@friggframework/admin-scripts 2.0.0--canary.517.a37d697.0 → 2.0.0--canary.522.cbd3d5a.0

package/index.js

@@ -12,7 +12,7 @@ const { AdminFriggCommands, createAdminFriggCommands } = require('./src/applicat
 const { ScriptRunner, createScriptRunner } = require('./src/application/script-runner');
 
 // Infrastructure
-const { validateAdminApiKey } = require('./src/infrastructure/admin-auth-middleware');
+const { adminAuthMiddleware } = require('./src/infrastructure/admin-auth-middleware');
 const { router, app, handler: routerHandler } = require('./src/infrastructure/admin-script-router');
 const { handler: executorHandler } = require('./src/infrastructure/script-executor-handler');
 
@@ -45,7 +45,7 @@ module.exports = {
     createScriptRunner,
 
     // Infrastructure layer
-    validateAdminApiKey,
+    adminAuthMiddleware,
     router,
     app,
     routerHandler,

package/package.json

@@ -1,11 +1,11 @@
 {
     "name": "@friggframework/admin-scripts",
     "prettier": "@friggframework/prettier-config",
-    "version": "2.0.0--canary.517.a37d697.0",
+    "version": "2.0.0--canary.522.cbd3d5a.0",
     "description": "Admin Script Runner for Frigg - Execute maintenance and operational scripts in hosted environments",
     "dependencies": {
         "@aws-sdk/client-scheduler": "^3.588.0",
-        "@friggframework/core": "2.0.0--canary.517.a37d697.0",
+        "@friggframework/core": "2.0.0--canary.522.cbd3d5a.0",
         "bcryptjs": "^2.4.3",
         "express": "^4.18.2",
         "lodash": "4.17.21",
@@ -14,9 +14,9 @@
         "uuid": "^9.0.1"
     },
     "devDependencies": {
-        "@friggframework/eslint-config": "2.0.0--canary.517.a37d697.0",
-        "@friggframework/prettier-config": "2.0.0--canary.517.a37d697.0",
-        "@friggframework/test": "2.0.0--canary.517.a37d697.0",
+        "@friggframework/eslint-config": "2.0.0--canary.522.cbd3d5a.0",
+        "@friggframework/prettier-config": "2.0.0--canary.522.cbd3d5a.0",
+        "@friggframework/test": "2.0.0--canary.522.cbd3d5a.0",
         "chai": "^4.3.6",
         "eslint": "^8.22.0",
         "jest": "^29.7.0",
@@ -49,5 +49,5 @@
         "maintenance",
         "operations"
     ],
-    "gitHead": "a37d697613667fff814938b1f30ee2d834c4ffcd"
+    "gitHead": "cbd3d5a81315519842f308fc0bd786a3f8786b79"
 }

package/src/application/__tests__/admin-frigg-commands.test.js

@@ -5,7 +5,7 @@ jest.mock('@friggframework/core/integrations/repositories/integration-repository
 jest.mock('@friggframework/core/user/repositories/user-repository-factory');
 jest.mock('@friggframework/core/modules/repositories/module-repository-factory');
 jest.mock('@friggframework/core/credential/repositories/credential-repository-factory');
-jest.mock('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
+jest.mock('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
 jest.mock('@friggframework/core/queues');
 
 describe('AdminFriggCommands', () => {
@@ -13,7 +13,7 @@ describe('AdminFriggCommands', () => {
     let mockUserRepo;
     let mockModuleRepo;
     let mockCredentialRepo;
-    let mockAdminProcessRepo;
+    let mockScriptExecutionRepo;
     let mockQueuerUtil;
 
     beforeEach(() => {
@@ -46,8 +46,8 @@ describe('AdminFriggCommands', () => {
             updateCredential: jest.fn(),
         };
 
-        mockAdminProcessRepo = {
-            appendProcessLog: jest.fn().mockResolvedValue(undefined),
+        mockScriptExecutionRepo = {
+            appendExecutionLog: jest.fn().mockResolvedValue(undefined),
         };
 
         mockQueuerUtil = {
@@ -60,14 +60,14 @@ describe('AdminFriggCommands', () => {
         const { createUserRepository } = require('@friggframework/core/user/repositories/user-repository-factory');
         const { createModuleRepository } = require('@friggframework/core/modules/repositories/module-repository-factory');
         const { createCredentialRepository } = require('@friggframework/core/credential/repositories/credential-repository-factory');
-        const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
+        const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
         const { QueuerUtil } = require('@friggframework/core/queues');
 
         createIntegrationRepository.mockReturnValue(mockIntegrationRepo);
         createUserRepository.mockReturnValue(mockUserRepo);
         createModuleRepository.mockReturnValue(mockModuleRepo);
         createCredentialRepository.mockReturnValue(mockCredentialRepo);
-        createAdminProcessRepository.mockReturnValue(mockAdminProcessRepo);
+        createScriptExecutionRepository.mockReturnValue(mockScriptExecutionRepo);
 
         // Mock QueuerUtil methods
         QueuerUtil.send = mockQueuerUtil.send;
@@ -158,16 +158,16 @@ describe('AdminFriggCommands', () => {
             expect(repo).toBe(mockCredentialRepo);
         });
 
-        it('creates adminProcessRepository on first access', () => {
+        it('creates scriptExecutionRepository on first access', () => {
             const commands = new AdminFriggCommands();
-            const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
+            const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
 
-            expect(createAdminProcessRepository).not.toHaveBeenCalled();
+            expect(createScriptExecutionRepository).not.toHaveBeenCalled();
 
-            const repo = commands.adminProcessRepository;
+            const repo = commands.scriptExecutionRepository;
 
-            expect(createAdminProcessRepository).toHaveBeenCalledTimes(1);
-            expect(repo).toBe(mockAdminProcessRepo);
+            expect(createScriptExecutionRepository).toHaveBeenCalledTimes(1);
+            expect(repo).toBe(mockScriptExecutionRepo);
         });
     });
 
@@ -551,15 +551,15 @@ describe('AdminFriggCommands', () => {
         it('log() persists if executionId set', async () => {
             const commands = new AdminFriggCommands({ executionId: 'exec_123' });
             // Force repository creation
-            commands.adminProcessRepository;
+            commands.scriptExecutionRepository;
 
             commands.log('warn', 'Warning message', { detail: 'xyz' });
 
             // Give async operation a chance to execute
             await new Promise(resolve => setImmediate(resolve));
 
-            expect(mockAdminProcessRepo.appendProcessLog).toHaveBeenCalled();
-            const callArgs = mockAdminProcessRepo.appendProcessLog.mock.calls[0];
+            expect(mockScriptExecutionRepo.appendExecutionLog).toHaveBeenCalled();
+            const callArgs = mockScriptExecutionRepo.appendExecutionLog.mock.calls[0];
             expect(callArgs[0]).toBe('exec_123');
             expect(callArgs[1].level).toBe('warn');
             expect(callArgs[1].message).toBe('Warning message');
@@ -572,14 +572,14 @@ describe('AdminFriggCommands', () => {
 
             await new Promise(resolve => setImmediate(resolve));
 
-            expect(mockAdminProcessRepo.appendProcessLog).not.toHaveBeenCalled();
+            expect(mockScriptExecutionRepo.appendExecutionLog).not.toHaveBeenCalled();
         });
 
         it('log() handles persistence failure gracefully', async () => {
             const commands = new AdminFriggCommands({ executionId: 'exec_123' });
             // Force repository creation
-            commands.adminProcessRepository;
-            mockAdminProcessRepo.appendProcessLog.mockRejectedValue(new Error('DB Error'));
+            commands.scriptExecutionRepository;
+            mockScriptExecutionRepo.appendExecutionLog.mockRejectedValue(new Error('DB Error'));
 
             // Should not throw
             expect(() => commands.log('error', 'Test error')).not.toThrow();

package/src/application/__tests__/script-runner.test.js

@@ -36,9 +36,9 @@ describe('ScriptRunner', () => {
         scriptFactory = new ScriptFactory([TestScript]);
 
         mockCommands = {
-            createAdminProcess: jest.fn(),
-            updateAdminProcessState: jest.fn(),
-            completeAdminProcess: jest.fn(),
+            createScriptExecution: jest.fn(),
+            updateScriptExecutionStatus: jest.fn(),
+            completeScriptExecution: jest.fn(),
         };
 
         mockFrigg = {
@@ -49,11 +49,11 @@ describe('ScriptRunner', () => {
         createAdminScriptCommands.mockReturnValue(mockCommands);
         createAdminFriggCommands.mockReturnValue(mockFrigg);
 
-        mockCommands.createAdminProcess.mockResolvedValue({
+        mockCommands.createScriptExecution.mockResolvedValue({
             id: 'exec-123',
         });
-        mockCommands.updateAdminProcessState.mockResolvedValue({});
-        mockCommands.completeAdminProcess.mockResolvedValue({ success: true });
+        mockCommands.updateScriptExecutionStatus.mockResolvedValue({});
+        mockCommands.completeScriptExecution.mockResolvedValue({ success: true });
     });
 
     afterEach(() => {
@@ -76,7 +76,7 @@ describe('ScriptRunner', () => {
             expect(result.executionId).toBe('exec-123');
             expect(result.metrics.durationMs).toBeGreaterThanOrEqual(0);
 
-            expect(mockCommands.createAdminProcess).toHaveBeenCalledWith({
+            expect(mockCommands.createScriptExecution).toHaveBeenCalledWith({
                 scriptName: 'test-script',
                 scriptVersion: '1.0.0',
                 trigger: 'MANUAL',
@@ -85,12 +85,12 @@ describe('ScriptRunner', () => {
                 audit: { apiKeyName: 'test-key' },
             });
 
-            expect(mockCommands.updateAdminProcessState).toHaveBeenCalledWith(
+            expect(mockCommands.updateScriptExecutionStatus).toHaveBeenCalledWith(
                 'exec-123',
                 'RUNNING'
             );
 
-            expect(mockCommands.completeAdminProcess).toHaveBeenCalledWith(
+            expect(mockCommands.completeScriptExecution).toHaveBeenCalledWith(
                 'exec-123',
                 expect.objectContaining({
                     status: 'COMPLETED',
@@ -128,7 +128,7 @@ describe('ScriptRunner', () => {
             expect(result.scriptName).toBe('failing-script');
             expect(result.error.message).toBe('Script failed');
 
-            expect(mockCommands.completeAdminProcess).toHaveBeenCalledWith(
+            expect(mockCommands.completeScriptExecution).toHaveBeenCalledWith(
                 'exec-123',
                 expect.objectContaining({
                     status: 'FAILED',
@@ -178,8 +178,8 @@ describe('ScriptRunner', () => {
             });
 
             expect(result.executionId).toBe('existing-exec-456');
-            expect(mockCommands.createAdminProcess).not.toHaveBeenCalled();
-            expect(mockCommands.updateAdminProcessState).toHaveBeenCalledWith(
+            expect(mockCommands.createScriptExecution).not.toHaveBeenCalled();
+            expect(mockCommands.updateScriptExecutionStatus).toHaveBeenCalledWith(
                 'existing-exec-456',
                 'RUNNING'
             );

package/src/application/admin-frigg-commands.js

@@ -25,7 +25,7 @@ class AdminFriggCommands {
         this._userRepository = null;
         this._moduleRepository = null;
         this._credentialRepository = null;
-        this._adminProcessRepository = null;
+        this._scriptExecutionRepository = null;
     }
 
     // ==================== LAZY-LOADED REPOSITORIES ====================
@@ -62,12 +62,12 @@ class AdminFriggCommands {
         return this._credentialRepository;
     }
 
-    get adminProcessRepository() {
-        if (!this._adminProcessRepository) {
-            const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
-            this._adminProcessRepository = createAdminProcessRepository();
+    get scriptExecutionRepository() {
+        if (!this._scriptExecutionRepository) {
+            const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
+            this._scriptExecutionRepository = createScriptExecutionRepository();
         }
-        return this._adminProcessRepository;
+        return this._scriptExecutionRepository;
     }
 
     // ==================== INTEGRATION QUERIES ====================
@@ -209,7 +209,7 @@ class AdminFriggCommands {
 
         // Persist to execution record if we have an executionId
         if (this.executionId) {
-            this.adminProcessRepository.appendProcessLog(this.executionId, entry)
+            this.scriptExecutionRepository.appendExecutionLog(this.executionId, entry)
                 .catch(err => console.error('Failed to persist log:', err));
         }
 

package/src/application/admin-script-base.js

@@ -1,4 +1,5 @@
-const { createAdminProcessRepository } = require('@friggframework/core/admin-scripts/repositories/admin-process-repository-factory');
+const { createScriptExecutionRepository } = require('@friggframework/core/admin-scripts/repositories/script-execution-repository-factory');
+const { createAdminApiKeyRepository } = require('@friggframework/core/admin-scripts/repositories/admin-api-key-repository-factory');
 
 /**
  * Admin Script Base Class
@@ -86,7 +87,8 @@ class AdminScriptBase {
         this.integrationFactory = params.integrationFactory || null;
 
         // OPTIONAL: Injected repositories (for testing or custom implementations)
-        this.adminProcessRepository = params.adminProcessRepository || null;
+        this.scriptExecutionRepository = params.scriptExecutionRepository || null;
+        this.adminApiKeyRepository = params.adminApiKeyRepository || null;
     }
 
     /**

package/src/application/script-runner.js

@@ -50,7 +50,7 @@ class ScriptRunner {
 
         // Create execution record if not provided
         if (!executionId) {
-            const execution = await this.commands.createAdminProcess({
+            const execution = await this.commands.createScriptExecution({
                 scriptName,
                 scriptVersion: definition.version,
                 trigger,
@@ -66,7 +66,7 @@ class ScriptRunner {
         try {
             // Update status to RUNNING (skip in dry-run)
             if (!dryRun) {
-                await this.commands.updateAdminProcessState(executionId, 'RUNNING');
+                await this.commands.updateScriptExecutionStatus(executionId, 'RUNNING');
             }
 
             // Create frigg commands for the script
@@ -99,7 +99,7 @@ class ScriptRunner {
 
             // Complete execution (skip in dry-run)
             if (!dryRun) {
-                await this.commands.completeAdminProcess(executionId, {
+                await this.commands.completeScriptExecution(executionId, {
                     status: 'COMPLETED',
                     output,
                     metrics: {
@@ -140,7 +140,7 @@ class ScriptRunner {
 
             // Record failure (skip in dry-run)
             if (!dryRun) {
-                await this.commands.completeAdminProcess(executionId, {
+                await this.commands.completeScriptExecution(executionId, {
                     status: 'FAILED',
                     error: {
                         name: error.name,

package/src/infrastructure/__tests__/admin-auth-middleware.test.js

@@ -1,17 +1,22 @@
-const { validateAdminApiKey } = require('../admin-auth-middleware');
+const { adminAuthMiddleware } = require('../admin-auth-middleware');
 
-describe('validateAdminApiKey', () => {
+// Mock the admin script commands
+jest.mock('@friggframework/core/application/commands/admin-script-commands', () => ({
+    createAdminScriptCommands: jest.fn(),
+}));
+
+const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
+
+describe('adminAuthMiddleware', () => {
     let mockReq;
     let mockRes;
     let mockNext;
-    let originalEnv;
+    let mockCommands;
 
     beforeEach(() => {
-        originalEnv = process.env.ADMIN_API_KEY;
-        process.env.ADMIN_API_KEY = 'test-admin-key-123';
-
         mockReq = {
             headers: {},
+            ip: '127.0.0.1',
         };
 
         mockRes = {
@@ -20,66 +25,124 @@ describe('validateAdminApiKey', () => {
         };
 
         mockNext = jest.fn();
+
+        mockCommands = {
+            validateAdminApiKey: jest.fn(),
+        };
+
+        createAdminScriptCommands.mockReturnValue(mockCommands);
     });
 
     afterEach(() => {
-        if (originalEnv) {
-            process.env.ADMIN_API_KEY = originalEnv;
-        } else {
-            delete process.env.ADMIN_API_KEY;
-        }
         jest.clearAllMocks();
     });
 
-    describe('Environment configuration', () => {
-        it('should reject when ADMIN_API_KEY not configured', () => {
-            delete process.env.ADMIN_API_KEY;
-
-            validateAdminApiKey(mockReq, mockRes, mockNext);
+    describe('Authorization header validation', () => {
+        it('should reject request without Authorization header', async () => {
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
 
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Unauthorized',
-                message: 'Admin API key not configured',
+                error: 'Missing or invalid Authorization header',
+                code: 'MISSING_AUTH',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
-    });
 
-    describe('Header validation', () => {
-        it('should reject request without x-frigg-admin-api-key header', () => {
-            validateAdminApiKey(mockReq, mockRes, mockNext);
+        it('should reject request with invalid Authorization format', async () => {
+            mockReq.headers.authorization = 'InvalidFormat key123';
+
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
 
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Unauthorized',
-                message: 'x-frigg-admin-api-key header required',
+                error: 'Missing or invalid Authorization header',
+                code: 'MISSING_AUTH',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
     });
 
     describe('API key validation', () => {
-        it('should reject request with invalid API key', () => {
-            mockReq.headers['x-frigg-admin-api-key'] = 'invalid-key';
+        it('should reject request with invalid API key', async () => {
+            mockReq.headers.authorization = 'Bearer invalid-key';
+            mockCommands.validateAdminApiKey.mockResolvedValue({
+                error: 401,
+                reason: 'Invalid API key',
+                code: 'INVALID_API_KEY',
+            });
+
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+
+            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith('invalid-key');
+            expect(mockRes.status).toHaveBeenCalledWith(401);
+            expect(mockRes.json).toHaveBeenCalledWith({
+                error: 'Invalid API key',
+                code: 'INVALID_API_KEY',
+            });
+            expect(mockNext).not.toHaveBeenCalled();
+        });
 
-            validateAdminApiKey(mockReq, mockRes, mockNext);
+        it('should reject request with expired API key', async () => {
+            mockReq.headers.authorization = 'Bearer expired-key';
+            mockCommands.validateAdminApiKey.mockResolvedValue({
+                error: 401,
+                reason: 'API key has expired',
+                code: 'EXPIRED_API_KEY',
+            });
 
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+
+            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith('expired-key');
             expect(mockRes.status).toHaveBeenCalledWith(401);
             expect(mockRes.json).toHaveBeenCalledWith({
-                error: 'Unauthorized',
-                message: 'Invalid admin API key',
+                error: 'API key has expired',
+                code: 'EXPIRED_API_KEY',
             });
             expect(mockNext).not.toHaveBeenCalled();
         });
 
-        it('should accept request with valid API key', () => {
-            mockReq.headers['x-frigg-admin-api-key'] = 'test-admin-key-123';
+        it('should accept request with valid API key', async () => {
+            const validKey = 'valid-api-key-123';
+            mockReq.headers.authorization = `Bearer ${validKey}`;
+            mockCommands.validateAdminApiKey.mockResolvedValue({
+                valid: true,
+                apiKey: {
+                    id: 'key-id-1',
+                    name: 'test-key',
+                    keyLast4: 'e123',
+                },
+            });
 
-            validateAdminApiKey(mockReq, mockRes, mockNext);
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
 
+            expect(mockCommands.validateAdminApiKey).toHaveBeenCalledWith(validKey);
+            expect(mockReq.adminApiKey).toBeDefined();
+            expect(mockReq.adminApiKey.name).toBe('test-key');
+            expect(mockReq.adminAudit).toBeDefined();
+            expect(mockReq.adminAudit.apiKeyName).toBe('test-key');
+            expect(mockReq.adminAudit.apiKeyLast4).toBe('e123');
+            expect(mockReq.adminAudit.ipAddress).toBe('127.0.0.1');
             expect(mockNext).toHaveBeenCalled();
             expect(mockRes.status).not.toHaveBeenCalled();
         });
     });
+
+    describe('Error handling', () => {
+        it('should handle validation errors gracefully', async () => {
+            mockReq.headers.authorization = 'Bearer some-key';
+            mockCommands.validateAdminApiKey.mockRejectedValue(
+                new Error('Database error')
+            );
+
+            await adminAuthMiddleware(mockReq, mockRes, mockNext);
+
+            expect(mockRes.status).toHaveBeenCalledWith(500);
+            expect(mockRes.json).toHaveBeenCalledWith({
+                error: 'Authentication failed',
+                code: 'AUTH_ERROR',
+            });
+            expect(mockNext).not.toHaveBeenCalled();
+        });
+    });
 });

package/src/infrastructure/__tests__/admin-script-router.test.js

@@ -4,8 +4,13 @@ const { AdminScriptBase } = require('../../application/admin-script-base');
 
 // Mock dependencies
 jest.mock('../admin-auth-middleware', () => ({
-    validateAdminApiKey: (req, res, next) => {
-        // Mock auth - no audit trail with simplified auth
+    adminAuthMiddleware: (req, res, next) => {
+        // Mock auth - attach admin audit info
+        req.adminAudit = {
+            apiKeyName: 'test-key',
+            apiKeyLast4: '1234',
+            ipAddress: '127.0.0.1',
+        };
         next();
     },
 }));
@@ -54,8 +59,8 @@ describe('Admin Script Router', () => {
         };
 
         mockCommands = {
-            createAdminProcess: jest.fn(),
-            findAdminProcessById: jest.fn(),
+            createScriptExecution: jest.fn(),
+            findScriptExecutionById: jest.fn(),
             findRecentExecutions: jest.fn(),
         };
 
@@ -138,7 +143,7 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('POST /admin/scripts/:scriptName', () => {
+    describe('POST /admin/scripts/:scriptName/execute', () => {
         it('should execute script synchronously', async () => {
             mockRunner.execute.mockResolvedValue({
                 executionId: 'exec-123',
@@ -149,7 +154,7 @@ describe('Admin Script Router', () => {
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script')
+                .post('/admin/scripts/test-script/execute')
                 .send({
                     params: { foo: 'bar' },
                     mode: 'sync',
@@ -169,12 +174,12 @@ describe('Admin Script Router', () => {
         });
 
         it('should queue script for async execution', async () => {
-            mockCommands.createAdminProcess.mockResolvedValue({
+            mockCommands.createScriptExecution.mockResolvedValue({
                 id: 'exec-456',
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script')
+                .post('/admin/scripts/test-script/execute')
                 .send({
                     params: { foo: 'bar' },
                     mode: 'async',
@@ -193,12 +198,12 @@ describe('Admin Script Router', () => {
         });
 
         it('should default to async mode', async () => {
-            mockCommands.createAdminProcess.mockResolvedValue({
+            mockCommands.createScriptExecution.mockResolvedValue({
                 id: 'exec-789',
             });
 
             const response = await request(app)
-                .post('/admin/scripts/test-script')
+                .post('/admin/scripts/test-script/execute')
                 .send({
                     params: { foo: 'bar' },
                 });
@@ -211,7 +216,7 @@ describe('Admin Script Router', () => {
             mockFactory.has.mockReturnValue(false);
 
             const response = await request(app)
-                .post('/admin/scripts/non-existent')
+                .post('/admin/scripts/non-existent/execute')
                 .send({
                     params: {},
                 });
@@ -221,15 +226,15 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('GET /admin/scripts/:scriptName/executions/:executionId', () => {
+    describe('GET /admin/executions/:executionId', () => {
         it('should return execution details', async () => {
-            mockCommands.findAdminProcessById.mockResolvedValue({
+            mockCommands.findScriptExecutionById.mockResolvedValue({
                 id: 'exec-123',
                 scriptName: 'test-script',
                 status: 'COMPLETED',
             });
 
-            const response = await request(app).get('/admin/scripts/test-script/executions/exec-123');
+            const response = await request(app).get('/admin/executions/exec-123');
 
             expect(response.status).toBe(200);
             expect(response.body.id).toBe('exec-123');
@@ -237,14 +242,14 @@ describe('Admin Script Router', () => {
         });
 
         it('should return 404 for non-existent execution', async () => {
-            mockCommands.findAdminProcessById.mockResolvedValue({
+            mockCommands.findScriptExecutionById.mockResolvedValue({
                 error: 404,
                 reason: 'Execution not found',
                 code: 'EXECUTION_NOT_FOUND',
             });
 
             const response = await request(app).get(
-                '/admin/scripts/test-script/executions/non-existent'
+                '/admin/executions/non-existent'
             );
 
             expect(response.status).toBe(404);
@@ -252,28 +257,24 @@ describe('Admin Script Router', () => {
         });
     });
 
-    describe('GET /admin/scripts/:scriptName/executions', () => {
-        it('should list executions for specific script', async () => {
+    describe('GET /admin/executions', () => {
+        it('should list recent executions', async () => {
             mockCommands.findRecentExecutions.mockResolvedValue([
                 { id: 'exec-1', scriptName: 'test-script', status: 'COMPLETED' },
                 { id: 'exec-2', scriptName: 'test-script', status: 'RUNNING' },
             ]);
 
-            const response = await request(app).get('/admin/scripts/test-script/executions');
+            const response = await request(app).get('/admin/executions');
 
             expect(response.status).toBe(200);
             expect(response.body.executions).toHaveLength(2);
-            expect(mockCommands.findRecentExecutions).toHaveBeenCalledWith({
-                scriptName: 'test-script',
-                limit: 50,
-            });
         });
 
         it('should accept query parameters', async () => {
             mockCommands.findRecentExecutions.mockResolvedValue([]);
 
             await request(app).get(
-                '/admin/scripts/test-script/executions?status=COMPLETED&limit=10'
+                '/admin/executions?scriptName=test-script&status=COMPLETED&limit=10'
             );
 
             expect(mockCommands.findRecentExecutions).toHaveBeenCalledWith({

package/src/infrastructure/admin-auth-middleware.js

@@ -1,11 +1,49 @@
+const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
+
 /**
  * Admin API Key Authentication Middleware
  *
- * Re-exports shared admin auth middleware from @friggframework/core.
- * Uses simple ENV-based API key validation.
- * Expects: x-frigg-admin-api-key header
+ * Validates admin API keys for script endpoints.
+ * Expects: Authorization: Bearer <api-key>
  */
+async function adminAuthMiddleware(req, res, next) {
+    try {
+        const authHeader = req.headers.authorization;
+
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            return res.status(401).json({
+                error: 'Missing or invalid Authorization header',
+                code: 'MISSING_AUTH'
+            });
+        }
+
+        const apiKey = authHeader.substring(7); // Remove 'Bearer '
+        const commands = createAdminScriptCommands();
+        const result = await commands.validateAdminApiKey(apiKey);
+
+        if (result.error) {
+            return res.status(result.error).json({
+                error: result.reason,
+                code: result.code
+            });
+        }
+
+        // Attach validated key info to request for audit trail
+        req.adminApiKey = result.apiKey;
+        req.adminAudit = {
+            apiKeyName: result.apiKey.name,
+            apiKeyLast4: result.apiKey.keyLast4,
+            ipAddress: req.ip || req.connection?.remoteAddress || 'unknown'
+        };
 
-const { validateAdminApiKey } = require('@friggframework/core/handlers/middleware/admin-auth');
+        next();
+    } catch (error) {
+        console.error('Admin auth middleware error:', error);
+        res.status(500).json({
+            error: 'Authentication failed',
+            code: 'AUTH_ERROR'
+        });
+    }
+}
 
-module.exports = { validateAdminApiKey };
+module.exports = { adminAuthMiddleware };

package/src/infrastructure/admin-script-router.js

@@ -1,6 +1,6 @@
 const express = require('express');
 const serverless = require('serverless-http');
-const { validateAdminApiKey } = require('./admin-auth-middleware');
+const { adminAuthMiddleware } = require('./admin-auth-middleware');
 const { getScriptFactory } = require('../application/script-factory');
 const { createScriptRunner } = require('../application/script-runner');
 const { createAdminScriptCommands } = require('@friggframework/core/application/commands/admin-script-commands');
@@ -11,7 +11,7 @@ const { ScheduleManagementUseCase } = require('../application/schedule-managemen
 const router = express.Router();
 
 // Apply auth middleware to all admin routes
-router.use(validateAdminApiKey);
+router.use(adminAuthMiddleware);
 
 /**
  * Create ScheduleManagementUseCase instance
@@ -87,10 +87,10 @@ router.get('/scripts/:scriptName', async (req, res) => {
 });
 
 /**
- * POST /admin/scripts/:scriptName
+ * POST /admin/scripts/:scriptName/execute
  * Execute a script (sync, async, or dry-run)
  */
-router.post('/scripts/:scriptName', async (req, res) => {
+router.post('/scripts/:scriptName/execute', async (req, res) => {
     try {
         const { scriptName } = req.params;
         const { params = {}, mode = 'async', dryRun = false } = req.body;
@@ -110,6 +110,7 @@ router.post('/scripts/:scriptName', async (req, res) => {
                 trigger: 'MANUAL',
                 mode: 'sync',
                 dryRun: true,
+                audit: req.adminAudit,
             });
             return res.json(result);
         }
@@ -120,18 +121,20 @@ router.post('/scripts/:scriptName', async (req, res) => {
             const result = await runner.execute(scriptName, params, {
                 trigger: 'MANUAL',
                 mode: 'sync',
+                audit: req.adminAudit,
             });
             return res.json(result);
         }
 
         // Async execution - queue and return immediately
         const commands = createAdminScriptCommands();
-        const execution = await commands.createAdminProcess({
+        const execution = await commands.createScriptExecution({
             scriptName,
             scriptVersion: factory.get(scriptName).Definition.version,
             trigger: 'MANUAL',
             mode: 'async',
             input: params,
+            audit: req.adminAudit,
         });
 
         // Queue the execution
@@ -158,14 +161,14 @@ router.post('/scripts/:scriptName', async (req, res) => {
 });
 
 /**
- * GET /admin/scripts/:scriptName/executions/:executionId
- * Get execution status for specific script
+ * GET /admin/executions/:executionId
+ * Get execution status
  */
-router.get('/scripts/:scriptName/executions/:executionId', async (req, res) => {
+router.get('/executions/:executionId', async (req, res) => {
     try {
         const { executionId } = req.params;
         const commands = createAdminScriptCommands();
-        const execution = await commands.findAdminProcessById(executionId);
+        const execution = await commands.findScriptExecutionById(executionId);
 
         if (execution.error) {
             return res.status(execution.error).json({
@@ -182,13 +185,12 @@ router.get('/scripts/:scriptName/executions/:executionId', async (req, res) => {
 });
 
 /**
- * GET /admin/scripts/:scriptName/executions
- * List recent executions for specific script
+ * GET /admin/executions
+ * List recent executions
  */
-router.get('/scripts/:scriptName/executions', async (req, res) => {
+router.get('/executions', async (req, res) => {
     try {
-        const { scriptName } = req.params;
-        const { status, limit = 50 } = req.query;
+        const { scriptName, status, limit = 50 } = req.query;
         const commands = createAdminScriptCommands();
 
         const executions = await commands.findRecentExecutions({

package/src/infrastructure/script-executor-handler.js

@@ -21,7 +21,7 @@ async function handler(event) {
 
             // If executionId provided (async from API), update existing record
             if (executionId) {
-                await commands.updateAdminProcessState(executionId, 'RUNNING');
+                await commands.updateScriptExecutionStatus(executionId, 'RUNNING');
             }
 
             const result = await runner.execute(scriptName, params, {
@@ -45,7 +45,7 @@ async function handler(event) {
             if (executionId) {
                 const commands = createAdminScriptCommands();
                 await commands
-                    .completeAdminProcess(executionId, {
+                    .completeScriptExecution(executionId, {
                         status: 'FAILED',
                         error: {
                             name: error.name,