Admin Site

The Admin Site provides system administration capabilities for the Tech Strategy Tool. It is restricted to users with the admin role and covers user management, team setup, event log inspection, and history restore.

URL: https://localhost:5001/admin (development)

Logging In

Navigate to the Admin Site URL. You see a login form. Only users with the Administrator role can access the Admin Site. If you log in with an editor or viewer account, you are immediately logged out with an “Administrator access required” message.

Development credentials

In development mode, use admin/admin to access the Admin Site.

Layout

After login, you see three tabs in the navigation header:

• Users — Manage user accounts and roles
• Teams — Create and configure teams
• Event Log — View all system events and perform restores

The header also shows the connection status indicator, current user badge, and logout button.

User Management

Viewing users

The Users page displays a table of all user accounts with:

• Username
• Role (displayed as an inline dropdown for other users)
• Created date
• Delete action

Self-protection

Your own row displays a “you” badge instead of the role dropdown and delete button. You cannot change your own role or delete your own account. The server enforces these restrictions even if someone crafts a request directly — self-demotion and self-deletion are rejected with a 400 response.

Creating a user

1. Fill in the Create User form above the table:
   • Username — must be unique
   • Password — the user’s initial password
   • Role — select viewer, editor, or admin
2. Click Create User
3. The new user appears in the table and can immediately log in

Changing a user’s role

Click the role dropdown on any user’s row and select the new role. The change takes effect on the user’s next request.

Role change timing

Active sessions are cached for up to 5 minutes. A role change may take up to 5 minutes to take effect for a currently active user. For critical situations, you can delete the user and recreate them, which immediately invalidates all their sessions.

Deleting a user

Click the delete button on a user’s row. A confirmation dialog appears noting that this will delete the user and terminate all their active sessions. The user is logged out immediately across all devices.

Password management

Administrators create the initial password when creating a user account. Users change their own passwords via the POST /api/auth/change-password API endpoint.

Team Management

Viewing teams

The Teams page displays teams as color-coded cards showing the team name, color bar, and hex color code.

Creating a team

1. Enter a team name
2. Pick a color using the color picker
3. Click Create Team
4. The new team appears immediately and becomes available in the Strategy Site for all users

Editing a team

Click the edit button on a team card to rename the team and change its color. Save both changes in one action. Changes are reflected in the Strategy Site in real time — connected users see the team name and color update.

Deleting a team

Deleting a team is the most destructive operation in the system. It permanently removes the team and all of its principles, groups, objectives, and initiatives.

Cascading deletion

Deleting a team permanently destroys all strategy content associated with it. This cannot be undone except by using the restore feature. Principles in other teams that were originally copied from the deleted team are unaffected — cross-team copies are independent entities.

To prevent accidental deletion, the confirmation dialog requires deliberate action:

1. Click delete on the team card
2. A modal dialog appears warning about the cascading destruction
3. Type the word DELETE (exactly, in uppercase) into a text field
4. The delete button is only enabled once the confirmation text matches
5. Click confirm to proceed

Event Log

Viewing events

The Event Log page displays a paginated table of all events across the entire strategy, newest first:

Column	Description
Seq #	The event’s sequence number in the global log
Timestamp	When the event was processed
Actor	The user who submitted the event
Event Type	The type of event (e.g., update_name, create_entity)
Description	A human-readable summary of the event
Status	Badge showing Applied (green) or Rejected (red)

Use the pagination controls to browse through history. The log updates in real time — new events appear as they are processed by other users in the Strategy Site.

Restoring to a previous state

The restore feature lets you roll the entire strategy back to a previous point in time. This is the “undo everything since then” tool — useful for recovering from accidental changes or testing scenarios.

How to use it:

1. Browse the Event Log to find the point you want to restore to. Each row shows what changed, who did it, and when.
2. Click the Restore button on the event row that represents the last change you want to keep. Everything after this event will be undone.
3. A confirmation dialog appears, clearly stating the target sequence number and that this will overwrite the current strategy state.
4. Confirm the restore.

What happens:

• The system reconstructs the strategy document as it existed at that sequence number
• The current in-memory state is replaced with the historical state
• A new checkpoint is saved immediately
• A restore_history event is recorded in the log
• All connected users see their views refresh automatically

Restore is non-destructive to the log

Restoring does not delete any events. The events that were “undone” still exist in the log for audit purposes. A new restore_history event is added on top. You can even restore to a point before a previous restore.

System-wide operation

Restore affects the entire strategy across all teams, not just one team or entity. Coordinate with your team before restoring, especially during active editing sessions.

Safeguards

The Admin Site uses friction-adding mechanisms proportional to the blast radius of destructive actions:

Action	Safeguard	Blast radius
Delete user	Confirmation dialog	Single user, their sessions
Change role	Inline dropdown (immediate)	Single user’s permissions
Delete team	Type “DELETE” to confirm	All team content destroyed
Restore history	Confirmation with sequence number	Entire strategy state replaced

General philosophy: Destructive actions require explicit, deliberate confirmation. The tool does not use simple “Are you sure?” dialogs for high-impact actions. All destructive actions are recorded in the event log for accountability.

Security Considerations

As an administrator, be aware of:

• Team deletion is the most destructive action — the “DELETE” confirmation exists for a reason
• Role changes may take up to 5 minutes for active sessions due to caching
• Restore affects all users immediately — coordinate before restoring during active editing
• User deletion cascades to sessions — the user is logged out across all devices immediately
• All admin actions are recorded in the event log and are visible to other administrators