User types
Nexus has four distinct actor types. Three are WorkOS-backed (Admin, Business
owner, Staff member); one authenticates via a session token issued by
scheduler-api (Customer). Each has a different surface (app) and a different
set of flows.
Actor overview
Section titled “Actor overview”| Actor | App surface | WorkOS role | Auth provider |
|---|---|---|---|
| Admin / ops | portal |
platform-level (no org scope) | WorkOS AuthKit |
| Business owner | portal-business |
owner within their org |
WorkOS AuthKit |
| Staff member | portal-business |
member or team_lead within their org |
WorkOS AuthKit |
| Customer | site-main, site-shop, site-hypno |
— (no WorkOS) | Session token (stoken) |
Innerlight staff / ops. Full platform access.
- Surface:
portal— TanStack Start app atportal.stage.innerlight.dev - Auth: WorkOS AuthKit; JWT validated server-side by
@nexus/workos-auth - Capabilities: provision businesses, trigger convergence, wipe tenants, view health dashboard, manage platform config, inspect queues + CI status
- Detail: Admin user
Business owner
Section titled “Business owner”The human who owns a tenant business on the platform. Created when an admin provisions a business and sends an invite.
- Surface:
portal-business— served byportal-business-web(Caddy) atadmin.stage.innerlight.dev - Auth: WorkOS AuthKit; role =
ownerwithin the business’s WorkOS org - Capabilities: manage services + staff, view calendar + bookings, configure billing, set up custom domain, view analytics
- Detail: Business owner
Staff member
Section titled “Staff member”An employee of a business. Added by the business owner.
- Surface:
portal-business(same app, reduced permissions) - Auth: WorkOS AuthKit; role =
memberorteam_leadwithin the business’s WorkOS org - Capabilities: view calendar, manage bookings, manage customers (scoped to role)
Customer
Section titled “Customer”An end user who books appointments or purchases products. Not a WorkOS user.
- Surface:
site-main,site-shop,site-hypno - Auth: Scheduler session token (
stoken) — scoped bearer token issued on booking/login - Capabilities: browse services, book appointments, manage their bookings, receive notifications
- Detail: Customer
Billing types
Section titled “Billing types”Billing lives at the business level, not the user level. See Billing types for billing modes, status states, and the money gate toggle.