{"enforced":false,"ready_to_enforce":false,"active_admins":0,"admins_with_project_access":0,"checks":{"active_admin_exists":false,"admin_has_project_access":false,"strong_session_secret":false,"enforcement_flag_set":false},"rollout_steps":["Create at least one active admin user with access to the required project.","Set a strong GURU_ADMIN_SESSION_SECRET with at least 24 characters.","Test /admin/login with that user before enabling enforcement.","Set GURU_ADMIN_AUTH_ENFORCE=1 in the service environment.","Restart web service and verify unauthenticated /admin redirects to /admin/login.","Login and verify project dashboard access plus forbidden access to unassigned projects."]}