For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
DashboardProduct
DocsAPI ReferenceArchitecture
DocsAPI ReferenceArchitecture
  • System model
    • Monorepo architecture
    • Auth and workspace model
    • Data model
    • Runtime and operations
    • Known risks and drift
LogoLogo
DashboardProduct
On this page
  • Workspace roles
  • Web auth routes
  • Bootstrap behavior
System model

Auth and workspace model

WorkOS sessions, organization membership, and owner-only capabilities

||View as Markdown|
Was this page helpful?
Edit this page
Previous

Monorepo architecture

Next

Data model

Built with

The main Panicly web app uses WorkOS for identity and sealed cookie sessions. The chatbot app uses a separate NextAuth and guest-session model.

Main dashboard auth
Chatbot auth
provider
WorkOS

OAuth and identity provider for the main web/dashboard app.

session_cookie
panicly_session

Sealed cookie session, not a database-backed session.

session_payload
object

Includes userId, workosUserId, organizationId, email, and accessToken.

Workspace roles

Workspace ownership is inferred from insertion order: the earliest organization user row is treated as owner and later rows as members.

Owner-only writes include billing, provider keys, API key management, workspace controls, project creation, and onboarding completion.

Error text to preserve

Only the workspace owner can manage billing, secrets, keys, and workspace controls.

Web auth routes

apps/web/src/app/api/auth
login/route.ts
logout/route.ts
redirect/route.ts
callback/route.ts
session/route.ts

Bootstrap behavior

Setup-degraded path

The web auth callback can seal a bootstrap session and redirect to /onboarding?setup=database when Supabase schema or network access is unavailable.