Check launch and platform status away from desktop
See whether Director workstreams such as marketing, security, mobile, funnels, checkout, products, email, analytics, agent work, and blockers are moving without opening the desktop admin app.
Agent docs
Bumpgrade will build native publisher/admin apps from the same feature, roadmap, commerce, admin, and agent contracts used by the web app. This page defines the shared scope and the first platform smoke paths for #67 and #68 plus the issue #414 owner-session, private-row, private-row action, Director review, commerce review, action-intent, Director digest, confirmed-action, push-readiness, and distribution-readiness contract.
Mobile admin source dataLive mobile dashboard source dataStatus
Contract readyIssue #13 splits platform work into iOS issue #67, Android issue #68, and dashboard issue #153.Private auth and actions
Mobile private views reuse the same Better Auth cookie/session, owner allowlist, verified-email gate, and admin role mapping as web admin. The mobile app must not invent mobile-only roles or bypass the web/admin owner boundary.
The endpoint returns owner-only private row notes and synthetic private payload metadata only to authenticated owners. Public mobile source-data exposes route, status, counts, public row labels, and redaction flags without owner-only notes, private payload JSON, owner email values, session IDs, cookies, tokens, or raw rows.
The endpoint mutates only private-row workflow state after exact confirmation, idempotency, stale row revision, stale-state token, and audit-correlation checks. It creates no billing mutation, commerce mutation, publishing mutation, push notification, distribution state change, moderation action, creator-speech action, or public agent write.
The endpoint records low-risk production owner review state after exact confirmation, idempotency, current Director source-revision checks, stale-state token checks, and audit correlation. It changes only Director review state and creates no billing mutation, publishing mutation, push notification, distribution state change, public agent write, or private-row change.
The endpoint records low-risk owner commerce review state after exact confirmation, idempotency, current commerce source-revision checks, stale-state token checks, and audit correlation. It changes only commerce review state and creates no billing mutation, refund, subscription change, price change, fulfillment change, entitlement change, push notification, distribution state change, public agent write, or private-row change.
The endpoint records redacted action intent evidence only. It creates no production admin mutation, billing mutation, push notification, distribution state change, private mobile row exposure, or direct public agent write.
The current /api/mobile-admin/director-reviews endpoint can record owner-confirmed Director workstream review state for this action. /api/mobile-admin/actions remains available for audit-only action intent evidence, but higher-risk production mutations still require domain-specific confirmed-write APIs.
The current /api/mobile-admin/commerce-reviews endpoint can record owner-confirmed commerce-health review state for this action. It does not create checkout, refund, subscription, price, fulfillment, entitlement, push, distribution, private-row, or public agent mutations.
No mobile checkout, refund, subscription, price, fulfillment, or entitlement mutation is live until the shared confirmed-write API and platform evidence exist.
Push and distribution
Public mobile source-data may expose provider names, disabled send status, required evidence, blocked-by reasons, and redaction flags. It must not expose APNs/FCM credentials, device tokens, recipient identities, push payload bodies, queue rows, provider responses, or delivery receipts.
Public mobile source-data may expose simulator/emulator status, required platform evidence, and current blockers. It must not expose signing credentials, provisioning profiles, keystore material, store account identifiers, private tester lists, or physical-device private rows.
disabled-provider-contract-required; installable distribution claim not live.
Live dashboard
/mobile-admin/dashboard/source-data gives iOS, Android, web, and agents one dashboard payload.
live-public-source-data-ready from issue #153.
The dashboard exposes counts, statuses, route IDs, issue evidence, and recent public-safe work-log metadata only. It excludes private buyer rows, raw inbox bodies, owner email values, session IDs, R2 object keys, signed URLs, upload bodies, secret values, and write tokens.
Director brief
The mobile dashboard carries a redacted directorDigest sourced from /admin/director/source-data.
Mobile clients can show workstream totals, 1-day/7-day changes, executive queue counts, and compact brief signals for categories such as Marketing, Mobile Admin, and Security / Trust.
The digest excludes raw attention bodies, raw work-log bodies, private rows, owner email values, and private evidence.
Jobs
See whether Director workstreams such as marketing, security, mobile, funnels, checkout, products, email, analytics, agent work, and blockers are moving without opening the desktop admin app.
Inspect work-log entries, owner-attention items, screenshots, and required confirmations before approving public or billing-impacting work.
Read products, prices, sandbox/live checkout state, webhook evidence, and known Stripe blockers before taking action.
Platform split
Render the mobile admin digest, fetch the live dashboard route, and preserve fixture fallback in the Expo app foundation and iOS simulator smoke target.
Render the mobile admin digest, fetch the live dashboard route, and preserve fixture fallback in a native Android activity and emulator smoke target.
iOS slice
apps/mobile-admin contains the Expo entrypoint and iOS smoke target.
apps/mobile-admin/fixtures/mobile-admin-contract.json is generated from /mobile-admin/source-data before the iOS app renders.
npm run mobile:ios:smoke builds, launches, and screenshots the simulator target.
Android slice
apps/mobile-admin/android contains the native Android smoke target.
apps/mobile-admin/android/src/main/assets/mobile-admin-contract.json is generated from /mobile-admin/source-data before the Android app renders.
npm run mobile:android:smoke builds, launches, and screenshots the emulator target.
API dependencies
Live public-safe dashboard bundle for iOS and Android clients so mobile does not stitch or infer project state from hidden admin pages.
Public-safe CEO-style workstream brief for mobile clients, including top-level workstreams, current focus, briefing controls, due/in-flight/pending/change signals, and redacted 1-day/7-day change windows.
Public-safe roadmap, work-log, user-journey, and owner-attention digest for the first mobile admin screen.
Feature status and issue evidence for the mobile dashboard.
Public roadmap lanes, blockers, next milestones, and issue links.
Redacted products, prices, checkout-intent, webhook, subscription, and audit architecture.
Better Auth session boundary for future private publisher/admin mobile views.
Owner-session-only private row inspection for Mobile Admin clients, with public source-data limited to route, status, counts, public row labels, and redaction flags.
Owner-confirmed private row workflow actions for Mobile Admin clients, limited to low-risk mark-read and defer mutations with redacted audit evidence.
Owner-gated mobile action-intent endpoint for redacted audit-only confirmation evidence before future domain-specific confirmed-write APIs mutate admin, publishing, commerce, or agent-proposal state.
Owner-confirmed Director workstream acknowledgement API for mobile clients, with exact confirmation, stale Director payload checks, idempotency, audit correlation, and redaction.
Owner-confirmed commerce-health acknowledgement API for mobile clients, with exact confirmation, stale commerce source-data checks, idempotency, audit correlation, and redaction.
Public-safe push-notification readiness boundary for APNs/FCM provider requirements, disabled send status, blockers, and redaction flags before any Mobile Admin push sends exist.
Public-safe distribution readiness boundary that separates simulator/emulator evidence from physical-device and App Store/Play Store claims.
Stack and safety
Start the publisher admin apps as an Expo React Native TypeScript workspace shared by iOS and Android, unless the child issue smoke tests expose a platform-specific reason to split native code. The repo has no existing native app tree, and the current web/admin state is already modeled as public-safe TypeScript/JSON contracts.
Mobile auth source-data may name routes, roles, denial states, and issue evidence, but it must not expose owner email values, session IDs, cookies, tokens, raw Better Auth payloads, or private admin rows.
The first private mobile row slice is read-only through /api/mobile-admin/private-rows and cannot mutate production state. The first domain-specific Mobile Admin confirmed-write slice can acknowledge Director workstreams through /api/mobile-admin/director-reviews, but it mutates only low-risk owner review state.