Add admin smoke secret fallbacks

.github/workflows/fly-deploy.yml

@@ -96,10 +96,13 @@ jobs:
       - run: flyctl deploy --remote-only --strategy immediate --config fly.toml --build-arg DJD_RELEASE_SHA=${GITHUB_SHA} --build-arg DJD_BUILD_TIMESTAMP=${DJD_BUILD_TIMESTAMP}
         env:
           FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+      - name: Warn when admin smoke verification is disabled
+        if: ${{ secrets.DJD_ADMIN_KEY == '' && secrets.ADMIN_KEY == '' }}
+        run: echo "::warning::DJD_ADMIN_KEY/ADMIN_KEY secret not set; post-deploy smoke will skip admin runtime verification."
       - name: Post-deploy smoke check
         run: node scripts/post-deploy-smoke.mjs
         env:
           DJD_HEALTHCHECK_URL: https://djdagentscore.dev/health
           DJD_EXPECT_RUNTIME_MODE: combined
           DJD_EXPECT_RELEASE_SHA: ${{ github.sha }}
-          DJD_ADMIN_KEY: ${{ secrets.ADMIN_KEY }}
+          DJD_ADMIN_KEY: ${{ secrets.DJD_ADMIN_KEY != '' && secrets.DJD_ADMIN_KEY || secrets.ADMIN_KEY }}

.github/workflows/fly-preview.yml

@@ -122,10 +122,13 @@ jobs:
             --build-arg DJD_BUILD_TIMESTAMP="${DJD_BUILD_TIMESTAMP}"
         env:
           FLY_API_TOKEN: ${{ secrets.FLY_PREVIEW_API_TOKEN != '' && secrets.FLY_PREVIEW_API_TOKEN || secrets.FLY_API_TOKEN }}
+      - name: Warn when preview admin smoke verification is disabled
+        if: ${{ secrets.FLY_PREVIEW_ADMIN_KEY == '' && secrets.DJD_ADMIN_KEY == '' && secrets.ADMIN_KEY == '' }}
+        run: echo "::warning::FLY_PREVIEW_ADMIN_KEY/DJD_ADMIN_KEY/ADMIN_KEY secret not set; preview smoke will skip admin runtime verification."
       - name: Post-deploy smoke check
         run: node scripts/post-deploy-smoke.mjs
         env:
           DJD_HEALTHCHECK_URL: ${{ env.DJD_HEALTHCHECK_URL }}
           DJD_EXPECT_RUNTIME_MODE: combined
           DJD_EXPECT_RELEASE_SHA: ${{ github.sha }}
-          DJD_ADMIN_KEY: ${{ secrets.FLY_PREVIEW_ADMIN_KEY }}
+          DJD_ADMIN_KEY: ${{ secrets.FLY_PREVIEW_ADMIN_KEY != '' && secrets.FLY_PREVIEW_ADMIN_KEY || (secrets.DJD_ADMIN_KEY != '' && secrets.DJD_ADMIN_KEY || secrets.ADMIN_KEY) }}

README.md

@@ -331,6 +331,7 @@ Current production note:
 
 The deploy workflow now verifies both that `/health` is live and that the responding app reports the expected runtime mode and release SHA.
 Admin `/health` also exposes worker job enablement plus integration warnings for GitHub verification and ERC-8004 publication readiness.
+For GitHub Actions, production smoke verification can use either the `DJD_ADMIN_KEY` or legacy `ADMIN_KEY` secret; preview can use `FLY_PREVIEW_ADMIN_KEY` first, then fall back to `DJD_ADMIN_KEY` / `ADMIN_KEY`.
 
 ```bash
 DJD_HEALTHCHECK_URL=https://djdagentscore.dev/health \
@@ -347,7 +348,7 @@ npm run smoke:deploy
 - Required GitHub variable: `FLY_PREVIEW_APP`
 - Optional GitHub variable: `FLY_PREVIEW_PUBLIC_BASE_URL`
 - Optional GitHub secret: `FLY_PREVIEW_API_TOKEN` (use this when your existing `FLY_API_TOKEN` is scoped only to the production app)
-- Optional GitHub secret: `FLY_PREVIEW_ADMIN_KEY`
+- Optional GitHub secret: `FLY_PREVIEW_ADMIN_KEY` (falls back to `DJD_ADMIN_KEY`, then `ADMIN_KEY`)
 
 If `FLY_PREVIEW_PUBLIC_BASE_URL` is not set, the workflow defaults to `https://<FLY_PREVIEW_APP>.fly.dev`.
 Preview Fly configs inherit `PAY_TO` and other shared env from `fly.toml`, and automatically set `CORS_ORIGINS` to the preview public base URL so fresh preview apps can boot without a separate CORS secret.