# Admin Portal Backend — CI/CD Guidelines

## Environment Variables

No new environment variables are required for the admin portal backend. All configuration uses the existing `.env` settings.

## Database Migration

This feature introduces a new migration: `d4e5f6a7b8c9_admin_audit_log_and_impersonation`.

### Apply in all environments

```bash
# Dev (Docker)
docker-compose exec web alembic upgrade head

# UAT / Production
alembic upgrade head
```

### Migration creates:
- Table: `admin_audit_log`
- Column: `auth_sessions.impersonated_merchant_id` (INT, nullable, FK → merchants.id)

### Rollback:
```bash
alembic downgrade d4e5f6a7b8c9-1
# or specifically:
alembic downgrade c3d4e5f6a7b8
```

## Deployment Steps

1. Merge `feat/admin-portal` to `develop` via PR after review.
2. Deploy `develop` to Dev environment.
3. Run `alembic upgrade head` on Dev DB.
4. Run manual QA steps from `manual-testing.md`.
5. Merge to `uat` branch and repeat.

## Test Execution

```bash
cd hubwallet-api

# Run admin tests only
pytest tests/test_admin/ -v

# Run full suite
pytest
```

## Notes

- The admin router is mounted at `/api/v1/admin`. All endpoints require a valid JWT from a superuser account (`is_superuser=true`).
- Impersonation tokens expire in 4 hours (hardcoded). To change: update `timedelta(hours=4)` in `src/apps/admin/services.py`.
- The `admin_audit_log` table grows unboundedly. Consider adding a periodic cleanup job or partitioning in the future.