scopes (head_contractor, subcontractor, retention, expense). Gated on workspace.settings.update.
Tenant Entra app + Graph mail permission grants for outbound + inbound email and SSO.
Custom App Client Credentials connection status per environment, recent sync activity from procore_sync_log, paste-ready operator instructions, sanity-test launcher.
APS forge tokens + Model Derivative bucket config for the BIM viewer pipeline.
Invoice + delivery-docket OCR jobs feed. Inspect queue depth, retry stuck batches, view confidence scores.
Per-user time-on-task, follow-up debt, and assistant-action accept rate. Tenant-wide ranking; drill into individuals.
Outbound HTTPS webhooks fired on domain events. Create, sign with shared secret, replay failed deliveries.
Six-step new-tenant setup (identity, retention, working hours, first project, invites). Resumable; gated on workspace.settings.update.
Workspace-wide WBS template + default Xero mapping; applied to projects on creation.
Editable daily-checklist templates per role (PM, Site Super, Commercial Lead, etc.).
Branding, default permissions, retention rules, feature flags, tenant timezone + currency defaults.
Workspace-wide Anthropic spend today. Pool % used, top spenders, who's near their personal cap.
Per-tenant Anthropic cost caps (per-user daily, tenant daily, max tokens per call) plus today's usage progress bar and the latest 20 assistant_calls rows.
Every client-side showToast() emission grouped by (surface, kind). Confirms users are seeing toasts and surfaces the noisiest failure spots.
Attention Score ranking across active projects.