Internships marketplace.

Schools want to send their students into real workplaces. Companies want trained interns from credible schools. Most platforms solve one side and force the other to live on email and LinkedIn. The friction compounds: companies post in fifty places, schools spam-spray applications nobody curated, and nobody knows which placements actually completed.

And when companies do get a portal in other systems, the price is a full user account inside the school's identity namespace — which the school's security team will never approve.

YESS internships is a two-way curated marketplace where YESS is the broker. There are three actors and one source of truth.

• YESS super-admin vets partner companies, posts platform-level opportunities, sells slots cross-tenant to subscriber schools, and moderates anything companies submit themselves.
• Partner companies access their own portal via a magic link — no Supabase Auth account, no password, no user-namespace pollution. The link is the credential; revoking it bricks access immediately.
• Schools purchase slots per opportunity, choose the allocation method (merit / first-come / student-paid / admin-assigned / hybrid), and review their students' applications. Students at a paid-in school browse, apply, accept or decline offers, and after the placement upload their reflection.

Companies don't get user accounts — they get a URL like /c/yic_<64-hex-chars>. The token is the secret. Behind the scenes it's 256 bits of entropy generated via gen_random_bytes(32), prefixed yic_ so it's distinguishable in logs. Every public RPC funnels through one internal resolver that checks revocation + expiry + scope on every call.

From the portal a verified partner can:

• See the company header + which scopes the link grants (post, view_applications, manage_applications, manage_placements).
• Post new opportunities from a guided form. Every submission lands in moderation_status='pending' and is invisible to students until a YESS super-admin approves it. The reviewer can also request changes, sending feedback the company sees on their own list.
• See every application across their opportunities, with a privacy-safe student snippet (first name, last name, school, country — never email/phone/address).
• Drive the company-side state machine: under_review → interview_scheduled → offer_received → rejected. Accepted and declined remain student-initiated. Status changes ping the student via the notification fanout.
• Submit the final supervisor evaluation with score, document URL, and outcome (completed / terminated_early / no_show). Closing this loop sets completion_status, notifies the student, and surfaces the result in their portfolio.

Every company-submitted opportunity lands in /dashboard/internships/admin/moderation. The YESS team gets a notification (fanout to every user holding internships.moderate) and reviews: title, description, requirements, slots, deadline, eligibility, company verification status, and token provenance.

Three actions: approve flips it to approved + sets status='active' so schools see it immediately; request changes returns it to the company with notes and keeps it hidden from students; reject kills it with feedback. Every action is captured in audit_logs under internships.opportunity.

The cross-tenant economics:

1. A school's admin browses approved opportunities and asks YESS to sell them slots, or YESS reaches out proactively.
2. YESS super-admin executes useSellSlots() — inserts a row into school_opportunity_slots with a price per slot and a payment status (paid / free / pending).
3. The school admin picks the allocation method from /dashboard/internships/settings. This is the lever for "make students pay" or "use slots as motivation reward."
4. Students browse /dashboard/internships, see only opportunities their school has paid slots for, and apply. The enforce_slot_purchase() trigger validates eligibility on every application INSERT — if the school didn't pay, the application is rejected with 42501.
5. Application flows through the company state machine, then into the placement lifecycle.

Most platforms stop at "accepted." YESS marks the placement window, watches the company supervisor's evaluation come in, and closes the loop with a score, document, and notification.

After acceptance, the application carries:

• placement_start_date and placement_end_date (scheduled window)
• completion_status:not_started → in_progress (auto-set when status='accepted' and start_date has passed) → completed / terminated_early / no_show
• supervisor_evaluation_score, supervisor_evaluation_url, supervisor_notes (submitted by the company)
• student_reflection_url, student_reflection_notes (student uploads post-placement)
• certificate_url, certificate_generated_at (school-issued, ties into the C12 certificate engine)

Completion fires another notification. The school sees who actually finished where. The student carries the evaluation document into their alumni profile when they graduate.