Settings
Workspace settings stay separate from API token secrets.
Team, billing contact, identity mode, and security settings are modeled here.
Workspace
Active user
Not signed in
Email/password login is active with signed httpOnly dashboard sessions.
Security checklist
Admin bootstrap key is server-onlyToken hashes never leave the APIGoogle SSO supportedSecret-store decision pending
Danger zone
Workspace deletion should stay disabled until support, billing, and audit-retention policy is finalized.