Replace the flat explorer_role model with a group + capability RBAC layer (grew out of PAR-44).
Done & pushed on develop:
economy-schema V10 (2e113e3): explorer_group / explorer_group_capability / explorer_group_member (member source = manual|luckperms).economy-explorer (daffecc): getViewer().capabilities = union(group caps, legacy role→caps); viewer.role derived from capabilities (existing gates unchanged); isStaff = hasCapability('staff.audit'); /admin/groups + /admin/groups/[groupId] admin tool (create/delete groups, attach capabilities, set LuckPerms source node, manage manual members) with server actions + auditView.Capability vocabulary: admin, staff.audit, government. Legacy explorer_role kept as a capability source for backward compat.
Verification: typecheck + lint + 56 unit tests green; integration findCapabilities test runs in CI. Pairs with the reconciliation cron task.