Built for MSPs managing multiple customer environments
Osinet Command is a multi-tenant dashboard that brings together security posture, backup health, endpoint protection, and identity monitoring for every customer in an MSP portfolio.
MSP Portfolio Overview
The all-customers view gives owners and admins a real-time aggregate of every customer in the portfolio. Product cards show health scores and open incident counts for each connected vendor. Severity totals, 7-day incident trends, and backup success rate are computed across all customers.
- Per-connector product cards with health scores
- 7-day incident trend chart
- Backup success rate (Acronis posture batch)
- Customers at risk KPI, critical findings KPI
- Smart insights from M365 and Acronis data
Per-Customer Detail View
Selecting a customer reveals a focused multi-module layout: identity posture from Microsoft 365, backup status from Acronis, endpoint protection from ESET and SentinelOne, and network/email security from Check Point and FortiGate. Each module is backed by a typed connector registry that controls visibility.
- Security score (0–100) with health bar
- MFA coverage, risky users, Conditional Access
- Backup posture, failed jobs, last successful backup
- Endpoint agent count, active threats, AV protection
- Email security events, quarantine count
Dashboard cards follow connector availability
Every dashboard card is backed by a typed module registry that maps connector vendors to dashboard data units. When a connector is not enabled for the org, its cards are hidden automatically — no empty tiles shown for tools a customer does not use. Adding a new connector requires no changes to the dashboard layout.
Role-based access control
Every API route and page enforces capability-based access. Roles range from Owner (full access) to Customer Viewer (read-only, scoped to assigned customers).
Full platform access including billing, user management, and all connector setup.
All connector and customer operations; cannot manage billing or other admins.
Read access to all customers and connectors; cannot change configuration.
Read-only access scoped to explicitly assigned customers only.
Customer visibility scoping
The customer_viewer role restricts users to a specific set of assigned customers. Enforcement happens at three layers:
- 1.Page layer —
canSeeCustomer()filters the customer list before any data is fetched - 2.API layer — snapshot GET routes check customer assignment before returning data
- 3.Supabase layer —
member_customer_accesstable persists assignments; survives cold restarts
Customer assignments are set at invite time or edited post-registration via the user management page. Assignments are preserved on invite resend and carried through SSO registration.
SaaS billing foundation
Billing plan and subscription tables are in place (Supabase). Six plan tiers are seeded: internal, pilot, starter,growth, pro, enterprise. Feature key registry and per-tenant subscription lookup are implemented. Stripe checkout is not yet wired — billing enforcement is soft by design during early access.
Six seeded plans from pilot to enterprise with feature keys and limits.
Per-tenant subscription row in Supabase with plan, status, and period dates.
Missing subscription row defaults to pilot access — no lockout during early access.
Schema accepts stripe_customer_id and stripe_subscription_id; checkout not yet wired.
What is coming next
The items below are planned but not yet implemented in production.