---
name: Control Center Context
description: Stack, security rules, and responsibilities for the Halo Bestie internal control center
type: project
---

React + Vite SPA — internal management tool. **Never expose to public internet.**

**Stack:** React, Vite, Firebase Auth (admin role required)

**API:** Calls internal Fastify listener only (`/internal/` routes, port 3001). Accessed via VPN or private network. Domain: `internal.halobestie.com`.

**Security:**
- Network-level protection: Nginx `allow 10.0.0.0/8; deny all`
- Every API call requires `role: admin` verified server-side
- Do not add any public-facing routes or features here

**Responsibilities:** Approve/manage mitra accounts, platform config, session/payment monitoring, mitra-client escalation management, trial period configuration.

**Why:** Network-level blocking means even an auth bug cannot expose internal routes to the internet.