Settings

Global policy changes, raw audit exports, provider credential changes, and destructive cross-user operations remain admin-only. Public commands, files, snapshots, validation, and provider checks are bounded and rate-limited.