The operator console is for platform operators running the SaaS — not tenant owners. It runs as a separate app and must never be served on a tenant/custom domain.

Access

Operators are an allow-list, seeded out-of-band (never via the API): 
cd services/api
uv run python -m scripts.ops_grant grant alice@acme.com --role superadmin --by you
uv run python -m scripts.ops_grant list
Roles (least→most): support (read) · ops (tier/entitlement/suspend) · superadmin.

The console

Open the operator app (:3100). Tabs:
  • Tenants — expand any workspace to see plan/usage/members and change tier, set/clear an entitlement override, or suspend/reactivate.
  • Audit — the immutable operator action trail.
  • Billing — recent provider webhook events across tenants.
Every mutation prompts for a reason and writes an audit row before it runs. The full runbook (incl. go-live checklist) lives at Documentation/reference/operator-runbook.md.