Admin OS / Record OS

管理できると、
伸ばせる。

認証、決済、クラブ掲載、イベント、監査ログをひとつのRecord OSとして見るための管理画面です。 外部プロバイダ接続前でも、どのレコードがどの部署の責任かを追えます。

Platform readiness

Clubs: 38

Events: 268

Database: 19

Audit log: 4

認証

2 providers

Payment queue

2 sessions

Database

19 tables

Audit log

4 rows

Webhook audit

8 events

Email readiness

5 drafts

Analytics

provider_not_connected

Host draft review

1 blocked

Host draft review

local_draft_only / blocked from publish

誰でもランクラブを開催できる入口を作りつつ、公開、メール、push、掲載変更は owner/source/safety reviewが終わるまで止めます。

Review events

Drafts

1

Blocked

1

Publish

false

Email / push

false / false

no_publish_before_reviewno_email_or_push_before_reviewno_public_listing_mutationno_external_calendar_or_rsvp_creation

Retention loop

post_run_feedback → next_week_recommendation

参加後の雰囲気、ペース、入りやすさ、次週の好みだけを選択式で見ます。 No health data. No email send. No external DB write.

Mode: read_only_retention_loop

Feedback: 2

Next week: 2

Email: false

External DB: false

post_run_feedback / local_demo_only

felt_like_me / comfortable / easy_to_join

Return: would_return. Next: same_vibe.

post_run_feedback / local_demo_only

too_quiet / comfortable / needed_a_buddy

Return: try_different_run. Next: more_social.

next_week_recommendation / next_week_recommendation_ready

080Tokyo Monday Night Social

The last run felt socially easy and the pace was comfortable, so keep the same weekly ritual.

next_week_recommendation / next_week_recommendation_ready

Mikkeller Saturday Social Run

The last run was comfortable but too quiet, so try a more social weekend option.

no_health_data_collectionno_email_sendno_external_db_writeno_sensitive_free_textprovider_not_connected

Database / Record OS

operations

users

会員登録、認証、設定の親レコード

email_label_only

database_table

operations

auth_identities

email_magic_link / google_oauth / apple_oauth の接続管理

email_label_only

external_provider

commerce

membership_plans

Free Explorer、Social Plus、Host Pro、Brand Partnerの料金/権限定義

none

database_table

commerce

membership_subscriptions

有料会員、ホスト、スポンサーの契約状態

contact_label

database_table

commerce

payment_checkout_sessions

Checkout作成、成功/キャンセル、入金確認

contact_label

external_provider

commerce

stripe_webhook_events

Stripe Checkout/Subscription/Refundイベントの署名検証、冪等性、処理状態

contact_label

external_provider

trust_safety

payment_audit_transitions

決済Webhookがmembership/payment状態をどう変えたかの監査証跡

contact_label

database_table

community

clubs

クラブ掲載、言語信頼度、参加導線、ソース証跡

none

database_table

community

events

今週参加できるラン予定、日時、集合場所、初参加文脈

none

database_table

community

event_map_pins

Strava風の地図発見に使う緯度経度、日時ラベル、クラブ/イベント導線

none

database_table

community

host_event_draft_reviews

個人/クラブホストのイベント下書きをowner/source/safety review完了までlocal_draft_onlyで止める内部レビューキュー

contact_label

database_table

community

operators

membership_platformやrace_operatorを通常ランクラブと分けて管理する隣接オペレーター台帳

none

database_table

community

operator_source_checks

operatorごとの公式ソース確認、evidence status、membership/races分岐ゲート

none

database_table

trust_safety

trust_safety_cases

通報、掲載修正、Owner claim、takedown SLAの内部レビューキュー

contact_label

database_table

commerce

gear_products

On、Nike、adidas、ASICSなどの公式リンク、比較軸、affiliate-ready状態

none

database_table

commerce

gear_product_use_cases

ジョギング、ランニング、本格トレーニングなど用途別のおすすめ文脈

none

database_table

commerce

shop_places

購入場所、試着、ランステ、スポンサー候補の掲載管理

none

database_table

growth

analytics_events

Weekly Run Decisions、参加CTA、保存、ギア/店舗クリック、ホスト開始、ニュースレター開始の集計

none

external_provider

trust_safety

audit_logs

管理操作、決済状態、掲載更新の監査

contact_label

database_table

Admin queue

P1 / auth_review

Google OAuth consent screen and callback URL setup

Operations / waiting_provider / before beta invite

P0 / payment_queue

Stripe Checkout products for Social Plus and Host Pro

Commerce / waiting_provider / before paid beta

P0 / payment_queue

Webhook before charging: signature verification, idempotency, and audit transitions

Commerce / in_progress / before any real Stripe Checkout charge

P0 / record_ops

Move seed files into managed database tables

CTO / todo / before public launch

P1 / trust_safety

Audit log viewer and owner-change approvals

Trust/Safety / in_progress / before club owner onboarding

P0 / trust_safety

Incident/moderation and owner-claim SLA review queue

Trust/Safety / in_progress / before public growth and self-serve host posting

Audit log

auth_session_created

auth_identity: auth-email-demo-001

Email Magic link session opened for demo member.

checkout_session_created

payment_checkout_session: checkout-demo-social-plus

stripe_checkout readiness record created. No external charge was attempted.

club_record_updated

club: meguro-river-lazy-runners

Marked as managed record for future afterRunPlan and firstTimerMood fields.

stripe_webhook_received

stripe_webhook_event: stripe-event-checkout-completed

Webhook contract row added. signature_verification_required and idempotency_key are required before any fulfillment.

Webhook audit

Stripe events before paid beta

実課金前に、署名検証、idempotency、支払い状態遷移、監査ログをひと続きで確認します。 現在は`provider_not_connected`で、POSTは`write_disabled`です。

/api/checkout/webhook

checkout.session.completed

Stripe Checkoutで支払いが完了した会員/ホスト/スポンサーをpaidまたはactiveへ進める。

stripe_webhook_processed

checkout.session.async_payment_succeeded

遅延決済が成功したCheckout sessionをpaidへ進める。

stripe_webhook_processed

checkout.session.async_payment_failed

遅延決済失敗を記録し、会員機能の解放を止める。

stripe_webhook_failed

checkout.session.expired

未完了Checkout sessionをexpiredとして閉じ、再作成導線へ戻す。

stripe_webhook_processed

invoice.paid

継続課金の成功をmembership_subscriptionsへ反映する。

stripe_webhook_processed

invoice.payment_failed

継続課金失敗をpast_dueとして記録し、会員向け通知キューへ送る。

stripe_webhook_failed

customer.subscription.deleted

解約済みsubscriptionをcancelledへ変更し、Host Pro掲載権限を見直す。

stripe_webhook_processed

charge.refunded

返金をpayment_refund_recordedとして監査ログへ残し、管理キューで確認する。

payment_refund_recorded

readypaid

checkout.session.completed

Checkout session fulfilled once after signature verification and idempotency check.

If fulfillment fails, keep subscription in manual_review and show it in Payment queue.

openedpaid

checkout.session.async_payment_succeeded

Async payment succeeded after the initial Checkout redirect.

If the session cannot be matched, record a failed webhook row and do not unlock paid features.

openedexpired

checkout.session.async_payment_failed

Async payment failed; no membership entitlement should be granted.

Offer a new Checkout session only after the user explicitly retries.

readyexpired

checkout.session.expired

Checkout session expired without payment.

Keep the plan visible but require a new Checkout session.

trialingactive

invoice.paid

Recurring invoice paid; subscription period can be extended.

If invoice cannot be matched, leave subscription in manual_review.

activepast_due

invoice.payment_failed

Recurring invoice failed; notify member without revealing payment details.

Keep access policy conservative until the payment provider confirms recovery.

activecancelled

customer.subscription.deleted

Provider subscription deleted; paid entitlements end at the configured period boundary.

Manually review sponsor/host listings that depend on the paid plan.

paidcancelled

charge.refunded

Refund recorded and linked to the original checkout session.

Send the row to Trust/Safety before hiding historical receipts.

Analytics consent

Measure the loop, not the person

Recommended provider: Plausible Analytics. Current mode is provider_not_connected; no external analytics script is loaded. Existing `data-analytics-event` markers stay provider-neutral until privacy/legal approval.

docs/2026-06-29_analytics-provider-consent-decision.md

Provider / stance

Plausible Analytics

aggregate_measurement_without_cookies_until_provider_review. provider_not_connected until legal, DPA, domain, and script review are done.

Allowed

data-analytics-eventpath_template_onlyanonymous surface labelsevent_id / club_id / content_idaggregate conversion counts

Blocked

no_cookieno_session_replayno_autocapturepath_template_only

No cookie, no session replay, no autocapture, no email/name/free_text/full_url in analytics.

Plausible Analytics: recommended_for_beta

PostHog: fallback

Cloudflare Web Analytics: defer

Vercel Web Analytics: defer

Email readiness

Auth.js + Resend drafts

Magic link、Weekly Run Guide、Host schedule digestを送信前にレビューします。 現在はprovider_not_connectedで、全テンプレートはdraft_no_sendです。

/api/email/templates

magic_link_sign_in / ja

Tokyo Run Guide にサインイン

Auth.js email provider actionに渡す前の文面レビュー用。provider_not_connectedの間は送信しない。

draft_no_send

weekly_run_guide / ja

今週、東京で気軽に走れる場所

consent ledgerでweekly_recommendationが許可された会員だけが対象。現在はテンプレート確認のみ。

draft_no_send

host_schedule_digest / ja

今週のラン予定を確認してください

ホスト連絡同意とowner verificationが揃うまで送信しない。

provider_not_connected

host_draft_receipt / ja

Host draft receipt: 下書きを受け取りました

Host draft receipt is a review-only template. It mirrors received_locally_pending_review and expectedReviewWindow, but no email send happens until Auth.js + Resend, consent, and human approval are connected.

provider_not_connected

payment_update / ja

Tokyo Run Guide のプラン状態

Stripe webhook auditと特商法表示が揃うまで送信しない。

provider_not_connected

Notification outbox

read_only_notification_outbox_preview

host_draft_receipt、host_schedule_digest、weekly_run_guideの通知予定を provider_not_connectedのまま確認します。No provider queue write / No email send / No push send。

Mode: read_only_notification_outbox_preview

canSendEmail: false

canSendPush: false

canWriteProviderQueue: false

host_draft_receipt / email

Host draft receipt: 下書きを受け取りました

Review owner/source/safety evidence, consent, and sender domain before any provider queue is connected.

blocked_provider_not_connected / provider_not_connected

host_schedule_digest / email

今週のラン予定を確認してください

Keep the row in read_only_notification_outbox_preview and prepare provider review notes.

blocked_consent_or_review_required / provider_not_connected

weekly_run_guide / push

今週、東京で気軽に走れる場所

Confirm consent ledger, source freshness, and notification provider policy before any real send path.

queued_preview_only / provider_not_connected

Provider checklist

Auth.js / auth / ready_to_configure

Magic link callback, OAuth callback, and session adapter design

Surface: /account

Supabase / database / blocked_external_account

Create project, map record tables, and enable row-level access policy review

Surface: /admin

Stripe Checkout / payment / blocked_external_account

Create Social Plus and Host Pro products, success/cancel URLs, and webhook policy

Surface: /checkout

Resend / email / not_started

Prepare Magic link and weekly run guide email templates

Surface: /account

Neon / database / not_started

Evaluate Postgres fallback if Supabase is not selected

Surface: /admin

Plausible Analytics / analytics / blocked_external_account

Connect only after privacy text, consent stance, DPA/provider account, and production domain approval.

Surface: /admin

Record snapshots

users / operations

Connect signup_intent records to the selected auth provider.

/account / email_label_only

1

consent_ledger / operations

Keep consent versions separate for newsletter, payment, and host contact.

/account / email_label_only

3

clubs / community

Review afterRunPlan, firstTimerMood, and socialPressureLevel before owner claims.

/admin/clubs / none

27

events / community

Confirm latest schedule source before publishing public reminders.

/admin/events / none

32

host_event_draft_reviews / community

Keep local_draft_only until owner/source/safety review passes; inspect via /api/host/event-drafts without provider writes.

/admin/events / contact_label

1

operators / community

Review official source requirements before splitting into membership or races.

/admin/operators / none

2

trust_safety_cases / trust_safety

Confirm P0/P1 SLA owner before self-serve host posting or owner_verified changes.

/admin/trust-safety / contact_label

4

payment_checkout_sessions / commerce

Hold all write actions until Stripe Checkout provider setup is approved.

/checkout / contact_label

2

stripe_webhook_events / commerce

Implement signature verification and idempotency before enabling paid Checkout.

/admin / contact_label

8

Provider decision

Recommended beta stack

Auth.js + Resend、Supabase Postgres、Stripe Checkoutをbetaの第一候補にします。 外部アカウント作成、シークレット保存、実送信、実課金は人間承認まで行いません。

docs/2026-06-29_provider-selection-decision.md

auth / recommended_for_beta

Auth.js

Next.js内でMagic link、Google/Apple OAuth、セッション、DB adapterを制御しやすい。Supabase Authへの全面ロックインを避ける。

database / recommended_for_beta

Supabase Postgres

Postgres、Storage、Row Level Security、管理UIをまとめて扱えるため、club/event/member/payment recordsの初期運用に向く。

payment / recommended_for_beta

Stripe Checkout

Social Plus、Host Pro、Brand Partnerのサブスク/一回払い導線を最小実装しやすい。Webhook監査と特商法表示が接続条件。

email / recommended_for_beta

Resend

React Email/開発者体験が強く、Magic link、週次ランガイド、ホスト通知のテンプレートをコード管理しやすい。

analytics / recommended_for_beta

Plausible Analytics

Public betaでは軽量な集計、no_cookie、no_session_replay、no_autocaptureを優先する。既存のdata-analytics-eventをaggregate conversionとして読む方針に合う。

Auth.js: recommended_for_beta

Supabase Auth: fallback

Supabase Postgres: recommended_for_beta

Neon: fallback

Stripe Checkout: recommended_for_beta

Resend: recommended_for_beta

Postmark: fallback

Plausible Analytics: recommended_for_beta

PostHog: fallback

Cloudflare Web Analytics: defer

Vercel Web Analytics: defer

Next provider setup

課金と認証は、承認後につなぐ。

Stripe Checkout、OAuth、メール送信、DB本番化は外部アカウントとシークレットが必要です。 ここでは送信せず、接続前のレコード設計と運用キューまでを管理します。