chore(api): remove entire admin module

Admin Next.js app handles all admin tasks directly via database access.
Only health check endpoint was remaining, not worth maintaining.

libs/api/admin/alerts.rs

@@ -1,45 +0,0 @@
-//! Alert trigger endpoint for admin.
-
-use actix_web::{HttpRequest, HttpResponse, Result, web};
-use service::AppService;
-
-use crate::error::ApiError;
-use crate::ApiResponse;
-use service::error::AppError;
-
-/// Validate the `x-admin-api-key` header against ADMIN_API_SHARED_KEY env var.
-fn validate_admin_key(req: &HttpRequest) -> Result<(), ApiError> {
-    let expected = std::env::var("ADMIN_API_SHARED_KEY").ok();
-    let Some(expected) = expected else {
-        return Err(ApiError(AppError::InternalServerError(
-            "ADMIN_API_SHARED_KEY not configured".into(),
-        )));
-    };
-    let provided = req
-        .headers()
-        .get("x-admin-api-key")
-        .and_then(|v| v.to_str().ok())
-        .ok_or(ApiError(AppError::Unauthorized))?;
-    if provided != expected {
-        return Err(ApiError(AppError::Unauthorized));
-    }
-    Ok(())
-}
-
-#[utoipa::path(
-    post,
-    path = "/api/admin/alerts/check",
-    responses(
-        (status = 200, description = "Alert check result", body = ApiResponse<service::workspace::alert::CheckAlertsResponse>),
-        (status = 401, description = "Invalid or missing admin API key"),
-    ),
-    tag = "Admin"
-)]
-pub async fn admin_check_alerts(
-    req: HttpRequest,
-    service: web::Data<AppService>,
-) -> Result<HttpResponse, ApiError> {
-    validate_admin_key(&req)?;
-    let resp = service.check_billing_alerts().await;
-    Ok(ApiResponse::ok(resp).to_response())
-}

libs/api/admin/mod.rs

@@ -1,30 +0,0 @@
-//! Admin API endpoints — protected by `x-admin-api-key` header.
-//!
-//! Only platform-wide operations remain. AI model management and billing
-//! are handled directly by the admin Next.js app via database access.
-
-use actix_web::web;
-
-pub mod alerts;
-pub mod sync;
-
-pub fn init_admin_routes(cfg: &mut web::ServiceConfig) {
-    cfg.service(
-        web::scope("/api/admin")
-            .route("/health", web::get().to(health_check))
-            .route("/ai/sync", web::post().to(sync::admin_sync_models))
-            .route("/alerts/check", web::post().to(alerts::admin_check_alerts)),
-    );
-}
-
-#[utoipa::path(
-    get,
-    path = "/api/admin/health",
-    responses(
-        (status = 200, description = "Admin API is healthy"),
-    ),
-    tag = "Admin"
-)]
-async fn health_check() -> impl actix_web::Responder {
-    actix_web::HttpResponse::Ok().json(serde_json::json!({ "ok": true }))
-}

libs/api/admin/sync.rs

@@ -1,47 +0,0 @@
-//! AI model sync endpoint for admin.
-
-use actix_web::{HttpRequest, HttpResponse, Result, web};
-use service::AppService;
-
-use crate::error::ApiError;
-use crate::ApiResponse;
-use service::error::AppError;
-
-/// Validate the `x-admin-api-key` header against ADMIN_API_SHARED_KEY env var.
-fn validate_admin_key(req: &HttpRequest) -> Result<(), ApiError> {
-    let expected = std::env::var("ADMIN_API_SHARED_KEY").ok();
-    let Some(expected) = expected else {
-        return Err(ApiError(AppError::InternalServerError(
-            "ADMIN_API_SHARED_KEY not configured".into(),
-        )));
-    };
-    let provided = req
-        .headers()
-        .get("x-admin-api-key")
-        .and_then(|v| v.to_str().ok())
-        .ok_or(ApiError(AppError::Unauthorized))?;
-    if provided != expected {
-        return Err(ApiError(AppError::Unauthorized));
-    }
-    Ok(())
-}
-
-#[utoipa::path(
-    post,
-    path = "/api/admin/ai/sync",
-    responses(
-        (status = 200, description = "Sync result", body = ApiResponse<service::agent::sync::SyncModelsResponse>),
-        (status = 401, description = "Invalid or missing admin API key"),
-        (status = 500, description = "Sync failed"),
-    ),
-    tag = "Admin"
-)]
-pub async fn admin_sync_models(
-    req: HttpRequest,
-    service: web::Data<AppService>,
-) -> Result<HttpResponse, ApiError> {
-    validate_admin_key(&req)?;
-    let session = session::Session::no_op();
-    let resp = service.sync_upstream_models(&session).await?;
-    Ok(ApiResponse::ok(resp).to_response())
-}

libs/api/lib.rs

@@ -1,4 +1,3 @@
-pub mod admin;
 pub mod agent;
 pub mod auth;
 pub mod error;

libs/api/openapi.rs

@@ -31,8 +31,6 @@ use utoipa::OpenApi;
         crate::auth::email::api_email_change,
         crate::auth::email::api_email_verify,
         // Agent
-        crate::admin::sync::admin_sync_models,
-        crate::admin::alerts::admin_check_alerts,
         // Agent (CRUD)
         crate::agent::code_review::trigger_code_review,
         crate::agent::issue_triage::triage_issue,

libs/api/route.rs

@@ -13,7 +13,6 @@ pub fn init_routes(cfg: &mut web::ServiceConfig) {
 
     cfg.service(
         web::scope("/api")
-            // .configure(crate::admin::init_admin_routes)
             .configure(crate::auth::init_auth_routes)
             .configure(crate::git::init_git_routes)
             .configure(crate::git::init_git_toplevel_routes)