Admin Dashboard

Project Sovereign — Howard Henry, London

21 agents · 28 tables · 7 edge functions · AES-256 · UK GDPR compliant

Pipeline Stages
Recent Comms
Audit Events
21 AI Agents

Agent Command Centre

All seats online. Each can call, SMS, or WhatsApp Howard directly.

Learned Patterns — self-improving knowledge base (The Archivist S21)
Automation Engine

Workflows

All 21 agents can trigger and execute these automations automatically.

System

Architecture

How Project Sovereign comes together — browser → edge → database → AI → Howard.

Layer 1 — Vercel CDN (Static)
Landing
index.html
Public
Auth
login.html
PKCE
Core
app.js + css
AES-256
9 App Pages
All JWT-guarded
Secured
Admin
admin.html
Superadmin
↕ HTTPS · JWT Bearer · CORS restricted
Layer 2 — 7 Edge Functions (Deno · eu-west-1)
ai-proxy
Claude · Rate limit · Audit
sovereign-api
CRUD · Deals · Contacts
scraper
CH · Web · News · AI
notifier
📞 SMS 💬 WA → Howard
automation
21 agents · Workflows
gmail-comms
Gmail · AI draft
admin-api
Monitor · Pentest
↕ Service Role Key · RLS enforced · Audit logged
Layer 3 — PostgreSQL 17 (Supabase · kicdjdxxdqtmetphipnn · eu-west-1)
RLS ✓
user_profiles
RLS ✓
deals
RLS ✓
contacts
RLS ✓
conversations
RLS ✓
documents
RLS ✓
workflows
RLS ✓
audit_trail
RLS ✓
company_intel
RLS ✓
scraping_jobs
RLS ✓
phone_calls
RLS ✓
analytics_events
RLS ✓
ad_tracking
RLS ✓
ai_patterns
RLS ✓
compliance_log
↕ External Services
AI
Anthropic
Sonnet+Haiku
Comms
Twilio
Config needed
Email
Gmail API
OAuth scoped
Intel
Tavily Search
API key needed
Auth
Supabase Auth
PKCE+Google
Data flows & security model
Auth: Supabase PKCE → JWT → Bearer on every edge call
AI: Never direct — proxied via edge fn, 20/min/user rate limit
Encryption: AES-256-GCM in browser via Web Crypto API
Scraping: Agents queue jobs → scraper fn → company_intel
Automation: Workflows in DB → automation fn → steps execute
Self-learning: Patterns stored in ai_patterns (S21 Archivist)
Comms: Agent → notifier fn → Twilio → Howard's phone
RLS: Every table enforces user_id = auth.uid()
Compliance: UK GDPR + FCA + AML + KYC all event-logged
Communications

Call & Message Howard

Any of the 21 agents can reach Howard Henry directly via Call, SMS, or WhatsApp.

Send Now
Required Edge Function secrets:
TWILIO_ACCOUNT_SID · TWILIO_AUTH_TOKEN
TWILIO_FROM_NUMBER · HOWARD_PHONE · TWILIO_WHATSAPP_FROM
Comms Log
Intelligence

Company Scraper

S2 Kira Nyx scrapes via Tavily — LinkedIn, Companies House, Trustpilot, Glassdoor, news, GitHub — then AI-summarises with Claude Haiku.

Full Intel Scrape
What agents collect
🔍 Tavily Search — 8 parallel searches: Companies House, LinkedIn, Twitter/X, news, Trustpilot, Glassdoor, Crunchbase, GitHub
🌐 Jina Reader — website full-text via r.jina.ai (free, no key needed)
🤖 AI synthesis — acquisition score 0–100, social stats, funding history, risk/opportunity flags (Claude Haiku)
💾 Stored incompany_intel table, linked to deal if ID given
Add TAVILY_API_KEY to Supabase Edge Function secrets to activate scraping.
Tracking

Analytics & Ad Pixels

Server-side 1st-party tracking + client-side pixel hooks. UTM attribution. Conversion funnel.

Events by Type
Device Breakdown
Top Pages
Pixel Status
Meta Pixel — add fbq init snippet to index.html
Google GA4 — add gtag.js to all pages
LinkedIn Insight — set _linkedin_partner_id
1st Party ✓ ACTIVE — all events → ad_tracking table
Security

Penetration Testing

Automated audit: XSS, SQLi, CSRF, IDOR, auth bypass, rate limiting, info disclosure.

Legal

Compliance Framework

UK GDPR · FCA · ICO · Companies Act · AML · KYC · PECR — built for Howard Henry's UK M&A ops.

UK GDPR
Compliant
Lawful basis documented. Retention periods set (730 days data, 2555 days AML). DSAR process via admin.
FCA
Review
Operating as unregulated M&A introducer. Deal threshold monitoring. No financial advice given.
AML
Compliant
EDD for deals >£1M. PEP screening via Companies House. MLRO function active.
KYC
Compliant
Director ID via CH API. Documents AES-256 encrypted. 5-year retention for AML obligations.
ICO
Action Required
Register at ico.org.uk (£40/yr). Privacy policy needed on site. Cookie consent banner required.
PECR
Compliant
Email consent tracked in outreach_log. Unsubscribe in all comms. Cookie banner — add before launch.
Compliance Event Log
AES-256-GCM

Encryption Layer

Military-grade. Runs entirely in browser via Web Crypto API — key never leaves client.

Key Generator & Crypto Tool
Encrypt / Decrypt
Hash a password:
Specification
Algorithm: AES-256-GCM (Authenticated Encryption)
Key Size: 256 bits / 32 bytes
IV: 96-bit random nonce per message
Auth Tag: 128-bit GCM tag (tamper detection)
Standard: FIPS 197 · NIST SP 800-38D
UK GDPR: Article 32 — appropriate technical measures
Key storage: Never persisted — export to Bitwarden/vault
JavaScript API (app.js):
Crypto256.generateKey()
Crypto256.exportKey(cryptoKey)
Crypto256.importKey(base64)
Crypto256.encrypt(plaintext, keyB64)
Crypto256.decrypt(cipherB64, keyB64)
Crypto256.hashPassword(pw, salt)
Monitoring

System Health

Live status checks for all edge functions, database latency, and service availability.

Click "Check All Services"
Performance

Stress Testing

Concurrent load test on DB and edge function throughput. Results saved to system_metrics.

Configure Test
Performance Targets
DB read latency <50ms
Edge function cold start <500ms
AI proxy rate limit: 20 req/min/user
Supabase free tier: 50,000 req/day
Twilio: pay-per-call (set budget alerts)
Anthropic: token billing (monitor usage)
Access Control

Users & Roles

Role hierarchy: superadmin → admin → analyst → viewer. Admin-api gate enforced.

Audit Trail

Audit Log

All agent actions, user events, and system operations. Append-only, RLS-protected.

Documentation

Knowledge Base

Glossary · platform reasoning · feature guide · agent directory — everything you need to operate Sovereign.