Domain: admin
Curated entry point for the
adminbounded context.
Owner
Founder + agents (Phase 1). Once a Risk Officer and Finance owner exist, those roles co-own the admin surfaces relevant to their function.
Mission
Owns the back-office tooling: the risk console (live breach feed and per-account drill-down), payout queue, KYC review queue, support tools, finance reports, audit search UI, and admin user-management. Boundary: admin exposes surfaces over data and actions owned by other domains; it does not own the underlying business state. Per Q-U6 (override), admin is built in-house in Phase 1, not bought from Retool.
Code paths
- Application code (server-side):
apps/api/src/modules/admin/ - Application code (UI):
apps/web/app/admin/(within the Next.js app per Q-E4 / Q-U6) - Domain logic (pure): none typically - admin is mostly orchestration
- Contracts:
packages/contracts/api/admin.ts - Database schemas owned:
admin(AdminAuditLog, SavedQuery, OperationalDashboardConfig)
PRD chapters that touch this domain
09-admin-backoffice.md- canonical admin spec16-open-questions.md- Q-U6 (custom admin override; Retool excluded)15-kpis-metrics.md- admin dashboards
TDD chapters
(Empty - will populate.)
ADRs that affected this domain
- ADR-0001 (transversally applies)
Service interfaces this domain exposes
export interface AdminService {
// listOpenBreaches(filters): Promise<Breach[]>
// listPendingPayouts(filters): Promise<PayoutRequest[]>
// listKycReviewQueue(filters): Promise<KycReview[]>
// searchAuditEvents(query): Promise<AuditEntry[]>
// listUsers(query): Promise<User[]>
// forcePasswordReset(userId, adminId): Promise<void>
// killSessions(userId, adminId): Promise<void>
// (full surface defined during admin TDD; permissions checked against RBAC from identity)
}
Events this domain produces / consumes
| Direction | Topic | Triggered by |
|---|---|---|
| produces | admin.action.taken | Every admin-initiated mutating action (for audit) |
| consumes | audit.entry.recorded | Live audit feed in the admin console |
| consumes | risk.evaluation.breach_detected | Live breach feed |
| consumes | payouts.request.submitted | Payout queue refresh |
| consumes | onboarding.kyc.flagged | KYC review queue refresh |
External integrations
- None directly. Admin uses internal service interfaces of other domains; it does not talk to external vendors directly.
Runbooks for this domain
(Empty - will populate when alerts are defined in Section 17.6. Expected high-priority: admin auth failure burst, admin action logging gap.)
On-call
To be filled in Section 17.6.
Cross-domain dependencies
- This domain calls: every other domain's service interface (
identity,accounts,billing,payouts,audit, etc.). Admin is the broadest synchronous consumer in the system. - This domain emits events consumed by:
audit(every admin action is logged),notifications(admin-action-driven notifications, e.g., "your account was reset by support").