Dev-only · audited Simulated super_dev_admin console · not a production auth surface · "super admin bypasses login auth" is explicitly prohibited.
Super Admin Dev Console / Governance overview · 2026-05-19
PromptOps Audit export SD

super_dev_admin · authenticated normally · dev-only impersonation under separate gate

Governance posture & substrate health.

No production credentials, accounts, or PHI surface here. Every action emits an audit entry; impersonation is dev-environment-only.

Tenants (dev)

3

Provider Group Demo + 2 sandboxes flat

Active roles

6

in the dev surface flat

PromptOps gates (lane)

17

commercial-architecture-v2 + deployment +1

Audit entries (24h)

68

across 4 ledgers +12

Active deployments

1

Cloudflare Pages dev preview stable

Production posture

Closed

no live PHI, no autonomous decisioning enforced

Ledger separation

Default-deny across ledgers · cross-ledger references shown as controlled IDs only

Open ledger map →
Ledger 1

Clinical / CPT

Care documentation · review state · clinical workflow · provider review.

42 entries

last 24h · all human-reviewed

Ledger 2

Commercial / Provider Invoice

Commercial revenue scope · provider invoice surface · not clinical billing.

6 entries

last 24h · cross-ledger refs controlled

Ledger 3

Workforce / Payroll

CHW activity time · supervision · no CPT generation.

11 entries

last 24h · isolated from clinical ledger

Ledger 4

Platform / Auth / Audit

Identity · permission · consent state · audit emission.

9 entries

last 24h · audit envelope is global

All ledger counts are synthetic. No real clinical, commercial, workforce, or auth records appear here.

Roles & permissions

Default-deny · assignment-aware · audit-emitting

Map view →
RoleScopeSurfaceAudit
super_dev_adminDev tenant onlyThis console + audited impersonationAlways emit
super_adminTenant-scoped admin (future)Admin portal (future gate)Always emit
provider_userProvider Group DemoProvider command centerAlways emit
chw_userAssigned panel + visitsCHW field workflowAlways emit
biller_userCommercial ledger onlyProvider-invoice surface (future)Always emit
beta_applicantRead-only · pending approvalRegistration sandboxLimited

Dev-only audited impersonation

Not production auth · gated by separate sealed authorization

dev only

The super_dev_admin role authenticated normally to reach this console. From here, they may temporarily walk a tenant's workspace under a non-production policy. Every impersonation step emits an audit-ledger entry and is disabled when the environment is production.

Audit emission required Production allow (forbidden by default) PHI redaction enforced

"Super admin bypasses login auth" is explicitly prohibited. The safe pattern is normal authentication + dev-only audited impersonation under a separately authorized non-production gate.

PromptOps gate trail

Commercial-architecture v2 + deployment lanes

Open lane →

Commercial architecture bounded authorization (a9b7a79)

sealed · authority for v2 implementation

Bounded implementation execution (29098a4) → visual review PASS (9058a53)

15-path envelope · operator visual-review PASS recorded

PR #12 merge (da55793) → post-merge mainline closure (dec9479)

commercial website v2 live on main

Cloudflare Pages planning → bounded authorization → Wrangler amendment → account-custody amendment

5b95343 → 4968684 → e1bca89 → 975bbce · all sealed on main

Deployment execution + portal prototype v2

in flight · static site on Pages · simulated portals authored

Custom-domain migration planning

future · separate gate · joypartners.health rebind decision

Deployments

Cloudflare Pages · static envelope

All releases →
SurfaceStatusUpdated
Public website + portalsjoypartnersos-public-website.pages.devLivemin ago
www.joypartners.healthexisting app · not in this laneWorkers app
app.joypartners.healthReserved
admin.joypartners.healthReserved
api.joypartners.healthReserved

Feature flags (simulated)

Dev preview only · no live runtime gates

Manage →
FlagEnvStatusOwner
telehealth.broadcastdevprovider_user
smart_visit.barrier_capturedevchw_user
referral.partner_portaldevpartner
billing.commercial_ledger_writesbiller_user (future)
admin.impersonate_in_productionlocked · sealed gate required

Audit feed

Live tail · 24h · ledger-tagged

Open feed →
WhenActorActionLedgerEvidence
14:38ZOperator ConsoleHybrid note staged for sign-offClinical / CPTREF-EV-0042
14:21ZAudit emitterConsent state updatedPlatform / Auth / AuditREF-EV-0043
14:14ZOperator ConsoleCPT candidate stagedClinical / CPTREF-EV-0042
14:08ZProvider Group DemoHybrid note openedClinical / CPTREF-EV-0042
14:02ZCHW Team Member 03Smart visit capturedClinical / CPTREF-EV-0042
13:42ZCHW Team Member 03Vital-sign flag raisedClinical / CPTREF-EV-0045
13:24ZWorkforce ledgerTime block logged (3.4h smart visits)Workforce / Payroll
12:55ZNetwork Partner AReferral acknowledged · REF-0001Platform / Auth / Audit
PHI-minimized metadata only · raw transcripts / audio stay under custody Synthetic feed

Super Admin Dev Console · simulated · audited impersonation requires its own sealed gate · super-admin-bypass-of-login is prohibited.