Fosniedocsv0.1

Administration

The admin console – users and roles, config, providers, connectors, analytics, and system status.

Admins manage Fosnie from the admin console at /admin. It is a tabbed area; which tabs appear depends on your role, the permissions you hold, and which capabilities are switched on. Everything below is in Fosnie (Apache-2.0). The compliance and governance tabs (audit log, legal holds, moderation, white-label branding, SSO/SCIM, custom roles) belong to Fosnie Enterprise.

Users and roles

Fosnie has three standing roles plus one emergency role:

  • Admin – your IT lead. Manages users and groups, configuration, providers, and connectors.
  • Power user – a trusted builder: creates agents, knowledge bases, and automations, but not an administrator.
  • User – everyday access to chat, documents, and anything shared with them.
  • Super-admin – an ephemeral break-glass session, never a standing account. See Super-admin & break-glass.

On a local-auth deployment the first person to register becomes the admin, and further registration is then closed until you turn it on (Config → Allow new registrations). From the Users tab an admin can invite people, change a role, deactivate an account, and reset a user's MFA (which signs their sessions out and makes them re-enrol). Accounts provisioned from an identity provider show a Managed by IdP badge and are owned by that directory (Fosnie Enterprise).

Groups and sharing

Groups organise people so you can grant access once to many. Access itself is members-only: a project or knowledge base is reachable only by the users and groups explicitly granted to it, so nothing is visible org-wide by default. The Sharing tab lets an admin review and manage those grants across the deployment.

Config

The Config tab holds runtime settings – stored in the database and applied immediately, with no restart. They are shown even when unset, with their built-in defaults, so you can tune before overriding. The Core toggles include:

SettingDefaultEffect
Team chats & direct messagesonTeam/project group chats and 1:1 messages
WorkflowsoffEvent-driven workflows (dispatch starts from when you enable it)
Voice (dictation + read-aloud)offNeeds an STT and/or TTS provider under Providers
Live voice (real-time call)offStreaming STT → LLM → streaming TTS with barge-in
Groundedness verificationoffPost-answer faithfulness check; needs a Verifier provider
Allow new registrationsoffLet people self-register beyond the first account
Max automations per user50Cap on scheduled automations one user may own
Minimum automation interval300sShortest gap between an automation's runs
Audit retention (months)24How long audit partitions are kept before the retention job trims them
Web search allowlist / blocklistoffDomain-suffix allow/deny for the web-search fetcher
Web search allowlist-onlyoffFail-closed: only allowlisted domains are reachable
Web search robots policyuser_triggeredHonour robots.txt per host, or proceed for user-requested fetches

Every change is written to the audit log (config.changed), and there is deliberately no "import a whole config" action – each setting is edited explicitly, so a bad paste cannot silently reconfigure the platform. See Configuration for the boot-versus-runtime split and Configuration & env vars for the environment reference.

Providers

The Providers tab points each model role at an engine: the chat LLM, embeddings, reranker, speech-to-text, text-to-speech, vision/OCR, and the groundedness verifier. Most roles take a single provider; the LLM role is a list – register several named providers (a local vLLM, Claude, GPT) and mark one as the default. For each you set a base URL, model, and (optional) API key, toggle it on or off, pick a reasoning mode, and Test the connection. Keys are write-only in the UI and encrypted at rest; resolution is database → environment → built-in default, and changes hot-reload on the next call. Users then choose an LLM per chat from the composer, and each conversation remembers its own. Changing the embedding model means re-embedding your corpus, so the tab surfaces a re-index warning and progress. See Providers for the full model-setup guide.

Connectors, MCP, and tools

External connectors ship dormant (zero-egress); enabling one in Integrations lifts the egress gate for that connector alone. The MCP Servers tab is the host registry – add a server, approve it, pin it, or quarantine it, with SSRF-validated URLs. The Tools tab manages custom tools exposed to agents. See Connectors & MCP.

Announcements and feedback

Announcements publishes a banner message to everyone (for maintenance windows or notices). Feedback collects the thumbs-up/down and comments users leave on answers, for review in one place.

Analytics and overview

The Overview dashboard opens the console with snapshots – most active users and agents at a glance. The Analytics tab charts usage: tokens over the last 30 days, active users (7- and 30-day), tokens by user, most-used agents, and per-model, per-user, and per-agent breakdowns of answers and token spend. When groundedness is enabled, a Verification tab sits alongside it with faithfulness verdicts.

System status

The System view shows service health – Postgres, Redis, and overall readiness – the capabilities currently enabled (code interpreter, voice), your own role, and a security alerts list of any risk-flagged events. It is the quick "is everything up, and has anything odd happened" check.

Sensitive boot settings (encryption keys, deployment endpoints) and cross-user operations are not in this console – they are reserved for a break-glass super-admin. Day-to-day administration is done here by your standing admin.

Was this page helpful?

On this page