Live network-wide functionality

Network customer/account sync records

Redacted Shopify customer snapshots, customer sync policies, and intake records across tenants.

empty

Visible records

Live Sanity records returned for this workstream.

Diagnostics

Superadmin data is network-wide and intentionally independent of the current domain shortcut.

Open canonical Studio ↗Manage network records in Sanity Studio.Configured Studio host ↗External Studio host. Check the functional action center status before relying on it for editor work.Open tenant registry →Create, search, and verify tenant records.Open operations →Review credential and deployment status.

Live records

0 returned · values are scoped and secret-safe

No live records returned for this workstream. This is a true empty state only when the status is empty; otherwise follow the diagnostics above.

Functional action center

Customer/account sync governance

This module uses authenticated dashboard workflows and diagnostic envelopes instead of placeholder copy. It can read, create, moderate, or launch the correct provider surface depending on this workstream's guardrails.

empty

Privacy-safe read-only summaries

Customer/account sync status

Loading live provider state…

Admin read-only

not configured

Latest snapshot

0 customers

Snapshot captured: not captured

Email domains: not available

Tags: not available

Snapshot refresh results appear here. No Shopify customer mutation is ever sent.

Sync all or condition-based per site

Customer sync rule builder

Preview: disabled · disabled · domain only · tag equals …

Customer sync rule result will appear here.

Live scoped records

Customer intake browser

No records match this filter. Empty means empty, not magic. Very enterprise.

← Back to superadmin dashboard

Network customer policy

Customer/account sync governance

Bulk-govern privacy-safe Shopify customer/account sync rules and redacted snapshots across all sites.

needs configuration

Purpose

This surface controls whether each tenant can sync all redacted customer summaries, condition-based customer segments, or no customer/account data at all.

Capabilities

Bulk customer sync policy builder
Disabled/all/condition sync modes
Redaction level controls
Read-only Admin API snapshot refresh
No customer mutation enforcement

Operational workflows

Inspect redacted customer snapshot state.
Apply all-sites or selected-sites sync policies.
Use tags, state, email domain, order count, spend, and consent fields for conditions.
Refresh redacted snapshots only with approved read_customers access.

Guardrails

Shopify customer mutations are forbidden.
Raw customer emails/phones/addresses must not be displayed.
Protected customer data access requires a legitimate approved use and least-privilege token scope.

API/schema contracts

These are technical contract references, not dashboard navigation. Protected APIs require authentication and may return JSON envelopes such as unauthenticated when opened directly.

/api/admin/shopify/customer-synccustomerSyncRule schemashopifyCustomerSnapshot schema

Use the dashboard workstream pages for human workflows. Use these contracts only from authenticated clients, tests, cron jobs, or approved agent integrations.

Next implementation actions

Configure SHOPIFY_ADMIN_API_READONLY_TOKEN only after protected customer-data approval.
Use bulk policy builder for selected tenants.
Review audit events for every rule/snapshot refresh.