How can we help?

Write the plain business goal first: for example, recover abandoned carts, refresh SEO pages, prepare weekly reports, or create product-page updates.

Use a recipe when the user knows the outcome but does not know the block sequence. Templates create editable blocks, not locked automation.

The trigger tells BAAM when to wake up. Use Manual start for sensitive workflows, Schedule for recurring work, Data change for connected-source changes, and store events only after webhooks are verified.

Click a block and fill Block type, Name, Connected tool/source, Action mode, Plain-language instruction, Saved output name, and Human approval only when that exact block must pause.

Use Brand check, Compliance check, Margin guardrail, Refund approval guardrail, or Human approval before publishing, sending, syncing, changing store data, refunds, discounts, or customer-impacting actions.

The inspector shows whether the workflow has a trigger, decision logic, useful output, and safety gate. It also estimates tokens, run cost, and monthly risk for frequent triggers.

Save the automation, then review active status, run history, generated files, action queue, blockers, approvals, and API usage before relying on it.

Capture the page, tab, feature, workflow, block name, provider, account email, and workspace where the issue appears.

Look for Missing connection, Missing permission, Field unavailable, Action unsupported, Manual fallback, Cost warning, Approval required, or Blocked.

Switch risky work to draft-only, export reminder, manual review, test mode, schema required, citations required, or approval required until readiness passes.

Reconnect with the right account, add the missing role/scope, map custom columns, add required IDs, import a test CSV/Sheet, or rerun the provider test.

Record the last successful run, failed run time, exact error, expected result, actual result, and whether a customer, billing, security, or live publishing issue is involved.

The destination URL that receives JSON. It must be HTTPS.

A shared secret used to verify the event is real. Missing secret means no live automation.

The JSON keys sent by the tool, such as customer.email or order.total.

Know whether the webhook creates a draft, stores data, sends a notification, or requests a live write.

Check that the correct account was selected, the property/account ID matches, and BAAM has the required permission. Try reconnecting from an incognito browser if the wrong Google/Meta/Microsoft account was used.

Use the numeric Property ID from GA4 Admin. Do not use the G- Measurement ID.

Paste the property exactly as shown in Search Console, including sc-domain: or the full URL-prefix.

Add the Shopify client secret/webhook secret and run a test event. Read-only Shopify data can work while event automations stay blocked.

Map date, URL/campaign/product, and at least one metric such as clicks, spend, revenue, orders, impressions, sessions, or conversions.

Reconnect with the Dropbox account that owns or can access the folder, then paste only a folder URL/path if BAAM must validate a specific folder.

Confirm the app install or OAuth callback finished, the returned site/store ID matches the customer store, and store API permissions include the objects the workflow needs.

Check the Production keyset, RuName, Accept URL, marketplace, requested scopes, and whether the eBay developer app is approved for seller access.

Open the queued action and confirm connector, entity ID, preflight diff, guardrail result, approval state, and whether the provider supports the requested live action.

Lower batch size, source limit, recurrence frequency, or AI-heavy blocks before enabling a scheduled workflow.

Connect exactly one store, validate webhooks or store reads, add margin/refund/consent guardrails, and run the preflight simulator before approval.

Confirm official provider API, write scope, approval setting, compliance check, and connected destination. Otherwise use export reminders or draft push.

Open /account?tab=my-info to confirm the signed-in user's name, email, workspace identity, plan summary, and account status. Use this view when a customer says the wrong account is active or they cannot find their workspace.

Open /account?tab=membership to review the active tier, renewal state, trial status, and upgrade prompts. If the user just paid and the tier still looks old, check for a pending checkout or Stripe webhook delay before asking them to retry.

Open /account?tab=billing for payment status and /account?tab=invoices for invoice records. Use /account/billing/portal when the customer needs Stripe-hosted card changes, cancellations, tax details, or invoice downloads.

Open /account?tab=notifications or /account/notifications for message preferences. Marketing and product updates can be changed, but billing, security, legal, and account-critical notices must remain deliverable.

Open /account?tab=courses when a user cannot find course or onboarding content. Confirm the user is signed into the same account that owns the plan or invitation.

Open /account?tab=api-automations when a user is looking for account-level automation access rather than workspace automations in the Command Center. Route workflow setup questions back to Command Center -> AI Automation.

Use the public login/signup flow for new accounts. If sign-in loops, confirm the user is using the same email, cookies are allowed, and any email verification or anti-spam challenge has completed.

Use the password reset flow when the user cannot sign in. Password reset links are account-specific and time-sensitive, so expired links should be regenerated instead of reused.

Use /account/password from a signed-in session when the user knows the current password. If the session is not trusted, sign out and use the reset flow.

Start setup at /account/security/totp/start and finish at /account/security/totp/enable. The user scans the QR code or enters the secret into an authenticator app, then confirms a current code.

Use /account/security/email-code when email verification is the fallback factor. Confirm the user can receive mail at the account address and check spam filtering before disabling MFA.

Recovery codes are one-time backup codes. Regenerate at /account/security/recovery-codes/regenerate only after warning the user that old recovery codes stop working.

Open /account?tab=security for MFA state, recovery code handling, password actions, and security notifications.

If a user sees an unexpected sign-out, verify cookie settings, clock skew, browser privacy mode, and whether security changes invalidated older sessions.

Use pricing when a visitor asks what plan to choose. Confirm monthly versus yearly billing, plan limits, trial messaging, included Command Center capabilities, and which features require a paid tier.

Checkout should clearly show the selected plan, billing interval, legal confirmations, Stripe handling, and any readiness notice. If checkout is unavailable, the page should explain whether configuration, authentication, or plan selection is blocking it.

Use /support or Contact support when a user needs human review. Ask for account email, workspace, route, browser, timestamp, screenshots, and the exact action attempted.

Contact forms should reject spammy or incomplete submissions, keep sensitive credentials out of the message, and route billing, support, sales, privacy, or security topics to the right queue.

Terms, privacy, refund/subscription language, cookie information, and required checkout disclosures should be reachable before payment and from the public footer or legal area.

Cookie controls should let visitors manage non-essential tracking choices while preserving necessary security, checkout, and account cookies.

Blog posts and resource pages should be readable without Command Center access unless intentionally gated. Affiliate review content must preserve clear disclosure and avoid implying unsupported guarantees.

Public careers or course marketing pages should distinguish browsing content from account-owned course access in /account?tab=courses.

Open /admin for the operating dashboard. Use menu search, grouped navigation, and walkthrough prompts to locate the right operations page before editing customer or site data.

Use /admin/team and /admin/access-control to manage staff accounts, roles, permissions, invitations, and least-privilege access.

Use /admin/security for the admin user's own MFA, session, and recovery-code work. Do not use customer repair tools for staff login hygiene.

Use /admin/users to search customers, inspect account state, repair account records, review privacy actions, and coordinate support without exposing credentials.

Use /admin/payments, /admin/billing-ops, and /admin/product-config for payments, plans, prices, product configuration, checkout readiness, and subscription support.

Use /admin/support, /admin/support-ops, and /admin/contacts for tickets, contact form submissions, routing, evidence, and customer communications.

Use /admin/integrations, /admin/integration-ops, /admin/automation-ops, and /admin/ai-governance for connector health, workflow failures, AI usage governance, and executor controls.

Use /admin/analytics, /admin/analytics-reporting-ops, /admin/reports, /admin/audit, and /admin/data for reporting, exports, event review, and operational analysis.

Use /admin/marketing, /admin/tracking-ops, /admin/email-marketing, /admin/email-lifecycle-ops, and /admin/affiliates for campaigns, tracking, lifecycle email, and affiliate review kit management.

Use /admin/site-settings, /admin/pages, /admin/blog, /admin/media, /admin/seo, and /admin/legal for CMS publishing, media, SEO metadata, and the Legal document catalog.

Use /admin/courses and /admin/careers to manage training content, course availability, careers pages, and job listings.

Use /admin/tools/import, /admin/tools/export, /admin/tools/export/download, /admin/enterprise, /admin/security-center, /admin/incidents, and /admin/system-ops for data movement and high-risk operational work.

When a user asks how to use a BAAM feature, first match the feature key, route, tab, label, or action phrase. Then answer with the shortest safe path: where to open it, what the user must already have, what fields to fill, what result to expect, and what blocker means.

Never infer that a live publish, live store write, ad spend, customer email send, or billing change is allowed just because a draft can be created. Live actions require official connector support, correct scopes, configured guardrails, and approval status when approval is enabled.

For any support handoff, collect account email, workspace, route or tab, feature key, provider, object ID, workflow ID, run ID, browser/device, timestamp, screenshot, visible readiness state, exact error message, and the last safe action attempted.

Do not ask users for normal passwords, card numbers, recovery-code screenshots, session cookies, bearer tokens, SSH keys, database credentials, or unrelated customer exports.

Read-only dashboards, manual drafts, exports, previews, tests, and generated files are safe first steps. Direct publish, direct send, direct store changes, billing operations, admin permission changes, and privacy/security actions need explicit readiness and permission checks.

If readiness is missing, tell the user to use draft-only, export reminder, manual review, support escalation, or connector setup instead of suggesting a live action.

Feature key: command_center.shell. Route: /command-center. User intent: open the marketing workspace, move between modules, use the collapsible rail, mobile drawer, topbar actions, account shortcut, help docs link, and global status surfaces.

Prerequisites: signed-in account with workspace access. Actions: choose the left navigation item, use subtabs inside the page, open Help Docs, open Account Settings, collapse or expand the rail, and use mobile hamburger on narrow screens. Blockers: login required, workspace not seeded, stale browser session, or account permission problem. Support evidence: route, visible module name, whether the drawer opens, browser width/device, and screenshot.

Feature key: command_center.global_search. Route/view: Command Center search. User intent: find commands, pages, setup items, integrations, providers, generated files, records, and workspace objects by typing terms like store, Stripe, Search Console, campaign, report, approval, calendar, generated file, or provider name.

Actions: enter a search term, open the matched page/action, or clear search. Outputs: result rows that navigate to the related feature. Blockers: no matching text, stale local app data, or missing workspace records. Fallback: use the left nav or setup walkthrough. Support evidence: query text, expected result, visible result count, and route after clicking.

Feature key: command_center.setup_walkthrough. User intent: complete the no-code setup path in the right order: store, data sources, tool connections, AI setup, Brand Brain, compliance, workflow test, generated output, and support evidence.

Prerequisites: account and workspace. Actions: follow setup cards, open provider setup, save source records, run validation, and use readiness labels. Outputs: Ready, Needs setup, Manual fallback, Blocked, Missing permission, Field unavailable, or Action pending approval. Safe fallback: manual draft, CSV import, export reminder, or support ticket. Support evidence: readiness label, provider, scopes, property/store ID, and latest validation message.

Feature key: settings.store_connection. Route/view: Command Center -> Settings -> Store Connection or Tools & Stores. User intent: connect the main ecommerce store such as Shopify, WooCommerce, BigCommerce, Wix, Squarespace, or Shoptet.

Prerequisites: owner/admin access to the store and official OAuth or provider-generated API credentials. Actions: select provider, choose OAuth when available, paste exact store URL or store ID when asked, save setup, validate read access, and confirm store object support. Outputs: store profile, product/order/customer data readiness, webhook readiness, and live action eligibility. Blockers: wrong store URL, missing scopes, callback not completed, webhook secret missing, or multiple stores when only one store is allowed. Fallback: CSV import or draft-only commerce workflows.

Feature key: settings.data_sources. User intent: connect analytics, search, ads, sheets, CSV, storage, webhook, or custom API data so dashboards, reports, and automations have evidence.

Inputs: connection name, refresh schedule, account ID, property/site/sheet/dataset ID, site URL, provider credential when needed, and scopes. Actions: add connection, use OAuth or official API key, map fields for CSV/custom data, run validation, and inspect sync status. Outputs: source records, normalized metrics, registry entries, datasets, and dashboard panels. Blockers: wrong GA4 property ID, missing Search Console property, no metric columns, expired OAuth, inaccessible sheet/file, or unsafe custom endpoint. Fallback: manual CSV with required mapping.

Feature key: settings.tool_connections. User intent: connect publishing, marketplace, social, email, ads, storage, and action tools used by campaigns and automations.

Prerequisites: provider account role that can authorize the requested scopes. Actions: choose provider, complete OAuth/API setup, confirm account label and marketplace/site/page, then run a small read or draft push. Outputs: available destinations, draft export support, live action eligibility, and blocked action reasons. Blockers: provider has setup-only support, write scopes missing, marketplace approval missing, wrong page selected, or official executor not implemented. Fallback: export reminder, manual upload, or draft-only output.

Feature keys: settings.ai_providers, settings.brand_brain, settings.compliance, settings.privacy, settings.governance. User intent: configure model providers, voice, proof, forbidden phrases, claims rules, consent rules, privacy handling, and approval behavior.

Prerequisites: provider key or supported provider connection for AI-assisted generation. Actions: add provider key, select model where available, add brand voice and proof, define claims that must not be made, configure consent/suppression rules, and require approval for risky outputs. Outputs: safer prompts, brand-aligned drafts, blocked claims, audit notes, and usage estimates. Blockers: no AI provider, insufficient credits, blocked claims, missing consent, or approval required. Fallback: manual creation and human review.

Feature key: data_dashboard. Route/view: Command Center -> Data Dashboard. User intent: inspect connected and imported data, performance statistics, source records, sync status, tracking links, and custom dashboard layout.

Subtabs: Overview shows executive and coverage panels; Statistics shows configurable charts and timelines; Sources lists records from GA4, search, ads, stores, CSV, Sheets, webhooks, and custom APIs; Sync shows ingestion activity; Tracking manages UTM links and attribution naming. Actions: customize dashboard, connect data, refresh registry, inspect a source row, generate tracking URLs, and compare chart metrics. Outputs: metrics, timelines, source rows, coverage warnings, sync status, tracking links. Blockers: no connected data, missing date/metric mapping, stale OAuth, or no events yet.

Feature key: command_centre. Route/view: Command Center -> Command Centre. User intent: operate manual marketing work from one control surface when automated recommendations are not trusted or not ready.

Subtabs: Start here answers what to do next; Settings reviews governance; Tools reviews platforms; Campaigns handles plans and assets; Content handles drafts and approvals; Calendar handles scheduling; Reports handles client output. Actions: create a manual task, open relevant builder, review connected tools, open report/export, or move to calendar. Outputs: tasks, campaign assets, content drafts, reports, scheduling reminders. Blockers: missing data or connector means use manual work, not scan-generated recommendations.

Feature key: channel_performance. User intent: compare channels and decide where to increase, reduce, or change marketing work.

Prerequisites: GA4, ads, email, CRM, CSV, or other connected performance data. Actions: open Channel Performance, review timeline charts and action summary, recommend channel mix only after data exists. Outputs: channel status, contribution, trend, and suggested manual actions. Blockers: no source data. Fallback: connect/import data or create a manual campaign task.

Feature key: content_portfolio. User intent: manage pages, posts, emails, ads, and assets by performance, freshness, quality, status, and next action.

Prerequisites: content records, generated assets, imported content, or connected source data. Actions: create content from data, inspect quality timeline, review asset freshness, approve or revise drafts, and use generated files or library outputs. Outputs: content quality views, asset actions, drafts, and refresh tasks. Blockers: no assets or no data. Fallback: Create Hub, Library, or manual content plan.

Feature keys: reports, generated_files. User intent: create weekly, client-ready, or executive-ready reports and find every saved report, export, dataset, automation output, draft, and attached file.

Actions: generate weekly report, export a report, download private export when available, open reusable dataset, review automation output, or create a new automation from output context. Outputs: report files, exported content, datasets, automation outputs, file metadata, and download URLs when the file is private and ready. Blockers: no data, no generated outputs, blocked workflow, missing R2/download URL, or stale report source. Fallback: manual report notes or data connection setup.

Feature keys: create_hub, campaigns, campaign_editor, calendar, library, leads. User intent: turn one idea into editable assets, create store campaigns, schedule approved drafts, manage prompt sets and marketing IP, and handle CRM-ready leads with consent.

Actions: open Create Hub, choose campaign package, fill goal/audience/offer/proof/channel constraints, preview campaign, create editable package, schedule export reminders or direct publish only when integrations are ready, create prompt sets/playbooks, add leads, and review consent/suppression. Outputs: campaign drafts, content assets, calendar items, prompt sets, playbooks, lead records, CSV-ready lead structure. Blockers: missing data, missing official publishing integration, blocked claims, missing consent, or provider-send email not supported. Fallback: manual writing, export reminder, or CSV lead export.

Feature keys: opportunities_removed, seo_intelligence_removed, ai_data_processing_retired. User intent: understand why old scan-generated recommendations or SEO intelligence are not available.

Status: retired because scan-generated recommendations were not reliable enough for business decisions. Correct answer: use Data Dashboard source records, Channel Performance, Content Portfolio, Reports, Command Centre manual tasks, or AI Automation Builder with explicit data sources and tests. Never answer: do not claim the retired analyzer can generate strategic recommendations. Fallback: connect/import source data and create manual tasks.

Feature key: ai_automation.centre. Route/view: Command Center -> AI Automation. User intent: build, monitor, pause, and run AI workflows on connected data and official tool permissions.

Subtabs: Templates for starter recipes and fast starts; Usage Cost for AI and run cost; Dashboard for runtime overview. Custom workflow panels may expose active, paused, deleted, saved, and tool-action views. Actions: Create New Automation, customize tabs, open a template, review usage cost, inspect dashboard, and open builder. Outputs: saved workflow, usage estimate, runtime overview, action queue status. Blockers: no data, no AI provider, no connector, workflow blocked, budget limit, or approval required.

Feature key: ai_automation.builder_canvas. Route/view: Command Center -> AI Automation -> Create New Automation. User intent: build no-code workflows with triggers, source reads, AI steps, conditions, waits, outputs, approvals, and tool actions.

Actions: drag blocks onto the canvas, select a node, edit inspector fields, use pan/zoom, reorder or duplicate blocks, configure workflow settings separately from block settings, run a test, save workflow, and monitor runs. Outputs: workflow draft, workflow settings, block configuration, test run, generated output, action queue entry, or blocker. Blockers: missing source, invalid field mapping, unsafe live action, missing connector, approval wait, or unsupported executor. Fallback: draft-only output or manual export.

Feature key: ai_automation.blocks. User intent: configure each workflow step with plain-English no-code fields rather than code.

Common block groups: Trigger, Source, Transform, AI, Condition, Wait, Output, Approval, Store action, Marketing action, Notification, Webhook, and Safety. Fields: block type, mode, name, instructions, input, output, provider, entity, matching rules, guardrails, approval toggle, test mode, and budget/cost constraints. Outputs: normalized step config and runtime-ready workflow. Blockers: required field missing, schema required, citations required, PII redaction required, unsupported provider action, or output name collision.

Feature key: action_queue. User intent: review external actions before BAAM sends, publishes, updates, spends, or changes store/customer/provider data.

Actions: open queued action, review provider, execution mode, entity ID, preflight diff, guardrail result, approval requirement, blocker reason, and last error. Statuses: queued, needs_review, ready, approved, executing, executed, blocked, canceled, completed. Safe answer: approval alone is not enough if connector, scope, guardrail, or executor support is missing. Fallback: draft export or manual instruction. Support evidence: queue ID, workflow ID, action key, provider, execution mode, status, blocker, and preflight diff.

Feature key: usage_cost. User intent: understand AI/provider usage, run costs, credits, budget limits, and whether a workflow is safe to schedule.

Actions: open AI Automation -> Usage Cost, review current API token usage, workflow estimate, step breakdown, run count, credit balance, and cost warnings. Outputs: usage timeline, cost estimate, budget warning, and per-step usage. Blockers: no credits, budget cap, provider key missing, token limit, batch size too large, or recurrence too frequent. Fallback: lower batch size, shorten source range, reduce recurrence, switch to manual, or buy usage credits in account billing where available.

Feature key: automation_runtime.dashboard. User intent: inspect active automation health, run history, waits, failures, outputs, and commerce action state.

Actions: open Dashboard, check runtime timeline, workflow status, trigger summary, last run, failed run, waiting step, approval wait, generated result, and blocked action queue. Outputs: status panels, run history, usage charts, runtime metrics, and next required action. Blockers: failed run, canceled run, paused workflow, disabled workflow, missing wake source, dedupe/replay state, or retry backoff. Support evidence: workflow ID, run ID, status, error, last step, and timestamp.

Feature key: commerce_os. User intent: build ecommerce automations for products, inventory, orders, abandoned checkout, merchandising, and store actions using connected store data.

Prerequisites: exactly one ready store connection when the workflow needs live store context, store read scopes, webhook/read validation, margin/refund/consent guardrails, and official executor support for live writes. Actions: compile commerce intent, review capability graph, create starter automation, simulate preflight, create action draft, and approve only when ready. Outputs: store automation plan, product/order/customer reads, action draft, blocked action, or live execution. Blockers: no store, multiple stores, missing entity ID, missing scope, unsupported write, refund/margin guardrail, or approval wait. Fallback: manual store task or export draft.

Feature key: data_automations.dashboard. Route/view: Command Center -> Data Automations. User intent: build data-processing workflows that read sources, normalize rows, save datasets, create cited reports, and track costs.

Subtabs: Statistics, Draft, Templates, Paused datasets, Generated Files outputs, Deleted registry records, Active runs, and Costs. Actions: create data workflow, open canvas builder, customize tabs, refresh universal data registry, compile plain-English plan, save setup requirements, and run data processing. Outputs: query plan, setup requirements, datasets, generated outputs, run records, registry records, usage costs. Blockers: unknown variable, missing source, unmapped column, schema failure, unsafe endpoint, no citations, or no credits.

Feature key: data_processing.builder. User intent: create a visual data workflow with deterministic, AI-read-only, save-output, draft-only, test-mode, guardrail, and optional-approval modes.

Fields: block type, mode, category, name, instructions, input, output, output tab name, redact PII, schema required, citations required, test mode, requires approval, move up/down, duplicate, remove. Actions: add source, transform, AI, output, and safety blocks; map inputs; require citations; test before live use. Outputs: saved workflow, dataset, cited report, generated file, or blocked run. Blockers: missing schema, missing citations, PII rule, unmapped source, or approval required.

Feature key: universal_data_registry. User intent: know which connected tools can provide data, what fields are available, how unknown variables become setup requirements, and where saved datasets/runs appear.

Actions: refresh registry, inspect source capability profile, map columns, save dataset, review run, open generated file, and check cost. Outputs: registry record, normalized source field, dataset memory, output table, report, action draft, run status, or cost row. Blockers: provider unsupported, source lacks required object, field unavailable, column not mapped, event not received, or unsafe custom API. Fallback: CSV import with explicit field mapping.

Feature key: fast_starts_tool_actions. User intent: start common workflows from templates or use connected tools for supported actions.

Actions: choose a starter recipe, confirm connected provider, review setup notes, create workflow, inspect generated action, and approve or export. Outputs: template workflow, provider-specific setup checklist, action draft, blocked action, or manual fallback. Blockers: provider setup-only, no write scope, missing account role, unsupported executor, approval required, or compliance guardrail. Support evidence: recipe name, provider, workflow ID, and action key.

Feature keys: auth.login, auth.signup, auth.password_reset, auth.mfa_challenge. Routes: /login, /create-account, /login/mfa, password reset routes.

User intent: create an account, sign in, pass MFA, recover from forgotten password, or reach the correct next page. Prerequisites: valid account email, password, Turnstile when configured, and MFA method when enabled. Actions: submit login/signup, follow password reset email, enter MFA code, use recovery code when needed. Blockers: wrong email, expired reset token, missing Turnstile, MFA delivery not configured, bad authenticator code, or browser cookies disabled. Support evidence: email, route, MFA method, error message, and timestamp.

Feature key: account.overview. Route: /account?tab=my-info. User intent: review profile, workspace identity, account status, plan summary, and basic access state.

Actions: open Account, confirm name/email, verify active workspace, use account shortcuts, and return to Command Center. Outputs: profile details and account state. Blockers: signed into wrong email, no workspace, stale session, or account not linked to checkout. Fallback: sign out and back in, or support with account email and checkout email.

Feature key: account.membership. Route: /account?tab=membership. User intent: understand current plan, plan limits, trial/subscription state, add-ons, credits, and upgrade options.

Actions: compare upgrade options, choose monthly or yearly checkout, open billing portal for existing Stripe subscriptions, and review entitlements. Outputs: current plan, connected store limit, active automation limit, team user limit, monthly event limit, run history limit, usage credits, locked add-ons. Blockers: live subscription must use Stripe portal, checkout not configured, pending webhook, or plan slug/price missing. Support evidence: account email, selected plan, billing interval, subscription status, and checkout time.

Feature keys: account.billing, account.invoices, account.usage_credits. Routes: /account?tab=billing, /account?tab=invoices, /account/billing/portal.

User intent: manage billing, payment method, cancellation, tax details, receipts, invoices, subscription, and credit balance. Actions: open Stripe portal, download invoices, review customer/subscription IDs, buy credits where custom credit checkout is available, and inspect recent credit ledger. Outputs: billing status, Stripe portal session, invoice access, available/reserved/spendable credits. Blockers: no Stripe customer, portal unavailable, checkout incomplete, webhook delay, failed payment, or credit checkout minimum not met. Never ask: card numbers or bank details.

Feature key: account.api_automations. Route: /account?tab=api-automations. User intent: save account-level AI, WordPress, or automation provider keys used by account API automation features.

Actions: add official provider key, add WordPress.com connection where required, inspect connected credential rows, and open Command Center for store/ecommerce OAuth. Outputs: encrypted provider credential record and account API profile. Blockers: missing provider key, wrong WordPress site ID, revoked token, provider delivery not configured, or using this tab for store OAuth by mistake. Fallback: use Command Center -> Settings for ecommerce, ads, analytics, and tool connections.

Feature key: account.security. Route: /account?tab=security. User intent: manage password, authenticator app MFA, email login codes, recovery codes, and login protection status.

Actions: start authenticator setup at /account/security/totp/start, enable at /account/security/totp/enable, toggle email code at /account/security/email-code, regenerate recovery codes at /account/security/recovery-codes/regenerate, and change password at /account/password. Outputs: MFA method status, recovery code count, last MFA verification, and password update. Blockers: current password required, invalid 6-digit code, no email delivery, lost recovery codes, or suspicious account activity. Escalate: account takeover, unauthorized access, billing fraud, or lost all factors.

Feature keys: account.notifications, account.training. Routes: /account?tab=notifications, /account/notifications, /account?tab=courses.

Actions: edit automation report emails and product update emails, review primary email routing, open training library, open public courses, and contact support for training access. Always on: security emails and billing emails. Outputs: saved preferences and visible training content when enabled. Blockers: training not enabled, signed into wrong account, or email preference disabled only for non-critical messages.

Feature keys: public.pricing, public.checkout. Routes: /pricing, /account/plan/checkout. User intent: compare plans, select monthly/yearly billing, start trial, accept legal confirmations, and pay through Stripe.

Actions: choose billing interval, review order summary, confirm selected plan, accept required legal consent, continue to Stripe, and return to account. Outputs: pending checkout, Stripe checkout session, subscription, trial state, or readiness notice. Blockers: checkout setup missing, Stripe price ID missing, legal consent unchecked, not signed in, existing subscription should use portal, or checkout webhook delayed. Support evidence: selected plan, interval, account email, checkout time, and whether Stripe opened.

Feature keys: public.support, public.contact. Routes: /support and public contact sections. User intent: submit a support ticket, sales question, billing request, privacy request, or bug report.

Actions: choose category, describe the issue, include account/workspace/provider details, attach safe screenshots where available, and avoid secrets. Outputs: support ticket or contact submission routed to support/admin queues. Blockers: incomplete form, anti-spam failure, unsafe payload, oversized attachment, or missing category. Evidence: account email, URL, route, browser, timestamp, screenshots, exact error, provider/workflow IDs, and steps to reproduce.

Feature keys: public.legal, public.cookie_consent, public.blog, public.courses, public.careers. User intent: read terms/privacy/refund/cookie information, manage cookie choices, read resources, access course marketing, or view careers.

Actions: open legal footer pages, accept or manage non-essential cookies, read blog posts, follow affiliate disclosures, open public courses, and view careers listings. Outputs: readable public content and consent state. Blockers: legal page missing, cookie preference not saved, blog slug not found, media not loading, or gated course content requiring account access. Fallback: support ticket with URL and screenshot.

Feature key: admin.shell. Routes: /admin, /admin/login, /admin/login/mfa, /admin/logout. Permission: admin_access for console entry.

User intent: navigate grouped admin modules, search for billing/support/integrations/blog/security, collapse/open mobile menu, follow admin walkthrough, and log out. Blockers: admin auth required, MFA challenge required, permission denied, stale session, or static asset issue. Support evidence: admin email, route, required permission shown, menu group, and screenshot.

Feature keys: admin.dashboard, admin.enterprise. Routes: /admin, /admin/enterprise. Permission: admin_access.

Actions: review counts, recent audit, quick actions, launch blockers, checkout readiness, Stripe webhook readiness, legal profile, integration state, and operations map. Outputs: high-level admin health and links to customers, finance, integrations, support, automation ops, security center, data, audit, blog, analytics, and reports. Blockers: missing Stripe setup, webhook missing, no integrations, or permission denied. Fallback: open the specific readiness card instead of guessing.

Feature key: admin.customers. Route: /admin/users. Permission: manage_customers.

Actions: search users, create customer account, review billing interval, subscription status, account repair state, support context, privacy status, and customer access. Outputs: account records, created user, repair action, or support note. Blockers: duplicate email, weak password, missing permission, account already linked to Stripe, or privacy/security escalation. Safe handling: never ask for a customer's password; use reset/repair flows and audit notes.

Feature keys: admin.finance, admin.billing_ops, admin.product_config. Routes: /admin/payments, /admin/billing-ops, /admin/product-config. Permission: manage_finance.

Actions: set Stripe publishable key, monthly/yearly price IDs, mark webhook secret configured, inspect required webhook events, review checkout readiness, review unfinished signups, grant support-approved add-ons, set usage credits, and manage plan visibility signals. Outputs: billing readiness, effective prices, webhook endpoint, product entitlement state, credit grant, or blocked checkout diagnosis. Blockers: server secret missing, webhook secret missing, wrong price ID, customer subscription mismatch, or Stripe portal should handle live subscription changes.

Feature keys: admin.support, admin.support_ops, admin.contacts. Routes: /admin/support, /admin/support-ops, /admin/contacts. Permission: manage_support.

Actions: review support tickets, contact submissions, categories, status, notes, customer context, privacy requests, and routing. Outputs: assigned ticket, status change, response note, closed contact, or escalation. Blockers: missing evidence, spam/unsafe payload, identity not verified for privacy action, or security/billing escalation needed. Evidence: ticket ID, contact ID, customer email, route, category, status, and safe attachments.

Feature keys: admin.integrations, admin.integration_ops, admin.automation_ops, admin.ai_governance. Routes: /admin/integrations, /admin/integration-ops, /admin/automation-ops, /admin/ai-governance. Permission: manage_integrations.

Actions: review provider settings, connector health, workflow status, run status, wait queues, approval queue, action blockers, AI policy, provider readiness, model preferences, usage, and workspace governance. Outputs: connector diagnosis, workflow pause/reactivation, run requeue/cancel, queue status update, AI policy setting, or usage governance. Blockers: missing provider scopes, unsafe live action, usage cap, model/provider not configured, or audit context missing. Never expose: raw secrets or encrypted token packages.

Feature keys: admin.analytics, admin.reporting, admin.data, admin.audit, admin.tools_import, admin.tools_export. Routes: /admin/analytics, /admin/analytics-reporting-ops, /admin/reports, /admin/audit, /admin/data, /admin/tools/import, /admin/tools/export, /admin/tools/export/download.

Permissions: view_reports for analytics/reports/audit/data/export; manage_content for import. Actions: review page views/events, export reports, inspect audit logs, review operational data, import content/data bundles, and download exports. Blockers: no events, unsafe import media, missing embedded payload, access denied, or export not ready. Evidence: date range, export type, audit actor, import source label, and error.

Feature keys: admin.cms, admin.site_settings, admin.pages, admin.blog, admin.media, admin.seo, admin.legal. Routes: /admin/site-settings, /admin/pages, /admin/blog, /admin/blog/new, /admin/blog/{id}/edit, /admin/media, /admin/seo, /admin/legal. Permission: manage_content.

Actions: update site settings, edit public pages, create/edit/preview blog posts, use block editor, choose featured image from media library, upload allowlisted images, manage media records, edit SEO key values, and maintain Legal document catalog. Outputs: published page, draft post, scheduled/published blog status, media URL, SEO metadata, legal document. Blockers: unsafe upload, missing media payload, slug conflict, preview unavailable, legal document deletion confirmation, or permission denied. Fallback: save draft and preview before publishing.

Feature keys: admin.marketing, admin.tracking_ops, admin.email_marketing, admin.email_lifecycle_ops, admin.affiliates. Routes: /admin/marketing, /admin/tracking-ops, /admin/email-marketing, /admin/email-lifecycle-ops, /admin/affiliates. Permission: manage_marketing.

Actions: manage tracking settings, Google/Bing configuration links, unfinished signups, contacts, templates, campaigns, workflows, affiliate program, partners, links, commissions, payouts, and review kit content. Outputs: tracking setting, dismissed unfinished signup, email lifecycle record, affiliate record, payout state, or campaign setting. Blockers: consent missing, suppression active, provider not configured, affiliate disclosure missing, or permission denied.

Feature keys: admin.team, admin.access_control, admin.own_security, admin.security_center, admin.incidents, admin.system_ops. Routes: /admin/team, /admin/access-control, /admin/security, /admin/security-center, /admin/incidents, /admin/system-ops.

Permissions: manage_team for team/access-control, manage_own_security for own admin security, manage_security_ops for security center/incidents/system ops. Actions: manage staff roles, invitations, least-privilege access, admin MFA/session, rate limits, incidents, risky configuration, runtime blockers, and operational runbooks. Blockers: insufficient permission, missing MFA, unverified incident context, or high-risk operation without support context. Safe answer: escalate rather than bypass permissions.

Feature keys: admin.courses, admin.careers. Routes: /admin/courses, /admin/careers. Permission: manage_training.

Actions: manage course catalog, lessons, training availability, career openings, and applications. Outputs: course record, lesson record, published training content, job listing, or application review state. Blockers: missing permission, unpublished content, invalid form fields, or account user expecting training in /account?tab=courses before admin has enabled it.