poterpan · poterpan · Jun 7, 2026 · Jun 7, 2026 · Jun 7, 2026 · Jun 7, 2026
diff --git a/.gitignore b/.gitignore
@@ -6,5 +6,6 @@ dist/
 .DS_Store
 coverage/
 
-# internal ops log — not for the public repo
+# internal ops / one-time setup notes — not for the public repo (hold owner-specific values)
 docs/deploy-state.md
+docs/setup-checklist.md
diff --git a/README.md b/README.md
@@ -104,8 +104,8 @@ Cron     ─┘
 
 ### Admin Access model
 
-`admin.panspace.dev` is fully protected by Cloudflare Access. The SPA is served from Pages, while
-the admin API is the **same Worker** via a route on `admin.panspace.dev/api/*` (the Worker strips
+`admin.example.com` is fully protected by Cloudflare Access. The SPA is served from Pages, while
+the admin API is the **same Worker** via a route on `admin.example.com/api/*` (the Worker strips
 `/api`). Because it's same-origin, the Access JWT (`Cf-Access-Jwt-Assertion`) reaches the Worker,
 where `requireAccess` verifies `aud` / `iss` / `exp` and an email allow-list. Screenshots stream
 through a same-origin protected endpoint, so `<img>` tags just work.
@@ -168,18 +168,15 @@ so DB tests seed real parents and use a distinct id-space (9001+).
 > commands below are the quick reference once those resources exist.
 
 ```bash
-# 1. Apply D1 migrations
-wrangler d1 migrations apply chippot-db --remote
+# 1. Worker — applies D1 migrations, then deploys (carries the cron + admin.example.com/api route)
+pnpm --filter @chippot/worker deploy
 
-# 2. Worker (carries the cron trigger + the admin.panspace.dev/api route)
-cd packages/worker && wrangler deploy
-
-# 3. Frontends → Pages
+# 2. Frontends → Pages
 cd packages/web   && pnpm build && wrangler pages deploy dist --project-name chippot-web   --branch main
 cd packages/admin && pnpm build && wrangler pages deploy dist --project-name chippot-admin --branch main
 
-# 4. Register the guild slash commands (/繳費 · /發起繳費 · /綁定)
-DISCORD_GUILD_ID=<guild> pnpm --filter @chippot/worker register
+# 3. Register the guild slash commands (/繳費 · /發起繳費 · /綁定) — needs DISCORD_BOT_TOKEN, DISCORD_APPLICATION_ID, DISCORD_GUILD_ID in packages/worker/.dev.vars
+pnpm --filter @chippot/worker register
 ```
 
 Provision your own resources (D1, R2, an Access application) and fill in `wrangler.toml`
@@ -190,7 +187,7 @@ accordingly — `database_id`, the R2 bucket, `ACCESS_*`, and the Discord vars.
 - **Secret** — `DISCORD_BOT_TOKEN` (`wrangler secret put`; locally in
   `packages/worker/.dev.vars`, which is gitignored).
 - **Vars** (`wrangler.toml`, non-secret) — `DISCORD_APPLICATION_ID`, `DISCORD_PUBLIC_KEY`,
-  `WEB_ORIGIN`, `ADMIN_ORIGIN`, `ACCESS_TEAM_DOMAIN`, `ACCESS_AUD`, `ACCESS_ALLOWED_EMAILS`.
+  `WEB_ORIGIN`, `ADMIN_ORIGIN`, `ACCESS_TEAM_DOMAIN`, `ACCESS_AUD`.
 - **Workspace settings** (in D1, edited from the admin **Settings** page) — billing day, overdue
   days, screenshot retention, Discord guild / channel ids, the admin allow-list
   (`admin_discord_ids`), and the three editable notification templates.

diff --git a/README.zh-TW.md b/README.zh-TW.md
@@ -97,8 +97,8 @@ Cron     ─┘
 
 ### 後台 Access 模型
 
-`admin.panspace.dev` 整台主機受 Cloudflare Access 保護。SPA 在 Pages；後台 API 則是**同一個 Worker**，
-透過 `admin.panspace.dev/api/*` 路由（Worker 會去掉 `/api` 前綴）。因為同源，Access JWT
+`admin.example.com` 整台主機受 Cloudflare Access 保護。SPA 在 Pages；後台 API 則是**同一個 Worker**，
+透過 `admin.example.com/api/*` 路由（Worker 會去掉 `/api` 前綴）。因為同源，Access JWT
 （`Cf-Access-Jwt-Assertion`）會到達 Worker，由 `requireAccess` 驗證 `aud` / `iss` / `exp` 與 email
 白名單。截圖走同源的受保護端點，所以 `<img>` 直接可用。
 
@@ -158,18 +158,15 @@ pnpm --filter @chippot/admin build
 > 下面的指令是「資源都建好之後」的快速參考。
 
 ```bash
-# 1. 套用 D1 migration
-wrangler d1 migrations apply chippot-db --remote
+# 1. Worker — 套用 D1 migrations 後部署（含 cron trigger 與 admin.example.com/api 路由）
+pnpm --filter @chippot/worker deploy
 
-# 2. Worker（含 cron trigger 與 admin.panspace.dev/api 路由）
-cd packages/worker && wrangler deploy
-
-# 3. 前端 → Pages
+# 2. 前端 → Pages
 cd packages/web   && pnpm build && wrangler pages deploy dist --project-name chippot-web   --branch main
 cd packages/admin && pnpm build && wrangler pages deploy dist --project-name chippot-admin --branch main
 
-# 4. 註冊 guild slash 指令（/繳費 · /發起繳費 · /綁定）
-DISCORD_GUILD_ID=<guild> pnpm --filter @chippot/worker register
+# 3. 註冊 guild slash 指令（/繳費 · /發起繳費 · /綁定）— 需在 packages/worker/.dev.vars 填入 DISCORD_BOT_TOKEN、DISCORD_APPLICATION_ID、DISCORD_GUILD_ID
+pnpm --filter @chippot/worker register
 ```
 
 請自行建立資源（D1、R2、一個 Access application）並把對應值填進 `wrangler.toml`——
@@ -180,7 +177,7 @@ DISCORD_GUILD_ID=<guild> pnpm --filter @chippot/worker register
 - **Secret** — `DISCORD_BOT_TOKEN`（`wrangler secret put`；本地放
   `packages/worker/.dev.vars`，已 gitignore）。
 - **Vars**（`wrangler.toml`，非機密）— `DISCORD_APPLICATION_ID`、`DISCORD_PUBLIC_KEY`、
-  `WEB_ORIGIN`、`ADMIN_ORIGIN`、`ACCESS_TEAM_DOMAIN`、`ACCESS_AUD`、`ACCESS_ALLOWED_EMAILS`。
+  `WEB_ORIGIN`、`ADMIN_ORIGIN`、`ACCESS_TEAM_DOMAIN`、`ACCESS_AUD`。
 - **Workspace 設定**（存在 D1，從後台「設定」頁編輯）— 結帳日、逾期天數、截圖保存月數、
   Discord guild／頻道 id、可發起繳費的管理員白名單（`admin_discord_ids`），以及三種可自訂的通知模板。
 - **Discord** — 把 app 的 Interactions Endpoint 設成 Worker 的 `/interactions`，再用上面的腳本註冊 guild 指令。