Implement frontend session routing flow

- Validate and prepare access links in apps/frontend
- Add session, ended, and unauthorized routes with polling
- Copy full public access URLs from the admin links page

README.md

@@ -9,8 +9,8 @@ Currently in alpha. Greenfield. Subject to change.
 ## How It Works
 
 1. Admin generates a unique link and assigns it to a specific Android app on a specific device.
-2. User opens that link in their browser — served by `apps/front`.
-3. During the loading flow, `apps/front` validates the link and asks `apps/orchestrator` to reset the assigned Android session and launch the leased app.
+2. User opens that link in their browser — served by `apps/frontend`.
+3. During the loading flow, `apps/frontend` validates the link and asks `apps/orchestrator` to reset the assigned Android session and launch the leased app.
 4. If that device is already in use by another end user, the link fails instead of taking over the session.
 5. User is prompted to install the PWA.
 6. User opens the PWA — they are routed into a live stream of their assigned Android app session.
@@ -53,24 +53,24 @@ Currently in alpha. Greenfield. Subject to change.
 - [x] Link schema — DB model (unique token, expiry, status, linked device ID, leased app identity)
 - [x] Link domain in `@pkg/logic` — controller + repository + errors
 - [x] Admin dashboard: Links page — generate links, view detail, configure linked device + leased app, revoke, delete
-- [ ] `apps/front`: validate incoming link token on request
-- [ ] `apps/front`: during loading, reject the link if the assigned device is already `inUse`
-- [ ] `apps/front`: call `apps/orchestrator` server-side to clean/reset the device and launch the leased app before handing off the session
-- [ ] `apps/front`: return appropriate error page for invalid/expired/revoked links
+- [ ] `apps/frontend`: validate incoming link token on request
+- [ ] `apps/frontend`: during loading, reject the link if the assigned device is already `inUse`
+- [ ] `apps/frontend`: call `apps/orchestrator` server-side to clean/reset the device and launch the leased app before handing off the session
+- [ ] `apps/frontend`: return appropriate error page for invalid/expired/revoked links
 - [ ] Front: keep on checking for link status change, if it gets revoked, we cutoff the connection
 
-### PWA & User Session Flow (`apps/front`)
+### PWA & User Session Flow (`apps/frontend`)
 
-- [ ] `apps/front`: serve static PWA shell (HTML + manifest + service worker)
-- [ ] `apps/front`: wait/loading page — just for show with a 3-5s duration
-- [ ] `apps/front`: PWA install prompt flow (beforeinstallprompt handling)
-- [ ] `apps/front`: session binding — tie the PWA launch to the user's allocated device
-- [ ] `apps/front`: route/proxy authenticated PWA requests to the Android instance stream
+- [ ] `apps/frontend`: serve static PWA shell (HTML + manifest + service worker)
+- [ ] `apps/frontend`: wait/loading page — just for show with a 3-5s duration
+- [ ] `apps/frontend`: PWA install prompt flow (beforeinstallprompt handling)
+- [ ] `apps/frontend`: session binding — tie the PWA launch to the user's allocated device
+- [ ] `apps/frontend`: route/proxy authenticated PWA requests to the Android instance stream
 
 ### Android Streaming (scrcpy + ws-scrcpy)
 
 - [x] Docker-Android image setup and validation on VPS
 - [x] ws-scrcpy WebSocket server running per container, exposed via orchestrator
-- [ ] `apps/front`: scrcpy client embedded in PWA — renders the Android stream in browser
+- [ ] `apps/frontend`: scrcpy client embedded in PWA — renders the Android stream in browser
 - [ ] Input forwarding (touch/keyboard events → scrcpy → Android container)
 - [ ] Session timeout + stream teardown on inactivity