Admin access blocked
Management backend is private
Admin pages are private by default. Configure ADMIN_PAGE_ACCESS_CONTROL behind OIDC/IAM, a trusted gateway, VPN, IP allowlist, or private network before exposing /admin.
- Declared control
- not configured
- Missing
- ADMIN_PAGE_ACCESS_CONTROL
`ADMIN_API_TOKEN` is still only a local/staging API smoke fallback. Do not use it as public production admin page authentication.