AIOHM

Appearance

AIOHM Platform Feature Guide

This document reflects the live platform surface in AIOHM v2.4.8. It is based on the current Filament pages and resources, public and tenant routes, the canonical agent registry, and the 2.4.x changelog.

It replaces the older admin-only page map with a broader feature audit that covers tenant workspaces, tenant-admin controls, platform-admin operations, public routes, governance, and the active AI stack.

Platform Snapshot

  • AIOHM is a multi-tenant AI marketing platform built on Laravel 12, Filament 3.2, and stancl/tenancy.
  • Each brand runs in an isolated tenant context with dedicated database and tenant storage boundaries.
  • Muse is the primary orchestration layer and works with 18 canonical AI agents.
  • Core platform pillars are brand-aware AI, workflow automation, content operations, social publishing, analytics, RAG knowledge retrieval, approval governance, and super-admin observability.
  • Current release focus includes platform security hardening, vector knowledge operations, agent skill management, RAG cleanup, MCP hardening, and Muse diagnostics and operations surfaces.

Access Model

Brand Team Surfaces

These are the everyday pages used inside a tenant for planning, creating, publishing, and reviewing work.

  • Muse
  • Workflow Builder and Workflow Scheduling
  • WordPress Content and News
  • Content Creator, Content Library, Document Library, and Design Templates
  • Social Media Manager, Post Scheduler, Social Scheduler, and Social Analytics
  • AI Analytics
  • Brand Book

Tenant Admin Surfaces

These pages control provider setup, AI behavior, knowledge retrieval, and runtime tooling for a tenant.

  • Connections
  • AI Control Center
  • MCP Servers
  • Skill Browser
  • Skill Library
  • Agent Studio
  • Console
  • RAG Management

Platform / Agency Surfaces

These surfaces are restricted to platform operators and agency admins.

  • Brands & Clients home
  • Leads
  • Agency Dashboard
  • Platform Observability Dashboard
  • Ship Readiness
  • Agent Memory
  • Approvals, Rubrics, Security, Compliance, Activity, Credentials, Roles, and monitoring resources

Public and Commerce Surfaces

These routes exist outside the private admin workspace.

  • Public home and welcome pages
  • Public Muse Memory page
  • Public news feed
  • Affiliate and forum pages
  • Checkout flows
  • Public docs site

Core Feature Areas

Muse and Agent Orchestration

  • Muse (/muse) is the primary brand-aware workspace. It uses brand book data, goals, skills, approvals, and memory layers to answer, plan, and operate.
  • Muse includes recent conversations, session stats, uploads and attachments, recent chats, and memory-aware context loading.
  • Muse now also supports deterministic operator shortcuts added in 2.4.2: /ops, /map, /trace, /provider, /workflows, /run-workflow <id|name>, and /tasks.
  • Console (/console) is the AI console powered by AssistantDashboard, providing agent-driven execution and tool use.
  • Agent Studio (/ai-agents) is the management surface for registered specialist agents, replacing the legacy Agent Fleet page. It consolidates agent configuration, registry browsing, and assignment workflows.
  • Skill Browser (/skill-browser) exposes importable skill packs from external sources for discovery and onboarding.
  • Skill Library is the AgentSkillResource management surface for skills already onboarded into the platform, with CRUD, slug management, and agent assignment.

Agent Specialization & Cost Management (Path 4: Hybrid)

The Muse Lightweight Architecture (Phase 2-3) implements intelligent agent specialization and comprehensive cost management:

  • Per-Agent Model Specialization: Each specialist agent is configured with an optimized provider and model pair. For example:

    • SEO Agent uses Claude Opus for analytical depth
    • WordPress Agent uses GPT-4o for code generation capability
    • Social Agent uses GPT-4o for creative content
    • Analytics Agent uses Claude Opus for data interpretation
    • All others are configured based on domain-specific strength

  • Tenant-Aware Configuration: Tenants can override global agent specialization settings on a per-agent basis, allowing custom model selection while maintaining baseline defaults.

  • Cost Tracking Dashboard (/api/admin/agents/costs): Real-time cost visibility including:

    • Total cost per month by agent and provider
    • Token consumption tracking (input and output)
    • Execution status breakdown (success, timeout, errors)
    • Cost per provider comparison
    • Tenant-isolated reporting

  • Execution Logging & Observability: All agent operations are logged with:

    • Provider, model, token counts, duration, and status
    • Session ID and metadata for workflow tracking
    • Error messages and recovery attempts
    • Delegation events (when Muse routes to specialists)
    • Routing decision history with confidence scores

  • Performance Characteristics:

    • Agent config loading: <5ms (cached per request)
    • Cost calculation: <3ms per operation
    • Session state operations: <20ms per operation
    • Muse routing decisions: <40ms per decision
    • Batch cost logging: <50ms average per record

  • Multi-Tenant Isolation: Cost tracking, session state, and configuration are completely isolated per tenant with no cross-tenant data leakage.

  • Error Recovery & Retry Logic: Failed executions (timeouts, API errors) are tracked with full cost attribution and automatic retry support.

For complete architecture details, see Muse Lightweight Architecture Documentation.

Workflow Automation

  • Workflow Builder (/workflow-builder) provides the visual automation canvas for chaining agents, tools, and MCP-backed workflow nodes.
  • Workflow Scheduling (/workflow-sheduling) is the operations surface for running, monitoring, recovering, and removing scheduled automations.
  • Workflow Templates provide reusable campaign blueprints with category, visibility, pricing tier, tenant targeting, difficulty, setup time, required integrations, and expected outcomes.
  • Workflow execution is backed by a node handler registry, execution logging, and increasingly explicit operational controls.

Content Operations

  • Blog Posts is the WordPress content workspace for pages, posts, custom content, and connected WooCommerce-adjacent publishing flows.
  • News is the RSS/autoblog operator surface for fetched items, pipeline state, AI rewriting, and retry flows.
  • RSS Feeds is the tenant feed-management resource for source URLs, AI agent choice, feed testing, and feed lifecycle control.
  • Content Creator is the guided campaign-and-asset workflow for choosing goals, platforms, copy style, generation mode, and reviewing results.
  • Content Library is the AI-generated image gallery for campaign assets.
  • Document Library stores uploaded documents used as knowledge sources and content inputs.
  • Design Templates manages reusable image profiles and poster layouts, including brand-aware autofill from the Brand Book.
  • Content Templates exist as a resource but remain hidden from navigation while the route is not considered ready.

Social Publishing and Analysis

  • Social Media Manager is the main Postiz-connected hub for account sync, post creation, and calendar review.
  • Post Scheduler is the direct composer for creating, scheduling, and publishing content across connected channels.
  • Social Scheduler is the calendar timeline for scheduled content, connected accounts, and month-based review.
  • Social Analytics aggregates tenant Postiz connection state, channel mix, publishing volume, and any safely available numeric metrics.

Analytics and Reporting

  • AI Analytics (/ai-analytics) pulls a 7-day GA4 snapshot into AIOHM and pairs it with Analytics Agent interpretation.
  • Social Analytics adds a separate reporting surface specifically for Postiz-connected social accounts.
  • API Provider Monitoring tracks provider status, degraded states, failures, and failover recovery signals.
  • The platform also exposes broader observability through super-admin dashboards and resources.

Knowledge, Memory, and Retrieval

  • RAG Management (/rag-management) controls chunking, overlap, retrieval thresholds, provider choices, and coverage analytics for brand memory.
  • Knowledge Entries is the vector-entry management resource for the tenant knowledge base, with ops navigation actions for bulk operations.
  • Knowledge Graphs exists as an additional page under the knowledge resource surface.
  • MCP Servers manages Model Context Protocol server connections and runtime capability extension.
  • Agent Memory on the Learn Dashboard shows the facts, preferences, corrections, and learned patterns stored by the system.
  • Assistant Sessions gives agency admins a read-only audit surface for assistant session history (AssistantSessionResource, navigation label "Assistant Sessions").
  • Muse Drive Integration (optional): when enabled, Muse can sync brand bible, scratchpad, archive, RAG knowledge base, content drafts, and analytics insights folders to Google Drive via OAuth or service account.

Brand Intelligence

  • Brand Book is the structured brand-definition system covering story, voice, visuals, audience, goals, and sample content.
  • It supports website scanning, PDF export, Markdown export, and adding the brand book into the knowledge base.
  • Agent Customization gives tenant-level overrides for agent instructions, forbidden words, marketing mode triggers, and mode-specific behavior.

Governance, Safety, and Operations

  • Approvals gives platform admins a formal review queue for AI-generated work before publish or distribution.
  • Quality Rubrics define structured scoring criteria and weighted quality gates.
  • Ship Readiness provides a live health summary across checks, approvals, security findings, agent health, and workflow execution state.
  • Platform Observability Dashboard provides a cross-tenant operations view of task volume, failures, heartbeats, workflow runs, and security events.
  • Agency Dashboard summarizes approvals, GDPR, memory queues, knowledge state, monitoring, and security at agency level.
  • Security Events and the Security Audit Agent support incident review, isolation checks, secret scanning, OAuth health review, and approval-bypass monitoring.
  • Memory Write Queue tracks asynchronous memory writes and now uses Telegram Alerts instead of the removed Slack alert flow.
  • Platform Credentials centralizes encrypted credentials for external services.
  • GDPR Compliance surfaces compliance checks and failures.
  • Scheduled Tasks, Platform Activity Log, and Agent Observability provide operator-level execution visibility.
  • Muse Diagnostics and Muse Operations surfaces (Admin panel) provide cross-tenant Muse health, operation logs, and audit trails.
  • A Laravel Auditing foundation supports the platform audit trail.

Admin Navigation Map

Dashboard

  • Muse (/muse): the main workspace for brand-aware AI planning and execution.

Campaigns

  • Workflow Builder (/workflow-builder): visual automation designer with agent, tool, and MCP composition.
  • Workflow Scheduling (/workflow-sheduling): queue and schedule management for published automations.
  • Workflow Templates: reusable campaign and automation blueprints.

Content Studio

  • Blog Posts: WordPress content management and AI-assisted editing.
  • News (/news): RSS/autoblog processing and content review.
  • RSS Feeds: source configuration and feed-level controls.
  • Templates: content template resource, currently hidden from navigation.

Content Creator

  • Create Content (/content-creator): guided content and asset workflow.
  • Content Library: generated image and media library.
  • Design Templates: reusable poster and image profiles.
  • Document Library: uploaded document repository.
  • Brand Book: structured brand system.
  • Agent Customization: per-tenant agent behavior overrides.

Social Media

  • Social Media: connected account hub and publishing workflow entry point.
  • Post Scheduler: direct post composition and queueing.
  • Social Scheduler (/social-scheduler): scheduled-post calendar.

Analytics

  • AI Analytics (/ai-analytics): GA4 snapshot plus AI interpretation.
  • Social Analytics (/social-analytics): Postiz-oriented social reporting.

Knowledge Base

  • RAG Management (/rag-management): retrieval tuning and coverage analytics.
  • Knowledge Entries: vector-entry management.

Admin Settings

  • Connections: provider onboarding and live coverage.
  • AI Control Center: providers, profiles, runtime, usage, and customization.
  • MCP Servers: MCP connection management.
  • Console (/console): AI console.
  • Skill Browser (/skill-browser): skill discovery and import from external sources.
  • Skill Library: onboarded skill CRUD and agent assignment resource.
  • Agent Studio (/ai-agents): specialist agent management overview. The legacy Agent Fleet page (/legacy-ai-agents) is hidden from navigation.
  • Assistant Sessions: read-only session audit surface for agency access.

Super Admin Settings

  • Home: brands and tenant overview.
  • Leads: central lead reporting and export.
  • Agency Dashboard: agency-wide health surface.
  • Stats (/stats): platform observability dashboard.
  • Agent Memory: learned memory review surface.
  • Ship Readiness: release and runtime readiness dashboard.
  • Users: user management.
  • Clients: client CRM and health management.
  • Approvals: review queue.
  • Scheduled Tasks: heartbeat and recurring task monitoring.
  • Platform Activity Log: task and platform activity history.
  • Memory Write Queue: async memory pipeline monitoring.
  • Telegram Alerts: memory queue alert configuration.
  • Platform Credentials: central credential storage.
  • GDPR Compliance: compliance auditing.
  • Agent Observability: agent health and execution visibility.
  • Team Roles: platform role management.
  • Quality Rubrics: scoring criteria and review policy.
  • Security Events: security incident log.
  • API Provider Monitoring: provider health and failover state.
  • Muse Diagnostics: cross-tenant Muse health and diagnostic record viewer.
  • Muse Operations: cross-tenant Muse operation log and audit surface.
  • Affiliates, Commissions, and Payouts: affiliate and payout operations.
  • Tutorials: hidden development-stage resource.

AI Agent Fleet

The platform now uses a canonical registry of 18 agents.

AgentPrimary RoleMCP Access
Analytics AgentTraffic, conversions, reporting, insightsGoogle Analytics MCP
Booking AgentScheduling, appointments, calendarsNone
Entity Extraction AgentResearch, entity extraction, knowledge mappingKnowledgebase MCP Server
Facebook AgentFacebook publishing, page insights, campaign supportFacebook MCP Server
Knowledge Synthesis AgentSummaries, synthesis, research consolidationKnowledgebase MCP Server
Marketing AgentStrategy, copywriting, campaign planning, content creationPostiz MCP Server, Mautic MCP Server
Mautic AgentCRM, email campaigns, segmentation, lead nurturingMautic MCP Server
Mirror Mode AgentPublic-facing brand ambassador and supportKnowledgebase MCP Server
Muse AgentMaster orchestration, planning, delegation, platform operationsKnowledgebase MCP Server, WordPress MCP Server, Mautic MCP Server, Postiz MCP Server
Muse VS Code AgentDeveloper assistance and workspace actionsKnowledgebase MCP Server
Postiz AgentSocial scheduling and publishingPostiz MCP Server
RSS Autoblog AgentFeed processing, curation, and autobloggingWordPress MCP Server, SEO MCP Server
Rubric AgentQuality scoring and validationKnowledgebase MCP Server
SEO AgentKeyword research, content optimization, technical SEOSEO MCP Server
Security Audit AgentSecret scanning, isolation checks, approval and OAuth reviewSecurity MCP Server
Web Builder AgentFrontend generation, forms, and page buildingPlaywright MCP Server, Fetch MCP Server, File System MCP Server
WooCommerce AgentProducts, inventory, pricing, order workflowsWordPress MCP Server
WordPress AgentSite management and content publishingWordPress MCP Server

Resource Library

Tenant and Shared Resources

  • Workflow Templates: list, create, edit reusable workflow blueprints.
  • RSS Feeds: manage sources, validate feeds, pick processing agent, and queue fetches.
  • Design Templates (ImageStudioResource): manage image profiles, text design, dimensions, and brand-driven defaults.
  • Content Templates: resource exists but is intentionally hidden from navigation.
  • Knowledge Entries: manage vector-backed knowledge content with ops navigation actions.
  • Knowledge Graphs: additional knowledge visualization surface under the vector resource.
  • Skill Library (AgentSkillResource): onboarded agent skills with CRUD, slug management, and agent assignment.

Agency and Platform Resources

  • Users: platform user CRUD.
  • Clients: agency client records, health, and account status.
  • Approvals: review and decision queue for agent work.
  • Quality Rubrics: weighted scoring definitions and versioning.
  • Platform Credentials: central provider credential store.
  • GDPR Compliance: compliance check tracking.
  • Security Events: security incident log.
  • Agent Observability: health and execution monitoring.
  • Scheduled Tasks: recurring heartbeat monitoring.
  • Platform Activity Log: task activity and operational history.
  • Memory Write Queue: queue inspection and retry visibility.
  • Team Roles: role and permission structure.
  • Muse Diagnostics: Muse health diagnostics viewer (Admin panel, Muse group).
  • Muse Operations: Muse operation log and audit surface (Admin panel, Muse group).
  • Affiliates, Commissions, Payouts: affiliate operations.
  • Tutorials: hidden resource for guided UI walkthroughs.

Public, Tenant, and Commerce Routes

Tenant / Public Experience

  • / resolves to tenant-aware entry behavior.
  • /welcome serves the tenant-facing public landing page.
  • /muse-memory is the public M.U.S.E. memory feature page.
  • /public-news exposes the processed public news surface.
  • /forum and /forum/members provide community and forum access.
  • /affiliate, /affiliate/apply, and /affiliate/dashboard support affiliate workflows.
  • /support/tickets and ticket-detail routes expose support-ticket pages.

Authentication and Identity

  • /login, /register, and /logout are available in tenant and central flows.
  • Google auth flows include /auth/google/finish and related login and callback routes.
  • Central login finish is supported via /auth/central/finish.
  • GitHub Copilot OAuth routes are present for connect, callback, and disconnect.

Billing and Checkout

  • /checkout/monthly, /checkout/annual, and /checkout/whitelabel provide plan checkout surfaces.
  • PayPal variants exist for each main plan route.
  • Stripe remains the primary billing integration.

Documentation and Assets

  • /docs/{path} serves the public documentation site.
  • /gallery/{path} serves gallery assets.
  • Tenant asset and documentation serving routes are present for hosted delivery.

Integrations and Platform Guarantees

Connected Platforms

  • WordPress for publishing and site operations.
  • WooCommerce for product and commerce workflows.
  • Mautic for CRM, email marketing, and nurture automation.
  • Postiz for social scheduling, publishing, and analytics.
  • Facebook for page operations and campaign support.
  • Google Analytics for traffic and performance reporting.
  • Google OAuth for login and analytics setup.
  • Google Drive connect routes for document-related workflows.
  • Stripe and PayPal for billing.

AI Providers and Failsafe Behavior

  • Gemini, Groq, ShareAI, Ollama, OpenAI, Anthropic, OpenRouter, xAI (Grok), Mistral, DeepSeek, and VoyageAI (embeddings) are supported through the vizra-adk provider layer.
  • Provider failover was hardened in 2.4.2 so Muse can retry with a lighter model and then alternate provider paths.
  • .env keys now take priority over stale settings-table keys.

Multi-Tenancy and Isolation

  • Tenant initialization has been hardened across auth and session middleware.
  • Dedicated tenant databases and tenant storage boundaries remain a core platform contract.
  • Tenant impersonation routes exist for platform support flows.
  • Demo environments support controlled demo registration and demo data reset.

Recent Platform Changes

Unreleased — Security Hardening

  • Brand.data and MCPServer.metadata are now encrypted at rest. Two ordered migrations required: schema migration followed by idempotent backfill.
  • Webhook routes now require per-tenant secrets (T5). Rotate all webhook secrets after deploy using dev_docs/runbooks/Webhook_Secret_Rotation.md.
  • SSRF protection: all outbound HTTP fetches route through App\Support\OutboundUrl with redirect re-validation.
  • Subprocess hardening: mysql/mysqldump shell calls replaced with Symfony\Component\Process\Process array form.
  • Logging hygiene: DebugFileUploads no longer logs request headers or CSRF tokens.
  • Production .env requirements hardened: APP_DEBUG=false, SESSION_ENCRYPT=true, SESSION_SECURE_COOKIE=true.

Version 2.4.8

  • Agent Studio create panel now opens only via explicit Create Agent action.
  • Custom-agent delete action added for tenant-created agents with confirmation.
  • Agent Studio analytics hero now surfaces total and custom-agent counts.
  • Custom-agent persistence path hardened for tenant execution context.
  • AIAgents namespace resolution fixed for Agent Studio stats computation.
  • Production rollout and verification completed for both aiohm.org and aiohm.app.

Version 2.4.7

  • Vector Entries ops navigation actions added to the Knowledge Entries resource surface.
  • RAG cleanup and retrieval improvements.
  • Agent Skills resource (AgentSkillResource) added as Skill Library in Admin Settings with full CRUD and agent assignment.
  • MCP server handling hardened.
  • Trending skills support added to skill browser.
  • Upload pipeline bug fixes.
  • Agent Studio page (/ai-agents) added, replacing the legacy Agent Fleet surface.
  • Muse Diagnostics and Muse Operations resources added to the Admin panel under a dedicated Muse group.

Version 2.4.6

  • Admin surface UI refresh across multiple pages and resources.
  • Tenant error masking improvements and safer error propagation.
  • Platform integrations hardened across WordPress, Mautic, and social provider connections.
  • Muse tooling and prompt handling refresh.

Version 2.4.5

  • Tenant Muse metrics tables added and stabilized.
  • WordPress connection logging improved with redaction of hidden/sensitive keys.
  • Connection handling bug fixes.

Version 2.4.4

  • Platform security hardening checkpoint.
  • Muse and connection handling fixes.
  • Extended provider support: OpenRouter, xAI (Grok), Mistral, DeepSeek, and VoyageAI added to the vizra-adk provider layer.

Version 2.4.3

  • Added the audit trail foundation with Laravel Auditing integration.
  • Hardened tenant initialization and isolation across shared middleware flows.
  • Added social visual text test coverage and refreshed public homepage copy.
  • Strengthened release deploy validation so bundled docs must exist before sync.

Version 2.4.2

  • Added provider failover improvements in Muse Mode.
  • Added deterministic Muse ops commands.
  • Refreshed admin surfaces across AI, social, analytics, workflow, and news pages.
  • Replaced Slack-based memory queue alerts with Telegram alert configuration.
  • Unified super-admin visual shells and hero layouts.

Version 2.4.1

  • Introduced the central Agent Registry with 18 canonical agents.
  • Added workflow node handler registry coverage for existing node types.
  • Added eval gates, ship readiness, observability, and learn-dashboard style memory review surfaces.
  • Added the Security Audit Agent and persisted security reporting.

Hidden or Conditional Surfaces

  • Content Templates are intentionally hidden from navigation while their route is not considered ready.
  • Tutorials are hidden from navigation and limited to specific high-access users.
  • Assistant Sessions are restricted to agency-level access.
  • Legacy Agent Fleet (/legacy-ai-agents) is registered but hidden from navigation; the /ai-agents slot is now occupied by Agent Studio.
  • Agent Customization (AgentCustomizationSettings) has $shouldRegisterNavigation = false and is accessed via a linked action rather than direct nav.
  • Most super-admin pages and resources are gated behind agency and platform access checks.
  • Demo registration is only enabled on demo hosts.
  • /demo/reset-data exists as a demo-environment utility route.

If you want to understand the platform quickly, use this path:

  1. Start with Muse, Brand Book, and Connections.
  2. Move to Workflow Builder, Workflow Scheduling, and Workflow Templates.
  3. Review Content Creator, WordPress Content, News, and Social Media Manager.
  4. Audit AI Analytics, Social Analytics, and RAG Management.
  5. Finish with Agency Dashboard, Ship Readiness, Platform Observability, and the super-admin governance resources.