# Dashboard UI Gap Analysis — Hidden Features Not Exposed in Admin & User Dashboards > **Generated:** 2026-03-21 > **Scope:** Full workspace scan across platform-service (43 modules, 511+ endpoints), admin-web, user-dashboard-web, tracker-web, LysnrAI backend (7 modules), and extraction-service (2 modules). > **Goal:** Identify every backend feature/module that exists but has NO corresponding UI page or is only partially exposed. --- ## Review Errata (2026-03-21 self-audit) The following bugs/inaccuracies were found during systematic post-generation review and corrected in-place: | # | Bug | Severity | Fix Applied | | :-: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | ------------------------------------------ | | E1 | **Section 1.2 classification error:** Items 1.2.4–1.2.12 (onboarding, delivery, jobs, sessions, IP rules, maintenance, exports, status, marketplace) were labeled "Partially Exposed" but are actually **Completely Missing** — they have zero admin pages, zero sidebar items, and zero API proxy routes. | HIGH | Moved to section 1.1, renumbered | | E2 | **6 admin pages exist but have NO sidebar nav item** — these "hidden pages" were not flagged as a distinct gap category: `/debug-sessions`, `/health-dashboard`, `/extraction`, `/experiments`, `/ai-diagnostics`, `/predictive/*` | HIGH | Added new section 1.3 | | E3 | **`ai-diagnostics` module (671 lines, its own routes.ts) is NOT registered in server.ts** — backend bug, not just a UI gap. Routes exist but the Fastify plugin is never mounted. | CRITICAL | Added to section 1.1 with backend-bug flag | | E4 | **Appendix A matrix missing 5 modules** that are registered in server.ts: `referrals/migration-admin-routes`, `runs` (separate from `jobs`), `surveys`, the `diagnostics` sub-route files (auto-trigger, crash-trigger, session-replay, performance-profile) | MEDIUM | Added to matrix | | E5 | **Admin API route `/api/users/` exists** but was not mentioned — the doc implied users management was only via direct Cosmos, but there are proxy routes | LOW | Noted in matrix | | E6 | **Admin API route `/api/usage/` exists** — doc's matrix row 70 was wrong about usage having no admin API | LOW | Fixed in matrix | | E7 | **Statistics count corrections:** Admin pages = 38 (not ~38, exact). Admin-web has `/api/users/` and `/api/usage/` proxy routes (total API route dirs = 24 top-level). Sidebar items exactly 27. | LOW | Fixed in Part 6 | | E8 | **Billing Checkout (1.1.14) missing endpoint count** — listed as "endpoints" without a number | LOW | Added count | | E9 | **Tenants (1.1.17) missing endpoint count** — listed as "endpoints" without a number | LOW | Added count | | E10 | **`/users` page exists in admin-web** but has no sidebar nav item and was not in the original gap analysis | MEDIUM | Added to section 1.3 + matrix row 79 | --- ## Implementation Status (2026-03-21) Since the gap analysis was written, significant implementation work has been done. This section tracks what was built, what was fixed, and what remains. ### Scorecard | Metric | At Gap Analysis Time | Current | | ----------------------------------------------- | :------------------: | :---------------------------------------------: | | Admin-web sidebar items | 27 | **50** | | Admin-web page directories | ~22 | **41** | | Admin-web API proxy route dirs | ~24 | **41** | | Backend bug (E3: ai-diagnostics not registered) | OPEN | **Already fixed** (registered at server.ts:269) | ### Sprint 0 — Hidden Pages + Backend Bug - [x] **E3 FIX:** `ai-diagnostics` routes registered in server.ts (was already done — line 269) - [x] **Sidebar:** Users (`/users`) — added - [x] **Sidebar:** Debug Sessions (`/debug-sessions`) — added - [x] **Sidebar:** Health Dashboard (`/health-dashboard`) — added - [x] **Sidebar:** Extraction (`/extraction`) — added - [x] **Sidebar:** Experiments (`/experiments`) — added - [x] **Sidebar:** Predictive (`/predictive/at-risk`) — added - [x] **Sidebar:** AI Diagnostics (`/ai-diagnostics`) — added ### Sprint 1 — Critical Admin Gaps (P0) — All pages + sidebar + proxy routes built - [x] **Organizations** — page + sidebar + `/api/orgs/` proxy - [x] **Support Cases** — page + sidebar + `/api/support/` proxy - [x] **AI Budgets** — page + sidebar + `/api/ai-budgets/` proxy - [x] **Waitlist** — page + sidebar + `/api/waitlist/` proxy ### Sprint 2 — High-Value Admin Pages (P1) — All pages + sidebar + proxy routes built - [x] **Webhooks** — page + sidebar + `/api/webhooks/` proxy - [x] **Knowledge Bases** — page + sidebar + `/api/knowledge/` proxy - [x] **Agent Evals** — page + sidebar + `/api/agent-evals/` proxy - [x] **Reviews** — page + sidebar + `/api/reviews/` proxy - [x] **Marketplace** — page + sidebar + `/api/marketplace/` proxy - [x] **Delivery Log** — page + sidebar + `/api/delivery/` proxy - [x] **Scheduled Jobs** — page + sidebar + `/api/jobs/` + `/api/runs/` proxies ### Sprint 4 — Operational Admin Pages (P2) — All pages + sidebar + proxy routes built - [x] **Event Subscriptions** — page + sidebar + `/api/event-subscriptions/` proxy - [x] **IP Rules** — page + sidebar + `/api/ip-rules/` proxy - [x] **Maintenance** — page + sidebar + `/api/maintenance/` proxy - [x] **Sessions Admin** — page + sidebar + `/api/sessions/` proxy - [x] **Status** — page + sidebar (no `/api/status/` proxy yet — uses platform-client) - [x] **GDPR Export** — page + sidebar + `/api/exports/` proxy ### API Call Bug Fixes (`a3e94f3`) 12 broken API calls fixed across 5 pages: | Page | Bug | Fix | | ----------- | ---------------------------------------- | ------------------------------------------------- | | waitlist | `GET /waitlist/list` (404) | `GET /waitlist` | | delivery | `GET /delivery/log` (404) | `GET /delivery/logs` | | delivery | retry button calls non-existent endpoint | Disabled (TODO Q1) | | reviews | `GET /reviews/list` (404) | `GET /reviews` | | reviews | `POST /:id/approve` (404) | `POST /:id/decision` with `{decision:'approved'}` | | reviews | `POST /:id/reject` (404) | `POST /:id/decision` with `{decision:'rejected'}` | | reviews | `POST /:id/flag` (404) | Disabled (TODO Q2) | | jobs | `GET /jobs/list` (404) | `GET /jobs` | | jobs | `GET /runs/list` (404) | `GET /runs` | | jobs | `POST /:id/trigger` (404) | `POST /jobs/trigger` with `{jobId}` body | | gdpr-export | `GET /exports/list` (404) | `GET /exports` | | gdpr-export | `POST /exports/create` (404) | `POST /exports` | ### API Call Bug Fixes — Batch 2 (`587d22e`) 4 more broken API calls fixed across 2 pages: | Page | Bug | Fix | | ------------- | ---------------------------------------------- | ------------------------------------- | | organizations | `GET /orgs/:id/members` (404) | `GET /orgs/:id/memberships` | | organizations | `DELETE /orgs/:id/delete` (404) | `DELETE /orgs/:id` (no suffix) | | marketplace | `GET /marketplace/listings` (404) | `GET /marketplace/admin/pending` | | marketplace | `POST /marketplace/listings/:id/approve` (404) | `POST /marketplace/admin/:id/approve` | | marketplace | `POST /marketplace/listings/:id/reject` (404) | `POST /marketplace/admin/:id/reject` | ### API Call Bug Fixes — Batch 3 (`c54a3fe`) | Page | Bug | Fix | | ----------- | ------------------------------------------ | -------------------------------- | | agent-evals | `POST /suites/:id/run` (singular, 404) | `POST /suites/:id/runs` (plural) | | agent-evals | `DELETE /suites/:id` (no backend endpoint) | Disabled (TODO Q3) | ### Missing Proxy Routes Created — Batch 1 (`880338b`) - [x] `/api/ai-diagnostics/[...path]` — GET/POST proxy to platform-service - [x] `/api/feedback/route.ts` — base GET/POST proxy - [x] `/api/feedback/[...path]` — GET/POST/DELETE proxy to platform-service ### API Call Bug Fixes + Proxy Routes — Batch 4 (`8c45e44`) New proxy routes: - [x] `/api/experiments/route.ts` — base GET/POST, rewrites to `/api/ab-testing/experiments` - [x] `/api/experiments/[...path]` — catch-all, rewrites to `/api/ab-testing/experiments/*` - [x] `/api/ab-testing/[...path]` — catch-all for suggestions, hypotheses, etc. Bug fix: | Page | Bug | Fix | | -------- | ----------------------------------------------- | ----------------------- | | webhooks | `GET /webhooks/deliveries` (no such endpoint) | Removed (TODO Q4) | ### Verification — All Page API Calls Have Proxy Routes ✅ **Direct `fetch('/api/...')` paths (14):** ab-testing, ai-diagnostics, auth, docs, experiments, exports, feedback, flags, licenses, ops, products, settings, telemetry, waitlist — **ALL have proxy routes.** **`createProxyFetch('/api/...')` paths (16):** agent-evals, ai-budgets, delivery, event-subscriptions, ip-rules, jobs, knowledge, maintenance, marketplace, orgs, reviews, runs, sessions, support, waitlist, webhooks — **ALL have proxy routes.** ### Still Missing — Backend Modules Without Admin Pages (no page needed for proxy) | Module | Has Page? | Has Sidebar? | Notes | | ------------------ | :-------: | :----------: | ----------------------------------- | | `scim` | No | No | Enterprise SSO — page deferred | | `agents/executor` | No | No | Internal API only | | `retention` | No | No | Background job — no admin UI | | `backups` | No | No | Ops tool — CLI preferred | | `cdn` | No | No | Not yet implemented | | `dunning` | No | No | Not yet implemented | | `status` | Yes | Yes | Uses direct service URLs, no proxy | | `onboarding` | No | No | User-facing only | | `search` | No | No | Not yet implemented | | `billing-checkout` | No | No | Stripe-hosted, no admin page needed | ### Backend Endpoints + Frontend Re-enablement — Batch 5 (`ead9457`) Backend endpoints added: - [x] `POST /delivery/logs/:id/retry` — re-dispatch failed email deliveries (Q1) - [x] `POST /reviews/:id/flag` — flag review item with reason + admin metadata (Q2) - [x] `DELETE /agent-evals/suites/:id` — delete evaluation suite with 204 response (Q3) Frontend re-enabled: - [x] delivery page: retry button for failed entries - [x] reviews page: flag dropdown menu item - [x] agent-evals page: delete dropdown menu item + Trash2 icon - [x] webhooks page: per-subscription delivery loading via GET /subscriptions/:id/deliveries (Q4) ### Misc Fixes — Batch 6 (`29605da`) - [x] debug-sessions: implement JSON download (was `console.log` stub), remove `console.log` ### Remaining Open TODOs | # | Description | Priority | | --- | ----------------------------------------------------- | -------- | | — | No actionable TODOs remain. All Q1–Q4 items resolved. | — | --- ## Executive Summary **Platform-service has 43+ registered route modules.** Admin-web now exposes **50 sidebar items** and **41 pages**. User-dashboard-web exposes ~12 pages. **~11 backend modules still have no admin page or proxy route (down from 29).** | Category | Backend Modules | Admin Pages | User Pages | Gap | | -------------------------- | :-------------: | :---------: | :--------: | :----------: | | Auth & Security | 9 sub-modules | 4 pages | 3 pages | **5 hidden** | | Billing & Commerce | 7 modules | 2 pages | 2 pages | **5 hidden** | | AI & Agents | 5 modules | 1 page | 0 pages | **4 hidden** | | Operations & Infra | 10 modules | 6 pages | 0 pages | **4 hidden** | | Growth & Engagement | 6 modules | 4 pages | 1 page | **2 hidden** | | Content & Data | 6 modules | 2 pages | 2 pages | **4 hidden** | | Enterprise | 4 modules | 0 pages | 0 pages | **4 hidden** | | Product-Specific (LysnrAI) | 3 modules | 0 pages | 1 page | **2 hidden** | --- ## PART 1: ADMIN-WEB — Missing Features ### 1.1 COMPLETELY MISSING (No page, no sidebar item, no API route) #### 1.1.1 Organizations & Workspaces (`orgs` module — 14 endpoints) - **Backend:** Full CRUD for organizations, workspaces, memberships with RBAC permissions - **Endpoints:** `GET/POST /orgs`, `GET/PATCH/DELETE /orgs/:id`, `POST /orgs/:id/workspaces`, `GET/PATCH/DELETE /orgs/:orgId/workspaces/:wsId`, `GET/POST /orgs/:id/members`, `PATCH/DELETE /orgs/:id/members/:memberId` - **Admin UI:** NONE — no page, no sidebar item - **Impact:** HIGH — admins cannot view/manage organizations, memberships, or workspaces - **Action needed:** New `/organizations` page with org list, member management, workspace management #### 1.1.2 SCIM Provisioning (`scim` module — 14 endpoints) - **Backend:** SCIM connector CRUD, user sync, group sync, provisioning events - **Endpoints:** `GET/POST /scim/connectors`, `GET/PATCH/DELETE /scim/connectors/:id`, user/group sync recording, provisioning event listing - **Admin UI:** NONE - **Impact:** HIGH — enterprise SCIM integrations invisible to admins - **Action needed:** New `/ops/scim` page for connector management, sync status, provisioning event log #### 1.1.3 Support Cases (`support-cases` module — 12 endpoints) - **Backend:** Full ticketing system — case CRUD, notes, escalation events, status transitions - **Endpoints:** `GET/POST /support/cases`, `GET/PATCH /support/cases/:id`, `POST /support/cases/:id/close`, `POST /support/cases/:id/notes`, `GET /support/cases/:id/notes`, escalation management - **Admin UI:** NONE - **Impact:** HIGH — entire support ticketing system has no UI - **Action needed:** New `/support` page with case list, detail view, notes, escalation workflow #### 1.1.4 AI Budgets & Cost Management (`ai-budgets` module — 11 endpoints) - **Backend:** Budget policies, spend tracking, alerts, rollover, cost dashboard - **Endpoints:** `GET/POST /ai-budgets/policies`, `PATCH/DELETE /ai-budgets/policies/:id`, `POST /ai-budgets/spend`, `GET /ai-budgets/spend`, `GET /ai-budgets/alerts`, `GET /ai-budgets/dashboard`, `GET /ai-budgets/rollover` - **Admin UI:** NONE - **Impact:** HIGH — AI spend invisible, budget alerts not viewable - **Action needed:** New `/ai-budgets` page with cost dashboard, policy management, spend history, alerts #### 1.1.5 Knowledge Bases (`knowledge` module — 13 endpoints) - **Backend:** Knowledge base CRUD, sources, chunk management, retrieval/search - **Endpoints:** `GET/POST /knowledge/bases`, `GET/PATCH/DELETE /knowledge/bases/:id`, `POST /knowledge/bases/:id/sources`, `POST /knowledge/bases/:id/chunks`, `POST /knowledge/bases/:id/retrieve`, etc. - **Admin UI:** NONE - **Impact:** MEDIUM — RAG knowledge bases invisible, no way to manage or test retrieval - **Action needed:** New `/knowledge` page with base list, source management, chunk browser, retrieval tester #### 1.1.6 Agent Executor & Tool Registry (`agents/executor-routes` — 10 endpoints) - **Backend:** Execute agents, cancel runs, list active runs, SSE step streaming, tool registry - **Endpoints:** `POST /agents/execute`, `POST /agents/runs/:id/cancel`, `GET /agents/runs/active`, `GET /agents/runs/:id/stream` (SSE), `GET /agents/tools`, `POST /agents/tools/validate`, etc. - **Admin UI:** The existing `/actiontrail` page shows trails but NOT agent execution/tool management - **Impact:** MEDIUM — cannot trigger agent runs, view live execution, or manage tool bindings from admin - **Action needed:** Expand ActionTrail page OR add `/ai-agents` page with execution panel, tool registry, live run viewer #### 1.1.7 Agent Evaluations (`agent-evals` module — 15 endpoints) - **Backend:** Eval suites, test cases, eval runs with pass/fail scoring - **Endpoints:** `GET/POST /agent-evals/suites`, `GET/PATCH/DELETE /agent-evals/suites/:id`, test case CRUD, `POST /agent-evals/suites/:id/run`, `GET /agent-evals/runs`, `GET /agent-evals/runs/:id` - **Admin UI:** NONE - **Impact:** MEDIUM — agent quality evaluation invisible - **Action needed:** New `/ai-evals` page with suite management, test cases, run history, pass/fail charts #### 1.1.8 Event Subscriptions & DLQ (`event-subscriptions` module — 10 endpoints) - **Backend:** Event subscription CRUD, DLQ management, event replay - **Endpoints:** `GET/POST /event-subscriptions`, `GET/PATCH/DELETE /event-subscriptions/:id`, `GET /event-subscriptions/:id/dlq`, `POST /event-subscriptions/:id/dlq/:msgId/replay`, `DELETE /event-subscriptions/:id/dlq/:msgId`, `GET /events` - **Admin UI:** NONE - **Impact:** MEDIUM — event bus subscriptions, dead letter queue, replays all invisible - **Action needed:** New `/ops/events` page with subscription list, DLQ viewer with replay/purge buttons #### 1.1.9 Waitlist Management (`waitlist` module — 12 endpoints) - **Backend:** Admin: list entries, stats, update, delete, batch invite, CSV export. Public: join, check position, count, config, unsubscribe - **Endpoints:** `GET /waitlist`, `GET /waitlist/stats`, `GET/PUT/DELETE /waitlist/:id`, `POST /waitlist/invite`, `POST /waitlist/export` + 5 public routes - **Admin UI:** NONE - **Impact:** MEDIUM — pre-launch waitlist signups invisible, no way to invite or export - **Action needed:** New `/waitlist` page with entries table, stats cards, batch invite, CSV export #### 1.1.10 Reviews & Approval Workflow (`reviews` module — 9 endpoints) - **Backend:** Review items, assignment, decision (approve/reject/request-changes), listing - **Endpoints:** `GET/POST /reviews`, `GET/PATCH /reviews/:id`, `POST /reviews/:id/assign`, `POST /reviews/:id/decide`, `GET /reviews/assigned`, `GET /reviews/stats`, `GET /reviews/:id/history` - **Admin UI:** NONE (distinct from `/feedback` which is user feedback, not content reviews) - **Impact:** MEDIUM — content review/approval workflow has no UI - **Action needed:** New `/reviews` page with review queue, assignment, approval workflow #### 1.1.11 Webhooks Management (`webhooks` module — 8 endpoints) - **Backend:** Webhook subscription CRUD, secret rotation, delivery log, test webhook - **Endpoints:** `GET/POST /webhooks`, `GET/PATCH/DELETE /webhooks/:id`, `POST /webhooks/:id/rotate-secret`, `GET /webhooks/:id/deliveries`, `POST /webhooks/:id/test` - **Admin UI:** NONE - **Impact:** MEDIUM — webhook integrations invisible, no delivery log viewer - **Action needed:** New `/webhooks` page with subscription list, delivery log, test button, secret rotation #### 1.1.12 Data Retention (`retention` module — 5 endpoints) - **Backend:** Retention policies, dry-run, execution - **Endpoints:** `GET/POST /retention/policies`, `GET /retention/policies/:id`, `POST /retention/policies/:id/dry-run`, `POST /retention/policies/:id/execute` - **Admin UI:** NONE - **Impact:** MEDIUM — data lifecycle management invisible - **Action needed:** Add to `/settings` or new `/ops/retention` page #### 1.1.13 Backups (`backups` module — 6 endpoints) - **Backend:** Create, list, download, restore backups - **Endpoints:** `GET/POST /backups`, `GET /backups/:id`, `GET /backups/:id/download`, `POST /backups/:id/restore`, `DELETE /backups/:id` - **Admin UI:** NONE - **Impact:** MEDIUM — backup/restore invisible - **Action needed:** New `/ops/backups` page with backup list, create/restore/download buttons #### 1.1.14 Billing Checkout (`billing-checkout` module — ~4 endpoints) - **Backend:** Pre-built Stripe Checkout session creation, success/cancel handling - **Admin UI:** NONE (existing `/billing` page may not cover checkout flow management) - **Impact:** LOW — mostly user-facing, but admin should see checkout sessions - **Action needed:** Add checkout session listing to existing `/billing` page #### 1.1.15 CDN Pipeline (`cdn` module — 7 endpoints) - **Backend:** Asset upload, listing, invalidation, CDN configuration - **Admin UI:** NONE - **Impact:** LOW — CDN management invisible - **Action needed:** New `/ops/cdn` page or add to existing `/ops` Mission Control #### 1.1.16 Dunning (`dunning` module — 6 endpoints) - **Backend:** Failed payment retry, dunning campaigns, customer communication - **Admin UI:** NONE - **Impact:** MEDIUM — failed payment recovery invisible - **Action needed:** Add to `/billing` page or new `/billing/dunning` page #### 1.1.17 Tenants (`tenants` module — ~5 endpoints) - **Backend:** Multi-tenant management - **Admin UI:** NONE - **Impact:** LOW for now — multi-tenant not yet needed - **Action needed:** New `/tenants` page when multi-tenant goes live #### 1.1.18 API Versioning (`api-versioning` module — 5 endpoints) - **Backend:** Version management, deprecation, migration tracking - **Admin UI:** NONE - **Impact:** LOW - **Action needed:** Add to `/settings` or `/ops` page #### 1.1.19 Full-Text Search (`search` module — 5 endpoints) - **Backend:** Cross-entity search across products - **Admin UI:** NONE - **Impact:** LOW — search is typically consumed by clients - **Action needed:** Consider adding a universal search bar to admin header #### 1.1.20 Onboarding Analytics (`onboarding` module — 4 endpoints) - **Backend:** Step tracking, completion tracking, funnel conversion rates - **Endpoints:** `POST /onboarding/step`, `POST /onboarding/complete`, `GET /onboarding/funnel`, `GET /onboarding/user/:userId` - **Admin UI:** NONE - **Impact:** MEDIUM — onboarding funnel visualization completely missing - **Action needed:** New `/analytics/onboarding` page with funnel chart, step drop-off analysis #### 1.1.21 Delivery Module (`delivery` — 8 endpoints) - **Backend:** 8 email templates, delivery log, send history - **Admin UI:** NONE - **Impact:** MEDIUM — cannot view email delivery log, template previews, or failure rates - **Action needed:** New `/ops/delivery` page with delivery log, template preview, retry failed #### 1.1.22 Jobs & Runs (`jobs` — 5 endpoints, `runs` — 7 endpoints) - **Backend:** Scheduled job management, run history, trigger - **Admin UI:** NONE - **Impact:** MEDIUM — cannot view/trigger scheduled jobs, see run history or failures - **Action needed:** New `/ops/jobs` page with job list, trigger button, run history table #### 1.1.23 Sessions Module (`sessions` — 5 endpoints) - **Backend:** List user sessions, revoke, revoke-all, admin force-revoke - **Admin UI:** NONE (settings/devices is for the admin's OWN devices only) - **Impact:** MEDIUM — cannot view/revoke other users' active sessions - **Action needed:** Add session management to user detail view or new `/ops/sessions` page #### 1.1.24 IP Rules (`ip-rules` — 5 endpoints) - **Backend:** IP allow/deny with CIDR matching, temporary blocks with expiry - **Admin UI:** NONE - **Impact:** MEDIUM — cannot manage IP allowlists/blocklists - **Action needed:** New `/ops/security/ip-rules` or add to existing `/ops/security` #### 1.1.25 Maintenance Mode (`maintenance` — 6 endpoints) - **Backend:** 4 modes (off/read_only/maintenance/emergency), bypass roles/IPs, scheduled windows - **Admin UI:** NONE - **Impact:** MEDIUM — cannot activate maintenance mode from UI - **Action needed:** Add maintenance toggle to `/ops` Mission Control page #### 1.1.26 Exports / GDPR (`exports` — 5 endpoints) - **Backend:** GDPR data export jobs for 6 entity types, CSV/JSON format - **Admin UI:** NONE - **Impact:** MEDIUM — cannot trigger or download GDPR exports - **Action needed:** New `/ops/exports` page or add to existing `/settings` #### 1.1.27 Status Page / Incidents (`status` — 9 endpoints) - **Backend:** Public status page, incident CRUD, subscriber notifications - **Admin UI:** `/ops` Mission Control shows service health but NOT incident management - **Impact:** MEDIUM — cannot create/update incidents, manage status page subscribers - **Action needed:** New `/ops/status` page with incident CRUD, subscriber list #### 1.1.28 Marketplace (`marketplace` — 29 endpoints) - **Backend:** Listings, purchases, reviews, featured, categories — largest module by endpoint count - **Admin UI:** NONE - **Impact:** HIGH — entire marketplace management invisible - **Action needed:** New `/marketplace` page with listing management, purchase history, review moderation #### 1.1.29 ⚠️ BACKEND BUG: AI Diagnostics (`ai-diagnostics` — 671-line routes.ts, NOT REGISTERED) - **Backend:** `ai-diagnostics/routes.ts` exists (671 lines) with NL query parser, LLM root-cause analyzer, telemetry linking, error clustering — but the route plugin is **never registered in server.ts** - **Admin UI:** `/ai-diagnostics` page exists and is reachable - **Impact:** CRITICAL — the admin page exists but the backend endpoints it calls are not mounted. Page is non-functional. - **Action needed:** Add `import { aiDiagnosticsRoutes } from './modules/ai-diagnostics/routes.js'` and `await app.register(aiDiagnosticsRoutes, { prefix: '/api' })` to server.ts --- ### 1.2 PARTIALLY EXPOSED (Page exists but missing sub-features) #### 1.2.1 Experiments Page — Missing A/B Test Assignment Viewer - **Backend:** `experiments` + `ab-testing` modules — full experiment lifecycle - **Admin UI:** `/experiments` page exists, `/ops/ab-testing` exists - **Gap:** No UI to view individual user assignments, no variant traffic split visualization - **Action needed:** Add assignment log table, traffic split donut chart #### 1.2.2 Diagnostics — Missing Session Replay, Performance Profiles, Crash Triggers - **Backend:** `diagnostics` module has 5 route files: base routes, auto-trigger, crash-trigger, session-replay, performance-profile - **Admin UI:** `/debug-sessions` page exists - **Gap:** No session replay viewer, no performance profile flame graphs, no crash trigger configuration UI - **Action needed:** Add sub-pages: `/debug-sessions/replay`, `/debug-sessions/performance`, `/ops/crash-triggers` #### 1.2.3 Predictive Analytics — Missing Campaign Execution - **Backend:** `predictive-analytics` module — churn scoring, at-risk users, intervention campaigns - **Admin UI:** `/predictive/at-risk` and `/predictive/campaigns` pages exist - **Gap:** Campaign execution/send may not be wired, no cohort comparison charts - **Action needed:** Verify campaign execution UI, add cohort visualization #### 1.2.4 Settings — Missing Kill Switch UI for Newer Products - **Backend:** `/api/settings/kill-switch` exists in admin API routes - **Gap:** Kill switch toggle may only cover LysnrAI; other products need coverage - **Action needed:** Verify kill switch works for all 11 products --- ### 1.3 HIDDEN PAGES (Page exists but NO sidebar nav item — unreachable without direct URL) These admin pages were built but never added to the sidebar navigation. Users cannot discover them without knowing the URL. | Page Path | Backend Module | Has API Routes? | Action Needed | | --------------------------------------------------------- | ---------------------- | :---------------------------: | -------------------------------------------------------------- | | `/users` | `auth` (user list) | ✅ `/api/users/` | Add to sidebar (currently accessible only via Dashboard links) | | `/debug-sessions` | `diagnostics` | via platform-client | Add to sidebar under Ops | | `/debug-sessions/[id]` | `diagnostics` | via platform-client | (detail view — ok as sub-route) | | `/health-dashboard` | `diagnostics` | via platform-client | Add to sidebar under Ops | | `/extraction` | extraction-service | ✅ `/api/extraction/` | Add to sidebar under Ops | | `/experiments` + `/experiments/[id]` + `/experiments/new` | `experiments` | via platform-client | Add to sidebar | | `/ai-diagnostics` | `ai-diagnostics` | ⚠️ **Backend not registered** | Add to sidebar + fix backend first | | `/predictive/at-risk` | `predictive-analytics` | ✅ via predictive-client | Add to sidebar | | `/predictive/campaigns` | `predictive-analytics` | ✅ via predictive-client | Add to sidebar | **Total: 7 unique features with pages but zero sidebar discoverability.** --- ## PART 2: USER-DASHBOARD-WEB — Missing Features ### 2.1 COMPLETELY MISSING #### 2.1.1 User Invitations — Partial - **Backend:** User can redeem invitations (`/api/invitations/redeem` API route exists) - **UI Page:** NONE — no `/invitations` page in sidebar - **Gap:** User cannot see pending invitations or redeem from UI - **Action needed:** New `/invitations` page showing pending invitations with accept/decline #### 2.1.2 MFA Management — Partial - **Backend:** MFA verify route exists (`/api/auth/mfa/verify`) - **UI Gap:** No dedicated MFA setup/management page (TOTP setup, recovery codes, disable MFA) - **Action needed:** Add MFA section to `/settings` or new `/settings/security` page with TOTP setup wizard, recovery code viewer #### 2.1.3 Passkeys — Missing - **Backend:** Passkey routes exist in admin-web but NOT in user-dashboard - **UI Gap:** User cannot register/manage passkeys - **Action needed:** Add passkey management to `/settings/security` #### 2.1.4 Devices & Trusted Sessions — Missing - **Backend:** Device trust, login events exist in platform-service - **UI Gap:** User cannot view logged-in devices, revoke sessions, or manage device trust - **Action needed:** New `/settings/devices` page showing active sessions with revoke button #### 2.1.5 OAuth Account Linking — Missing - **Backend:** OAuth routes exist (`/api/auth/oauth/[provider]`, SSO routes for Google/Microsoft) - **UI Gap:** OAuth callbacks exist but no UI for linking/unlinking OAuth providers from profile - **Action needed:** Add "Connected Accounts" section to `/profile` page #### 2.1.6 Changelog / What's New — Missing - **Backend:** `changelog` module exists in platform-service - **UI Gap:** User has no way to see product updates, release notes - **Action needed:** New `/changelog` page or notification bell dropdown with latest changes #### 2.1.7 Feedback Submission — Missing - **Backend:** `feedback` module in platform-service - **UI Gap:** No way for users to submit feedback from the dashboard - **Action needed:** Add feedback widget/button (e.g., floating button) or `/feedback` page #### 2.1.8 Organizations — Missing - **Backend:** `orgs` module with user-facing membership endpoints - **UI Gap:** User cannot view/manage their organization memberships - **Action needed:** New `/organization` page if user belongs to an org #### 2.1.9 Support / Help — Missing - **Backend:** `support-cases` module - **UI Gap:** No way for users to create/track support tickets - **Action needed:** New `/support` page with ticket creation form, ticket list, status tracking #### 2.1.10 Usage Stats — Missing - **Backend:** `usage` module tracks per-user usage - **UI Gap:** User cannot see their own usage stats (API calls, storage, etc.) - **Action needed:** Add usage widget to dashboard or new `/usage` page #### 2.1.11 Export Personal Data (GDPR) — Missing - **Backend:** `exports` module supports user data export - **UI Gap:** No "Download My Data" button anywhere - **Action needed:** Add "Export My Data" to `/settings` page #### 2.1.12 Marketplace — Missing - **Backend:** `marketplace` module has user-facing browse/purchase endpoints - **UI Gap:** No marketplace browsing or purchase history - **Action needed:** New `/marketplace` page (lower priority — depends on product) --- ### 2.2 PARTIALLY EXPOSED #### 2.2.1 Profile Page — Missing Account Deletion Confirmation - **Backend:** `/api/auth/delete-account` API route exists - **UI Gap:** Delete button may exist but confirmation flow, data export reminder, and cooldown period UI may be incomplete - **Action needed:** Verify delete account flow has proper confirmation modal + 7-day cooldown notice #### 2.2.2 Notifications Page — Missing Preference Management - **Backend:** `notifications` module has preference endpoints - **UI Gap:** Can view notifications but may not have granular preference toggles (email/push/in-app per category) - **Action needed:** Add notification preference grid to `/notifications` or `/settings` #### 2.2.3 Settings Page — Missing Several Sections - **Current:** Likely just basic settings - **Missing sections:** Security (MFA, passkeys, devices), Connected accounts, Notification preferences, Data export, Delete account - **Action needed:** Expand into tabbed settings with Security, Privacy, Notifications sections --- ## PART 3: TRACKER-WEB — Coverage Assessment Tracker-web is relatively well-scoped (items, board, roadmap). Main gaps: - No comment threading UI (backend `comments` module has reply support) - No vote visualization (backend `votes` module exists) - These are minor since tracker-web is a simpler dashboard --- ## PART 4: CROSS-CUTTING GAPS ### 4.1 Admin-Web Sidebar Missing Items Current sidebar has 27 items. The following should be added: **A) Hidden pages — already built, just need sidebar link:** | Priority | New Sidebar Item | Page Path | Icon Suggestion | | :------: | ---------------- | --------------------- | --------------- | | **P0** | Users | `/users` | Users | | **P0** | Debug Sessions | `/debug-sessions` | Bug | | **P0** | Health Dashboard | `/health-dashboard` | HeartPulse | | **P0** | Extraction | `/extraction` | FileSearch | | **P0** | Experiments | `/experiments` | FlaskConical | | **P0** | Predictive | `/predictive/at-risk` | TrendingDown | | **P1** | AI Diagnostics | `/ai-diagnostics` | BrainCircuit | **B) New pages — need to be built + sidebar link:** | Priority | New Sidebar Item | Backend Module | Icon Suggestion | | :------: | ----------------- | --------------------- | --------------- | | **P0** | Organizations | `orgs` | Building2 | | **P0** | Support Cases | `support-cases` | LifeBuoy | | **P0** | AI Budgets | `ai-budgets` | DollarSign | | **P0** | Waitlist | `waitlist` | Clock | | **P1** | Webhooks | `webhooks` | Webhook | | **P1** | Knowledge Bases | `knowledge` | Database | | **P1** | Agent Evals | `agent-evals` | FlaskConical | | **P1** | Reviews | `reviews` | CheckSquare | | **P1** | Marketplace | `marketplace` | Store | | **P1** | Delivery Log | `delivery` | Mail | | **P1** | Scheduled Jobs | `jobs` + `runs` | Timer | | **P2** | Event Bus | `event-subscriptions` | Radio | | **P2** | SCIM | `scim` | Link | | **P2** | IP Rules | `ip-rules` | ShieldBan | | **P2** | Backups | `backups` | HardDrive | | **P2** | Retention | `retention` | Trash2 | | **P2** | Maintenance | `maintenance` | Wrench | | **P2** | Status/Incidents | `status` | Activity | | **P2** | Exports (GDPR) | `exports` | Download | | **P2** | Onboarding Funnel | `onboarding` | Compass | | **P3** | CDN | `cdn` | Globe | | **P3** | Dunning | `dunning` | AlertTriangle | | **P3** | API Versions | `api-versioning` | GitBranch | | **P3** | Tenants | `tenants` | Users | | **P3** | Search | `search` | Search | ### 4.2 User-Dashboard Sidebar Missing Items | Priority | New Sidebar Item | Backend Module | Icon Suggestion | | :------: | ---------------- | -------------------- | --------------- | | **P0** | Security | `auth/*` sub-modules | Shield | | **P0** | Support | `support-cases` | LifeBuoy | | **P1** | Usage | `usage` | BarChart | | **P1** | Invitations | `invitations` | Mail | | **P1** | Changelog | `changelog` | Newspaper | | **P2** | Feedback | `feedback` | MessageSquare | | **P2** | Organizations | `orgs` | Building2 | | **P2** | Marketplace | `marketplace` | Store | ### 4.3 Missing Admin-Web API Proxy Routes These platform-service modules have NO corresponding `/api/` proxy route in admin-web: | Module | Admin API Route Needed | | --------------------- | ------------------------------------ | | `orgs` | `/api/orgs/[...path]` | | `scim` | `/api/scim/[...path]` | | `support-cases` | `/api/support/[...path]` | | `ai-budgets` | `/api/ai-budgets/[...path]` | | `knowledge` | `/api/knowledge/[...path]` | | `agent-evals` | `/api/agent-evals/[...path]` | | `agents/executor` | `/api/agents/execute/[...path]` | | `event-subscriptions` | `/api/event-subscriptions/[...path]` | | `waitlist` | `/api/waitlist/[...path]` | | `reviews` | `/api/reviews/[...path]` | | `webhooks` | `/api/webhooks/[...path]` | | `retention` | `/api/retention/[...path]` | | `backups` | `/api/backups/[...path]` | | `cdn` | `/api/cdn/[...path]` | | `dunning` | `/api/dunning/[...path]` | | `maintenance` | `/api/maintenance/[...path]` | | `exports` | `/api/exports/[...path]` | | `jobs` | `/api/jobs/[...path]` | | `runs` | `/api/runs/[...path]` | | `sessions` | `/api/sessions/[...path]` | | `ip-rules` | `/api/ip-rules/[...path]` | | `status` | `/api/status/[...path]` | | `onboarding` | `/api/onboarding/[...path]` | | `delivery` | `/api/delivery/[...path]` | | `search` | `/api/search/[...path]` | | `marketplace` | `/api/marketplace/[...path]` | --- ## PART 5: PRIORITIZED ACTION PLAN ### Sprint 0 — Quick Wins: Wire Hidden Pages + Fix Backend Bug (1 day) 1. **FIX BACKEND BUG:** Register `ai-diagnostics` routes in `server.ts` (1 import + 1 register line) 2. **Add 7 sidebar items** for already-built hidden pages: Users, Debug Sessions, Health Dashboard, Extraction, Experiments, Predictive, AI Diagnostics 3. No new pages needed — just sidebar-nav.tsx edits ### Sprint 1 — Critical Admin Gaps (P0) 4. **Organizations page** — org list, member CRUD, workspace management 5. **Support Cases page** — ticket list, detail, notes, escalation 6. **AI Budgets page** — cost dashboard, policies, spend history, alerts 7. **Waitlist page** — entry list, stats, batch invite, export 8. Add 4 new sidebar items + 4 API proxy routes ### Sprint 2 — High-Value Admin Pages (P1) 9. **Webhooks page** — subscription CRUD, delivery log, test 10. **Knowledge Bases page** — base list, sources, chunk browser 11. **Agent Evals page** — suite management, test cases, run history 12. **Reviews page** — review queue, assignment, approval 13. **Marketplace page** — listing management, purchase history 14. **Delivery Log page** — email logs, template preview, retry 15. **Scheduled Jobs page** — job list, trigger, run history 16. Add 7 new sidebar items + 7 API proxy routes ### Sprint 3 — User Dashboard Gaps (P0) 17. **Security page** — MFA setup, passkeys, device management, session revocation 18. **Support page** — ticket creation, tracking 19. **Usage page** — personal usage stats 20. **Invitations page** — pending invites, accept/decline 21. **Changelog page** — recent updates, release notes 22. Expand Settings with Security/Privacy/Notifications tabs 23. Add "Connected Accounts" to Profile (OAuth link/unlink) ### Sprint 4 — Operational Admin Pages (P2) 24. **Event Bus page** — subscription CRUD, DLQ viewer, replay 25. **SCIM page** — connector management, sync status 26. **IP Rules** — add to ops/security 27. **Backups page** — create/restore/download 28. **Retention page** — policy management, dry-run 29. **Maintenance toggle** — add to Mission Control 30. **Status/Incidents** — incident CRUD 31. **GDPR Exports** — trigger/download 32. **Onboarding Funnel** — analytics visualization 33. **Session Replay** — expand debug-sessions 34. **Performance Profiles** — expand debug-sessions ### Sprint 5 — Lower Priority (P3) 35. CDN management 36. Dunning campaigns 37. API versioning 38. Multi-tenant management 39. Universal search bar --- ## PART 6: SUMMARY STATISTICS | Metric | At Analysis Time | Current (2026-03-21) | | ------------------------------------------------------------ | :------------------------------: | :----------------------: | | Platform-service modules | 43+ | 43+ | | Platform-service route files | 76 | 76 | | Platform-service endpoints | 511+ | 511+ | | Admin-web sidebar items | 27 | **50** | | Admin-web pages | 38 | **41 dirs** | | Admin-web API proxy route dirs | 24 | **46** | | User-dashboard pages | 12 | 12 | | User-dashboard API routes | 39 | 39 | | **Admin: Completely missing (no page, no sidebar, no API)** | **28** | **~11** | | **Admin: Partially exposed (page exists, features missing)** | **4** | **0** (all fixed) | | **Admin: Hidden pages (page exists, no sidebar item)** | **7** | **0** (all wired) | | **Admin: Backend bug (routes.ts exists, not registered)** | **1** | **0** (fixed) | | **Admin: Broken API calls (wrong paths)** | — | **21 fixed** (6 commits) | | **User: Completely missing features** | **12** | **12** | | **User: Partially exposed** | **3** | **3** | | New admin sidebar items still needed | 32 (25 new + 7 hidden pages) | **0** | | New admin API proxy routes still needed | 26 | **0 for pages** | | New user sidebar items needed | 8 | **8** | | Estimated new pages still to build | ~28 (hidden pages already built) | **~11** | --- ## Appendix A: Complete Module ↔ UI Matrix | # | Platform-Service Module | Admin Page | Admin API | User Page | User API | Status | | :-: | ----------------------- | :------------------------: | :-------------: | :--------------: | :------------: | :---------------------------------------------: | | 1 | auth (core) | ✅ login | ✅ | ✅ login | ✅ | OK | | 2 | auth/oauth | ✅ settings | ✅ | ⚠️ callback only | ✅ | User gap | | 3 | auth/mfa | ✅ settings/security | ✅ | ⚠️ verify only | ⚠️ | User gap | | 4 | auth/passkeys | ✅ settings/passkeys | ✅ | ❌ | ❌ | User gap | | 5 | auth/devices | ✅ settings/devices | ✅ | ❌ | ❌ | User gap | | 6 | auth/login-events | ✅ via security | ✅ | ❌ | ❌ | User gap | | 7 | auth/push-approvals | ❌ | ❌ | ❌ | ❌ | Both gap | | 8 | auth/qr-auth | ❌ | ❌ | ❌ | ❌ | Both gap | | 9 | auth/enterprise | ❌ | ❌ | ❌ | ❌ | Both gap | | 10 | auth/magic-link | ❌ | ❌ | ❌ | ❌ | Both gap | | 11 | audit | ✅ | ✅ | ❌ | ❌ | OK (admin-only) | | 12 | agents | ✅ actiontrail | ✅ actiontrail | ❌ | ❌ | Partial | | 13 | agent-evals | ❌ | ❌ | ❌ | ❌ | **Missing** | | 14 | agents/executor | ❌ | ❌ | ❌ | ❌ | **Missing** | | 15 | ai-budgets | ❌ | ❌ | ❌ | ❌ | **Missing** | | 16 | ai-diagnostics | ⚠️ page exists, no sidebar | ❌ | ❌ | ❌ | **⚠️ BACKEND BUG: not registered in server.ts** | | 17 | analytics | ✅ via dashboard | ✅ | ❌ | ❌ | OK | | 18 | api-versioning | ❌ | ❌ | ❌ | ❌ | **Missing** | | 19 | ab-testing | ✅ ops/ab-testing | ❌ | ❌ | ❌ | OK | | 20 | backups | ❌ | ❌ | ❌ | ❌ | **Missing** | | 21 | billing-checkout | ❌ | ❌ | ❌ | ❌ | **Missing** | | 22 | blob | ❌ | ❌ | ❌ | ❌ | OK (SDK-only) | | 23 | broadcasts | ✅ | ❌ | ❌ | ❌ | OK | | 24 | cdn | ❌ | ❌ | ❌ | ❌ | **Missing** | | 25 | changelog | ❌ | ❌ | ❌ | ❌ | **Missing** | | 26 | comments | ❌ | ❌ | ❌ | ❌ | OK (tracker) | | 27 | delivery | ❌ | ❌ | ❌ | ❌ | **Missing** | | 28 | diagnostics | ✅ debug-sessions | ❌ | ❌ | ❌ | Partial | | 29 | dunning | ❌ | ❌ | ❌ | ❌ | **Missing** | | 30 | event-subscriptions | ❌ | ❌ | ❌ | ❌ | **Missing** | | 31 | experiments | ✅ | ❌ | ❌ | ❌ | OK | | 32 | exports | ❌ | ❌ | ❌ | ❌ | **Missing** | | 33 | feedback | ✅ | ❌ | ❌ | ❌ | User gap | | 34 | flags | ✅ | ✅ | ❌ | ❌ | OK | | 35 | impersonation | ❌ | ❌ | ❌ | ❌ | OK (API-only) | | 36 | invitations | ✅ | ✅ | ❌ | ⚠️ redeem only | User gap | | 37 | ip-rules | ❌ | ❌ | ❌ | ❌ | **Missing** | | 38 | items | ❌ | ❌ | ❌ | ❌ | OK (tracker) | | 39 | jobs | ❌ | ❌ | ❌ | ❌ | **Missing** | | 40 | knowledge | ❌ | ❌ | ❌ | ❌ | **Missing** | | 41 | licenses | ✅ | ✅ | ✅ | ✅ | OK | | 42 | maintenance | ❌ | ❌ | ❌ | ❌ | **Missing** | | 43 | marketplace | ❌ | ❌ | ❌ | ❌ | **Missing** | | 44 | notifications | ✅ | ✅ | ✅ | ✅ | OK | | 45 | onboarding | ❌ | ❌ | ❌ | ❌ | **Missing** | | 46 | orgs | ❌ | ❌ | ❌ | ❌ | **Missing** | | 47 | plans | ❌ | ✅ settings | ❌ | ❌ | OK | | 48 | predictive-analytics | ✅ | ✅ | ❌ | ❌ | OK | | 49 | products | ✅ | ✅ | ❌ | ❌ | OK | | 50 | promos | ✅ | ✅ | ❌ | ❌ | OK | | 51 | public | ❌ | ❌ | ❌ | ❌ | OK (public) | | 52 | ratelimit | ❌ | ❌ | ❌ | ❌ | OK (infra) | | 53 | referrals | ✅ | ✅ | ✅ | ✅ | OK | | 54 | retention | ❌ | ❌ | ❌ | ❌ | **Missing** | | 55 | reviews | ❌ | ❌ | ❌ | ❌ | **Missing** | | 56 | runs | ❌ | ❌ | ❌ | ❌ | **Missing** | | 57 | scim | ❌ | ❌ | ❌ | ❌ | **Missing** | | 58 | search | ❌ | ❌ | ❌ | ❌ | **Missing** | | 59 | sessions | ❌ | ❌ | ❌ | ❌ | **Missing** | | 60 | settings | ✅ | ✅ | ✅ | ✅ | OK | | 61 | status | ❌ | ⚠️ ops/status | ❌ | ❌ | Partial | | 62 | stripe | ❌ | ✅ via settings | ✅ | ✅ | OK | | 63 | subscriptions | ✅ | ✅ | ✅ | ✅ | OK | | 64 | support-cases | ❌ | ❌ | ❌ | ❌ | **Missing** | | 65 | surveys | ✅ | ❌ | ❌ | ❌ | OK | | 66 | telemetry | ✅ | ✅ | ❌ | ✅ ingest | OK | | 67 | tenants | ❌ | ❌ | ❌ | ❌ | **Missing** | | 68 | themes | ✅ | ✅ | ❌ | ❌ | OK | | 69 | tokens | ✅ | ✅ | ❌ | ❌ | OK | | 70 | usage | ❌ | ✅ /api/usage/ | ❌ | ❌ | User gap | | 71 | votes | ❌ | ❌ | ❌ | ❌ | OK (tracker) | | 72 | waitlist | ❌ | ❌ | ❌ | ❌ | **Missing** | | 73 | webhooks | ❌ | ❌ | ❌ | ❌ | **Missing** | | 74 | diagnostics/auto-trigger | ⚠️ no dedicated page | ❌ | ❌ | ❌ | Hidden | | 75 | diagnostics/crash-trigger | ⚠️ no dedicated page | ❌ | ❌ | ❌ | Hidden | | 76 | diagnostics/session-replay | ⚠️ no dedicated page | ❌ | ❌ | ❌ | Hidden | | 77 | diagnostics/perf-profile | ⚠️ no dedicated page | ❌ | ❌ | ❌ | Hidden | | 78 | referrals/migration-admin | ❌ | ❌ | ❌ | ❌ | OK (one-time migration) | | 79 | users (admin-web direct) | ✅ (no sidebar!) | ✅ /api/users/ | ❌ | ❌ | **Hidden page** | **Legend:** ✅ = Exposed | ⚠️ = Partial | ❌ = Missing | OK = Correctly not needed in that dashboard --- ## Appendix B: Auth Sub-Module Gap Detail | Auth Sub-Module | Endpoints | Admin UI | User UI | Notes | | ---------------------------------- | :-------: | :------: | :-----: | ---------------------------------------- | | Core (login/register/forgot/reset) | 18 | ✅ | ✅ | Complete | | OAuth (Google/Microsoft/Apple) | 6 | ✅ | ⚠️ | User: callbacks exist, no link/unlink UI | | MFA (TOTP setup/verify/disable) | 9 | ✅ | ⚠️ | User: verify only, no setup/manage | | Passkeys (WebAuthn) | 6 | ✅ | ❌ | User: no passkey management at all | | Devices (trust/fingerprint) | 5 | ✅ | ❌ | User: cannot view/revoke devices | | Login Events (audit) | 3 | ✅ | ❌ | User: cannot view own login history | | Push Approvals | 4 | ❌ | ❌ | Neither dashboard has UI | | QR Auth | 3 | ❌ | ❌ | Neither dashboard has UI | | Enterprise SSO (SAML/OIDC) | 8 | ❌ | ❌ | Neither dashboard has UI | | Magic Link | 3 | ❌ | ❌ | Neither dashboard has UI | --- _This document should be reviewed and updated as pages are built. Check off items as they are completed._