observal-admin

# Observal Admin Operations All commands require the `admin` role. Enterprise-only commands (SAML, SCIM, audit-log) require enterprise mode. ## Critical Rules 1. **EXECUTE commands**: run them in your shell. Set timeout to 60 seconds. 2. **Pass `--output json`** on list/show commands. 3. **Pass `--yes` or `--force`** on destructive commands. 4. **If 403 is returned**, confirm role with `observal auth whoami --output json`. --- ## Procedure: Settings & Diagnostics ```bash observal admin settings --output json observal admin set KEY VALUE observal admin diagnostics --output json observal admin trace-privacy observal admin trace-privacy-set true observal admin cache-clear ``` --- ## Procedure: User Management ```bash observal admin users --output json observal admin create-user EMAIL NAME --role user --output json observal admin reset-password EMAIL --generate observal admin set-role EMAIL admin observal admin delete-user EMAIL --force ``` --- ## Procedure: Review Queue ```bash observal admin review list --output json observal admin review list --type mcp --output json observal admin review show REVIEW_ID --output json observal admin review approve REVIEW_ID observal admin review approve REVIEW_ID --agent observal admin review reject REVIEW_ID --reason 'Not reproducible' ``` `--agent` and `--bundle` disambiguate when an ID could refer to multiple entity types. --- ## Procedure: Security & Audit ```bash observal admin security-events --limit 50 --output json obser...