Role-aware admin surfaces for founders and owners.

Toggle to render the correct lens (Founder = system, Owner = client boundary).

Descriptive view of uptime, queues, and evidence ledger integrity.

Program statuses, scan density, compliance, and evidence checks by client/program.

Critical changes require 2 approvals (founder + owner). Append-only log.

Secrets are fetched at runtime from env/vault. No plaintext shown.

Recent privileged actions (read-only snapshot).