Admin Dashboard

Overview

The admin dashboard provides system administrators with tools for monitoring, prompt management, and user administration. Access requires the admin role.

Location: /admin

Admin Roles

Only users with admin privileges can access admin features:

Role	Admin Access
Owner	✅ Full
Admin	✅ Full
Member	❌ No
Viewer	❌ No

Metrics Dashboard

Location: /admin/metrics

User Growth

Track user and organization growth:

Total users over time
New registrations by period
Organization creation trends
Active users (daily/weekly/monthly)

AI Usage

Monitor AI generation consumption:

Total generations by type
Analysis vs. chat vs. report usage
Usage trends over time
Quota utilization across organizations

Feature Adoption

Understand how features are used:

Evidence uploads per investigation
Analysis generation frequency
Report export counts
Template usage rates

Prompt Management

Location: /admin/prompts

What Are Prompts?

AI prompts are the instructions that guide Claude's analysis and report generation. Nquiry stores prompts in the database for easy iteration without code changes.

Prompt Categories

Category	Purpose
Default Framework	Evidence evaluation guide
Analysis Prompts	Question, topic, gap, and summary analysis
Report Section Prompts	Executive summary, findings, methodology, etc.

Prompt Types

Type	Description
`default_evaluation_guide`	617-line evidence evaluation framework
`analysis_question`	Single question analysis
`analysis_summary`	Overall investigation summary
`analysis_gap`	Evidence gap identification
`report_executive_summary`	Report executive summary section
`report_background`	Report background section
`report_methodology`	Report methodology section
`report_findings`	Report findings section
`report_conclusions`	Report conclusions section
`report_recommendations`	Report recommendations section

Template Variables

Prompts use placeholders replaced at runtime:

Variable	Replaced With
`{{investigation_title}}`	Project title
`{{focus_statement}}`	Investigation focus/scope statement
`{{question_text}}`	Specific question being analyzed
`{{evidence_list}}`	Retrieved evidence chunks
`{{evidence_summary}}`	Summary of all evidence
`{{questions_list}}`	All investigation questions
`{{topics_list}}`	All topics with descriptions
`{{investigator_direction}}`	User-provided guidance for this analysis
`{{evaluation_framework}}`	The evidence evaluation framework
`{{investigation_context}}`	Combined context about the investigation

Editing Prompts

Navigate to Admin → Prompts
Find the prompt to edit
Modify system prompt and/or user template
Click Save
Changes take effect immediately

Prompt Versioning

Each prompt tracks:

Version number (auto-incremented on save)
Active/inactive status
Created and updated timestamps

Only active prompts are used; deactivate to disable without deleting.

Best Practices

Test changes - Try analysis after prompt changes
Iterate incrementally - Small changes, then evaluate
Document changes - Note what changed and why
Keep backups - Copy old version before major changes

User Management

Location: /admin/users

User List

View all users in the workspace:

Name and email
Role assignment
Organization membership
Account status

Role Management

Change user roles:

Find user in list
Select new role from dropdown
Changes apply immediately

Available admin actions:

View user details
Change role
View activity (audit log)
Remove from organization

Usage Monitoring

Location: /admin/usage

Organization Usage

Track resource consumption:

Storage used vs. limit
AI generations used vs. limit
Team member count

Billing Status

View subscription details:

Current plan
Billing period
Payment status

Overage Tracking

Monitor soft cap overages:

AI generations over limit
Storage approaching limits
Alerts for action needed

Audit Health

Location: /admin/audit-health

Audit Log Status

Monitor audit logging system:

Recent audit entries
Any logging failures
Storage/retention status

Compliance Verification

Verify compliance requirements:

All actions being logged
Log integrity checks
Retention policy adherence

Security Considerations

Admin Access Logging

All admin actions are logged:

Who accessed admin features
What changes were made
When actions occurred

Prompt Change Auditing

Prompt modifications are tracked:

Previous version preserved
Who made the change
Timestamp of change

Principle of Least Privilege

Limit admin roles to necessary personnel
Review admin access periodically
Remove admin access when role changes

AI Provider Settings

Added 2026-03-04 (NQU-338). Deprecated 2026-05-18 (NQU-783) — toggle scheduled for removal across PRs 2–5 of the NQU-783 sequence. See "Bedrock resilience" callout below for the replacement.

Location: /admin/settings

Admins can currently switch between AI providers without redeployment:

AWS Bedrock (default): Routes all AI calls through AWS Bedrock. Uses ECS task role credentials.
Anthropic Direct: Routes AI calls directly to Anthropic's API. Requires ANTHROPIC_API_KEY environment variable.

The toggle takes effect within 30 seconds (cached setting with TTL). Both providers produce identical analysis outputs — the toggle affects routing and rate limits only.

Rate limiters are configured per provider: Bedrock uses 3 concurrency (conservative for quota limits), Anthropic Direct uses 5 concurrency.

All provider changes are audit-logged under the admin.settings_change action type.

Bedrock resilience (NQU-783 PR 1, replaces the Anthropic-direct toggle)

The toggle's historical purpose was a Bedrock-throttling escape valve (NQU-728 8K-output truncation + occasional account-level throttle bursts). With NQU-783 Option A ratified (2026-05-18), the toggle is being removed and replaced by two automatic mechanisms inside lib/ai/client.ts that need no operator action:

Multi-region fallback. Primary region us-east-1; fallback us-west-2 (set via BEDROCK_FALLBACK_REGION env). On a retryable failure from the primary region (throttle, 5xx, connection), the SDK call retries on the fallback region inside the same limiter slot. Customer-greenfield installs leave the env unset to opt out (single-region IAM allowlist).
Throttle shedder. A 60-second sliding-window count of RateLimitError + ThrottlingException events shared across all Bedrock limiters. When >3 throttles register in the window, quality-check calls reject pre-flight (QualityShedError) so primary analysis traffic keeps the available quota. Primary calls never shed. Emergency kill switch: BEDROCK_SHEDDER_DISABLED=true env upsert.

Live state visible via GET /api/admin/queue-stats — the shedder object reports hot, recentThrottles, fallbackRegion, disabled. Runbook for sustained-hot / persistent fallback is in docs/admin/ops/incident-response.md §3.

Team Collaboration - Role definitions
AI Analysis - How prompts affect analysis
Billing - Quota management

Overview​

Admin Roles​

Metrics Dashboard​

User Growth​

AI Usage​

Feature Adoption​

Prompt Management​

What Are Prompts?​

Prompt Categories​

Prompt Types​

Template Variables​

Editing Prompts​

Prompt Versioning​

Best Practices​

User Management​

User List​

Role Management​

User Actions​

Usage Monitoring​

Organization Usage​

Billing Status​

Overage Tracking​

Audit Health​

Audit Log Status​

Compliance Verification​

Security Considerations​

Admin Access Logging​

Prompt Change Auditing​

Principle of Least Privilege​

AI Provider Settings​

Bedrock resilience (NQU-783 PR 1, replaces the Anthropic-direct toggle)​

Related Documentation​