You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Establish the foundation for admin.us-rse.org — workspace, auth posture, role/permission model, audit infrastructure, and frontend shell that every later admin subsystem inherits without rework. Spec lives at docs/superpowers/specs/2026-05-09-admin-app-foundation-design.md.
Requirements
Extract packages/auth-shell from apps/web (AuthKit provider, env-check guard, root error boundary, useApi fetch wrapper). Public app continues to work unchanged.
Schema: add staff to user_role enum, backfill WHERE role = 'admin', deprecate admin in a follow-up rev.
requireActorContext middleware: walk merge chain to canonical user, load leadership terms + chair memberships, populate c.var.actor. Returns 403 if canEnterAdminApp fails.
requirePolicy(policy, scopeFn) middleware factory. Mount admin entry gate on the /api/admin/* sub-app.
auditMiddleware afterware: write one audit_log row per mutating admin request. Handlers enrich payload via c.var.auditPayload and c.var.auditCapture(prior).
GET /api/admin/audit — cursor-paginated audit reader, filterable by actor / action / targetType / targetId / date range, super_admin only.
apps/admin workspace: Vite + React 19 + React Router 7 + design-system tokens. Mirrors apps/web patterns. Vite dev proxy /api → :8787.
Admin shell: sidebar (numbered nav, adaptive per useNavSections()), top bar, dashboard tiles, audit page, stub routes for every future subsystem.
Cloudflare Pages project us-rse-admin with admin.us-rse.org custom domain + _redirects for /api/* and SPA fallback.
.github/workflows/deploy-admin.yml with path filters on apps/admin/**, packages/auth-shell/**, packages/design-system/**.
WorkOS redirect URIs registered for admin.us-rse.org/auth/callback + preview pattern.
Foundation tests: policy unit tests, audit middleware integration test, one end-to-end sign-in smoke.
Context
Spec was the result of a /superpowers:brainstorming session that decomposed the broader admin-app idea into a foundation plus ten follow-up subsystems. The foundation is intentionally feature-light — it ships the cross-cutting infrastructure so each subsystem (members, vocab, organizations, groups, events, recognition, forms, elections, communications, operations) lands on a stable target.
Implementation Notes
Same WorkOS project for both SPAs; admin gate is a role check, not an auth-system check.
Same Worker for both /api/* and /api/admin/*; sub-app pattern keeps the boundary obvious in code reviews.
Code-defined policies, not data-defined. Auth changes are PR-reviewed and shipped.
Audit middleware captures every mutating request automatically; handlers can opt into before/after diffs for irreversible-feeling actions.
Summary
Establish the foundation for
admin.us-rse.org— workspace, auth posture, role/permission model, audit infrastructure, and frontend shell that every later admin subsystem inherits without rework. Spec lives atdocs/superpowers/specs/2026-05-09-admin-app-foundation-design.md.Requirements
packages/auth-shellfromapps/web(AuthKit provider, env-check guard, root error boundary, useApi fetch wrapper). Public app continues to work unchanged.stafftouser_roleenum, backfillWHERE role = 'admin', deprecateadminin a follow-up rev.packages/api/src/lib/policies/directory withcanEnterAdminApp,canApproveVocab,canMergeUsers,canEditGroup,canEditEvent,canViewAuditLog+ Vitest tests.requireActorContextmiddleware: walk merge chain to canonical user, load leadership terms + chair memberships, populatec.var.actor. Returns 403 ifcanEnterAdminAppfails.requirePolicy(policy, scopeFn)middleware factory. Mount admin entry gate on the/api/admin/*sub-app.auditMiddlewareafterware: write oneaudit_logrow per mutating admin request. Handlers enrich payload viac.var.auditPayloadandc.var.auditCapture(prior).GET /api/admin/me— returns{ user, systemTier, positions: { leadership, chairedGroups, chairedEvents } }.GET /api/admin/audit— cursor-paginated audit reader, filterable by actor / action / targetType / targetId / date range, super_admin only.apps/adminworkspace: Vite + React 19 + React Router 7 + design-system tokens. Mirrorsapps/webpatterns. Vite dev proxy/api→:8787.useNavSections()), top bar, dashboard tiles, audit page, stub routes for every future subsystem.us-rse-adminwithadmin.us-rse.orgcustom domain +_redirectsfor/api/*and SPA fallback..github/workflows/deploy-admin.ymlwith path filters onapps/admin/**,packages/auth-shell/**,packages/design-system/**.admin.us-rse.org/auth/callback+ preview pattern.Context
Spec was the result of a
/superpowers:brainstormingsession that decomposed the broader admin-app idea into a foundation plus ten follow-up subsystems. The foundation is intentionally feature-light — it ships the cross-cutting infrastructure so each subsystem (members, vocab, organizations, groups, events, recognition, forms, elections, communications, operations) lands on a stable target.Implementation Notes
/api/*and/api/admin/*; sub-app pattern keeps the boundary obvious in code reviews.