Loading…
Solutions · Internal Tools · Canarlo
Next.js 16, Supabase, TypeScript. The admin tool ops staff actually open — role-scoped, audited, keyboard-friendly, deployed in your repo. For the moment Retool's constraints become blockers and the per-seat bill outweighs the morning it saved you.
Who this is for
Retool got you a working admin tool in a morning. By month six the screen has thirty fields, the per-user seat bill is over a thousand a month, and finance refuses to add accounts. We rebuild on your stack and the seat cap goes away.
Customer support needs to issue a refund, edit an address, impersonate a user. The dev console works but is dangerous. We ship a real admin surface — role-scoped, audited, keyboard-friendly, with the destructive actions guarded.
Three admin tools in three different stacks, two of them abandoned. Login surface diverged. We bring admin into the same repo as the product. One auth model, one design system, one diff.
What we ship
Foundations
Staff accounts, admin accounts, contractor accounts. Email, magic link, TOTP. Every login event logged. Roles enforced at the database. SSO available on the enterprise tier.
Support rep sees the tickets in their queue. Manager sees the team. Sensitive fields gated by role. Enforced at the row in Postgres — never hidden in the admin UI.
Full-text plus trigram fuzzy matching across users, accounts, orders. Find the customer from a half-remembered email. Page size clamped, cursor pagination, indexed at the database.
Every impersonation, refund, password reset, account merge captured with actor, target, before and after. The trail your security review and your customer-support lead both ask for.
Structured JSON logs with PII redacted. Sentry wired before launch. Latency and error-rate dashboards live day one — not retrofitted after a destructive action goes wrong.
Every pull request gets a live URL. Tests gate merges. The new admin view lands on a preview environment before ops touches it in production.
Your Vercel team, your Supabase project, your domains, your keys. We deploy with your credentials and walk off at handover. No agency-held tokens, no per-user pricing wall.
Recent build
Illustrative scope
An ops console for a recurring-revenue business. Customer search, subscription state, refund issuance, impersonation, account merge. Role-scoped per team, audited per action, keyboard-driven for the support reps who live in it. Eight weeks, fixed fee. No per-seat tax.
Tech stack
Our process
Step 1
01
One scoping call, then a written brief. The screens your team actually opens, the role matrix, the destructive actions that need a confirm step. Two weeks.
Step 2
02
Schema, API surface, build plan. Data model, role boundary, audit policy named. Two weeks. You sign off before a line is written.
Step 3
03
Six to ten weeks. Weekly demo on a real preview URL. Ops staff click around two weeks before launch. You can read the diff every Friday.
Step 4
04
Deploy to your cloud, migrate the team off Retool over a weekend. Handover doc names the failure mode and the on-call step. Same engineer on the call.
Step 5
05
Optional retainer — security patches, dependency updates, new views as ops evolves. From £500 a month. Same engineer. Cancel any time.
Parent service: Automations
Pricing
Fixed fee, scope written down before billing starts. £15k buys a focused ops console with one role and a clean audit trail. £35k buys multi-role, customer search, refunds, impersonation, the full support surface. £60k buys the platform — workflow tools, custom views, a year of headroom for the next ops hire.
Full pricing rationale and cost breakdown: How much does AI engineering cost?
Frequently asked
Retool is right until the seat fees eclipse the value, or until a customer asks where their data lives and the answer is a third-party tenant. Custom internal tools live in your codebase, share your auth, query your database directly. No per-editor licence. No vendor-side outage that takes ops offline. Plain TypeScript any engineer can extend.
Yes. New table, new column, new dashboard, new bulk action — added in a normal pull request. The pattern is the same one every screen already uses, so a new view is hours, not a Retool snowflake. Your engineering team extends it without us once the handover lands.
Non-tech staff first. Support, ops, finance, customer success — the people who do the work. Designed for them, not the engineer who built it. Search that handles typos. Bulk actions with a confirmation. Audit log so a mistake can be traced. Devs get the same tool, plus raw SQL when they need it.
Role-based, per-collection, enforced at the database via row-level security. Support sees customer records but not finance data. Finance sees revenue but not raw PII. Audit log on every read of sensitive fields. Two-factor on every admin login. The boundary holds even if the UI has a bug.
You. Your repo, your Supabase, your domain, your keys. No per-seat licence, no vendor lock-in, no annual renewal. Plain TypeScript any competent engineer can read. The handover names every role, every cron, every environment variable. Sack us tomorrow and ops keeps running.
Start here
Twenty-minute call to scope the surface. Proposal in your inbox inside forty-eight hours.