Command Center
Every governed request writes an append-only audit row with no raw content — model, tokens, claim verification tiers, tripwire hits, escalations, refusals. This page aggregates your own rows through your own read permission. Real telemetry or nothing: if a number isn't derivable from the audit spine, it isn't shown.
The Command Center reads your own audit rows through your own permission — there is nothing to show without a session. Free during the founding period.
Org accounts, seat management, and shared case spaces extend the platform's owner-scoped security model to teams — which is exactly why they don't ship casually. The schema is written (migration 0014, deliberately unapplied), the policy matrix and attack scenarios are documented for review, and the migration applies only after that review passes and billing arms seat enforcement. Until then this card tells the truth instead of shipping a leak.