@varshylinc/team-management 0.1.0 → 0.2.0

package/package.json

@@ -1,22 +1,29 @@
 {
   "name": "@varshylinc/team-management",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Team management shared module for Varshyl products.",
   "private": false,
+  "type": "module",
+  "files": [
+    "dist"
+  ],
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "exports": {
     ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "types": "./dist/index.d.ts",
+      "require": "./dist/index.js",
+      "import": "./dist/index.js"
     },
     "./server": {
-      "import": "./dist/server/index.js",
-      "types": "./dist/server/index.d.ts"
+      "types": "./dist/server/index.d.ts",
+      "require": "./dist/server/index.js",
+      "import": "./dist/server/index.js"
     },
     "./client": {
-      "import": "./dist/client/index.js",
-      "types": "./dist/client/index.d.ts"
+      "types": "./dist/client/index.d.ts",
+      "require": "./dist/client/index.js",
+      "import": "./dist/client/index.js"
     }
   },
   "dependencies": {
@@ -40,16 +47,16 @@
   },
   "peerDependencies": {
     "express": "^4.18.3",
-    "pg": "^8.11.5"
+    "pg": "^8.11.5",
+    "react": "^18.0.0"
   },
-  "type": "module",
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
   "scripts": {
-    "build": "tsc -p tsconfig.json && mkdir -p dist/server/migrations && cp src/server/migrations/*.sql dist/server/migrations/",
-    "typecheck": "tsc -p tsconfig.json --noEmit && tsc -p tsconfig.client.json",
+    "build": "tsc -p tsconfig.json && tsc -p tsconfig.client.build.json && mkdir -p dist/server/migrations && cp src/server/migrations/*.sql dist/server/migrations/",
+    "typecheck": "tsc -p tsconfig.json --noEmit && tsc -p tsconfig.client.json --noEmit",
     "test": "vitest run",
     "lint": "eslint src --ext .ts,.tsx --max-warnings 0"
   }

package/.eslintrc.cjs

@@ -1,18 +0,0 @@
-module.exports = {
-  root: true,
-  parser: '@typescript-eslint/parser',
-  parserOptions: {
-    project: ['./tsconfig.json', './tsconfig.client.json'],
-    tsconfigRootDir: __dirname,
-  },
-  plugins: ['@typescript-eslint'],
-  extends: [
-    'eslint:recommended',
-    'plugin:@typescript-eslint/recommended',
-  ],
-  rules: {
-    '@typescript-eslint/no-explicit-any': 'warn',
-    '@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
-  },
-  env: { node: true, browser: true, es2022: true },
-};

package/CHANGELOG.md

@@ -1,159 +0,0 @@
-# Changelog — @varshylinc/team-management
-
-## 0.1.0 — 2026-05-08
-
-First production-grade release. v0.0.1 was a stub with no business logic; v0.1.0 is the first version products can actually consume — a complete team management module with org model, RBAC, invitations, audit log, ownership transfer, email change, password reset, and super-admin back office.
-
-### Added
-
-**Org management**
-- `POST /orgs` — create organization (name, slug)
-- `GET /orgs/:id` — fetch org details
-- `PATCH /orgs/:id` — update org name and slug (admin+)
-- `DELETE /orgs/:id` — soft-delete with 30-day grace period; must type org name to confirm (owner only)
-- Org slug unique partial index (active orgs only)
-- Soft-delete columns: `deleted_at`, `delete_scheduled_for`, `deleted_by_user_id`
-
-**Member management**
-- `GET /orgs/:id/members` — list active members with roles
-- `GET /orgs/:id/members/former` — list removed members with removal metadata
-- `DELETE /orgs/:id/members/:userId` — soft-remove member; records `removed_by_user_id` and `removal_reason`
-- `PATCH /orgs/:id/members/:userId` — change member role (role-gated per matrix)
-- `GET /orgs/:id/members/:userId/cascade-preview` — preview what will be affected by removal
-
-**Invitations** (flag: `enableInvites`)
-- `POST /orgs/:id/invitations` — invite by email; sends magic link + 6-digit code in same email; 7-day expiry
-- `GET /orgs/:id/invitations` — list pending invitations (admin+)
-- `DELETE /orgs/:id/invitations/:invId` — revoke pending invitation (admin+)
-- `POST /orgs/:id/invitations/:invId/resend` — regenerate token + code, invalidate old (admin+)
-- `GET /orgs/:id/invitations/:invId/code` — fetch decrypted 6-digit code for phone fallback (admin+)
-- `GET /invitations/accept/:token` — public magic-link landing; shows org, role, inviter
-- `POST /invitations/accept/code` — public code-entry; `{email, code}`
-- Sub-A enforcement: member accepting while already in an org gets warning; owner is blocked entirely
-
-**Audit log** (flag: `enableAuditLog`)
-- `GET /orgs/:id/audit` — paginated audit events (admin+ only)
-- 13 event types: `org.created`, `org.settings.updated`, `org.deleted`, `member.invited`, `member.invite_accepted`, `member.invite_revoked`, `member.removed`, `member.role_changed`, `ownership.transfer_initiated`, `ownership.transfer_accepted`, `ownership.transfer_cancelled`, `email.change_requested`, `email.change_completed`
-- Each event stores: `actor_user_id`, `actor_type` (`user`/`super_admin`), `action`, `target_type`, `target_id`, `before` JSONB, `after` JSONB, `ip`, `user_agent`, `reason`, `created_at`
-- Super-admin events appear as "Varshyl Support" (real identity never exposed to org)
-
-**Ownership transfer** (flag: `enableOwnershipTransfer`)
-- `POST /orgs/:id/transfer` — initiate transfer to an admin (owner only; target must already be admin)
-- `GET /orgs/:id/transfer` — get pending transfer details
-- `POST /orgs/:id/transfer/:transferId/accept` — accept transfer (atomic role swap)
-- `DELETE /orgs/:id/transfer/:transferId` — cancel transfer (either party)
-- Transfer locks: no second transfer, no org delete, no party removal during pending transfer
-- 7-day expiration; auto-cancelled on expiry
-
-**Email change** (flag: `enableEmailChange`)
-- `POST /me/email-change` — request email change; sends verification to new + notice to old
-- `GET /me/email-change/verify` — verify new email via token
-- `POST /me/email-change/cancel` — cancel via old-email cancellation link; triggers mandatory password reset
-- Rate limit: 3 requests per user per 24 hours
-- Old-email notice contains cancel link with mandatory-reset semantics if clicked
-
-**Password reset** (flag: `enablePasswordReset`)
-- `POST /me/password-reset/request` — self-service; always returns 200 (no user enumeration)
-- `POST /me/password-reset/confirm` — confirm with token + new password
-- Rate limit: 3 requests per email per hour
-- 1-hour token expiry
-
-**Super-admin back office** (flag: `enableSuperAdmin`, default OFF)
-- `GET /admin/orgs` — list all orgs including deleted
-- `GET /admin/orgs/:id` — org details + members
-- `POST /admin/orgs/:id/restore` — restore soft-deleted org during grace period
-- `POST /admin/orgs/:id/appoint-owner` — appoint new owner (requires `reason`)
-- `POST /admin/orgs/:id/hard-delete` — legal-compliance hard delete (requires `legal_basis`)
-- `POST /admin/orgs/:id/members/add` — add member to any org (requires `reason`)
-- `POST /admin/orgs/:id/members/remove` — remove member from any org (requires `reason`)
-- `POST /admin/users/:id/lock` — lock user account (requires `reason`)
-- `POST /admin/users/:id/unlock` — unlock account
-- `POST /admin/users/:id/password-reset` — trigger reset link; super-admin never sees password
-- All super-admin actions require `reason` text; write audit event with `actor_type='super_admin'`
-- Cannot impersonate users; cannot modify product data; cannot set passwords directly
-
-**Self-service**
-- `GET /me/membership` — current user's org membership info
-
-**Health**
-- `GET /health` — module health with flag states
-
-### Adapter contract changes
-
-11 new required methods added to `ServerModuleAdapter` (all hosts must implement):
-
-| Method | Purpose |
-|--------|---------|
-| `getUserById(userId)` | Look up user by ID |
-| `getUsersByIds(userIds[])` | Batch user lookup |
-| `findUserByEmail(email)` | Look up user by email |
-| `createUserFromInvite({email, orgId, role})` | Create user on invite accept |
-| `setUserPassword(userId, hash)` | Store new password hash |
-| `hashPassword(plaintext)` | Hash a password |
-| `verifyPassword(plaintext, hash)` | Verify password against hash |
-| `invalidateAllUserSessions(userId)` | Invalidate all sessions for user |
-| `sendInviteEmail({to, orgName, inviterName, role, magicLinkUrl, code})` | Send invitation email |
-| `sendOwnershipTransferEmail({to, orgName, fromName, transferUrl})` | Send transfer notification |
-| `sendEmailChangeVerification({to, verifyUrl})` | Send verification to new email |
-| `sendEmailChangeOldNotice({to, newEmail, cancelUrl})` | Send notice to old email |
-| `sendEmailChangedFinalNotice({to, oldEmail, newEmail})` | Send final confirmation |
-| `sendPasswordResetEmail({to, resetUrl})` | Send reset link |
-| `sendOrgDeletionNotice({to, orgName, scheduledFor})` | Notify members on org delete |
-| `emitNotification({userId, type, payload})` | In-app notification hook |
-
-### Migrations included
-
-| File | Description |
-|------|-------------|
-| `0001_create_tm_schema_migrations.sql` | Migration ledger table |
-| `0002_create_tm_organizations.sql` | Organizations table |
-| `0003_create_tm_memberships.sql` | Memberships with soft-delete columns |
-| `0004_create_tm_invitations.sql` | Invitations with encrypted code storage |
-| `0005_create_tm_audit_events.sql` | Audit events log |
-| `0006_create_tm_email_change_requests.sql` | Email change requests |
-| `0007_create_tm_ownership_transfers.sql` | Ownership transfer requests |
-| `0008_create_tm_super_admins.sql` | Super-admin registry |
-| `0009_create_tm_password_reset_requests.sql` | Password reset tokens |
-| `0010_create_tm_shared_access.sql` | Shared access scaffold (empty, v0.2.0) |
-| `0011_seed_super_admin.sql` | Super-admin seed (idempotent, flag-gated) |
-
-All migrations are forward-only, idempotent (`IF NOT EXISTS`), and tracked in `tm_schema_migrations`.
-
-### Feature flags introduced
-
-| Flag | Default | Description |
-|------|---------|-------------|
-| `enableInvites` | `true` | Invitation flows (magic link + code) |
-| `enableAuditLog` | `true` | Audit log table and routes |
-| `enableOwnershipTransfer` | `true` | Ownership transfer flow |
-| `enableEmailChange` | `true` | Self-service email change |
-| `enablePasswordReset` | `true` | Self-service password reset |
-| `enableSuperAdmin` | `false` | Super-admin back office (Varshyl internal) |
-| `enableSharedAccess` | `false` | Shared access scaffold (reserved v0.2.0) |
-| `enableHardDelete` | `false` | Super-admin direct hard-delete |
-
-Routes return `501 Not Implemented` when their flag is off.
-
-### Locked design decisions (set in v0.1.0; future major bumps may revise)
-
-**Decision 1 — Org model:** Every user belongs to exactly one org at a time. Solo accounts = org of one. `tm_shared_access` scaffolded empty (v0.2.0 placeholder). Multi-contractor vendor case handled by existing vendor-invite system in ConstructIInv (out of scope).
-
-**Decision 2 — Roles:** Four roles: `owner` (unique per org, billing, delete, transfer), `admin` (invite/remove/settings, no audit-visible super-admin identity), `member` (day-to-day, no team powers), `viewer` (read-only). Permission matrix enforced at middleware level.
-
-**Decision 3 — Audit log:** Stored forever. Visible to admin+ only. 13 event types. Super-admin entries visible as "Varshyl Support" — real identity never exposed.
-
-**Decision 4 — Invitations:** Magic link + 6-digit code in same email. AES-256-GCM encryption for codes. 7-day expiry. Sub-A: member accepting into new org gets explicit warning + atomic switch; owner is blocked until they transfer or delete current org.
-
-**Decision 5 — Deletion:** Member removal is soft (`removed_at`). Org deletion is soft with 30-day grace; confirm by typing org name. Background sweep hard-deletes after grace period.
-
-**Decision 6 — Email change:** Verification to new address + immediate notice to old. Cancel from old address triggers mandatory password reset. Rate limit: 3 per user per 24h.
-
-**Decision 7 — Ownership transfer:** Target must already be admin. Confirm by typing org name (initiator) and email (recipient). Atomic role swap on accept. Locks: no second transfer, no org delete, no party removal.
-
-**Decision 8 — Super-admin:** Flag-gated (default OFF). Seeded from `TM_SUPER_ADMIN_EMAIL` env. Cannot impersonate, cannot modify product data, cannot set passwords. All actions require reason text.
-
----
-
-## v0.0.1 — 2026-04-28
-
-Initial stub. Module scaffolding only — no business logic.

package/src/client/api.ts

@@ -1,314 +0,0 @@
-import type {
-  PublicOrg,
-  PublicMember,
-  PendingInvitation,
-  CurrentMembership,
-  OwnershipTransfer,
-  AuditEvent,
-  SuperAdminOrgSummary,
-  OrgRole,
-  ApiError,
-} from './types.js';
-
-export let TM_API_BASE = '/api/team';
-
-export function setTmApiBase(base: string): void {
-  TM_API_BASE = base;
-}
-
-async function fetchTm<T>(
-  path: string,
-  options: RequestInit = {}
-): Promise<T> {
-  const res = await fetch(`${TM_API_BASE}${path}`, {
-    ...options,
-    headers: {
-      'Content-Type': 'application/json',
-      ...(options.headers ?? {}),
-    },
-  });
-
-  if (res.status === 204) {
-    return undefined as unknown as T;
-  }
-
-  const data = await res.json().catch(() => ({ error: res.statusText }));
-
-  if (!res.ok) {
-    const err = data as ApiError;
-    const msg = err.details ? `${err.error}: ${err.details.join(', ')}` : err.error;
-    throw new Error(msg ?? `HTTP ${res.status}`);
-  }
-
-  return data as T;
-}
-
-// ─── Orgs ────────────────────────────────────────────────────────────────────
-
-export async function getOrg(orgId: number): Promise<PublicOrg> {
-  return fetchTm<PublicOrg>(`/orgs/${orgId}`);
-}
-
-export async function updateOrg(
-  orgId: number,
-  data: { name?: string; slug?: string }
-): Promise<PublicOrg> {
-  return fetchTm<PublicOrg>(`/orgs/${orgId}`, {
-    method: 'PATCH',
-    body: JSON.stringify(data),
-  });
-}
-
-export async function deleteOrg(orgId: number, confirmName: string): Promise<void> {
-  return fetchTm<void>(`/orgs/${orgId}`, {
-    method: 'DELETE',
-    body: JSON.stringify({ confirmName }),
-  });
-}
-
-export async function listMembers(
-  orgId: number,
-  opts?: { includeFormer?: boolean }
-): Promise<PublicMember[]> {
-  const qs = opts?.includeFormer ? '?includeFormer=true' : '';
-  return fetchTm<PublicMember[]>(`/orgs/${orgId}/members${qs}`);
-}
-
-export async function removeMember(
-  orgId: number,
-  userId: number,
-  reason?: string
-): Promise<void> {
-  return fetchTm<void>(`/orgs/${orgId}/members/${userId}`, {
-    method: 'DELETE',
-    body: JSON.stringify({ reason }),
-  });
-}
-
-export async function changeMemberRole(
-  orgId: number,
-  userId: number,
-  newRole: OrgRole
-): Promise<PublicMember> {
-  return fetchTm<PublicMember>(`/orgs/${orgId}/members/${userId}/role`, {
-    method: 'PATCH',
-    body: JSON.stringify({ role: newRole }),
-  });
-}
-
-// ─── Invitations ─────────────────────────────────────────────────────────────
-
-export async function listInvitations(orgId: number): Promise<PendingInvitation[]> {
-  return fetchTm<PendingInvitation[]>(`/orgs/${orgId}/invitations`);
-}
-
-export async function createInvitation(
-  orgId: number,
-  data: { email: string; role: OrgRole }
-): Promise<PendingInvitation> {
-  return fetchTm<PendingInvitation>(`/orgs/${orgId}/invitations`, {
-    method: 'POST',
-    body: JSON.stringify(data),
-  });
-}
-
-export async function revokeInvitation(orgId: number, invitationId: number): Promise<void> {
-  return fetchTm<void>(`/orgs/${orgId}/invitations/${invitationId}`, {
-    method: 'DELETE',
-  });
-}
-
-export async function resendInvitation(orgId: number, invitationId: number): Promise<void> {
-  return fetchTm<void>(`/orgs/${orgId}/invitations/${invitationId}/resend`, {
-    method: 'POST',
-  });
-}
-
-export async function getInvitationCode(
-  orgId: number,
-  invitationId: number
-): Promise<{ code: string }> {
-  return fetchTm<{ code: string }>(`/orgs/${orgId}/invitations/${invitationId}/code`);
-}
-
-export async function acceptInvitationByToken(
-  token: string
-): Promise<{ orgId: number; role: OrgRole }> {
-  return fetchTm<{ orgId: number; role: OrgRole }>(`/invitations/accept`, {
-    method: 'POST',
-    body: JSON.stringify({ token }),
-  });
-}
-
-export async function acceptInvitationByCode(
-  email: string,
-  code: string
-): Promise<{ orgId: number; role: OrgRole }> {
-  return fetchTm<{ orgId: number; role: OrgRole }>(`/invitations/accept-code`, {
-    method: 'POST',
-    body: JSON.stringify({ email, code }),
-  });
-}
-
-// ─── Me / self-service ───────────────────────────────────────────────────────
-
-export async function getMyMembership(): Promise<CurrentMembership> {
-  return fetchTm<CurrentMembership>(`/me/membership`);
-}
-
-export async function requestEmailChange(newEmail: string): Promise<void> {
-  return fetchTm<void>(`/me/email-change`, {
-    method: 'POST',
-    body: JSON.stringify({ newEmail }),
-  });
-}
-
-export async function verifyEmailChange(token: string): Promise<void> {
-  return fetchTm<void>(`/me/email-change/verify`, {
-    method: 'POST',
-    body: JSON.stringify({ token }),
-  });
-}
-
-export async function cancelEmailChange(token: string): Promise<void> {
-  return fetchTm<void>(`/me/email-change/cancel`, {
-    method: 'POST',
-    body: JSON.stringify({ token }),
-  });
-}
-
-export async function requestPasswordReset(email: string): Promise<void> {
-  return fetchTm<void>(`/password-reset/request`, {
-    method: 'POST',
-    body: JSON.stringify({ email }),
-  });
-}
-
-export async function resetPassword(token: string, newPassword: string): Promise<void> {
-  return fetchTm<void>(`/password-reset/confirm`, {
-    method: 'POST',
-    body: JSON.stringify({ token, newPassword }),
-  });
-}
-
-// ─── Ownership transfer ───────────────────────────────────────────────────────
-
-export async function getPendingTransfer(orgId: number): Promise<OwnershipTransfer | null> {
-  return fetchTm<OwnershipTransfer | null>(`/orgs/${orgId}/transfer`);
-}
-
-export async function initiateTransfer(
-  orgId: number,
-  toUserId: number
-): Promise<OwnershipTransfer> {
-  return fetchTm<OwnershipTransfer>(`/orgs/${orgId}/transfer`, {
-    method: 'POST',
-    body: JSON.stringify({ toUserId }),
-  });
-}
-
-export async function acceptTransfer(orgId: number): Promise<void> {
-  return fetchTm<void>(`/orgs/${orgId}/transfer/accept`, {
-    method: 'POST',
-  });
-}
-
-export async function cancelTransfer(orgId: number): Promise<void> {
-  return fetchTm<void>(`/orgs/${orgId}/transfer/cancel`, {
-    method: 'POST',
-  });
-}
-
-// ─── Audit log ───────────────────────────────────────────────────────────────
-
-export async function getAuditLog(
-  orgId: number,
-  opts?: { page?: number; limit?: number; action?: string }
-): Promise<{ events: AuditEvent[]; total: number; page: number }> {
-  const params = new URLSearchParams();
-  if (opts?.page !== undefined) params.set('page', String(opts.page));
-  if (opts?.limit !== undefined) params.set('limit', String(opts.limit));
-  if (opts?.action) params.set('action', opts.action);
-  const qs = params.toString() ? `?${params.toString()}` : '';
-  return fetchTm<{ events: AuditEvent[]; total: number; page: number }>(
-    `/orgs/${orgId}/audit-log${qs}`
-  );
-}
-
-// ─── Super-admin ─────────────────────────────────────────────────────────────
-
-export async function adminListOrgs(): Promise<SuperAdminOrgSummary[]> {
-  return fetchTm<SuperAdminOrgSummary[]>(`/admin/orgs`);
-}
-
-export async function adminGetOrg(
-  orgId: number
-): Promise<SuperAdminOrgSummary & { members: PublicMember[] }> {
-  return fetchTm<SuperAdminOrgSummary & { members: PublicMember[] }>(`/admin/orgs/${orgId}`);
-}
-
-export async function adminRestoreOrg(orgId: number): Promise<void> {
-  return fetchTm<void>(`/admin/orgs/${orgId}/restore`, { method: 'POST' });
-}
-
-export async function adminAppointOwner(
-  orgId: number,
-  targetUserId: number,
-  reason: string
-): Promise<void> {
-  return fetchTm<void>(`/admin/orgs/${orgId}/appoint-owner`, {
-    method: 'POST',
-    body: JSON.stringify({ targetUserId, reason }),
-  });
-}
-
-export async function adminHardDeleteOrg(orgId: number, legalBasis: string): Promise<void> {
-  return fetchTm<void>(`/admin/orgs/${orgId}/hard-delete`, {
-    method: 'DELETE',
-    body: JSON.stringify({ legalBasis }),
-  });
-}
-
-export async function adminAddMember(
-  orgId: number,
-  userId: number,
-  role: OrgRole,
-  reason: string
-): Promise<void> {
-  return fetchTm<void>(`/admin/orgs/${orgId}/members`, {
-    method: 'POST',
-    body: JSON.stringify({ userId, role, reason }),
-  });
-}
-
-export async function adminRemoveMember(
-  orgId: number,
-  userId: number,
-  reason: string
-): Promise<void> {
-  return fetchTm<void>(`/admin/orgs/${orgId}/members/${userId}`, {
-    method: 'DELETE',
-    body: JSON.stringify({ reason }),
-  });
-}
-
-export async function adminLockUser(userId: number, reason: string): Promise<void> {
-  return fetchTm<void>(`/admin/users/${userId}/lock`, {
-    method: 'POST',
-    body: JSON.stringify({ reason }),
-  });
-}
-
-export async function adminUnlockUser(userId: number, reason: string): Promise<void> {
-  return fetchTm<void>(`/admin/users/${userId}/unlock`, {
-    method: 'POST',
-    body: JSON.stringify({ reason }),
-  });
-}
-
-export async function adminResetPassword(userId: number, reason: string): Promise<void> {
-  return fetchTm<void>(`/admin/users/${userId}/reset-password`, {
-    method: 'POST',
-    body: JSON.stringify({ reason }),
-  });
-}

package/src/client/components/AuditEventRow.tsx

@@ -1,59 +0,0 @@
-import React from 'react';
-import type { AuditEvent } from '../types.js';
-
-interface AuditEventRowProps {
-  event: AuditEvent;
-}
-
-function humanizeAction(action: string): string {
-  return action
-    .replace(/_/g, ' ')
-    .replace(/\b\w/g, (c) => c.toUpperCase());
-}
-
-function formatTimestamp(iso: string): string {
-  return new Date(iso).toLocaleString(undefined, {
-    year: 'numeric',
-    month: 'short',
-    day: 'numeric',
-    hour: '2-digit',
-    minute: '2-digit',
-  });
-}
-
-export function AuditEventRow({ event }: AuditEventRowProps) {
-  const isAdminAction = event.actor_type === 'super_admin';
-
-  return (
-    <tr className="border-b border-slate-100 last:border-0 hover:bg-slate-50 transition-colors">
-      <td className="py-3 px-4">
-        <div className="flex items-center gap-2">
-          <span className={`text-sm font-medium ${isAdminAction ? 'text-purple-700' : 'text-slate-900'}`}>
-            {event.actor_display_name}
-          </span>
-          {isAdminAction && (
-            <span className="inline-flex items-center px-1.5 py-0.5 rounded text-xs font-medium bg-purple-100 text-purple-700">
-              Support
-            </span>
-          )}
-        </div>
-      </td>
-      <td className="py-3 px-4">
-        <span className="text-sm text-slate-700">{humanizeAction(event.action)}</span>
-      </td>
-      <td className="py-3 px-4">
-        {event.target_type && event.target_id ? (
-          <span className="text-xs text-slate-500">
-            {event.target_type} #{event.target_id}
-          </span>
-        ) : (
-          <span className="text-slate-300">—</span>
-        )}
-      </td>
-      <td className="py-3 px-4 text-xs text-slate-500 whitespace-nowrap">
-        {formatTimestamp(event.created_at)}
-      </td>
-    </tr>
-  );
-}
-

package/src/client/components/CascadePreview.tsx

@@ -1,36 +0,0 @@
-import React from 'react';
-
-interface CascadeItem {
-  label: string;
-  count: number;
-  description: string;
-}
-
-interface CascadePreviewProps {
-  items: CascadeItem[];
-}
-
-export function CascadePreview({ items }: CascadePreviewProps) {
-  if (items.length === 0) return null;
-
-  return (
-    <div className="rounded-lg border border-amber-200 bg-amber-50 p-4">
-      <p className="text-sm font-semibold text-amber-800 mb-3">
-        The following will be affected:
-      </p>
-      <ul className="space-y-2">
-        {items.map((item, i) => (
-          <li key={i} className="flex items-start gap-3">
-            <span className="mt-0.5 flex h-5 w-5 shrink-0 items-center justify-center rounded-full bg-amber-200 text-xs font-bold text-amber-800">
-              {item.count}
-            </span>
-            <div>
-              <span className="text-sm font-medium text-amber-900">{item.label}</span>
-              <p className="text-xs text-amber-700">{item.description}</p>
-            </div>
-          </li>
-        ))}
-      </ul>
-    </div>
-  );
-}