In revision.
Crisp5 min readGo deeper →

Binocs - 24h admin tool for 40+ users

Shipped a Next.js internal admin panel end-to-end in 24 hours, 40-plus internal users were on it the next morning.

I shipped the Binocs internal admin tool end-to-end in 24 hours. 40-plus internal users were on it the next morning. The whole story is one principle - scope discipline.

The ask came Tuesday evening from the lead engineer. Ops was using a Google Sheet plus 3 separate Retool dashboards to manage user invites, deal access, and feature flags. Could we just have one admin panel. I said yes by Wednesday evening.

The thing I did right was kill scope. I asked ops "what do you do every day, in order, on the existing tools". They listed 7 things. I shipped exactly those 7 screens. I did not ship the "nice to have" reporting view, the audit timeline, or the bulk import. Those came in week two. Day one had to ship.

Stack - Next.js App Router, NextAuth with Google SSO restricted to the company domain, Postgres (same DB as the main app, just a separate schema with views for safety), shadcn/ui for components, Vercel for deploy. Boring on purpose. No new infra, no new dependencies the team had not seen before.

The admin tool architecture. Same DB, separate concerns.

The 7 screens - list and invite users, assign users to deals, toggle feature flags per org, view user activity, suspend or reinstate a user, reset MFA, view billing status. Each screen was one route, one server action, one form. shadcn tables and forms, no custom CSS, no custom anything.

The single biggest time-saver was server actions. No API routes, no client-side fetch logic, no error boundary plumbing. Form submits, server action runs, page revalidates. Boring and fast.

Auth was Google SSO with a domain check. If your email did not end in our company domain, you got a 403. Inside the app, two roles - admin (full access) and ops (everything except destructive actions). RBAC was a single middleware function, not a library.

The audit log was 8 lines of code. Every server action wrote one row to an admin_audit_log table with the user, the action, the target, the diff, the timestamp. Day one we had a record of every change anyone made. Compliance loved it later.

40 users on day one, no incidents, no rollback. The lesson is not "ship fast". The lesson is "cut scope hard, then ship fast".

Learn more