@panguard-ai/panguard-auth 0.1.0

package/dist/openapi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.js","sourceRoot":"","sources":["../src/openapi.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ,KAAK,EAAE,iBAAiB;YACxB,OAAO,EAAE,OAAO;YAChB,WAAW,EACT,gHAAgH;YAClH,OAAO,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,GAAG,EAAE,qBAAqB,EAAE;YACrE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,iCAAiC,EAAE;SACrE;QACD,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;QAC/D,IAAI,EAAE;YACJ,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,uCAAuC,EAAE;YACtE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,gCAAgC,EAAE;YAClE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,0CAA0C,EAAE;YAC5E,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,0BAA0B,EAAE;YAC1D,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,qBAAqB,EAAE;YACxD,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE;YACrD,EAAE,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE,yBAAyB,EAAE;SACjE;QACD,UAAU,EAAE;YACV,eAAe,EAAE;gBACf,UAAU,EAAE;oBACV,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,QAAQ;oBAChB,YAAY,EAAE,eAAe;iBAC9B;aACF;YACD,OAAO,EAAE;gBACP,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;wBACvC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;qBAC1B;iBACF;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBACvB,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;wBAC1C,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACxB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE;wBACjD,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE;wBACtF,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE;wBAClD,aAAa,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE;qBACvE;iBACF;gBACD,YAAY,EAAE;oBACZ,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBAC5B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,oBAAoB,EAAE;wBAC7D,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE;qBAC1D;iBACF;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC5B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC1B,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC9B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;qBAC7B;iBACF;aACF;SACF;QACD,KAAK,EAAE;YACL,SAAS,EAAE;gBACT,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,QAAQ,CAAC;oBAChB,OAAO,EAAE,cAAc;oBACvB,SAAS,EAAE;wBACT,GAAG,EAAE;4BACH,WAAW,EAAE,oBAAoB;4BACjC,OAAO,EAAE;gCACP,kBAAkB,EAAE;oCAClB,MAAM,EAAE;wCACN,IAAI,EAAE,QAAQ;wCACd,UAAU,EAAE;4CACV,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;4CACvB,IAAI,EAAE;gDACJ,IAAI,EAAE,QAAQ;gDACd,UAAU,EAAE;oDACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oDAC1B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iDAC3B;6CACF;yCACF;qCACF;iCACF;6BACF;yBACF;qBACF;iBACF;aACF;YAED,aAAa;YACb,oBAAoB,EAAE;gBACpB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,MAAM,CAAC;oBACd,OAAO,EAAE,wBAAwB;oBACjC,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC;oCACvC,UAAU,EAAE;wCACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;wCAC1C,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;wCAC1C,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;qCACzB;iCACF;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE;wBACvC,GAAG,EAAE,EAAE,WAAW,EAAE,kBAAkB,EAAE;wBACxC,GAAG,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;wBAChD,GAAG,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE;qBAC5C;iBACF;aACF;YACD,iBAAiB,EAAE;gBACjB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,MAAM,CAAC;oBACd,OAAO,EAAE,gCAAgC;oBACzC,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;oCAC/B,UAAU,EAAE;wCACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;wCAC1C,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wCAC5B,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oCAAoC,EAAE;wCAC/E,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8BAA8B,EAAE;qCAC5E;iCACF;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,kCAAkC,EAAE;wBACxD,GAAG,EAAE,EAAE,WAAW,EAAE,wCAAwC,EAAE;wBAC9D,GAAG,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE;wBAC3C,GAAG,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE;qBAC5C;iBACF;aACF;YACD,kBAAkB,EAAE;gBAClB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,MAAM,CAAC;oBACd,OAAO,EAAE,4BAA4B;oBACrC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE,EAAE;iBAC3D;aACF;YACD,cAAc,EAAE;gBACd,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,MAAM,CAAC;oBACd,OAAO,EAAE,0BAA0B;oBACnC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE;wBACT,GAAG,EAAE;4BACH,WAAW,EAAE,cAAc;4BAC3B,OAAO,EAAE;gCACP,kBAAkB,EAAE;oCAClB,MAAM,EAAE;wCACN,IAAI,EAAE,QAAQ;wCACd,UAAU,EAAE;4CACV,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;4CACvB,IAAI,EAAE;gDACJ,IAAI,EAAE,QAAQ;gDACd,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,2BAA2B,EAAE,EAAE;6CAC5D;yCACF;qCACF;iCACF;6BACF;yBACF;wBACD,GAAG,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;qBAC1C;iBACF;aACF;YACD,2BAA2B,EAAE;gBAC3B,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,MAAM,CAAC;oBACd,OAAO,EAAE,8BAA8B;oBACvC,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,OAAO,CAAC;oCACnB,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE;iCAC3D;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,4DAA4D,EAAE;qBACnF;iBACF;aACF;YACD,0BAA0B,EAAE;gBAC1B,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,MAAM,CAAC;oBACd,OAAO,EAAE,2BAA2B;oBACpC,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;oCAC/B,UAAU,EAAE;wCACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wCACzB,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;qCAC3C;iCACF;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,2BAA2B,EAAE;wBACjD,GAAG,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;qBACjD;iBACF;aACF;YAED,4BAA4B;YAC5B,0BAA0B,EAAE;gBAC1B,MAAM,EAAE;oBACN,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,oCAAoC;oBAC7C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,UAAU,CAAC;oCACtB,UAAU,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iCAC7C;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE;wBACvC,GAAG,EAAE,EAAE,WAAW,EAAE,kBAAkB,EAAE;qBACzC;iBACF;aACF;YACD,uBAAuB,EAAE;gBACvB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,6BAA6B;oBACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,8BAA8B,EAAE,EAAE;iBACpE;aACF;YACD,sBAAsB,EAAE;gBACtB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,oCAAoC;oBAC7C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,0CAA0C,EAAE,EAAE;iBAChF;aACF;YACD,uBAAuB,EAAE;gBACvB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,gCAAgC;oBACzC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,MAAM,CAAC;oCAClB,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE;iCAC9D;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE;iBACzF;aACF;YACD,wBAAwB,EAAE;gBACxB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,aAAa;oBACtB,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,UAAU,CAAC;oCACtB,UAAU,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iCAC7C;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE;iBACpD;aACF;YACD,uBAAuB,EAAE;gBACvB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,kBAAkB;oBAC3B,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,mDAAmD,EAAE,EAAE;iBACzF;aACF;YAED,gBAAgB;YAChB,uBAAuB,EAAE;gBACvB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,yCAAyC;oBAClD,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,UAAU,EAAE;wCACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE;wCAC3D,SAAS,EAAE;4CACT,IAAI,EAAE,QAAQ;4CACd,WAAW,EAAE,gDAAgD;yCAC9D;qCACF;iCACF;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,sBAAsB,EAAE;wBAC5C,GAAG,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE;wBAC/C,GAAG,EAAE,EAAE,WAAW,EAAE,wBAAwB,EAAE;qBAC/C;iBACF;aACF;YACD,qBAAqB,EAAE;gBACrB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,wCAAwC;oBACjD,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,oBAAoB,EAAE;wBAC1C,GAAG,EAAE,EAAE,WAAW,EAAE,wBAAwB,EAAE;qBAC/C;iBACF;aACF;YACD,qBAAqB,EAAE;gBACrB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,4BAA4B;oBACrC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,uCAAuC,EAAE,EAAE;iBAC7E;aACF;YACD,sBAAsB,EAAE;gBACtB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,SAAS,CAAC;oBACjB,OAAO,EAAE,+BAA+B;oBACxC,WAAW,EAAE,oEAAoE;oBACjF,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE,EAAE;iBACzD;aACF;YAED,cAAc;YACd,YAAY,EAAE;gBACZ,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,OAAO,CAAC;oBACf,OAAO,EAAE,oCAAoC;oBAC7C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE;wBACT,GAAG,EAAE;4BACH,WAAW,EAAE,eAAe;4BAC5B,OAAO,EAAE;gCACP,kBAAkB,EAAE;oCAClB,MAAM,EAAE;wCACN,IAAI,EAAE,QAAQ;wCACd,UAAU,EAAE;4CACV,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;4CACvB,IAAI,EAAE;gDACJ,IAAI,EAAE,QAAQ;gDACd,UAAU,EAAE;oDACV,KAAK,EAAE;wDACL,IAAI,EAAE,OAAO;wDACb,KAAK,EAAE,EAAE,IAAI,EAAE,mCAAmC,EAAE;qDACrD;oDACD,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iDACzB;6CACF;yCACF;qCACF;iCACF;6BACF;yBACF;qBACF;iBACF;aACF;YACD,mBAAmB,EAAE;gBACnB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,OAAO,CAAC;oBACf,OAAO,EAAE,mCAAmC;oBAC5C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE;iBACpD;aACF;YACD,kBAAkB,EAAE;gBAClB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,OAAO,CAAC;oBACf,OAAO,EAAE,4CAA4C;oBACrD,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,UAAU,CAAC;oCACtB,UAAU,EAAE;wCACV,QAAQ,EAAE;4CACR,IAAI,EAAE,QAAQ;4CACd,IAAI,EAAE;gDACJ,MAAM;gDACN,iBAAiB;gDACjB,SAAS;gDACT,WAAW;gDACX,eAAe;gDACf,gBAAgB;6CACjB;yCACF;qCACF;iCACF;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE;wBACT,GAAG,EAAE;4BACH,WAAW,EAAE,oBAAoB;4BACjC,OAAO,EAAE;gCACP,kBAAkB,EAAE;oCAClB,MAAM,EAAE;wCACN,IAAI,EAAE,QAAQ;wCACd,UAAU,EAAE;4CACV,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;4CACvB,IAAI,EAAE,EAAE,IAAI,EAAE,iCAAiC,EAAE;yCAClD;qCACF;iCACF;6BACF;yBACF;qBACF;iBACF;aACF;YACD,mBAAmB,EAAE;gBACnB,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,OAAO,CAAC;oBACf,OAAO,EAAE,6BAA6B;oBACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,WAAW,EAAE;wBACX,QAAQ,EAAE,IAAI;wBACd,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,MAAM,EAAE;oCACN,IAAI,EAAE,QAAQ;oCACd,QAAQ,EAAE,CAAC,UAAU,CAAC;oCACtB,UAAU,EAAE;wCACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wCAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE;qCACvC;iCACF;6BACF;yBACF;qBACF;oBACD,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;wBACtC,GAAG,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;qBACvC;iBACF;aACF;YAED,cAAc;YACd,sBAAsB,EAAE;gBACtB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,OAAO,CAAC;oBACf,OAAO,EAAE,0BAA0B;oBACnC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE;wBACvC,GAAG,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;qBACvC;iBACF;aACF;YACD,kBAAkB,EAAE;gBAClB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,OAAO,CAAC;oBACf,OAAO,EAAE,gBAAgB;oBACzB,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE,EAAE;iBACzF;aACF;YACD,qBAAqB,EAAE;gBACrB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,OAAO,CAAC;oBACf,OAAO,EAAE,sBAAsB;oBAC/B,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;wBACpC,GAAG,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;qBACvC;iBACF;aACF;YACD,qBAAqB,EAAE;gBACrB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,OAAO,CAAC;oBACf,OAAO,EAAE,yBAAyB;oBAClC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;oBAC9B,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;wBACtC,GAAG,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;qBACvC;iBACF;aACF;YAED,qBAAqB;YACrB,cAAc,EAAE;gBACd,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,cAAc,CAAC;oBACtB,OAAO,EAAE,+BAA+B;oBACxC,WAAW,EAAE,8DAA8D;oBAC3E,SAAS,EAAE;wBACT,GAAG,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE;wBACvC,GAAG,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;qBACrC;iBACF;aACF;YACD,WAAW,EAAE;gBACX,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,cAAc,CAAC;oBACtB,OAAO,EAAE,iCAAiC;oBAC1C,UAAU,EAAE;wBACV;4BACE,IAAI,EAAE,MAAM;4BACZ,EAAE,EAAE,OAAO;4BACX,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4BAC1B,WAAW,EAAE,iBAAiB;yBAC/B;wBACD,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE;wBACxE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;qBACzE;oBACD,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE,EAAE;iBAChE;aACF;YACD,YAAY,EAAE;gBACZ,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,cAAc,CAAC;oBACtB,OAAO,EAAE,uBAAuB;oBAChC,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,yBAAyB,EAAE,EAAE;iBAC/D;aACF;YACD,YAAY,EAAE;gBACZ,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,cAAc,CAAC;oBACtB,OAAO,EAAE,iCAAiC;oBAC1C,UAAU,EAAE;wBACV,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE;qBAChF;oBACD,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,8BAA8B,EAAE,EAAE;iBACpE;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,CAAC,cAAc,CAAC;oBACtB,OAAO,EAAE,0BAA0B;oBACnC,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE,EAAE;iBACtD;aACF;YACD,yBAAyB,EAAE;gBACzB,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,cAAc,CAAC;oBACtB,OAAO,EAAE,mBAAmB;oBAC5B,WAAW,EAAE,6CAA6C;oBAC1D,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,gCAAgC,EAAE,EAAE;iBACtE;aACF;YACD,6BAA6B,EAAE;gBAC7B,GAAG,EAAE;oBACH,IAAI,EAAE,CAAC,cAAc,CAAC;oBACtB,OAAO,EAAE,uBAAuB;oBAChC,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,2BAA2B,EAAE,EAAE;iBACjE;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAkDK,OAAO;;;;;;;;QAQb,CAAC;AACT,CAAC"}

package/dist/rate-limiter.d.ts

@@ -0,0 +1,46 @@
+/**
+ * In-memory sliding-window rate limiter
+ * 記憶體內滑動視窗速率限制器
+ *
+ * Zero external dependencies. Uses a Map with automatic cleanup.
+ *
+ * @module @panguard-ai/panguard-auth/rate-limiter
+ */
+/** Rate limiter configuration */
+export interface RateLimitConfig {
+    /** Time window in milliseconds */
+    readonly windowMs: number;
+    /** Maximum requests allowed within the window */
+    readonly maxRequests: number;
+}
+/** Result of a rate limit check */
+export interface RateLimitResult {
+    readonly allowed: boolean;
+    /** Milliseconds until the window resets (0 if allowed) */
+    readonly retryAfterMs: number;
+    /** Remaining requests in the current window */
+    readonly remaining: number;
+}
+/**
+ * Sliding-window rate limiter backed by an in-memory Map.
+ *
+ * Automatically cleans up expired buckets every 5 minutes.
+ * Call `destroy()` when the limiter is no longer needed.
+ */
+export declare class RateLimiter {
+    private readonly config;
+    private readonly buckets;
+    private readonly cleanupTimer;
+    constructor(config: RateLimitConfig);
+    /**
+     * Check whether a request from `key` is allowed.
+     *
+     * @param key - Identifier (typically IP address or IP+email)
+     */
+    check(key: string): RateLimitResult;
+    /** Remove expired buckets to prevent memory growth */
+    private cleanup;
+    /** Stop the cleanup timer */
+    destroy(): void;
+}
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/rate-limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../src/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,iCAAiC;AACjC,MAAM,WAAW,eAAe;IAC9B,kCAAkC;IAClC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,iDAAiD;IACjD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,mCAAmC;AACnC,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,0DAA0D;IAC1D,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,+CAA+C;IAC/C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAOD;;;;;GAKG;AACH,qBAAa,WAAW;IAIV,OAAO,CAAC,QAAQ,CAAC,MAAM;IAHnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAiC;gBAEjC,MAAM,EAAE,eAAe;IAKpD;;;;OAIG;IACH,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe;IAwBnC,sDAAsD;IACtD,OAAO,CAAC,OAAO;IAOf,6BAA6B;IAC7B,OAAO,IAAI,IAAI;CAIhB"}

package/dist/rate-limiter.js

@@ -0,0 +1,64 @@
+/**
+ * In-memory sliding-window rate limiter
+ * 記憶體內滑動視窗速率限制器
+ *
+ * Zero external dependencies. Uses a Map with automatic cleanup.
+ *
+ * @module @panguard-ai/panguard-auth/rate-limiter
+ */
+/**
+ * Sliding-window rate limiter backed by an in-memory Map.
+ *
+ * Automatically cleans up expired buckets every 5 minutes.
+ * Call `destroy()` when the limiter is no longer needed.
+ */
+export class RateLimiter {
+    config;
+    buckets = new Map();
+    cleanupTimer;
+    constructor(config) {
+        this.config = config;
+        this.cleanupTimer = setInterval(() => this.cleanup(), 5 * 60 * 1000);
+        if (this.cleanupTimer.unref)
+            this.cleanupTimer.unref();
+    }
+    /**
+     * Check whether a request from `key` is allowed.
+     *
+     * @param key - Identifier (typically IP address or IP+email)
+     */
+    check(key) {
+        const now = Date.now();
+        const bucket = this.buckets.get(key);
+        // New bucket or expired window
+        if (!bucket || now >= bucket.resetAt) {
+            this.buckets.set(key, { count: 1, resetAt: now + this.config.windowMs });
+            return { allowed: true, retryAfterMs: 0, remaining: this.config.maxRequests - 1 };
+        }
+        // Within window but under limit
+        if (bucket.count < this.config.maxRequests) {
+            bucket.count++;
+            return { allowed: true, retryAfterMs: 0, remaining: this.config.maxRequests - bucket.count };
+        }
+        // Over limit
+        return {
+            allowed: false,
+            retryAfterMs: bucket.resetAt - now,
+            remaining: 0,
+        };
+    }
+    /** Remove expired buckets to prevent memory growth */
+    cleanup() {
+        const now = Date.now();
+        for (const [key, bucket] of this.buckets) {
+            if (now >= bucket.resetAt)
+                this.buckets.delete(key);
+        }
+    }
+    /** Stop the cleanup timer */
+    destroy() {
+        clearInterval(this.cleanupTimer);
+        this.buckets.clear();
+    }
+}
+//# sourceMappingURL=rate-limiter.js.map

package/dist/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../src/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAwBH;;;;;GAKG;AACH,MAAM,OAAO,WAAW;IAIO;IAHZ,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IACpC,YAAY,CAAiC;IAE9D,YAA6B,MAAuB;QAAvB,WAAM,GAAN,MAAM,CAAiB;QAClD,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACrE,IAAI,IAAI,CAAC,YAAY,CAAC,KAAK;YAAE,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IACzD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAW;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAErC,+BAA+B;QAC/B,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YACzE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;QACpF,CAAC;QAED,gCAAgC;QAChC,IAAI,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;QAC/F,CAAC;QAED,aAAa;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,YAAY,EAAE,MAAM,CAAC,OAAO,GAAG,GAAG;YAClC,SAAS,EAAE,CAAC;SACb,CAAC;IACJ,CAAC;IAED,sDAAsD;IAC9C,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACzC,IAAI,GAAG,IAAI,MAAM,CAAC,OAAO;gBAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,OAAO;QACL,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACjC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;CACF"}

package/dist/routes/admin.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Admin route handlers:
+ * handleAdminUsers, handleAdminUpdateTier, handleAdminUpdateRole, handleAdminStats,
+ * handleAdminDashboard, handleAdminUsersSearch, handleAdminSessions,
+ * handleAdminSessionRevoke, handleAdminActivity, handleAdminAuditLog,
+ * handleAdminAuditActions, handleAdminUsageOverview, handleAdminUsageUser,
+ * handleAdminUserDetail, handleAdminUserSuspend, handleAdminBulkAction.
+ * @module @panguard-ai/panguard-auth/routes/admin
+ */
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { RouteContext } from './shared.js';
+export declare function createAdminRoutes(ctx: RouteContext): {
+    handleAdminUsers: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminUpdateTier: (req: IncomingMessage, res: ServerResponse, userId: string) => Promise<void>;
+    handleAdminUpdateRole: (req: IncomingMessage, res: ServerResponse, userId: string) => Promise<void>;
+    handleAdminStats: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminDashboard: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminUsersSearch: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminSessions: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminSessionRevoke: (req: IncomingMessage, res: ServerResponse, sessionId: string) => void;
+    handleAdminActivity: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminAuditLog: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminAuditActions: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminUsageOverview: (req: IncomingMessage, res: ServerResponse) => void;
+    handleAdminUsageUser: (req: IncomingMessage, res: ServerResponse, userId: string) => void;
+    handleAdminUserDetail: (req: IncomingMessage, res: ServerResponse, userId: string) => void;
+    handleAdminUserSuspend: (req: IncomingMessage, res: ServerResponse, userId: string) => Promise<void>;
+    handleAdminBulkAction: (req: IncomingMessage, res: ServerResponse) => Promise<void>;
+};
+//# sourceMappingURL=admin.d.ts.map

package/dist/routes/admin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../src/routes/admin.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAKjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGhD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,YAAY;4BAGlB,eAAe,OAAO,cAAc,KAAG,IAAI;iCAiBnE,eAAe,OACf,cAAc,UACX,MAAM,KACb,OAAO,CAAC,IAAI,CAAC;iCAuDT,eAAe,OACf,cAAc,UACX,MAAM,KACb,OAAO,CAAC,IAAI,CAAC;4BA+Ce,eAAe,OAAO,cAAc,KAAG,IAAI;gCAiBvC,eAAe,OAAO,cAAc,KAAG,IAAI;kCAczC,eAAe,OAAO,cAAc,KAAG,IAAI;+BAgB9C,eAAe,OAAO,cAAc,KAAG,IAAI;oCAetE,eAAe,OACf,cAAc,aACR,MAAM,KAChB,IAAI;+BAkB2B,eAAe,OAAO,cAAc,KAAG,IAAI;+BAgB3C,eAAe,OAAO,cAAc,KAAG,IAAI;mCA+BvC,eAAe,OAAO,cAAc,KAAG,IAAI;oCAa1C,eAAe,OAAO,cAAc,KAAG,IAAI;gCA2E/C,eAAe,OAAO,cAAc,UAAU,MAAM,KAAG,IAAI;iCAmC1D,eAAe,OAAO,cAAc,UAAU,MAAM,KAAG,IAAI;kCA4CxF,eAAe,OACf,cAAc,UACX,MAAM,KACb,OAAO,CAAC,IAAI,CAAC;iCAyC0B,eAAe,OAAO,cAAc,KAAG,OAAO,CAAC,IAAI,CAAC;EA4G/F"}

package/dist/routes/admin.js

@@ -0,0 +1,490 @@
+/**
+ * Admin route handlers:
+ * handleAdminUsers, handleAdminUpdateTier, handleAdminUpdateRole, handleAdminStats,
+ * handleAdminDashboard, handleAdminUsersSearch, handleAdminSessions,
+ * handleAdminSessionRevoke, handleAdminActivity, handleAdminAuditLog,
+ * handleAdminAuditActions, handleAdminUsageOverview, handleAdminUsageUser,
+ * handleAdminUserDetail, handleAdminUserSuspend, handleAdminBulkAction.
+ * @module @panguard-ai/panguard-auth/routes/admin
+ */
+import { authenticateRequest, requireAdmin } from '../middleware.js';
+import { logAuditEvent } from '@panguard-ai/security-hardening';
+import { getUsageSummary, getQuotaLimits, currentPeriod } from '../usage-meter.js';
+import { readBody, json, toPublicUser } from './shared.js';
+export function createAdminRoutes(ctx) {
+    const { db } = ctx;
+    function handleAdminUsers(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const users = db.getAllUsersAdmin();
+        json(res, 200, { ok: true, data: users });
+    }
+    async function handleAdminUpdateTier(req, res, userId) {
+        if (req.method !== 'PATCH') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const result = await readBody(req);
+        if (!result.ok) {
+            json(res, result.status, { ok: false, error: 'Invalid JSON body' });
+            return;
+        }
+        const { tier } = result.data;
+        const validTiers = ['community', 'solo', 'pro', 'business', 'enterprise'];
+        if (typeof tier !== 'string' || !validTiers.includes(tier)) {
+            json(res, 400, {
+                ok: false,
+                error: `Invalid tier. Must be one of: ${validTiers.join(', ')}`,
+            });
+            return;
+        }
+        const target = db.getUserById(Number(userId));
+        if (!target) {
+            json(res, 404, { ok: false, error: 'User not found' });
+            return;
+        }
+        const oldTier = target.tier;
+        db.updateUserTier(target.id, tier);
+        // Audit log
+        db.addAuditLog('tier_change', user.id, target.id, JSON.stringify({ from: oldTier, to: tier }));
+        logAuditEvent({
+            level: 'info',
+            action: 'policy_check',
+            target: `user:${target.id}`,
+            result: 'success',
+            context: { details: `Tier changed: ${oldTier} -> ${tier}` },
+        });
+        // Invalidate all sessions for this user so they pick up the new tier
+        db.deleteSessionsByUserId(target.id);
+        const updated = db.getUserById(target.id);
+        json(res, 200, { ok: true, data: toPublicUser(updated) });
+    }
+    async function handleAdminUpdateRole(req, res, userId) {
+        if (req.method !== 'PATCH') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const result = await readBody(req);
+        if (!result.ok) {
+            json(res, result.status, { ok: false, error: 'Invalid JSON body' });
+            return;
+        }
+        const { role } = result.data;
+        if (typeof role !== 'string' || !['user', 'admin'].includes(role)) {
+            json(res, 400, { ok: false, error: 'Invalid role. Must be "user" or "admin"' });
+            return;
+        }
+        const target = db.getUserById(Number(userId));
+        if (!target) {
+            json(res, 404, { ok: false, error: 'User not found' });
+            return;
+        }
+        const oldRole = target.role;
+        db.updateUserRole(target.id, role);
+        // Audit log
+        db.addAuditLog('role_change', user.id, target.id, JSON.stringify({ from: oldRole, to: role }));
+        logAuditEvent({
+            level: 'info',
+            action: 'policy_check',
+            target: `user:${target.id}`,
+            result: 'success',
+            context: { details: `Role changed: ${oldRole} -> ${role}` },
+        });
+        const updated = db.getUserById(target.id);
+        json(res, 200, { ok: true, data: toPublicUser(updated) });
+    }
+    function handleAdminStats(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const userStats = db.getUserStats();
+        const waitlistStats = db.getWaitlistStats();
+        json(res, 200, { ok: true, data: { users: userStats, waitlist: waitlistStats } });
+    }
+    function handleAdminDashboard(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const stats = db.getAdminDashboardStats();
+        json(res, 200, { ok: true, data: stats });
+    }
+    function handleAdminUsersSearch(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const urlObj = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
+        const q = urlObj.searchParams.get('q') ?? '';
+        const users = q ? db.searchUsers(q) : db.getAllUsersAdmin();
+        json(res, 200, { ok: true, data: users });
+    }
+    function handleAdminSessions(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const sessions = db.getActiveSessions();
+        json(res, 200, { ok: true, data: sessions });
+    }
+    function handleAdminSessionRevoke(req, res, sessionId) {
+        if (req.method !== 'DELETE') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const deleted = db.deleteSessionById(Number(sessionId));
+        if (!deleted) {
+            json(res, 404, { ok: false, error: 'Session not found' });
+            return;
+        }
+        json(res, 200, { ok: true, data: { revoked: true } });
+    }
+    function handleAdminActivity(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const urlObj = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
+        const limit = Math.min(parseInt(urlObj.searchParams.get('limit') ?? '20', 10) || 20, 50);
+        const activity = db.getRecentActivity(limit);
+        json(res, 200, { ok: true, data: activity });
+    }
+    function handleAdminAuditLog(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const urlObj = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
+        const filter = {
+            action: urlObj.searchParams.get('action') || undefined,
+            actorId: urlObj.searchParams.has('actorId')
+                ? parseInt(urlObj.searchParams.get('actorId'), 10)
+                : undefined,
+            dateFrom: urlObj.searchParams.get('dateFrom') || undefined,
+            dateTo: urlObj.searchParams.get('dateTo') || undefined,
+            page: parseInt(urlObj.searchParams.get('page') ?? '1', 10) || 1,
+            perPage: parseInt(urlObj.searchParams.get('perPage') ?? '50', 10) || 50,
+        };
+        const result = db.getAuditLogFiltered(filter);
+        const actions = db.getDistinctAuditActions();
+        json(res, 200, {
+            ok: true,
+            data: { ...result, page: filter.page, perPage: filter.perPage, actions },
+        });
+    }
+    function handleAdminAuditActions(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        json(res, 200, { ok: true, data: db.getDistinctAuditActions() });
+    }
+    function handleAdminUsageOverview(req, res) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const user = authenticateRequest(req, db);
+        if (!requireAdmin(user)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const allUsers = db.getAllUsersAdmin();
+        const period = currentPeriod();
+        const byUser = [];
+        const nearQuota = [];
+        for (const u of allUsers) {
+            const summary = getUsageSummary(db, u.id, u.tier);
+            byUser.push({
+                userId: u.id,
+                email: u.email,
+                name: u.name,
+                tier: u.tier,
+                suspended: u.suspended,
+                usage: summary,
+            });
+            for (const s of summary) {
+                if (s.limit > 0 && s.percentage >= 80) {
+                    nearQuota.push({
+                        userId: u.id,
+                        email: u.email,
+                        tier: u.tier,
+                        resource: s.resource,
+                        current: s.current,
+                        limit: s.limit,
+                        percentage: s.percentage,
+                    });
+                }
+            }
+        }
+        // Aggregate by tier
+        const byTier = {};
+        for (const u of byUser) {
+            if (!byTier[u.tier]) {
+                byTier[u.tier] = { userCount: 0, resources: {} };
+            }
+            const tierEntry = byTier[u.tier];
+            tierEntry.userCount++;
+            for (const s of u.usage) {
+                tierEntry.resources[s.resource] = (tierEntry.resources[s.resource] ?? 0) + s.current;
+            }
+        }
+        json(res, 200, {
+            ok: true,
+            data: { byUser, nearQuota, byTier, period },
+        });
+    }
+    function handleAdminUsageUser(req, res, userId) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const admin = authenticateRequest(req, db);
+        if (!requireAdmin(admin)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const targetUser = db.getUserById(parseInt(userId, 10));
+        if (!targetUser) {
+            json(res, 404, { ok: false, error: 'User not found' });
+            return;
+        }
+        const summary = getUsageSummary(db, targetUser.id, targetUser.tier);
+        const history = db.getUserUsage(targetUser.id);
+        json(res, 200, {
+            ok: true,
+            data: {
+                user: {
+                    id: targetUser.id,
+                    email: targetUser.email,
+                    name: targetUser.name,
+                    tier: targetUser.tier,
+                },
+                usage: summary,
+                history,
+            },
+        });
+    }
+    function handleAdminUserDetail(req, res, userId) {
+        if (req.method !== 'GET') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const admin = authenticateRequest(req, db);
+        if (!requireAdmin(admin)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const detail = db.getUserDetailById(parseInt(userId, 10));
+        if (!detail) {
+            json(res, 404, { ok: false, error: 'User not found' });
+            return;
+        }
+        // Enrich usage with quota limits
+        const limits = getQuotaLimits(detail.user.tier);
+        const usage = detail.usage.map((u) => {
+            const limit = limits[u.resource] ?? -1;
+            const current = u.count;
+            return {
+                resource: u.resource,
+                current,
+                limit,
+                percentage: limit > 0 ? Math.round((current / limit) * 100) : 0,
+            };
+        });
+        json(res, 200, {
+            ok: true,
+            data: {
+                user: detail.user,
+                subscription: detail.subscription,
+                usage,
+                sessions: detail.sessions,
+                recentAudit: detail.recentAudit,
+                twoFactor: { enabled: detail.totpEnabled },
+            },
+        });
+    }
+    async function handleAdminUserSuspend(req, res, userId) {
+        if (req.method !== 'PATCH') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const admin = authenticateRequest(req, db);
+        if (!requireAdmin(admin)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const body = await readBody(req);
+        if (!body.ok) {
+            json(res, body.status, { ok: false, error: 'Invalid JSON body' });
+            return;
+        }
+        const targetId = parseInt(userId, 10);
+        if (targetId === admin.id) {
+            json(res, 400, { ok: false, error: 'Cannot suspend your own account' });
+            return;
+        }
+        const suspended = body.data['suspended'] === true;
+        if (suspended) {
+            db.suspendUser(targetId);
+        }
+        else {
+            db.unsuspendUser(targetId);
+        }
+        db.addAuditLog(suspended ? 'user_suspended' : 'user_unsuspended', admin.id, targetId, JSON.stringify({ suspended }));
+        json(res, 200, { ok: true, data: { id: targetId, suspended } });
+    }
+    async function handleAdminBulkAction(req, res) {
+        if (req.method !== 'POST') {
+            json(res, 405, { ok: false, error: 'Method not allowed' });
+            return;
+        }
+        const admin = authenticateRequest(req, db);
+        if (!requireAdmin(admin)) {
+            json(res, 403, { ok: false, error: 'Admin access required' });
+            return;
+        }
+        const body = await readBody(req);
+        if (!body.ok) {
+            json(res, body.status, { ok: false, error: 'Invalid JSON body' });
+            return;
+        }
+        const { userIds, action, value } = body.data;
+        if (!Array.isArray(userIds) || userIds.length === 0) {
+            json(res, 400, { ok: false, error: 'userIds array is required' });
+            return;
+        }
+        if (userIds.length > 100) {
+            json(res, 400, { ok: false, error: 'Maximum 100 users per bulk action' });
+            return;
+        }
+        const validActions = ['change_tier', 'change_role', 'suspend', 'unsuspend'];
+        if (!action || !validActions.includes(action)) {
+            json(res, 400, { ok: false, error: `action must be one of: ${validActions.join(', ')}` });
+            return;
+        }
+        const validTiers = ['community', 'solo', 'pro', 'business', 'enterprise'];
+        const validRoles = ['user', 'admin'];
+        if (action === 'change_tier' && (!value || !validTiers.includes(value))) {
+            json(res, 400, { ok: false, error: `value must be one of: ${validTiers.join(', ')}` });
+            return;
+        }
+        if (action === 'change_role' && (!value || !validRoles.includes(value))) {
+            json(res, 400, { ok: false, error: `value must be one of: ${validRoles.join(', ')}` });
+            return;
+        }
+        const results = [];
+        let processed = 0;
+        let failed = 0;
+        for (const uid of userIds) {
+            try {
+                if (uid === admin.id && (action === 'suspend' || action === 'change_role')) {
+                    results.push({ userId: uid, success: false, error: 'Cannot modify own account' });
+                    failed++;
+                    continue;
+                }
+                switch (action) {
+                    case 'change_tier':
+                        db.updateUserTier(uid, value);
+                        db.deleteSessionsByUserId(uid);
+                        break;
+                    case 'change_role':
+                        db.updateUserRole(uid, value);
+                        break;
+                    case 'suspend':
+                        db.suspendUser(uid);
+                        break;
+                    case 'unsuspend':
+                        db.unsuspendUser(uid);
+                        break;
+                }
+                db.addAuditLog(`bulk_${action}`, admin.id, uid, JSON.stringify({ action, value }));
+                results.push({ userId: uid, success: true });
+                processed++;
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                results.push({ userId: uid, success: false, error: msg });
+                failed++;
+            }
+        }
+        json(res, 200, { ok: true, data: { processed, failed, results } });
+    }
+    return {
+        handleAdminUsers,
+        handleAdminUpdateTier,
+        handleAdminUpdateRole,
+        handleAdminStats,
+        handleAdminDashboard,
+        handleAdminUsersSearch,
+        handleAdminSessions,
+        handleAdminSessionRevoke,
+        handleAdminActivity,
+        handleAdminAuditLog,
+        handleAdminAuditActions,
+        handleAdminUsageOverview,
+        handleAdminUsageUser,
+        handleAdminUserDetail,
+        handleAdminUserSuspend,
+        handleAdminBulkAction,
+    };
+}
+//# sourceMappingURL=admin.js.map