mcpmake 0.1.0 → 0.2.0

package/dist/cloud/web/router.js

@@ -1,1921 +0,0 @@
-/**
- * Web route handler — serves HTML pages and static assets.
- *
- * Called before API routes in the main server. Returns `true` if the
- * request was handled, `false` to fall through to API routes.
- */
-import os from 'node:os';
-import { randomUUID, randomBytes } from 'node:crypto';
-import { writeFile, mkdir, unlink, rm } from 'node:fs/promises';
-import { join } from 'node:path';
-import { serveStatic } from './static-server.js';
-import { renderPage, renderTemplate } from './template-engine.js';
-import { getAuthenticatedUser, getSessionToken, requireAuth, requireAdmin, hashPassword, verifyPassword, setSessionCookie, clearSessionCookie, getUserByEmail, getUserById, createUser, updateUser, deleteUser, countUsers, listUsers, getSession, createSession, destroySession, setPendingToken, consumePendingToken, generateResetToken, hashResetToken, setPasswordResetToken, getUserByResetToken, clearPasswordResetToken, isEmailVerificationRequired, generateVerificationToken, hashVerificationToken, setEmailVerificationToken, getUserByVerificationToken, markEmailVerified, } from './auth.js';
-import { validateCsrf } from './csrf.js';
-import { getDoc, getSidebar, renderDoc, renderDocsIndexHtml } from './docs.js';
-import { parseMultipart, isAllowedSpecFile, getSafeExtension } from '../multipart.js';
-import { buildFromSpec, detectFormat, detectFormatFromContent } from '../build-pipeline.js';
-import { getContainerBackend } from '../container-backend.js';
-import { buildQueue } from '../build-queue.js';
-// Routing is backend-authoritative: the Caddy wildcard forwards every server
-// subdomain to this backend, so we no longer add per-container Caddy routes.
-import { generateBearerToken, hashToken, hashSpec } from '../security.js';
-import { getClientIp } from '../request-security.js';
-import { safeFetch, assertPublicUrl, SsrfError } from '../ssrf.js';
-import { loginLimiter, uploadLimiter, resetLimiter, usageTracker, getSecretStore, getPgServerStore, getCreditStore, getMetricSampleStore, getTelemetryStore, failureTracker, getDb, } from '../shared-state.js';
-import { gatherResourceReading, evaluatePressure, DEFAULT_THRESHOLDS, INITIAL_PRESSURE_STATE, } from '../resource-monitor.js';
-import { sendMail } from '../mailer.js';
-import { checkQuota, getPlanLimits, checkServerLimit } from '../billing/billing-engine.js';
-import { isStripeConfigured, createCheckoutSession, createPortalSession } from '../stripe.js';
-import { renderSparkline, renderBars, renderDualLine } from './charts.js';
-import { logger } from '../../utils/logger.js';
-const MAX_SPEC_SIZE = 5 * 1024 * 1024; // 5 MB
-const MAX_NAME_LEN = 100;
-const UPLOAD_DIR = '/tmp/mcpmake-uploads';
-const MAX_FORM_BODY = 1024 * 1024; // 1 MB
-/**
- * Handle web requests (HTML pages and static files).
- *
- * @returns `true` if handled, `false` to fall through to API routes.
- */
-export async function handleWebRequest(req, res, context) {
-    const method = req.method ?? 'GET';
-    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
-    const pathname = url.pathname;
-    // Static files
-    if (pathname.startsWith('/static/')) {
-        const served = await serveStatic(req, res);
-        if (served)
-            return true;
-        // Static file not found — send 404
-        sendHtml(res, 404, '<h1>404 — Not Found</h1>');
-        return true;
-    }
-    // --- Auth routes (GET + POST) ---
-    if (pathname === '/login' && method === 'GET') {
-        return handleLoginPage(req, res);
-    }
-    if (pathname === '/login' && method === 'POST') {
-        return handleLoginSubmit(req, res);
-    }
-    if (pathname === '/register' && method === 'GET') {
-        return handleRegisterPage(req, res);
-    }
-    if (pathname === '/register' && method === 'POST') {
-        return handleRegisterSubmit(req, res);
-    }
-    if (pathname === '/forgot-password' && method === 'GET') {
-        return handleForgotPasswordPage(req, res);
-    }
-    if (pathname === '/forgot-password' && method === 'POST') {
-        return handleForgotPasswordSubmit(req, res);
-    }
-    if (pathname === '/reset-password' && method === 'GET') {
-        return handleResetPasswordPage(req, res);
-    }
-    if (pathname === '/reset-password' && method === 'POST') {
-        return handleResetPasswordSubmit(req, res);
-    }
-    if (pathname === '/verify-email' && method === 'GET') {
-        return handleVerifyEmail(req, res);
-    }
-    if (pathname === '/dashboard/resend-verification' && method === 'POST') {
-        return handleResendVerification(req, res);
-    }
-    if (pathname === '/logout' && method === 'POST') {
-        return handleLogout(req, res);
-    }
-    // --- Dashboard routes (all require auth) ---
-    if (pathname === '/dashboard' && method === 'GET') {
-        return handleDashboardServers(req, res, context);
-    }
-    if (pathname === '/dashboard/_servers' && method === 'GET') {
-        return handleDashboardServersPartial(req, res, context);
-    }
-    if (pathname === '/dashboard/create' && method === 'GET') {
-        return handleDashboardCreatePage(req, res);
-    }
-    if (pathname === '/dashboard/create' && method === 'POST') {
-        return handleDashboardCreateSubmit(req, res, context);
-    }
-    // Match /dashboard/servers/:slug
-    const dashSlugMatch = pathname.match(/^\/dashboard\/servers\/([a-z0-9][a-z0-9-]*)$/);
-    if (dashSlugMatch && method === 'GET') {
-        return handleDashboardServerDetail(req, res, context, dashSlugMatch[1]);
-    }
-    // Match /dashboard/servers/:slug/_status (htmx partial)
-    const dashStatusMatch = pathname.match(/^\/dashboard\/servers\/([a-z0-9][a-z0-9-]*)\/_status$/);
-    if (dashStatusMatch && method === 'GET') {
-        return handleDashboardServerStatus(req, res, context, dashStatusMatch[1]);
-    }
-    // Match /dashboard/servers/:slug/logs
-    const dashLogsMatch = pathname.match(/^\/dashboard\/servers\/([a-z0-9][a-z0-9-]*)\/logs$/);
-    if (dashLogsMatch && method === 'GET') {
-        return handleDashboardServerLogs(req, res, context, dashLogsMatch[1]);
-    }
-    // Match /dashboard/servers/:slug/metrics
-    const dashMetricsMatch = pathname.match(/^\/dashboard\/servers\/([a-z0-9][a-z0-9-]*)\/metrics$/);
-    if (dashMetricsMatch && method === 'GET') {
-        return handleDashboardServerMetrics(req, res, context, dashMetricsMatch[1]);
-    }
-    // Match /dashboard/servers/:slug/secrets (POST — set a secret)
-    const dashSecretsMatch = pathname.match(/^\/dashboard\/servers\/([a-z0-9][a-z0-9-]*)\/secrets$/);
-    if (dashSecretsMatch && method === 'POST') {
-        return handleDashboardServerSecrets(req, res, context, dashSecretsMatch[1]);
-    }
-    // Match /dashboard/servers/:slug/delete
-    const dashDeleteMatch = pathname.match(/^\/dashboard\/servers\/([a-z0-9][a-z0-9-]*)\/delete$/);
-    if (dashDeleteMatch && method === 'POST') {
-        return handleDashboardServerDelete(req, res, context, dashDeleteMatch[1]);
-    }
-    // --- Billing routes ---
-    if (pathname === '/dashboard/billing' && method === 'GET') {
-        return handleBillingPage(req, res);
-    }
-    if (pathname === '/dashboard/billing/checkout' && method === 'POST') {
-        return handleBillingCheckout(req, res);
-    }
-    if (pathname === '/dashboard/billing/portal' && method === 'POST') {
-        return handleBillingPortal(req, res);
-    }
-    if (pathname === '/dashboard/billing/success' && method === 'GET') {
-        return handleBillingSuccess(req, res);
-    }
-    // --- Admin routes ---
-    if (pathname === '/admin' && method === 'GET') {
-        return handleAdminOverview(req, res, context);
-    }
-    if (pathname === '/admin/_stats' && method === 'GET') {
-        return handleAdminStatsPartial(req, res, context);
-    }
-    if (pathname === '/admin/servers' && method === 'GET') {
-        return handleAdminServers(req, res, context);
-    }
-    const adminServerDeleteMatch = pathname.match(/^\/admin\/servers\/([a-z0-9][a-z0-9-]*)\/delete$/);
-    if (adminServerDeleteMatch && method === 'POST') {
-        return handleAdminServerDelete(req, res, context, adminServerDeleteMatch[1]);
-    }
-    if (pathname === '/admin/users' && method === 'GET') {
-        return handleAdminUsers(req, res, context);
-    }
-    const adminUserPlanMatch = pathname.match(/^\/admin\/users\/([a-f0-9-]+)\/plan$/);
-    if (adminUserPlanMatch && method === 'POST') {
-        return handleAdminUserPlan(req, res, adminUserPlanMatch[1]);
-    }
-    const adminUserAdminMatch = pathname.match(/^\/admin\/users\/([a-f0-9-]+)\/admin$/);
-    if (adminUserAdminMatch && method === 'POST') {
-        return handleAdminUserAdmin(req, res, adminUserAdminMatch[1]);
-    }
-    const adminUserDeleteMatch = pathname.match(/^\/admin\/users\/([a-f0-9-]+)\/delete$/);
-    if (adminUserDeleteMatch && method === 'POST') {
-        return handleAdminUserDelete(req, res, adminUserDeleteMatch[1]);
-    }
-    const adminUserCreditsMatch = pathname.match(/^\/admin\/users\/([a-f0-9-]+)\/credits$/);
-    if (adminUserCreditsMatch && method === 'POST') {
-        return handleAdminUserCredits(req, res, context, adminUserCreditsMatch[1]);
-    }
-    // Only handle GET for remaining page routes
-    if (method !== 'GET') {
-        return false;
-    }
-    if (pathname === '/admin/telemetry') {
-        return handleAdminTelemetry(req, res);
-    }
-    // Bare user-id edit page. Registered AFTER /admin/users (exact) and the
-    // /plan, /admin, /delete, /credits POST matches above so it never shadows
-    // them. The `method !== 'GET'` guard above means only GET reaches here.
-    const adminUserEditMatch = pathname.match(/^\/admin\/users\/([a-f0-9-]+)$/);
-    if (adminUserEditMatch) {
-        return handleAdminUserEdit(req, res, context, adminUserEditMatch[1]);
-    }
-    // --- Page routes ---
-    if (pathname === '/') {
-        const html = renderPage('pages/landing/index', 'layouts/landing', {
-            metaTitle: 'mcpmake Cloud — Your API, as an MCP server in 30 seconds',
-            metaDescription: 'Upload an OpenAPI spec or HAR file. We generate and host the MCP server. Connect it to Claude, Cursor, or any MCP client.',
-            domain: context.domain,
-            year: new Date().getFullYear(),
-        });
-        sendHtml(res, 200, html);
-        return true;
-    }
-    // Legal pages (footer links).
-    if (pathname === '/terms') {
-        const html = renderPage('pages/legal/terms', 'layouts/landing', {
-            metaTitle: 'Terms of Service — mcpmake Cloud',
-            domain: context.domain,
-            year: new Date().getFullYear(),
-        });
-        sendHtml(res, 200, html);
-        return true;
-    }
-    if (pathname === '/privacy') {
-        const html = renderPage('pages/legal/privacy', 'layouts/landing', {
-            metaTitle: 'Privacy Policy — mcpmake Cloud',
-            domain: context.domain,
-            year: new Date().getFullYear(),
-        });
-        sendHtml(res, 200, html);
-        return true;
-    }
-    // Documentation (public — rendered from the project's Markdown docs).
-    if (pathname === '/docs') {
-        return handleDocsIndex(res, context);
-    }
-    const docMatch = pathname.match(/^\/docs\/([a-z0-9][a-z0-9-]*)$/);
-    if (docMatch) {
-        return handleDocPage(res, context, docMatch[1]);
-    }
-    // For non-API GET requests that didn't match any route, render a 404 page
-    if (!pathname.startsWith('/api/')) {
-        const html = renderPage('pages/errors/404', 'layouts/landing', {
-            metaTitle: '404 — Page not found — mcpmake Cloud',
-        });
-        sendHtml(res, 404, html);
-        return true;
-    }
-    // API routes — fall through to API handler
-    return false;
-}
-// ---------------------------------------------------------------------------
-// Documentation route handlers
-// ---------------------------------------------------------------------------
-function handleDocsIndex(res, context) {
-    const html = renderPage('pages/docs/show', 'layouts/landing', {
-        metaTitle: 'Documentation — mcpmake',
-        metaDescription: 'mcpmake documentation: cloud quickstart, CLI reference, website MCP servers, and migration guides.',
-        domain: context.domain,
-        year: new Date().getFullYear(),
-        isIndex: true,
-        docTitle: 'Documentation',
-        docGroups: getSidebar(),
-        docHtml: renderDocsIndexHtml(),
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-function handleDocPage(res, context, slug) {
-    const meta = getDoc(slug);
-    const docHtml = meta ? renderDoc(slug) : null;
-    if (!meta || docHtml === null) {
-        const notFound = renderPage('pages/errors/404', 'layouts/landing', {
-            metaTitle: '404 — Page not found — mcpmake Cloud',
-            domain: context.domain,
-            year: new Date().getFullYear(),
-        });
-        sendHtml(res, 404, notFound);
-        return true;
-    }
-    const html = renderPage('pages/docs/show', 'layouts/landing', {
-        metaTitle: `${meta.title} — mcpmake docs`,
-        metaDescription: meta.description,
-        domain: context.domain,
-        year: new Date().getFullYear(),
-        isIndex: false,
-        docTitle: meta.title,
-        docGroups: getSidebar(slug),
-        docHtml,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-// ---------------------------------------------------------------------------
-// Auth route handlers
-// ---------------------------------------------------------------------------
-async function handleLoginPage(req, res) {
-    // If already logged in, redirect to dashboard
-    const auth = await getAuthenticatedUser(req);
-    if (auth) {
-        redirect(res, '/dashboard');
-        return true;
-    }
-    // Create a temporary session for the CSRF token (anon — always in-memory)
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/login', 'layouts/auth', {
-        metaTitle: 'Sign in — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        email: '',
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleLoginSubmit(req, res) {
-    const body = await parseFormBody(req);
-    // Validate CSRF — need to get the session from the cookie
-    const auth = await getAuthenticatedUser(req);
-    if (auth) {
-        redirect(res, '/dashboard');
-        return true;
-    }
-    // Get the anon session for CSRF validation
-    const sessionToken = getSessionToken(req);
-    const session = sessionToken ? await getSession(sessionToken) : undefined;
-    if (!session || !validateCsrf(req, body, session)) {
-        return renderLoginError(req, res, 'Invalid form submission. Please try again.', body.email ?? '');
-    }
-    // Destroy the anon session
-    await destroySession(session.token);
-    const email = (body.email ?? '').trim().toLowerCase();
-    const password = body.password ?? '';
-    if (!email || !password) {
-        return renderLoginError(req, res, 'Email and password are required.', email);
-    }
-    // Rate limit login attempts by IP and by email
-    const clientIp = getClientIp(req);
-    const ipCheck = loginLimiter.check(`login-ip:${clientIp}`);
-    const emailCheck = loginLimiter.check(`login-email:${email}`);
-    if (!ipCheck.allowed || !emailCheck.allowed) {
-        return renderLoginError(req, res, 'Too many login attempts. Please try again later.', email);
-    }
-    const user = await getUserByEmail(email);
-    if (!user) {
-        return renderLoginError(req, res, 'Invalid email or password.', email);
-    }
-    const valid = await verifyPassword(password, user.passwordHash);
-    if (!valid) {
-        return renderLoginError(req, res, 'Invalid email or password.', email);
-    }
-    // Update last login
-    await updateUser(user.id, { lastLoginAt: new Date().toISOString() });
-    // Create session
-    const newSession = await createSession(user.id);
-    setSessionCookie(res, req, newSession.token);
-    redirect(res, '/dashboard');
-    return true;
-}
-async function renderLoginError(req, res, error, email) {
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/login', 'layouts/auth', {
-        metaTitle: 'Sign in — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        error,
-        email,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleRegisterPage(req, res) {
-    // If already logged in, redirect to dashboard
-    const auth = await getAuthenticatedUser(req);
-    if (auth) {
-        redirect(res, '/dashboard');
-        return true;
-    }
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/register', 'layouts/auth', {
-        metaTitle: 'Register — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        email: '',
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleRegisterSubmit(req, res) {
-    const body = await parseFormBody(req);
-    // If already logged in, redirect
-    const auth = await getAuthenticatedUser(req);
-    if (auth) {
-        redirect(res, '/dashboard');
-        return true;
-    }
-    // CSRF check
-    const sessionToken = getSessionToken(req);
-    const session = sessionToken ? await getSession(sessionToken) : undefined;
-    if (!session || !validateCsrf(req, body, session)) {
-        return renderRegisterError(req, res, 'Invalid form submission. Please try again.', body.email ?? '');
-    }
-    // Destroy the anon session
-    await destroySession(session.token);
-    const email = (body.email ?? '').trim().toLowerCase();
-    const password = body.password ?? '';
-    const confirmPassword = body.confirmPassword ?? '';
-    // Validate email
-    if (!email) {
-        return renderRegisterError(req, res, 'Email is required.', email);
-    }
-    if (!isValidEmail(email)) {
-        return renderRegisterError(req, res, 'Please enter a valid email address.', email);
-    }
-    // Email allowlist — restrict registration to approved domains/addresses
-    const allowedEmails = (process.env.ALLOWED_EMAILS ?? '')
-        .split(',')
-        .map((s) => s.trim())
-        .filter(Boolean);
-    if (allowedEmails.length > 0) {
-        const isAllowed = allowedEmails.some((pattern) => {
-            if (pattern.startsWith('*@')) {
-                const allowedDomain = pattern.slice(2).toLowerCase();
-                const atIdx = email.lastIndexOf('@');
-                return atIdx >= 0 && email.slice(atIdx + 1) === allowedDomain;
-            }
-            return email === pattern;
-        });
-        if (!isAllowed) {
-            return renderRegisterError(req, res, 'Registration is currently limited to invited users.', email);
-        }
-    }
-    // Validate password
-    if (password.length < 8) {
-        return renderRegisterError(req, res, 'Password must be at least 8 characters.', email);
-    }
-    if (password !== confirmPassword) {
-        return renderRegisterError(req, res, 'Passwords do not match.', email);
-    }
-    // Check for existing user
-    if (await getUserByEmail(email)) {
-        return renderRegisterError(req, res, 'An account with this email already exists.', email);
-    }
-    // Hash password (async — yields the event loop)
-    const passwordHashValue = await hashPassword(password);
-    // Re-check after await to prevent race conditions (e.g. two concurrent
-    // registrations both seeing count === 0 and both becoming admin)
-    if (await getUserByEmail(email)) {
-        return renderRegisterError(req, res, 'An account with this email already exists.', email);
-    }
-    const now = new Date().toISOString();
-    const isFirstUser = (await countUsers()) === 0;
-    const adminEmail = process.env.ADMIN_EMAIL?.toLowerCase().trim();
-    const isAdmin = isFirstUser || (!!adminEmail && email === adminEmail);
-    const user = {
-        id: randomUUID(),
-        email,
-        passwordHash: passwordHashValue,
-        plan: 'free',
-        isAdmin,
-        // Admins (and the first user / operator) are auto-verified so they are
-        // never locked out of their own instance.
-        emailVerified: isAdmin,
-        createdAt: now,
-        lastLoginAt: now,
-    };
-    await createUser(user);
-    // Send an email verification link to non-admin users.
-    if (!user.emailVerified) {
-        await sendVerificationEmail(req, user).catch((err) => logger.error(`[mailer] Failed to send verification email: ${err}`));
-    }
-    // Create session and log in
-    const newSession = await createSession(user.id);
-    setSessionCookie(res, req, newSession.token);
-    redirect(res, '/dashboard');
-    return true;
-}
-/**
- * Generate a fresh email verification token, persist its hash, and email the
- * verification link to the user. Shared by registration and resend.
- */
-async function sendVerificationEmail(req, user) {
-    const { token, hash } = generateVerificationToken();
-    await setEmailVerificationToken(user.id, hash);
-    const host = req.headers.host ?? 'localhost';
-    const proto = process.env.TRUST_PROXY === 'true' && req.headers['x-forwarded-proto'] === 'https'
-        ? 'https'
-        : 'http';
-    const verifyUrl = `${proto}://${host}/verify-email?token=${token}`;
-    await sendMail({
-        to: user.email,
-        subject: 'Verify your mcpmake email',
-        text: [
-            `Welcome to mcpmake Cloud!`,
-            ``,
-            `Confirm your email address to start deploying servers:`,
-            `${verifyUrl}`,
-            ``,
-            `If you did not create this account, you can ignore this email.`,
-        ].join('\n'),
-        html: [
-            `<p>Welcome to mcpmake Cloud!</p>`,
-            `<p>Confirm your email address to start deploying servers:</p>`,
-            `<p><a href="${verifyUrl}">${verifyUrl}</a></p>`,
-            `<p>If you did not create this account, you can ignore this email.</p>`,
-        ].join('\n'),
-    });
-}
-async function renderRegisterError(req, res, error, email) {
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/register', 'layouts/auth', {
-        metaTitle: 'Register — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        error,
-        email,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleLogout(req, res) {
-    const token = getSessionToken(req);
-    const session = token ? await getSession(token) : undefined;
-    if (session) {
-        const body = await parseFormBody(req);
-        if (!validateCsrf(req, body, session)) {
-            redirect(res, '/dashboard');
-            return true;
-        }
-        await destroySession(session.token);
-    }
-    clearSessionCookie(res, req);
-    redirect(res, '/');
-    return true;
-}
-// ---------------------------------------------------------------------------
-// Password reset route handlers
-// ---------------------------------------------------------------------------
-async function handleForgotPasswordPage(req, res) {
-    const auth = await getAuthenticatedUser(req);
-    if (auth) {
-        redirect(res, '/dashboard');
-        return true;
-    }
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/forgot-password', 'layouts/auth', {
-        metaTitle: 'Reset password — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        email: '',
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleForgotPasswordSubmit(req, res) {
-    const body = await parseFormBody(req);
-    const auth = await getAuthenticatedUser(req);
-    if (auth) {
-        redirect(res, '/dashboard');
-        return true;
-    }
-    // CSRF check
-    const sessionToken = getSessionToken(req);
-    const session = sessionToken ? await getSession(sessionToken) : undefined;
-    if (!session || !validateCsrf(req, body, session)) {
-        return renderForgotPasswordError(req, res, 'Invalid form submission. Please try again.', '');
-    }
-    await destroySession(session.token);
-    const email = (body.email ?? '').trim().toLowerCase();
-    if (!email) {
-        return renderForgotPasswordError(req, res, 'Email is required.', email);
-    }
-    // Rate limit by IP
-    const clientIp = getClientIp(req);
-    const ipCheck = resetLimiter.check(`reset-ip:${clientIp}`);
-    if (!ipCheck.allowed) {
-        return renderForgotPasswordError(req, res, 'Too many reset requests. Please try again later.', email);
-    }
-    // Always show success message to prevent email enumeration
-    const successMessage = 'If an account with that email exists, a password reset link has been sent.';
-    const user = await getUserByEmail(email);
-    if (user) {
-        const { token, hash } = generateResetToken();
-        await setPasswordResetToken(user.id, hash);
-        const host = req.headers.host ?? 'localhost';
-        const proto = process.env.TRUST_PROXY === 'true' && req.headers['x-forwarded-proto'] === 'https'
-            ? 'https'
-            : 'http';
-        const resetUrl = `${proto}://${host}/reset-password?token=${token}`;
-        try {
-            await sendMail({
-                to: user.email,
-                subject: 'Reset your mcpmake password',
-                text: [
-                    `You requested a password reset for your mcpmake Cloud account.`,
-                    ``,
-                    `Click the link below to set a new password (expires in 1 hour):`,
-                    `${resetUrl}`,
-                    ``,
-                    `If you did not request this, you can safely ignore this email.`,
-                ].join('\n'),
-                html: [
-                    `<p>You requested a password reset for your mcpmake Cloud account.</p>`,
-                    `<p>Click the link below to set a new password (expires in 1 hour):</p>`,
-                    `<p><a href="${resetUrl}">${resetUrl}</a></p>`,
-                    `<p>If you did not request this, you can safely ignore this email.</p>`,
-                ].join('\n'),
-            });
-        }
-        catch (err) {
-            logger.error(`[mailer] Failed to send reset email: ${err instanceof Error ? err.message : err}`);
-        }
-    }
-    // Always show success — never reveal whether the email exists
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/forgot-password', 'layouts/auth', {
-        metaTitle: 'Reset password — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        success: successMessage,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function renderForgotPasswordError(req, res, error, email) {
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/forgot-password', 'layouts/auth', {
-        metaTitle: 'Reset password — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        error,
-        email,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleResetPasswordPage(req, res) {
-    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
-    const token = url.searchParams.get('token') ?? '';
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    if (!token || !/^[a-f0-9]{64}$/.test(token)) {
-        const html = renderPage('pages/auth/reset-password', 'layouts/auth', {
-            metaTitle: 'Reset password — mcpmake Cloud',
-            csrfToken: tempSession.csrfToken,
-            expired: true,
-        });
-        sendHtml(res, 200, html);
-        return true;
-    }
-    const tokenHash = hashResetToken(token);
-    const user = await getUserByResetToken(tokenHash);
-    if (!user) {
-        const html = renderPage('pages/auth/reset-password', 'layouts/auth', {
-            metaTitle: 'Reset password — mcpmake Cloud',
-            csrfToken: tempSession.csrfToken,
-            expired: true,
-        });
-        sendHtml(res, 200, html);
-        return true;
-    }
-    const html = renderPage('pages/auth/reset-password', 'layouts/auth', {
-        metaTitle: 'Reset password — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        token,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleResetPasswordSubmit(req, res) {
-    const body = await parseFormBody(req);
-    // CSRF check
-    const sessionToken = getSessionToken(req);
-    const session = sessionToken ? await getSession(sessionToken) : undefined;
-    if (!session || !validateCsrf(req, body, session)) {
-        return renderResetPasswordError(req, res, 'Invalid form submission. Please try again.', '');
-    }
-    await destroySession(session.token);
-    const token = body.token ?? '';
-    const password = body.password ?? '';
-    const confirmPassword = body.confirmPassword ?? '';
-    if (!token || !/^[a-f0-9]{64}$/.test(token)) {
-        return renderResetPasswordError(req, res, '', '', true);
-    }
-    const tokenHash = hashResetToken(token);
-    const user = await getUserByResetToken(tokenHash);
-    if (!user) {
-        return renderResetPasswordError(req, res, '', '', true);
-    }
-    if (password.length < 8) {
-        return renderResetPasswordError(req, res, 'Password must be at least 8 characters.', token);
-    }
-    if (password !== confirmPassword) {
-        return renderResetPasswordError(req, res, 'Passwords do not match.', token);
-    }
-    const newHash = await hashPassword(password);
-    await updateUser(user.id, { passwordHash: newHash });
-    await clearPasswordResetToken(user.id);
-    // Redirect to login with success message
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/login', 'layouts/auth', {
-        metaTitle: 'Sign in — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        email: user.email,
-        success: 'Your password has been reset. Please sign in with your new password.',
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function renderResetPasswordError(req, res, error, token, expired = false) {
-    const tempSession = await createSession('__anon__');
-    setSessionCookie(res, req, tempSession.token);
-    const html = renderPage('pages/auth/reset-password', 'layouts/auth', {
-        metaTitle: 'Reset password — mcpmake Cloud',
-        csrfToken: tempSession.csrfToken,
-        error: error || undefined,
-        token: token || undefined,
-        expired,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-// ---------------------------------------------------------------------------
-// Email verification route handlers
-// ---------------------------------------------------------------------------
-async function handleVerifyEmail(req, res) {
-    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
-    const token = url.searchParams.get('token') ?? '';
-    if (!token || !/^[a-f0-9]{64}$/.test(token)) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Invalid or expired verification link.'));
-        return true;
-    }
-    const user = await getUserByVerificationToken(hashVerificationToken(token));
-    if (!user) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Invalid or expired verification link.'));
-        return true;
-    }
-    await markEmailVerified(user.id);
-    redirect(res, '/dashboard?success=' + encodeURIComponent('Email verified — you can now deploy servers.'));
-    return true;
-}
-async function handleResendVerification(req, res) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Invalid form submission.'));
-        return true;
-    }
-    if (auth.user.emailVerified) {
-        redirect(res, '/dashboard?success=' + encodeURIComponent('Your email is already verified.'));
-        return true;
-    }
-    // Rate limit resends by user to prevent mail flooding.
-    const check = resetLimiter.check(`verify-resend:${auth.user.id}`);
-    if (!check.allowed) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Too many requests. Please try again later.'));
-        return true;
-    }
-    await sendVerificationEmail(req, auth.user).catch((err) => logger.error(`[mailer] Failed to resend verification email: ${err}`));
-    redirect(res, '/dashboard?success=' + encodeURIComponent('Verification email sent. Check your inbox.'));
-    return true;
-}
-// ---------------------------------------------------------------------------
-// Dashboard route handlers
-// ---------------------------------------------------------------------------
-async function handleDashboardServers(req, res, context) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
-    const flashSuccess = url.searchParams.get('success') ?? undefined;
-    const flashError = url.searchParams.get('error') ?? undefined;
-    const allServers = context.store.list();
-    const userServers = allServers
-        .filter((s) => s.userId === auth.user.id)
-        .map((s) => ({
-        ...s,
-        csrfToken: auth.session.csrfToken,
-        endpoint: `https://${s.slug}.${context.domain}`,
-    }));
-    const html = renderPage('pages/dashboard/servers', 'layouts/dashboard', {
-        metaTitle: 'Dashboard — mcpmake Cloud',
-        activePage: 'servers',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        servers: userServers,
-        showVerifyBanner: isEmailVerificationRequired() && !auth.user.emailVerified,
-        flashSuccess,
-        flashError,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleDashboardServersPartial(req, res, context) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const allServers = context.store.list();
-    const userServers = allServers
-        .filter((s) => s.userId === auth.user.id)
-        .map((s) => ({
-        ...s,
-        csrfToken: auth.session.csrfToken,
-        endpoint: `https://${s.slug}.${context.domain}`,
-    }));
-    const html = renderTemplate('pages/dashboard/servers-partial', {
-        servers: userServers,
-        csrfToken: auth.session.csrfToken,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleDashboardCreatePage(req, res) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const html = renderPage('pages/dashboard/create', 'layouts/dashboard', {
-        metaTitle: 'New Server — mcpmake Cloud',
-        activePage: 'create',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleDashboardCreateSubmit(req, res, context) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const contentType = req.headers['content-type'] ?? '';
-    if (!contentType.includes('multipart/form-data')) {
-        return renderCreateError(res, auth, 'Invalid form submission.');
-    }
-    const parsed = await parseMultipart(req, contentType);
-    if (!parsed) {
-        return renderCreateError(res, auth, 'Failed to parse form data.');
-    }
-    // Validate CSRF token from form field
-    const csrfBody = { _csrf: parsed.fields.get('_csrf') ?? '' };
-    if (!validateCsrf(req, csrfBody, auth.session)) {
-        return renderCreateError(res, auth, 'Invalid form submission. Please try again.');
-    }
-    // Require a verified email before allowing any server creation.
-    if (isEmailVerificationRequired() && !auth.user.emailVerified) {
-        return renderCreateError(res, auth, 'Please verify your email address before deploying a server. Check your inbox, or resend the link from your dashboard.');
-    }
-    // Rate limit server creation (same limiter as the API path)
-    const clientIp = getClientIp(req);
-    const rateCheck = uploadLimiter.check(clientIp);
-    if (!rateCheck.allowed) {
-        return renderCreateError(res, auth, 'Rate limit exceeded. Try again later.');
-    }
-    // Check billing quota for Playwright servers
-    const userPlan = (auth.user.plan ?? 'free');
-    const usage = usageTracker.getUsageSummary(auth.user.id);
-    const quota = checkQuota(auth.user.id, userPlan, usage.totalSessionsMs);
-    if (!quota.allowed) {
-        return renderCreateError(res, auth, `Browser usage quota exceeded (${Math.round(quota.limit)} min). Upgrade your plan for more.`);
-    }
-    // Enforce the plan's hosted-server limit before allocating a port / building.
-    // Count from Postgres when available so the limit survives process restarts.
-    const pgServerStore = getPgServerStore();
-    const ownedServers = pgServerStore
-        ? (await pgServerStore.list()).filter((s) => s.userId === auth.user.id)
-        : context.store.list().filter((s) => s.userId === auth.user.id);
-    const serverLimit = checkServerLimit(userPlan, ownedServers.length);
-    if (!serverLimit.allowed) {
-        return renderCreateError(res, auth, `You've reached your plan's limit of ${serverLimit.limit} hosted server${serverLimit.limit === 1 ? '' : 's'}. Upgrade your plan or delete an existing server.`);
-    }
-    // Determine source: file upload or URL
-    const sourceUrl = parsed.fields.get('source_url')?.trim();
-    let specFile = parsed.files.get('spec');
-    let fileName;
-    if (sourceUrl && sourceUrl.startsWith('http')) {
-        // Fetch spec from URL
-        try {
-            const urlObj = new URL(sourceUrl);
-            if (!['http:', 'https:'].includes(urlObj.protocol)) {
-                return renderCreateError(res, auth, 'Only http/https URLs are supported.');
-            }
-            // SSRF guard: refuse private / link-local / metadata targets and
-            // re-validate every redirect hop.
-            let fetchRes;
-            try {
-                fetchRes = await safeFetch(sourceUrl, {
-                    headers: { Accept: 'application/json, application/yaml, text/yaml, */*' },
-                    timeoutMs: 15_000,
-                });
-            }
-            catch (err) {
-                if (err instanceof SsrfError) {
-                    return renderCreateError(res, auth, 'That URL is not allowed (must be a public address).');
-                }
-                throw err;
-            }
-            if (!fetchRes.ok) {
-                return renderCreateError(res, auth, `Failed to fetch URL: ${fetchRes.status} ${fetchRes.statusText}`);
-            }
-            const contentType = fetchRes.headers.get('content-type') ?? '';
-            const body = Buffer.from(await fetchRes.arrayBuffer());
-            if (body.length > MAX_SPEC_SIZE) {
-                return renderCreateError(res, auth, 'Fetched content too large. Maximum is 5MB.');
-            }
-            // Determine extension from content type or URL
-            let ext = '.yaml';
-            if (contentType.includes('json') || sourceUrl.endsWith('.json'))
-                ext = '.json';
-            else if (sourceUrl.endsWith('.har'))
-                ext = '.har';
-            else if (sourceUrl.endsWith('.yml'))
-                ext = '.yml';
-            // If it looks like HTML (a website), run Playwright analysis
-            if (contentType.includes('text/html') && !sourceUrl.match(/\.(yaml|yml|json|har)(\?|$)/i)) {
-                // Website-to-MCP: analyze with Playwright headless
-                const depthStr = parsed.fields.get('depth') ?? '2';
-                const crawlDepth = Math.min(Math.max(parseInt(depthStr, 10) || 2, 1), 3);
-                const maxPages = crawlDepth === 1 ? 5 : crawlDepth === 2 ? 15 : 30;
-                try {
-                    const { crawlSite } = await import('../../analyzer/site-crawler.js');
-                    const { generateSiteTools } = await import('../../site-transformer/tool-generator.js');
-                    const { emitSiteProject } = await import('../../emitter/index.js');
-                    const { mkdtemp } = await import('node:fs/promises');
-                    const { tmpdir } = await import('node:os');
-                    // SSRF guard before driving a headless browser to the target. The
-                    // seed URL is validated here; deep-crawled links rely on the
-                    // network-level egress allowlist (deploy/harden-egress.sh).
-                    try {
-                        await assertPublicUrl(sourceUrl);
-                    }
-                    catch (err) {
-                        if (err instanceof SsrfError) {
-                            return renderCreateError(res, auth, 'That URL is not allowed (must be a public address).');
-                        }
-                        throw err;
-                    }
-                    logger.info(`[dashboard] Crawling website: ${sourceUrl} (depth: ${crawlDepth}, max: ${maxPages})`);
-                    const { siteDescriptor } = await crawlSite({
-                        url: sourceUrl,
-                        depth: crawlDepth,
-                        maxPages,
-                        headless: true,
-                        captureScreenshots: false,
-                        timeout: 60_000,
-                    });
-                    if (siteDescriptor.pages.length === 0) {
-                        return renderCreateError(res, auth, 'No pages could be analyzed from that URL.');
-                    }
-                    const tools = generateSiteTools(siteDescriptor);
-                    if (tools.length === 0) {
-                        return renderCreateError(res, auth, 'No interactive elements found on the site.');
-                    }
-                    const rawName = (parsed.fields.get('name') ?? '').trim();
-                    const serverName = rawName
-                        ? rawName
-                            .toLowerCase()
-                            .replace(/[^a-z0-9]+/g, '-')
-                            .replace(/^-|-$/g, '')
-                        : new URL(sourceUrl).hostname.replace(/[^a-z0-9]+/g, '-');
-                    const buildDir = await mkdtemp(join(tmpdir(), 'mcpmake-site-'));
-                    await emitSiteProject({
-                        serverName,
-                        serverVersion: '1.0.0',
-                        baseUrl: siteDescriptor.baseUrl,
-                        transport: 'http',
-                        siteDescriptor,
-                        tools,
-                        envVars: [
-                            {
-                                name: 'BASE_URL',
-                                description: 'Target website URL',
-                                required: true,
-                                example: siteDescriptor.baseUrl,
-                            },
-                        ],
-                        browserConfig: {
-                            headless: true,
-                            idleTimeoutMs: 5 * 60 * 1000,
-                            viewport: { width: 1280, height: 720 },
-                            maxSessions: 3,
-                        },
-                    }, { outputDir: buildDir, force: true, dryRun: false });
-                    // Build and deploy the Playwright server
-                    const slug = serverName.slice(0, 40) + '-' + randomBytes(4).toString('hex');
-                    const imageName = `mcpmake-${slug}`;
-                    const imageTag = 'latest';
-                    // Install deps and build in the emitted project
-                    const { execFile: execFileCb } = await import('node:child_process');
-                    const { promisify } = await import('node:util');
-                    const execFileAsync = promisify(execFileCb);
-                    // Gate the heavy install/build/image steps through the build queue
-                    // so concurrent crawls can't exhaust the host.
-                    await buildQueue.run(async () => {
-                        await execFileAsync('npm', ['install', '--omit=dev'], {
-                            cwd: buildDir,
-                            timeout: 60_000,
-                        });
-                        await execFileAsync('npm', ['run', 'build'], { cwd: buildDir, timeout: 30_000 });
-                        await getContainerBackend().buildImage(buildDir, imageName, imageTag);
-                    });
-                    try {
-                        await rm(buildDir, { recursive: true, force: true });
-                    }
-                    catch {
-                        logger.warn(`Failed to clean up build directory: ${buildDir}`);
-                    }
-                    const port = context.ports.allocate();
-                    const bearerToken = generateBearerToken();
-                    const tokenHash = hashToken(bearerToken);
-                    const specHash = hashSpec(Buffer.from(sourceUrl));
-                    const secrets = await getSecretStore().getSecretsAsEnv(slug);
-                    const containerId = await getContainerBackend().startContainer({
-                        slug,
-                        imageName,
-                        imageTag,
-                        envVars: { BASE_URL: sourceUrl, MCP_AUTH_TOKEN: bearerToken },
-                        port,
-                        serverType: 'playwright',
-                        secrets,
-                    });
-                    // Routing is backend-authoritative (Caddy wildcard → this backend),
-                    // so no per-container Caddy route is created.
-                    const now = new Date().toISOString();
-                    context.store.create({
-                        slug,
-                        userId: auth.user.id,
-                        specHash,
-                        containerId,
-                        port,
-                        bearerToken: tokenHash,
-                        status: 'running',
-                        toolCount: tools.length,
-                        serverType: 'playwright',
-                        createdAt: now,
-                        lastActiveAt: now,
-                    });
-                    const pgStore = getPgServerStore();
-                    if (pgStore) {
-                        await pgStore.create({
-                            slug,
-                            userId: auth.user.id,
-                            specHash,
-                            containerId,
-                            port,
-                            bearerToken: tokenHash,
-                            status: 'running',
-                            toolCount: tools.length,
-                            serverType: 'playwright',
-                            createdAt: now,
-                            lastActiveAt: now,
-                        });
-                    }
-                    context.metrics.init(slug);
-                    await setPendingToken(auth.session.token, slug, bearerToken);
-                    redirect(res, `/dashboard/servers/${encodeURIComponent(slug)}`);
-                    return true;
-                }
-                catch (err) {
-                    const msg = err instanceof Error ? err.message : String(err);
-                    logger.error(`[dashboard] Website analysis failed: ${msg}`);
-                    return renderCreateError(res, auth, `Website analysis failed: ${msg.slice(0, 200)}`);
-                }
-            }
-            fileName = `url-spec${ext}`;
-            specFile = { data: body, filename: fileName };
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            return renderCreateError(res, auth, `Failed to fetch URL: ${msg}`);
-        }
-    }
-    else if (!specFile) {
-        return renderCreateError(res, auth, 'Please upload a spec file or enter a URL.');
-    }
-    else {
-        fileName = specFile.filename ?? 'spec';
-    }
-    if (specFile.data.length > MAX_SPEC_SIZE) {
-        return renderCreateError(res, auth, `File too large (${Math.round(specFile.data.length / 1024)}KB). Maximum is 5MB.`);
-    }
-    if (!isAllowedSpecFile(fileName)) {
-        return renderCreateError(res, auth, 'Invalid file type. Accepted: .yaml, .yml, .json, .har');
-    }
-    let name = parsed.fields.get('name') ?? undefined;
-    if (name && name.length > MAX_NAME_LEN) {
-        name = name.slice(0, MAX_NAME_LEN);
-    }
-    if (name) {
-        name = name.replace(/[^\x20-\x7E]/g, '');
-    }
-    // Save uploaded file
-    await mkdir(UPLOAD_DIR, { recursive: true });
-    const tempId = randomBytes(8).toString('hex');
-    const safeExtension = getSafeExtension(fileName);
-    const specPath = join(UPLOAD_DIR, `${tempId}${safeExtension}`);
-    await writeFile(specPath, specFile.data);
-    try {
-        let format = detectFormat(specPath);
-        if (safeExtension === '.json') {
-            format = await detectFormatFromContent(specPath);
-        }
-        logger.info(`[dashboard] Building from ${format} spec: ${fileName}`);
-        const buildResult = await buildFromSpec(specPath, { name, format });
-        const port = context.ports.allocate();
-        const bearerToken = generateBearerToken();
-        const tokenHash = hashToken(bearerToken);
-        const specHash = hashSpec(specFile.data);
-        await buildQueue.run(() => getContainerBackend().buildImage(buildResult.buildDir, buildResult.imageName, buildResult.imageTag));
-        try {
-            await rm(buildResult.buildDir, { recursive: true, force: true });
-        }
-        catch {
-            logger.warn(`Failed to clean up build directory: ${buildResult.buildDir}`);
-        }
-        // Retrieve any stored secrets for the slug to inject as env vars
-        const secrets = await getSecretStore().getSecretsAsEnv(buildResult.slug);
-        // Inject the raw bearer token so the container authenticates /mcp traffic.
-        const containerId = await getContainerBackend().startContainer({
-            slug: buildResult.slug,
-            imageName: buildResult.imageName,
-            imageTag: buildResult.imageTag,
-            envVars: { MCP_AUTH_TOKEN: bearerToken },
-            port,
-            serverType: buildResult.serverType,
-            secrets,
-        });
-        // Routing is backend-authoritative (Caddy wildcard → this backend), so no
-        // per-container Caddy route is created.
-        const now = new Date().toISOString();
-        context.store.create({
-            slug: buildResult.slug,
-            userId: auth.user.id,
-            specHash,
-            containerId,
-            port,
-            bearerToken: tokenHash,
-            status: 'running',
-            toolCount: buildResult.toolCount,
-            serverType: buildResult.serverType,
-            createdAt: now,
-            lastActiveAt: now,
-        });
-        context.metrics.init(buildResult.slug);
-        await setPendingToken(auth.session.token, buildResult.slug, bearerToken);
-        redirect(res, `/dashboard/servers/${encodeURIComponent(buildResult.slug)}`);
-        return true;
-    }
-    catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        logger.error(`[dashboard] Build failed: ${message}`);
-        return renderCreateError(res, auth, 'Build failed. Please check your spec file and try again.');
-    }
-    finally {
-        try {
-            await unlink(specPath);
-        }
-        catch {
-            // Ignore cleanup errors
-        }
-    }
-}
-function renderCreateError(res, auth, error) {
-    const html = renderPage('pages/dashboard/create', 'layouts/dashboard', {
-        metaTitle: 'New Server — mcpmake Cloud',
-        activePage: 'create',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        flashError: error,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleDashboardServerDetail(req, res, context, slug) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const server = context.store.get(slug);
-    if (!server || server.userId !== auth.user.id) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Server not found.'));
-        return true;
-    }
-    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
-    const flashSuccess = url.searchParams.get('success') ?? undefined;
-    const flashError = url.searchParams.get('error') ?? undefined;
-    const token = await consumePendingToken(auth.session.token, slug);
-    // Retrieve secret names (never values) for display
-    const secretNames = await getSecretStore().listSecrets(slug);
-    // Build Playwright-specific data if this is a site server
-    const isPlaywright = server.serverType === 'playwright';
-    let sessions = [];
-    let usage = {};
-    let screenshots = [];
-    let changes = [];
-    if (isPlaywright) {
-        const summary = usageTracker.getUsageSummary(auth.user.id);
-        const plan = (auth.user.plan ?? 'free');
-        const quota = checkQuota(auth.user.id, plan, summary.totalSessionsMs);
-        usage = {
-            minutesUsed: Math.round(summary.totalSessionsMs / 60_000),
-            minutesRemaining: Math.round(quota.remaining),
-            toolCalls: summary.totalToolCalls,
-            screenshots: summary.totalScreenshots,
-            plan,
-            limit: quota.limit === Infinity ? 'unlimited' : quota.limit,
-        };
-        // Sessions, screenshots, and changes will be populated from DB when available
-    }
-    const html = renderPage('pages/dashboard/server-detail', 'layouts/dashboard', {
-        metaTitle: `${slug} — mcpmake Cloud`,
-        activePage: 'servers',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        server,
-        endpoint: `https://${slug}.${context.domain}`,
-        token,
-        isPlaywright,
-        sessions,
-        usage,
-        screenshots,
-        changes,
-        secretNames,
-        flashSuccess,
-        flashError,
-    });
-    sendHtml(res, 200, html, token ? { 'Cache-Control': 'no-store' } : undefined);
-    return true;
-}
-async function handleDashboardServerStatus(req, res, context, slug) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const server = context.store.get(slug);
-    if (!server || server.userId !== auth.user.id) {
-        sendHtml(res, 404, '<span class="status-badge status-stopped">unknown</span>');
-        return true;
-    }
-    const html = renderTemplate('partials/status-badge', { status: server.status });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleDashboardServerLogs(req, res, context, slug) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const server = context.store.get(slug);
-    if (!server || server.userId !== auth.user.id) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Server not found.'));
-        return true;
-    }
-    const html = renderPage('pages/dashboard/server-logs', 'layouts/dashboard', {
-        metaTitle: `Logs — ${slug} — mcpmake Cloud`,
-        activePage: 'servers',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        server,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleDashboardServerMetrics(req, res, context, slug) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const server = context.store.get(slug);
-    if (!server || server.userId !== auth.user.id) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Server not found.'));
-        return true;
-    }
-    const serverMetrics = context.metrics.get(slug);
-    const topTools = context.metrics.getTopTools(slug);
-    const maxCalls = topTools.length > 0 ? topTools[0].calls : 1;
-    const topToolsWithPercentage = topTools.map((t) => ({
-        ...t,
-        percentage: Math.max(5, Math.round((t.calls / maxCalls) * 100)),
-    }));
-    const html = renderPage('pages/dashboard/server-metrics', 'layouts/dashboard', {
-        metaTitle: `Metrics — ${slug} — mcpmake Cloud`,
-        activePage: 'servers',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        server,
-        totalRequests: serverMetrics?.totalRequests ?? 0,
-        topTools: topToolsWithPercentage,
-        lastActiveAt: serverMetrics?.lastActiveAt ?? server.lastActiveAt,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleDashboardServerDelete(req, res, context, slug) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Invalid form submission.'));
-        return true;
-    }
-    const server = context.store.get(slug);
-    if (!server || server.userId !== auth.user.id) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Server not found.'));
-        return true;
-    }
-    if (server.containerId) {
-        try {
-            await getContainerBackend().stopContainer(server.containerId);
-        }
-        catch (err) {
-            logger.warn(`Failed to stop container for ${slug}: ${err}`);
-        }
-    }
-    // No Caddy route to remove — routing is backend-authoritative (wildcard).
-    context.ports.release(server.port);
-    context.store.delete(slug);
-    const pgStoreForDelete = getPgServerStore();
-    if (pgStoreForDelete)
-        await pgStoreForDelete.delete(slug);
-    context.metrics.delete(slug);
-    redirect(res, '/dashboard?success=' + encodeURIComponent(`Server "${slug}" has been deleted.`));
-    return true;
-}
-async function handleDashboardServerSecrets(req, res, context, slug) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        redirect(res, `/dashboard/servers/${encodeURIComponent(slug)}?error=` +
-            encodeURIComponent('Invalid form submission.'));
-        return true;
-    }
-    const pgStore = getPgServerStore();
-    const server = pgStore ? await pgStore.get(slug) : context.store.get(slug);
-    if (!server || server.userId !== auth.user.id) {
-        redirect(res, '/dashboard?error=' + encodeURIComponent('Server not found.'));
-        return true;
-    }
-    const secretName = (body.secret_name ?? '').trim();
-    const secretValue = body.secret_value ?? '';
-    if (!secretName || !secretValue) {
-        redirect(res, `/dashboard/servers/${encodeURIComponent(slug)}?error=` +
-            encodeURIComponent('Secret name and value are required.'));
-        return true;
-    }
-    // Validate secret name: must look like an env var (letters, digits, underscores)
-    if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(secretName)) {
-        redirect(res, `/dashboard/servers/${encodeURIComponent(slug)}?error=` +
-            encodeURIComponent('Secret name must be a valid environment variable name (letters, digits, underscores).'));
-        return true;
-    }
-    await getSecretStore().storeSecret(slug, secretName, secretValue);
-    redirect(res, `/dashboard/servers/${encodeURIComponent(slug)}?success=` +
-        encodeURIComponent(`Secret "${secretName}" saved.`));
-    return true;
-}
-// ---------------------------------------------------------------------------
-// Billing route handlers
-// ---------------------------------------------------------------------------
-async function handleBillingPage(req, res) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
-    const flashSuccess = url.searchParams.get('success') ?? undefined;
-    const flashError = url.searchParams.get('error') ?? undefined;
-    const plan = (auth.user.plan ?? 'free');
-    const limits = getPlanLimits(plan);
-    const usage = usageTracker.getUsageSummary(auth.user.id);
-    const quota = checkQuota(auth.user.id, plan, usage.totalSessionsMs);
-    const html = renderPage('pages/dashboard/billing', 'layouts/dashboard', {
-        metaTitle: 'Billing — mcpmake Cloud',
-        activePage: 'billing',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        stripeConfigured: isStripeConfigured(),
-        currentPlan: plan,
-        minutesUsed: Math.round(usage.totalSessionsMs / 60_000),
-        minutesLimit: limits.maxMinutes === Infinity ? 'unlimited' : limits.maxMinutes,
-        minutesRemaining: quota.remaining === Infinity ? 'unlimited' : Math.round(quota.remaining),
-        hasSubscription: !!auth.user.stripeCustomerId,
-        flashSuccess,
-        flashError,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleBillingCheckout(req, res) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        redirect(res, '/dashboard/billing?error=' + encodeURIComponent('Invalid form submission.'));
-        return true;
-    }
-    const plan = body.plan;
-    const validPlans = new Set(['hobbyist', 'pro', 'team']);
-    if (!plan || !validPlans.has(plan)) {
-        redirect(res, '/dashboard/billing?error=' + encodeURIComponent('Invalid plan selected.'));
-        return true;
-    }
-    if (!isStripeConfigured()) {
-        redirect(res, '/dashboard/billing?error=' + encodeURIComponent('Payments are not configured.'));
-        return true;
-    }
-    try {
-        const host = req.headers.host ?? 'localhost';
-        const proto = process.env.TRUST_PROXY === 'true' && req.headers['x-forwarded-proto'] === 'https'
-            ? 'https'
-            : 'http';
-        const baseUrl = `${proto}://${host}`;
-        const checkoutUrl = await createCheckoutSession({
-            userId: auth.user.id,
-            email: auth.user.email,
-            plan,
-            successUrl: `${baseUrl}/dashboard/billing/success?plan=${encodeURIComponent(plan)}`,
-            cancelUrl: `${baseUrl}/dashboard/billing`,
-        });
-        redirect(res, checkoutUrl);
-    }
-    catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        logger.error(`[billing] Checkout failed: ${message}`);
-        redirect(res, '/dashboard/billing?error=' +
-            encodeURIComponent('Failed to start checkout. Please try again.'));
-    }
-    return true;
-}
-async function handleBillingPortal(req, res) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        redirect(res, '/dashboard/billing?error=' + encodeURIComponent('Invalid form submission.'));
-        return true;
-    }
-    if (!auth.user.stripeCustomerId) {
-        redirect(res, '/dashboard/billing?error=' + encodeURIComponent('No active subscription found.'));
-        return true;
-    }
-    try {
-        const host = req.headers.host ?? 'localhost';
-        const proto = process.env.TRUST_PROXY === 'true' && req.headers['x-forwarded-proto'] === 'https'
-            ? 'https'
-            : 'http';
-        const returnUrl = `${proto}://${host}/dashboard/billing`;
-        const portalUrl = await createPortalSession(auth.user.stripeCustomerId, returnUrl);
-        redirect(res, portalUrl);
-    }
-    catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        logger.error(`[billing] Portal session failed: ${message}`);
-        redirect(res, '/dashboard/billing?error=' +
-            encodeURIComponent('Failed to open billing portal. Please try again.'));
-    }
-    return true;
-}
-async function handleBillingSuccess(req, res) {
-    const auth = await requireAuth(req, res);
-    if (!auth)
-        return true;
-    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
-    const plan = url.searchParams.get('plan') ?? '';
-    redirect(res, '/dashboard/billing?success=' +
-        encodeURIComponent(plan
-            ? `Welcome to the ${plan.charAt(0).toUpperCase() + plan.slice(1)} plan! Your subscription is now active.`
-            : 'Your subscription is now active!'));
-    return true;
-}
-// ---------------------------------------------------------------------------
-// Admin route handlers
-// ---------------------------------------------------------------------------
-async function gatherAdminStats(context) {
-    // Prefer the Postgres store when configured — `context.store` is the in-memory
-    // store, which is empty after a restart in Pg mode (the Pg-blindness bug).
-    const pg = getPgServerStore();
-    const allServers = pg ? await pg.list() : context.store.list();
-    const runningCount = allServers.filter((s) => s.status === 'running').length;
-    const mem = process.memoryUsage();
-    const uptimeSec = process.uptime();
-    const hours = Math.floor(uptimeSec / 3600);
-    const mins = Math.floor((uptimeSec % 3600) / 60);
-    const secs = Math.floor(uptimeSec % 60);
-    const uptimeStr = hours > 0 ? `${hours}h ${mins}m ${secs}s` : mins > 0 ? `${mins}m ${secs}s` : `${secs}s`;
-    // --- Charts: 24h history from durable metric samples ---
-    let samples = [];
-    try {
-        samples = await getMetricSampleStore().recent(24 * 3600 * 1000);
-    }
-    catch {
-        samples = [];
-    }
-    const dbAvailable = getDb() != null;
-    // History needs a database; with no DB and no samples, the in-memory ring is
-    // empty (or lost on restart) so render an explicit empty-state instead of a
-    // blank chart.
-    const hasHistory = samples.length > 0;
-    const historyEmpty = !dbAvailable && !hasHistory;
-    let charts = {};
-    if (hasHistory) {
-        charts = {
-            requestsErrors: renderDualLine(samples.map((s) => s.requests), samples.map((s) => s.errors5xx), { labelA: 'Requests / interval', labelB: '5xx errors', unit: '' }),
-            memDisk: renderDualLine(samples.map((s) => s.memUsedPct), samples.map((s) => s.diskUsedPct), { labelA: 'Memory used', labelB: 'Disk used', unit: '%' }),
-            users: renderSparkline(samples.map((s) => s.totalUsers), { label: 'Total users', color: 'var(--color-success, #10b981)' }),
-            servers: renderBars(samples.map((s) => s.totalServers), { label: 'Total servers' }),
-        };
-    }
-    // --- Live "last hour" sparkline from the in-memory failure tracker ---
-    const lastHourSeries = failureTracker.series(60);
-    const lastHourChart = renderSparkline(lastHourSeries.map((p) => p.total), { label: 'Requests / min (last hour)' });
-    // --- Failure rate (last hour) ---
-    const failWindow = failureTracker.window(60);
-    // --- Health panel ---
-    let reading;
-    try {
-        reading = await gatherResourceReading(runningCount, process.env.DATA_DIR ?? '/');
-    }
-    catch {
-        reading = { memUsedPct: 0, diskUsedPct: 0, activeContainers: runningCount };
-    }
-    const pressure = evaluatePressure(reading, DEFAULT_THRESHOLDS, INITIAL_PRESSURE_STATE);
-    const ramOk = reading.memUsedPct < DEFAULT_THRESHOLDS.memPct;
-    const diskOk = reading.diskUsedPct < DEFAULT_THRESHOLDS.diskPct;
-    const health = {
-        db: dbAvailable,
-        stripe: isStripeConfigured(),
-        backend: getContainerBackend().name,
-        ramOk,
-        diskOk,
-        memUsedPct: reading.memUsedPct.toFixed(0),
-        diskUsedPct: reading.diskUsedPct.toFixed(0),
-        alerts: pressure.alerts,
-    };
-    return {
-        stats: {
-            totalServers: allServers.length,
-            runningServers: runningCount,
-            totalUsers: await countUsers(),
-            portsAllocated: context.ports.allocatedCount,
-        },
-        failure: {
-            requests: failWindow.total,
-            serverErrorRatePct: failWindow.serverErrorRatePct.toFixed(1),
-            clientErrorRatePct: failWindow.clientErrorRatePct.toFixed(1),
-        },
-        health,
-        historyEmpty,
-        hasHistory,
-        charts,
-        lastHourChart,
-        systemInfo: {
-            memoryRss: (mem.rss / 1024 / 1024).toFixed(1),
-            memoryHeapUsed: (mem.heapUsed / 1024 / 1024).toFixed(1),
-            uptime: uptimeStr,
-            nodeVersion: process.version,
-            platform: `${os.platform()} ${os.arch()}`,
-            totalMem: (os.totalmem() / 1024 / 1024).toFixed(0),
-            freeMem: (os.freemem() / 1024 / 1024).toFixed(0),
-        },
-    };
-}
-async function handleAdminOverview(req, res, context) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const data = await gatherAdminStats(context);
-    const html = renderPage('pages/admin/overview', 'layouts/admin', {
-        metaTitle: 'Admin Overview — mcpmake Cloud',
-        activePage: 'overview',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        ...data,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleAdminStatsPartial(req, res, context) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const data = await gatherAdminStats(context);
-    const html = renderTemplate('partials/admin-stats', data);
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleAdminServers(req, res, context) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const pg = getPgServerStore();
-    const allServers = pg ? await pg.list() : context.store.list();
-    const allUsers = await listUsers();
-    const userMap = new Map(allUsers.map((u) => [u.id, u.email]));
-    // Enrich server records with user email for display
-    const servers = allServers.map((s) => ({
-        ...s,
-        userEmail: s.userId ? (userMap.get(s.userId) ?? null) : null,
-    }));
-    const html = renderPage('pages/admin/servers', 'layouts/admin', {
-        metaTitle: 'Servers — Admin — mcpmake Cloud',
-        activePage: 'servers',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        servers,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleAdminServerDelete(req, res, context, slug) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        sendHtml(res, 403, '<h1>403 — Invalid CSRF token</h1>');
-        return true;
-    }
-    // Prefer the Pg store: the in-memory `store` is empty after a restart in Pg
-    // mode, so reading/deleting only in-memory would leave a ghost row that
-    // reappears on the next list (and leaks its port forever).
-    const pg = getPgServerStore();
-    const record = pg ? await pg.get(slug) : context.store.get(slug);
-    if (!record) {
-        redirect(res, '/admin/servers');
-        return true;
-    }
-    // Stop the container
-    try {
-        if (record.containerId) {
-            await getContainerBackend().stopContainer(record.containerId);
-        }
-    }
-    catch {
-        // Container may already be stopped or Docker unavailable
-    }
-    // No Caddy route to remove — routing is backend-authoritative (wildcard).
-    // Release port and delete record from both stores
-    context.ports.release(record.port);
-    if (pg)
-        await pg.delete(slug);
-    context.store.delete(slug);
-    redirect(res, '/admin/servers');
-    return true;
-}
-async function handleAdminUsers(req, res, context) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const allUsers = await listUsers();
-    const pg = getPgServerStore();
-    const allServers = pg ? await pg.list() : context.store.list();
-    // Count servers per user
-    const serverCounts = new Map();
-    for (const s of allServers) {
-        if (s.userId) {
-            serverCounts.set(s.userId, (serverCounts.get(s.userId) ?? 0) + 1);
-        }
-    }
-    const users = allUsers.map(({ passwordHash: _, ...u }) => ({
-        ...u,
-        serverCount: serverCounts.get(u.id) ?? 0,
-    }));
-    const html = renderPage('pages/admin/users', 'layouts/admin', {
-        metaTitle: 'Users — Admin — mcpmake Cloud',
-        activePage: 'users',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        users,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleAdminUserPlan(req, res, userId) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        sendHtml(res, 403, '<h1>403 — Invalid CSRF token</h1>');
-        return true;
-    }
-    const validPlans = new Set(['free', 'hobbyist', 'pro', 'team', 'enterprise']);
-    const plan = body.plan;
-    if (!plan || !validPlans.has(plan)) {
-        sendHtml(res, 400, '<h1>400 — Invalid plan</h1>');
-        return true;
-    }
-    const target = await getUserById(userId);
-    if (!target) {
-        redirect(res, '/admin/users');
-        return true;
-    }
-    await updateUser(userId, { plan: plan });
-    // If htmx request, return 204 (no content, hx-swap="none")
-    if (req.headers['hx-request']) {
-        res.writeHead(204);
-        res.end();
-        return true;
-    }
-    redirect(res, '/admin/users');
-    return true;
-}
-async function handleAdminUserAdmin(req, res, userId) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        sendHtml(res, 403, '<h1>403 — Invalid CSRF token</h1>');
-        return true;
-    }
-    const target = await getUserById(userId);
-    if (!target) {
-        redirect(res, '/admin/users');
-        return true;
-    }
-    // Prevent admin from removing their own admin status
-    if (target.id === auth.user.id) {
-        sendHtml(res, 400, '<h1>400 — Cannot modify your own admin status</h1>');
-        return true;
-    }
-    await updateUser(userId, { isAdmin: !target.isAdmin });
-    if (req.headers['hx-request']) {
-        res.writeHead(204);
-        res.end();
-        return true;
-    }
-    redirect(res, '/admin/users');
-    return true;
-}
-async function handleAdminUserDelete(req, res, userId) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        sendHtml(res, 403, '<h1>403 — Invalid CSRF token</h1>');
-        return true;
-    }
-    // Prevent admin from deleting themselves
-    if (userId === auth.user.id) {
-        sendHtml(res, 400, '<h1>400 — Cannot delete your own account</h1>');
-        return true;
-    }
-    const target = await getUserById(userId);
-    if (!target) {
-        redirect(res, '/admin/users');
-        return true;
-    }
-    await deleteUser(userId);
-    redirect(res, '/admin/users');
-    return true;
-}
-/** Cap on a single grant/revoke amount — guards against typos / overflow. */
-const MAX_CREDIT_AMOUNT = 100_000_000;
-async function handleAdminUserEdit(req, res, context, userId) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const target = await getUserById(userId);
-    if (!target) {
-        redirect(res, '/admin/users');
-        return true;
-    }
-    const credits = getCreditStore();
-    const balance = await credits.balance(userId);
-    const ledgerRaw = await credits.recentLedger(userId, 20);
-    const ledger = ledgerRaw.map((e) => ({
-        delta: e.delta,
-        deltaLabel: e.delta >= 0 ? `+${e.delta}` : String(e.delta),
-        isCredit: e.delta >= 0,
-        reason: e.reason,
-        balanceAfter: e.balanceAfter == null ? '—' : String(e.balanceAfter),
-        createdAt: e.createdAt,
-    }));
-    const pg = getPgServerStore();
-    const allServers = pg ? await pg.list() : context.store.list();
-    const serverCount = allServers.filter((s) => s.userId === userId).length;
-    const { passwordHash: _omit, ...safeUser } = target;
-    const html = renderPage('pages/admin/user-edit', 'layouts/admin', {
-        metaTitle: `${target.email} — Admin — mcpmake Cloud`,
-        activePage: 'users',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        targetUser: safeUser,
-        balance,
-        ledger,
-        serverCount,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-async function handleAdminUserCredits(req, res, _context, userId) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    const body = await parseFormBody(req);
-    if (!validateCsrf(req, body, auth.session)) {
-        sendHtml(res, 403, '<h1>403 — Invalid CSRF token</h1>');
-        return true;
-    }
-    const target = await getUserById(userId);
-    if (!target) {
-        redirect(res, '/admin/users');
-        return true;
-    }
-    const action = body.action;
-    if (action !== 'grant' && action !== 'revoke') {
-        sendHtml(res, 400, '<h1>400 — Invalid action</h1>');
-        return true;
-    }
-    // Validate amount: must be a positive integer within a sane bound.
-    const raw = (body.amount ?? '').trim();
-    if (!/^\d+$/.test(raw)) {
-        sendHtml(res, 400, '<h1>400 — Invalid amount</h1>');
-        return true;
-    }
-    const amount = Number(raw);
-    if (!Number.isInteger(amount) || amount <= 0 || amount > MAX_CREDIT_AMOUNT) {
-        sendHtml(res, 400, '<h1>400 — Invalid amount</h1>');
-        return true;
-    }
-    const credits = getCreditStore();
-    if (action === 'grant') {
-        await credits.grant(userId, amount, auth.user.id);
-    }
-    else {
-        await credits.revoke(userId, amount, auth.user.id);
-    }
-    redirect(res, `/admin/users/${encodeURIComponent(userId)}`);
-    return true;
-}
-async function handleAdminTelemetry(req, res) {
-    const auth = await requireAdmin(req, res);
-    if (!auth)
-        return true;
-    let groups = [];
-    try {
-        groups = await getTelemetryStore().recentGrouped(100);
-    }
-    catch {
-        groups = [];
-    }
-    const html = renderPage('pages/admin/telemetry', 'layouts/admin', {
-        metaTitle: 'Telemetry — Admin — mcpmake Cloud',
-        activePage: 'telemetry',
-        user: auth.user,
-        csrfToken: auth.session.csrfToken,
-        groups,
-    });
-    sendHtml(res, 200, html);
-    return true;
-}
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-function sendHtml(res, status, html, extraHeaders) {
-    const body = Buffer.from(html, 'utf-8');
-    res.writeHead(status, {
-        'Content-Type': 'text/html; charset=utf-8',
-        'Content-Length': body.length,
-        'Cache-Control': 'no-cache',
-        'Content-Security-Policy': "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'none'",
-        'Referrer-Policy': 'same-origin',
-        'X-Content-Type-Options': 'nosniff',
-        'X-Frame-Options': 'DENY',
-        ...extraHeaders,
-    });
-    res.end(body);
-}
-/**
- * Render a 500 error page. Exported for use in the main server error handler.
- */
-export function render500Page(res) {
-    try {
-        const html = renderPage('pages/errors/500', 'layouts/landing', {
-            metaTitle: '500 — Something went wrong — mcpmake Cloud',
-        });
-        sendHtml(res, 500, html);
-    }
-    catch {
-        // Fallback if template rendering itself fails
-        sendHtml(res, 500, '<h1>500 — Internal Server Error</h1>');
-    }
-}
-function redirect(res, location) {
-    res.writeHead(302, { Location: location });
-    res.end();
-}
-/**
- * Validate email: must contain @ with at least one char before it,
- * and a dot after the @.
- */
-function isValidEmail(email) {
-    const atIndex = email.indexOf('@');
-    if (atIndex < 1)
-        return false;
-    const domain = email.slice(atIndex + 1);
-    return domain.includes('.') && !domain.startsWith('.') && !domain.endsWith('.');
-}
-/**
- * Parse URL-encoded form body from a POST request.
- * Returns a plain object of field name -> value.
- * Max body size: 1MB.
- */
-async function parseFormBody(req) {
-    return new Promise((resolve) => {
-        const chunks = [];
-        let totalSize = 0;
-        req.on('data', (chunk) => {
-            totalSize += chunk.length;
-            if (totalSize > MAX_FORM_BODY) {
-                req.destroy();
-                resolve({});
-                return;
-            }
-            chunks.push(chunk);
-        });
-        req.on('end', () => {
-            const raw = Buffer.concat(chunks).toString('utf-8');
-            const params = new URLSearchParams(raw);
-            const result = {};
-            for (const [key, value] of params) {
-                result[key] = value;
-            }
-            resolve(result);
-        });
-        req.on('error', () => {
-            resolve({});
-        });
-    });
-}