diff --git a/CHANGELOG.md b/CHANGELOG.md
index dc2dcc2..bf2e90e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,49 @@ Versioning follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
 
+## [0.10.0] — 2026-03-16
 
+### Added
+
+**Space Management & Configuration** ([Issue #45](https://github.com/byte5digital/numen/issues/45))
+
+Multi-tenant space management enabling isolated configurations, settings, and API credentials per space. Each space is a completely isolated instance with separate content, personas, pipelines, users, and API configurations.
+
+**Features:**
+- **Multi-tenancy:** Each space is a standalone instance with complete data isolation
+- **Encrypted API config:** Store provider credentials (API keys, tokens) per-space with transparent encryption at rest using Laravel's `Crypt` facade
+- **Space switching:** Admins can switch between spaces from the admin navigation bar; current space is tracked via `X-Space-Id` header in admin requests
+- **Request-scoped space:** `ResolveCurrentSpace` middleware automatically determines active space from header (admins) or defaults to first/primary space (normal users)
+- **Data isolation:** All content, briefs, pipelines, personas, webhooks, and settings queries automatically scope to the current space
+- **Robust deletion:** Prevents deletion of the last space (blocking at DB level); uses database transactions + `lockForUpdate()` to prevent TOCTOU race conditions
+- **Admin UI:** Full CRUD interface at `/admin/spaces` with Create, Read, Update, Delete operations
+- **Security hardening:** `EnsureUserIsAdmin` middleware guards all `/admin/*` routes unconditionally; API config values are masked in edit forms (decrypted only on write)
+
+**Migration:**
+- New `spaces` table with ULID primary key, name, slug, description, default_locale, settings (JSON), api_config (encrypted), created_at, updated_at
+- All tenant-scoped tables (content, personas, pipelines, etc.) have `space_id` foreign key
+
+**Admin Routes:**
+- `GET /admin/spaces` — List all spaces
+- `GET /admin/spaces/create` — Show create form
+- `POST /admin/spaces` — Store new space
+- `GET /admin/spaces/{space}/edit` — Show edit form
+- `PATCH /admin/spaces/{space}` — Update space
+- `DELETE /admin/spaces/{space}` — Delete space (blocked if only one exists)
+- `POST /admin/spaces/switch` — Switch current space (header-based)
+
+**Environment variables:**
+- `SPACE_DEFAULT_LOCALE` — Default locale for new spaces (default: `en`)
+
+**Security notes:**
+- API config encrypted at rest; decryption happens only in accessor, never exposed in API responses
+- `X-Space-Id` header is admin-only; normal users cannot override their assigned space
+- Null space detection in middleware aborts with HTTP 503 (Service Unavailable)
+- Delete-last-space prevention uses database-level locking to prevent race conditions
+
+**Breaking changes:** None.
+
+---
 ## [0.9.0] — 2026-03-15
 
 ### Added
diff --git a/README.md b/README.md
index da1ced5..60b004c 100644
--- a/README.md
+++ b/README.md
@@ -99,6 +99,16 @@ Manage webhook endpoints and event subscriptions directly from the admin panel (
 ### Plugin & Extension System
 First-class plugin architecture. Extend pipelines, register custom LLM providers, add admin UI, and react to content events — all from a self-contained plugin package.
 
+### Space Management & Configuration
+**New in v0.10.0.** Multi-tenant space management with isolated configurations, settings, and API credentials per space.
+- **Multi-tenancy:** Each space is a separate instance with its own content, personas, pipelines, and users
+- **Encrypted API config:** Store provider credentials (API keys) per-space with transparent encryption at rest
+- **Space switching:** Admins can switch between spaces from the admin nav; sessions are scoped to the current space
+- **Isolated data:** Content, briefs, pipelines, and users belong to a single space; queries automatically filter by the active space
+- **Robust deletion:** Cannot delete the last space; uses database transactions + row-level locks to prevent TOCTOU race conditions
+- **Admin UI:** Full CRUD interface at `/admin/spaces` for managing spaces, their settings, and configurations
+- **Middleware hardening:** `EnsureUserIsAdmin` guards all `/admin/*` routes; `ResolveCurrentSpace` enforces space isolation in requests
+
 ### Plugin & Extension System
 First-class plugin architecture. Extend pipelines, register custom LLM providers, add admin UI, and react to content events — all from a self-contained plugin package.
 
diff --git a/app/Http/Controllers/Admin/BriefAdminController.php b/app/Http/Controllers/Admin/BriefAdminController.php
index 6152417..52acdaa 100644
--- a/app/Http/Controllers/Admin/BriefAdminController.php
+++ b/app/Http/Controllers/Admin/BriefAdminController.php
@@ -7,7 +7,6 @@
 use App\Models\ContentPipeline;
 use App\Models\ContentType;
 use App\Models\Persona;
-use App\Models\Space;
 use App\Pipelines\PipelineExecutor;
 use Illuminate\Http\Request;
 use Inertia\Inertia;
@@ -25,9 +24,9 @@ public function index()
         ]);
     }
 
-    public function create()
+    public function create(\Illuminate\Http\Request $request)
     {
-        $space = Space::first();
+        $space = $request->space();
 
         return Inertia::render('Briefs/Create', [
             'contentTypes' => ContentType::where('space_id', $space?->id)->get(['name', 'slug']),
diff --git a/app/Http/Controllers/Admin/DashboardController.php b/app/Http/Controllers/Admin/DashboardController.php
index 03f470a..af10ee3 100644
--- a/app/Http/Controllers/Admin/DashboardController.php
+++ b/app/Http/Controllers/Admin/DashboardController.php
@@ -5,7 +5,6 @@
 use App\Http\Controllers\Controller;
 use App\Models\Content;
 use App\Models\PipelineRun;
-use App\Models\Space;
 use App\Services\AI\Providers\AnthropicProvider;
 use App\Services\AI\Providers\AzureOpenAIProvider;
 use App\Services\AI\Providers\OpenAIProvider;
@@ -19,6 +18,7 @@ public function index(
         AnthropicProvider $anthropic,
         OpenAIProvider $openai,
         AzureOpenAIProvider $azure,
+        \Illuminate\Http\Request $request,
     ) {
         $defaultProvider = config('numen.default_provider', 'anthropic');
         $fallbackChain = config('numen.fallback_chain', ['anthropic', 'openai', 'azure']);
@@ -90,7 +90,7 @@ public function index(
             'costToday' => $costTracker->getDailySpend(),
             'providers' => $providers,
             'fallbackChain' => $fallbackChain,
-            'defaultSpaceId' => (Space::first() !== null ? Space::first()->id : ''),
+            'defaultSpaceId' => ($request->space() !== null ? $request->space()->id : ''),
         ]);
     }
 }
diff --git a/app/Http/Controllers/Admin/GraphController.php b/app/Http/Controllers/Admin/GraphController.php
index 9d59bb3..1560fd7 100644
--- a/app/Http/Controllers/Admin/GraphController.php
+++ b/app/Http/Controllers/Admin/GraphController.php
@@ -4,14 +4,15 @@
 
 use App\Http\Controllers\Controller;
 use App\Models\Space;
+use Illuminate\Http\Request;
 use Inertia\Inertia;
 
 class GraphController extends Controller
 {
-    public function index(): \Inertia\Response
+    public function index(Request $request): \Inertia\Response
     {
         /** @var Space|null $firstSpace */
-        $firstSpace = Space::first();
+        $firstSpace = $request->space();
         $spaceId = $firstSpace !== null ? $firstSpace->id : '';
 
         return Inertia::render('Graph/Index', [
diff --git a/app/Http/Controllers/Admin/LocaleAdminController.php b/app/Http/Controllers/Admin/LocaleAdminController.php
index 7deb66c..e8ff56e 100644
--- a/app/Http/Controllers/Admin/LocaleAdminController.php
+++ b/app/Http/Controllers/Admin/LocaleAdminController.php
@@ -3,8 +3,8 @@
 namespace App\Http\Controllers\Admin;
 
 use App\Http\Controllers\Controller;
-use App\Models\Space;
 use App\Services\LocaleService;
+use Illuminate\Http\Request;
 use Inertia\Inertia;
 use Inertia\Response;
 
@@ -12,9 +12,9 @@ class LocaleAdminController extends Controller
 {
     public function __construct(private readonly LocaleService $localeService) {}
 
-    public function index(): Response
+    public function index(Request $request): Response
     {
-        $space = Space::first();
+        $space = $request->space();
         $locales = $space ? $this->localeService->getLocalesForSpace($space) : collect();
 
         $supportedRaw = $this->localeService->getSupportedLocales();
diff --git a/app/Http/Controllers/Admin/PageAdminController.php b/app/Http/Controllers/Admin/PageAdminController.php
index 476d7f3..5c7fb87 100644
--- a/app/Http/Controllers/Admin/PageAdminController.php
+++ b/app/Http/Controllers/Admin/PageAdminController.php
@@ -7,7 +7,6 @@
 use App\Models\ContentPipeline;
 use App\Models\Page;
 use App\Models\PageComponent;
-use App\Models\Space;
 use App\Pipelines\PipelineExecutor;
 use Illuminate\Http\Request;
 use Inertia\Inertia;
@@ -136,7 +135,7 @@ public function generateComponent(Request $request, string $id, string $componen
     {
         $component = PageComponent::where('page_id', $id)->findOrFail($componentId);
         $page = $component->page;
-        $space = Space::first();
+        $space = $request->space();
 
         $validated = $request->validate([
             'brief_description' => 'required|string|max:2000',
diff --git a/app/Http/Controllers/Admin/SpaceAdminController.php b/app/Http/Controllers/Admin/SpaceAdminController.php
new file mode 100644
index 0000000..2c6e4be
--- /dev/null
+++ b/app/Http/Controllers/Admin/SpaceAdminController.php
@@ -0,0 +1,146 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Http\Controllers\Controller;
+use App\Models\Space;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Validation\Rule;
+use Inertia\Inertia;
+use Inertia\Response;
+
+class SpaceAdminController extends Controller
+{
+    /**
+     * List all spaces, marking the current active space.
+     */
+    public function index(Request $request): Response
+    {
+        $currentSpace = $request->attributes->get('space');
+
+        $spaces = Space::orderBy('created_at', 'asc')
+            ->get()
+            ->map(fn (Space $space) => [
+                'id' => $space->id,
+                'name' => $space->name,
+                'slug' => $space->slug,
+                'description' => $space->description,
+                'default_locale' => $space->default_locale,
+                'created_at' => $space->created_at->toIso8601String(),
+                'is_current' => $currentSpace && $currentSpace->id === $space->id,
+            ]);
+
+        return Inertia::render('Admin/Spaces/Index', [
+            'spaces' => $spaces,
+        ]);
+    }
+
+    /**
+     * Show the form for creating a new space.
+     */
+    public function create(): Response
+    {
+        return Inertia::render('Admin/Spaces/Create');
+    }
+
+    /**
+     * Store a newly created space.
+     */
+    public function store(Request $request): RedirectResponse
+    {
+        $validated = $request->validate([
+            'name' => ['required', 'string', 'max:255'],
+            'slug' => ['required', 'string', 'max:255', 'alpha_dash', Rule::unique('spaces', 'slug')],
+            'description' => ['nullable', 'string', 'max:1000'],
+            'default_locale' => ['required', 'string', 'max:10'],
+        ]);
+
+        Space::create($validated);
+
+        return redirect()->route('admin.spaces.index')
+            ->with('success', 'Space created successfully.');
+    }
+
+    /**
+     * Show the form for editing the specified space.
+     *
+     * api_config values are masked (keys preserved, values replaced with '***')
+     * to prevent sensitive credentials from being exposed to the browser.
+     */
+    public function edit(Space $space): Response
+    {
+        $apiConfig = $space->api_config;
+        $maskedApiConfig = null;
+
+        if (is_array($apiConfig)) {
+            $maskedApiConfig = array_map(fn () => '***', $apiConfig);
+        }
+
+        return Inertia::render('Admin/Spaces/Edit', [
+            'space' => [
+                'id' => $space->id,
+                'name' => $space->name,
+                'slug' => $space->slug,
+                'description' => $space->description,
+                'default_locale' => $space->default_locale,
+                'settings' => $space->settings,
+                'api_config' => $maskedApiConfig,
+            ],
+        ]);
+    }
+
+    /**
+     * Update the specified space.
+     */
+    public function update(Request $request, Space $space): RedirectResponse
+    {
+        $validated = $request->validate([
+            'name' => ['required', 'string', 'max:255'],
+            'slug' => ['required', 'string', 'max:255', 'alpha_dash', Rule::unique('spaces', 'slug')->ignore($space->id)],
+            'description' => ['nullable', 'string', 'max:1000'],
+            'default_locale' => ['required', 'string', 'max:10'],
+            'settings' => ['nullable', 'array'],
+            'api_config' => ['nullable', 'array'],
+        ]);
+
+        // If api_config was submitted as all-masked values (all '***'), don't overwrite stored secrets
+        if (isset($validated['api_config']) && is_array($validated['api_config'])) {
+            $allMasked = collect($validated['api_config'])->every(fn ($v) => $v === '***');
+            if ($allMasked) {
+                unset($validated['api_config']);
+            }
+        }
+
+        $space->update($validated);
+
+        return redirect()->route('admin.spaces.index')
+            ->with('success', 'Space updated successfully.');
+    }
+
+    /**
+     * Delete the specified space, blocking if it is the last one.
+     * Uses a database transaction with a row lock to prevent TOCTOU race conditions.
+     */
+    public function destroy(string $id): RedirectResponse
+    {
+        $earlyReturn = null;
+
+        DB::transaction(function () use ($id, &$earlyReturn): void {
+            $space = Space::lockForUpdate()->findOrFail($id);
+
+            if (Space::count() <= 1) {
+                $earlyReturn = redirect()->route('admin.spaces.index')
+                    ->with('error', 'Cannot delete the last space.');
+
+                return;
+            }
+
+            $space->delete();
+        });
+
+        return $earlyReturn ?? redirect()->route('admin.spaces.index')
+            ->with('success', 'Space deleted successfully.');
+    }
+}
diff --git a/app/Http/Controllers/Admin/SpaceSwitcherController.php b/app/Http/Controllers/Admin/SpaceSwitcherController.php
new file mode 100644
index 0000000..2e9416f
--- /dev/null
+++ b/app/Http/Controllers/Admin/SpaceSwitcherController.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Http\Controllers\Admin;
+
+use App\Http\Controllers\Controller;
+use App\Models\Space;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+
+class SpaceSwitcherController extends Controller
+{
+    /**
+     * Switch the active space for the current session.
+     */
+    public function store(Request $request): RedirectResponse
+    {
+        $validated = $request->validate([
+            'space_id' => ['required', 'string', 'exists:spaces,id'],
+        ]);
+
+        session(['current_space_id' => $validated['space_id']]);
+
+        return redirect()->back();
+    }
+}
diff --git a/app/Http/Controllers/Admin/TaxonomyAdminController.php b/app/Http/Controllers/Admin/TaxonomyAdminController.php
index 0c17755..699936b 100644
--- a/app/Http/Controllers/Admin/TaxonomyAdminController.php
+++ b/app/Http/Controllers/Admin/TaxonomyAdminController.php
@@ -21,9 +21,9 @@ public function __construct(private readonly TaxonomyService $taxonomy) {}
     /**
      * List all vocabularies for the default space.
      */
-    public function index(): Response
+    public function index(\Illuminate\Http\Request $request): Response
     {
-        $space = Space::first();
+        $space = $request->space();
 
         $vocabularies = $space
             ? Vocabulary::forSpace($space->id)->withCount('terms')->ordered()->get()
diff --git a/app/Http/Controllers/Admin/WebhookAdminController.php b/app/Http/Controllers/Admin/WebhookAdminController.php
index c06f938..ee16ec2 100644
--- a/app/Http/Controllers/Admin/WebhookAdminController.php
+++ b/app/Http/Controllers/Admin/WebhookAdminController.php
@@ -51,12 +51,7 @@ public function index(Request $request): Response
      */
     public function store(Request $request): RedirectResponse
     {
-        // @phpstan-ignore-next-line
-        $spaceId = $request->user()->roles()->first()?->pivot->space_id;
-
-        if (! $spaceId) {
-            abort(403, 'No accessible space found.');
-        }
+        $spaceId = $request->space()?->id ?? abort(403, 'No space context.');
 
         $this->authz->authorize($request->user(), 'webhooks.manage', $spaceId);
 
@@ -196,14 +191,7 @@ public function redeliver(Request $request, string $id, string $deliveryId): Jso
      */
     private function resolveSpaceId(Request $request): string
     {
-        // @phpstan-ignore-next-line
-        $spaceId = $request->user()->roles()->first()?->pivot->space_id;
-
-        if (! $spaceId) {
-            abort(403, 'No accessible space found.');
-        }
-
-        return $spaceId;
+        return $request->space()?->id ?? abort(403, 'No space context.');
     }
 
     /**
diff --git a/app/Http/Middleware/EnsureUserIsAdmin.php b/app/Http/Middleware/EnsureUserIsAdmin.php
index 42ce6f6..8ca08b4 100644
--- a/app/Http/Middleware/EnsureUserIsAdmin.php
+++ b/app/Http/Middleware/EnsureUserIsAdmin.php
@@ -11,8 +11,9 @@ class EnsureUserIsAdmin
     /**
      * Handle an incoming request.
      *
-     * For the dashboard (/admin), require admin role.
-     * For other admin routes, just require authentication (specific routes use permission middleware).
+     * Protects the entire admin route group (not just the root path).
+     * Allows access if the user is a system admin OR has at least one RBAC role assigned.
+     * Individual routes use the `permission` middleware for fine-grained access control.
      */
     public function handle(Request $request, Closure $next): Response
     {
@@ -22,13 +23,17 @@ public function handle(Request $request, Closure $next): Response
             abort(403, 'Unauthorized. Authentication required.');
         }
 
-        // Dashboard requires admin role
-        if ($request->path() === 'admin' || $request->path() === 'admin/') {
-            if (! $user->isAdmin()) {
-                abort(403, 'Unauthorized. Admin access required.');
-            }
+        // Allow admins unconditionally
+        if ($user->isAdmin()) {
+            return $next($request);
         }
 
-        return $next($request);
+        // Allow RBAC users who have at least one role assigned (permission middleware
+        // handles fine-grained access for each individual route)
+        if ($user->roles()->exists()) {
+            return $next($request);
+        }
+
+        abort(403, 'Unauthorized. Admin access required.');
     }
 }
diff --git a/app/Http/Middleware/HandleInertiaRequests.php b/app/Http/Middleware/HandleInertiaRequests.php
index 15d9193..b31b84e 100644
--- a/app/Http/Middleware/HandleInertiaRequests.php
+++ b/app/Http/Middleware/HandleInertiaRequests.php
@@ -3,6 +3,7 @@
 namespace App\Http\Middleware;
 
 use App\Models\Plugin;
+use App\Models\Space;
 use Illuminate\Http\Request;
 use Inertia\Middleware;
 
@@ -38,6 +39,16 @@ public function share(Request $request): array
                     ->values()
                     ->toArray(),
             ],
+            'currentSpace' => fn () => $request->attributes->has('space') && $request->attributes->get('space')
+                ? [
+                    'id' => $request->attributes->get('space')->id,
+                    'name' => $request->attributes->get('space')->name,
+                    'slug' => $request->attributes->get('space')->slug,
+                ]
+                : null,
+            'spaces' => fn () => $request->user()
+                ? Space::all()->map(fn ($s) => ['id' => $s->id, 'name' => $s->name, 'slug' => $s->slug])->toArray()
+                : [],
         ];
     }
 }
diff --git a/app/Http/Middleware/ResolveCurrentSpace.php b/app/Http/Middleware/ResolveCurrentSpace.php
new file mode 100644
index 0000000..c55b966
--- /dev/null
+++ b/app/Http/Middleware/ResolveCurrentSpace.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\Space;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class ResolveCurrentSpace
+{
+    /**
+     * Handle an incoming request.
+     *
+     * Resolution order:
+     *   1. Session-stored space ID
+     *   2. X-Space-Id header (admin users only — prevents IDOR)
+     *   3. First space (chronological fallback)
+     *
+     * Aborts with 503 if no space can be resolved at all.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $space = null;
+
+        // 1. Session
+        $sessionSpaceId = session('current_space_id');
+        if ($sessionSpaceId) {
+            $space = Space::find($sessionSpaceId);
+        }
+
+        // 2. X-Space-Id header — admin users only (IDOR guard)
+        if (! $space) {
+            $spaceIdHeader = $request->header('X-Space-Id');
+            if ($spaceIdHeader && $request->user()?->isAdmin()) {
+                $space = Space::find($spaceIdHeader);
+            }
+        }
+
+        // 3. First space fallback
+        if (! $space) {
+            $space = Space::first();
+        }
+
+        // Abort if still no space — no null allowed through
+        if (! $space) {
+            abort(503, 'No space configured. Please create a space first.');
+        }
+
+        // Bind to request attributes and persist in session
+        $request->attributes->set('space', $space);
+        session(['current_space_id' => $space->id]);
+
+        return $next($request);
+    }
+}
diff --git a/app/Http/Middleware/ResolveSpace.php b/app/Http/Middleware/ResolveSpace.php
new file mode 100644
index 0000000..62961bf
--- /dev/null
+++ b/app/Http/Middleware/ResolveSpace.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\Space;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * @deprecated Use \App\Http\Middleware\ResolveCurrentSpace instead.
+ *             This class is kept to avoid breaking any external references but is no longer used
+ *             in bootstrap/app.php or the middleware pipeline.
+ */
+class ResolveSpace
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $space = null;
+
+        // 1. Check X-Space-Id header
+        $spaceIdHeader = $request->header('X-Space-Id');
+        if ($spaceIdHeader) {
+            $space = Space::find($spaceIdHeader);
+        }
+
+        // 2. Check session
+        if (! $space) {
+            $sessionSpaceId = session('current_space_id');
+            if ($sessionSpaceId) {
+                $space = Space::find($sessionSpaceId);
+            }
+        }
+
+        // 3. Fallback to first space
+        if (! $space) {
+            $space = Space::orderBy('created_at', 'asc')->first();
+        }
+
+        // 4. No space configured
+        if (! $space) {
+            abort(503, 'No space configured');
+        }
+
+        // 5. Bind and persist in session
+        app()->instance('current_space', $space);
+        session(['current_space_id' => $space->id]);
+
+        return $next($request);
+    }
+}
diff --git a/app/Models/Space.php b/app/Models/Space.php
index f4a489e..a8ee633 100755
--- a/app/Models/Space.php
+++ b/app/Models/Space.php
@@ -6,11 +6,14 @@
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Support\Facades\Crypt;
 
 /**
  * @property string $id
  * @property string $name
  * @property string $slug
+ * @property string|null $description
+ * @property string $default_locale
  * @property array|null $settings
  * @property array|null $api_config
  * @property \Carbon\Carbon $created_at
@@ -29,13 +32,46 @@ class Space extends Model
 {
     use HasFactory, HasUlids;
 
-    protected $fillable = ['name', 'slug', 'settings', 'api_config'];
+    protected $fillable = ['name', 'slug', 'description', 'default_locale', 'settings', 'api_config'];
 
     protected $casts = [
         'settings' => 'array',
-        'api_config' => 'array',
+        // api_config is handled via encrypted accessors/mutators below
     ];
 
+    /**
+     * Decrypt api_config when reading.
+     * Stored as an encrypted JSON string; returned as an array.
+     *
+     * @return array<string, mixed>|null
+     */
+    public function getApiConfigAttribute(?string $value): ?array
+    {
+        if ($value === null) {
+            return null;
+        }
+
+        $decrypted = Crypt::decryptString($value);
+
+        return json_decode($decrypted, true);
+    }
+
+    /**
+     * Encrypt api_config when writing.
+     *
+     * @param  array<string, mixed>|null  $value
+     */
+    public function setApiConfigAttribute(?array $value): void
+    {
+        if ($value === null) {
+            $this->attributes['api_config'] = null;
+
+            return;
+        }
+
+        $this->attributes['api_config'] = Crypt::encryptString(json_encode($value));
+    }
+
     public function contentTypes(): HasMany
     {
         return $this->hasMany(ContentType::class);
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 8e66457..62a51eb 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -35,6 +35,7 @@
 use App\Services\Search\SearchRanker;
 use App\Services\Search\SearchService;
 use App\Services\Search\SemanticSearchDriver;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\ServiceProvider;
@@ -117,6 +118,9 @@ public function boot(): void
         // Register content access policies
         Gate::policy(Content::class, ContentPolicy::class);
 
+        // Make $request->space() available in all controllers
+        Request::macro('space', fn () => $this->attributes->get('space'));
+
         // Load DB settings into config (overrides .env defaults)
         Setting::loadIntoConfig();
         // Boot plugin system
diff --git a/bootstrap/app.php b/bootstrap/app.php
index f973f74..9e8f69b 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -14,6 +14,7 @@
     ->withMiddleware(function (Middleware $middleware) {
         $middleware->web(append: [
             \App\Http\Middleware\HandleInertiaRequests::class,
+            \App\Http\Middleware\ResolveCurrentSpace::class,
         ]);
 
         // Global API rate limiting: 60 requests per minute
@@ -25,6 +26,7 @@
         $middleware->alias([
             'admin' => \App\Http\Middleware\EnsureUserIsAdmin::class,
             'permission' => \App\Http\Middleware\RequirePermission::class,
+            'resolve-space' => \App\Http\Middleware\ResolveCurrentSpace::class,
             'set-locale' => \App\Http\Middleware\SetLocaleFromRequest::class,
         ]);
     })
diff --git a/database/migrations/2026_03_16_000001_add_description_default_locale_to_spaces_table.php b/database/migrations/2026_03_16_000001_add_description_default_locale_to_spaces_table.php
new file mode 100644
index 0000000..75af8e8
--- /dev/null
+++ b/database/migrations/2026_03_16_000001_add_description_default_locale_to_spaces_table.php
@@ -0,0 +1,25 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    public function up(): void
+    {
+        if (! Schema::hasColumn('spaces', 'description')) {
+            Schema::table('spaces', function (Blueprint $table) {
+                $table->text('description')->nullable()->after('slug');
+                $table->string('default_locale', 10)->default('en')->after('description');
+            });
+        }
+    }
+
+    public function down(): void
+    {
+        Schema::table('spaces', function (Blueprint $table) {
+            $table->dropColumn(['description', 'default_locale']);
+        });
+    }
+};
diff --git a/database/seeders/DatabaseSeeder.php b/database/seeders/DatabaseSeeder.php
index 7468979..155bde7 100644
--- a/database/seeders/DatabaseSeeder.php
+++ b/database/seeders/DatabaseSeeder.php
@@ -12,6 +12,7 @@ class DatabaseSeeder extends Seeder
     public function run(): void
     {
         $this->call([
+            DefaultSpaceSeeder::class,
             RoleSeeder::class,
             DemoSeeder::class,
             PageSeeder::class,
diff --git a/database/seeders/DefaultSpaceSeeder.php b/database/seeders/DefaultSpaceSeeder.php
new file mode 100644
index 0000000..8810292
--- /dev/null
+++ b/database/seeders/DefaultSpaceSeeder.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace Database\Seeders;
+
+use App\Models\Space;
+use Illuminate\Database\Seeder;
+
+class DefaultSpaceSeeder extends Seeder
+{
+    /**
+     * Run the database seeds.
+     */
+    public function run(): void
+    {
+        Space::firstOrCreate(
+            ['slug' => 'default'],
+            ['name' => 'Default', 'default_locale' => 'en']
+        );
+    }
+}
diff --git a/phpstan.neon b/phpstan.neon
index be6a7ce..3a41f97 100644
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -11,6 +11,7 @@ parameters:
     ignoreErrors:
         - '#Access to an undefined property .*(User|Role)::.*pivot#'
         - '#Parameter.*callback of method.*map.*expects callable.*Closure.*given#'
+        - '#Using nullsafe property access.*on left side of.*is unnecessary#'
     phpVersion: 80200
     parallel:
         maximumNumberOfProcesses: 1
diff --git a/resources/js/Components/SpaceSwitcher.vue b/resources/js/Components/SpaceSwitcher.vue
new file mode 100644
index 0000000..5ab6a5a
--- /dev/null
+++ b/resources/js/Components/SpaceSwitcher.vue
@@ -0,0 +1,53 @@
+<script setup lang="ts">
+import { router, usePage } from '@inertiajs/vue3'
+import { ref, computed } from 'vue'
+
+interface SpaceRef {
+    id: string
+    name: string
+    slug: string
+}
+
+const page = usePage()
+const currentSpace = computed(() => page.props.currentSpace as SpaceRef | null)
+const spaces = computed(() => (page.props.spaces as SpaceRef[]) ?? [])
+
+const open = ref(false)
+
+function switchSpace(spaceId: string) {
+    open.value = false
+    router.post('/admin/spaces/switch', { space_id: spaceId }, {
+        preserveScroll: false,
+        onSuccess: () => window.location.reload(),
+    })
+}
+</script>
+
+<template>
+    <div class="relative" v-if="currentSpace || spaces.length > 0">
+        <button @click="open = !open" class="flex items-center gap-2 px-3 py-1.5 text-sm text-gray-300 bg-gray-800 hover:bg-gray-700 rounded-lg transition-colors">
+            <span class="text-base">🌐</span>
+            <span class="max-w-[120px] truncate">{{ currentSpace?.name ?? 'Select Space' }}</span>
+            <svg class="w-4 h-4 text-gray-500" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 9l-7 7-7-7"/>
+            </svg>
+        </button>
+        <div v-if="open" class="absolute right-0 mt-2 w-52 bg-gray-900 border border-gray-700 rounded-xl shadow-xl z-50">
+            <div class="p-1">
+                <button v-for="space in spaces" :key="space.id"
+                    @click="switchSpace(space.id)"
+                    class="w-full text-left px-3 py-2 text-sm rounded-lg transition-colors"
+                    :class="space.id === currentSpace?.id ? 'bg-indigo-500/15 text-indigo-400' : 'text-gray-300 hover:bg-gray-800'">
+                    <span class="flex items-center gap-2">
+                        <span v-if="space.id === currentSpace?.id" class="text-indigo-400">✓</span>
+                        <span v-else class="w-4 inline-block"></span>
+                        {{ space.name }}
+                    </span>
+                </button>
+            </div>
+            <div class="border-t border-gray-800 p-1">
+                <a href="/admin/spaces" class="block w-full text-left px-3 py-2 text-xs text-gray-500 hover:text-gray-300 rounded-lg transition-colors">Manage Spaces →</a>
+            </div>
+        </div>
+    </div>
+</template>
diff --git a/resources/js/Layouts/MainLayout.vue b/resources/js/Layouts/MainLayout.vue
index f60893a..ae80b40 100644
--- a/resources/js/Layouts/MainLayout.vue
+++ b/resources/js/Layouts/MainLayout.vue
@@ -1,16 +1,30 @@
 <script setup>
 import { Link, usePage, router } from '@inertiajs/vue3'
 import ChatSidebar from '../Components/Chat/ChatSidebar.vue';
+import SpaceSwitcher from '../Components/SpaceSwitcher.vue';
 import { ref, computed } from 'vue';
 
 const page = usePage();
 const user = computed(() => page.props.auth?.user);
 const sidebarOpen = ref(true);
+const spaceSwitcherOpen = ref(false);
+
+const currentSpace = computed(() => page.props.currentSpace);
+const spaces = computed(() => page.props.spaces ?? []);
 
 function logout() {
     router.post('/logout');
 }
 
+function switchSpace(spaceId) {
+    router.post('/admin/spaces/switch', { space_id: spaceId }, {
+        preserveScroll: true,
+        onSuccess: () => {
+            spaceSwitcherOpen.value = false;
+        },
+    });
+}
+
 const navigation = [
     { name: 'Dashboard', href: '/admin', icon: '📊' },
     { name: 'Content', href: '/admin/content', icon: '📝' },
@@ -26,6 +40,8 @@ const navigation = [
     { name: 'Users', href: '/admin/users', icon: '👥' },
     { name: 'API Tokens', href: '/admin/tokens', icon: '🔑' },
     { name: 'Webhooks', href: '/admin/webhooks', icon: '🔗' },
+    { name: 'Spaces', href: '/admin/spaces', icon: '🏢' },
+    { name: 'Spaces', href: '/admin/spaces', icon: '🌐' },
     { name: 'Settings', href: '/admin/settings', icon: '⚙️' },
     { name: 'Languages', href: '/admin/settings/locales', icon: '🌐' },
     { name: 'Plugins', href: '/admin/plugins', icon: '🧩' },
@@ -48,8 +64,48 @@ const navigation = [
                 </div>
             </div>
 
+            <!-- Space Switcher -->
+            <div class="px-3 py-3 border-b border-gray-800">
+                <!-- Static label if only 1 space -->
+                <div v-if="spaces.length <= 1" class="flex items-center gap-2 px-3 py-2">
+                    <span class="text-sm">🏢</span>
+                    <span class="text-sm text-gray-300 truncate">{{ currentSpace?.name ?? 'Default' }}</span>
+                </div>
+
+                <!-- Dropdown if multiple spaces -->
+                <div v-else class="relative">
+                    <button
+                        @click="spaceSwitcherOpen = !spaceSwitcherOpen"
+                        class="w-full flex items-center justify-between gap-2 px-3 py-2 rounded-lg text-sm hover:bg-gray-800/60 transition-colors"
+                    >
+                        <div class="flex items-center gap-2 min-w-0">
+                            <span>🏢</span>
+                            <span class="text-gray-200 truncate">{{ currentSpace?.name ?? 'Select Space' }}</span>
+                        </div>
+                        <span class="text-gray-500 flex-shrink-0">{{ spaceSwitcherOpen ? '▲' : '▼' }}</span>
+                    </button>
+
+                    <div
+                        v-if="spaceSwitcherOpen"
+                        class="absolute top-full left-0 right-0 mt-1 bg-gray-800 border border-gray-700 rounded-lg shadow-xl z-10 overflow-hidden"
+                    >
+                        <button
+                            v-for="space in spaces"
+                            :key="space.id"
+                            @click="switchSpace(space.id)"
+                            class="w-full flex items-center gap-2 px-3 py-2.5 text-sm text-left hover:bg-gray-700 transition-colors"
+                            :class="currentSpace?.id === space.id ? 'text-indigo-400' : 'text-gray-300'"
+                        >
+                            <span v-if="currentSpace?.id === space.id" class="text-xs">✓</span>
+                            <span v-else class="text-xs opacity-0">✓</span>
+                            {{ space.name }}
+                        </button>
+                    </div>
+                </div>
+            </div>
+
             <!-- Nav -->
-            <nav class="mt-4 px-3 space-y-1">
+            <nav class="mt-4 px-3 space-y-1 overflow-y-auto" style="max-height: calc(100vh - 260px)">
                 <Link
                     v-for="item in navigation"
                     :key="item.name"
@@ -90,6 +146,7 @@ const navigation = [
                     </svg>
                 </button>
                 <div class="flex items-center gap-4">
+                    <SpaceSwitcher />
                     <span class="text-xs text-gray-500">AI-First Content Management</span>
                 </div>
             </header>
@@ -99,8 +156,12 @@ const navigation = [
                 <slot />
             </main>
         </div>
-    </div>
 
-    <!-- AI Chat Sidebar -->
-    <ChatSidebar />
-</template>
\ No newline at end of file
+        <!-- Close space switcher on outside click -->
+        <div
+            v-if="spaceSwitcherOpen"
+            class="fixed inset-0 z-40"
+            @click="spaceSwitcherOpen = false"
+        />
+    </div>
+</template>
diff --git a/resources/js/Pages/Admin/Spaces/Create.vue b/resources/js/Pages/Admin/Spaces/Create.vue
new file mode 100644
index 0000000..a0a1d31
--- /dev/null
+++ b/resources/js/Pages/Admin/Spaces/Create.vue
@@ -0,0 +1,118 @@
+<script setup lang="ts">
+import { Head, useForm } from '@inertiajs/vue3'
+import { watch } from 'vue'
+import MainLayout from '../../../Layouts/MainLayout.vue'
+
+const form = useForm({
+    name: '',
+    slug: '',
+    description: '',
+    default_locale: 'en',
+})
+
+const locales = [
+    { value: 'en', label: 'English (en)' },
+    { value: 'de', label: 'German (de)' },
+    { value: 'fr', label: 'French (fr)' },
+    { value: 'es', label: 'Spanish (es)' },
+    { value: 'it', label: 'Italian (it)' },
+    { value: 'pt', label: 'Portuguese (pt)' },
+    { value: 'nl', label: 'Dutch (nl)' },
+    { value: 'pl', label: 'Polish (pl)' },
+    { value: 'ja', label: 'Japanese (ja)' },
+    { value: 'zh', label: 'Chinese (zh)' },
+]
+
+// Auto-slugify name
+watch(() => form.name, (value) => {
+    form.slug = value
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/^-+|-+$/g, '')
+})
+
+function submit() {
+    form.post('/admin/spaces')
+}
+</script>
+
+<template>
+    <MainLayout>
+        <Head title="Create Space" />
+
+        <div class="max-w-2xl mx-auto">
+            <div class="mb-6">
+                <a href="/admin/spaces" class="text-sm text-gray-400 hover:text-white transition-colors">← Back to Spaces</a>
+            </div>
+
+            <h1 class="text-2xl font-bold text-white mb-6">Create Space</h1>
+
+            <form @submit.prevent="submit" class="bg-gray-900 rounded-xl border border-gray-800 p-6 space-y-5">
+                <!-- Name -->
+                <div>
+                    <label class="block text-sm font-medium text-gray-300 mb-1.5">Name</label>
+                    <input
+                        v-model="form.name"
+                        type="text"
+                        placeholder="My Space"
+                        class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white placeholder-gray-500 focus:outline-none focus:border-indigo-500 transition-colors"
+                        :class="{ 'border-red-500': form.errors.name }"
+                    />
+                    <p v-if="form.errors.name" class="mt-1 text-xs text-red-400">{{ form.errors.name }}</p>
+                </div>
+
+                <!-- Slug -->
+                <div>
+                    <label class="block text-sm font-medium text-gray-300 mb-1.5">Slug</label>
+                    <input
+                        v-model="form.slug"
+                        type="text"
+                        placeholder="my-space"
+                        class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white placeholder-gray-500 focus:outline-none focus:border-indigo-500 transition-colors font-mono text-sm"
+                        :class="{ 'border-red-500': form.errors.slug }"
+                    />
+                    <p v-if="form.errors.slug" class="mt-1 text-xs text-red-400">{{ form.errors.slug }}</p>
+                    <p class="mt-1 text-xs text-gray-500">Auto-generated from name. Only letters, numbers, and dashes.</p>
+                </div>
+
+                <!-- Description -->
+                <div>
+                    <label class="block text-sm font-medium text-gray-300 mb-1.5">Description <span class="text-gray-500">(optional)</span></label>
+                    <textarea
+                        v-model="form.description"
+                        rows="3"
+                        placeholder="Brief description of this space..."
+                        class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white placeholder-gray-500 focus:outline-none focus:border-indigo-500 transition-colors resize-none"
+                        :class="{ 'border-red-500': form.errors.description }"
+                    />
+                    <p v-if="form.errors.description" class="mt-1 text-xs text-red-400">{{ form.errors.description }}</p>
+                </div>
+
+                <!-- Default Locale -->
+                <div>
+                    <label class="block text-sm font-medium text-gray-300 mb-1.5">Default Locale</label>
+                    <select
+                        v-model="form.default_locale"
+                        class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:border-indigo-500 transition-colors"
+                        :class="{ 'border-red-500': form.errors.default_locale }"
+                    >
+                        <option v-for="locale in locales" :key="locale.value" :value="locale.value">
+                            {{ locale.label }}
+                        </option>
+                    </select>
+                    <p v-if="form.errors.default_locale" class="mt-1 text-xs text-red-400">{{ form.errors.default_locale }}</p>
+                </div>
+
+                <div class="flex justify-end pt-2">
+                    <button
+                        type="submit"
+                        :disabled="form.processing"
+                        class="px-5 py-2.5 bg-indigo-600 hover:bg-indigo-700 disabled:opacity-50 text-white text-sm font-medium rounded-lg transition-colors"
+                    >
+                        {{ form.processing ? 'Creating...' : 'Create Space' }}
+                    </button>
+                </div>
+            </form>
+        </div>
+    </MainLayout>
+</template>
diff --git a/resources/js/Pages/Admin/Spaces/Edit.vue b/resources/js/Pages/Admin/Spaces/Edit.vue
new file mode 100644
index 0000000..ba05b40
--- /dev/null
+++ b/resources/js/Pages/Admin/Spaces/Edit.vue
@@ -0,0 +1,145 @@
+<script setup lang="ts">
+import { Head, useForm, router } from '@inertiajs/vue3'
+import { ref } from 'vue'
+import MainLayout from '../../../Layouts/MainLayout.vue'
+
+interface Space {
+    id: string
+    name: string
+    slug: string
+    description: string | null
+    default_locale: string
+    settings: Record<string, unknown> | null
+    api_config: Record<string, unknown> | null
+}
+
+const props = defineProps<{
+    space: Space
+}>()
+
+const activeTab = ref<'general' | 'ai_providers' | 'settings' | 'danger'>('general')
+
+const form = useForm({
+    name: props.space.name,
+    slug: props.space.slug,
+    description: props.space.description ?? '',
+    default_locale: props.space.default_locale,
+    settings: props.space.settings ?? {},
+    api_config: {
+        openai_api_key: (props.space.api_config?.openai_api_key as string) ?? '',
+        anthropic_api_key: (props.space.api_config?.anthropic_api_key as string) ?? '',
+        azure_openai_key: (props.space.api_config?.azure_openai_key as string) ?? '',
+        azure_openai_endpoint: (props.space.api_config?.azure_openai_endpoint as string) ?? '',
+        together_api_key: (props.space.api_config?.together_api_key as string) ?? '',
+        fal_api_key: (props.space.api_config?.fal_api_key as string) ?? '',
+        replicate_api_key: (props.space.api_config?.replicate_api_key as string) ?? '',
+    },
+})
+
+const deleteConfirmText = ref('')
+const deleteError = ref('')
+
+const locales = [
+    { value: 'en', label: 'English (en)' },
+    { value: 'de', label: 'German (de)' },
+    { value: 'fr', label: 'French (fr)' },
+    { value: 'es', label: 'Spanish (es)' },
+    { value: 'it', label: 'Italian (it)' },
+    { value: 'pt', label: 'Portuguese (pt)' },
+    { value: 'nl', label: 'Dutch (nl)' },
+    { value: 'pl', label: 'Polish (pl)' },
+    { value: 'ja', label: 'Japanese (ja)' },
+    { value: 'zh', label: 'Chinese (zh)' },
+]
+
+function submit() {
+    form.put(`/admin/spaces/${props.space.id}`)
+}
+
+function confirmDelete() {
+    if (deleteConfirmText.value !== props.space.name) {
+        deleteError.value = 'Space name does not match.'
+        return
+    }
+    router.delete(`/admin/spaces/${props.space.id}`)
+}
+</script>
+
+<template>
+    <MainLayout>
+        <Head :title="`Edit Space: ${space.name}`" />
+        <div class="max-w-3xl mx-auto">
+            <div class="mb-6">
+                <a href="/admin/spaces" class="text-sm text-gray-400 hover:text-white transition-colors">Back to Spaces</a>
+            </div>
+            <h1 class="text-2xl font-bold text-white mb-6">Edit Space: {{ space.name }}</h1>
+            <div class="flex gap-1 mb-6 border-b border-gray-800">
+                <button v-for="tab in [{key:'general',label:'General'},{key:'ai_providers',label:'AI Providers'},{key:'settings',label:'Settings'},{key:'danger',label:'Danger Zone'}]"
+                    :key="tab.key" @click="(activeTab as string) = tab.key"
+                    class="px-4 py-2.5 text-sm font-medium transition-colors -mb-px border-b-2"
+                    :class="activeTab === tab.key ? 'text-indigo-400 border-indigo-400' : 'text-gray-400 border-transparent hover:text-white'">
+                    {{ tab.label }}
+                </button>
+            </div>
+            <form @submit.prevent="submit" class="bg-gray-900 rounded-xl border border-gray-800 p-6">
+                <div v-if="activeTab === 'general'" class="space-y-5">
+                    <div>
+                        <label class="block text-sm font-medium text-gray-300 mb-1.5">Name</label>
+                        <input v-model="form.name" type="text" class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:border-indigo-500" :class="{ 'border-red-500': form.errors.name }" />
+                        <p v-if="form.errors.name" class="mt-1 text-xs text-red-400">{{ form.errors.name }}</p>
+                    </div>
+                    <div>
+                        <label class="block text-sm font-medium text-gray-300 mb-1.5">Slug</label>
+                        <input v-model="form.slug" type="text" class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white font-mono text-sm focus:outline-none focus:border-indigo-500" :class="{ 'border-red-500': form.errors.slug }" />
+                        <p v-if="form.errors.slug" class="mt-1 text-xs text-red-400">{{ form.errors.slug }}</p>
+                    </div>
+                    <div>
+                        <label class="block text-sm font-medium text-gray-300 mb-1.5">Description</label>
+                        <textarea v-model="form.description" rows="3" class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:border-indigo-500 resize-none" />
+                    </div>
+                    <div class="flex justify-end pt-2">
+                        <button type="submit" :disabled="form.processing" class="px-5 py-2.5 bg-indigo-600 hover:bg-indigo-700 disabled:opacity-50 text-white text-sm font-medium rounded-lg">
+                            {{ form.processing ? 'Saving...' : 'Save Changes' }}
+                        </button>
+                    </div>
+                </div>
+                <div v-if="activeTab === 'ai_providers'" class="space-y-5">
+                    <p class="text-sm text-gray-400 mb-4">Configure AI provider API keys for this space.</p>
+                    <div v-for="field in [{key:'openai_api_key',label:'OpenAI API Key'},{key:'anthropic_api_key',label:'Anthropic API Key'},{key:'azure_openai_key',label:'Azure OpenAI Key'},{key:'azure_openai_endpoint',label:'Azure Endpoint'},{key:'together_api_key',label:'Together AI Key'},{key:'fal_api_key',label:'fal.ai API Key'},{key:'replicate_api_key',label:'Replicate API Key'}]" :key="field.key">
+                        <label class="block text-sm font-medium text-gray-300 mb-1.5">{{ field.label }}</label>
+                        <input v-model="(form.api_config as Record<string,string>)[field.key]" type="password" autocomplete="new-password" class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white font-mono text-sm focus:outline-none focus:border-indigo-500" />
+                    </div>
+                    <div class="flex justify-end pt-2">
+                        <button type="submit" :disabled="form.processing" class="px-5 py-2.5 bg-indigo-600 hover:bg-indigo-700 disabled:opacity-50 text-white text-sm font-medium rounded-lg">
+                            {{ form.processing ? 'Saving...' : 'Save API Keys' }}
+                        </button>
+                    </div>
+                </div>
+                <div v-if="activeTab === 'settings'" class="space-y-5">
+                    <div>
+                        <label class="block text-sm font-medium text-gray-300 mb-1.5">Default Locale</label>
+                        <select v-model="form.default_locale" class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:border-indigo-500">
+                            <option v-for="locale in locales" :key="locale.value" :value="locale.value">{{ locale.label }}</option>
+                        </select>
+                    </div>
+                    <div class="flex justify-end pt-2">
+                        <button type="submit" :disabled="form.processing" class="px-5 py-2.5 bg-indigo-600 hover:bg-indigo-700 disabled:opacity-50 text-white text-sm font-medium rounded-lg">
+                            {{ form.processing ? 'Saving...' : 'Save Settings' }}
+                        </button>
+                    </div>
+                </div>
+            </form>
+            <div v-if="activeTab === 'danger'" class="bg-gray-900 rounded-xl border border-red-900/50 p-6 mt-4">
+                <h3 class="text-lg font-semibold text-red-400 mb-2">Danger Zone</h3>
+                <p class="text-sm text-gray-400 mb-4">
+                    Permanently delete this space. Type <strong class="text-white">{{ space.name }}</strong> to confirm.
+                </p>
+                <div class="space-y-3">
+                    <input v-model="deleteConfirmText" type="text" :placeholder="`Type to confirm`" class="w-full bg-gray-800 border border-gray-700 rounded-lg px-3 py-2.5 text-white focus:outline-none focus:border-red-500" :class="{ 'border-red-500': deleteError }" />
+                    <p v-if="deleteError" class="text-xs text-red-400">{{ deleteError }}</p>
+                    <button @click="confirmDelete" class="px-5 py-2.5 bg-red-600 hover:bg-red-700 text-white text-sm font-medium rounded-lg">Delete Space</button>
+                </div>
+            </div>
+        </div>
+    </MainLayout>
+</template>
diff --git a/resources/js/Pages/Admin/Spaces/Index.vue b/resources/js/Pages/Admin/Spaces/Index.vue
new file mode 100644
index 0000000..841d7d3
--- /dev/null
+++ b/resources/js/Pages/Admin/Spaces/Index.vue
@@ -0,0 +1,143 @@
+<script setup lang="ts">
+import { Head, router, usePage } from '@inertiajs/vue3'
+import { computed, ref } from 'vue'
+import MainLayout from '../../../Layouts/MainLayout.vue'
+
+interface Space {
+    id: string
+    name: string
+    slug: string
+    description: string | null
+    default_locale: string
+    created_at: string
+    is_current: boolean
+}
+
+const props = defineProps<{
+    spaces: Space[]
+}>()
+
+const page = usePage()
+const flash = computed(() => (page.props.flash as { success?: string; error?: string }) ?? {})
+
+const confirmDelete = ref<string | null>(null)
+
+function deleteSpace(id: string) {
+    router.delete(`/admin/spaces/${id}`, {
+        preserveScroll: true,
+        onSuccess: () => {
+            confirmDelete.value = null
+        },
+    })
+}
+</script>
+
+<template>
+    <MainLayout>
+        <Head title="Spaces" />
+
+        <div class="max-w-5xl mx-auto">
+            <div class="flex items-center justify-between mb-6">
+                <div>
+                    <h1 class="text-2xl font-bold text-white">Spaces</h1>
+                    <p class="text-sm text-gray-400 mt-1">Manage your content spaces and configurations</p>
+                </div>
+                <a
+                    href="/admin/spaces/create"
+                    class="px-4 py-2 bg-indigo-600 hover:bg-indigo-700 text-white text-sm font-medium rounded-lg transition-colors"
+                >
+                    + New Space
+                </a>
+            </div>
+
+            <!-- Flash messages -->
+            <div v-if="flash.success" class="mb-4 px-4 py-3 bg-green-500/15 border border-green-500/30 text-green-400 rounded-lg text-sm">
+                {{ flash.success }}
+            </div>
+            <div v-if="flash.error" class="mb-4 px-4 py-3 bg-red-500/15 border border-red-500/30 text-red-400 rounded-lg text-sm">
+                {{ flash.error }}
+            </div>
+
+            <!-- Spaces table -->
+            <div class="bg-gray-900 rounded-xl border border-gray-800 overflow-hidden">
+                <table class="w-full">
+                    <thead>
+                        <tr class="border-b border-gray-800">
+                            <th class="text-left px-6 py-3 text-xs font-medium text-gray-400 uppercase tracking-wider">Name</th>
+                            <th class="text-left px-6 py-3 text-xs font-medium text-gray-400 uppercase tracking-wider">Slug</th>
+                            <th class="text-left px-6 py-3 text-xs font-medium text-gray-400 uppercase tracking-wider">Locale</th>
+                            <th class="text-left px-6 py-3 text-xs font-medium text-gray-400 uppercase tracking-wider">Created</th>
+                            <th class="text-right px-6 py-3 text-xs font-medium text-gray-400 uppercase tracking-wider">Actions</th>
+                        </tr>
+                    </thead>
+                    <tbody class="divide-y divide-gray-800">
+                        <tr v-for="space in spaces" :key="space.id" class="hover:bg-gray-800/40 transition-colors">
+                            <td class="px-6 py-4">
+                                <div class="flex items-center gap-2">
+                                    <span class="text-white font-medium">{{ space.name }}</span>
+                                    <span
+                                        v-if="space.is_current"
+                                        class="px-2 py-0.5 text-xs bg-indigo-500/20 text-indigo-400 rounded-full border border-indigo-500/30"
+                                    >
+                                        Current
+                                    </span>
+                                </div>
+                                <p v-if="space.description" class="text-xs text-gray-500 mt-0.5">{{ space.description }}</p>
+                            </td>
+                            <td class="px-6 py-4">
+                                <code class="text-xs text-gray-400 bg-gray-800 px-2 py-1 rounded">{{ space.slug }}</code>
+                            </td>
+                            <td class="px-6 py-4">
+                                <span class="text-sm text-gray-300">{{ space.default_locale }}</span>
+                            </td>
+                            <td class="px-6 py-4">
+                                <span class="text-sm text-gray-500">{{ new Date(space.created_at).toLocaleDateString() }}</span>
+                            </td>
+                            <td class="px-6 py-4">
+                                <div class="flex items-center justify-end gap-2">
+                                    <a
+                                        :href="`/admin/spaces/${space.id}/edit`"
+                                        class="px-3 py-1.5 text-xs text-gray-300 bg-gray-800 hover:bg-gray-700 rounded-lg transition-colors"
+                                    >
+                                        Edit
+                                    </a>
+                                    <button
+                                        @click="confirmDelete = space.id"
+                                        class="px-3 py-1.5 text-xs text-red-400 bg-red-500/10 hover:bg-red-500/20 rounded-lg transition-colors"
+                                    >
+                                        Delete
+                                    </button>
+                                </div>
+                            </td>
+                        </tr>
+                        <tr v-if="spaces.length === 0">
+                            <td colspan="5" class="px-6 py-12 text-center text-gray-500">No spaces found.</td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+
+        <!-- Delete Confirm Dialog -->
+        <div v-if="confirmDelete" class="fixed inset-0 z-50 flex items-center justify-center bg-black/60">
+            <div class="bg-gray-900 border border-gray-700 rounded-xl p-6 w-full max-w-md">
+                <h3 class="text-lg font-bold text-white mb-2">Delete Space</h3>
+                <p class="text-sm text-gray-400 mb-6">Are you sure you want to delete this space? This action cannot be undone.</p>
+                <div class="flex gap-3 justify-end">
+                    <button
+                        @click="confirmDelete = null"
+                        class="px-4 py-2 text-sm text-gray-300 bg-gray-800 hover:bg-gray-700 rounded-lg transition-colors"
+                    >
+                        Cancel
+                    </button>
+                    <button
+                        @click="deleteSpace(confirmDelete)"
+                        class="px-4 py-2 text-sm text-white bg-red-600 hover:bg-red-700 rounded-lg transition-colors"
+                    >
+                        Delete
+                    </button>
+                </div>
+            </div>
+        </div>
+    </MainLayout>
+</template>
diff --git a/routes/web.php b/routes/web.php
index 81a30fe..b10e4ca 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -11,6 +11,8 @@
 use App\Http\Controllers\Admin\ProfileController;
 use App\Http\Controllers\Admin\QueueMonitorController;
 use App\Http\Controllers\Admin\SettingsAdminController;
+use App\Http\Controllers\Admin\SpaceAdminController;
+use App\Http\Controllers\Admin\SpaceSwitcherController;
 use App\Http\Controllers\Admin\TaxonomyAdminController;
 use App\Http\Controllers\Admin\TokenAdminController;
 use App\Http\Controllers\Admin\UserAdminController;
@@ -70,7 +72,7 @@
 |--------------------------------------------------------------------------
 */
 
-Route::prefix('admin')->middleware(['auth', 'admin'])->group(function () {
+Route::prefix('admin')->middleware(['auth', 'admin', 'resolve-space'])->group(function () {
     Route::get('/', [DashboardController::class, 'index'])->name('admin.dashboard');
     Route::get('/content', [ContentAdminController::class, 'index'])->name('admin.content');
     Route::get('/content/{id}', [ContentAdminController::class, 'show'])->name('admin.content.show');
@@ -161,6 +163,10 @@
     Route::post('/taxonomy/terms/{termId}/move', [TaxonomyAdminController::class, 'moveTerm'])->name('admin.taxonomy.terms.move');
     Route::post('/taxonomy/terms/reorder', [TaxonomyAdminController::class, 'reorderTerms'])->name('admin.taxonomy.terms.reorder');
 
+    // Spaces
+    Route::post('/spaces/switch', [SpaceSwitcherController::class, 'store'])->name('admin.spaces.switch');
+    Route::resource('spaces', SpaceAdminController::class)->names('admin.spaces');
+
     // Knowledge Graph
     Route::get('/graph', [GraphController::class, 'index'])->name('graph.index');
 
diff --git a/tests/Feature/Admin/SpaceAdminTest.php b/tests/Feature/Admin/SpaceAdminTest.php
new file mode 100644
index 0000000..1018684
--- /dev/null
+++ b/tests/Feature/Admin/SpaceAdminTest.php
@@ -0,0 +1,162 @@
+<?php
+
+namespace Tests\Feature\Admin;
+
+use App\Models\Space;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class SpaceAdminTest extends TestCase
+{
+    use RefreshDatabase;
+
+    private User $admin;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->admin = User::factory()->admin()->create();
+        // Bind a default space so resolve-space middleware passes
+        $space = Space::factory()->create();
+        app()->instance('current_space', $space);
+    }
+
+    public function test_index_lists_spaces(): void
+    {
+        Space::factory()->count(3)->create();
+
+        $response = $this->actingAs($this->admin)->get('/admin/spaces');
+
+        $response->assertOk();
+        $response->assertInertia(fn ($page) => $page->component('Admin/Spaces/Index'));
+    }
+
+    public function test_create_form_renders(): void
+    {
+        $response = $this->actingAs($this->admin)->get('/admin/spaces/create');
+
+        $response->assertOk();
+        $response->assertInertia(fn ($page) => $page->component('Admin/Spaces/Create'));
+    }
+
+    public function test_store_creates_space(): void
+    {
+        $response = $this->actingAs($this->admin)->post('/admin/spaces', [
+            'name' => 'Test Space',
+            'slug' => 'test-space',
+            'description' => 'A test space',
+            'default_locale' => 'en',
+        ]);
+
+        $response->assertRedirect('/admin/spaces');
+        $this->assertDatabaseHas('spaces', [
+            'name' => 'Test Space',
+            'slug' => 'test-space',
+            'default_locale' => 'en',
+        ]);
+    }
+
+    public function test_store_validates_unique_slug(): void
+    {
+        Space::factory()->create(['slug' => 'existing-slug']);
+
+        $response = $this->actingAs($this->admin)->post('/admin/spaces', [
+            'name' => 'Another Space',
+            'slug' => 'existing-slug',
+            'default_locale' => 'en',
+        ]);
+
+        $response->assertSessionHasErrors('slug');
+    }
+
+    public function test_edit_form_renders(): void
+    {
+        $space = Space::factory()->create();
+
+        $response = $this->actingAs($this->admin)->get("/admin/spaces/{$space->id}/edit");
+
+        $response->assertOk();
+        $response->assertInertia(fn ($page) => $page->component('Admin/Spaces/Edit'));
+    }
+
+    public function test_update_modifies_space(): void
+    {
+        $space = Space::factory()->create();
+
+        $response = $this->actingAs($this->admin)->put("/admin/spaces/{$space->id}", [
+            'name' => 'Updated Name',
+            'slug' => 'updated-slug',
+            'default_locale' => 'de',
+        ]);
+
+        $response->assertRedirect('/admin/spaces');
+        $this->assertDatabaseHas('spaces', [
+            'id' => $space->id,
+            'name' => 'Updated Name',
+            'slug' => 'updated-slug',
+            'default_locale' => 'de',
+        ]);
+    }
+
+    public function test_update_allows_same_slug_on_self(): void
+    {
+        $space = Space::factory()->create(['slug' => 'my-slug']);
+
+        $response = $this->actingAs($this->admin)->put("/admin/spaces/{$space->id}", [
+            'name' => $space->name,
+            'slug' => 'my-slug',
+            'default_locale' => 'en',
+        ]);
+
+        $response->assertRedirect('/admin/spaces');
+    }
+
+    public function test_destroy_deletes_space(): void
+    {
+        // Create two spaces so we can delete one
+        $space1 = Space::factory()->create();
+        $space2 = Space::factory()->create();
+
+        $response = $this->actingAs($this->admin)->delete("/admin/spaces/{$space2->id}");
+
+        $response->assertRedirect('/admin/spaces');
+        $this->assertDatabaseMissing('spaces', ['id' => $space2->id]);
+    }
+
+    public function test_cannot_delete_last_space(): void
+    {
+        // Clear all factories, make exactly one space
+        Space::query()->delete();
+        $space = Space::factory()->create();
+        app()->instance('current_space', $space);
+
+        $response = $this->actingAs($this->admin)->delete("/admin/spaces/{$space->id}");
+
+        $response->assertRedirect('/admin/spaces');
+        $response->assertSessionHas('error');
+        $this->assertDatabaseHas('spaces', ['id' => $space->id]);
+    }
+
+    public function test_space_switcher_updates_session(): void
+    {
+        $space = Space::factory()->create();
+
+        $response = $this->actingAs($this->admin)->post('/admin/spaces/switch', [
+            'space_id' => $space->id,
+        ]);
+
+        $response->assertRedirect();
+        $this->assertEquals($space->id, session('current_space_id'));
+    }
+
+    public function test_space_switcher_rejects_invalid_space(): void
+    {
+        $response = $this->actingAs($this->admin)->post('/admin/spaces/switch', [
+            'space_id' => 'nonexistent-id',
+        ]);
+
+        $response->assertSessionHasErrors('space_id');
+    }
+}
diff --git a/tests/Feature/ApiTokenPermissionsTest.php b/tests/Feature/ApiTokenPermissionsTest.php
index 294953c..587ea9f 100644
--- a/tests/Feature/ApiTokenPermissionsTest.php
+++ b/tests/Feature/ApiTokenPermissionsTest.php
@@ -3,6 +3,7 @@
 namespace Tests\Feature;
 
 use App\Models\Role;
+use App\Models\Space;
 use App\Models\User;
 use Database\Seeders\RoleSeeder;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -19,6 +20,9 @@ protected function setUp(): void
         parent::setUp();
         $this->seed(RoleSeeder::class);
 
+        // Ensure a space exists so ResolveCurrentSpace middleware passes
+        Space::factory()->create();
+
         // Create a user with editor role
         $this->user = User::factory()->create();
         $editor = Role::where('slug', 'editor')->first();
diff --git a/tests/Feature/Middleware/ResolveSpaceTest.php b/tests/Feature/Middleware/ResolveSpaceTest.php
new file mode 100644
index 0000000..7a095e6
--- /dev/null
+++ b/tests/Feature/Middleware/ResolveSpaceTest.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace Tests\Feature\Middleware;
+
+use App\Models\Space;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class ResolveSpaceTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_resolves_from_x_space_id_header(): void
+    {
+        $space = Space::factory()->create();
+
+        // Make a direct request with header
+        $response = $this->withHeaders(['X-Space-Id' => $space->id])
+            ->actingAs(User::factory()->admin()->create())
+            ->get('/admin');
+
+        $response->assertOk();
+        $this->assertEquals($space->id, session('current_space_id'));
+    }
+
+    public function test_resolves_from_session(): void
+    {
+        $space = Space::factory()->create();
+
+        $admin = User::factory()->admin()->create();
+        $response = $this->actingAs($admin)
+            ->withSession(['current_space_id' => $space->id])
+            ->get('/admin');
+
+        // The session-based resolution sets current_space_id back in session
+        $this->assertNotNull(session('current_space_id'));
+    }
+
+    public function test_fallback_to_first_space(): void
+    {
+        $first = Space::factory()->create(['created_at' => now()->subHour()]);
+        Space::factory()->create(['created_at' => now()]);
+
+        $response = $this->actingAs(User::factory()->admin()->create())
+            ->get('/admin');
+
+        $response->assertOk();
+        // First created space should be used
+        $this->assertEquals($first->id, session('current_space_id'));
+    }
+
+    public function test_creates_session_on_no_existing_space_id(): void
+    {
+        $space = Space::factory()->create();
+
+        $response = $this->actingAs(User::factory()->admin()->create())
+            ->get('/admin');
+
+        $response->assertOk();
+        // Should resolve to the space
+        $this->assertNotNull(session('current_space_id'));
+    }
+}
diff --git a/tests/Feature/TaxonomyAdminTest.php b/tests/Feature/TaxonomyAdminTest.php
index ab7a951..1da6d6d 100644
--- a/tests/Feature/TaxonomyAdminTest.php
+++ b/tests/Feature/TaxonomyAdminTest.php
@@ -62,20 +62,14 @@ public function test_taxonomy_index_passes_space_id_to_view(): void
             );
     }
 
-    public function test_taxonomy_index_shows_empty_vocabularies_when_no_space(): void
+    public function test_taxonomy_index_returns_503_when_no_space(): void
     {
-        // No space exists, so the controller should handle it gracefully
+        // No space exists — middleware should abort with 503
         Space::query()->delete();
 
-        $this->actingAs($this->admin);
-
-        $response = $this->get('/admin/taxonomy');
+        $response = $this->actingAs($this->admin)->get('/admin/taxonomy');
 
-        $response->assertOk()
-            ->assertInertia(fn ($page) => $page
-                ->component('Taxonomy/Index')
-                ->where('vocabularies', [])
-            );
+        $response->assertServiceUnavailable();
     }
 
     // ─── GET /admin/taxonomy/{id} ─────────────────────────────────────────────