Platform admin
Platform-admin subdomains
Three cross-tenant surfaces moved off the per-tenant app onto dedicated subdomains (gh#685):
| Subdomain | Audience | What |
|---|---|---|
costs.flatsbratislava.com |
Superadmins only | Cross-tenant AI + integration spend dashboard. See Cost observability. |
infra.flatsbratislava.com |
Superadmins only | Deep per-env diagnostics — Fly machine list, Redis health, S3 egress, recent deploy commits. |
status.flatsbratislava.com |
Public + logged-in operators | Health board for prod / preprod / sandbox / demo. See Status page. |
Why separate subdomains
Each surface answers questions across all tenants — a per-tenant app shouldn't host cross-tenant data. Separating subdomains:
- Tenant admins can't accidentally see cross-tenant spend / infra.
- Superadmins navigate to the dedicated subdomain without bouncing through a tenant context.
- Each subdomain's auth + routes scope correctly via the
platformProceduretRPC scope.
How auth works
- status.flatsbratislava.com — public landing card; logged-in operators see DB ping + recent incidents; superadmins see the deep diagnostic panel.
- costs.flatsbratislava.com + infra.flatsbratislava.com — superadmin login required (Google OAuth same as the main app + the
superadminrole check).
The SSO works across all three subdomains — superadmin signs in once at the main app, follows a link to costs or infra, no re-login.
What's NOT on these subdomains
The per-tenant flavors of cost + status remain inside the tenant app:
- Per-tenant AI cost is in AI Cockpit → Cost dashboard.
- Per-tenant operator-visible system state is in Admin → System Logs / Webhook Logs / Activity Log.
The platform-admin subdomains add the cross-tenant aggregation only.
Implements: gh#685 (move Costs + Infra Status to dedicated subdomains, remove from tenant app, re-scope infraStatus to platformProcedure). Related: gh#533 (status page), gh#523 (cost dashboard), gh#689 (hide Preprod Controls on prod + demo).
Source: the FlatsBratislava operator manual.