Innerlight admins are internal staff with full platform access. They work
exclusively in the portal app and interact with tenants indirectly by
operating on business records.
- App:
portal (TanStack Start) — portal.stage.innerlight.dev
- Provider: WorkOS AuthKit
- Token validation:
@nexus/workos-auth validates the JWT on every tRPC call
- Client:
@nexus/scheduler-client (tRPC) over the admin surface (/trpc/*)
- Role gate: platform-level; no WorkOS org scope required
| Action |
Flow |
| Provision a new business |
Provisioning flow — creates records across scheduler, WorkOS, Stripe, Directus, Vendure via a Temporal workflow |
| View all businesses |
admin.businesses.list tRPC |
| Edit billing mode / status |
admin.businesses.billing.* tRPC |
| Wipe a business |
Wipe flow — deletes records across Stripe, WorkOS, scheduler, clears caches, streams SSE progress |
| View |
What it shows |
| Uptime |
Scheduler-api /health endpoint status |
| Queue health |
BullMQ queue depths + failed job counts |
| CI results |
Latest GitHub Actions run status per workflow |
| Railway status |
Deploy status of all Railway services |
| Temporal stats |
Active workflow count, recent failures |
The platform_config table exposes runtime toggles that take effect immediately
without a deploy:
| Key |
Effect |
domains_purchase_enabled |
Money gate — enables live domain purchases via Porkbun |
Admin routes live under the admin.* tRPC namespace:
| Namespace |
Covers |
admin.businesses.* |
List, read, update, provision, wipe |
admin.billing.* |
Billing mode/status, invoice mirror, audit log |
admin.health.* |
Platform health dashboard data |
admin.config.* |
Platform config toggles |
admin.notifications.* |
Notification monitoring |
admin.users.* |
Platform-level user management |