Run the platform end to end: manage users, act as any account, watch live health and usage, and reach out to customers who need help — all from the internal staff surfaces.
Who this is for: CoverGuard staff only (internal super-admins). Customers never see these pages. See also the CoverGuard Admin persona guide.
Getting in
Sign in with your validated `@coverguard.io` email — you're auto-elevated to super-admin (email verification required). The Observability tab and the platform `/admin` pages then appear. Customers never see either.
Platform admin (/admin)
- Stats (
/admin) — system-wide stats. - Users (
/admin/users) — list/search users; change persona (not to/from admin roles);
Act as a user; provision a user's AI key.
- Usage (
/admin/usage) — top endpoints, p95/p99 latency, error rates, top error codes,
function stats, AI usage by source (BYOK vs managed cost), and the activation funnel by persona.
- API-key approvals — approve/suspend partner keys (the
KEY_NOT_APPROVEDgate). - Demo accounts (
/toolkit/demo-accounts) — list / (re)provision seeded demo accounts. - Agent rules — Sys Admin → Feature Flags → Rules: override out-of-the-box agents'
objectives for future installs.
Act-as (impersonation)
- From `/admin/users`, click Act as on a user.
- You now see and operate their exact account (an overlay — you keep your own login). A
banner shows who you're viewing.
- Click Exit in the banner to stop.
Rules: you can't act-as a peer super-admin; act-as always uses the managed AI key (never the target's BYOK); start/stop are audited.
Observability (PlatformPulse, /observability)
One consolidated dashboard (inside the normal app chrome):
- Overview — event counts, error rate, active users, by-area/by-source.
- Trends — time-series from the 5-minute rollups.
- Health — composed component health (DB, ingest, error rate, AI key).
- Focus feed — users to flag now, from real signals (dunning, error bursts, carrier
exits).
- Events — recent raw events; per-user timelines.
- SLO — error rate, availability, p95.
A synthetic full-screen prototype is available at ?view=prototype.
Staff → user outreach (from the Focus feed)
- On a Focus row, AI-draft a message (managed key, guardrail-screened; it **never
auto-sends**).
- Review/edit it.
- Send — it's persisted, the user is notified (and optionally emailed).
Recipients can opt out (the send path returns RECIPIENT_OPTED_OUT for them). Draft and send are rate-limited per staffer. Every Focus action is logged.
Activity history (audit)
One append-only history of meaningful user and property actions, queryable by user, company/team, property, event type, and time window. It answers "what did this user / company / property actually do?" — the audit spine behind support and compliance questions.
Troubleshooting
See Admin & staff tools troubleshooting.
- Admin/Observability 403 → staff email not yet verified, or role not elevated.
- Act-as blocked → target is a peer super-admin, or invalid.
- Empty AI usage / observability data → data accrues forward from when telemetry /
event ingest was enabled.
- Outreach send blocked → recipient opted out, or you hit the per-staffer rate limit.
Do this next
Start on the Observability Focus feed — it surfaces the users who need attention right now — then act-as one to see exactly what they see.
- CoverGuard Admin persona guide — your staff playbook
- AI Advisor & BYOK — provisioning a user's AI key
- Admin & staff tools troubleshooting