Admin Surface

Operate the real control plane.

This admin is the source of truth for runtime config, pricing, terms, usernames, webhook intake, audit visibility and operational projections.

Session
Backend-owned admin cookie with isolated auth flow.
Providers
Circle and BlindPAY references live here before onboarding depends on them.
Async truth
Webhook ingestion, audit visibility and reconciliation start from this surface.
Access

Admin Login

This local UI talks to the configured dev API and relies on a backend-owned admin session cookie. Admin access comes only from persistent admin users provisioned outside the public login flow.

First Admin Seed
First admin creation stays outside the public UI. Run it against the dev admin store:
export ADMIN_CREATE_USER_PASSWORD='your-strong-password'
npm run admin:create-user -- --email=owner@sonoora.com --display-name='Sonoora Owner' --role=platform_super_admin
local-uiLocal UI uses dev truth. First-admin seed stays outside the public UI, and runtime admin bootstrap credentials are not accepted.