Administration
The admin console – users and roles, config, providers, connectors, analytics, and system status.
Admins manage Fosnie from the admin console at /admin. It is a tabbed area; which tabs appear
depends on your role, the permissions you hold, and which capabilities are switched on. Everything below
is in Fosnie (Apache-2.0). The compliance and governance tabs (audit log, legal holds, moderation,
white-label branding, SSO/SCIM, custom roles) belong to Fosnie Enterprise.
Users and roles
Fosnie has three standing roles plus one emergency role:
- Admin – your IT lead. Manages users and groups, configuration, providers, and connectors.
- Power user – a trusted builder: creates agents, knowledge bases, and automations, but not an administrator.
- User – everyday access to chat, documents, and anything shared with them.
- Super-admin – an ephemeral break-glass session, never a standing account. See Super-admin & break-glass.
On a local-auth deployment the first person to register becomes the admin, and further registration is then closed until you turn it on (Config → Allow new registrations). From the Users tab an admin can invite people, change a role, deactivate an account, and reset a user's MFA (which signs their sessions out and makes them re-enrol). Accounts provisioned from an identity provider show a Managed by IdP badge and are owned by that directory (Fosnie Enterprise).
Groups and sharing
Groups organise people so you can grant access once to many. Access itself is members-only: a project or knowledge base is reachable only by the users and groups explicitly granted to it, so nothing is visible org-wide by default. The Sharing tab lets an admin review and manage those grants across the deployment.
Config
The Config tab holds runtime settings – stored in the database and applied immediately, with no restart. They are shown even when unset, with their built-in defaults, so you can tune before overriding. The Core toggles include:
| Setting | Default | Effect |
|---|---|---|
| Team chats & direct messages | on | Team/project group chats and 1:1 messages |
| Workflows | off | Event-driven workflows (dispatch starts from when you enable it) |
| Voice (dictation + read-aloud) | off | Needs an STT and/or TTS provider under Providers |
| Live voice (real-time call) | off | Streaming STT → LLM → streaming TTS with barge-in |
| Groundedness verification | off | Post-answer faithfulness check; needs a Verifier provider |
| Allow new registrations | off | Let people self-register beyond the first account |
| Max automations per user | 50 | Cap on scheduled automations one user may own |
| Minimum automation interval | 300s | Shortest gap between an automation's runs |
| Audit retention (months) | 24 | How long audit partitions are kept before the retention job trims them |
| Web search allowlist / blocklist | off | Domain-suffix allow/deny for the web-search fetcher |
| Web search allowlist-only | off | Fail-closed: only allowlisted domains are reachable |
| Web search robots policy | user_triggered | Honour robots.txt per host, or proceed for user-requested fetches |
Every change is written to the audit log (config.changed), and there is deliberately no "import a
whole config" action – each setting is edited explicitly, so a bad paste cannot silently reconfigure
the platform. See Configuration for the boot-versus-runtime split and
Configuration & env vars for the environment reference.
Providers
The Providers tab points each model role at an engine: the chat LLM, embeddings, reranker, speech-to-text, text-to-speech, vision/OCR, and the groundedness verifier. Most roles take a single provider; the LLM role is a list – register several named providers (a local vLLM, Claude, GPT) and mark one as the default. For each you set a base URL, model, and (optional) API key, toggle it on or off, pick a reasoning mode, and Test the connection. Keys are write-only in the UI and encrypted at rest; resolution is database → environment → built-in default, and changes hot-reload on the next call. Users then choose an LLM per chat from the composer, and each conversation remembers its own. Changing the embedding model means re-embedding your corpus, so the tab surfaces a re-index warning and progress. See Providers for the full model-setup guide.
Connectors, MCP, and tools
External connectors ship dormant (zero-egress); enabling one in Integrations lifts the egress gate for that connector alone. The MCP Servers tab is the host registry – add a server, approve it, pin it, or quarantine it, with SSRF-validated URLs. The Tools tab manages custom tools exposed to agents. See Connectors & MCP.
Announcements and feedback
Announcements publishes a banner message to everyone (for maintenance windows or notices). Feedback collects the thumbs-up/down and comments users leave on answers, for review in one place.
Analytics and overview
The Overview dashboard opens the console with snapshots – most active users and agents at a glance. The Analytics tab charts usage: tokens over the last 30 days, active users (7- and 30-day), tokens by user, most-used agents, and per-model, per-user, and per-agent breakdowns of answers and token spend. When groundedness is enabled, a Verification tab sits alongside it with faithfulness verdicts.
System status
The System view shows service health – Postgres, Redis, and overall readiness – the capabilities currently enabled (code interpreter, voice), your own role, and a security alerts list of any risk-flagged events. It is the quick "is everything up, and has anything odd happened" check.
Sensitive boot settings (encryption keys, deployment endpoints) and cross-user operations are not in this console – they are reserved for a break-glass super-admin. Day-to-day administration is done here by your standing admin.