Project settings

Contracts, permissions, and rollout guardrails.

Project contract surface for route ownership, API boundaries, permissions, and rollout rules.

Project registryPublic surfaceOps consoleEnter operator laneBack to overviewProtected ops
Live publishingRefine migration activeCadence: Monthly issue cycleRead-only previewUpdated Apr 5, 2026, 2:19 PM UTC12 modules

Refine runtime

The settings lane now owns safe project writes instead of only documenting boundaries.

This keeps the server-rendered contract visible on first paint, then lets the live project settings resource handle governed updates after hydration. Sensitive provider secrets and real operator execution still stay outside this lane.

Server baseline readyWatchGuideRead-only previewSynced Apr 5, 2026, 2:19 PM UTC

Hydrating the project settings resource on top of the server baseline.

Sign in for governed writesOpen protected ops

Governance profile

The workbench now keeps a shared project note instead of hiding the current posture in chat.

Focus laneGuide

The current project lane that should stay most visible across the shell.

Rollout statusWatch

This tells the team how much operator attention the next project slice needs.

Writable controls15

Safe, project-owned settings now belong to the workbench instead of only to ops.

Last settings updateApr 5, 2026, 2:19 PM UTC

system-default

  • Operator note: Keep runbooks, release evidence, and route ownership visible in the guide lane while the wider handoff milestone stays in motion.
  • Scope rule: only authenticated operator sessions can save governed project settings from this route.

Module map

Each workbench module now has named ownership.

ModuleOwnershipDetail
OverviewProject kernelCross-resource posture, route map, and current operating loop.
AutomationExecution controlCompile cadence, pipeline posture, and guarded project actions.
IssuesRegistry objectPublication source records and archive-facing structure.
ReviewsExecution ledgerQuality-gate outcomes and publish-readiness history.
DeliveryExecution ledgerRun summaries and subscriber-delivery posture.
AudienceUsage summaryDemand signals, segment mix, and safe project-level lead health.
UsageProduct usage ledgerLane throughput, funnel posture, and operator-facing system consumption.
APIIntegration contractRead routes, guarded mutations, and platform-edge coverage.
BillingCommercial ledgerCheckout state, webhook proof, and cutover readiness.
EventsUsage and audit ledgerSource activity, CTA attribution, and trend telemetry.
SettingsProject contractRoute ownership, provider boundaries, and rollout guardrails.
GuideOperator memoryRunbooks, release references, route maps, and supportable handoff context.

Surface routes

Route ownership is now explicit instead of implied.

  • Public homepage (public): /. Acquisition surface with product-first information architecture.
  • Member desk (member): /members. Recovery-first buyer route with no heavy auth assumptions.
  • Project workbench (project): /app/project/core-publication/overview. Canonical project scope for resource-first workspace routes.
  • Project guide (project): /app/project/core-publication/guide. Durable operator memory for runbooks, release evidence, and route-level recovery tasks.
  • Ops console (ops): /ops. Protected operator-only run actions and deeper execution desks.

API contracts

The provider layer now has a clean project-owned target map.

ResourceAPI routeContract
Overview/api/workbench/project/core-publication/overviewDetail resource with project-scoped summary data for the workbench.
Automation/api/workbench/project/core-publication/automationDetail resource with compile readiness, downstream lane posture, and protected operator compile actions.
Issues/api/workbench/project/core-publication/issuesCollection resource with refine-friendly pagination and normalized list shape.
Reviews/api/workbench/project/core-publication/reviewsCollection resource with refine-friendly pagination and normalized list shape.
Delivery/api/workbench/project/core-publication/deliveryCollection resource with refine-friendly pagination and normalized list shape.
Audience/api/workbench/project/core-publication/audienceDetail resource with aggregate demand posture, operator-safe watch controls, and no contact-level lead exposure.
Usage/api/workbench/project/core-publication/usageDetail resource with project-scoped usage throughput, intervention controls, and lane-utilization signals.
API/api/workbench/project/core-publication/apiDetail resource with integration contracts, guarded mutation inventory, and platform edge coverage.
Billing/api/workbench/project/core-publication/billingDetail resource with commercial readiness, project-owned billing controls, and safe operator-only writes.
Events/api/workbench/project/core-publication/eventsDetail resource with telemetry posture, operator-safe watch controls, and no raw event-row exposure.
Settings/api/workbench/project/core-publication/settingsDetail resource with governed project settings reads and safe operator-only writes.
Guide/api/workbench/project/core-publication/guideDetail resource with runbooks, release references, route maps, and durable operator memory for the live project.

Access matrix

Preview visibility and operator authority are now separate concerns.

ResourcePreview laneOperator lane
Overviewlist, showlist, show
Automationlist, showlist, show, run
Issueslist, showlist, show
Reviewslist, showlist, show, run
Deliverylist, showlist, show, run
Audiencelist, showlist, show, update
Usagelist, showlist, show, update
APIlist, showlist, show
Billinglist, showlist, show, update
Eventslist, showlist, show, update
Settingslist, showlist, show, update
Guidelist, showlist, show

Rollout rules

Provider boundaries and next phases stay written down.

  • Boundary: dataProvider builds project API requests and normalizes responses.
  • Boundary: accessControlProvider controls preview and operator affordances only.
  • Boundary: Next.js route handlers remain the security boundary.
  • Boundary: Services and stores remain the authority over D1 and local fallback behavior.
  • Phase: Shared shell posture and route boundaries
  • Phase: Resource API alignment for the first project lanes
  • Phase: Issues, reviews, and delivery workbench
  • Phase: Audience, usage, API, billing, events, settings, and guide lanes
  • Phase: Protected action migration and broader refine package adoption

Permission ladder

Server-side enforcement order is documented in the project now.

  1. Identity
  2. Billing account existence
  3. Billing account active state
  4. Plan capability
  5. Project ownership
  6. Object ownership
  7. Action scope
  8. Credit or entitlement availability