@friggframework/admin-scripts 2.0.0--canary.517.41839c5.0 → 2.0.0--canary.517.a37d697.0

package/index.js

@@ -12,7 +12,7 @@ const { AdminFriggCommands, createAdminFriggCommands } = require('./src/applicat
 const { ScriptRunner, createScriptRunner } = require('./src/application/script-runner');
 
 // Infrastructure
-const { adminAuthMiddleware } = require('./src/infrastructure/admin-auth-middleware');
+const { validateAdminApiKey } = require('./src/infrastructure/admin-auth-middleware');
 const { router, app, handler: routerHandler } = require('./src/infrastructure/admin-script-router');
 const { handler: executorHandler } = require('./src/infrastructure/script-executor-handler');
 
@@ -45,7 +45,7 @@ module.exports = {
     createScriptRunner,
 
     // Infrastructure layer
-    adminAuthMiddleware,
+    validateAdminApiKey,
     router,
     app,
     routerHandler,

package/package.json

@@ -1,11 +1,11 @@
 {
     "name": "@friggframework/admin-scripts",
     "prettier": "@friggframework/prettier-config",
-    "version": "2.0.0--canary.517.41839c5.0",
+    "version": "2.0.0--canary.517.a37d697.0",
     "description": "Admin Script Runner for Frigg - Execute maintenance and operational scripts in hosted environments",
     "dependencies": {
         "@aws-sdk/client-scheduler": "^3.588.0",
-        "@friggframework/core": "2.0.0--canary.517.41839c5.0",
+        "@friggframework/core": "2.0.0--canary.517.a37d697.0",
         "bcryptjs": "^2.4.3",
         "express": "^4.18.2",
         "lodash": "4.17.21",
@@ -14,9 +14,9 @@
         "uuid": "^9.0.1"
     },
     "devDependencies": {
-        "@friggframework/eslint-config": "2.0.0--canary.517.41839c5.0",
-        "@friggframework/prettier-config": "2.0.0--canary.517.41839c5.0",
-        "@friggframework/test": "2.0.0--canary.517.41839c5.0",
+        "@friggframework/eslint-config": "2.0.0--canary.517.a37d697.0",
+        "@friggframework/prettier-config": "2.0.0--canary.517.a37d697.0",
+        "@friggframework/test": "2.0.0--canary.517.a37d697.0",
         "chai": "^4.3.6",
         "eslint": "^8.22.0",
         "jest": "^29.7.0",
@@ -49,5 +49,5 @@
         "maintenance",
         "operations"
     ],
-    "gitHead": "41839c5520f3b4a0991017021e54596bbb8c01da"
+    "gitHead": "a37d697613667fff814938b1f30ee2d834c4ffcd"
 }

package/src/application/__tests__/admin-frigg-commands.test.js

@@ -5,7 +5,7 @@ jest.mock('@friggframework/core/integrations/repositories/integration-repository
 jest.mock('@friggframework/core/user/repositories/user-repository-factory');
 jest.mock('@friggframework/core/modules/repositories/module-repository-factory');
 jest.mock('@friggframework/core/credential/repositories/credential-repository-factory');
-jest.mock('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
+jest.mock('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
 jest.mock('@friggframework/core/queues');
 
 describe('AdminFriggCommands', () => {
@@ -13,7 +13,7 @@ describe('AdminFriggCommands', () => {
     let mockUserRepo;
     let mockModuleRepo;
     let mockCredentialRepo;
-    let mockScriptExecutionRepo;
+    let mockAdminProcessRepo;
     let mockQueuerUtil;
 
     beforeEach(() => {
@@ -46,8 +46,8 @@ describe('AdminFriggCommands', () => {
             updateCredential: jest.fn(),
         };
 
-        mockScriptExecutionRepo = {
-            appendExecutionLog: jest.fn().mockResolvedValue(undefined),
+        mockAdminProcessRepo = {
+            appendProcessLog: jest.fn().mockResolvedValue(undefined),
         };
 
         mockQueuerUtil = {
@@ -60,14 +60,14 @@ describe('AdminFriggCommands', () => {
         const { createUserRepository } = require('@friggframework/core/user/repositories/user-repository-factory');
         const { createModuleRepository } = require('@friggframework/core/modules/repositories/module-repository-factory');
         const { createCredentialRepository } = require('@friggframework/core/credential/repositories/credential-repository-factory');
-        const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
+        const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
         const { QueuerUtil } = require('@friggframework/core/queues');
 
         createIntegrationRepository.mockReturnValue(mockIntegrationRepo);
         createUserRepository.mockReturnValue(mockUserRepo);
         createModuleRepository.mockReturnValue(mockModuleRepo);
         createCredentialRepository.mockReturnValue(mockCredentialRepo);
-        createScriptExecutionRepository.mockReturnValue(mockScriptExecutionRepo);
+        createAdminProcessRepository.mockReturnValue(mockAdminProcessRepo);
 
         // Mock QueuerUtil methods
         QueuerUtil.send = mockQueuerUtil.send;
@@ -158,16 +158,16 @@ describe('AdminFriggCommands', () => {
             expect(repo).toBe(mockCredentialRepo);
         });
 
-        it('creates scriptExecutionRepository on first access', () => {
+        it('creates adminProcessRepository on first access', () => {
             const commands = new AdminFriggCommands();
-            const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
+            const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
 
-            expect(createScriptExecutionRepository).not.toHaveBeenCalled();
+            expect(createAdminProcessRepository).not.toHaveBeenCalled();
 
-            const repo = commands.scriptExecutionRepository;
+            const repo = commands.adminProcessRepository;
 
-            expect(createScriptExecutionRepository).toHaveBeenCalledTimes(1);
-            expect(repo).toBe(mockScriptExecutionRepo);
+            expect(createAdminProcessRepository).toHaveBeenCalledTimes(1);
+            expect(repo).toBe(mockAdminProcessRepo);
         });
     });
 
@@ -551,15 +551,15 @@ describe('AdminFriggCommands', () => {
         it('log() persists if executionId set', async () => {
             const commands = new AdminFriggCommands({ executionId: 'exec_123' });
             // Force repository creation
-            commands.scriptExecutionRepository;
+            commands.adminProcessRepository;
 
             commands.log('warn', 'Warning message', { detail: 'xyz' });
 
             // Give async operation a chance to execute
             await new Promise(resolve => setImmediate(resolve));
 
-            expect(mockScriptExecutionRepo.appendExecutionLog).toHaveBeenCalled();
-            const callArgs = mockScriptExecutionRepo.appendExecutionLog.mock.calls[0];
+            expect(mockAdminProcessRepo.appendProcessLog).toHaveBeenCalled();
+            const callArgs = mockAdminProcessRepo.appendProcessLog.mock.calls[0];
             expect(callArgs[0]).toBe('exec_123');
             expect(callArgs[1].level).toBe('warn');
             expect(callArgs[1].message).toBe('Warning message');
@@ -572,14 +572,14 @@ describe('AdminFriggCommands', () => {
 
             await new Promise(resolve => setImmediate(resolve));
 
-            expect(mockScriptExecutionRepo.appendExecutionLog).not.toHaveBeenCalled();
+            expect(mockAdminProcessRepo.appendProcessLog).not.toHaveBeenCalled();
         });
 
         it('log() handles persistence failure gracefully', async () => {
             const commands = new AdminFriggCommands({ executionId: 'exec_123' });
             // Force repository creation
-            commands.scriptExecutionRepository;
-            mockScriptExecutionRepo.appendExecutionLog.mockRejectedValue(new Error('DB Error'));
+            commands.adminProcessRepository;
+            mockAdminProcessRepo.appendProcessLog.mockRejectedValue(new Error('DB Error'));
 
             // Should not throw
             expect(() => commands.log('error', 'Test error')).not.toThrow();

package/src/application/__tests__/script-runner.test.js

@@ -36,9 +36,9 @@ describe('ScriptRunner', () => {
         scriptFactory = new ScriptFactory([TestScript]);
 
         mockCommands = {
-            createScriptExecution: jest.fn(),
-            updateScriptExecutionStatus: jest.fn(),
-            completeScriptExecution: jest.fn(),
+            createAdminProcess: jest.fn(),
+            updateAdminProcessState: jest.fn(),
+            completeAdminProcess: jest.fn(),
         };
 
         mockFrigg = {
@@ -49,11 +49,11 @@ describe('ScriptRunner', () => {
         createAdminScriptCommands.mockReturnValue(mockCommands);
         createAdminFriggCommands.mockReturnValue(mockFrigg);
 
-        mockCommands.createScriptExecution.mockResolvedValue({
+        mockCommands.createAdminProcess.mockResolvedValue({
             id: 'exec-123',
         });
-        mockCommands.updateScriptExecutionStatus.mockResolvedValue({});
-        mockCommands.completeScriptExecution.mockResolvedValue({ success: true });
+        mockCommands.updateAdminProcessState.mockResolvedValue({});
+        mockCommands.completeAdminProcess.mockResolvedValue({ success: true });
     });
 
     afterEach(() => {
@@ -76,7 +76,7 @@ describe('ScriptRunner', () => {
             expect(result.executionId).toBe('exec-123');
             expect(result.metrics.durationMs).toBeGreaterThanOrEqual(0);
 
-            expect(mockCommands.createScriptExecution).toHaveBeenCalledWith({
+            expect(mockCommands.createAdminProcess).toHaveBeenCalledWith({
                 scriptName: 'test-script',
                 scriptVersion: '1.0.0',
                 trigger: 'MANUAL',
@@ -85,12 +85,12 @@ describe('ScriptRunner', () => {
                 audit: { apiKeyName: 'test-key' },
             });
 
-            expect(mockCommands.updateScriptExecutionStatus).toHaveBeenCalledWith(
+            expect(mockCommands.updateAdminProcessState).toHaveBeenCalledWith(
                 'exec-123',
                 'RUNNING'
             );
 
-            expect(mockCommands.completeScriptExecution).toHaveBeenCalledWith(
+            expect(mockCommands.completeAdminProcess).toHaveBeenCalledWith(
                 'exec-123',
                 expect.objectContaining({
                     status: 'COMPLETED',
@@ -128,7 +128,7 @@ describe('ScriptRunner', () => {
             expect(result.scriptName).toBe('failing-script');
             expect(result.error.message).toBe('Script failed');
 
-            expect(mockCommands.completeScriptExecution).toHaveBeenCalledWith(
+            expect(mockCommands.completeAdminProcess).toHaveBeenCalledWith(
                 'exec-123',
                 expect.objectContaining({
                     status: 'FAILED',
@@ -178,8 +178,8 @@ describe('ScriptRunner', () => {
             });
 
             expect(result.executionId).toBe('existing-exec-456');
-            expect(mockCommands.createScriptExecution).not.toHaveBeenCalled();
-            expect(mockCommands.updateScriptExecutionStatus).toHaveBeenCalledWith(
+            expect(mockCommands.createAdminProcess).not.toHaveBeenCalled();
+            expect(mockCommands.updateAdminProcessState).toHaveBeenCalledWith(
                 'existing-exec-456',
                 'RUNNING'
             );

package/src/application/admin-frigg-commands.js

@@ -25,7 +25,7 @@ class AdminFriggCommands {
         this._userRepository = null;
         this._moduleRepository = null;
         this._credentialRepository = null;
-        this._scriptExecutionRepository = null;
+        this._adminProcessRepository = null;
     }
 
     // ==================== LAZY-LOADED REPOSITORIES ====================
@@ -62,12 +62,12 @@ class AdminFriggCommands {
         return this._credentialRepository;
     }
 
-    get scriptExecutionRepository() {
-        if (!this._scriptExecutionRepository) {
-            const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
-            this._scriptExecutionRepository = createScriptExecutionRepository();
+    get adminProcessRepository() {
+        if (!this._adminProcessRepository) {
+            const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
+            this._adminProcessRepository = createAdminProcessRepository();
         }
-        return this._scriptExecutionRepository;
+        return this._adminProcessRepository;
     }
 
     // ==================== INTEGRATION QUERIES ====================
@@ -209,7 +209,7 @@ class AdminFriggCommands {
 
         // Persist to execution record if we have an executionId
         if (this.executionId) {
-            this.scriptExecutionRepository.appendExecutionLog(this.executionId, entry)
+            this.adminProcessRepository.appendProcessLog(this.executionId, entry)
                 .catch(err => console.error('Failed to persist log:', err));
         }
 

package/src/application/admin-script-base.js

@@ -1,5 +1,4 @@
-const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
-const { createAdminApiKeyRepository } = require('@friggframework/core/admin-scripts/repositories/admin-api-key-repository-factory');
+const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
 
 /**
  * Admin Script Base Class
@@ -87,8 +86,7 @@ class AdminScriptBase {
         this.integrationFactory = params.integrationFactory || null;
 
         // OPTIONAL: Injected repositories (for testing or custom implementations)
-        this.scriptExecutionRepository = params.scriptExecutionRepository || null;
-        this.adminApiKeyRepository = params.adminApiKeyRepository || null;
+        this.adminProcessRepository = params.adminProcessRepository || null;
     }
 
     /**

package/src/application/script-runner.js

@@ -50,7 +50,7 @@ class ScriptRunner {
 
         // Create execution record if not provided
         if (!executionId) {
-            const execution = await this.commands.createScriptExecution({
+            const execution = await this.commands.createAdminProcess({
                 scriptName,
                 scriptVersion: definition.version,
                 trigger,
@@ -66,7 +66,7 @@ class ScriptRunner {
         try {
             // Update status to RUNNING (skip in dry-run)
             if (!dryRun) {
-                await this.commands.updateScriptExecutionStatus(executionId, 'RUNNING');
+                await this.commands.updateAdminProcessState(executionId, 'RUNNING');
             }
 
             // Create frigg commands for the script
@@ -99,7 +99,7 @@ class ScriptRunner {
 
             // Complete execution (skip in dry-run)
             if (!dryRun) {
-                await this.commands.completeScriptExecution(executionId, {
+                await this.commands.completeAdminProcess(executionId, {
                     status: 'COMPLETED',
                     output,
                     metrics: {
@@ -140,7 +140,7 @@ class ScriptRunner {
 
             // Record failure (skip in dry-run)
             if (!dryRun) {
-                await this.commands.completeScriptExecution(executionId, {
+                await this.commands.completeAdminProcess(executionId, {
                     status: 'FAILED',
                     error: {
                         name: error.name,

package/src/infrastructure/__tests__/admin-auth-middleware.test.js

@@ -1,22 +1,17 @@
-const { adminAuthMiddleware } = require('../admin-auth-middleware');
+const { validateAdminApiKey } = require('../admin-auth-middleware');
 
-// Mock the admin script commands
-jest.mock('@friggframework/core/application/commands/admin-script-commands', () => ({
-    createAdminScriptCommands: jest.fn(),
-}));
-
-const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
-
-describe('adminAuthMiddleware', () => {
+describe('validateAdminApiKey', () => {
     let mockReq;
     let mockRes;
     let mockNext;
-    let mockCommands;
+    let originalEnv;
 
     beforeEach(() => {
+        originalEnv = process.env.ADMIN_API_KEY;
+        process.env.ADMIN_API_KEY = 'test-admin-key-123';
+
         mockReq = {
             headers: {},
-            ip: '127.0.0.1',
         };
 
         mockRes = {
@@ -25,124 +20,66 @@ describe('adminAuthMiddleware', () => {
         };
 
         mockNext = jest.fn();
-
-        mockCommands = {
-            validateAdminApiKey: jest.fn(),
-        };
-
-        createAdminScriptCommands.mockReturnValue(mockCommands);
     });
 
     afterEach(() => {
+        if (originalEnv) {
+            process.env.ADMIN_API_KEY = originalEnv;
+        } else {
+            delete process.env.ADMIN_API_KEY;
+        }
         jest.clearAllMocks();
     });
 
-    describe('Authorization header validation', () => {
-        it('should reject request without Authorization header', async () => {
-            await adminAuthMiddleware(mockReq, mockRes, mockNext);
-
-            expect(mockRes.status).toHaveBeenCalledWith(401);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Missing or invalid Authorization header',
-                code: 'MISSING_AUTH',
-            });
-            expect(mockNext).not.toHaveBeenCalled();
-        });
-
-        it('should reject request with invalid Authorization format', async () => {
-            mockReq.headers.authorization = 'InvalidFormat key123';
+    describe('Environment configuration', () => {
+        it('should reject when ADMIN_API_KEY not configured', () => {
+            delete process.env.ADMIN_API_KEY;
 
-            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+            validateAdminApiKey(mockReq, mockRes, mockNext);
 
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Missing or invalid Authorization header',
-                code: 'MISSING_AUTH',
+                error: 'Unauthorized',
+                message: 'Admin API key not configured',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
     });
 
-    describe('API key validation', () => {
-        it('should reject request with invalid API key', async () => {
-            mockReq.headers.authorization = 'Bearer invalid-key';
-            mockCommands.validateAdminApiKey.mockResolvedValue({
-                error: 401,
-                reason: 'Invalid API key',
-                code: 'INVALID_API_KEY',
-            });
-
-            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+    describe('Header validation', () => {
+        it('should reject request without x-frigg-admin-api-key header', () => {
+            validateAdminApiKey(mockReq, mockRes, mockNext);
 
-            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith('invalid-key');
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Invalid API key',
-                code: 'INVALID_API_KEY',
+                error: 'Unauthorized',
+                message: 'x-frigg-admin-api-key header required',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
+    });
 
-        it('should reject request with expired API key', async () => {
-            mockReq.headers.authorization = 'Bearer expired-key';
-            mockCommands.validateAdminApiKey.mockResolvedValue({
-                error: 401,
-                reason: 'API key has expired',
-                code: 'EXPIRED_API_KEY',
-            });
+    describe('API key validation', () => {
+        it('should reject request with invalid API key', () => {
+            mockReq.headers['x-frigg-admin-api-key'] = 'invalid-key';
 
-            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+            validateAdminApiKey(mockReq, mockRes, mockNext);
 
-            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith('expired-key');
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'API key has expired',
-                code: 'EXPIRED_API_KEY',
+                error: 'Unauthorized',
+                message: 'Invalid admin API key',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
 
-        it('should accept request with valid API key', async () => {
-            const validKey = 'valid-api-key-123';
-            mockReq.headers.authorization = `Bearer ${validKey}`;
-            mockCommands.validateAdminApiKey.mockResolvedValue({
-                valid: true,
-                apiKey: {
-                    id: 'key-id-1',
-                    name: 'test-key',
-                    keyLast4: 'e123',
-                },
-            });
+        it('should accept request with valid API key', () => {
+            mockReq.headers['x-frigg-admin-api-key'] = 'test-admin-key-123';
 
-            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+            validateAdminApiKey(mockReq, mockRes, mockNext);
 
-            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith(validKey);
-            expect(mockReq.adminApiKey).toBeDefined();
-            expect(mockReq.adminApiKey.name).toBe('test-key');
-            expect(mockReq.adminAudit).toBeDefined();
-            expect(mockReq.adminAudit.apiKeyName).toBe('test-key');
-            expect(mockReq.adminAudit.apiKeyLast4).toBe('e123');
-            expect(mockReq.adminAudit.ipAddress).toBe('127.0.0.1');
             expect(mockNext).toHaveBeenCalled();
             expect(mockRes.status).not.toHaveBeenCalled();
         });
     });
-
-    describe('Error handling', () => {
-        it('should handle validation errors gracefully', async () => {
-            mockReq.headers.authorization = 'Bearer some-key';
-            mockCommands.validateAdminApiKey.mockRejectedValue(
-                new Error('Database error')
-            );
-
-            await adminAuthMiddleware(mockReq, mockRes, mockNext);
-
-            expect(mockRes.status).toHaveBeenCalledWith(500);
-            expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Authentication failed',
-                code: 'AUTH_ERROR',
-            });
-            expect(mockNext).not.toHaveBeenCalled();
-        });
-    });
 });

package/src/infrastructure/__tests__/admin-script-router.test.js

@@ -4,13 +4,8 @@ const { AdminScriptBase } = require('../../application/admin-script-base');
 
 // Mock dependencies
 jest.mock('../admin-auth-middleware', () => ({
-    adminAuthMiddleware: (req, res, next) => {
-        // Mock auth - attach admin audit info
-        req.adminAudit = {
-            apiKeyName: 'test-key',
-            apiKeyLast4: '1234',
-            ipAddress: '127.0.0.1',
-        };
+    validateAdminApiKey: (req, res, next) => {
+        // Mock auth - no audit trail with simplified auth
         next();
     },
 }));
@@ -59,8 +54,8 @@ describe('Admin Script Router', () => {
         };
 
         mockCommands = {
-            createScriptExecution: jest.fn(),
-            findScriptExecutionById: jest.fn(),
+            createAdminProcess: jest.fn(),
+            findAdminProcessById: jest.fn(),
             findRecentExecutions: jest.fn(),
         };
 
@@ -143,7 +138,7 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('POST /admin/scripts/:scriptName/execute', () => {
+    describe('POST /admin/scripts/:scriptName', () => {
         it('should execute script synchronously', async () => {
             mockRunner.execute.mockResolvedValue({
                 executionId: 'exec-123',
@@ -154,7 +149,7 @@ describe('Admin Script Router', () => {
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script/execute')
+                .post('/admin/scripts/test-script')
                 .send({
                     params: { foo: 'bar' },
                     mode: 'sync',
@@ -174,12 +169,12 @@ describe('Admin Script Router', () => {
         });
 
         it('should queue script for async execution', async () => {
-            mockCommands.createScriptExecution.mockResolvedValue({
+            mockCommands.createAdminProcess.mockResolvedValue({
                 id: 'exec-456',
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script/execute')
+                .post('/admin/scripts/test-script')
                 .send({
                     params: { foo: 'bar' },
                     mode: 'async',
@@ -198,12 +193,12 @@ describe('Admin Script Router', () => {
         });
 
         it('should default to async mode', async () => {
-            mockCommands.createScriptExecution.mockResolvedValue({
+            mockCommands.createAdminProcess.mockResolvedValue({
                 id: 'exec-789',
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script/execute')
+                .post('/admin/scripts/test-script')
                 .send({
                     params: { foo: 'bar' },
                 });
@@ -216,7 +211,7 @@ describe('Admin Script Router', () => {
             mockFactory.has.mockReturnValue(false);
 
             const response = await request(app)
-                .post('/admin/scripts/non-existent/execute')
+                .post('/admin/scripts/non-existent')
                 .send({
                     params: {},
                 });
@@ -226,15 +221,15 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('GET /admin/executions/:executionId', () => {
+    describe('GET /admin/scripts/:scriptName/executions/:executionId', () => {
         it('should return execution details', async () => {
-            mockCommands.findScriptExecutionById.mockResolvedValue({
+            mockCommands.findAdminProcessById.mockResolvedValue({
                 id: 'exec-123',
                 scriptName: 'test-script',
                 status: 'COMPLETED',
             });
 
-            const response = await request(app).get('/admin/executions/exec-123');
+            const response = await request(app).get('/admin/scripts/test-script/executions/exec-123');
 
             expect(response.status).toBe(200);
             expect(response.body.id).toBe('exec-123');
@@ -242,14 +237,14 @@ describe('Admin Script Router', () => {
         });
 
         it('should return 404 for non-existent execution', async () => {
-            mockCommands.findScriptExecutionById.mockResolvedValue({
+            mockCommands.findAdminProcessById.mockResolvedValue({
                 error: 404,
                 reason: 'Execution not found',
                 code: 'EXECUTION_NOT_FOUND',
             });
 
             const response = await request(app).get(
-                '/admin/executions/non-existent'
+                '/admin/scripts/test-script/executions/non-existent'
             );
 
             expect(response.status).toBe(404);
@@ -257,24 +252,28 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('GET /admin/executions', () => {
-        it('should list recent executions', async () => {
+    describe('GET /admin/scripts/:scriptName/executions', () => {
+        it('should list executions for specific script', async () => {
             mockCommands.findRecentExecutions.mockResolvedValue([
                 { id: 'exec-1', scriptName: 'test-script', status: 'COMPLETED' },
                 { id: 'exec-2', scriptName: 'test-script', status: 'RUNNING' },
             ]);
 
-            const response = await request(app).get('/admin/executions');
+            const response = await request(app).get('/admin/scripts/test-script/executions');
 
             expect(response.status).toBe(200);
             expect(response.body.executions).toHaveLength(2);
+            expect(mockCommands.findRecentExecutions).toHaveBeenCalledWith({
+                scriptName: 'test-script',
+                limit: 50,
+            });
         });
 
         it('should accept query parameters', async () => {
             mockCommands.findRecentExecutions.mockResolvedValue([]);
 
             await request(app).get(
-                '/admin/executions?scriptName=test-script&status=COMPLETED&limit=10'
+                '/admin/scripts/test-script/executions?status=COMPLETED&limit=10'
             );
 
             expect(mockCommands.findRecentExecutions).toHaveBeenCalledWith({

package/src/infrastructure/admin-auth-middleware.js

@@ -1,49 +1,11 @@
-const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
-
 /**
  * Admin API Key Authentication Middleware
  *
- * Validates admin API keys for script endpoints.
- * Expects: Authorization: Bearer <api-key>
+ * Re-exports shared admin auth middleware from @friggframework/core.
+ * Uses simple ENV-based API key validation.
+ * Expects: x-frigg-admin-api-key header
  */
-async function adminAuthMiddleware(req, res, next) {
-    try {
-        const authHeader = req.headers.authorization;
-
-        if (!authHeader || !authHeader.startsWith('Bearer ')) {
-            return res.status(401).json({
-                error: 'Missing or invalid Authorization header',
-                code: 'MISSING_AUTH'
-            });
-        }
-
-        const apiKey = authHeader.substring(7); // Remove 'Bearer '
-        const commands = createAdminScriptCommands();
-        const result = await commands.validateAdminApiKey(apiKey);
-
-        if (result.error) {
-            return res.status(result.error).json({
-                error: result.reason,
-                code: result.code
-            });
-        }
-
-        // Attach validated key info to request for audit trail
-        req.adminApiKey = result.apiKey;
-        req.adminAudit = {
-            apiKeyName: result.apiKey.name,
-            apiKeyLast4: result.apiKey.keyLast4,
-            ipAddress: req.ip || req.connection?.remoteAddress || 'unknown'
-        };
 
-        next();
-    } catch (error) {
-        console.error('Admin auth middleware error:', error);
-        res.status(500).json({
-            error: 'Authentication failed',
-            code: 'AUTH_ERROR'
-        });
-    }
-}
+const { validateAdminApiKey } = require('@friggframework/core/handlers/middleware/admin-auth');
 
-module.exports = { adminAuthMiddleware };
+module.exports = { validateAdminApiKey };

package/src/infrastructure/admin-script-router.js

@@ -1,6 +1,6 @@
 const express = require('express');
 const serverless = require('serverless-http');
-const { adminAuthMiddleware } = require('./admin-auth-middleware');
+const { validateAdminApiKey } = require('./admin-auth-middleware');
 const { getScriptFactory } = require('../application/script-factory');
 const { createScriptRunner } = require('../application/script-runner');
 const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
@@ -11,7 +11,7 @@ const { ScheduleManagementUseCase } = require('../application/schedule-managemen
 const router = express.Router();
 
 // Apply auth middleware to all admin routes
-router.use(adminAuthMiddleware);
+router.use(validateAdminApiKey);
 
 /**
  * Create ScheduleManagementUseCase instance
@@ -87,10 +87,10 @@ router.get('/scripts/:scriptName', async (req, res) => {
 });
 
 /**
- * POST /admin/scripts/:scriptName/execute
+ * POST /admin/scripts/:scriptName
  * Execute a script (sync, async, or dry-run)
  */
-router.post('/scripts/:scriptName/execute', async (req, res) => {
+router.post('/scripts/:scriptName', async (req, res) => {
     try {
         const { scriptName } = req.params;
         const { params = {}, mode = 'async', dryRun = false } = req.body;
@@ -110,7 +110,6 @@ router.post('/scripts/:scriptName/execute', async (req, res) => {
                 trigger: 'MANUAL',
                 mode: 'sync',
                 dryRun: true,
-                audit: req.adminAudit,
             });
             return res.json(result);
         }
@@ -121,20 +120,18 @@ router.post('/scripts/:scriptName/execute', async (req, res) => {
             const result = await runner.execute(scriptName, params, {
                 trigger: 'MANUAL',
                 mode: 'sync',
-                audit: req.adminAudit,
             });
             return res.json(result);
         }
 
         // Async execution - queue and return immediately
         const commands = createAdminScriptCommands();
-        const execution = await commands.createScriptExecution({
+        const execution = await commands.createAdminProcess({
             scriptName,
             scriptVersion: factory.get(scriptName).Definition.version,
             trigger: 'MANUAL',
             mode: 'async',
             input: params,
-            audit: req.adminAudit,
         });
 
         // Queue the execution
@@ -161,14 +158,14 @@ router.post('/scripts/:scriptName/execute', async (req, res) => {
 });
 
 /**
- * GET /admin/executions/:executionId
- * Get execution status
+ * GET /admin/scripts/:scriptName/executions/:executionId
+ * Get execution status for specific script
  */
-router.get('/executions/:executionId', async (req, res) => {
+router.get('/scripts/:scriptName/executions/:executionId', async (req, res) => {
     try {
         const { executionId } = req.params;
         const commands = createAdminScriptCommands();
-        const execution = await commands.findScriptExecutionById(executionId);
+        const execution = await commands.findAdminProcessById(executionId);
 
         if (execution.error) {
             return res.status(execution.error).json({
@@ -185,12 +182,13 @@ router.get('/executions/:executionId', async (req, res) => {
 });
 
 /**
- * GET /admin/executions
- * List recent executions
+ * GET /admin/scripts/:scriptName/executions
+ * List recent executions for specific script
  */
-router.get('/executions', async (req, res) => {
+router.get('/scripts/:scriptName/executions', async (req, res) => {
     try {
-        const { scriptName, status, limit = 50 } = req.query;
+        const { scriptName } = req.params;
+        const { status, limit = 50 } = req.query;
         const commands = createAdminScriptCommands();
 
         const executions = await commands.findRecentExecutions({

package/src/infrastructure/script-executor-handler.js

@@ -21,7 +21,7 @@ async function handler(event) {
 
             // If executionId provided (async from API), update existing record
             if (executionId) {
-                await commands.updateScriptExecutionStatus(executionId, 'RUNNING');
+                await commands.updateAdminProcessState(executionId, 'RUNNING');
             }
 
             const result = await runner.execute(scriptName, params, {
@@ -45,7 +45,7 @@ async function handler(event) {
             if (executionId) {
                 const commands = createAdminScriptCommands();
                 await commands
-                    .completeScriptExecution(executionId, {
+                    .completeAdminProcess(executionId, {
                         status: 'FAILED',
                         error: {
                             name: error.name,