npm - @syncular/server-hono - Versions diffs - 0.0.2-137 → 0.0.2-139 - Mend

@syncular/server-hono 0.0.2-137 → 0.0.2-139

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/console/routes.d.ts +23 -2
package/dist/console/routes.d.ts.map +1 -1
package/dist/console/routes.js +1129 -219
package/dist/console/routes.js.map +1 -1
package/dist/console/schemas.d.ts +153 -0
package/dist/console/schemas.d.ts.map +1 -1
package/dist/console/schemas.js +80 -0
package/dist/console/schemas.js.map +1 -1
package/dist/create-server.d.ts +5 -0
package/dist/create-server.d.ts.map +1 -1
package/dist/create-server.js +17 -7
package/dist/create-server.js.map +1 -1
package/dist/routes.d.ts +11 -0
package/dist/routes.d.ts.map +1 -1
package/dist/routes.js +514 -10
package/dist/routes.js.map +1 -1
package/package.json +5 -5
package/src/__tests__/console-routes.test.ts +1468 -0
package/src/__tests__/create-server.test.ts +75 -0
package/src/console/routes.ts +1471 -241
package/src/console/schemas.ts +106 -0
package/src/create-server.ts +28 -10
package/src/routes.ts +616 -17

package/dist/console/routes.js CHANGED Viewed

@@ -19,13 +19,16 @@ import { compactChanges, computePruneWatermarkCommitSeq, notifyExternalDataChang
 import { Hono } from 'hono';
 import { cors } from 'hono/cors';
 import { describeRoute, resolver, validator as zValidator } from 'hono-openapi';
+import { sql } from 'kysely';
 import { z } from 'zod';
-import { ApiKeyTypeSchema, ConsoleApiKeyCreateRequestSchema, ConsoleApiKeyCreateResponseSchema, ConsoleApiKeyRevokeResponseSchema, ConsoleApiKeySchema, ConsoleClearEventsResultSchema, ConsoleClientSchema, ConsoleCommitDetailSchema, ConsoleCommitListItemSchema, ConsoleCompactResultSchema, ConsoleEvictResultSchema, ConsoleHandlerSchema, ConsolePaginatedResponseSchema, ConsolePaginationQuerySchema, ConsolePruneEventsResultSchema, ConsolePrunePreviewSchema, ConsolePruneResultSchema, ConsoleRequestEventSchema, LatencyQuerySchema, LatencyStatsResponseSchema, SyncStatsSchema, TimeseriesQuerySchema, TimeseriesStatsResponseSchema, } from './schemas.js';
+import { ApiKeyTypeSchema, ConsoleApiKeyBulkRevokeRequestSchema, ConsoleApiKeyBulkRevokeResponseSchema, ConsoleApiKeyCreateRequestSchema, ConsoleApiKeyCreateResponseSchema, ConsoleApiKeyRevokeResponseSchema, ConsoleApiKeySchema, ConsoleClearEventsResultSchema, ConsoleClientSchema, ConsoleCommitDetailSchema, ConsoleCommitListItemSchema, ConsoleCompactResultSchema, ConsoleEvictResultSchema, ConsoleHandlerSchema, ConsoleOperationEventSchema, ConsoleOperationsQuerySchema, ConsolePaginatedResponseSchema, ConsolePaginationQuerySchema, ConsolePartitionedPaginationQuerySchema, ConsolePartitionQuerySchema, ConsolePruneEventsResultSchema, ConsolePrunePreviewSchema, ConsolePruneResultSchema, ConsoleRequestEventSchema, ConsoleRequestPayloadSchema, ConsoleTimelineItemSchema, ConsoleTimelineQuerySchema, LatencyQuerySchema, LatencyStatsResponseSchema, SyncStatsSchema, TimeseriesQuerySchema, TimeseriesStatsResponseSchema, } from './schemas.js';
 /**
  * Create a simple console event emitter for broadcasting live events.
  */
-export function createConsoleEventEmitter() {
+export function createConsoleEventEmitter(options) {
     const listeners = new Set();
+    const history = [];
+    const maxHistory = Math.max(1, options?.maxHistory ?? 500);
     return {
         addListener(listener) {
             listeners.add(listener);
@@ -34,6 +37,10 @@ export function createConsoleEventEmitter() {
             listeners.delete(listener);
         },
         emit(event) {
+            history.push(event);
+            if (history.length > maxHistory) {
+                history.splice(0, history.length - maxHistory);
+            }
             for (const listener of listeners) {
                 try {
                     listener(event);
@@ -43,6 +50,32 @@ export function createConsoleEventEmitter() {
                 }
             }
         },
+        replay(replayOptions) {
+            const sinceMs = replayOptions?.since
+                ? Date.parse(replayOptions.since)
+                : Number.NaN;
+            const hasSince = Number.isFinite(sinceMs);
+            const normalizedPartitionId = replayOptions?.partitionId?.trim();
+            const hasPartitionFilter = Boolean(normalizedPartitionId);
+            const filteredByTime = hasSince
+                ? history.filter((event) => {
+                    const eventMs = Date.parse(event.timestamp);
+                    return Number.isFinite(eventMs) && eventMs > sinceMs;
+                })
+                : history;
+            const filtered = hasPartitionFilter
+                ? filteredByTime.filter((event) => {
+                    const eventPartitionId = event.data.partitionId;
+                    return (typeof eventPartitionId === 'string' &&
+                        eventPartitionId === normalizedPartitionId);
+                })
+                : filteredByTime;
+            const normalizedLimit = replayOptions?.limit && replayOptions.limit > 0
+                ? Math.floor(replayOptions.limit)
+                : 100;
+            const limited = filtered.slice(-normalizedLimit);
+            return [...limited];
+        },
     };
 }
 function coerceNumber(value) {
@@ -64,6 +97,42 @@ function parseDate(value) {
     const parsed = Date.parse(value);
     return Number.isFinite(parsed) ? parsed : null;
 }
+function includesSearchTerm(value, searchTerm) {
+    if (!searchTerm)
+        return true;
+    if (!value)
+        return false;
+    return value.toLowerCase().includes(searchTerm);
+}
+function parseJsonValue(value) {
+    if (value === null || value === undefined)
+        return null;
+    if (typeof value !== 'string')
+        return value;
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return value;
+    }
+}
+function parseScopesSummary(value) {
+    const parsed = parseJsonValue(value);
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+        return null;
+    }
+    const summary = {};
+    for (const [key, entry] of Object.entries(parsed)) {
+        if (typeof entry === 'string') {
+            summary[key] = entry;
+            continue;
+        }
+        if (!Array.isArray(entry))
+            continue;
+        summary[key] = entry.filter((value) => typeof value === 'string');
+    }
+    return Object.keys(summary).length > 0 ? summary : null;
+}
 function getClientActivityState(args) {
     if (args.connectionCount > 0) {
         return 'active';
@@ -81,6 +150,87 @@ function getClientActivityState(args) {
     }
     return 'stale';
 }
+function rangeToMs(range) {
+    if (range === '1h')
+        return 60 * 60 * 1000;
+    if (range === '6h')
+        return 6 * 60 * 60 * 1000;
+    if (range === '24h')
+        return 24 * 60 * 60 * 1000;
+    if (range === '7d')
+        return 7 * 24 * 60 * 60 * 1000;
+    return 30 * 24 * 60 * 60 * 1000;
+}
+function intervalToMs(interval) {
+    if (interval === 'minute')
+        return 60 * 1000;
+    if (interval === 'hour')
+        return 60 * 60 * 1000;
+    return 24 * 60 * 60 * 1000;
+}
+function intervalToSqliteBucketFormat(interval) {
+    if (interval === 'minute')
+        return '%Y-%m-%dT%H:%M:00.000Z';
+    if (interval === 'hour')
+        return '%Y-%m-%dT%H:00:00.000Z';
+    return '%Y-%m-%dT00:00:00.000Z';
+}
+function createEmptyTimeseriesAccumulator() {
+    return {
+        pushCount: 0,
+        pullCount: 0,
+        errorCount: 0,
+        totalLatency: 0,
+        eventCount: 0,
+    };
+}
+function createTimeseriesBucketMap(args) {
+    const map = new Map();
+    const bucketCount = Math.ceil(args.rangeMs / args.intervalMs);
+    for (let i = 0; i < bucketCount; i++) {
+        const bucketTimestamp = new Date(args.startTime.getTime() + i * args.intervalMs).toISOString();
+        map.set(bucketTimestamp, createEmptyTimeseriesAccumulator());
+    }
+    return map;
+}
+function normalizeBucketTimestamp(value) {
+    if (value instanceof Date) {
+        return value.toISOString();
+    }
+    if (typeof value !== 'string') {
+        return null;
+    }
+    const parsed = Date.parse(value);
+    if (!Number.isFinite(parsed))
+        return null;
+    return new Date(parsed).toISOString();
+}
+function finalizeTimeseriesBuckets(bucketMap) {
+    return Array.from(bucketMap.entries())
+        .sort(([a], [b]) => a.localeCompare(b))
+        .map(([timestamp, data]) => ({
+        timestamp,
+        pushCount: data.pushCount,
+        pullCount: data.pullCount,
+        errorCount: data.errorCount,
+        avgLatencyMs: data.eventCount > 0 ? data.totalLatency / data.eventCount : 0,
+    }));
+}
+function calculatePercentiles(latencies) {
+    if (latencies.length === 0) {
+        return { p50: 0, p90: 0, p99: 0 };
+    }
+    const sorted = [...latencies].sort((a, b) => a - b);
+    const getPercentile = (p) => {
+        const index = Math.ceil((p / 100) * sorted.length) - 1;
+        return sorted[Math.max(0, index)] ?? 0;
+    };
+    return {
+        p50: getPercentile(50),
+        p90: getPercentile(90),
+        p99: getPercentile(99),
+    };
+}
 // ============================================================================
 // Route Schemas
 // ============================================================================
@@ -92,14 +242,22 @@ const commitSeqParamSchema = z.object({ seq: z.coerce.number().int() });
 const clientIdParamSchema = z.object({ id: z.string().min(1) });
 const eventIdParamSchema = z.object({ id: z.coerce.number().int() });
 const apiKeyIdParamSchema = z.object({ id: z.string().min(1) });
-const eventsQuerySchema = ConsolePaginationQuerySchema.extend({
+const eventsQuerySchema = ConsolePartitionedPaginationQuerySchema.extend({
     eventType: z.enum(['push', 'pull']).optional(),
     actorId: z.string().optional(),
     clientId: z.string().optional(),
+    requestId: z.string().optional(),
+    traceId: z.string().optional(),
     outcome: z.string().optional(),
 });
+const commitDetailQuerySchema = ConsolePartitionQuerySchema;
+const eventDetailQuerySchema = ConsolePartitionQuerySchema;
+const evictClientQuerySchema = ConsolePartitionQuerySchema;
+const apiKeyStatusSchema = z.enum(['active', 'revoked', 'expiring']);
 const apiKeysQuerySchema = ConsolePaginationQuerySchema.extend({
     type: ApiKeyTypeSchema.optional(),
+    status: apiKeyStatusSchema.optional(),
+    expiresWithinDays: z.coerce.number().int().min(1).max(365).optional(),
 });
 const handlersResponseSchema = z.object({
     items: z.array(ConsoleHandlerSchema),
@@ -107,6 +265,8 @@ const handlersResponseSchema = z.object({
 export function createConsoleRoutes(options) {
     const routes = new Hono();
     const db = options.db;
+    const metricsAggregationMode = options.metrics?.aggregationMode ?? 'auto';
+    const rawFallbackMaxEvents = Math.max(1, options.metrics?.rawFallbackMaxEvents ?? 5000);
     // Ensure console schema exists (creates sync_request_events table if needed)
     // Run asynchronously - will be ready before first request typically
     options.dialect.ensureConsoleSchema?.(options.db).catch((err) => {
@@ -132,6 +292,118 @@ export function createConsoleRoutes(options) {
         }
         return auth;
     };
+    const requestEventSelectColumns = [
+        'event_id',
+        'partition_id',
+        'request_id',
+        'trace_id',
+        'span_id',
+        'event_type',
+        'sync_path',
+        'transport_path',
+        'actor_id',
+        'client_id',
+        'status_code',
+        'outcome',
+        'response_status',
+        'error_code',
+        'duration_ms',
+        'commit_seq',
+        'operation_count',
+        'row_count',
+        'subscription_count',
+        'scopes_summary',
+        'tables',
+        'error_message',
+        'payload_ref',
+        'created_at',
+    ];
+    const mapRequestEvent = (row) => ({
+        eventId: coerceNumber(row.event_id) ?? 0,
+        partitionId: row.partition_id ?? 'default',
+        requestId: row.request_id ?? '',
+        traceId: row.trace_id ?? null,
+        spanId: row.span_id ?? null,
+        eventType: row.event_type === 'push' ? 'push' : 'pull',
+        syncPath: row.sync_path === 'ws-push' ? 'ws-push' : 'http-combined',
+        transportPath: row.transport_path === 'relay' ? 'relay' : 'direct',
+        actorId: row.actor_id ?? '',
+        clientId: row.client_id ?? '',
+        statusCode: coerceNumber(row.status_code) ?? 0,
+        outcome: row.outcome ?? '',
+        responseStatus: row.response_status ?? 'unknown',
+        errorCode: row.error_code ?? null,
+        durationMs: coerceNumber(row.duration_ms) ?? 0,
+        commitSeq: coerceNumber(row.commit_seq),
+        operationCount: coerceNumber(row.operation_count),
+        rowCount: coerceNumber(row.row_count),
+        subscriptionCount: coerceNumber(row.subscription_count),
+        scopesSummary: parseScopesSummary(row.scopes_summary),
+        tables: options.dialect.dbToArray(row.tables),
+        errorMessage: row.error_message ?? null,
+        payloadRef: row.payload_ref ?? null,
+        createdAt: row.created_at ?? '',
+    });
+    const operationEventSelectColumns = [
+        'operation_id',
+        'operation_type',
+        'console_user_id',
+        'partition_id',
+        'target_client_id',
+        'request_payload',
+        'result_payload',
+        'created_at',
+    ];
+    const mapOperationEvent = (row) => ({
+        operationId: coerceNumber(row.operation_id) ?? 0,
+        operationType: row.operation_type === 'prune' ||
+            row.operation_type === 'compact' ||
+            row.operation_type === 'notify_data_change' ||
+            row.operation_type === 'evict_client'
+            ? row.operation_type
+            : 'prune',
+        consoleUserId: row.console_user_id ?? null,
+        partitionId: row.partition_id ?? null,
+        targetClientId: row.target_client_id ?? null,
+        requestPayload: parseJsonValue(row.request_payload),
+        resultPayload: parseJsonValue(row.result_payload),
+        createdAt: row.created_at ?? '',
+    });
+    const recordOperationEvent = async (event) => {
+        await db
+            .insertInto('sync_operation_events')
+            .values({
+            operation_type: event.operationType,
+            console_user_id: event.consoleUserId ?? null,
+            partition_id: event.partitionId ?? null,
+            target_client_id: event.targetClientId ?? null,
+            request_payload: event.requestPayload === undefined
+                ? null
+                : JSON.stringify(event.requestPayload),
+            result_payload: event.resultPayload === undefined
+                ? null
+                : JSON.stringify(event.resultPayload),
+        })
+            .execute();
+    };
+    const shouldUseRawMetrics = async (startIso, partitionId) => {
+        if (metricsAggregationMode === 'raw') {
+            return true;
+        }
+        if (metricsAggregationMode === 'aggregated') {
+            return false;
+        }
+        let countQuery = db
+            .selectFrom('sync_request_events')
+            .select(({ fn }) => fn.countAll().as('total'))
+            .where('created_at', '>=', startIso);
+        if (partitionId) {
+            countQuery = countQuery.where('partition_id', '=', partitionId);
+        }
+        const countRow = await countQuery.executeTakeFirst();
+        const total = coerceNumber(countRow?.total) ?? 0;
+        return total <= rawFallbackMaxEvents;
+    };
     // -------------------------------------------------------------------------
     // GET /stats
     // -------------------------------------------------------------------------
@@ -152,11 +424,14 @@ export function createConsoleRoutes(options) {
                 },
             },
         },
-    }), async (c) => {
+    }), zValidator('query', ConsolePartitionQuerySchema), async (c) => {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
-        const stats = await readSyncStats(options.db);
+        const { partitionId } = c.req.valid('query');
+        const stats = await readSyncStats(options.db, {
+            partitionId,
+        });
         logSyncEvent({
             event: 'console.stats',
             consoleUserId: auth.consoleUserId,
@@ -189,84 +464,134 @@ export function createConsoleRoutes(options) {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
-        const { interval, range } = c.req.valid('query');
-        // Calculate the time range
-        const rangeMs = {
-            '1h': 60 * 60 * 1000,
-            '6h': 6 * 60 * 60 * 1000,
-            '24h': 24 * 60 * 60 * 1000,
-            '7d': 7 * 24 * 60 * 60 * 1000,
-            '30d': 30 * 24 * 60 * 60 * 1000,
-        }[range];
+        const { interval, range, partitionId } = c.req.valid('query');
+        const rangeMs = rangeToMs(range);
         const startTime = new Date(Date.now() - rangeMs);
-        // Get interval in milliseconds for bucket size
-        const intervalMs = {
-            minute: 60 * 1000,
-            hour: 60 * 60 * 1000,
-            day: 24 * 60 * 60 * 1000,
-        }[interval];
-        // Query events within the time range
-        const events = await db
-            .selectFrom('sync_request_events')
-            .select(['event_type', 'duration_ms', 'outcome', 'created_at'])
-            .where('created_at', '>=', startTime.toISOString())
-            .orderBy('created_at', 'asc')
-            .execute();
-        // Build buckets
-        const bucketMap = new Map();
-        // Initialize buckets for the entire range
-        const bucketCount = Math.ceil(rangeMs / intervalMs);
-        for (let i = 0; i < bucketCount; i++) {
-            const bucketTime = new Date(startTime.getTime() + i * intervalMs).toISOString();
-            bucketMap.set(bucketTime, {
-                pushCount: 0,
-                pullCount: 0,
-                errorCount: 0,
-                totalLatency: 0,
-                eventCount: 0,
-            });
-        }
-        // Populate buckets with event data
-        for (const event of events) {
-            const eventTime = new Date(event.created_at).getTime();
-            const bucketIndex = Math.floor((eventTime - startTime.getTime()) / intervalMs);
-            const bucketTime = new Date(startTime.getTime() + bucketIndex * intervalMs).toISOString();
-            let bucket = bucketMap.get(bucketTime);
-            if (!bucket) {
-                bucket = {
-                    pushCount: 0,
-                    pullCount: 0,
-                    errorCount: 0,
-                    totalLatency: 0,
-                    eventCount: 0,
-                };
-                bucketMap.set(bucketTime, bucket);
-            }
-            if (event.event_type === 'push') {
-                bucket.pushCount++;
+        const startIso = startTime.toISOString();
+        const intervalMs = intervalToMs(interval);
+        const bucketMap = createTimeseriesBucketMap({
+            startTime,
+            rangeMs,
+            intervalMs,
+        });
+        const useRawMetrics = await shouldUseRawMetrics(startIso, partitionId);
+        if (useRawMetrics) {
+            let eventsQuery = db
+                .selectFrom('sync_request_events')
+                .select(['event_type', 'duration_ms', 'outcome', 'created_at'])
+                .where('created_at', '>=', startIso);
+            if (partitionId) {
+                eventsQuery = eventsQuery.where('partition_id', '=', partitionId);
             }
-            else if (event.event_type === 'pull') {
-                bucket.pullCount++;
+            const events = await eventsQuery.orderBy('created_at', 'asc').execute();
+            for (const event of events) {
+                const eventTime = parseDate(event.created_at);
+                if (eventTime === null)
+                    continue;
+                const bucketIndex = Math.floor((eventTime - startTime.getTime()) / intervalMs);
+                const bucketTime = new Date(startTime.getTime() + bucketIndex * intervalMs).toISOString();
+                let bucket = bucketMap.get(bucketTime);
+                if (!bucket) {
+                    bucket = createEmptyTimeseriesAccumulator();
+                    bucketMap.set(bucketTime, bucket);
+                }
+                if (event.event_type === 'push') {
+                    bucket.pushCount++;
+                }
+                else if (event.event_type === 'pull') {
+                    bucket.pullCount++;
+                }
+                if (event.outcome === 'error') {
+                    bucket.errorCount++;
+                }
+                const durationMs = coerceNumber(event.duration_ms);
+                if (durationMs !== null) {
+                    bucket.totalLatency += durationMs;
+                    bucket.eventCount++;
+                }
             }
-            if (event.outcome === 'error') {
-                bucket.errorCount++;
+        }
+        else {
+            const partitionFilter = partitionId
+                ? sql `and partition_id = ${partitionId}`
+                : sql ``;
+            if (options.dialect.name === 'sqlite') {
+                const bucketFormat = intervalToSqliteBucketFormat(interval);
+                const rowsResult = await sql `
+            select
+              strftime(${bucketFormat}, created_at) as bucket,
+              sum(case when event_type = 'push' then 1 else 0 end) as push_count,
+              sum(case when event_type = 'pull' then 1 else 0 end) as pull_count,
+              sum(case when outcome = 'error' then 1 else 0 end) as error_count,
+              avg(duration_ms) as avg_latency_ms
+            from ${sql.table('sync_request_events')}
+            where created_at >= ${startIso}
+            ${partitionFilter}
+            group by 1
+            order by 1 asc
+          `.execute(options.db);
+                for (const row of rowsResult.rows) {
+                    const bucketTimestamp = normalizeBucketTimestamp(row.bucket);
+                    if (!bucketTimestamp)
+                        continue;
+                    let bucket = bucketMap.get(bucketTimestamp);
+                    if (!bucket) {
+                        bucket = createEmptyTimeseriesAccumulator();
+                        bucketMap.set(bucketTimestamp, bucket);
+                    }
+                    const pushCount = coerceNumber(row.push_count) ?? 0;
+                    const pullCount = coerceNumber(row.pull_count) ?? 0;
+                    const errorCount = coerceNumber(row.error_count) ?? 0;
+                    const avgLatencyMs = coerceNumber(row.avg_latency_ms);
+                    const rowEventCount = pushCount + pullCount;
+                    bucket.pushCount += pushCount;
+                    bucket.pullCount += pullCount;
+                    bucket.errorCount += errorCount;
+                    if (avgLatencyMs !== null && rowEventCount > 0) {
+                        bucket.totalLatency += avgLatencyMs * rowEventCount;
+                        bucket.eventCount += rowEventCount;
+                    }
+                }
             }
-            const durationMs = coerceNumber(event.duration_ms);
-            if (durationMs !== null) {
-                bucket.totalLatency += durationMs;
-                bucket.eventCount++;
+            else {
+                const rowsResult = await sql `
+            select
+              date_trunc(${interval}, created_at::timestamptz) as bucket,
+              count(*) filter (where event_type = 'push') as push_count,
+              count(*) filter (where event_type = 'pull') as pull_count,
+              count(*) filter (where outcome = 'error') as error_count,
+              avg(duration_ms) as avg_latency_ms
+            from ${sql.table('sync_request_events')}
+            where created_at >= ${startIso}
+            ${partitionFilter}
+            group by 1
+            order by 1 asc
+          `.execute(options.db);
+                for (const row of rowsResult.rows) {
+                    const bucketTimestamp = normalizeBucketTimestamp(row.bucket);
+                    if (!bucketTimestamp)
+                        continue;
+                    let bucket = bucketMap.get(bucketTimestamp);
+                    if (!bucket) {
+                        bucket = createEmptyTimeseriesAccumulator();
+                        bucketMap.set(bucketTimestamp, bucket);
+                    }
+                    const pushCount = coerceNumber(row.push_count) ?? 0;
+                    const pullCount = coerceNumber(row.pull_count) ?? 0;
+                    const errorCount = coerceNumber(row.error_count) ?? 0;
+                    const avgLatencyMs = coerceNumber(row.avg_latency_ms);
+                    const rowEventCount = pushCount + pullCount;
+                    bucket.pushCount += pushCount;
+                    bucket.pullCount += pullCount;
+                    bucket.errorCount += errorCount;
+                    if (avgLatencyMs !== null && rowEventCount > 0) {
+                        bucket.totalLatency += avgLatencyMs * rowEventCount;
+                        bucket.eventCount += rowEventCount;
+                    }
+                }
             }
         }
-        // Convert to array and calculate averages
-        const buckets = Array.from(bucketMap.entries())
-            .sort(([a], [b]) => a.localeCompare(b))
-            .map(([timestamp, data]) => ({
-            timestamp,
-            pushCount: data.pushCount,
-            pullCount: data.pullCount,
-            errorCount: data.errorCount,
-            avgLatencyMs: data.eventCount > 0 ? data.totalLatency / data.eventCount : 0,
-        }));
+        const buckets = finalizeTimeseriesBuckets(bucketMap);
         const response = {
             buckets,
             interval,
@@ -300,22 +625,51 @@ export function createConsoleRoutes(options) {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
-        const { range } = c.req.valid('query');
-        // Calculate the time range
-        const rangeMs = {
-            '1h': 60 * 60 * 1000,
-            '6h': 6 * 60 * 60 * 1000,
-            '24h': 24 * 60 * 60 * 1000,
-            '7d': 7 * 24 * 60 * 60 * 1000,
-            '30d': 30 * 24 * 60 * 60 * 1000,
-        }[range];
+        const { range, partitionId } = c.req.valid('query');
+        const rangeMs = rangeToMs(range);
         const startTime = new Date(Date.now() - rangeMs);
-        // Get all latencies for push and pull events
-        const events = await db
+        const startIso = startTime.toISOString();
+        const useRawMetrics = await shouldUseRawMetrics(startIso, partitionId);
+        if (!useRawMetrics && options.dialect.name !== 'sqlite') {
+            const partitionFilter = partitionId
+                ? sql `and partition_id = ${partitionId}`
+                : sql ``;
+            const rowsResult = await sql `
+          select
+            event_type,
+            percentile_disc(0.5) within group (order by duration_ms) as p50,
+            percentile_disc(0.9) within group (order by duration_ms) as p90,
+            percentile_disc(0.99) within group (order by duration_ms) as p99
+          from ${sql.table('sync_request_events')}
+          where created_at >= ${startIso}
+          ${partitionFilter}
+          group by event_type
+        `.execute(options.db);
+            const push = { p50: 0, p90: 0, p99: 0 };
+            const pull = { p50: 0, p90: 0, p99: 0 };
+            for (const row of rowsResult.rows) {
+                const eventType = row.event_type === 'push' ? 'push' : 'pull';
+                const target = eventType === 'push' ? push : pull;
+                target.p50 = coerceNumber(row.p50) ?? 0;
+                target.p90 = coerceNumber(row.p90) ?? 0;
+                target.p99 = coerceNumber(row.p99) ?? 0;
+            }
+            const aggregatedResponse = {
+                push,
+                pull,
+                range,
+            };
+            return c.json(aggregatedResponse, 200);
+        }
+        // Raw fallback path (default for local/dev and SQLite)
+        let eventsQuery = db
             .selectFrom('sync_request_events')
             .select(['event_type', 'duration_ms'])
-            .where('created_at', '>=', startTime.toISOString())
-            .execute();
+            .where('created_at', '>=', startIso);
+        if (partitionId) {
+            eventsQuery = eventsQuery.where('partition_id', '=', partitionId);
+        }
+        const events = await eventsQuery.execute();
         const pushLatencies = [];
         const pullLatencies = [];
         for (const event of events) {
@@ -329,22 +683,6 @@ export function createConsoleRoutes(options) {
                 }
             }
         }
-        // Calculate percentiles
-        const calculatePercentiles = (latencies) => {
-            if (latencies.length === 0) {
-                return { p50: 0, p90: 0, p99: 0 };
-            }
-            const sorted = [...latencies].sort((a, b) => a - b);
-            const getPercentile = (p) => {
-                const index = Math.ceil((p / 100) * sorted.length) - 1;
-                return sorted[Math.max(0, index)] ?? 0;
-            };
-            return {
-                p50: getPercentile(50),
-                p90: getPercentile(90),
-                p99: getPercentile(99),
-            };
-        };
         const response = {
             push: calculatePercentiles(pushLatencies),
             pull: calculatePercentiles(pullLatencies),
@@ -353,17 +691,17 @@ export function createConsoleRoutes(options) {
         return c.json(response, 200);
     });
     // -------------------------------------------------------------------------
-    // GET /commits
+    // GET /timeline
     // -------------------------------------------------------------------------
-    routes.get('/commits', describeRoute({
+    routes.get('/timeline', describeRoute({
         tags: ['console'],
-        summary: 'List commits',
+        summary: 'List timeline items',
         responses: {
             200: {
-                description: 'Paginated commit list',
+                description: 'Paginated merged timeline',
                 content: {
                     'application/json': {
-                        schema: resolver(ConsolePaginatedResponseSchema(ConsoleCommitListItemSchema)),
+                        schema: resolver(ConsolePaginatedResponseSchema(ConsoleTimelineItemSchema)),
                     },
                 },
             },
@@ -374,13 +712,20 @@ export function createConsoleRoutes(options) {
                 },
             },
         },
-    }), zValidator('query', ConsolePaginationQuerySchema), async (c) => {
+    }), zValidator('query', ConsoleTimelineQuerySchema), async (c) => {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
-        const { limit, offset } = c.req.valid('query');
-        const [rows, countRow] = await Promise.all([
-            db
+        const { limit, offset, view, partitionId, eventType, actorId, clientId, requestId, traceId, table, outcome, search, from, to, } = c.req.valid('query');
+        const items = [];
+        const normalizedSearchTerm = search?.trim().toLowerCase() || null;
+        const normalizedTable = table?.trim() || null;
+        if (view !== 'events' &&
+            !eventType &&
+            !outcome &&
+            !requestId &&
+            !traceId) {
+            let commitsQuery = db
                 .selectFrom('sync_commits')
                 .select([
                 'commit_seq',
@@ -390,15 +735,190 @@ export function createConsoleRoutes(options) {
                 'created_at',
                 'change_count',
                 'affected_tables',
-            ])
+            ]);
+            if (partitionId) {
+                commitsQuery = commitsQuery.where('partition_id', '=', partitionId);
+            }
+            if (actorId) {
+                commitsQuery = commitsQuery.where('actor_id', '=', actorId);
+            }
+            if (clientId) {
+                commitsQuery = commitsQuery.where('client_id', '=', clientId);
+            }
+            if (from) {
+                commitsQuery = commitsQuery.where('created_at', '>=', from);
+            }
+            if (to) {
+                commitsQuery = commitsQuery.where('created_at', '<=', to);
+            }
+            const commitRows = await commitsQuery.execute();
+            for (const row of commitRows) {
+                const commit = {
+                    commitSeq: coerceNumber(row.commit_seq) ?? 0,
+                    actorId: row.actor_id ?? '',
+                    clientId: row.client_id ?? '',
+                    clientCommitId: row.client_commit_id ?? '',
+                    createdAt: row.created_at ?? '',
+                    changeCount: coerceNumber(row.change_count) ?? 0,
+                    affectedTables: options.dialect.dbToArray(row.affected_tables),
+                };
+                items.push({
+                    type: 'commit',
+                    timestamp: commit.createdAt,
+                    commit,
+                    event: null,
+                });
+            }
+        }
+        if (view !== 'commits') {
+            let eventsQuery = db
+                .selectFrom('sync_request_events')
+                .select(requestEventSelectColumns);
+            if (partitionId) {
+                eventsQuery = eventsQuery.where('partition_id', '=', partitionId);
+            }
+            if (eventType) {
+                eventsQuery = eventsQuery.where('event_type', '=', eventType);
+            }
+            if (actorId) {
+                eventsQuery = eventsQuery.where('actor_id', '=', actorId);
+            }
+            if (clientId) {
+                eventsQuery = eventsQuery.where('client_id', '=', clientId);
+            }
+            if (requestId) {
+                eventsQuery = eventsQuery.where('request_id', '=', requestId);
+            }
+            if (traceId) {
+                eventsQuery = eventsQuery.where('trace_id', '=', traceId);
+            }
+            if (outcome) {
+                eventsQuery = eventsQuery.where('outcome', '=', outcome);
+            }
+            if (from) {
+                eventsQuery = eventsQuery.where('created_at', '>=', from);
+            }
+            if (to) {
+                eventsQuery = eventsQuery.where('created_at', '<=', to);
+            }
+            const eventRows = await eventsQuery.execute();
+            for (const row of eventRows) {
+                const event = mapRequestEvent(row);
+                items.push({
+                    type: 'event',
+                    timestamp: event.createdAt,
+                    commit: null,
+                    event,
+                });
+            }
+        }
+        const filteredItems = items.filter((item) => {
+            if (item.type === 'commit') {
+                const commit = item.commit;
+                if (!commit)
+                    return false;
+                if (normalizedTable &&
+                    !(commit.affectedTables ?? []).includes(normalizedTable)) {
+                    return false;
+                }
+                if (!normalizedSearchTerm)
+                    return true;
+                const searchableCommitFields = [
+                    String(commit.commitSeq),
+                    commit.actorId,
+                    commit.clientId,
+                    commit.clientCommitId,
+                    ...(commit.affectedTables ?? []),
+                ];
+                return searchableCommitFields.some((field) => includesSearchTerm(field, normalizedSearchTerm));
+            }
+            const event = item.event;
+            if (!event)
+                return false;
+            if (normalizedTable &&
+                !(event.tables ?? []).includes(normalizedTable)) {
+                return false;
+            }
+            if (!normalizedSearchTerm)
+                return true;
+            const searchableEventFields = [
+                String(event.eventId),
+                event.requestId,
+                event.traceId ?? '',
+                event.actorId,
+                event.clientId,
+                event.outcome,
+                event.responseStatus,
+                event.errorCode ?? '',
+                event.errorMessage ?? '',
+                ...(event.tables ?? []),
+            ];
+            return searchableEventFields.some((field) => includesSearchTerm(field, normalizedSearchTerm));
+        });
+        filteredItems.sort((a, b) => (parseDate(b.timestamp) ?? 0) - (parseDate(a.timestamp) ?? 0));
+        const total = filteredItems.length;
+        const pagedItems = filteredItems.slice(offset, offset + limit);
+        const response = {
+            items: pagedItems,
+            total,
+            offset,
+            limit,
+        };
+        c.header('X-Total-Count', String(total));
+        return c.json(response, 200);
+    });
+    // -------------------------------------------------------------------------
+    // GET /commits
+    // -------------------------------------------------------------------------
+    routes.get('/commits', describeRoute({
+        tags: ['console'],
+        summary: 'List commits',
+        responses: {
+            200: {
+                description: 'Paginated commit list',
+                content: {
+                    'application/json': {
+                        schema: resolver(ConsolePaginatedResponseSchema(ConsoleCommitListItemSchema)),
+                    },
+                },
+            },
+            401: {
+                description: 'Unauthenticated',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+        },
+    }), zValidator('query', ConsolePartitionedPaginationQuerySchema), async (c) => {
+        const auth = await requireAuth(c);
+        if (!auth)
+            return c.json({ error: 'UNAUTHENTICATED' }, 401);
+        const { limit, offset, partitionId } = c.req.valid('query');
+        let query = db
+            .selectFrom('sync_commits')
+            .select([
+            'commit_seq',
+            'actor_id',
+            'client_id',
+            'client_commit_id',
+            'created_at',
+            'change_count',
+            'affected_tables',
+        ]);
+        let countQuery = db
+            .selectFrom('sync_commits')
+            .select(({ fn }) => fn.countAll().as('total'));
+        if (partitionId) {
+            query = query.where('partition_id', '=', partitionId);
+            countQuery = countQuery.where('partition_id', '=', partitionId);
+        }
+        const [rows, countRow] = await Promise.all([
+            query
                 .orderBy('commit_seq', 'desc')
                 .limit(limit)
                 .offset(offset)
                 .execute(),
-            db
-                .selectFrom('sync_commits')
-                .select(({ fn }) => fn.countAll().as('total'))
-                .executeTakeFirst(),
+            countQuery.executeTakeFirst(),
         ]);
         const items = rows.map((row) => ({
             commitSeq: coerceNumber(row.commit_seq) ?? 0,
@@ -451,12 +971,13 @@ export function createConsoleRoutes(options) {
                 },
             },
         },
-    }), zValidator('param', commitSeqParamSchema), async (c) => {
+    }), zValidator('param', commitSeqParamSchema), zValidator('query', commitDetailQuerySchema), async (c) => {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
         const { seq } = c.req.valid('param');
-        const commitRow = await db
+        const { partitionId } = c.req.valid('query');
+        let commitQuery = db
             .selectFrom('sync_commits')
             .select([
             'commit_seq',
@@ -467,12 +988,15 @@ export function createConsoleRoutes(options) {
             'change_count',
             'affected_tables',
         ])
-            .where('commit_seq', '=', seq)
-            .executeTakeFirst();
+            .where('commit_seq', '=', seq);
+        if (partitionId) {
+            commitQuery = commitQuery.where('partition_id', '=', partitionId);
+        }
+        const commitRow = await commitQuery.executeTakeFirst();
         if (!commitRow) {
             return c.json({ error: 'NOT_FOUND' }, 404);
         }
-        const changeRows = await db
+        let changesQuery = db
             .selectFrom('sync_changes')
             .select([
             'change_id',
@@ -483,7 +1007,11 @@ export function createConsoleRoutes(options) {
             'row_version',
             'scopes',
         ])
-            .where('commit_seq', '=', seq)
+            .where('commit_seq', '=', seq);
+        if (partitionId) {
+            changesQuery = changesQuery.where('partition_id', '=', partitionId);
+        }
+        const changeRows = await changesQuery
             .orderBy('change_id', 'asc')
             .execute();
         const changes = changeRows.map((row) => ({
@@ -544,33 +1072,39 @@ export function createConsoleRoutes(options) {
                 },
             },
         },
-    }), zValidator('query', ConsolePaginationQuerySchema), async (c) => {
+    }), zValidator('query', ConsolePartitionedPaginationQuerySchema), async (c) => {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
-        const { limit, offset } = c.req.valid('query');
+        const { limit, offset, partitionId } = c.req.valid('query');
+        let clientsQuery = db
+            .selectFrom('sync_client_cursors')
+            .select([
+            'client_id',
+            'actor_id',
+            'cursor',
+            'effective_scopes',
+            'updated_at',
+        ]);
+        let countQuery = db
+            .selectFrom('sync_client_cursors')
+            .select(({ fn }) => fn.countAll().as('total'));
+        let maxCommitSeqQuery = db
+            .selectFrom('sync_commits')
+            .select(({ fn }) => fn.max('commit_seq').as('max_commit_seq'));
+        if (partitionId) {
+            clientsQuery = clientsQuery.where('partition_id', '=', partitionId);
+            countQuery = countQuery.where('partition_id', '=', partitionId);
+            maxCommitSeqQuery = maxCommitSeqQuery.where('partition_id', '=', partitionId);
+        }
         const [rows, countRow, maxCommitSeqRow] = await Promise.all([
-            db
-                .selectFrom('sync_client_cursors')
-                .select([
-                'client_id',
-                'actor_id',
-                'cursor',
-                'effective_scopes',
-                'updated_at',
-            ])
+            clientsQuery
                 .orderBy('updated_at', 'desc')
                 .limit(limit)
                 .offset(offset)
                 .execute(),
-            db
-                .selectFrom('sync_client_cursors')
-                .select(({ fn }) => fn.countAll().as('total'))
-                .executeTakeFirst(),
-            db
-                .selectFrom('sync_commits')
-                .select(({ fn }) => fn.max('commit_seq').as('max_commit_seq'))
-                .executeTakeFirst(),
+            countQuery.executeTakeFirst(),
+            maxCommitSeqQuery.executeTakeFirst(),
         ]);
         const maxCommitSeq = coerceNumber(maxCommitSeqRow?.max_commit_seq) ?? 0;
         const pagedClientIds = rows
@@ -578,7 +1112,7 @@ export function createConsoleRoutes(options) {
             .filter((clientId) => typeof clientId === 'string');
         const latestEventsByClientId = new Map();
         if (pagedClientIds.length > 0) {
-            const recentEventRows = await db
+            let recentEventsQuery = db
                 .selectFrom('sync_request_events')
                 .select([
                 'client_id',
@@ -587,7 +1121,11 @@ export function createConsoleRoutes(options) {
                 'created_at',
                 'transport_path',
             ])
-                .where('client_id', 'in', pagedClientIds)
+                .where('client_id', 'in', pagedClientIds);
+            if (partitionId) {
+                recentEventsQuery = recentEventsQuery.where('partition_id', '=', partitionId);
+            }
+            const recentEventRows = await recentEventsQuery
                 .orderBy('created_at', 'desc')
                 .execute();
             for (const row of recentEventRows) {
@@ -674,6 +1212,66 @@ export function createConsoleRoutes(options) {
         return c.json({ items }, 200);
     });
     // -------------------------------------------------------------------------
+    // GET /operations - Operation audit log
+    // -------------------------------------------------------------------------
+    routes.get('/operations', describeRoute({
+        tags: ['console'],
+        summary: 'List operation audit events',
+        responses: {
+            200: {
+                description: 'Paginated operation events',
+                content: {
+                    'application/json': {
+                        schema: resolver(ConsolePaginatedResponseSchema(ConsoleOperationEventSchema)),
+                    },
+                },
+            },
+            401: {
+                description: 'Unauthenticated',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+        },
+    }), zValidator('query', ConsoleOperationsQuerySchema), async (c) => {
+        const auth = await requireAuth(c);
+        if (!auth)
+            return c.json({ error: 'UNAUTHENTICATED' }, 401);
+        const { limit, offset, operationType, partitionId } = c.req.valid('query');
+        let query = db
+            .selectFrom('sync_operation_events')
+            .select(operationEventSelectColumns);
+        let countQuery = db
+            .selectFrom('sync_operation_events')
+            .select(({ fn }) => fn.countAll().as('total'));
+        if (operationType) {
+            query = query.where('operation_type', '=', operationType);
+            countQuery = countQuery.where('operation_type', '=', operationType);
+        }
+        if (partitionId) {
+            query = query.where('partition_id', '=', partitionId);
+            countQuery = countQuery.where('partition_id', '=', partitionId);
+        }
+        const [rows, countRow] = await Promise.all([
+            query
+                .orderBy('created_at', 'desc')
+                .limit(limit)
+                .offset(offset)
+                .execute(),
+            countQuery.executeTakeFirst(),
+        ]);
+        const items = rows.map((row) => mapOperationEvent(row));
+        const total = coerceNumber(countRow?.total) ?? 0;
+        const response = {
+            items,
+            total,
+            offset,
+            limit,
+        };
+        c.header('X-Total-Count', String(total));
+        return c.json(response, 200);
+    });
+    // -------------------------------------------------------------------------
     // POST /prune/preview
     // -------------------------------------------------------------------------
     routes.post('/prune/preview', describeRoute({
@@ -746,6 +1344,15 @@ export function createConsoleRoutes(options) {
             deletedCommits,
             watermarkCommitSeq,
         });
+        await recordOperationEvent({
+            operationType: 'prune',
+            consoleUserId: auth.consoleUserId,
+            requestPayload: {
+                watermarkCommitSeq,
+                keepNewestCommits: options.prune?.keepNewestCommits ?? null,
+            },
+            resultPayload: { deletedCommits, watermarkCommitSeq },
+        });
         const result = { deletedCommits };
         return c.json(result, 200);
     });
@@ -786,6 +1393,12 @@ export function createConsoleRoutes(options) {
             deletedChanges,
             fullHistoryHours,
         });
+        await recordOperationEvent({
+            operationType: 'compact',
+            consoleUserId: auth.consoleUserId,
+            requestPayload: { fullHistoryHours },
+            resultPayload: { deletedChanges },
+        });
         const result = { deletedChanges };
         return c.json(result, 200);
     });
@@ -846,6 +1459,16 @@ export function createConsoleRoutes(options) {
             commitSeq: result.commitSeq,
             deletedChunks: result.deletedChunks,
         });
+        await recordOperationEvent({
+            operationType: 'notify_data_change',
+            consoleUserId: auth.consoleUserId,
+            partitionId: body.partitionId ?? null,
+            requestPayload: {
+                tables: body.tables,
+                partitionId: body.partitionId ?? null,
+            },
+            resultPayload: result,
+        });
         // Wake all WS clients so they pull immediately
         if (options.wsConnectionManager) {
             options.wsConnectionManager.notifyAllClients(result.commitSeq);
@@ -878,15 +1501,19 @@ export function createConsoleRoutes(options) {
                 },
             },
         },
-    }), zValidator('param', clientIdParamSchema), async (c) => {
+    }), zValidator('param', clientIdParamSchema), zValidator('query', evictClientQuerySchema), async (c) => {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
         const { id: clientId } = c.req.valid('param');
-        const res = await db
+        const { partitionId } = c.req.valid('query');
+        let deleteQuery = db
             .deleteFrom('sync_client_cursors')
-            .where('client_id', '=', clientId)
-            .executeTakeFirst();
+            .where('client_id', '=', clientId);
+        if (partitionId) {
+            deleteQuery = deleteQuery.where('partition_id', '=', partitionId);
+        }
+        const res = await deleteQuery.executeTakeFirst();
         const evicted = Number(res?.numDeletedRows ?? 0) > 0;
         logSyncEvent({
             event: 'console.evict_client',
@@ -894,6 +1521,14 @@ export function createConsoleRoutes(options) {
             clientId,
             evicted,
         });
+        await recordOperationEvent({
+            operationType: 'evict_client',
+            consoleUserId: auth.consoleUserId,
+            partitionId: partitionId ?? null,
+            targetClientId: clientId,
+            requestPayload: { clientId, partitionId: partitionId ?? null },
+            resultPayload: { evicted },
+        });
         const result = { evicted };
         return c.json(result, 200);
     });
@@ -923,28 +1558,17 @@ export function createConsoleRoutes(options) {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
-        const { limit, offset, eventType, actorId, clientId, outcome } = c.req.valid('query');
+        const { limit, offset, partitionId, eventType, actorId, clientId, requestId, traceId, outcome, } = c.req.valid('query');
         let query = db
             .selectFrom('sync_request_events')
-            .select([
-            'event_id',
-            'event_type',
-            'transport_path',
-            'actor_id',
-            'client_id',
-            'status_code',
-            'outcome',
-            'duration_ms',
-            'commit_seq',
-            'operation_count',
-            'row_count',
-            'tables',
-            'error_message',
-            'created_at',
-        ]);
+            .select(requestEventSelectColumns);
         let countQuery = db
             .selectFrom('sync_request_events')
             .select(({ fn }) => fn.countAll().as('total'));
+        if (partitionId) {
+            query = query.where('partition_id', '=', partitionId);
+            countQuery = countQuery.where('partition_id', '=', partitionId);
+        }
         if (eventType) {
             query = query.where('event_type', '=', eventType);
             countQuery = countQuery.where('event_type', '=', eventType);
@@ -957,6 +1581,14 @@ export function createConsoleRoutes(options) {
             query = query.where('client_id', '=', clientId);
             countQuery = countQuery.where('client_id', '=', clientId);
         }
+        if (requestId) {
+            query = query.where('request_id', '=', requestId);
+            countQuery = countQuery.where('request_id', '=', requestId);
+        }
+        if (traceId) {
+            query = query.where('trace_id', '=', traceId);
+            countQuery = countQuery.where('trace_id', '=', traceId);
+        }
         if (outcome) {
             query = query.where('outcome', '=', outcome);
             countQuery = countQuery.where('outcome', '=', outcome);
@@ -969,22 +1601,7 @@ export function createConsoleRoutes(options) {
                 .execute(),
             countQuery.executeTakeFirst(),
         ]);
-        const items = rows.map((row) => ({
-            eventId: coerceNumber(row.event_id) ?? 0,
-            eventType: row.event_type,
-            transportPath: row.transport_path === 'relay' ? 'relay' : 'direct',
-            actorId: row.actor_id ?? '',
-            clientId: row.client_id ?? '',
-            statusCode: coerceNumber(row.status_code) ?? 0,
-            outcome: row.outcome ?? '',
-            durationMs: coerceNumber(row.duration_ms) ?? 0,
-            commitSeq: coerceNumber(row.commit_seq),
-            operationCount: coerceNumber(row.operation_count),
-            rowCount: coerceNumber(row.row_count),
-            tables: options.dialect.dbToArray(row.tables),
-            errorMessage: row.error_message ?? null,
-            createdAt: row.created_at ?? '',
-        }));
+        const items = rows.map((row) => mapRequestEvent(row));
         const total = coerceNumber(countRow?.total) ?? 0;
         const response = {
             items,
@@ -1010,6 +1627,15 @@ export function createConsoleRoutes(options) {
             // Auth check via query param (WebSocket doesn't support headers easily)
             const token = c.req.query('token');
             const authHeader = c.req.header('Authorization');
+            const partitionId = c.req.query('partitionId')?.trim() || undefined;
+            const replaySince = c.req.query('since');
+            const replayLimitRaw = c.req.query('replayLimit');
+            const replayLimitNumber = replayLimitRaw
+                ? Number.parseInt(replayLimitRaw, 10)
+                : Number.NaN;
+            const replayLimit = Number.isFinite(replayLimitNumber)
+                ? Math.max(1, Math.min(500, replayLimitNumber))
+                : 100;
             const mockContext = {
                 req: {
                     header: (name) => name === 'Authorization' ? authHeader : undefined,
@@ -1025,6 +1651,13 @@ export function createConsoleRoutes(options) {
                         return;
                     }
                     const listener = (event) => {
+                        if (partitionId) {
+                            const eventPartitionId = event.data.partitionId;
+                            if (typeof eventPartitionId !== 'string' ||
+                                eventPartitionId !== partitionId) {
+                                return;
+                            }
+                        }
                         try {
                             ws.send(JSON.stringify(event));
                         }
@@ -1038,6 +1671,20 @@ export function createConsoleRoutes(options) {
                         type: 'connected',
                         timestamp: new Date().toISOString(),
                     }));
+                    const replayEvents = emitter.replay({
+                        since: replaySince,
+                        limit: replayLimit,
+                        partitionId,
+                    });
+                    for (const replayEvent of replayEvents) {
+                        try {
+                            ws.send(JSON.stringify(replayEvent));
+                        }
+                        catch {
+                            // Connection closed
+                            break;
+                        }
+                    }
                     // Start heartbeat
                     const heartbeatInterval = setInterval(() => {
                         try {
@@ -1105,51 +1752,103 @@ export function createConsoleRoutes(options) {
                 },
             },
         },
-    }), zValidator('param', eventIdParamSchema), async (c) => {
+    }), zValidator('param', eventIdParamSchema), zValidator('query', eventDetailQuerySchema), async (c) => {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
         const { id: eventId } = c.req.valid('param');
-        const row = await db
+        const { partitionId } = c.req.valid('query');
+        let eventQuery = db
+            .selectFrom('sync_request_events')
+            .select(requestEventSelectColumns)
+            .where('event_id', '=', eventId);
+        if (partitionId) {
+            eventQuery = eventQuery.where('partition_id', '=', partitionId);
+        }
+        const row = await eventQuery.executeTakeFirst();
+        if (!row) {
+            return c.json({ error: 'NOT_FOUND' }, 404);
+        }
+        return c.json(mapRequestEvent(row), 200);
+    });
+    // -------------------------------------------------------------------------
+    // GET /events/:id/payload - payload snapshot detail (if retained)
+    // -------------------------------------------------------------------------
+    routes.get('/events/:id/payload', describeRoute({
+        tags: ['console'],
+        summary: 'Get event payload snapshot',
+        responses: {
+            200: {
+                description: 'Payload snapshot details',
+                content: {
+                    'application/json': {
+                        schema: resolver(ConsoleRequestPayloadSchema),
+                    },
+                },
+            },
+            400: {
+                description: 'Invalid request',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+            401: {
+                description: 'Unauthenticated',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+            404: {
+                description: 'Not found',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+        },
+    }), zValidator('param', eventIdParamSchema), zValidator('query', eventDetailQuerySchema), async (c) => {
+        const auth = await requireAuth(c);
+        if (!auth)
+            return c.json({ error: 'UNAUTHENTICATED' }, 401);
+        const { id: eventId } = c.req.valid('param');
+        const { partitionId } = c.req.valid('query');
+        let eventQuery = db
             .selectFrom('sync_request_events')
+            .select(['payload_ref', 'partition_id'])
+            .where('event_id', '=', eventId);
+        if (partitionId) {
+            eventQuery = eventQuery.where('partition_id', '=', partitionId);
+        }
+        const eventRow = await eventQuery.executeTakeFirst();
+        if (!eventRow) {
+            return c.json({ error: 'NOT_FOUND' }, 404);
+        }
+        const payloadRef = eventRow.payload_ref;
+        if (!payloadRef) {
+            return c.json({ error: 'NOT_FOUND', message: 'No payload snapshot recorded' }, 404);
+        }
+        const payloadRow = await db
+            .selectFrom('sync_request_payloads')
             .select([
-            'event_id',
-            'event_type',
-            'transport_path',
-            'actor_id',
-            'client_id',
-            'status_code',
-            'outcome',
-            'duration_ms',
-            'commit_seq',
-            'operation_count',
-            'row_count',
-            'tables',
-            'error_message',
+            'payload_ref',
+            'partition_id',
+            'request_payload',
+            'response_payload',
             'created_at',
         ])
-            .where('event_id', '=', eventId)
+            .where('payload_ref', '=', payloadRef)
+            .where('partition_id', '=', eventRow.partition_id)
             .executeTakeFirst();
-        if (!row) {
-            return c.json({ error: 'NOT_FOUND' }, 404);
+        if (!payloadRow) {
+            return c.json({ error: 'NOT_FOUND', message: 'Payload snapshot not available' }, 404);
         }
-        const event = {
-            eventId: coerceNumber(row.event_id) ?? 0,
-            eventType: row.event_type,
-            transportPath: row.transport_path === 'relay' ? 'relay' : 'direct',
-            actorId: row.actor_id ?? '',
-            clientId: row.client_id ?? '',
-            statusCode: coerceNumber(row.status_code) ?? 0,
-            outcome: row.outcome ?? '',
-            durationMs: coerceNumber(row.duration_ms) ?? 0,
-            commitSeq: coerceNumber(row.commit_seq),
-            operationCount: coerceNumber(row.operation_count),
-            rowCount: coerceNumber(row.row_count),
-            tables: options.dialect.dbToArray(row.tables),
-            errorMessage: row.error_message ?? null,
-            createdAt: row.created_at ?? '',
+        const payload = {
+            payloadRef: payloadRow.payload_ref,
+            partitionId: payloadRow.partition_id,
+            requestPayload: parseJsonValue(payloadRow.request_payload),
+            responsePayload: parseJsonValue(payloadRow.response_payload),
+            createdAt: payloadRow.created_at,
         };
-        return c.json(event, 200);
+        return c.json(payload, 200);
     });
     // -------------------------------------------------------------------------
     // DELETE /events - Clear all events
@@ -1282,7 +1981,7 @@ export function createConsoleRoutes(options) {
         const auth = await requireAuth(c);
         if (!auth)
             return c.json({ error: 'UNAUTHENTICATED' }, 401);
-        const { limit, offset, type: keyType } = c.req.valid('query');
+        const { limit, offset, type: keyType, status, expiresWithinDays, } = c.req.valid('query');
         let query = db
             .selectFrom('sync_api_keys')
             .select([
@@ -1304,6 +2003,31 @@ export function createConsoleRoutes(options) {
             query = query.where('key_type', '=', keyType);
             countQuery = countQuery.where('key_type', '=', keyType);
         }
+        const now = new Date();
+        const nowIso = now.toISOString();
+        const expiringThresholdIso = new Date(now.getTime() + (expiresWithinDays ?? 14) * 24 * 60 * 60 * 1000).toISOString();
+        if (status === 'active') {
+            query = query
+                .where('revoked_at', 'is', null)
+                .where((eb) => eb.or([eb('expires_at', 'is', null), eb('expires_at', '>', nowIso)]));
+            countQuery = countQuery
+                .where('revoked_at', 'is', null)
+                .where((eb) => eb.or([eb('expires_at', 'is', null), eb('expires_at', '>', nowIso)]));
+        }
+        else if (status === 'revoked') {
+            query = query.where('revoked_at', 'is not', null);
+            countQuery = countQuery.where('revoked_at', 'is not', null);
+        }
+        else if (status === 'expiring') {
+            query = query
+                .where('revoked_at', 'is', null)
+                .where('expires_at', '>', nowIso)
+                .where('expires_at', '<=', expiringThresholdIso);
+            countQuery = countQuery
+                .where('revoked_at', 'is', null)
+                .where('expires_at', '>', nowIso)
+                .where('expires_at', '<=', expiringThresholdIso);
+        }
         const [rows, countRow] = await Promise.all([
             query
                 .orderBy('created_at', 'desc')
@@ -1528,6 +2252,192 @@ export function createConsoleRoutes(options) {
         return c.json({ revoked }, 200);
     });
     // -------------------------------------------------------------------------
+    // POST /api-keys/bulk-revoke - Revoke multiple API keys
+    // -------------------------------------------------------------------------
+    routes.post('/api-keys/bulk-revoke', describeRoute({
+        tags: ['console'],
+        summary: 'Bulk revoke API keys',
+        responses: {
+            200: {
+                description: 'Bulk revoke result',
+                content: {
+                    'application/json': {
+                        schema: resolver(ConsoleApiKeyBulkRevokeResponseSchema),
+                    },
+                },
+            },
+            400: {
+                description: 'Invalid request',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+            401: {
+                description: 'Unauthenticated',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+        },
+    }), zValidator('json', ConsoleApiKeyBulkRevokeRequestSchema), async (c) => {
+        const auth = await requireAuth(c);
+        if (!auth)
+            return c.json({ error: 'UNAUTHENTICATED' }, 401);
+        const body = c.req.valid('json');
+        const keyIds = [...new Set(body.keyIds.map((keyId) => keyId.trim()))]
+            .filter((keyId) => keyId.length > 0)
+            .slice(0, 200);
+        if (keyIds.length === 0) {
+            return c.json({ error: 'INVALID_REQUEST', message: 'No API key IDs provided' }, 400);
+        }
+        const now = new Date().toISOString();
+        const existingRows = await db
+            .selectFrom('sync_api_keys')
+            .select(['key_id', 'revoked_at'])
+            .where('key_id', 'in', keyIds)
+            .execute();
+        const existingById = new Map(existingRows.map((row) => [row.key_id, row.revoked_at]));
+        const notFoundKeyIds = [];
+        const alreadyRevokedKeyIds = [];
+        const revokeCandidateKeyIds = [];
+        for (const keyId of keyIds) {
+            const revokedAt = existingById.get(keyId);
+            if (revokedAt === undefined) {
+                notFoundKeyIds.push(keyId);
+            }
+            else if (revokedAt !== null) {
+                alreadyRevokedKeyIds.push(keyId);
+            }
+            else {
+                revokeCandidateKeyIds.push(keyId);
+            }
+        }
+        let revokedCount = 0;
+        if (revokeCandidateKeyIds.length > 0) {
+            const updateResult = await db
+                .updateTable('sync_api_keys')
+                .set({ revoked_at: now })
+                .where('key_id', 'in', revokeCandidateKeyIds)
+                .where('revoked_at', 'is', null)
+                .executeTakeFirst();
+            revokedCount = Number(updateResult?.numUpdatedRows ?? 0);
+        }
+        const response = {
+            requestedCount: keyIds.length,
+            revokedCount,
+            alreadyRevokedCount: alreadyRevokedKeyIds.length,
+            notFoundCount: notFoundKeyIds.length,
+            revokedKeyIds: revokeCandidateKeyIds,
+            alreadyRevokedKeyIds,
+            notFoundKeyIds,
+        };
+        logSyncEvent({
+            event: 'console.bulk_revoke_api_keys',
+            consoleUserId: auth.consoleUserId,
+            requestedCount: response.requestedCount,
+            revokedCount: response.revokedCount,
+            alreadyRevokedCount: response.alreadyRevokedCount,
+            notFoundCount: response.notFoundCount,
+        });
+        return c.json(response, 200);
+    });
+    // -------------------------------------------------------------------------
+    // POST /api-keys/:id/rotate/stage - Stage rotate API key (keep old active)
+    // -------------------------------------------------------------------------
+    routes.post('/api-keys/:id/rotate/stage', describeRoute({
+        tags: ['console'],
+        summary: 'Stage rotate API key',
+        responses: {
+            200: {
+                description: 'Staged API key replacement',
+                content: {
+                    'application/json': {
+                        schema: resolver(ConsoleApiKeyCreateResponseSchema),
+                    },
+                },
+            },
+            401: {
+                description: 'Unauthenticated',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+            404: {
+                description: 'Not found',
+                content: {
+                    'application/json': { schema: resolver(ErrorResponseSchema) },
+                },
+            },
+        },
+    }), zValidator('param', apiKeyIdParamSchema), async (c) => {
+        const auth = await requireAuth(c);
+        if (!auth)
+            return c.json({ error: 'UNAUTHENTICATED' }, 401);
+        const { id: keyId } = c.req.valid('param');
+        const now = new Date().toISOString();
+        const existingRow = await db
+            .selectFrom('sync_api_keys')
+            .select([
+            'name',
+            'key_type',
+            'scope_keys',
+            'actor_id',
+            'expires_at',
+            'revoked_at',
+        ])
+            .where('key_id', '=', keyId)
+            .where('revoked_at', 'is', null)
+            .executeTakeFirst();
+        if (!existingRow) {
+            return c.json({ error: 'NOT_FOUND' }, 404);
+        }
+        const newKeyId = generateKeyId();
+        const keyType = existingRow.key_type;
+        const secretKey = generateSecretKey(keyType);
+        const keyHash = await hashApiKey(secretKey);
+        const keyPrefix = secretKey.slice(0, 12);
+        const scopeKeys = options.dialect.dbToArray(existingRow.scope_keys);
+        await db
+            .insertInto('sync_api_keys')
+            .values({
+            key_id: newKeyId,
+            key_hash: keyHash,
+            key_prefix: keyPrefix,
+            name: existingRow.name,
+            key_type: keyType,
+            scope_keys: options.dialect.arrayToDb(scopeKeys),
+            actor_id: existingRow.actor_id ?? null,
+            created_at: now,
+            expires_at: existingRow.expires_at,
+            last_used_at: null,
+            revoked_at: null,
+        })
+            .execute();
+        logSyncEvent({
+            event: 'console.stage_rotate_api_key',
+            consoleUserId: auth.consoleUserId,
+            oldKeyId: keyId,
+            newKeyId,
+        });
+        const key = {
+            keyId: newKeyId,
+            keyPrefix,
+            name: existingRow.name,
+            keyType,
+            scopeKeys,
+            actorId: existingRow.actor_id ?? null,
+            createdAt: now,
+            expiresAt: existingRow.expires_at ?? null,
+            lastUsedAt: null,
+            revokedAt: null,
+        };
+        const response = {
+            key,
+            secretKey,
+        };
+        return c.json(response, 200);
+    });
+    // -------------------------------------------------------------------------
     // POST /api-keys/:id/rotate - Rotate API key
     // -------------------------------------------------------------------------
     routes.post('/api-keys/:id/rotate', describeRoute({