Trust Roster is a separate, manually-tagged pairing registry (distinct from the
GIAS-derived Trusts tab above) -- it lets a Central hub ask "who else is in my group" via
its own licence key. Create a roster trust below, then assign licence keys to it from the table.
Loading...
🔑 Issue new key
Max spoke schools this hub may aggregate. Leave 0 / blank for unlimited.
🔍 Verify key
Issued keys
Loading...
Loading...
UK Academy Trusts. Registered trusts have at least one Groundskeeper install
heartbeating in — Central means a non-revoked Central hub key is registered
against the trust, Community only means its schools run unlicensed/Community installs
with no Central hub yet (an upsell signal). Prospect trusts are known to the DfE GIAS
register but have no install yet — a target list for outreach, with the Group UID shown for
cross-reference. The Schools count lets you tell a single-academy trust (1) from a multi-school
MAT at a glance. Click a registered trust to see its schools in the Installs tab.
Loading...
Shows UK schools from the DfE GIAS register that have not yet installed Groundskeeper.
Use the CRM status and notes to track your outreach pipeline.
Importing...0%
Load GIAS data to see prospects.
Community feedback board moderation. Merge duplicate suggestions to combine their votes.
Promote high-value suggestions to a GitHub Issue in the public repo
(requires GITHUB_TOKEN Worker secret). Declined and merged suggestions are hidden from the public board.
0 selected
Loading...
💾 Data backup
Downloads a JSON backup of all critical D1 data: licences, installs, key requests, prospect CRM notes, and feedback suggestions.
Licences — all issued keys and revocation status
Installs — all heartbeating schools and CRM data
Key requests — full history including approved keys
Prospect notes — CRM status and notes per school
Feedback suggestions — community board data
🔒 Access & security
The admin panel is protected by a shared secret. Cloudflare Access (email OTP) is planned as an additional layer.
Current auth: shared EJJ_ADMIN_SECRET (Worker secret)
Planned: Cloudflare Access — email OTP for founders
Sessions: localStorage cached
GitHub Issues: GITHUB_TOKEN Worker secret required for promote feature
✉ Weekly digest
Sends the weekly ops digest email immediately. The scheduled cron runs automatically every Monday at 08:00 UTC.
Active installs, new this week, gone silent
Pending key requests & expiring licences
Multi-install flags with age
Version breakdown across active installs
✉ Test email deliverability
Sends a sample licence-key email (the real template, with a dummy key) to any address via Resend — the exact path Community keys use. Use it to check inbox-vs-spam placement, or to reproduce a “didn’t receive it” report from a specific tenant.
⚙ Community auto-issue
When ON, key requests from recognised school/MAT domains are minted and emailed instantly. When OFF, every request — school domains included — is held in the Key Requests queue for manual approval instead. A no-redeploy kill switch if auto-issue is ever abused. Consumer/webmail domains are always queued regardless of this setting.