npm - @payez/next-mvp - Versions diffs - 3.0.0 - Mend

@payez/next-mvp 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (654) hide show

package/README.md +782 -0
package/dist/api/auth-handler.d.ts +67 -0
package/dist/api/auth-handler.js +397 -0
package/dist/api/index.d.ts +10 -0
package/dist/api/index.js +19 -0
package/dist/api-handlers/account/change-password.d.ts +9 -0
package/dist/api-handlers/account/change-password.js +112 -0
package/dist/api-handlers/account/masked-info.d.ts +2 -0
package/dist/api-handlers/account/masked-info.js +41 -0
package/dist/api-handlers/account/profile.d.ts +3 -0
package/dist/api-handlers/account/profile.js +63 -0
package/dist/api-handlers/account/recovery/initiate.d.ts +2 -0
package/dist/api-handlers/account/recovery/initiate.js +26 -0
package/dist/api-handlers/account/recovery/send-code.d.ts +2 -0
package/dist/api-handlers/account/recovery/send-code.js +28 -0
package/dist/api-handlers/account/recovery/verify-code.d.ts +2 -0
package/dist/api-handlers/account/recovery/verify-code.js +28 -0
package/dist/api-handlers/account/reset-password.d.ts +2 -0
package/dist/api-handlers/account/reset-password.js +26 -0
package/dist/api-handlers/account/send-code.d.ts +24 -0
package/dist/api-handlers/account/send-code.js +60 -0
package/dist/api-handlers/account/update-phone.d.ts +27 -0
package/dist/api-handlers/account/update-phone.js +64 -0
package/dist/api-handlers/account/validate-password.d.ts +17 -0
package/dist/api-handlers/account/validate-password.js +81 -0
package/dist/api-handlers/account/verify-email.d.ts +26 -0
package/dist/api-handlers/account/verify-email.js +106 -0
package/dist/api-handlers/account/verify-sms.d.ts +26 -0
package/dist/api-handlers/account/verify-sms.js +106 -0
package/dist/api-handlers/admin/analytics.d.ts +20 -0
package/dist/api-handlers/admin/analytics.js +379 -0
package/dist/api-handlers/admin/audit.d.ts +20 -0
package/dist/api-handlers/admin/audit.js +214 -0
package/dist/api-handlers/admin/index.d.ts +21 -0
package/dist/api-handlers/admin/index.js +41 -0
package/dist/api-handlers/admin/redis-sessions.d.ts +36 -0
package/dist/api-handlers/admin/redis-sessions.js +204 -0
package/dist/api-handlers/admin/sessions.d.ts +21 -0
package/dist/api-handlers/admin/sessions.js +284 -0
package/dist/api-handlers/admin/site-logs.d.ts +46 -0
package/dist/api-handlers/admin/site-logs.js +318 -0
package/dist/api-handlers/admin/users.d.ts +20 -0
package/dist/api-handlers/admin/users.js +222 -0
package/dist/api-handlers/admin/vibe-data.d.ts +80 -0
package/dist/api-handlers/admin/vibe-data.js +268 -0
package/dist/api-handlers/anon/preferences.d.ts +37 -0
package/dist/api-handlers/anon/preferences.js +96 -0
package/dist/api-handlers/auth/jwks.d.ts +2 -0
package/dist/api-handlers/auth/jwks.js +24 -0
package/dist/api-handlers/auth/login.d.ts +42 -0
package/dist/api-handlers/auth/login.js +178 -0
package/dist/api-handlers/auth/refresh.d.ts +74 -0
package/dist/api-handlers/auth/refresh.js +635 -0
package/dist/api-handlers/auth/signout.d.ts +37 -0
package/dist/api-handlers/auth/signout.js +187 -0
package/dist/api-handlers/auth/status.d.ts +8 -0
package/dist/api-handlers/auth/status.js +26 -0
package/dist/api-handlers/auth/update-session.d.ts +37 -0
package/dist/api-handlers/auth/update-session.js +95 -0
package/dist/api-handlers/auth/validate.d.ts +6 -0
package/dist/api-handlers/auth/validate.js +43 -0
package/dist/api-handlers/auth/verify-code.d.ts +43 -0
package/dist/api-handlers/auth/verify-code.js +94 -0
package/dist/api-handlers/session/refresh-viability.d.ts +14 -0
package/dist/api-handlers/session/refresh-viability.js +39 -0
package/dist/api-handlers/session/viability.d.ts +13 -0
package/dist/api-handlers/session/viability.js +146 -0
package/dist/api-handlers/test/force-expire.d.ts +23 -0
package/dist/api-handlers/test/force-expire.js +65 -0
package/dist/auth/auth-decision.d.ts +39 -0
package/dist/auth/auth-decision.js +182 -0
package/dist/auth/auth-options.d.ts +57 -0
package/dist/auth/auth-options.js +213 -0
package/dist/auth/callbacks/index.d.ts +6 -0
package/dist/auth/callbacks/index.js +12 -0
package/dist/auth/callbacks/jwt.d.ts +45 -0
package/dist/auth/callbacks/jwt.js +305 -0
package/dist/auth/callbacks/session.d.ts +60 -0
package/dist/auth/callbacks/session.js +170 -0
package/dist/auth/callbacks/signin.d.ts +23 -0
package/dist/auth/callbacks/signin.js +44 -0
package/dist/auth/events/index.d.ts +4 -0
package/dist/auth/events/index.js +8 -0
package/dist/auth/events/signout.d.ts +17 -0
package/dist/auth/events/signout.js +32 -0
package/dist/auth/providers/credentials.d.ts +32 -0
package/dist/auth/providers/credentials.js +223 -0
package/dist/auth/providers/index.d.ts +5 -0
package/dist/auth/providers/index.js +21 -0
package/dist/auth/providers/oauth.d.ts +26 -0
package/dist/auth/providers/oauth.js +105 -0
package/dist/auth/route-config.d.ts +66 -0
package/dist/auth/route-config.js +190 -0
package/dist/auth/types/auth-types.d.ts +417 -0
package/dist/auth/types/auth-types.js +53 -0
package/dist/auth/types/index.d.ts +6 -0
package/dist/auth/types/index.js +22 -0
package/dist/auth/unauthenticated-routes.d.ts +1 -0
package/dist/auth/unauthenticated-routes.js +19 -0
package/dist/auth/utils/idp-client.d.ts +94 -0
package/dist/auth/utils/idp-client.js +383 -0
package/dist/auth/utils/index.d.ts +5 -0
package/dist/auth/utils/index.js +21 -0
package/dist/auth/utils/token-utils.d.ts +84 -0
package/dist/auth/utils/token-utils.js +219 -0
package/dist/client/AuthContext.d.ts +19 -0
package/dist/client/AuthContext.js +112 -0
package/dist/client/fetch-with-auth.d.ts +11 -0
package/dist/client/fetch-with-auth.js +44 -0
package/dist/client/fetchWithSession.d.ts +3 -0
package/dist/client/fetchWithSession.js +24 -0
package/dist/client/index.d.ts +9 -0
package/dist/client/index.js +20 -0
package/dist/client/useAnonSession.d.ts +36 -0
package/dist/client/useAnonSession.js +99 -0
package/dist/components/SessionSync.d.ts +13 -0
package/dist/components/SessionSync.js +119 -0
package/dist/components/SignalRHealthCheck.d.ts +10 -0
package/dist/components/SignalRHealthCheck.js +97 -0
package/dist/components/account/UserAvatarMenu.d.ts +20 -0
package/dist/components/account/UserAvatarMenu.js +80 -0
package/dist/components/account/index.d.ts +7 -0
package/dist/components/account/index.js +10 -0
package/dist/components/admin/AlertSettingsTab.d.ts +48 -0
package/dist/components/admin/AlertSettingsTab.js +351 -0
package/dist/components/admin/AnalyticsTab.d.ts +22 -0
package/dist/components/admin/AnalyticsTab.js +167 -0
package/dist/components/admin/DataBrowserTab.d.ts +19 -0
package/dist/components/admin/DataBrowserTab.js +252 -0
package/dist/components/admin/LoggingSettingsTab.d.ts +73 -0
package/dist/components/admin/LoggingSettingsTab.js +339 -0
package/dist/components/admin/SessionsTab.d.ts +37 -0
package/dist/components/admin/SessionsTab.js +165 -0
package/dist/components/admin/StatsTab.d.ts +53 -0
package/dist/components/admin/StatsTab.js +161 -0
package/dist/components/admin/VibeAdminContext.d.ts +32 -0
package/dist/components/admin/VibeAdminContext.js +38 -0
package/dist/components/admin/VibeAdminLayout.d.ts +11 -0
package/dist/components/admin/VibeAdminLayout.js +69 -0
package/dist/components/admin/index.d.ts +29 -0
package/dist/components/admin/index.js +44 -0
package/dist/components/auth/FederatedAuthSection.d.ts +8 -0
package/dist/components/auth/FederatedAuthSection.js +45 -0
package/dist/components/auth/ModeAwareLoginPage.d.ts +10 -0
package/dist/components/auth/ModeAwareLoginPage.js +42 -0
package/dist/components/auth/ModeAwareSignupPage.d.ts +9 -0
package/dist/components/auth/ModeAwareSignupPage.js +78 -0
package/dist/components/auth/TraditionalAuthSection.d.ts +14 -0
package/dist/components/auth/TraditionalAuthSection.js +20 -0
package/dist/components/recovery/CompleteStep.d.ts +5 -0
package/dist/components/recovery/CompleteStep.js +8 -0
package/dist/components/recovery/InitiateRecoveryStep.d.ts +8 -0
package/dist/components/recovery/InitiateRecoveryStep.js +20 -0
package/dist/components/recovery/SelectMethodStep.d.ts +8 -0
package/dist/components/recovery/SelectMethodStep.js +8 -0
package/dist/components/recovery/SetPasswordStep.d.ts +6 -0
package/dist/components/recovery/SetPasswordStep.js +20 -0
package/dist/components/recovery/VerifyCodeStep.d.ts +10 -0
package/dist/components/recovery/VerifyCodeStep.js +24 -0
package/dist/components/reserved/ReservedRecoveryWarning.d.ts +38 -0
package/dist/components/reserved/ReservedRecoveryWarning.js +92 -0
package/dist/components/reserved/ReservedStatusBox.d.ts +30 -0
package/dist/components/reserved/ReservedStatusBox.js +71 -0
package/dist/components/ui/BetaBadge.d.ts +29 -0
package/dist/components/ui/BetaBadge.js +38 -0
package/dist/components/ui/Footer.d.ts +37 -0
package/dist/components/ui/Footer.js +41 -0
package/dist/config/env.d.ts +66 -0
package/dist/config/env.js +57 -0
package/dist/config/logger.d.ts +57 -0
package/dist/config/logger.js +73 -0
package/dist/config/logging-config.d.ts +30 -0
package/dist/config/logging-config.js +122 -0
package/dist/config/unauthenticated-routes.d.ts +17 -0
package/dist/config/unauthenticated-routes.js +24 -0
package/dist/config/vibe-log-transport.d.ts +79 -0
package/dist/config/vibe-log-transport.js +203 -0
package/dist/edge/internal-api-url.d.ts +53 -0
package/dist/edge/internal-api-url.js +63 -0
package/dist/edge/middleware.d.ts +14 -0
package/dist/edge/middleware.js +32 -0
package/dist/hooks/useAuth.d.ts +23 -0
package/dist/hooks/useAuth.js +81 -0
package/dist/hooks/useAuthSettings.d.ts +59 -0
package/dist/hooks/useAuthSettings.js +93 -0
package/dist/hooks/useAvailableProviders.d.ts +45 -0
package/dist/hooks/useAvailableProviders.js +108 -0
package/dist/hooks/usePasswordValidation.d.ts +27 -0
package/dist/hooks/usePasswordValidation.js +102 -0
package/dist/hooks/useProfile.d.ts +15 -0
package/dist/hooks/useProfile.js +59 -0
package/dist/hooks/usePublicAuthSettings.d.ts +56 -0
package/dist/hooks/usePublicAuthSettings.js +131 -0
package/dist/hooks/useSessionExpiration.d.ts +57 -0
package/dist/hooks/useSessionExpiration.js +72 -0
package/dist/hooks/useViabilitySession.d.ts +75 -0
package/dist/hooks/useViabilitySession.js +268 -0
package/dist/index.d.ts +12 -0
package/dist/index.js +54 -0
package/dist/lib/anon-session.d.ts +74 -0
package/dist/lib/anon-session.js +169 -0
package/dist/lib/api-handler.d.ts +123 -0
package/dist/lib/api-handler.js +478 -0
package/dist/lib/app-slug.d.ts +95 -0
package/dist/lib/app-slug.js +172 -0
package/dist/lib/demo-mode.d.ts +6 -0
package/dist/lib/demo-mode.js +16 -0
package/dist/lib/geolocation.d.ts +64 -0
package/dist/lib/geolocation.js +235 -0
package/dist/lib/idp-client-config.d.ts +75 -0
package/dist/lib/idp-client-config.js +351 -0
package/dist/lib/idp-fetch.d.ts +14 -0
package/dist/lib/idp-fetch.js +91 -0
package/dist/lib/internal-api.d.ts +87 -0
package/dist/lib/internal-api.js +122 -0
package/dist/lib/jwt-decode-client.d.ts +10 -0
package/dist/lib/jwt-decode-client.js +46 -0
package/dist/lib/jwt-decode.d.ts +48 -0
package/dist/lib/jwt-decode.js +57 -0
package/dist/lib/nextauth-secret.d.ts +10 -0
package/dist/lib/nextauth-secret.js +104 -0
package/dist/lib/rate-limit-service.d.ts +23 -0
package/dist/lib/rate-limit-service.js +6 -0
package/dist/lib/redis.d.ts +5 -0
package/dist/lib/redis.js +28 -0
package/dist/lib/refresh-token-validator.d.ts +13 -0
package/dist/lib/refresh-token-validator.js +117 -0
package/dist/lib/roles.d.ts +145 -0
package/dist/lib/roles.js +168 -0
package/dist/lib/secret-validation.d.ts +4 -0
package/dist/lib/secret-validation.js +14 -0
package/dist/lib/session-store.d.ts +166 -0
package/dist/lib/session-store.js +537 -0
package/dist/lib/session.d.ts +21 -0
package/dist/lib/session.js +26 -0
package/dist/lib/site-logger.d.ts +214 -0
package/dist/lib/site-logger.js +210 -0
package/dist/lib/standardized-client-api.d.ts +161 -0
package/dist/lib/standardized-client-api.js +786 -0
package/dist/lib/startup-init.d.ts +40 -0
package/dist/lib/startup-init.js +261 -0
package/dist/lib/test-aware-get-token.d.ts +2 -0
package/dist/lib/test-aware-get-token.js +81 -0
package/dist/lib/token-expiry.d.ts +14 -0
package/dist/lib/token-expiry.js +39 -0
package/dist/lib/token-lifecycle.d.ts +52 -0
package/dist/lib/token-lifecycle.js +398 -0
package/dist/lib/types/api-responses.d.ts +128 -0
package/dist/lib/types/api-responses.js +171 -0
package/dist/lib/user-agent-parser.d.ts +50 -0
package/dist/lib/user-agent-parser.js +220 -0
package/dist/logging/api/admin-analytics.d.ts +3 -0
package/dist/logging/api/admin-analytics.js +45 -0
package/dist/logging/api/audit-log.d.ts +3 -0
package/dist/logging/api/audit-log.js +52 -0
package/dist/logging/components/AdminAnalyticsLayout.d.ts +10 -0
package/dist/logging/components/AdminAnalyticsLayout.js +11 -0
package/dist/logging/components/AuditLogViewer.d.ts +7 -0
package/dist/logging/components/AuditLogViewer.js +51 -0
package/dist/logging/components/ErrorMetricsCard.d.ts +7 -0
package/dist/logging/components/ErrorMetricsCard.js +16 -0
package/dist/logging/components/HealthMetricsCard.d.ts +7 -0
package/dist/logging/components/HealthMetricsCard.js +19 -0
package/dist/logging/hooks/useAdminAnalytics.d.ts +24 -0
package/dist/logging/hooks/useAdminAnalytics.js +22 -0
package/dist/logging/hooks/useAuditLog.d.ts +6 -0
package/dist/logging/hooks/useAuditLog.js +25 -0
package/dist/logging/hooks/useErrorMetrics.d.ts +6 -0
package/dist/logging/hooks/useErrorMetrics.js +38 -0
package/dist/logging/hooks/useHealthMetrics.d.ts +6 -0
package/dist/logging/hooks/useHealthMetrics.js +41 -0
package/dist/logging/index.d.ts +11 -0
package/dist/logging/index.js +40 -0
package/dist/logging/types/analytics.d.ts +68 -0
package/dist/logging/types/analytics.js +3 -0
package/dist/logging/types/audit.d.ts +29 -0
package/dist/logging/types/audit.js +2 -0
package/dist/logging/types/index.d.ts +2 -0
package/dist/logging/types/index.js +19 -0
package/dist/middleware/auth-decision.d.ts +33 -0
package/dist/middleware/auth-decision.js +65 -0
package/dist/middleware/create-middleware.d.ts +100 -0
package/dist/middleware/create-middleware.js +445 -0
package/dist/middleware/rbac-check.d.ts +44 -0
package/dist/middleware/rbac-check.js +191 -0
package/dist/middleware/twofa-presets.d.ts +134 -0
package/dist/middleware/twofa-presets.js +175 -0
package/dist/models/DecodedAccessToken.d.ts +17 -0
package/dist/models/DecodedAccessToken.js +2 -0
package/dist/models/SessionModel.d.ts +122 -0
package/dist/models/SessionModel.js +136 -0
package/dist/pages/admin-login/page.d.ts +31 -0
package/dist/pages/admin-login/page.js +83 -0
package/dist/pages/admin-roles/RolesAdminPage.d.ts +15 -0
package/dist/pages/admin-roles/RolesAdminPage.js +78 -0
package/dist/pages/admin-roles/index.d.ts +8 -0
package/dist/pages/admin-roles/index.js +15 -0
package/dist/pages/admin-roles/modals.d.ts +72 -0
package/dist/pages/admin-roles/modals.js +154 -0
package/dist/pages/client-admin/ClientSiteAdminPage.d.ts +79 -0
package/dist/pages/client-admin/ClientSiteAdminPage.js +177 -0
package/dist/pages/client-admin/index.d.ts +32 -0
package/dist/pages/client-admin/index.js +37 -0
package/dist/pages/login/page.d.ts +22 -0
package/dist/pages/login/page.js +239 -0
package/dist/pages/profile/EnhancedProfilePage.d.ts +13 -0
package/dist/pages/profile/EnhancedProfilePage.js +150 -0
package/dist/pages/profile/index.d.ts +8 -0
package/dist/pages/profile/index.js +16 -0
package/dist/pages/profile/page.d.ts +19 -0
package/dist/pages/profile/page.js +47 -0
package/dist/pages/profile/profile-patch.d.ts +1 -0
package/dist/pages/profile/profile-patch.js +281 -0
package/dist/pages/recovery/page.d.ts +1 -0
package/dist/pages/recovery/page.js +142 -0
package/dist/pages/roles/MyRolesPage.d.ts +24 -0
package/dist/pages/roles/MyRolesPage.js +71 -0
package/dist/pages/roles/components.d.ts +63 -0
package/dist/pages/roles/components.js +108 -0
package/dist/pages/roles/index.d.ts +8 -0
package/dist/pages/roles/index.js +19 -0
package/dist/pages/security/EnhancedSecurityPage.d.ts +14 -0
package/dist/pages/security/EnhancedSecurityPage.js +248 -0
package/dist/pages/security/index.d.ts +8 -0
package/dist/pages/security/index.js +16 -0
package/dist/pages/security/page.d.ts +21 -0
package/dist/pages/security/page.js +212 -0
package/dist/pages/security/security-patch.d.ts +1 -0
package/dist/pages/security/security-patch.js +302 -0
package/dist/pages/settings/EnhancedSettingsPage.d.ts +46 -0
package/dist/pages/settings/EnhancedSettingsPage.js +231 -0
package/dist/pages/settings/index.d.ts +8 -0
package/dist/pages/settings/index.js +16 -0
package/dist/pages/settings/page.d.ts +7 -0
package/dist/pages/settings/page.js +26 -0
package/dist/pages/showcase/ShowcasePage.d.ts +13 -0
package/dist/pages/showcase/ShowcasePage.js +140 -0
package/dist/pages/showcase/index.d.ts +12 -0
package/dist/pages/showcase/index.js +17 -0
package/dist/pages/test-env/EmergencyLogoutPage.d.ts +14 -0
package/dist/pages/test-env/EmergencyLogoutPage.js +98 -0
package/dist/pages/test-env/JwtInspectPage.d.ts +14 -0
package/dist/pages/test-env/JwtInspectPage.js +114 -0
package/dist/pages/test-env/RefreshTokenPage.d.ts +15 -0
package/dist/pages/test-env/RefreshTokenPage.js +91 -0
package/dist/pages/test-env/TestEnvPage.d.ts +13 -0
package/dist/pages/test-env/TestEnvPage.js +49 -0
package/dist/pages/test-env/index.d.ts +24 -0
package/dist/pages/test-env/index.js +32 -0
package/dist/pages/verify-code/page.d.ts +30 -0
package/dist/pages/verify-code/page.js +408 -0
package/dist/routes/account/index.d.ts +28 -0
package/dist/routes/account/index.js +71 -0
package/dist/routes/account/masked-info.d.ts +33 -0
package/dist/routes/account/masked-info.js +39 -0
package/dist/routes/account/send-code.d.ts +37 -0
package/dist/routes/account/send-code.js +42 -0
package/dist/routes/account/update-phone.d.ts +13 -0
package/dist/routes/account/update-phone.js +17 -0
package/dist/routes/account/verify-email.d.ts +38 -0
package/dist/routes/account/verify-email.js +43 -0
package/dist/routes/account/verify-sms.d.ts +38 -0
package/dist/routes/account/verify-sms.js +43 -0
package/dist/routes/auth/index.d.ts +19 -0
package/dist/routes/auth/index.js +64 -0
package/dist/routes/auth/logout.d.ts +31 -0
package/dist/routes/auth/logout.js +113 -0
package/dist/routes/auth/nextauth.d.ts +19 -0
package/dist/routes/auth/nextauth.js +72 -0
package/dist/routes/auth/refresh.d.ts +30 -0
package/dist/routes/auth/refresh.js +51 -0
package/dist/routes/auth/session.d.ts +72 -0
package/dist/routes/auth/session.js +180 -0
package/dist/routes/auth/settings.d.ts +25 -0
package/dist/routes/auth/settings.js +55 -0
package/dist/routes/auth/viability.d.ts +52 -0
package/dist/routes/auth/viability.js +201 -0
package/dist/routes/index.d.ts +12 -0
package/dist/routes/index.js +54 -0
package/dist/routes/session/index.d.ts +6 -0
package/dist/routes/session/index.js +10 -0
package/dist/routes/session/refresh-viability.d.ts +16 -0
package/dist/routes/session/refresh-viability.js +20 -0
package/dist/services/signalrActivityService.d.ts +44 -0
package/dist/services/signalrActivityService.js +257 -0
package/dist/stores/authStore.d.ts +154 -0
package/dist/stores/authStore.js +1531 -0
package/dist/theme/ThemeProvider.d.ts +14 -0
package/dist/theme/ThemeProvider.js +28 -0
package/dist/theme/default.d.ts +8 -0
package/dist/theme/default.js +33 -0
package/dist/theme/index.d.ts +15 -0
package/dist/theme/index.js +25 -0
package/dist/theme/types.d.ts +56 -0
package/dist/theme/types.js +8 -0
package/dist/theme/useTheme.d.ts +60 -0
package/dist/theme/useTheme.js +63 -0
package/dist/theme/utils.d.ts +13 -0
package/dist/theme/utils.js +39 -0
package/dist/types/api.d.ts +134 -0
package/dist/types/api.js +44 -0
package/dist/types/auth.d.ts +19 -0
package/dist/types/auth.js +2 -0
package/dist/types/logging.d.ts +42 -0
package/dist/types/logging.js +2 -0
package/dist/types/recovery.d.ts +48 -0
package/dist/types/recovery.js +2 -0
package/dist/types/security.d.ts +1 -0
package/dist/types/security.js +2 -0
package/dist/utils/api.d.ts +85 -0
package/dist/utils/api.js +287 -0
package/dist/utils/circuitBreaker.d.ts +43 -0
package/dist/utils/circuitBreaker.js +91 -0
package/dist/utils/error-message.d.ts +1 -0
package/dist/utils/error-message.js +103 -0
package/dist/utils/layout/reservedSpace.d.ts +59 -0
package/dist/utils/layout/reservedSpace.js +102 -0
package/dist/utils/logout.d.ts +14 -0
package/dist/utils/logout.js +32 -0
package/dist/vibe/client.d.ts +261 -0
package/dist/vibe/client.js +445 -0
package/dist/vibe/errors.d.ts +83 -0
package/dist/vibe/errors.js +146 -0
package/dist/vibe/generic.d.ts +234 -0
package/dist/vibe/generic.js +369 -0
package/dist/vibe/hooks/index.d.ts +169 -0
package/dist/vibe/hooks/index.js +252 -0
package/dist/vibe/index.d.ts +23 -0
package/dist/vibe/index.js +67 -0
package/dist/vibe/sessions.d.ts +161 -0
package/dist/vibe/sessions.js +391 -0
package/dist/vibe/types.d.ts +353 -0
package/dist/vibe/types.js +315 -0
package/package.json +855 -0
package/scripts/check-internal-url-usage.sh +73 -0
package/scripts/dev-broker.ps1 +35 -0
package/scripts/dev-local.ps1 +45 -0
package/src/api/auth-handler.ts +550 -0
package/src/api/index.ts +18 -0
package/src/api-handlers/account/change-password.ts +145 -0
package/src/api-handlers/account/masked-info.ts +45 -0
package/src/api-handlers/account/profile.ts +80 -0
package/src/api-handlers/account/recovery/initiate.ts +23 -0
package/src/api-handlers/account/recovery/send-code.ts +25 -0
package/src/api-handlers/account/recovery/verify-code.ts +25 -0
package/src/api-handlers/account/reset-password.ts +23 -0
package/src/api-handlers/account/send-code.ts +76 -0
package/src/api-handlers/account/update-phone.ts +79 -0
package/src/api-handlers/account/validate-password.ts +118 -0
package/src/api-handlers/account/verify-email.ts +125 -0
package/src/api-handlers/account/verify-sms.ts +125 -0
package/src/api-handlers/admin/analytics.ts +445 -0
package/src/api-handlers/admin/audit.ts +225 -0
package/src/api-handlers/admin/index.ts +59 -0
package/src/api-handlers/admin/redis-sessions.ts +253 -0
package/src/api-handlers/admin/sessions.ts +320 -0
package/src/api-handlers/admin/site-logs.ts +367 -0
package/src/api-handlers/admin/users.ts +244 -0
package/src/api-handlers/admin/vibe-data.ts +326 -0
package/src/api-handlers/anon/preferences.ts +123 -0
package/src/api-handlers/auth/jwks.ts +20 -0
package/src/api-handlers/auth/login.ts +240 -0
package/src/api-handlers/auth/refresh.ts +687 -0
package/src/api-handlers/auth/signout.ts +212 -0
package/src/api-handlers/auth/status.ts +23 -0
package/src/api-handlers/auth/update-session.ts +125 -0
package/src/api-handlers/auth/validate.ts +44 -0
package/src/api-handlers/auth/verify-code.ts +129 -0
package/src/api-handlers/session/refresh-viability.ts +36 -0
package/src/api-handlers/session/viability.ts +166 -0
package/src/api-handlers/test/force-expire.ts +67 -0
package/src/auth/auth-decision.ts +230 -0
package/src/auth/auth-options.ts +237 -0
package/src/auth/callbacks/index.ts +7 -0
package/src/auth/callbacks/jwt.ts +382 -0
package/src/auth/callbacks/session.ts +243 -0
package/src/auth/callbacks/signin.ts +56 -0
package/src/auth/events/index.ts +5 -0
package/src/auth/events/signout.ts +33 -0
package/src/auth/providers/credentials.ts +256 -0
package/src/auth/providers/index.ts +6 -0
package/src/auth/providers/oauth.ts +114 -0
package/src/auth/route-config.ts +220 -0
package/src/auth/types/auth-types.ts +555 -0
package/src/auth/types/index.ts +7 -0
package/src/auth/unauthenticated-routes.ts +3 -0
package/src/auth/utils/idp-client.ts +444 -0
package/src/auth/utils/index.ts +6 -0
package/src/auth/utils/token-utils.ts +244 -0
package/src/client/AuthContext.tsx +140 -0
package/src/client/fetch-with-auth.ts +48 -0
package/src/client/fetchWithSession.ts +21 -0
package/src/client/index.ts +13 -0
package/src/client/useAnonSession.ts +131 -0
package/src/components/SessionSync.tsx +137 -0
package/src/components/SignalRHealthCheck.tsx +131 -0
package/src/components/account/UserAvatarMenu.tsx +217 -0
package/src/components/account/index.ts +8 -0
package/src/components/admin/AlertSettingsTab.tsx +728 -0
package/src/components/admin/AnalyticsTab.tsx +703 -0
package/src/components/admin/DataBrowserTab.tsx +505 -0
package/src/components/admin/LoggingSettingsTab.tsx +665 -0
package/src/components/admin/SessionsTab.tsx +414 -0
package/src/components/admin/StatsTab.tsx +379 -0
package/src/components/admin/VibeAdminContext.tsx +87 -0
package/src/components/admin/VibeAdminLayout.tsx +185 -0
package/src/components/admin/index.ts +59 -0
package/src/components/auth/FederatedAuthSection.tsx +95 -0
package/src/components/auth/ModeAwareLoginPage.tsx +135 -0
package/src/components/auth/ModeAwareSignupPage.tsx +267 -0
package/src/components/auth/TraditionalAuthSection.tsx +99 -0
package/src/components/recovery/CompleteStep.tsx +36 -0
package/src/components/recovery/InitiateRecoveryStep.tsx +68 -0
package/src/components/recovery/SelectMethodStep.tsx +73 -0
package/src/components/recovery/SetPasswordStep.tsx +97 -0
package/src/components/recovery/VerifyCodeStep.tsx +90 -0
package/src/components/reserved/ReservedRecoveryWarning.tsx +160 -0
package/src/components/reserved/ReservedStatusBox.tsx +118 -0
package/src/components/ui/BetaBadge.tsx +58 -0
package/src/components/ui/Footer.tsx +93 -0
package/src/config/env.ts +57 -0
package/src/config/logger.ts +62 -0
package/src/config/logging-config.ts +82 -0
package/src/config/unauthenticated-routes.ts +19 -0
package/src/config/vibe-log-transport.ts +250 -0
package/src/edge/internal-api-url.ts +65 -0
package/src/edge/middleware.ts +42 -0
package/src/hooks/useAuth.ts +115 -0
package/src/hooks/useAuthSettings.ts +97 -0
package/src/hooks/useAvailableProviders.ts +118 -0
package/src/hooks/usePasswordValidation.ts +127 -0
package/src/hooks/useProfile.ts +75 -0
package/src/hooks/usePublicAuthSettings.ts +149 -0
package/src/hooks/useSessionExpiration.ts +102 -0
package/src/hooks/useViabilitySession.ts +335 -0
package/src/index.ts +63 -0
package/src/lib/anon-session.ts +213 -0
package/src/lib/api-handler.ts +625 -0
package/src/lib/app-slug.ts +178 -0
package/src/lib/demo-mode.ts +13 -0
package/src/lib/geolocation.ts +265 -0
package/src/lib/idp-client-config.ts +442 -0
package/src/lib/idp-fetch.ts +101 -0
package/src/lib/internal-api.ts +171 -0
package/src/lib/jwt-decode-client.ts +45 -0
package/src/lib/jwt-decode.ts +83 -0
package/src/lib/nextauth-secret.ts +126 -0
package/src/lib/rate-limit-service.ts +9 -0
package/src/lib/redis.ts +27 -0
package/src/lib/refresh-token-validator.ts +64 -0
package/src/lib/roles.ts +177 -0
package/src/lib/secret-validation.ts +8 -0
package/src/lib/session-store.ts +637 -0
package/src/lib/session.ts +34 -0
package/src/lib/site-logger.ts +245 -0
package/src/lib/standardized-client-api.ts +896 -0
package/src/lib/startup-init.ts +247 -0
package/src/lib/test-aware-get-token.ts +30 -0
package/src/lib/token-expiry.ts +40 -0
package/src/lib/token-lifecycle.ts +477 -0
package/src/lib/types/api-responses.ts +336 -0
package/src/lib/user-agent-parser.ts +252 -0
package/src/logging/api/admin-analytics.ts +51 -0
package/src/logging/api/audit-log.ts +53 -0
package/src/logging/components/AdminAnalyticsLayout.tsx +49 -0
package/src/logging/components/AuditLogViewer.tsx +125 -0
package/src/logging/components/ErrorMetricsCard.tsx +98 -0
package/src/logging/components/HealthMetricsCard.tsx +70 -0
package/src/logging/hooks/useAdminAnalytics.ts +22 -0
package/src/logging/hooks/useAuditLog.ts +24 -0
package/src/logging/hooks/useErrorMetrics.ts +40 -0
package/src/logging/hooks/useHealthMetrics.ts +44 -0
package/src/logging/index.ts +18 -0
package/src/logging/types/analytics.ts +81 -0
package/src/logging/types/audit.ts +31 -0
package/src/logging/types/index.ts +3 -0
package/src/middleware/auth-decision.ts +43 -0
package/src/middleware/create-middleware.ts +626 -0
package/src/middleware/rbac-check.ts +244 -0
package/src/middleware/twofa-presets.ts +224 -0
package/src/models/DecodedAccessToken.ts +17 -0
package/src/models/SessionModel.ts +258 -0
package/src/pages/admin-login/page.tsx +229 -0
package/src/pages/admin-roles/RolesAdminPage.tsx +357 -0
package/src/pages/admin-roles/index.ts +9 -0
package/src/pages/admin-roles/modals.tsx +469 -0
package/src/pages/client-admin/ClientSiteAdminPage.tsx +380 -0
package/src/pages/client-admin/index.ts +33 -0
package/src/pages/login/page.tsx +463 -0
package/src/pages/profile/EnhancedProfilePage.tsx +479 -0
package/src/pages/profile/index.ts +9 -0
package/src/pages/profile/page.tsx +166 -0
package/src/pages/recovery/page.tsx +234 -0
package/src/pages/roles/MyRolesPage.tsx +211 -0
package/src/pages/roles/components.tsx +294 -0
package/src/pages/roles/index.ts +17 -0
package/src/pages/security/EnhancedSecurityPage.tsx +574 -0
package/src/pages/security/index.ts +9 -0
package/src/pages/security/page.tsx +507 -0
package/src/pages/settings/EnhancedSettingsPage.tsx +642 -0
package/src/pages/settings/index.ts +9 -0
package/src/pages/settings/page.tsx +47 -0
package/src/pages/showcase/ShowcasePage.tsx +530 -0
package/src/pages/showcase/index.ts +13 -0
package/src/pages/test-env/EmergencyLogoutPage.tsx +179 -0
package/src/pages/test-env/JwtInspectPage.tsx +418 -0
package/src/pages/test-env/RefreshTokenPage.tsx +155 -0
package/src/pages/test-env/TestEnvPage.tsx +116 -0
package/src/pages/test-env/index.ts +25 -0
package/src/pages/verify-code/page.tsx +648 -0
package/src/routes/account/index.ts +32 -0
package/src/routes/account/masked-info.ts +37 -0
package/src/routes/account/send-code.ts +40 -0
package/src/routes/account/update-phone.ts +13 -0
package/src/routes/account/verify-email.ts +41 -0
package/src/routes/account/verify-sms.ts +41 -0
package/src/routes/auth/index.ts +23 -0
package/src/routes/auth/logout.ts +127 -0
package/src/routes/auth/nextauth.ts +71 -0
package/src/routes/auth/refresh.ts +54 -0
package/src/routes/auth/session.ts +193 -0
package/src/routes/auth/settings.ts +75 -0
package/src/routes/auth/viability.ts +220 -0
package/src/routes/index.ts +18 -0
package/src/routes/session/index.ts +7 -0
package/src/routes/session/refresh-viability.ts +17 -0
package/src/services/signalrActivityService.ts +258 -0
package/src/stores/authStore.ts +1904 -0
package/src/templates/instrumentation.ts +41 -0
package/src/theme/ThemeProvider.tsx +39 -0
package/src/theme/default.ts +33 -0
package/src/theme/index.ts +31 -0
package/src/theme/types.ts +69 -0
package/src/theme/useTheme.ts +57 -0
package/src/theme/utils.ts +40 -0
package/src/types/api.ts +13 -0
package/src/types/auth.d.ts +15 -0
package/src/types/auth.ts +22 -0
package/src/types/logging.ts +11 -0
package/src/types/next-auth.d.ts +15 -0
package/src/types/recovery.ts +54 -0
package/src/types/security.ts +1 -0
package/src/utils/api.ts +353 -0
package/src/utils/circuitBreaker.ts +40 -0
package/src/utils/error-message.ts +108 -0
package/src/utils/layout/reservedSpace.ts +124 -0
package/src/utils/logout.ts +30 -0
package/src/vibe/client.ts +590 -0
package/src/vibe/errors.ts +185 -0
package/src/vibe/generic.ts +429 -0
package/src/vibe/hooks/index.ts +367 -0
package/src/vibe/index.ts +121 -0
package/src/vibe/sessions.ts +551 -0
package/src/vibe/types.ts +577 -0

package/src/pages/security/EnhancedSecurityPage.tsx ADDED Viewed

@@ -0,0 +1,574 @@
+/**
+ * Enhanced Security Page for @payez/next-mvp
+ *
+ * Implements BAPert's Member Self-Service spec with:
+ * - Password section with change form
+ * - Two-factor authentication management
+ * - Connected OAuth accounts
+ * - Active sessions list
+ * - Recent activity log
+ * - Danger zone (data export, account deletion)
+ *
+ * @see docs/specs/MEMBER_SELF_SERVICE_SPEC.md
+ */
+'use client';
+import React, { useState, useEffect, useCallback } from 'react';
+import { useProfile } from '../../hooks/useProfile';
+import { usePasswordValidation } from '../../hooks/usePasswordValidation';
+import { useLayout, useColors } from '../../theme/useTheme';
+// Types matching BAPert's spec
+interface SecurityData {
+  password?: {
+    last_changed?: string;
+    expires_at?: string;
+    days_until_expiry?: number;
+    requires_change?: boolean;
+  };
+  two_factor?: {
+    enabled: boolean;
+    method?: 'sms' | 'email' | 'authenticator';
+    method_display?: string;
+    last_updated?: string;
+    requires_reenrollment?: boolean;
+    backup_codes_remaining?: number;
+  };
+  connected_accounts?: Array<{
+    provider: string;
+    provider_key: string;
+    email?: string;
+    connected_at?: string;
+    can_disconnect?: boolean;
+  }>;
+  active_sessions?: Array<{
+    session_id: string;
+    device_type?: 'desktop' | 'mobile' | 'tablet';
+    device_name?: string;
+    ip_address?: string;
+    location?: string;
+    created_at?: string;
+    last_active_at?: string;
+    is_current?: boolean;
+  }>;
+  recent_activity?: Array<{
+    event_type: string;
+    description: string;
+    device?: string;
+    timestamp: string;
+    success: boolean;
+  }>;
+}
+interface PasswordData {
+  current_password: string;
+  new_password: string;
+  confirm_password: string;
+}
+// Password Strength Meter Component
+function PasswordStrengthMeter({ score, failedRequirements, tip, isDark }: {
+  score: number;
+  failedRequirements: string[];
+  tip?: string;
+  isDark: boolean;
+}) {
+  const getColor = (s: number) => {
+    if (s >= 4) return 'bg-green-500';
+    if (s >= 3) return 'bg-yellow-500';
+    if (s >= 2) return 'bg-orange-500';
+    return 'bg-red-500';
+  };
+  const getLabel = (s: number) => {
+    if (s >= 4) return 'Strong';
+    if (s >= 3) return 'Good';
+    if (s >= 2) return 'Fair';
+    if (s >= 1) return 'Weak';
+    return 'Very Weak';
+  };
+  const mutedText = isDark ? 'text-slate-400' : 'text-gray-500';
+  const barBg = isDark ? 'bg-slate-600' : 'bg-gray-200';
+  return (
+    <div className="space-y-2">
+      <div className="flex items-center gap-2">
+        <div className={`flex-1 h-2 rounded-full overflow-hidden ${barBg}`}>
+          <div className={`h-full transition-all duration-300 ${getColor(score)}`} style={{ width: `${Math.min(score * 20, 100)}%` }} />
+        </div>
+        <span className={`text-xs w-16 ${mutedText}`}>{getLabel(score)}</span>
+      </div>
+      {failedRequirements.length > 0 && (
+        <ul className={`text-xs space-y-1 ${mutedText}`}>
+          {failedRequirements.map((req, i) => (
+            <li key={i} className="flex items-center gap-1"><span className="text-red-400">x</span> {req}</li>
+          ))}
+        </ul>
+      )}
+      {tip && <p className="text-xs text-blue-400">{tip}</p>}
+    </div>
+  );
+}
+// Policy Checklist Component
+function PolicyChecklist({ policy, password, isDark }: { policy: any; password: string; isDark: boolean }) {
+  const checks = React.useMemo(() => {
+    const list: { label: string; ok: boolean }[] = [];
+    const minLen = policy?.min_length || 8;
+    list.push({ label: `At least ${minLen} characters`, ok: (password?.length || 0) >= minLen });
+    if (policy?.require_uppercase) list.push({ label: 'One uppercase letter', ok: /[A-Z]/.test(password || '') });
+    if (policy?.require_lowercase) list.push({ label: 'One lowercase letter', ok: /[a-z]/.test(password || '') });
+    if (policy?.require_digit) list.push({ label: 'One digit', ok: /\d/.test(password || '') });
+    if (policy?.require_special) list.push({ label: 'One special character', ok: /[^A-Za-z0-9]/.test(password || '') });
+    return list;
+  }, [policy, password]);
+  const mutedText = isDark ? 'text-slate-400' : 'text-gray-500';
+  return (
+    <div className="space-y-1 text-xs">
+      {checks.map((c, i) => (
+        <div key={i} className="flex items-center gap-2">
+          {c.ok ? <span className="text-green-400">v</span> : <span className={mutedText}>o</span>}
+          <span className={c.ok ? 'text-green-400' : mutedText}>{c.label}</span>
+        </div>
+      ))}
+    </div>
+  );
+}
+// Section Card Component
+function SecuritySection({ title, description, children, isDark }: {
+  title: string;
+  description?: string;
+  children: React.ReactNode;
+  isDark: boolean;
+}) {
+  const cardBg = isDark ? 'bg-slate-800' : 'bg-white';
+  const borderColor = isDark ? 'border-slate-700' : 'border-gray-200';
+  const textPrimary = isDark ? 'text-white' : 'text-gray-900';
+  const textMuted = isDark ? 'text-slate-400' : 'text-gray-500';
+  return (
+    <div className={`rounded-lg border ${cardBg} ${borderColor}`}>
+      <div className={`px-6 py-4 border-b ${borderColor}`}>
+        <h2 className={`text-lg font-semibold ${textPrimary}`}>{title}</h2>
+        {description && <p className={`text-sm mt-1 ${textMuted}`}>{description}</p>}
+      </div>
+      <div className="px-6 py-4">{children}</div>
+    </div>
+  );
+}
+// Status Badge Component
+function StatusBadge({ enabled, label, isDark }: { enabled: boolean; label?: string; isDark: boolean }) {
+  const bgClass = enabled
+    ? 'bg-green-100 text-green-800 dark:bg-green-900/30 dark:text-green-400'
+    : 'bg-yellow-100 text-yellow-800 dark:bg-yellow-900/30 dark:text-yellow-400';
+  return (
+    <span className={`inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium ${bgClass}`}>
+      {label || (enabled ? 'Enabled' : 'Not Active')}
+    </span>
+  );
+}
+function formatDate(dateString?: string): string {
+  if (!dateString) return '';
+  try {
+    return new Date(dateString).toLocaleDateString('en-US', { year: 'numeric', month: 'long', day: 'numeric' });
+  } catch { return dateString; }
+}
+function formatRelativeTime(dateString?: string): string {
+  if (!dateString) return '';
+  try {
+    const date = new Date(dateString);
+    const now = new Date();
+    const diffMs = now.getTime() - date.getTime();
+    const diffMins = Math.floor(diffMs / 60000);
+    const diffHours = Math.floor(diffMs / 3600000);
+    const diffDays = Math.floor(diffMs / 86400000);
+    if (diffMins < 1) return 'Just now';
+    if (diffMins < 60) return `${diffMins}m ago`;
+    if (diffHours < 24) return `${diffHours}h ago`;
+    if (diffDays < 7) return `${diffDays}d ago`;
+    return formatDate(dateString);
+  } catch { return dateString; }
+}
+export default function EnhancedSecurityPage() {
+  const { data: profileData, isLoading: isProfileLoading } = useProfile();
+  const layout = useLayout();
+  const colors = useColors();
+  // Re-auth action types (moved for scope)
+type ReAuthAction = 'enable_2fa' | 'disable_2fa' | 'export_data' | 'delete_account' | null;
+  // Security data state (would come from API in production)
+  const [securityData, setSecurityData] = useState<SecurityData | null>(null);
+  const [loadingSecurityData, setLoadingSecurityData] = useState(true);
+  // Determine dark mode
+  const isDark = colors?.background?.includes('slate-9') ||
+                 colors?.background?.includes('gray-9') ||
+                 colors?.card?.includes('slate-8');
+  // Password form state
+  const [formData, setFormData] = useState<PasswordData>({
+    current_password: '',
+    new_password: '',
+    confirm_password: '',
+  });
+  const [showPasswords, setShowPasswords] = useState({ current: false, new: false, confirm: false });
+  // Re-authentication modal state (Security Addendum)
+  const [reAuthModal, setReAuthModal] = useState<{
+    isOpen: boolean;
+    action: ReAuthAction;
+  }>({ isOpen: false, action: null });
+  const [submitting, setSubmitting] = useState(false);
+  const [error, setError] = useState('');
+  const [success, setSuccess] = useState('');
+  // Password validation
+  const { setPassword: validateNewPassword, isValid: newPasswordIsValid, score: newPasswordScore, failedRequirements, tip, policy } = usePasswordValidation({ debounceMs: 250 });
+  useEffect(() => { validateNewPassword(formData.new_password); }, [formData.new_password, validateNewPassword]);
+  // Fetch security data
+  const fetchSecurityData = useCallback(async () => {
+    try {
+      setLoadingSecurityData(true);
+      const res = await fetch('/api/account/security');
+      if (res.ok) {
+        const data = await res.json();
+        setSecurityData(data);
+      }
+    } catch (err) {
+      // Security data fetch is optional - page still works without it
+    } finally {
+      setLoadingSecurityData(false);
+    }
+  }, []);
+  useEffect(() => {
+    if (profileData) fetchSecurityData();
+  }, [profileData, fetchSecurityData]);
+  const passwordsMatch = formData.confirm_password.length > 0 && formData.new_password === formData.confirm_password;
+  const canSubmit = !submitting && newPasswordIsValid && passwordsMatch && formData.current_password.length > 0;
+  const handlePasswordSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setError('');
+    setSuccess('');
+    if (!canSubmit) return;
+    try {
+      setSubmitting(true);
+      const response = await fetch('/api/account/change-password', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(formData),
+      });
+      const result = await response.json();
+      if (!response.ok || !result.success) {
+        let errorMsg = result.message || 'Failed to change password';
+        if (result.details?.value?.[0]?.message) errorMsg = result.details.value[0].message;
+        setError(errorMsg);
+        return;
+      }
+      setSuccess(result.message || 'Password changed successfully');
+      setFormData({ current_password: '', new_password: '', confirm_password: '' });
+    } catch (err: any) {
+      setError(err.message || 'Failed to change password');
+    } finally {
+      setSubmitting(false);
+    }
+  };
+  // Theme classes
+  const bgClass = isDark ? 'bg-slate-900' : 'bg-gray-50';
+  const textPrimary = isDark ? 'text-white' : 'text-gray-900';
+  const textSecondary = isDark ? 'text-slate-300' : 'text-gray-600';
+  const textMuted = isDark ? 'text-slate-400' : 'text-gray-500';
+  const cardBg = isDark ? 'bg-slate-800' : 'bg-white';
+  const borderColor = isDark ? 'border-slate-700' : 'border-gray-200';
+  const elevatedBg = isDark ? 'bg-slate-700' : 'bg-gray-100';
+  const inputBg = isDark ? 'bg-slate-800' : 'bg-white';
+  const inputBorder = isDark ? 'border-slate-600' : 'border-gray-300';
+  const inputText = isDark ? 'text-white placeholder-slate-400' : 'text-gray-900 placeholder-gray-400';
+  // Loading state
+  if (isProfileLoading) {
+    return (
+      <div className={`min-h-screen ${bgClass} flex items-center justify-center`}>
+        <div className="flex flex-col items-center space-y-4">
+          <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-blue-500" />
+          <p className={textMuted}>Loading security settings...</p>
+        </div>
+      </div>
+    );
+  }
+  const twoFactorEnabled = profileData?.two_factor_enabled || securityData?.two_factor?.enabled || false;
+  const twoFactorMethod = securityData?.two_factor?.method_display || (twoFactorEnabled ? 'SMS' : undefined);
+  return (
+    <div className={`min-h-screen ${bgClass}`}>
+      <div className={`${layout?.maxWidth || 'max-w-3xl'} mx-auto ${layout?.padding || 'p-6'} space-y-6`}>
+        {/* Page Header */}
+        <div>
+          <h1 className={`text-2xl font-bold ${textPrimary}`}>Security</h1>
+          <p className={`mt-1 ${textMuted}`}>Manage your account security settings</p>
+        </div>
+        {/* Security Summary */}
+        <div className={`rounded-lg border ${cardBg} ${borderColor} p-6`}>
+          <h2 className={`text-lg font-semibold mb-4 ${textPrimary}`}>Security Summary</h2>
+          <div className="grid grid-cols-1 md:grid-cols-3 gap-4">
+            <div className={`p-4 rounded-lg ${elevatedBg}`}>
+              <p className={`text-sm font-medium mb-2 ${textSecondary}`}>2FA Status</p>
+              <StatusBadge enabled={twoFactorEnabled} isDark={isDark} />
+              {twoFactorMethod && <p className={`text-xs mt-2 ${textMuted}`}>Method: {twoFactorMethod}</p>}
+            </div>
+            <div className={`p-4 rounded-lg ${elevatedBg}`}>
+              <p className={`text-sm font-medium mb-2 ${textSecondary}`}>Email Status</p>
+              <StatusBadge enabled={profileData?.email_confirmed || false} label={profileData?.email_confirmed ? 'Verified' : 'Not Verified'} isDark={isDark} />
+              <p className={`text-xs mt-2 ${textMuted} truncate`}>{profileData?.email}</p>
+            </div>
+            <div className={`p-4 rounded-lg ${elevatedBg}`}>
+              <p className={`text-sm font-medium mb-2 ${textSecondary}`}>Phone Status</p>
+              <StatusBadge enabled={profileData?.phone_confirmed || false} label={profileData?.phone_confirmed ? 'Verified' : 'Not Verified'} isDark={isDark} />
+              {profileData?.phone_number && <p className={`text-xs mt-2 ${textMuted}`}>{profileData.phone_number}</p>}
+            </div>
+          </div>
+        </div>
+        {/* Password Section */}
+        <SecuritySection title="Password" description={securityData?.password?.last_changed ? `Last changed ${formatDate(securityData.password.last_changed)}` : undefined} isDark={isDark}>
+          <form onSubmit={handlePasswordSubmit} className="space-y-4">
+            <div>
+              <label className={`block text-sm font-medium mb-2 ${textSecondary}`}>Current Password</label>
+              <div className="relative">
+                <input
+                  type={showPasswords.current ? 'text' : 'password'}
+                  value={formData.current_password}
+                  onChange={e => setFormData({ ...formData, current_password: e.target.value })}
+                  className={`w-full px-3 py-2 rounded-md border focus:outline-none focus:ring-2 focus:ring-blue-500 ${inputBg} ${inputBorder} ${inputText}`}
+                  placeholder="Enter current password"
+                  disabled={submitting}
+                />
+                <button type="button" onClick={() => setShowPasswords(p => ({ ...p, current: !p.current }))} className={`absolute inset-y-0 right-2 flex items-center ${textMuted}`}>
+                  {showPasswords.current ? 'Hide' : 'Show'}
+                </button>
+              </div>
+            </div>
+            <div>
+              <label className={`block text-sm font-medium mb-2 ${textSecondary}`}>New Password</label>
+              <div className="relative">
+                <input
+                  type={showPasswords.new ? 'text' : 'password'}
+                  value={formData.new_password}
+                  onChange={e => setFormData({ ...formData, new_password: e.target.value })}
+                  className={`w-full px-3 py-2 rounded-md border focus:outline-none focus:ring-2 focus:ring-blue-500 ${inputBg} ${inputBorder} ${inputText}`}
+                  placeholder="Enter new password"
+                  disabled={submitting}
+                />
+                <button type="button" onClick={() => setShowPasswords(p => ({ ...p, new: !p.new }))} className={`absolute inset-y-0 right-2 flex items-center ${textMuted}`}>
+                  {showPasswords.new ? 'Hide' : 'Show'}
+                </button>
+              </div>
+              {formData.new_password && (
+                <div className="mt-2">
+                  <PasswordStrengthMeter score={newPasswordScore} failedRequirements={failedRequirements} tip={tip} isDark={isDark} />
+                </div>
+              )}
+              {policy && formData.new_password && (
+                <div className="mt-3">
+                  <PolicyChecklist policy={policy} password={formData.new_password} isDark={isDark} />
+                </div>
+              )}
+            </div>
+            <div>
+              <label className={`block text-sm font-medium mb-2 ${textSecondary}`}>Confirm New Password</label>
+              <div className="relative">
+                <input
+                  type={showPasswords.confirm ? 'text' : 'password'}
+                  value={formData.confirm_password}
+                  onChange={e => setFormData({ ...formData, confirm_password: e.target.value })}
+                  className={`w-full px-3 py-2 rounded-md border focus:outline-none focus:ring-2 focus:ring-blue-500 ${inputBg} ${inputBorder} ${inputText}`}
+                  placeholder="Confirm new password"
+                  disabled={submitting}
+                />
+                <button type="button" onClick={() => setShowPasswords(p => ({ ...p, confirm: !p.confirm }))} className={`absolute inset-y-0 right-2 flex items-center ${textMuted}`}>
+                  {showPasswords.confirm ? 'Hide' : 'Show'}
+                </button>
+              </div>
+              {formData.confirm_password && !passwordsMatch && <p className="mt-1 text-xs text-red-400">Passwords do not match</p>}
+              {formData.confirm_password && passwordsMatch && <p className="mt-1 text-xs text-green-400">Passwords match</p>}
+            </div>
+            {error && <div className="bg-red-900/30 border border-red-600 rounded-lg p-3"><p className="text-red-400 text-sm">{error}</p></div>}
+            {success && <div className="bg-green-900/30 border border-green-600 rounded-lg p-3"><p className="text-green-400 text-sm">{success}</p></div>}
+            <button
+              type="submit"
+              disabled={!canSubmit}
+              className="px-4 py-2 bg-blue-600 text-white rounded-md hover:bg-blue-700 disabled:opacity-50 disabled:cursor-not-allowed"
+            >
+              {submitting ? 'Changing...' : 'Change Password'}
+            </button>
+          </form>
+        </SecuritySection>
+        {/* Two-Factor Authentication */}
+        <SecuritySection title="Two-Factor Authentication" description="Add an extra layer of security to your account" isDark={isDark}>
+          <div className="space-y-4">
+            <div className="flex items-center justify-between">
+              <div>
+                <p className={`font-medium ${textPrimary}`}>Status</p>
+                <p className={`text-sm ${textMuted}`}>{twoFactorEnabled ? `Enabled via ${twoFactorMethod || 'SMS'}` : 'Not enabled'}</p>
+              </div>
+              <StatusBadge enabled={twoFactorEnabled} isDark={isDark} />
+            </div>
+            {twoFactorEnabled ? (
+              <div className="flex gap-2">
+                <button className={`px-3 py-1.5 text-sm rounded border ${isDark ? 'border-slate-600 hover:bg-slate-700' : 'border-gray-300 hover:bg-gray-50'} ${textSecondary}`}>
+                  Change Method
+                </button>
+                <button className="px-3 py-1.5 text-sm rounded border border-red-500 text-red-500 hover:bg-red-500/10">
+                  Disable 2FA
+                </button>
+              </div>
+            ) : (
+              <button className="px-4 py-2 bg-blue-600 text-white rounded-md hover:bg-blue-700">
+                Enable 2FA
+              </button>
+            )}
+            {securityData?.two_factor?.backup_codes_remaining !== undefined && (
+              <div className={`mt-4 p-3 rounded-lg ${elevatedBg}`}>
+                <p className={`text-sm ${textSecondary}`}>Backup Codes</p>
+                <p className={textMuted}>You have {securityData.two_factor.backup_codes_remaining} of 10 backup codes remaining</p>
+                <button className={`mt-2 text-sm ${isDark ? 'text-blue-400' : 'text-blue-600'}`}>View Codes</button>
+              </div>
+            )}
+          </div>
+        </SecuritySection>
+        {/* Connected Accounts */}
+        <SecuritySection title="Connected Accounts" description="OAuth providers linked to your account" isDark={isDark}>
+          {securityData?.connected_accounts && securityData.connected_accounts.length > 0 ? (
+            <div className="space-y-3">
+              {securityData.connected_accounts.map((account, idx) => (
+                <div key={idx} className={`flex items-center justify-between p-3 rounded-lg ${elevatedBg}`}>
+                  <div>
+                    <p className={`font-medium ${textPrimary}`}>{account.provider}</p>
+                    {account.email && <p className={`text-sm ${textMuted}`}>{account.email}</p>}
+                    {account.connected_at && <p className={`text-xs ${textMuted}`}>Connected {formatDate(account.connected_at)}</p>}
+                  </div>
+                  {account.can_disconnect && (
+                    <button className="text-sm text-red-500 hover:text-red-400">Disconnect</button>
+                  )}
+                </div>
+              ))}
+            </div>
+          ) : (
+            <p className={textMuted}>No connected accounts</p>
+          )}
+          <button className={`mt-4 text-sm ${isDark ? 'text-blue-400' : 'text-blue-600'}`}>
+            Connect Another Account
+          </button>
+        </SecuritySection>
+        {/* Active Sessions */}
+        <SecuritySection title="Active Sessions" description="Devices currently logged into your account" isDark={isDark}>
+          {securityData?.active_sessions && securityData.active_sessions.length > 0 ? (
+            <div className="space-y-3">
+              {securityData.active_sessions.map((session, idx) => (
+                <div key={idx} className={`flex items-center justify-between p-3 rounded-lg ${elevatedBg}`}>
+                  <div>
+                    <div className="flex items-center gap-2">
+                      <p className={`font-medium ${textPrimary}`}>{session.device_name || 'Unknown Device'}</p>
+                      {session.is_current && <span className="px-2 py-0.5 rounded text-xs bg-blue-500 text-white">This Device</span>}
+                    </div>
+                    <p className={`text-sm ${textMuted}`}>{session.location || session.ip_address}</p>
+                    <p className={`text-xs ${textMuted}`}>{session.is_current ? 'Active now' : `Last active ${formatRelativeTime(session.last_active_at)}`}</p>
+                  </div>
+                  {!session.is_current && (
+                    <button className="text-sm text-red-500 hover:text-red-400">Revoke</button>
+                  )}
+                </div>
+              ))}
+            </div>
+          ) : (
+            <p className={textMuted}>Session information not available</p>
+          )}
+          <button className="mt-4 text-sm text-red-500 hover:text-red-400">
+            Sign Out All Other Devices
+          </button>
+        </SecuritySection>
+        {/* Recent Activity */}
+        <SecuritySection title="Recent Activity" description="Security events on your account" isDark={isDark}>
+          {securityData?.recent_activity && securityData.recent_activity.length > 0 ? (
+            <div className="space-y-2">
+              {securityData.recent_activity.slice(0, 5).map((activity, idx) => (
+                <div key={idx} className={`flex items-center justify-between py-2 border-b last:border-b-0 ${borderColor}`}>
+                  <div className="flex items-center gap-2">
+                    <span className={activity.success ? 'text-green-400' : 'text-red-400'}>{activity.success ? 'v' : 'x'}</span>
+                    <div>
+                      <p className={`text-sm ${textPrimary}`}>{activity.description}</p>
+                      {activity.device && <p className={`text-xs ${textMuted}`}>{activity.device}</p>}
+                    </div>
+                  </div>
+                  <p className={`text-xs ${textMuted}`}>{formatRelativeTime(activity.timestamp)}</p>
+                </div>
+              ))}
+            </div>
+          ) : (
+            <p className={textMuted}>No recent activity</p>
+          )}
+          <button className={`mt-4 text-sm ${isDark ? 'text-blue-400' : 'text-blue-600'}`}>
+            View Full History
+          </button>
+        </SecuritySection>
+        {/* Danger Zone */}
+        <SecuritySection title="Danger Zone" description="Irreversible actions" isDark={isDark}>
+          <div className="space-y-4">
+            <div className={`flex items-center justify-between p-4 rounded-lg border border-yellow-500/50`}>
+              <div>
+                <p className={`font-medium ${textPrimary}`}>Download My Data</p>
+                <p className={`text-sm ${textMuted}`}>Get a copy of all your personal data</p>
+              </div>
+              <button className="px-4 py-2 text-sm rounded border border-yellow-500 text-yellow-500 hover:bg-yellow-500/10">
+                Request Export
+              </button>
+            </div>
+            <div className={`flex items-center justify-between p-4 rounded-lg border border-red-500/50`}>
+              <div>
+                <p className={`font-medium ${textPrimary}`}>Delete Account</p>
+                <p className={`text-sm ${textMuted}`}>Permanently delete your account and all data</p>
+              </div>
+              <button className="px-4 py-2 text-sm rounded border border-red-500 text-red-500 hover:bg-red-500/10">
+                Delete Account
+              </button>
+            </div>
+          </div>
+        </SecuritySection>
+        {/* Back to Profile link */}
+        <div className="text-center">
+          <a href="/account/profile" className={`text-sm hover:underline ${textMuted}`}>
+            Back to Profile
+          </a>
+        </div>
+      </div>
+    </div>
+  );
+}

package/src/pages/security/index.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Security Page exports
+ *
+ * - SecurityPage: Basic security display (legacy)
+ * - EnhancedSecurityPage: Full-featured security with password, 2FA, sessions, activity, danger zone
+ */
+export { default as SecurityPage } from './page';
+export { default as EnhancedSecurityPage } from './EnhancedSecurityPage';