@chimerai/cli 0.2.73

package/dist/templates/admin.js

@@ -0,0 +1,1358 @@
+"use strict";
+/**
+ * Admin panel component templates
+ * Generates admin dashboard, users management page, roles management page, and admin layout guard
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateAdminLayout = generateAdminLayout;
+exports.generateAdminDashboardPage = generateAdminDashboardPage;
+exports.generateAdminUsersPage = generateAdminUsersPage;
+exports.generateAdminRolesPage = generateAdminRolesPage;
+exports.generateAdminSettingsPage = generateAdminSettingsPage;
+exports.generateAdminLogsPage = generateAdminLogsPage;
+exports.generatePermissionsLib = generatePermissionsLib;
+exports.generateRequirePermissionLib = generateRequirePermissionLib;
+exports.generateAuditLogHelper = generateAuditLogHelper;
+/**
+ * Generates the admin layout with session check and admin role guard.
+ * Redirects unauthenticated users to sign-in, unauthorized users to dashboard.
+ * @returns TypeScript/JSX content for app/admin/layout.tsx
+ */
+function generateAdminLayout() {
+    return `// @chimerai component=AdminLayout version=1.1
+'use client';
+
+import { useSession, signOut } from 'next-auth/react';
+import { redirect } from 'next/navigation';
+import { useEffect, useState } from 'react';
+import Link from 'next/link';
+import { useAppName } from '@/lib/use-app-name';
+
+export default function AdminLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  const { data: session, status } = useSession();
+  const [isAuthorized, setIsAuthorized] = useState(false);
+  const [isLoading, setIsLoading] = useState(true);
+  const appName = useAppName();
+
+  useEffect(() => {
+    if (status === 'loading') return;
+
+    if (!session) {
+      redirect('/auth/signin');
+      return;
+    }
+
+    // Check if user has admin role
+    const userRoles = (session.user as any)?.roles || [];
+    const hasAdmin = userRoles.some(
+      (r: any) => r.name === 'admin' || r.name === 'Admin'
+    );
+
+    if (!hasAdmin) {
+      redirect('/dashboard');
+      return;
+    }
+
+    setIsAuthorized(true);
+    setIsLoading(false);
+  }, [session, status]);
+
+  useEffect(() => {
+    document.title = \`Admin — \${appName}\`;
+  }, [appName]);
+
+  if (isLoading || status === 'loading') {
+    return (
+      <div className="flex min-h-screen items-center justify-center">
+        <div className="animate-spin rounded-full h-12 w-12 border-b-2 border-blue-600"></div>
+      </div>
+    );
+  }
+
+  if (!isAuthorized) {
+    return null;
+  }
+
+  return (
+    <div className="flex min-h-screen bg-white dark:bg-gray-900">
+      <aside className="w-64 border-r border-gray-200 dark:border-gray-700 bg-gray-50 dark:bg-gray-800 p-4 flex flex-col">
+        <div className="mb-4">
+          <h2 className="text-lg font-bold dark:text-white">{appName}</h2>
+          <p className="text-xs text-gray-500 dark:text-gray-400">Admin Panel</p>
+        </div>
+        <nav className="space-y-2 flex-1">
+          <Link href="/admin" className="block px-4 py-2 rounded hover:bg-gray-200 dark:hover:bg-gray-700 dark:text-gray-200">
+            📊 Dashboard
+          </Link>
+          <Link href="/admin/users" className="block px-4 py-2 rounded hover:bg-gray-200 dark:hover:bg-gray-700 dark:text-gray-200">
+            👥 Users
+          </Link>
+          <Link href="/admin/roles" className="block px-4 py-2 rounded hover:bg-gray-200 dark:hover:bg-gray-700 dark:text-gray-200">
+            🔑 Roles
+          </Link>
+          <Link href="/admin/settings" className="block px-4 py-2 rounded hover:bg-gray-200 dark:hover:bg-gray-700 dark:text-gray-200">
+            ⚙️ Settings
+          </Link>
+          <Link href="/admin/logs" className="block px-4 py-2 rounded hover:bg-gray-200 dark:hover:bg-gray-700 dark:text-gray-200">
+            📋 Logs
+          </Link>
+          <hr className="my-2 border-gray-200 dark:border-gray-700" />
+          <Link href="/dashboard" className="block px-4 py-2 rounded hover:bg-gray-200 dark:hover:bg-gray-700 dark:text-gray-200">
+            ← Back to Dashboard
+          </Link>
+        </nav>
+        <div className="border-t border-gray-200 dark:border-gray-700 pt-3 mt-3">
+          <div className="px-4 py-1 text-xs text-gray-500 dark:text-gray-400 truncate mb-1">
+            {session?.user?.email}
+          </div>
+          <button
+            onClick={() => signOut({ callbackUrl: '/auth/signin' })}
+            className="w-full flex items-center gap-2 px-4 py-2 rounded text-sm text-red-600 dark:text-red-400 hover:bg-red-50 dark:hover:bg-red-900/20 transition-colors"
+          >
+            <svg className="h-4 w-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M17 16l4-4m0 0l-4-4m4 4H7m6 4v1a3 3 0 01-3 3H6a3 3 0 01-3-3V7a3 3 0 013-3h4a3 3 0 013 3v1" />
+            </svg>
+            Sign out
+          </button>
+        </div>
+      </aside>
+      <main className="flex-1 p-8 dark:text-white">
+        {children}
+      </main>
+    </div>
+  );
+}
+`;
+}
+/**
+ * Generates the main admin dashboard
+ * Shows cards linking to RBAC, AI configuration, and system management sections
+ * @returns TypeScript/JSX content for app/admin/page.tsx
+ */
+function generateAdminDashboardPage() {
+    return `// @chimerai component=AdminDashboardPage version=1.1
+'use client';
+
+import Link from 'next/link';
+
+export default function AdminDashboard() {
+  return (
+    <div className="container mx-auto py-8">
+      <div className="mb-8">
+        <h1 className="text-4xl font-bold mb-2 dark:text-white">Admin Dashboard</h1>
+        <p className="text-gray-600 dark:text-gray-400">Manage your ChimerAI system</p>
+      </div>
+
+      <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-6">
+        {/* RBAC Management */}
+        <div className="bg-white dark:bg-gray-800 rounded-lg shadow p-6">
+          <h2 className="text-xl font-semibold mb-4 flex items-center gap-2 dark:text-white">
+            <span className="text-2xl">🔐</span> RBAC Management
+          </h2>
+          <p className="text-gray-600 dark:text-gray-400 mb-4">Manage users, roles, and permissions</p>
+          <div className="space-y-2">
+            <Link href="/admin/users" className="block px-4 py-2 bg-blue-50 dark:bg-blue-900/30 text-blue-700 dark:text-blue-300 rounded hover:bg-blue-100 dark:hover:bg-blue-900/50">
+              👥 Users
+            </Link>
+            <Link href="/admin/roles" className="block px-4 py-2 bg-blue-50 dark:bg-blue-900/30 text-blue-700 dark:text-blue-300 rounded hover:bg-blue-100 dark:hover:bg-blue-900/50">
+              🔑 Roles
+            </Link>
+          </div>
+        </div>
+
+        {/* AI Configuration */}
+        <div className="bg-white dark:bg-gray-800 rounded-lg shadow p-6">
+          <h2 className="text-xl font-semibold mb-4 flex items-center gap-2 dark:text-white">
+            <span className="text-2xl">🤖</span> AI Configuration
+          </h2>
+          <p className="text-gray-600 dark:text-gray-400 mb-4">Configure AI models and providers</p>
+          <div className="space-y-2">
+            <Link href="/dashboard/providers" className="block px-4 py-2 bg-purple-50 dark:bg-purple-900/30 text-purple-700 dark:text-purple-300 rounded hover:bg-purple-100 dark:hover:bg-purple-900/50">
+              🔌 Model Providers
+            </Link>
+            <Link href="/dashboard/prompts" className="block px-4 py-2 bg-purple-50 dark:bg-purple-900/30 text-purple-700 dark:text-purple-300 rounded hover:bg-purple-100 dark:hover:bg-purple-900/50">
+              📝 Prompt Templates
+            </Link>
+          </div>
+        </div>
+
+        {/* System */}
+        <div className="bg-white dark:bg-gray-800 rounded-lg shadow p-6">
+          <h2 className="text-xl font-semibold mb-4 flex items-center gap-2 dark:text-white">
+            <span className="text-2xl">⚙️</span> System
+          </h2>
+          <p className="text-gray-600 dark:text-gray-400 mb-4">System configuration and monitoring</p>
+          <div className="space-y-2">
+            <Link href="/admin/settings" className="block px-4 py-2 bg-gray-50 dark:bg-gray-700 text-gray-700 dark:text-gray-300 rounded hover:bg-gray-100 dark:hover:bg-gray-600">
+              ⚙️ Settings
+            </Link>
+            <Link href="/admin/logs" className="block px-4 py-2 bg-gray-50 dark:bg-gray-700 text-gray-700 dark:text-gray-300 rounded hover:bg-gray-100 dark:hover:bg-gray-600">
+              📋 Activity Logs
+            </Link>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}
+`;
+}
+/**
+ * Generates the admin users management page
+ * Displays user list with search, create/edit/delete functionality
+ * @returns TypeScript/JSX content for app/admin/users/page.tsx
+ */
+function generateAdminUsersPage() {
+    return `// @chimerai component=AdminUsersPage version=1.0
+// @ts-nocheck
+'use client';
+
+import { useState, useEffect } from 'react';
+
+export default function UsersPage() {
+  const [users, setUsers] = useState([]);
+  const [roles, setRoles] = useState<any[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [searchTerm, setSearchTerm] = useState('');
+  const [showCreateModal, setShowCreateModal] = useState(false);
+  const [showEditModal, setShowEditModal] = useState(false);
+  const [newUser, setNewUser] = useState({ email: '', name: '', password: '', roleIds: [] as string[] });
+  const [editUser, setEditUser] = useState({ id: '', email: '', name: '', roleIds: [] as string[] });
+
+  useEffect(() => {
+    fetchUsers();
+    fetchRoles();
+  }, []);
+
+  async function fetchRoles() {
+    try {
+      const res = await fetch('/api/admin/roles');
+      const data = await res.json();
+      setRoles(Array.isArray(data) ? data : []);
+    } catch (error) {
+      console.error('Failed to fetch roles:', error);
+    }
+  }
+
+  async function fetchUsers() {
+    try {
+      const res = await fetch('/api/admin/users');
+      const data = await res.json();
+      setUsers(Array.isArray(data) ? data : []);
+    } catch (error) {
+      console.error('Failed to fetch users:', error);
+      setUsers([]);
+    } finally {
+      setLoading(false);
+    }
+  }
+
+  async function handleDelete(userId: string) {
+    if (!confirm('Are you sure?')) return;
+
+    try {
+      await fetch(\`/api/admin/users/\${userId}\`, { method: 'DELETE' });
+      await fetchUsers();
+    } catch (error) {
+      console.error('Failed to delete user:', error);
+    }
+  }
+
+  async function handleCreateUser(e: React.FormEvent) {
+    e.preventDefault();
+    try {
+      const res = await fetch('/api/admin/users', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(newUser),
+      });
+
+      if (res.ok) {
+        setShowCreateModal(false);
+        setNewUser({ email: '', name: '', password: '', roleIds: [] });
+        await fetchUsers();
+      } else {
+        alert('Failed to create user');
+      }
+    } catch (error) {
+      console.error('Failed to create user:', error);
+      alert('Failed to create user');
+    }
+  }
+
+  async function handleEditUser(e: React.FormEvent) {
+    e.preventDefault();
+    try {
+      const res = await fetch(\`/api/admin/users/\${editUser.id}\`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email: editUser.email, name: editUser.name, roleIds: editUser.roleIds }),
+      });
+
+      if (res.ok) {
+        setShowEditModal(false);
+        setEditUser({ id: '', email: '', name: '', roleIds: [] });
+        await fetchUsers();
+      } else {
+        alert('Failed to update user');
+      }
+    } catch (error) {
+      console.error('Failed to update user:', error);
+      alert('Failed to update user');
+    }
+  }
+
+  function openEditModal(user: any) {
+    setEditUser({
+      id: user.id,
+      email: user.email,
+      name: user.name || '',
+      roleIds: (user.roles || []).map((r: any) => r.id),
+    });
+    setShowEditModal(true);
+  }
+
+  const filteredUsers = users.filter(
+    (user: any) =>
+      user.email?.toLowerCase().includes(searchTerm.toLowerCase()) ||
+      user.name?.toLowerCase().includes(searchTerm.toLowerCase())
+  );
+
+  if (loading) {
+    return <div className="container mx-auto py-8 bg-white min-h-screen">Loading...</div>;
+  }
+
+  return (
+    <div className="container mx-auto py-8">
+      <div className="flex justify-between items-center mb-6">
+        <h1 className="text-3xl font-bold dark:text-white">Users</h1>
+        <button
+          onClick={() => setShowCreateModal(true)}
+          className="px-4 py-2 bg-blue-600 text-white rounded hover:bg-blue-700"
+        >
+          Add User
+        </button>
+      </div>
+
+      <div className="mb-4">
+        <input
+          type="text"
+          placeholder="Search users..."
+          value={searchTerm}
+          onChange={(e) => setSearchTerm(e.target.value)}
+          className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded-lg dark:bg-gray-700 dark:text-white"
+        />
+      </div>
+
+      <div className="overflow-x-auto bg-white dark:bg-gray-800 rounded-lg shadow">
+        <table className="w-full">
+          <thead className="bg-gray-50 dark:bg-gray-700 border-b dark:border-gray-600">
+            <tr>
+              <th className="px-6 py-3 text-left text-sm font-semibold text-gray-700 dark:text-gray-300">Email</th>
+              <th className="px-6 py-3 text-left text-sm font-semibold text-gray-700 dark:text-gray-300">Name</th>
+              <th className="px-6 py-3 text-left text-sm font-semibold text-gray-700 dark:text-gray-300">Roles</th>
+              <th className="px-6 py-3 text-left text-sm font-semibold text-gray-700 dark:text-gray-300">Created</th>
+              <th className="px-6 py-3 text-left text-sm font-semibold text-gray-700 dark:text-gray-300">Actions</th>
+            </tr>
+          </thead>
+          <tbody>
+            {filteredUsers.map((user: any) => (
+              <tr key={user.id} className="border-b dark:border-gray-700 hover:bg-gray-50 dark:hover:bg-gray-700">
+                <td className="px-6 py-4 text-sm dark:text-gray-300">{user.email}</td>
+                <td className="px-6 py-4 text-sm dark:text-gray-300">{user.name}</td>
+                <td className="px-6 py-4 text-sm">
+                  <div className="flex flex-wrap gap-1">
+                    {(user.roles || []).map((role: any) => (
+                      <span key={role.id} className="px-2 py-0.5 bg-blue-100 dark:bg-blue-900/30 text-blue-800 dark:text-blue-300 text-xs rounded-full">
+                        {role.name}
+                      </span>
+                    ))}
+                  </div>
+                </td>
+                <td className="px-6 py-4 text-sm dark:text-gray-300">{new Date(user.createdAt).toLocaleDateString()}</td>
+                <td className="px-6 py-4 text-sm space-x-2">
+                  <button
+                    onClick={() => openEditModal(user)}
+                    className="px-3 py-1 bg-yellow-50 dark:bg-yellow-900/30 text-yellow-700 dark:text-yellow-300 rounded hover:bg-yellow-100 dark:hover:bg-yellow-900/50"
+                  >
+                    Edit
+                  </button>
+                  <button
+                    onClick={() => handleDelete(user.id)}
+                    className="px-3 py-1 bg-red-50 dark:bg-red-900/30 text-red-700 dark:text-red-300 rounded hover:bg-red-100 dark:hover:bg-red-900/50"
+                  >
+                    Delete
+                  </button>
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      </div>
+
+      {/* Create Modal */}
+      {showCreateModal && (
+        <div className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center">
+          <div className="bg-white dark:bg-gray-800 rounded-lg p-6 max-w-md w-full">
+            <h2 className="text-2xl font-bold mb-4 dark:text-white">Create User</h2>
+            <form onSubmit={handleCreateUser}>
+              <input
+                type="email"
+                placeholder="Email"
+                value={newUser.email}
+                onChange={(e) => setNewUser({ ...newUser, email: e.target.value })}
+                required
+                className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded mb-4 dark:bg-gray-700 dark:text-white"
+              />
+              <input
+                type="text"
+                placeholder="Name"
+                value={newUser.name}
+                onChange={(e) => setNewUser({ ...newUser, name: e.target.value })}
+                className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded mb-4 dark:bg-gray-700 dark:text-white"
+              />
+              <input
+                type="password"
+                placeholder="Password"
+                value={newUser.password}
+                onChange={(e) => setNewUser({ ...newUser, password: e.target.value })}
+                required
+                className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded mb-4 dark:bg-gray-700 dark:text-white"
+              />
+              {roles.length > 0 && (
+                <div className="mb-4">
+                  <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">Roles</label>
+                  <div className="space-y-2 max-h-40 overflow-y-auto">
+                    {roles.map((role: any) => (
+                      <label key={role.id} className="flex items-center gap-2">
+                        <input
+                          type="checkbox"
+                          checked={newUser.roleIds.includes(role.id)}
+                          onChange={(e) => {
+                            const ids = e.target.checked
+                              ? [...newUser.roleIds, role.id]
+                              : newUser.roleIds.filter((id: string) => id !== role.id);
+                            setNewUser({ ...newUser, roleIds: ids });
+                          }}
+                          className="rounded border-gray-300 dark:border-gray-600"
+                        />
+                        <span className="text-sm dark:text-gray-300">{role.name}</span>
+                      </label>
+                    ))}
+                  </div>
+                </div>
+              )}
+              <div className="flex gap-2">
+                <button
+                  type="submit"
+                  className="flex-1 px-4 py-2 bg-blue-600 text-white rounded hover:bg-blue-700"
+                >
+                  Create
+                </button>
+                <button
+                  type="button"
+                  onClick={() => setShowCreateModal(false)}
+                  className="flex-1 px-4 py-2 bg-gray-200 dark:bg-gray-600 text-gray-700 dark:text-gray-300 rounded hover:bg-gray-300 dark:hover:bg-gray-500"
+                >
+                  Cancel
+                </button>
+              </div>
+            </form>
+          </div>
+        </div>
+      )}
+
+      {/* Edit Modal */}
+      {showEditModal && (
+        <div className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center">
+          <div className="bg-white dark:bg-gray-800 rounded-lg p-6 max-w-md w-full">
+            <h2 className="text-2xl font-bold mb-4 dark:text-white">Edit User</h2>
+            <form onSubmit={handleEditUser}>
+              <input
+                type="email"
+                placeholder="Email"
+                value={editUser.email}
+                onChange={(e) => setEditUser({ ...editUser, email: e.target.value })}
+                required
+                className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded mb-4 dark:bg-gray-700 dark:text-white"
+              />
+              <input
+                type="text"
+                placeholder="Name"
+                value={editUser.name}
+                onChange={(e) => setEditUser({ ...editUser, name: e.target.value })}
+                className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded mb-4 dark:bg-gray-700 dark:text-white"
+              />
+              {roles.length > 0 && (
+                <div className="mb-4">
+                  <label className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-2">Roles</label>
+                  <div className="space-y-2 max-h-40 overflow-y-auto">
+                    {roles.map((role: any) => (
+                      <label key={role.id} className="flex items-center gap-2">
+                        <input
+                          type="checkbox"
+                          checked={editUser.roleIds.includes(role.id)}
+                          onChange={(e) => {
+                            const ids = e.target.checked
+                              ? [...editUser.roleIds, role.id]
+                              : editUser.roleIds.filter((id: string) => id !== role.id);
+                            setEditUser({ ...editUser, roleIds: ids });
+                          }}
+                          className="rounded border-gray-300 dark:border-gray-600"
+                        />
+                        <span className="text-sm dark:text-gray-300">{role.name}</span>
+                      </label>
+                    ))}
+                  </div>
+                </div>
+              )}
+              <div className="flex gap-2">
+                <button
+                  type="submit"
+                  className="flex-1 px-4 py-2 bg-blue-600 text-white rounded hover:bg-blue-700"
+                >
+                  Update
+                </button>
+                <button
+                  type="button"
+                  onClick={() => setShowEditModal(false)}
+                  className="flex-1 px-4 py-2 bg-gray-200 dark:bg-gray-600 text-gray-700 dark:text-gray-300 rounded hover:bg-gray-300 dark:hover:bg-gray-500"
+                >
+                  Cancel
+                </button>
+              </div>
+            </form>
+          </div>
+        </div>
+      )}
+    </div>
+  );
+}
+`;
+}
+/**
+ * Generates the admin roles management page
+ * Allows CRUD operations on roles and permission assignment
+ * @returns TypeScript/JSX content for app/admin/roles/page.tsx
+ */
+function generateAdminRolesPage() {
+    return `// @chimerai component=AdminRolesPage version=1.0
+// @ts-nocheck
+'use client';
+
+import { useState, useEffect } from 'react';
+
+const AVAILABLE_PERMISSIONS = [
+  { id: 'users:read', label: 'Users: Read', description: 'View user list' },
+  { id: 'users:write', label: 'Users: Write', description: 'Create/edit users' },
+  { id: 'users:delete', label: 'Users: Delete', description: 'Delete users' },
+  { id: 'roles:read', label: 'Roles: Read', description: 'View role list' },
+  { id: 'roles:write', label: 'Roles: Write', description: 'Create/edit roles' },
+  { id: 'roles:delete', label: 'Roles: Delete', description: 'Delete roles' },
+  { id: 'settings:read', label: 'Settings: Read', description: 'View settings' },
+  { id: 'settings:write', label: 'Settings: Write', description: 'Modify settings' },
+  { id: 'admin:*', label: 'Admin: Full Access', description: 'Full admin access' },
+];
+
+export default function RolesPage() {
+  const [roles, setRoles] = useState([]);
+  const [loading, setLoading] = useState(true);
+  const [searchTerm, setSearchTerm] = useState('');
+  const [showCreateModal, setShowCreateModal] = useState(false);
+  const [showEditModal, setShowEditModal] = useState(false);
+  const [newRole, setNewRole] = useState({ name: '', description: '', permissions: [] as string[] });
+  const [editRole, setEditRole] = useState({ id: '', name: '', description: '', permissions: [] as string[] });
+
+  useEffect(() => {
+    fetchRoles();
+  }, []);
+
+  async function fetchRoles() {
+    try {
+      const res = await fetch('/api/admin/roles');
+      const data = await res.json();
+      setRoles(Array.isArray(data) ? data : []);
+    } catch (error) {
+      console.error('Failed to fetch roles:', error);
+      setRoles([]);
+    } finally {
+      setLoading(false);
+    }
+  }
+
+  async function handleDelete(roleId: string) {
+    if (!confirm('Are you sure you want to delete this role?')) return;
+
+    try {
+      await fetch(\`/api/admin/roles/\${roleId}\`, { method: 'DELETE' });
+      await fetchRoles();
+    } catch (error) {
+      console.error('Failed to delete role:', error);
+      alert('Failed to delete role');
+    }
+  }
+
+  async function handleCreateRole(e: React.FormEvent) {
+    e.preventDefault();
+    try {
+      const res = await fetch('/api/admin/roles', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          name: newRole.name,
+          description: newRole.description,
+          permissions: newRole.permissions
+        })
+      });
+
+      if (res.ok) {
+        setShowCreateModal(false);
+        setNewRole({ name: '', description: '', permissions: [] });
+        await fetchRoles();
+      } else {
+        alert('Failed to create role');
+      }
+    } catch (error) {
+      console.error('Failed to create role:', error);
+      alert('Failed to create role');
+    }
+  }
+
+  async function handleEditRole(e: React.FormEvent) {
+    e.preventDefault();
+    try {
+      const res = await fetch(\`/api/admin/roles/\${editRole.id}\`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          name: editRole.name,
+          description: editRole.description,
+          permissions: editRole.permissions
+        })
+      });
+
+      if (res.ok) {
+        setShowEditModal(false);
+        setEditRole({ id: '', name: '', description: '', permissions: [] });
+        await fetchRoles();
+      } else {
+        alert('Failed to update role');
+      }
+    } catch (error) {
+      console.error('Failed to update role:', error);
+      alert('Failed to update role');
+    }
+  }
+
+  function openEditModal(role: any) {
+    setEditRole({
+      id: role.id,
+      name: role.name,
+      description: role.description || '',
+      permissions: role.permissions || []
+    });
+    setShowEditModal(true);
+  }
+
+  const filteredRoles = roles.filter((role: any) =>
+    role.name?.toLowerCase().includes(searchTerm.toLowerCase())
+  );
+
+  if (loading) {
+    return <div className="container mx-auto py-8 dark:text-white">Loading...</div>;
+  }
+
+  return (
+    <div className="container mx-auto py-8">
+      <div className="flex justify-between items-center mb-6">
+        <h1 className="text-3xl font-bold dark:text-white">Roles</h1>
+        <button
+          onClick={() => setShowCreateModal(true)}
+          className="px-4 py-2 bg-blue-600 text-white rounded hover:bg-blue-700"
+        >
+          Add Role
+        </button>
+      </div>
+
+      <div className="mb-4">
+        <input
+          type="text"
+          placeholder="Search roles..."
+          value={searchTerm}
+          onChange={(e) => setSearchTerm(e.target.value)}
+          className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded-lg dark:bg-gray-700 dark:text-white"
+        />
+      </div>
+
+      <div className="grid gap-4">
+        {filteredRoles.map((role: any) => (
+          <div key={role.id} className="bg-white dark:bg-gray-800 rounded-lg shadow p-4">
+            <div className="flex justify-between items-start mb-3">
+              <div>
+                <h3 className="text-lg font-semibold dark:text-white">{role.name}</h3>
+                <p className="text-gray-600 dark:text-gray-400 text-sm">{role.description}</p>
+              </div>
+              <div className="flex gap-2">
+                <button
+                  onClick={() => openEditModal(role)}
+                  className="px-3 py-1 bg-yellow-50 dark:bg-yellow-900/30 text-yellow-700 dark:text-yellow-300 rounded hover:bg-yellow-100 dark:hover:bg-yellow-900/50"
+                >
+                  Edit
+                </button>
+                <button
+                  onClick={() => handleDelete(role.id)}
+                  className="px-3 py-1 bg-red-50 dark:bg-red-900/30 text-red-700 dark:text-red-300 rounded hover:bg-red-100 dark:hover:bg-red-900/50"
+                >
+                  Delete
+                </button>
+              </div>
+            </div>
+            <div className="flex flex-wrap gap-2">
+              {role.permissions?.map((perm: string) => (
+                <span key={perm} className="px-2 py-1 bg-blue-100 dark:bg-blue-900/30 text-blue-700 dark:text-blue-300 rounded text-xs">
+                  {perm}
+                </span>
+              ))}
+            </div>
+          </div>
+        ))}
+      </div>
+
+      {/* Create/Edit Modal */}
+      {(showCreateModal || showEditModal) && (
+        <div className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center">
+          <div className="bg-white dark:bg-gray-800 rounded-lg p-6 max-w-2xl w-full max-h-screen overflow-y-auto">
+            <h2 className="text-2xl font-bold mb-4 dark:text-white">
+              {showCreateModal ? 'Create Role' : 'Edit Role'}
+            </h2>
+            <form onSubmit={showCreateModal ? handleCreateRole : handleEditRole}>
+              <input
+                type="text"
+                placeholder="Role Name"
+                value={showCreateModal ? newRole.name : editRole.name}
+                onChange={(e) =>
+                  showCreateModal
+                    ? setNewRole({ ...newRole, name: e.target.value })
+                    : setEditRole({ ...editRole, name: e.target.value })
+                }
+                required
+                className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded mb-4 dark:bg-gray-700 dark:text-white"
+              />
+              <textarea
+                placeholder="Description"
+                value={showCreateModal ? newRole.description : editRole.description}
+                onChange={(e) =>
+                  showCreateModal
+                    ? setNewRole({ ...newRole, description: e.target.value })
+                    : setEditRole({ ...editRole, description: e.target.value })
+                }
+                className="w-full px-4 py-2 border border-gray-300 dark:border-gray-600 rounded mb-4 dark:bg-gray-700 dark:text-white"
+              />
+              <div className="mb-4">
+                <label className="block text-sm font-semibold mb-2 dark:text-white">Permissions</label>
+                <div className="space-y-2 max-h-40 overflow-y-auto border border-gray-300 dark:border-gray-600 rounded p-4">
+                  {AVAILABLE_PERMISSIONS.map((perm) => (
+                    <label key={perm.id} className="flex items-center">
+                      <input
+                        type="checkbox"
+                        checked={(
+                          showCreateModal ? newRole.permissions : editRole.permissions
+                        ).includes(perm.id)}
+                        onChange={(e) => {
+                          const permissions = showCreateModal ? newRole.permissions : editRole.permissions;
+                          const updated = e.target.checked
+                            ? [...permissions, perm.id]
+                            : permissions.filter((p) => p !== perm.id);
+
+                          if (showCreateModal) {
+                            setNewRole({ ...newRole, permissions: updated });
+                          } else {
+                            setEditRole({ ...editRole, permissions: updated });
+                          }
+                        }}
+                        className="mr-2"
+                      />
+                      <div>
+                        <div className="text-sm font-medium dark:text-gray-300">{perm.label}</div>
+                        <div className="text-xs text-gray-600 dark:text-gray-400">{perm.description}</div>
+                      </div>
+                    </label>
+                  ))}
+                </div>
+              </div>
+              <div className="flex gap-2">
+                <button
+                  type="submit"
+                  className="flex-1 px-4 py-2 bg-blue-600 text-white rounded hover:bg-blue-700"
+                >
+                  {showCreateModal ? 'Create' : 'Update'}
+                </button>
+                <button
+                  type="button"
+                  onClick={() => {
+                    setShowCreateModal(false);
+                    setShowEditModal(false);
+                  }}
+                  className="flex-1 px-4 py-2 bg-gray-200 dark:bg-gray-600 text-gray-700 dark:text-gray-300 rounded hover:bg-gray-300 dark:hover:bg-gray-500"
+                >
+                  Cancel
+                </button>
+              </div>
+            </form>
+          </div>
+        </div>
+      )}
+    </div>
+  );
+}
+`;
+}
+/**
+ * Generates the admin settings page
+ * Functional page for system configuration with save/reset
+ * @returns TypeScript/JSX content for app/admin/settings/page.tsx
+ */
+function generateAdminSettingsPage() {
+    return `// @chimerai component=AdminSettingsPage version=2.0
+'use client';
+
+import { useEffect, useState } from 'react';
+
+interface Settings {
+  'app.name': string;
+  'app.language': string;
+  'app.maintenanceMode': string;
+}
+
+export default function AdminSettingsPage() {
+  const [settings, setSettings] = useState<Settings>({
+    'app.name': 'ChimerAI',
+    'app.language': 'en',
+    'app.maintenanceMode': 'false',
+  });
+  const [original, setOriginal] = useState<Settings | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [saving, setSaving] = useState(false);
+  const [message, setMessage] = useState<{ type: 'success' | 'error'; text: string } | null>(null);
+
+  useEffect(() => {
+    fetchSettings();
+  }, []);
+
+  async function fetchSettings() {
+    try {
+      const res = await fetch('/api/admin/settings');
+      if (res.ok) {
+        const data = await res.json();
+        setSettings(data);
+        setOriginal(data);
+      } else {
+        setOriginal({ ...settings });
+      }
+    } catch (err) {
+      console.error('Failed to load settings:', err);
+      setOriginal({ ...settings });
+    } finally {
+      setLoading(false);
+    }
+  }
+
+  const hasChanges = original && JSON.stringify(settings) !== JSON.stringify(original);
+
+  async function handleSave() {
+    setSaving(true);
+    setMessage(null);
+    try {
+      const res = await fetch('/api/admin/settings', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(settings),
+      });
+      if (res.ok) {
+        setOriginal({ ...settings });
+        setMessage({ type: 'success', text: 'Settings saved successfully.' });
+        if (settings['app.name']) {
+          document.title = document.title.replace(/\u2014.*$/, \`\u2014 \${settings['app.name']}\`);
+        }
+      } else {
+        const data = await res.json();
+        setMessage({ type: 'error', text: data.error || 'Failed to save settings.' });
+      }
+    } catch (err) {
+      setMessage({ type: 'error', text: 'An error occurred while saving.' });
+    } finally {
+      setSaving(false);
+    }
+  }
+
+  function handleReset() {
+    if (original) {
+      setSettings({ ...original });
+    }
+    setMessage(null);
+  }
+
+  if (loading) {
+    return (
+      <div className="flex items-center justify-center py-20">
+        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-indigo-600"></div>
+      </div>
+    );
+  }
+
+  return (
+    <div className="container mx-auto py-8">
+      <div className="mb-8">
+        <h1 className="text-4xl font-bold mb-2 dark:text-white">System Settings</h1>
+        <p className="text-gray-600 dark:text-gray-400">Configure your ChimerAI system</p>
+      </div>
+
+      {message && (
+        <div className={\`mb-6 rounded-lg px-4 py-3 text-sm \${
+          message.type === 'success'
+            ? 'bg-green-50 dark:bg-green-900/30 text-green-700 dark:text-green-400'
+            : 'bg-red-50 dark:bg-red-900/30 text-red-700 dark:text-red-400'
+        }\`}>
+          {message.text}
+        </div>
+      )}
+
+      <div className="bg-white dark:bg-gray-800 rounded-lg shadow p-6 space-y-6">
+        <div className="border-b dark:border-gray-700 pb-4">
+          <h2 className="text-xl font-semibold mb-2 dark:text-white">General</h2>
+          <p className="text-gray-500 dark:text-gray-400 text-sm">General application settings</p>
+        </div>
+
+        <div className="space-y-4">
+          <div className="flex items-center justify-between py-3 border-b dark:border-gray-700">
+            <div>
+              <p className="font-medium dark:text-white">Application Name</p>
+              <p className="text-sm text-gray-500 dark:text-gray-400">Displayed in the browser title and header</p>
+            </div>
+            <input
+              type="text"
+              value={settings['app.name']}
+              onChange={(e) => setSettings({ ...settings, 'app.name': e.target.value })}
+              className="border dark:border-gray-600 rounded px-3 py-2 w-64 dark:bg-gray-700 dark:text-white focus:outline-none focus:ring-2 focus:ring-indigo-500"
+            />
+          </div>
+
+          <div className="flex items-center justify-between py-3 border-b dark:border-gray-700">
+            <div>
+              <p className="font-medium dark:text-white">Default Language</p>
+              <p className="text-sm text-gray-500 dark:text-gray-400">Default language for prompt templates</p>
+            </div>
+            <select
+              value={settings['app.language']}
+              onChange={(e) => setSettings({ ...settings, 'app.language': e.target.value })}
+              className="border dark:border-gray-600 rounded px-3 py-2 w-64 dark:bg-gray-700 dark:text-white focus:outline-none focus:ring-2 focus:ring-indigo-500"
+            >
+              <option value="en">English</option>
+              <option value="de">Deutsch</option>
+              <option value="fr">Fran\u00e7ais</option>
+              <option value="es">Espa\u00f1ol</option>
+              <option value="it">Italiano</option>
+            </select>
+          </div>
+
+          <div className="flex items-center justify-between py-3">
+            <div>
+              <p className="font-medium dark:text-white">Maintenance Mode</p>
+              <p className="text-sm text-gray-500 dark:text-gray-400">Restrict access to admins only</p>
+            </div>
+            <button
+              onClick={() =>
+                setSettings({
+                  ...settings,
+                  'app.maintenanceMode': settings['app.maintenanceMode'] === 'true' ? 'false' : 'true',
+                })
+              }
+              className={\`px-4 py-2 rounded font-medium text-sm transition-colors \${
+                settings['app.maintenanceMode'] === 'true'
+                  ? 'bg-red-600 text-white hover:bg-red-700'
+                  : 'bg-gray-200 dark:bg-gray-600 text-gray-700 dark:text-gray-200 hover:bg-gray-300 dark:hover:bg-gray-500'
+              }\`}
+            >
+              {settings['app.maintenanceMode'] === 'true' ? 'On' : 'Off'}
+            </button>
+          </div>
+        </div>
+
+        {/* Action buttons */}
+        <div className="flex items-center gap-3 pt-4 border-t dark:border-gray-700">
+          <button
+            onClick={handleSave}
+            disabled={!hasChanges || saving}
+            className="px-6 py-2 bg-indigo-600 text-white text-sm font-medium rounded-lg hover:bg-indigo-700 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
+          >
+            {saving ? 'Saving...' : 'Save Changes'}
+          </button>
+          <button
+            onClick={handleReset}
+            disabled={!hasChanges}
+            className="px-6 py-2 border border-gray-300 dark:border-gray-600 text-sm font-medium rounded-lg text-gray-700 dark:text-gray-200 hover:bg-gray-50 dark:hover:bg-gray-700 disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
+          >
+            Reset
+          </button>
+        </div>
+      </div>
+    </div>
+  );
+}
+`;
+}
+/**
+ * Generates the admin activity logs page
+ * Full audit log table with filters for action, user, and date range
+ * @returns TypeScript/JSX content for app/admin/logs/page.tsx
+ */
+function generateAdminLogsPage() {
+    return `// @chimerai component=AdminLogsPage version=2.0
+'use client';
+
+import { useEffect, useState } from 'react';
+
+interface AuditLogEntry {
+  id: string;
+  action: string;
+  userId: string;
+  targetType: string | null;
+  targetId: string | null;
+  metadata: any;
+  ipAddress: string | null;
+  createdAt: string;
+  user: { name: string | null; email: string | null };
+}
+
+export default function AdminLogsPage() {
+  const [logs, setLogs] = useState<AuditLogEntry[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [actionFilter, setActionFilter] = useState('');
+  const [page, setPage] = useState(1);
+  const [totalPages, setTotalPages] = useState(1);
+  const pageSize = 25;
+
+  const fetchLogs = async () => {
+    setLoading(true);
+    try {
+      const params = new URLSearchParams({
+        page: page.toString(),
+        pageSize: pageSize.toString(),
+      });
+      if (actionFilter) params.set('action', actionFilter);
+
+      const res = await fetch(\`/api/admin/audit-logs?\${params}\`);
+      if (res.ok) {
+        const data = await res.json();
+        setLogs(data.logs);
+        setTotalPages(Math.ceil(data.total / pageSize));
+      }
+    } catch (err) {
+      console.error('Failed to fetch audit logs:', err);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  useEffect(() => {
+    fetchLogs();
+  }, [page, actionFilter]);
+
+  const formatDate = (dateStr: string) => {
+    return new Date(dateStr).toLocaleString();
+  };
+
+  const actionBadgeColor = (action: string) => {
+    if (action.includes('create')) return 'bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-400';
+    if (action.includes('update')) return 'bg-blue-100 text-blue-800 dark:bg-blue-900/30 dark:text-blue-400';
+    if (action.includes('delete')) return 'bg-red-100 text-red-800 dark:bg-red-900/30 dark:text-red-400';
+    return 'bg-gray-100 text-gray-800 dark:bg-gray-700 dark:text-gray-300';
+  };
+
+  return (
+    <div className="container mx-auto py-8">
+      <div className="mb-8">
+        <h1 className="text-4xl font-bold mb-2 dark:text-white">Activity Logs</h1>
+        <p className="text-gray-600 dark:text-gray-400">Monitor system activity and user actions</p>
+      </div>
+
+      {/* Filters */}
+      <div className="mb-4 flex gap-4">
+        <select
+          value={actionFilter}
+          onChange={(e) => { setActionFilter(e.target.value); setPage(1); }}
+          className="px-3 py-2 border rounded-lg bg-white dark:bg-gray-800 dark:border-gray-600 dark:text-white"
+        >
+          <option value="">All Actions</option>
+          <option value="user.create">User Created</option>
+          <option value="user.update">User Updated</option>
+          <option value="user.delete">User Deleted</option>
+          <option value="role.create">Role Created</option>
+          <option value="role.update">Role Updated</option>
+          <option value="role.delete">Role Deleted</option>
+          <option value="provider.create">Provider Created</option>
+          <option value="provider.update">Provider Updated</option>
+          <option value="provider.delete">Provider Deleted</option>
+          <option value="user.login">User Login</option>
+        </select>
+      </div>
+
+      {/* Table */}
+      <div className="bg-white dark:bg-gray-800 rounded-lg shadow overflow-hidden">
+        <table className="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
+          <thead className="bg-gray-50 dark:bg-gray-900">
+            <tr>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Time</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Action</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">User</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Target</th>
+              <th className="px-4 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase">Details</th>
+            </tr>
+          </thead>
+          <tbody className="divide-y divide-gray-200 dark:divide-gray-700">
+            {loading ? (
+              <tr>
+                <td colSpan={5} className="px-4 py-8 text-center text-gray-400">
+                  Loading...
+                </td>
+              </tr>
+            ) : logs.length === 0 ? (
+              <tr>
+                <td colSpan={5} className="px-4 py-8 text-center text-gray-400">
+                  No audit logs found
+                </td>
+              </tr>
+            ) : (
+              logs.map((log) => (
+                <tr key={log.id} className="hover:bg-gray-50 dark:hover:bg-gray-700/50">
+                  <td className="px-4 py-3 text-sm text-gray-500 dark:text-gray-400 whitespace-nowrap">
+                    {formatDate(log.createdAt)}
+                  </td>
+                  <td className="px-4 py-3">
+                    <span className={\`inline-flex px-2 py-1 text-xs font-medium rounded-full \${actionBadgeColor(log.action)}\`}>
+                      {log.action}
+                    </span>
+                  </td>
+                  <td className="px-4 py-3 text-sm dark:text-gray-300">
+                    {log.user?.name || log.user?.email || log.userId}
+                  </td>
+                  <td className="px-4 py-3 text-sm text-gray-500 dark:text-gray-400">
+                    {log.targetType && (
+                      <span>{log.targetType}{log.targetId ? \`: \${log.targetId.slice(0, 8)}...\` : ''}</span>
+                    )}
+                  </td>
+                  <td className="px-4 py-3 text-sm text-gray-500 dark:text-gray-400">
+                    {log.metadata && (
+                      <pre className="text-xs max-w-xs truncate">{JSON.stringify(log.metadata)}</pre>
+                    )}
+                  </td>
+                </tr>
+              ))
+            )}
+          </tbody>
+        </table>
+      </div>
+
+      {/* Pagination */}
+      {totalPages > 1 && (
+        <div className="mt-4 flex justify-center gap-2">
+          <button
+            onClick={() => setPage(Math.max(1, page - 1))}
+            disabled={page === 1}
+            className="px-3 py-1 rounded border dark:border-gray-600 disabled:opacity-50 dark:text-white"
+          >
+            Previous
+          </button>
+          <span className="px-3 py-1 text-sm dark:text-gray-300">
+            Page {page} of {totalPages}
+          </span>
+          <button
+            onClick={() => setPage(Math.min(totalPages, page + 1))}
+            disabled={page === totalPages}
+            className="px-3 py-1 rounded border dark:border-gray-600 disabled:opacity-50 dark:text-white"
+          >
+            Next
+          </button>
+        </div>
+      )}
+    </div>
+  );
+}
+`;
+}
+/**
+ * Generates the audit log helper utility.
+ * Provides logAuditAction() for recording actions across the app.
+ * @returns TypeScript content for lib/audit.ts
+ */
+function generatePermissionsLib() {
+    return `/**
+ * Permission utility functions
+ * Handles permission checks and role-based access control
+ */
+
+export const AVAILABLE_PERMISSIONS = [
+  'users:read',
+  'users:write',
+  'users:delete',
+  'roles:read',
+  'roles:write',
+  'roles:delete',
+  'settings:read',
+  'settings:write',
+  'admin:*',
+] as const;
+
+export type Permission = typeof AVAILABLE_PERMISSIONS[number];
+
+interface User {
+  id: string;
+  email: string;
+  roles?: Array<{ permissions: string[] }>;
+}
+
+export function hasPermission(user: User | null, permission: string): boolean {
+  if (!user || !user.roles) return false;
+  const allPermissions = user.roles.flatMap(role => role.permissions || []);
+
+  // Tier 1: Super-Wildcard — '*' matcht ALLES
+  if (allPermissions.includes('*')) return true;
+
+  // Tier 2: Kategorie-Wildcard — 'admin:*' matcht 'admin:users:read', 'admin:roles:write', etc.
+  for (const perm of allPermissions) {
+    if (perm.endsWith(':*')) {
+      const prefix = perm.slice(0, -1); // 'admin:*' → 'admin:'
+      if (permission.startsWith(prefix)) return true;
+    }
+  }
+
+  // Tier 3: Exakter Match
+  return allPermissions.includes(permission);
+}
+
+export function hasAnyPermission(user: User | null, permissions: string[]): boolean {
+  if (!user) return false;
+  return permissions.some(permission => hasPermission(user, permission));
+}
+
+export function hasAllPermissions(user: User | null, permissions: string[]): boolean {
+  if (!user) return false;
+  return permissions.every(permission => hasPermission(user, permission));
+}
+
+export function getUserPermissions(user: User | null): string[] {
+  if (!user || !user.roles) return [];
+  return [...new Set(user.roles.flatMap(role => role.permissions || []))];
+}
+
+export function isValidPermission(permission: string): boolean {
+  return AVAILABLE_PERMISSIONS.includes(permission as Permission);
+}
+`;
+}
+function generateRequirePermissionLib() {
+    return `import { getServerSession } from 'next-auth';
+import { NextResponse } from 'next/server';
+import { authOptions } from '@/lib/auth';
+import { hasPermission } from '@/lib/permissions';
+
+/**
+ * Server-side permission check for API routes
+ * Returns NextResponse with 401/403 if check fails, null if OK
+ */
+export async function requirePermission(permission: string) {
+  const session = await getServerSession(authOptions);
+
+  if (!session || !session.user) {
+    return NextResponse.json(
+      { error: 'Unauthorized - Please sign in' },
+      { status: 401 }
+    );
+  }
+
+  const user = await getServerSessionWithPermissions();
+
+  if (!user || !hasPermission(user as any, permission)) {
+    return NextResponse.json(
+      { error: \`Forbidden - Required permission: \${permission}\` },
+      { status: 403 }
+    );
+  }
+
+  return null;
+}
+
+async function getServerSessionWithPermissions() {
+  const session = await getServerSession(authOptions);
+  if (!session?.user?.email) return null;
+
+  const { prisma } = await import('@/lib/prisma');
+  const user = await prisma.user.findUnique({
+    where: { email: session.user.email },
+    include: {
+      roles: {
+        select: {
+          role: {
+            select: {
+              id: true,
+              name: true,
+              permissions: true
+            }
+          }
+        }
+      }
+    }
+  });
+
+  if (!user) return null;
+
+  // Flatten UserRole[] → { permissions: string[] }[]
+  return {
+    ...user,
+    roles: (user.roles as any[]).map((ur: any) => ur.role),
+  };
+}
+`;
+}
+function generateAuditLogHelper() {
+    return `// @chimerai component=AuditLogHelper version=1.0
+import { prisma } from './prisma';
+
+export interface AuditActionParams {
+  action: string;
+  userId: string;
+  targetType?: string;
+  targetId?: string;
+  metadata?: Record<string, any>;
+  ipAddress?: string;
+}
+
+/**
+ * Log an audit action. Fire-and-forget — errors are caught and logged.
+ */
+export async function logAuditAction(params: AuditActionParams): Promise<void> {
+  try {
+    if (!(prisma as any).auditLog) return; // AuditLog model not in schema (requires admin-ui)
+    await (prisma as any).auditLog.create({
+      data: {
+        action: params.action,
+        userId: params.userId,
+        targetType: params.targetType || null,
+        targetId: params.targetId || null,
+        metadata: params.metadata ? JSON.stringify(params.metadata) : null,
+        ipAddress: params.ipAddress || null,
+      },
+    });
+  } catch (error) {
+    console.error('[AuditLog] Failed to log action:', params.action, error);
+  }
+}
+
+/** Alias for backwards compatibility and short-form usage */
+export const logAction = logAuditAction;
+`;
+}