feat: added carto admin authorization

[otsybizov]

🤖 Linear

Closes CONG-XXX

[Copilot]

Pull request overview

Adds an admin authorization mechanism to Cartographer handler pause/resume endpoints and persists pause state across restarts via a database checkpoint.

Changes:

• Introduces CARTOGRAPHER_ADMIN_TOKEN-based authorization for POST /pause and POST /resume.
• Persists pause state using a DB checkpoint (cartographer_handler_paused) and restores it on startup.
• Updates tests and staging Terraform/secrets to include the new admin token.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
packages/agents/cartographer/handler/test/webhooks/webhookHandler.spec.ts	Updates secret verification test to use renamed helper.
packages/agents/cartographer/handler/test/server.spec.ts	Adds auth coverage for pause/resume and asserts checkpoint persistence.
packages/agents/cartographer/handler/src/webhooks/webhookHandler.ts	Renames secret verification helper; updates webhook routing logging.
packages/agents/cartographer/handler/src/server.ts	Adds admin token verification + pause checkpoint writes; switches webhook secret verification helper.
packages/agents/cartographer/handler/src/init.ts	Extends handler config to include adminToken from env.
packages/agents/cartographer/handler/src/index.ts	Restores paused state from DB checkpoint on startup; warns if admin token missing.
ops/mainnet/staging/backend/variables.tf	Adds Terraform variable for admin token.
ops/mainnet/staging/backend/config.tf	Injects CARTOGRAPHER_ADMIN_TOKEN into handler env vars (staging).
ops/env/mainnet/backend/secrets.staging.json	Adds encrypted staging secret for cartographer_admin_token.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.