Settings & Filters
Show
Sort
Categories
No categories yet.
App
Account
⚠ Session expired Your login has timed out. Refresh the page to log in again.
Notifications
No notifications yet.

Sync

Appearance

Admin

Change your password

You'll be signed out after the change and need to sign in with the new password.

Loading device status...

No Dante devices loaded. Click Refresh.
Select a transmitter and/or receiver above to view crosspoints.
RX ↓ / TX →
Connected   No signal   Click a cell to make/clear a crosspoint.
Users

Single source of truth for everyone with dashboard access. Email controls assignee mapping for the email-to-task feature (configure under System → Email-to-Task). Role controls dashboard access; LANCE tier controls the access level baked into the user's downloadable LANCE skill. Click on a row to expand ntfy notification settings.

Changing a user's LANCE tier? Tell them to re-download their LANCE skill (Profile menu → Download LANCE skill). Each user's skill carries a per-user API key minted at download time with their tier baked in — updating their tier here only takes effect on their next skill download. Their old skill keeps working with the old tier until then.

User Email Dashboard Tasks Lance Rock MFA ntfy topic Actions
Add user
Per-User Overrides — Tier T ()
Permission Matrix — 13 categories × 7 tiers, shipped defaults + admin overrides

Each cell shows the effective effect for that tier × category. Click to change. Modified cells are highlighted — click to revert to shipped default. Per-user overrides (set in the Users tab) take precedence over this matrix. Effects: deny, R-self read self only, R-grp group-scoped, R-min ministry-scoped, R-summary aggregates only, R unrestricted read, R/W-min ministry-scoped write, R/W full.

Category T0 Guest T1 Self T2 Volunteer T3 Min-staff T4 Staff T5 Ops T6 Admin
active override(s) · Changes take effect immediately for new requests; cached auth contexts refresh within ~5 min.
Matrix Change History — audit log of cell edits
WhenWhoCellWasNowReason
TimeRoleEndpointParamsResult
No write operations logged yet.
Ntfy Notification Topic
Alert Rules
No alert rules configured.
Add Rule
Alert History
No alerts sent yet.
Search Results
Select a file from the tree to view its contents.
Register New Tablet
Loading...
Adjustments —
Frontline Order (stage right → stage left)
No frontline order set yet. IEM 1-6 will be unassigned.
IEM 7 (flex slot)
Absences ()
Substitutes ()
none
IEM 1-12 Assignment
#PersonPositionStatus
Click a row to see the suggested mix for that IEM.
Suggested mix for IEM () — source:
ChannelLevel (dB)Send OnSource notes
IEM Mix Defaults (from dLive)

Read the current send levels for IEMs 1-12 off the dLive (TCP MIDI, read-only) and save each as the position default. Used as the starting mix for any volunteer who doesn\'t have a learned profile yet. Set the levels you want on the console, then click below.

Aux-channel map not configured yet.
IEMLabelLast CapturedChannels
Last Cron Runs
Thursday Flow (channel names)
Sunday Capture (post-service)
Learning Progress
Per-person × position. Default: N=0, mix is the position default. Blend: 1-2 samples, profile blended with default. EMA: 3+ samples, profile-only.
Thursday Job — dLive Channel Names
Pushes first names to channels 33–38 (from IEM 1–6 assignments) and channel 39 (Sermon speaker, fallback “Pastor”). Channel 40 is left untouched. Unassigned vocal slots become WLS0N.
Automation: Thu 10pm / Fri 10pm retry · PAUSED · Active
Paused at — ""
ChNameSource
Capture & Apply
Baseline is typically captured Thursday (last office day before Sunday) and the post-service capture runs Sunday ~1 pm, but both can be triggered manually here. Post-service capture updates EMA profiles for assigned musicians; samples with ≤1 channel changes vs baseline are preserved but do NOT update the EMA (musician absent / disengaged). Apply is coming in the next deploy.
Apply to dLive:

          
Auto-refreshes every 8s while tab is open
Pending requests
Recent decisions
💬 Ask LANCE
📄 Drop to turn this document into a project
LANCE is working…
SMTWTFS
Show

Categories
No categories yet — add one below.
View mode

Saved views

📁 Projects
All Projects
📌 General
🗂 Hidden
No LEFC Projects yet.
Click "+ New" to add one.
📋 All Tasks 📌 General
Task actions
People & visibility
Assigned:
Visible to:
Watchers:
Comments

PROJECT
Due:
·
Comments ()
👥 People & Visibility
Owner:
Assigned: unassigned
Watchers: none
🔒 Visible to: ⚠ everyone (no restriction)
👁 You: Watching this task Not watching
Photos / attachments ()
🔗 Linked documents ()
SharePoint, OneDrive, or any URL. Opens in a new tab with your own M365 auth — the destination enforces who can read it.
🔗 Linked tasks ()
⚙ Other settings
Off: dates are day-only. On: schedule modal lets you pick exact times, calendar shows them on chips.
📤 Share this task

Generate a public link a volunteer can use to view + complete this task. No login required. Useful for one-off help.


History ()
↳ Subtask of
Sub-tasks () · open across subtree
📅 Schedule
↻ Next occurrence auto-creates on complete.
Off: dates are day-only. On: schedule modal lets you pick exact times, calendar shows them on chips.
📄
Download
Loading…
Capability Gates

Time-boxed safety catches for powerful operations. Arm a normally-closed capability to use it briefly; Disable a normally-open connection for maintenance. Every change needs your personal PIN and auto-reverts when its timer runs out. This is an extra layer on top of normal permissions — it never grants new access.

You haven’t set a gate PIN yet — required before you can operate any gate.
CapabilityStateDefaultActive windowActions
Recent gate activity
No activity recorded yet.
WhenEventGateByDetail
API Version
Device Routers
KB Files
Active Sessions
Audit Entries
Tasks store health

Live state of the SQLite-backed tasks store at /opt/lefcav-api/tasks.db. Refreshed via the Refresh button above. See 04-diagnostics/tasks-sqlite-migration-plan.md for design.

Tasks total
Open
In progress
Completed
Cancelled
Audit entries
DB file size
Last write
Last backup
Backups retained
at /opt/lefcav-api/state/tasks-backups/
LANCE assistant activity

Every chat request through the Tasks-page assistant — who asked, what LANCE did, and its reply.

No assistant activity recorded yet.
When User Request Actions (tools) Reply
Email-to-Task

Polls an IMAP mailbox every 5 minutes; converts unread mail into tasks. Subject → title; body → description; sender email → matched against user emails (Users tab) for assignee mapping. Status: .

Email (SMTP outbound)

Used to send MFA codes, password-reset emails, and notifications. Status: . For Gmail, host is smtp.gmail.com and port 587; password is a 16-char app password (not your account password).

Send test email
API Keys
RoleKey (masked)LengthActions
Service Windows (Write Lockout for Exec)
Disk Usage
Total:
Used:
Free:
Usage:
Dante Discovery
Status:
Devices:
Service
Started:
Anthropic API Key (Voice Assistant)
Current key: ( chars) Not configured — Voice assistant will not work.
Guest voice assistant: https://10.1.24.107:8080/guest/
Planning Center Online (Services + People)
Not configured — LANCE cannot query Planning Center. Services and People endpoints will return 503.
Generate PAT: api.planningcenteronline.com/oauth/applicationsDeveloper ToolsPersonal Access Tokens. Scope: Services + People.
Microsoft Graph (M365) — Admin-only integration
Not configured — Graph-backed features (tasks mailbox, room calendars) inactive.
App registration: entra.microsoft.comApp registrations. Needs application permissions (Mail.Read, Mail.Send, Calendars.Read) with admin consent, scoped by an Exchange application access policy. Admin-only by policy — no Staff/Exec exposure, ever.
PCO OAuth Connection (for attachment downloads)

The PAT (above) handles all JSON metadata. But downloading attachment files (stage plots, MP3s, PDFs) requires an OAuth2 access token. Register a new OAuth app at api.planningcenteronline.com/oauth/applications, set the redirect URI to https://lefc-api.taild0b628.ts.net/api/pco/oauth/callback, paste the Client ID + Secret below, then click Connect.

Client ID: · Secret:
Redirect URI:
Spotify Web API (LEFC Worship account)

Lets LANCE see what's playing in the Crossover room — track, current device, in-app volume. Register a Spotify Developer App at developer.spotify.com/dashboard, set the redirect URI to , paste the Client ID + Secret below, then click Connect. Required scope: user-read-playback-state.

Client ID: · Secret:
Redirect URI:
Scopes:
Backup & Export

Download a JSON backup of dashboard configuration (passwords metadata, service windows, alert rules). Does not include API keys or plaintext passwords.

PCO Service-Type Owners

Designate one dashboard user as the owner of each PCO service type. When a Staff or Exec user (other than the owner) attempts a PCO write that affects the service type, the confirmation challenge gets an extra warning: "⚠️ This service type is owned by X, are you sure?" Admins always pass through with the standard challenge. Storage: /opt/lefcav-api/pco-service-type-owners.json.

Service Type Owner Contact Email Notes Updated Actions
Challenge preview
Service type:
You (actor): — role
Owner:
You are owner?
Gate:
Enrichment reason:
navigate open esc close ? all shortcuts ctrl+k to open from anywhere