@gelabs/ovr 0.2.1 → 0.3.0

package/dist/offline.js

@@ -1,376 +1,3 @@
 "use client";
-import { makeOvrTicketNo, addDays, makeBillNo, makeOrderOfPaymentNo, enrich } from './chunk-B634JHKZ.js';
-import Dexie from 'dexie';
-import { useLiveQuery } from 'dexie-react-hooks';
-import { useState, useEffect } from 'react';
-
-var db = new Dexie("eovr-offline");
-db.version(1).stores({
-  tickets: "ovrTicketNo, paymentStatus, createdAt",
-  catalog: "code, category",
-  officers: "id",
-  meta: "key"
-});
-db.version(2).stores({
-  outbox: "ovrTicketNo, status, createdAt"
-});
-async function getMeta(key) {
-  const row = await db.meta.get(key);
-  return row?.value;
-}
-async function setMeta(key, value) {
-  await db.meta.put({ key, value });
-}
-
-// ../ovr-offline/src/sync.ts
-var API = "/api";
-var LEASE_MIN = 10;
-var LEASE_BATCH = 50;
-function setOfflineApiBase(base) {
-  API = base.replace(/\/$/, "");
-}
-function offlineApiBase() {
-  return API;
-}
-var SessionExpired = class extends Error {
-  constructor() {
-    super("session_expired");
-    this.name = "SessionExpired";
-  }
-};
-function isOnline() {
-  return typeof navigator !== "undefined" ? navigator.onLine : true;
-}
-async function call(path, init) {
-  let res;
-  try {
-    res = await fetch(`${API}${path}`, { credentials: "include", ...init });
-  } catch {
-    return null;
-  }
-  if (res.status === 401) throw new SessionExpired();
-  return res;
-}
-var postInit = (body) => ({
-  method: "POST",
-  headers: { "content-type": "application/json" },
-  body: JSON.stringify(body)
-});
-async function ensureLease(min = LEASE_MIN) {
-  if (!isOnline()) return;
-  const seqs = await getMeta("leaseSeqs") ?? [];
-  if (seqs.length >= min) return;
-  const res = await call("/sync/lease", postInit({ count: LEASE_BATCH }));
-  if (!res || !res.ok) return;
-  const { seqs: fresh } = await res.json();
-  await setMeta("leaseSeqs", [...seqs, ...fresh]);
-}
-async function pushOutbox() {
-  const pending = await db.outbox.toArray();
-  if (!pending.length) return;
-  const res = await call(
-    "/sync/push",
-    postInit({ tickets: pending.map((p) => p.payload) })
-  );
-  if (!res || !res.ok) return;
-  const { results } = await res.json();
-  await db.transaction("rw", db.outbox, db.tickets, async () => {
-    for (const r of results) {
-      if (r.ok) {
-        await db.outbox.delete(r.ovrTicketNo);
-        if (r.ticket) await db.tickets.put(r.ticket);
-      } else {
-        await db.outbox.update(r.ovrTicketNo, { status: "error", error: r.error });
-      }
-    }
-  });
-}
-async function pullAll() {
-  const [t, c, o, s] = await Promise.all([
-    call("/tickets"),
-    call("/violations"),
-    call("/officers"),
-    call("/tickets/stats")
-  ]);
-  if (!t || !c || !o || !s) return;
-  if (!t.ok || !c.ok || !o.ok || !s.ok) {
-    throw new Error(
-      `sync.pullAll failed: tickets=${t.status} catalog=${c.status} officers=${o.status} stats=${s.status}`
-    );
-  }
-  const tickets = await t.json();
-  const catalog = await c.json();
-  const officers = await o.json();
-  const stats = await s.json();
-  await db.transaction(
-    "rw",
-    db.tickets,
-    db.catalog,
-    db.officers,
-    db.meta,
-    async () => {
-      await db.tickets.bulkPut(tickets);
-      await db.catalog.clear();
-      await db.catalog.bulkPut(catalog);
-      await db.officers.clear();
-      await db.officers.bulkPut(officers);
-      await db.meta.put({ key: "stats", value: stats });
-    }
-  );
-  await setMeta("lastSyncedAt", (/* @__PURE__ */ new Date()).toISOString());
-}
-async function sync() {
-  if (!isOnline()) return;
-  await pushOutbox();
-  await ensureLease();
-  await pullAll();
-}
-
-// ../ovr-offline/src/issue.ts
-async function popSeq() {
-  return db.transaction("rw", db.meta, async () => {
-    const row = await db.meta.get("leaseSeqs");
-    const seqs = row?.value ?? [];
-    if (seqs.length === 0) return null;
-    await db.meta.put({ key: "leaseSeqs", value: seqs.slice(1) });
-    return seqs[0];
-  });
-}
-async function issueTicketOffline(input, rules) {
-  let seq = await popSeq();
-  if (seq === null && isOnline()) {
-    await ensureLease(50);
-    seq = await popSeq();
-  }
-  if (seq === null) {
-    throw new Error(
-      isOnline() ? "Couldn't reserve ticket numbers \u2014 please try again." : "No offline ticket numbers left. Reconnect to the internet to reserve more."
-    );
-  }
-  const now = /* @__PURE__ */ new Date();
-  const ovrTicketNo = makeOvrTicketNo(rules.idPrefix, now.getFullYear(), seq);
-  const officer = await db.officers.get(input.officerId);
-  if (!officer) {
-    const cur = await getMeta("leaseSeqs") ?? [];
-    await setMeta("leaseSeqs", [seq, ...cur]);
-    throw new Error("That officer isn't available offline. Sync and try again.");
-  }
-  const catalog = await db.catalog.toArray();
-  const byCode = new Map(catalog.map((c) => [c.code, c]));
-  const violations = input.violations.map((x) => {
-    const c = byCode.get(x.catalogCode);
-    if (!c) throw new Error(`Unknown violation: ${x.catalogCode}`);
-    const v = {
-      catalogCode: c.code,
-      title: c.title,
-      basicFine: c.basicFine
-    };
-    if (x.details?.trim()) v.details = x.details.trim();
-    return v;
-  });
-  const basicFinesTotal = violations.reduce((s, v) => s + v.basicFine, 0);
-  const record = {
-    ovrTicketNo,
-    orderOfPaymentNo: makeOrderOfPaymentNo(ovrTicketNo),
-    billNo: makeBillNo(now, officer.office, officer.badgeNo ?? "X000", seq),
-    violator: input.violator,
-    apprehendedAt: input.apprehendedAt,
-    officer,
-    violations,
-    assessedAt: now.toISOString(),
-    dueDate: addDays(now, rules.dueWindowDays).toISOString(),
-    basicFinesTotal,
-    paymentStatus: "UNPAID",
-    createdAt: now.toISOString()
-  };
-  if (input.placeOfViolation?.trim())
-    record.placeOfViolation = input.placeOfViolation.trim();
-  if (input.remarks?.trim()) record.remarks = input.remarks.trim();
-  const ticket = enrich(record, now, rules.surchargeRatePerMonth);
-  await db.transaction("rw", db.tickets, db.outbox, async () => {
-    await db.tickets.put(ticket);
-    await db.outbox.put({
-      ovrTicketNo,
-      createdAt: record.createdAt,
-      status: "pending",
-      payload: {
-        ovrTicketNo,
-        createdAt: record.createdAt,
-        violator: input.violator,
-        apprehendedAt: input.apprehendedAt,
-        ...record.placeOfViolation ? { placeOfViolation: record.placeOfViolation } : {},
-        officerId: input.officerId,
-        violations: input.violations,
-        ...record.remarks ? { remarks: record.remarks } : {}
-      }
-    });
-  });
-  if (isOnline()) void pushOutbox().catch(() => {
-  });
-  return ticket;
-}
-async function getIdentity() {
-  return await getMeta("identity") ?? void 0;
-}
-async function clearIdentity() {
-  await setMeta("identity", null);
-}
-function useAdminAuth() {
-  const [state, setState] = useState({ status: "loading" });
-  useEffect(() => {
-    let cancelled = false;
-    (async () => {
-      const cached = await getMeta("identity");
-      if (isOnline()) {
-        try {
-          const res = await fetch(`${offlineApiBase()}/auth/me`, {
-            credentials: "include"
-          });
-          if (res.ok) {
-            const { user } = await res.json();
-            await setMeta("identity", user);
-            if (!cancelled) setState({ status: "authed", user });
-            return;
-          }
-          await setMeta("identity", null);
-          if (!cancelled) setState({ status: "unauthed" });
-          return;
-        } catch {
-        }
-      }
-      if (!cancelled) {
-        setState(
-          cached ? { status: "authed", user: cached } : { status: "unauthed" }
-        );
-      }
-    })();
-    return () => {
-      cancelled = true;
-    };
-  }, []);
-  return state;
-}
-var PBKDF2_ITERATIONS = 21e4;
-function subtle() {
-  return typeof crypto !== "undefined" && crypto.subtle ? crypto.subtle : null;
-}
-var toHex = (buf) => Array.from(new Uint8Array(buf), (b) => b.toString(16).padStart(2, "0")).join(
-  ""
-);
-function fromHex(hex) {
-  const out = new Uint8Array(hex.length / 2);
-  for (let i = 0; i < out.length; i++)
-    out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
-  return out;
-}
-async function deriveHashHex(password, salt, iterations) {
-  const s = subtle();
-  if (!s) return null;
-  const keyMaterial = await s.importKey(
-    "raw",
-    new TextEncoder().encode(password),
-    "PBKDF2",
-    false,
-    ["deriveBits"]
-  );
-  const bits = await s.deriveBits(
-    { name: "PBKDF2", salt, iterations, hash: "SHA-256" },
-    keyMaterial,
-    256
-  );
-  return toHex(bits);
-}
-async function cacheCredential(username, password, identity) {
-  if (!subtle()) return;
-  const salt = crypto.getRandomValues(new Uint8Array(16));
-  const hashHex = await deriveHashHex(password, salt, PBKDF2_ITERATIONS);
-  if (!hashHex) return;
-  const cred = {
-    username: username.trim(),
-    saltHex: toHex(salt.buffer),
-    hashHex,
-    iterations: PBKDF2_ITERATIONS,
-    identity
-  };
-  await setMeta("credential", cred);
-}
-async function verifyOffline(username, password) {
-  const cred = await getMeta("credential");
-  if (!cred || cred.username !== username.trim()) return null;
-  const hashHex = await deriveHashHex(
-    password,
-    fromHex(cred.saltHex),
-    cred.iterations
-  );
-  if (!hashHex || hashHex !== cred.hashHex) return null;
-  await setMeta("identity", cred.identity);
-  return cred.identity;
-}
-
-// ../ovr-offline/src/hooks.ts
-function useTickets() {
-  return useLiveQuery(() => db.tickets.orderBy("createdAt").reverse().toArray());
-}
-function useCatalog() {
-  return useLiveQuery(() => db.catalog.orderBy("category").toArray());
-}
-function useOfficers() {
-  return useLiveQuery(() => db.officers.toArray());
-}
-function useStats() {
-  return useLiveQuery(
-    async () => (await db.meta.get("stats"))?.value
-  );
-}
-function useTicket(ovrTicketNo) {
-  return useLiveQuery(
-    async () => await db.tickets.get(ovrTicketNo) ?? null,
-    [ovrTicketNo]
-  );
-}
-function usePendingSync() {
-  const rows = useLiveQuery(() => db.outbox.toArray());
-  return new Set((rows ?? []).map((r) => r.ovrTicketNo));
-}
-function useSync() {
-  const [syncing, setSyncing] = useState(false);
-  const [online, setOnline] = useState(true);
-  const [error, setError] = useState(null);
-  useEffect(() => {
-    let cancelled = false;
-    setOnline(isOnline());
-    async function runSyncCycle() {
-      if (!isOnline()) return;
-      setSyncing(true);
-      setError(null);
-      try {
-        await sync();
-      } catch (e) {
-        if (e instanceof SessionExpired) {
-          await clearIdentity();
-          window.location.assign("/admin/login");
-          return;
-        }
-        if (!cancelled) setError(e instanceof Error ? e.message : "sync failed");
-      } finally {
-        if (!cancelled) setSyncing(false);
-      }
-    }
-    const onOnline = () => {
-      setOnline(true);
-      void runSyncCycle();
-    };
-    const onOffline = () => setOnline(false);
-    void runSyncCycle();
-    window.addEventListener("online", onOnline);
-    window.addEventListener("offline", onOffline);
-    return () => {
-      cancelled = true;
-      window.removeEventListener("online", onOnline);
-      window.removeEventListener("offline", onOffline);
-    };
-  }, []);
-  return { syncing, online, error };
-}
-
-export { SessionExpired, cacheCredential, clearIdentity, db, ensureLease, getIdentity, getMeta, isOnline, issueTicketOffline, offlineApiBase, pullAll, pushOutbox, setMeta, setOfflineApiBase, sync, useAdminAuth, useCatalog, useOfficers, usePendingSync, useStats, useSync, useTicket, useTickets, verifyOffline };
+export { SessionExpired, cacheCredential, clearIdentity, db, ensureLease, getIdentity, getMeta, isOnline, issueTicketOffline, offlineApiBase, pullAll, pushOutbox, setMeta, setOfflineApiBase, sync, useAdminAuth, useCatalog, useIdentity, useNotifications, useNotificationsState, useOfficers, usePendingSync, useStats, useSync, useTicket, useTickets, verifyOffline } from './chunk-YGYA7KEG.js';
+import './chunk-BI4EGLPG.js';

package/dist/{types-CtBC5-TW.d.ts → types-BOgdk0Jw.d.ts}

@@ -101,7 +101,126 @@ declare const baseCopy: {
         readonly dashboard: "Dashboard";
         readonly tickets: "Tickets";
         readonly issueTicket: "Issue ticket";
+        readonly accounts: "Accounts";
+        readonly roles: "Roles";
+        readonly officers: "Officers";
+        readonly logs: "Activity log";
+        readonly more: "More";
+        readonly signOut: "Sign out";
+        readonly signOutConfirmTitle: "Sign out?";
+        readonly signOutConfirmBody: "You'll need to sign in again to issue or manage tickets.";
+        readonly cancel: "Cancel";
         readonly newTicketTitle: "Issue Violation Ticket";
+        readonly accountsPage: {
+            readonly title: "Accounts";
+            readonly subtitle: "Create and manage who can sign in to the enforcer portal. Each account's role decides what it can see and do.";
+            readonly newAccount: "New account";
+            readonly edit: "Edit";
+            readonly editTitle: "Edit account";
+            readonly saveChanges: "Save changes";
+            readonly username: "Username";
+            readonly password: "Password";
+            readonly role: "Role";
+            readonly officer: "Linked officer";
+            readonly officerNone: "— None —";
+            readonly officerHint: "Link an enforcer to an officer record so issued tickets are attributed.";
+            readonly status: "Status";
+            readonly active: "Active";
+            readonly inactive: "Inactive";
+            readonly created: "Created";
+            readonly actions: "Actions";
+            readonly create: "Create account";
+            readonly creating: "Creating…";
+            readonly deactivate: "Deactivate";
+            readonly activate: "Activate";
+            readonly resetPassword: "Reset password";
+            readonly newPassword: "New password";
+            readonly save: "Save";
+            readonly saving: "Saving…";
+            readonly cancel: "Cancel";
+            readonly empty: "No accounts yet — create the first one.";
+            readonly you: "You";
+        };
+        readonly rolesPage: {
+            readonly title: "Roles & permissions";
+            readonly subtitle: "Define what each role can do. Create custom roles, set their permissions, then assign them to accounts.";
+            readonly newRole: "New role";
+            readonly roleName: "Role name";
+            readonly roleNamePlaceholder: "e.g. Cashier, Supervisor";
+            readonly permissions: "Permissions";
+            readonly editPermissions: "Edit permissions";
+            readonly noPermissions: "No permissions";
+            readonly permissionsCount: "permissions";
+            readonly system: "System";
+            readonly custom: "Custom";
+            readonly create: "Create role";
+            readonly creating: "Creating…";
+            readonly save: "Save";
+            readonly saving: "Saving…";
+            readonly saved: "Saved";
+            readonly cancel: "Cancel";
+            readonly delete: "Delete";
+            readonly deleteConfirmTitle: "Delete this role?";
+            readonly deleteConfirmBody: "Move any accounts off this role first. This can't be undone.";
+            readonly lockedHint: "Super Admin always keeps account & role management.";
+            readonly empty: "No roles yet — create the first one.";
+            readonly inUseSuffix: "in use";
+        };
+        readonly logsPage: {
+            readonly title: "Activity log";
+            readonly subtitle: "Audit trail of what accounts did — sign-ins, ticket issuance, and account & role changes.";
+            readonly allActions: "All actions";
+            readonly search: "Search actor or detail…";
+            readonly actor: "Actor";
+            readonly action: "Action";
+            readonly detail: "Detail";
+            readonly when: "When";
+            readonly empty: "No activity recorded yet.";
+            readonly system: "system";
+        };
+        readonly officersPage: {
+            readonly title: "Apprehending officers";
+            readonly subtitle: "Officers who apprehend violations — shown in the Issue-Ticket form and linked to enforcer accounts.";
+            readonly newOfficer: "New officer";
+            readonly name: "Full name";
+            readonly namePlaceholder: "e.g. DELA CRUZ, JUAN P.";
+            readonly badge: "Badge no.";
+            readonly badgePlaceholder: "e.g. A176";
+            readonly office: "Office";
+            readonly officePlaceholder: "e.g. POSO";
+            readonly edit: "Edit";
+            readonly editTitle: "Edit officer";
+            readonly create: "Add officer";
+            readonly creating: "Adding…";
+            readonly save: "Save";
+            readonly saving: "Saving…";
+            readonly cancel: "Cancel";
+            readonly delete: "Remove";
+            readonly deleteConfirmTitle: "Remove this officer?";
+            readonly deleteConfirmBody: "This can't be undone. Officers with issued tickets or a linked account can't be removed.";
+            readonly empty: "No officers yet — add the first one.";
+            readonly actions: "Actions";
+        };
+        readonly notifications: {
+            readonly title: "Notifications";
+            readonly subtitle: "Tickets that need attention — overdue and outstanding.";
+            readonly empty: "You're all caught up.";
+            readonly overdue: "Overdue";
+            readonly outstanding: "Outstanding";
+            readonly viewAll: "View all";
+        };
+        readonly changePassword: {
+            readonly title: "Change password";
+            readonly subtitle: "Enter your current password, then your new one.";
+            readonly current: "Current password";
+            readonly new: "New password";
+            readonly confirm: "Confirm new password";
+            readonly submit: "Update password";
+            readonly saving: "Updating…";
+            readonly cancel: "Cancel";
+            readonly mismatch: "New passwords don't match.";
+            readonly success: "Password updated.";
+        };
         readonly sync: {
             readonly offline: "Offline";
             readonly syncing: "Syncing…";

package/dist/types.d.ts

@@ -42,6 +42,12 @@ interface Officer {
     badgeNo?: string;
     office: string;
 }
+/** What an admin submits to add/edit an apprehending officer (GE-025). */
+interface NewOfficerInput {
+    name: string;
+    badgeNo?: string;
+    office: string;
+}
 type PaymentMethod = "GCASH" | "MAYA" | "LANDBANK" | "OVER_THE_COUNTER";
 interface Payment {
     method: PaymentMethod;
@@ -64,6 +70,9 @@ interface TicketRecord {
     officer: Officer;
     violations: IssuedViolation[];
     remarks?: string;
+    issuedBy?: string;
+    apprehendingEnforcerId?: string;
+    apprehendingEnforcerName?: string;
     assessedAt: string;
     dueDate: string;
     basicFinesTotal: number;
@@ -77,5 +86,89 @@ interface Ticket extends TicketRecord {
     penaltyAmount: number;
     totalAmountDue: number;
 }
+/** Every capability the app gates on. Add a gate by extending this + the catalog. */
+type Permission = "dashboard:view" | "tickets:view" | "tickets:create" | "accounts:manage" | "roles:manage" | "officers:manage" | "logs:view" | "notifications:view";
+interface PermissionDef {
+    key: Permission;
+    label: string;
+    description: string;
+}
+/** The catalog shown in the Roles editor (array order = display order). */
+declare const PERMISSION_CATALOG: PermissionDef[];
+declare const ALL_PERMISSIONS: Permission[];
+/** A role + its permission set. `isSystem` roles can't be renamed or deleted. */
+interface RoleDef {
+    name: string;
+    label: string;
+    isSystem: boolean;
+    permissions: Permission[];
+}
+/** What an admin submits to create a custom role. */
+interface NewRoleInput {
+    label: string;
+    permissions: Permission[];
+}
+/** The built-in roles, seeded into every deployment. */
+declare const SYSTEM_ROLES: RoleDef[];
+/** Default role assigned to a new account / seeded login. */
+declare const DEFAULT_ROLE_NAME = "ENFORCER";
+/** SUPER_ADMIN ALWAYS keeps these (anti-lockout): locked-on in the Roles editor
+ *  and re-asserted server-side, so no one can revoke their own ability to manage
+ *  accounts/roles and lock everyone out. */
+declare const SUPER_ADMIN_LOCKED_PERMISSIONS: Permission[];
+/** Whether a permission set grants a capability. Safe with null/undefined. */
+declare function hasPermission(permissions: readonly string[] | null | undefined, permission: Permission): boolean;
+/** A user account as shown to admins (NEVER carries the password hash). */
+interface UserAccount {
+    id: string;
+    username: string;
+    role: string;
+    roleLabel?: string;
+    active: boolean;
+    officerId: string | null;
+    /** Convenience: the linked officer's display name, if any. */
+    officerName?: string;
+    createdAt: string;
+}
+/** What an admin submits to create an account. The password hash is computed by
+ *  the app (argon2 stays out of the data layer), mirroring the seed path. */
+interface NewUserInput {
+    username: string;
+    passwordHash: string;
+    role: string;
+    officerId?: string | null;
+}
+/** The recorded action kinds (extensible; stored as a string for forward-compat). */
+declare const ACTIVITY_ACTIONS: readonly ["auth.login", "auth.logout", "ticket.issued", "account.create", "account.update", "account.activate", "account.deactivate", "account.password_reset", "account.password_change", "role.create", "role.update", "role.delete", "officer.create", "officer.update", "officer.delete"];
+type ActivityAction = (typeof ACTIVITY_ACTIONS)[number];
+declare const ACTIVITY_ACTION_LABELS: Record<ActivityAction, string>;
+/** One audit-trail entry: who did what, when. */
+interface ActivityLog {
+    id: string;
+    actorId: string | null;
+    actorUsername: string | null;
+    action: string;
+    summary: string;
+    targetType?: string;
+    targetId?: string;
+    createdAt: string;
+}
+/** What the app records for an event (id + createdAt are assigned by the store). */
+interface NewActivityInput {
+    actorId?: string | null;
+    actorUsername?: string | null;
+    action: ActivityAction;
+    summary: string;
+    targetType?: string;
+    targetId?: string;
+}
+/** Filter for an activity-log query. */
+interface ActivityFilter {
+    action?: string;
+    actorId?: string;
+    fromISO?: string;
+    toISO?: string;
+    limit?: number;
+}
 
-export type { IssuedViolation, Officer, Payment, PaymentMethod, PaymentStatus, Ticket, TicketRecord, TicketStatus, ViolationCatalogItem, ViolationCategory, Violator };
+export { ACTIVITY_ACTIONS, ACTIVITY_ACTION_LABELS, ALL_PERMISSIONS, type ActivityAction, type ActivityFilter, type ActivityLog, DEFAULT_ROLE_NAME, type IssuedViolation, type NewActivityInput, type NewOfficerInput, type NewRoleInput, type NewUserInput, type Officer, PERMISSION_CATALOG, type Payment, type PaymentMethod, type PaymentStatus, type Permission, type PermissionDef, type RoleDef, SUPER_ADMIN_LOCKED_PERMISSIONS, SYSTEM_ROLES, type Ticket, type TicketRecord, type TicketStatus, type UserAccount, type ViolationCatalogItem, type ViolationCategory, type Violator, hasPermission };

package/dist/types.js

@@ -1 +1 @@
-
+export { ACTIVITY_ACTIONS, ACTIVITY_ACTION_LABELS, ALL_PERMISSIONS, DEFAULT_ROLE_NAME, PERMISSION_CATALOG, SUPER_ADMIN_LOCKED_PERMISSIONS, SYSTEM_ROLES, hasPermission } from './chunk-IS3THKTE.js';

package/dist/ui-components-admin/accounts-manager.d.ts

@@ -0,0 +1,52 @@
+import * as React from 'react';
+import { UserAccount, Officer, RoleDef } from '../types.js';
+
+/**
+ * Account management UI (GE-013). Super admins create & manage who can sign in to
+ * the enforcer portal; each account's role decides what it can see/do. The server
+ * actions (create / activate / reset password) are INJECTED by the page so this
+ * component stays free of any app-specific data wiring — mirrors IssuanceForm.
+ *
+ * Online-only: account management needs the server (argon2 + DB). After a mutation
+ * we refresh the route so the server-rendered list reflects the change.
+ */
+
+/** What the create form submits — the page hashes the password server-side. */
+interface CreateAccountInput {
+    username: string;
+    password: string;
+    role: string;
+    officerId: string | null;
+}
+type CreateAccountAction = (input: CreateAccountInput) => Promise<{
+    error?: string;
+} | void>;
+type SetAccountActiveAction = (id: string, active: boolean) => Promise<{
+    error?: string;
+} | void>;
+type ResetAccountPasswordAction = (id: string, password: string) => Promise<{
+    error?: string;
+} | void>;
+interface EditAccountInput {
+    username?: string;
+    role?: string;
+    officerId?: string | null;
+}
+type EditAccountAction = (id: string, patch: EditAccountInput) => Promise<{
+    error?: string;
+} | void>;
+interface AccountsManagerProps {
+    users: UserAccount[];
+    officers: Officer[];
+    /** Roles assignable to accounts (system + custom). */
+    roles: RoleDef[];
+    /** The signed-in user's id — so they can't deactivate their own account. */
+    currentUserId?: string;
+    createAction: CreateAccountAction;
+    editAction: EditAccountAction;
+    setActiveAction: SetAccountActiveAction;
+    resetPasswordAction: ResetAccountPasswordAction;
+}
+declare function AccountsManager({ users, officers, roles, currentUserId, createAction, editAction, setActiveAction, resetPasswordAction, }: AccountsManagerProps): React.JSX.Element;
+
+export { AccountsManager, type AccountsManagerProps, type CreateAccountAction, type CreateAccountInput, type EditAccountAction, type EditAccountInput, type ResetAccountPasswordAction, type SetAccountActiveAction };