Skip to main content
Replied needs separate auth and layout boundaries for customer dashboard, company admin, and superadmin work.

Boundaries

AreaRule
DashboardUse workspace auth and org_id scope.
Company adminRequire admin or owner role.
SuperadminRequire internal superadmin auth.
Public APIValidate API key, origin, payload, and rate limits.

Add a sidebar item

  1. Find the current sidebar data source.
  2. Add the item to the matching area only.
  3. Confirm role visibility.
  4. Confirm active route behavior.
  5. Avoid duplicate labels.

Avoid breaking

  • Do not bypass Supabase session checks.
  • Do not query without org_id scope.
  • Do not expose company admin pages to members.
  • Do not expose superadmin pages to customer users.