{"id":"bumpgrade-ios-mobile-admin-source-data","generatedFrom":"src/lib/mobile-admin-ios.ts","updatedAt":"2026-05-19","platform":"ios","issue":67,"parentIssue":13,"featureId":"feature-mobile-admin","status":"simulator-smoke-ready","appPath":"apps/mobile-admin","sourceContractRoute":"/mobile-admin/source-data","sourceDataRoute":"/mobile-admin/ios/source-data","fixturePath":"apps/mobile-admin/fixtures/mobile-admin-contract.json","expoEntrypoint":"apps/mobile-admin/src/App.tsx","simulatorTarget":"apps/mobile-admin/ios/BumpgradeMobileAdmin.xcodeproj","simulatorBundleId":"com.bumpgrade.mobileadmin","smokeCommand":"npm run mobile:ios:smoke","validationCommand":"npm run mobile:ios:validate","screenshotPath":"/pr-screenshots/issue-67-ios-mobile-admin-simulator.png","dashboardPanelIssue":155,"liveHydrationIssue":157,"liveDashboardUrl":"https://bumpgrade.com/mobile-admin/dashboard/source-data","directorDigest":{"route":"/admin/director/source-data","dashboardField":"directorDigest","redactionBoundary":"The iOS app foundation reads only public-safe Director workstream IDs, titles, statuses, compact signals, and 1-day/7-day counts from the live dashboard payload."},"privateAuth":{"issue":414,"status":"owner-session-contract-ready","sessionRoute":"/api/auth/[...all]","loginRoute":"/login","callbackSurface":"/admin/director","deniedStates":["signed_out","not_allowlisted","email_unverified","session_unavailable"]},"privateRowsApi":{"issue":414,"status":"owner-mobile-private-rows-ready","route":"/api/mobile-admin/private-rows","authBoundary":"owner-session","readBoundary":"The endpoint returns owner-only private row notes and synthetic private payload metadata only to authenticated owners. Public mobile source-data exposes route, status, counts, public row labels, and redaction flags without owner-only notes, private payload JSON, owner email values, session IDs, cookies, tokens, or raw rows."},"privateRowActionsApi":{"issue":428,"status":"owner-mobile-private-row-actions-ready","route":"/api/mobile-admin/private-rows/actions","authBoundary":"owner-session","actionBoundary":"The endpoint mutates only private-row workflow state after exact confirmation, idempotency, stale row revision, stale-state token, and audit-correlation checks. It creates no billing mutation, commerce mutation, publishing mutation, push notification, distribution state change, moderation action, creator-speech action, or public agent write."},"directorReviewApi":{"issue":414,"status":"owner-mobile-director-review-ready","route":"/api/mobile-admin/director-reviews","authBoundary":"owner-session","reviewBoundary":"The endpoint records low-risk production owner review state after exact confirmation, idempotency, current Director source-revision checks, stale-state token checks, and audit correlation. It changes only Director review state and creates no billing mutation, publishing mutation, push notification, distribution state change, public agent write, or private-row change."},"commerceReviewApi":{"issue":414,"status":"owner-mobile-commerce-review-ready","route":"/api/mobile-admin/commerce-reviews","authBoundary":"owner-session","reviewBoundary":"The endpoint records low-risk owner commerce review state after exact confirmation, idempotency, current commerce source-revision checks, stale-state token checks, and audit correlation. It changes only commerce review state and creates no billing mutation, refund, subscription change, price change, fulfillment change, entitlement change, push notification, distribution state change, public agent write, or private-row change."},"actionIntentApi":{"issue":414,"status":"owner-mobile-action-intent-ready","route":"/api/mobile-admin/actions","authBoundary":"owner-session","intentBoundary":"The endpoint records redacted action intent evidence only. It creates no production admin mutation, billing mutation, push notification, distribution state change, private mobile row exposure, or direct public agent write."},"pushNotificationBoundary":{"issue":414,"status":"push-boundary-ready","sendCapability":"disabled-provider-contract-required","requiredProvider":{"platform":"ios","provider":"APNs","credentialBoundary":"APNs credentials, team identifiers, bundle identifiers, device tokens, and push payloads must stay out of public source-data and fixture files.","requiredEvidence":["APNs provider choice and credential storage path","iOS bundle ID and entitlement proof","Device-token registration contract","Owner-confirmed send preflight with idempotency and audit correlation"]},"blockedBy":["No APNs credential plumbing is present in the repo.","No FCM credential plumbing is present in the repo.","No private device-token registration contract exists yet.","No owner-confirmed push send preflight or provider-call API exists yet."],"redactionFlags":["apnsCredentialsIncluded=false","fcmCredentialsIncluded=false","deviceTokensIncluded=false","recipientIdentifiersIncluded=false","pushPayloadBodiesIncluded=false","providerResponsesIncluded=false","queueRowsIncluded=false","deliveryReceiptsIncluded=false","pushNotificationsSent=false"]},"distributionReadiness":{"issue":414,"status":"distribution-boundary-ready","installableDistributionClaim":false,"platformEvidence":{"platform":"ios","currentEvidence":"The iOS app foundation has a simulator smoke target and screenshots, but physical-device proof is parked while the detected iPhone target is unavailable.","requiredBeforeClaim":["Available physical iPhone target or explicit simulator-only acceptance decision","Bundle identifier and signing profile decision","TestFlight or App Store Connect distribution path","Private-row/auth smoke proof labeled as simulator, physical device, or distribution evidence"],"blockedBy":["Detected iPhone target is unavailable to devicectl in the current environment."]},"redactionFlags":["signingCredentialsIncluded=false","provisioningProfilesIncluded=false","keystoreMaterialIncluded=false","storeAccountIdentifiersIncluded=false","privateTesterListsIncluded=false","physicalDevicePrivateRowsIncluded=false","appStoreDistributionLive=false","playStoreDistributionLive=false"]},"confirmedActions":[{"id":"mobile-confirm-review-agent-work","issue":414,"status":"owner-director-review-api-ready","surface":"Owner-attention and work-log inbox","requiredInputs":["actorUserId","role","workstreamId","expectedDirectorGeneratedAt","idempotencyKey","staleStateToken","auditCorrelationId"]},{"id":"mobile-confirm-commerce-health-review","issue":414,"status":"owner-commerce-review-api-ready","surface":"Commerce health summary","requiredInputs":["actorUserId","role","reviewTargetId","expectedCommerceGeneratedAt","idempotencyKey","staleStateToken","auditCorrelationId"]},{"id":"mobile-confirm-commerce-change","issue":414,"status":"future-api-required","surface":"Commerce health summary","requiredInputs":["actorUserId","role","priceId","amount","currency","idempotencyKey","staleStateToken","auditCorrelationId"]}],"reads":[{"id":"ios-read-mobile-contract-fixture","route":"/mobile-admin/source-data","fixturePath":"apps/mobile-admin/fixtures/mobile-admin-contract.json","purpose":"The Expo entrypoint and iOS simulator target render the mobile admin digest from the checked-in fixture generated from the shared source-data contract when live hydration is unavailable."},{"id":"ios-read-live-mobile-dashboard","route":"/mobile-admin/dashboard/source-data","fixturePath":null,"purpose":"The Expo entrypoint and iOS simulator target fetch the live public-safe mobile dashboard contract, render its Director workstream brief, and distinguish live network hydration from fixture fallback."},{"id":"ios-read-director-workstreams","route":"/admin/director/source-data","fixturePath":null,"purpose":"The live dashboard payload carries a redacted Director workstream digest so the iOS app foundation can show CEO-style nesting without scraping the private admin page."},{"id":"ios-read-mobile-private-rows","route":"/api/mobile-admin/private-rows","fixturePath":null,"purpose":"A verified owner can inspect read-only Mobile Admin private rows through the shared Better Auth owner session without exposing owner-only notes or private payloads in public source-data."},{"id":"ios-record-mobile-private-row-action","route":"/api/mobile-admin/private-rows/actions","fixturePath":null,"purpose":"A verified owner can mark private rows read or deferred after exact confirmation, idempotency, stale row revision, stale-state token, and audit-correlation checks."},{"id":"ios-record-mobile-director-review","route":"/api/mobile-admin/director-reviews","fixturePath":null,"purpose":"A verified owner can acknowledge a Director workstream after exact confirmation, idempotency, current Director generated-at checks, stale-state token checks, and audit correlation."},{"id":"ios-record-mobile-commerce-review","route":"/api/mobile-admin/commerce-reviews","fixturePath":null,"purpose":"A verified owner can acknowledge commerce-health source-data after exact confirmation, idempotency, current commerce revision checks, stale-state token checks, and audit correlation."},{"id":"ios-record-mobile-action-intent","route":"/api/mobile-admin/actions","fixturePath":null,"purpose":"A verified owner can record audit-only mobile action intent evidence after exact confirmation, idempotency, contract revision, stale-state token, source-route, and audit-correlation checks."},{"id":"ios-read-mobile-push-boundary","route":"/mobile-admin/source-data","fixturePath":"apps/mobile-admin/fixtures/mobile-admin-contract.json","purpose":"The iOS app foundation renders the APNs push-notification readiness boundary while sends, device tokens, provider credentials, payload bodies, and delivery receipts remain disabled and redacted."},{"id":"ios-read-mobile-distribution-boundary","route":"/mobile-admin/source-data","fixturePath":"apps/mobile-admin/fixtures/mobile-admin-contract.json","purpose":"The iOS app foundation renders the distribution boundary that separates simulator proof from physical-device, TestFlight, and App Store claims."},{"id":"ios-read-admin-source-next","route":"/admin/source-data","fixturePath":null,"purpose":"The next iOS slice should replace or supplement the generated fixture with live public-safe admin source-data reads."}],"writeBoundary":"Read-only private rows can be inspected through /api/mobile-admin/private-rows, low-risk private-row workflow actions can be recorded through /api/mobile-admin/private-rows/actions, Director workstream acknowledgements can be recorded through /api/mobile-admin/director-reviews, commerce-health acknowledgements can be recorded through /api/mobile-admin/commerce-reviews, and audit-only action intents can be recorded through /api/mobile-admin/actions. iOS now renders the shared Director workstream brief, owner-session, private-row API, private-row action API, Director review API, commerce review API, action-intent API, push-notification boundary, distribution-readiness boundary, and confirmed-action contract, but public, billing-impacting, fulfillment, publishing, source-editing, moderation, creator-speech, push sends, distribution, and high-risk production mutations stay disabled until additional domain-specific confirmed-write APIs and platform evidence exist.","caveat":"This source-data route proves the iOS app foundation, simulator smoke path, live dashboard hydration, redacted Director workstream digest, owner-session/private-row/private-row-action/Director-review/commerce-review/confirmed-action UI contract, audit-only action-intent route, APNs readiness boundary, and distribution boundary. It does not mean App Store/TestFlight distribution, push notifications, physical-device private row proof, or high-risk production write actions are live."}