B2C.tel · tenant operations

AI automation

tenant isolatedrelease 9b49c58Public siteSuperadminStudio

Live tenant-scoped functionality

Tenant AI automation records

Agent clients and execution logs scoped to this tenant.

Admin tenant context: PAN · pan.pet · active

empty

Visible records

0

Live Sanity records returned for this workstream.

Tenant

PAN

Resolved from current admin host and Sanity site registry.

Open canonical Studio Edit the tenant records in Sanity Studio.Configured Studio host External Studio host. Check the functional action center status before relying on it for editor work.Open public site View the public tenant website.Open superadmin registry Review cross-network tenant configuration on the canonical command center.

Live records

0 returned · values are scoped and secret-safe

No live records returned for this workstream. This is a true empty state only when the status is empty; otherwise follow the diagnostics above.

Functional action center

Tenant AI automation controls

This module uses authenticated dashboard workflows and diagnostic envelopes instead of placeholder copy. It can read, create, moderate, or launch the correct provider surface depending on this workstream's guardrails.

empty

Deny-by-default access

Agent gateway status

Loading live provider state…

POST dispatch requires a bearer token. The dashboard intentionally does not collect or store that secret; operators should put it in provider secret storage and use scoped automation clients.

Audit scope

Visible agent records

No records match this filter. Empty means empty, not magic. Very enterprise.

← Back to admin dashboard

Tenant AI governance

Tenant AI automation controls

Manage tenant-safe external agent clients, approved workflows, draft-only permissions, and activity logs.

policy gated

Purpose

This surface lets tenant admins use approved automation without receiving cross-tenant access or privileged capabilities.

Capabilities

  • Tenant-scoped agent client registry
  • Allowed tool/workflow visibility
  • Draft-only vs publish permission model
  • Agent activity logs
  • Deny-by-default gateway status

Operational workflows

  • Review approved tenant workflows.
  • Inspect policy denials and logs.
  • Request elevated capabilities from superadmin.
  • Keep content generation draft-first.

Guardrails

  • External agents require scoped credentials.
  • Default policy is deny-by-default.
  • Privileged actions require superadmin policy and audit records.

API/schema contracts

These are technical contract references, not dashboard navigation. Protected APIs require authentication and may return JSON envelopes such as unauthenticated when opened directly.

/api/agent/gatewayintegrationClient schemaagentExecutionLog schema

Use the dashboard workstream pages for human workflows. Use these contracts only from authenticated clients, tests, cron jobs, or approved agent integrations.

Next implementation actions

  • Add tenant token management UI after auth is finalized.
  • Add rate/budget display.
  • Add approval request workflow for privileged capabilities.