chore(admin): align domain and deploy command

apps/admin/worker/index.test.ts

@@ -22,7 +22,7 @@ describe("admin worker firewall", () => {
 
   it("serves the admin access gate when no session cookie is present", async () => {
     const response = await worker.fetch(
-      new Request("https://admin.internal.xtablo.com/", {
+      new Request("https://admin-panel.xtablo.com/", {
         headers: {
           accept: "text/html",
         },
@@ -35,7 +35,7 @@ describe("admin worker firewall", () => {
   });
 
   it("creates a signed app session cookie from a valid access token", async () => {
-    const request = new Request("https://admin.internal.xtablo.com/__admin/access", {
+    const request = new Request("https://admin-panel.xtablo.com/__admin/access", {
       body: new URLSearchParams({ accessToken: env.ADMIN_APP_ACCESS_TOKEN }),
       headers: {
         "Content-Type": "application/x-www-form-urlencoded",
@@ -46,13 +46,13 @@ describe("admin worker firewall", () => {
     const response = await worker.fetch(request, env);
 
     expect(response.status).toBe(302);
-    expect(response.headers.get("location")).toBe("https://admin.internal.xtablo.com/");
+    expect(response.headers.get("location")).toBe("https://admin-panel.xtablo.com/");
     expect(response.headers.get("set-cookie")).toContain(`${ADMIN_APP_SESSION_COOKIE}=`);
   });
 
   it("allows authenticated requests through to static assets", async () => {
     const session = await createSignedAdminAppSession(env.ADMIN_APP_SESSION_SECRET);
-    const request = new Request("https://admin.internal.xtablo.com/", {
+    const request = new Request("https://admin-panel.xtablo.com/", {
       headers: {
         cookie: `${ADMIN_APP_SESSION_COOKIE}=${session}`,
       },
@@ -65,7 +65,7 @@ describe("admin worker firewall", () => {
   });
 
   it("rejects invalid access tokens", async () => {
-    const request = new Request("https://admin.internal.xtablo.com/__admin/access", {
+    const request = new Request("https://admin-panel.xtablo.com/__admin/access", {
       body: new URLSearchParams({ accessToken: "wrong-token" }),
       headers: {
         accept: "text/html",

apps/admin/wrangler.toml

@@ -9,8 +9,4 @@ not_found_handling = "single-page-application"
 [observability]
 enabled = true
 
-[env.staging]
-route = { pattern = "admin-staging.internal.xtablo.com", custom_domain = true }
-
-[env.production]
-route = { pattern = "admin.internal.xtablo.com", custom_domain = true }
+route = { pattern = "admin-panel.xtablo.com", custom_domain = true }

docs/ADMIN_APP_ACCESS_SETUP.md

@@ -12,6 +12,22 @@ Set these values for `apps/admin`:
 `ADMIN_APP_ACCESS_TOKEN` is the first-layer token required before the admin SPA will be served.
 `ADMIN_APP_SESSION_SECRET` signs the worker-issued app session cookie after that token is accepted.
 
+Production domain: `https://admin-panel.xtablo.com`
+
+## Deploy commands
+
+Use the root command:
+
+```bash
+pnpm deploy:admin
+```
+
+Or directly from the app package:
+
+```bash
+pnpm --filter @xtablo/admin deploy
+```
+
 ## Required API configuration
 
 Set these values for `apps/api`:
@@ -22,7 +38,7 @@ Set these values for `apps/api`:
 
 `ADMIN_TOKEN_SIGNING_SECRET` signs short-lived admin session tokens.
 `ADMIN_TOKEN_AUDIENCE` scopes privileged access to the admin app only.
-`ADMIN_APP_URL` is the allowed frontend origin for the internal admin surface.
+`ADMIN_APP_URL` is the allowed frontend origin for the admin surface, for example `https://admin-panel.xtablo.com`.
 
 ## Access model
 

package.json

@@ -20,7 +20,7 @@
     "dev:api": "turbo dev --filter=@xtablo/api",
     "deploy:main:staging": "turbo deploy:staging --filter=@xtablo/main",
     "deploy:main:prod": "turbo deploy:prod --filter=@xtablo/main",
-    "deploy:admin": "turbo deploy --filter=@xtablo/admin",
+    "deploy:admin": "pnpm --filter @xtablo/admin deploy",
     "deploy:chat": "turbo deploy --filter=@xtablo/chat-worker",
     "deploy:external": "turbo deploy --filter=@xtablo/external",
     "lint": "turbo lint",