Admin: Billing and Grants
The admin panel surfaces just enough billing context to answer basic support questions without opening your provider's dashboard. It does not edit billing — for refunds, plan changes, or customer edits, use the provider dashboard (Polar/Stripe/Lemon Squeezy) or the Convex dashboard.
The admin panel surfaces just enough billing context to answer basic support questions without opening your provider's dashboard. It does not edit billing — for refunds, plan changes, or customer edits, use the provider dashboard (Polar/Stripe/Lemon Squeezy) or the Convex dashboard.
Where it appears
- Workspace detail (
/admin/workspaces→ Manage) shows the workspace's active plan keys and active grant count, read from the app-ownedbilling_grantstable (collectActiveOrganizationGrants). - Audit log (
/admin/audit-log, categorybilling) shows billing history:billing.grant_created/billing.grant_revoked— capabilities granted or revoked, with provider and plan key in metadata.billing.subscription_updated— subscription status changes, with provider, plan key, and previous/new status.
These billing audit events are written by the shared grant-sync chokepoint and
each provider's upsert*Subscription mutation, so all three providers and
manual grants are covered consistently.
What is never shown or stored
No provider payloads, customer billing addresses, card/CVV details, or webhook secrets. Billing audit metadata is limited to provider, plan key, status, and counts.
Manual grants
The starter's manual-grant flow (createManualGrant / revokeManualGrant) is
internal and audited like any other grant change. The admin panel does not
expose a "grant a plan" button — granting paid plans from the UI is deliberately
left out. Add it only if you build a safe, documented flow.
Removing it
The billing context disappears with the admin panel — see Removing the Admin Panel and Audit Log. The audit instrumentation in the billing paths is removed with the audit log; see Audit Log.
Admin: Workspaces
/admin/workspaces lists every workspace (organization) and hosts the admin write surface: suspend and reactivate. It reads app-owned organization_profiles joined with Better Auth organization data.
Admin: Global Audit Log
/admin/audit-log shows the full application audit history to super admins. It is the UI over the audit_events table — see Audit Log for what is and isn't logged.