webspresso 0.0.54 → 0.0.57

package/README.md

@@ -249,6 +249,25 @@ This command will:
 - `--short-name <string>` – manifest.json `short_name` (PWA)
 - `--no-layout` – Do not add include to layout.njk
 
+### Admin Panel Commands
+
+```bash
+# Create admin_users table migration
+webspresso admin:setup
+
+# List all admin users
+webspresso admin:list
+
+# Reset admin password (interactive)
+webspresso admin:password
+
+# Reset with options
+webspresso admin:password -e admin@example.com -p yeni_sifre123
+webspresso admin:password -c ./webspresso.db.js -E production
+```
+
+> **Note:** Requires `webspresso.db.js` or `knexfile.js` in project root. Run from project directory.
+
 ## Project Structure
 
 Create your app with this structure:
@@ -699,6 +718,36 @@ Options:
 
 The `analytics_page_views` table is automatically created on first request.
 
+**Audit log plugin:**
+- Records successful (`2xx`) admin panel model mutations: `create`, `update`, `delete`, `restore` on `${adminPath}/api/models/:model/records…`
+- Actor from `req.session.adminUser` after login; optional IP / user-agent; update metadata stores changed field names only (not full body)
+- `GET ${adminPath}/api/audit-logs` with pagination and filters (`page`, `perPage`, `model`, `action`, `from`, `to`) — use from custom admin pages or the bundled Mithril list (`includeDefaultPage` default `true`)
+- Run `webspresso db:migrate` after adding the migration (see `plugins/audit-log/migration-template.js` or the example under `migrations/`). Prune old rows with the CLI (recommended on a schedule):
+
+```bash
+npx webspresso audit:prune --days 90
+```
+
+```javascript
+const { adminPanelPlugin, auditLogPlugin } = require('webspresso/plugins');
+
+const { app } = createApp({
+  pagesDir: './pages',
+  plugins: [
+    adminPanelPlugin({ db }),
+    auditLogPlugin({
+      db,
+      // adminPath: '/_admin', // must match admin panel `path`
+      // tableName: 'audit_logs',
+      // includeDefaultPage: true,
+      // apiPrefix: '/audit-logs',
+    }),
+  ],
+});
+```
+
+Programmatic API (other plugins): `ctx.usePlugin('audit-log')` exposes `queryLogs`, `purgeAuditLogs`, and `getMigrationTemplate()`.
+
 **SEO Checker Plugin:**
 - Client-side SEO analysis tool (inspired by django-check-seo)
 - Integrated with dev toolbar
@@ -1339,9 +1388,33 @@ webspresso db:make create_posts_table
 webspresso db:make create_users_table --model User
 
 # Admin Panel Setup
-webspresso admin:setup  # Create admin_users migration
+webspresso admin:setup   # Create admin_users migration
+webspresso admin:list    # List all admin users
+webspresso admin:password  # Reset admin password (interactive or -e -p)
 ```
 
+**Admin CLI Commands:**
+
+```bash
+# Create admin_users table migration
+webspresso admin:setup
+
+# List all admin users
+webspresso admin:list
+
+# Reset admin password (interactive: prompts for email and password)
+webspresso admin:password
+
+# Reset with options
+webspresso admin:password -e admin@example.com -p yeni_sifre123
+
+# Use custom config or environment
+webspresso admin:password -c ./webspresso.db.js -E production
+webspresso admin:list -c ./webspresso.db.js
+```
+
+> **Note:** Database config is loaded from `webspresso.db.js` or `knexfile.js` in the project root. Run commands from your project directory.
+
 **Database Config File (`webspresso.db.js`):**
 
 ```javascript

package/bin/commands/admin-password.js

@@ -3,9 +3,8 @@
  * Reset admin user password via CLI
  */
 
-const fs = require('fs');
-const path = require('path');
 const readline = require('readline');
+const { loadDbConfig, createDbInstance } = require('../utils/db');
 
 function registerCommand(program) {
   program
@@ -13,41 +12,13 @@ function registerCommand(program) {
     .description('Reset admin user password')
     .option('-e, --email <email>', 'Admin user email')
     .option('-p, --password <password>', 'New password (not recommended, use interactive mode)')
-    .option('-c, --config <path>', 'Path to database config file')
+    .option('-c, --config <path>', 'Path to database config file (webspresso.db.js or knexfile.js)')
+    .option('-E, --env <environment>', 'Environment (development, production)', 'development')
     .action(async (options) => {
       try {
-        // Find project root and load database
-        const cwd = process.cwd();
-        
-        // Try to find and load the database config
-        let dbConfig = null;
-        const configPaths = [
-          options.config,
-          path.join(cwd, 'webspresso.config.js'),
-          path.join(cwd, 'database.config.js'),
-          path.join(cwd, 'db.config.js'),
-        ].filter(Boolean);
-        
-        for (const configPath of configPaths) {
-          if (fs.existsSync(configPath)) {
-            const config = require(configPath);
-            dbConfig = config.database || config;
-            break;
-          }
-        }
-        
-        if (!dbConfig) {
-          console.error('❌ Error: Could not find database configuration.');
-          console.error('   Please run this command from your project root.');
-          process.exit(1);
-        }
-        
-        // Lazy load dependencies
-        const bcrypt = require('bcrypt');
-        const knex = require('knex');
-        
-        // Initialize database connection
-        const db = knex(dbConfig);
+        const { config, path: configPath } = loadDbConfig(options.config);
+        const db = await createDbInstance(config, options.env);
+        console.log(`\n📦 Using config: ${configPath}\n`);
         
         // Check if admin_users table exists
         const hasTable = await db.schema.hasTable('admin_users');
@@ -174,35 +145,13 @@ function registerCommand(program) {
   program
     .command('admin:list')
     .description('List all admin users')
-    .option('-c, --config <path>', 'Path to database config file')
+    .option('-c, --config <path>', 'Path to database config file (webspresso.db.js or knexfile.js)')
+    .option('-E, --env <environment>', 'Environment (development, production)', 'development')
     .action(async (options) => {
       try {
-        const cwd = process.cwd();
-        
-        // Try to find and load the database config
-        let dbConfig = null;
-        const configPaths = [
-          options.config,
-          path.join(cwd, 'webspresso.config.js'),
-          path.join(cwd, 'database.config.js'),
-          path.join(cwd, 'db.config.js'),
-        ].filter(Boolean);
-        
-        for (const configPath of configPaths) {
-          if (fs.existsSync(configPath)) {
-            const config = require(configPath);
-            dbConfig = config.database || config;
-            break;
-          }
-        }
-        
-        if (!dbConfig) {
-          console.error('❌ Error: Could not find database configuration.');
-          process.exit(1);
-        }
-        
-        const knex = require('knex');
-        const db = knex(dbConfig);
+        const { config, path: configPath } = loadDbConfig(options.config);
+        const db = await createDbInstance(config, options.env);
+        console.log(`\n📦 Using config: ${configPath}\n`);
         
         // Check if admin_users table exists
         const hasTable = await db.schema.hasTable('admin_users');

package/bin/commands/audit-prune.js

@@ -0,0 +1,45 @@
+/**
+ * Prune old audit log rows (CLI)
+ */
+
+const { loadDbConfig, createDbInstance } = require('../utils/db');
+const { purgeAuditLogs } = require('../../plugins/audit-log/purge');
+
+function registerCommand(program) {
+  program
+    .command('audit:prune')
+    .description('Delete audit log rows older than the given retention window')
+    .option('--days <n>', 'Delete rows older than this many days', '90')
+    .option('--table <name>', 'Table name', 'audit_logs')
+    .option('-e, --env <environment>', 'Environment (development, production)', 'development')
+    .option('-c, --config <path>', 'Path to database config file')
+    .action(async (options) => {
+      const days = parseInt(options.days, 10);
+      if (Number.isNaN(days) || days < 1) {
+        console.error('❌ --days must be a positive integer');
+        process.exit(1);
+      }
+
+      const { config, path: configPath } = loadDbConfig(options.config);
+      console.log(`\n📦 Using config: ${configPath}`);
+      console.log(`   Environment: ${options.env}\n`);
+
+      const knex = await createDbInstance(config, options.env);
+      const olderThan = new Date(Date.now() - days * 24 * 60 * 60 * 1000);
+
+      try {
+        const deleted = await purgeAuditLogs(knex, {
+          tableName: options.table,
+          olderThan,
+        });
+        console.log(`✅ Deleted ${deleted} row(s) with created_at before ${olderThan.toISOString()}.\n`);
+      } catch (err) {
+        console.error('❌ audit:prune failed:', err.message);
+        process.exit(1);
+      } finally {
+        await knex.destroy();
+      }
+    });
+}
+
+module.exports = { registerCommand };

package/bin/webspresso.js

@@ -27,6 +27,7 @@ const { registerCommand: registerSeed } = require('./commands/seed');
 const { registerCommand: registerAdminSetup } = require('./commands/admin-setup');
 const { registerCommand: registerAdminPassword } = require('./commands/admin-password');
 const { registerCommand: registerFaviconGenerate } = require('./commands/favicon-generate');
+const { registerCommand: registerAuditPrune } = require('./commands/audit-prune');
 
 registerNew(program);
 registerPage(program);
@@ -42,6 +43,7 @@ registerSeed(program);
 registerAdminSetup(program);
 registerAdminPassword(program);
 registerFaviconGenerate(program);
+registerAuditPrune(program);
 
 // Parse arguments
 program.parse();

package/index.js

@@ -30,7 +30,7 @@ const {
 const orm = require('./core/orm');
 
 // Built-in plugins
-const { schemaExplorerPlugin, adminPanelPlugin, siteAnalyticsPlugin } = require('./plugins');
+const { schemaExplorerPlugin, adminPanelPlugin, siteAnalyticsPlugin, auditLogPlugin } = require('./plugins');
 
 module.exports = {
   // Main API
@@ -70,5 +70,5 @@ module.exports = {
   schemaExplorerPlugin,
   adminPanelPlugin,
   siteAnalyticsPlugin,
+  auditLogPlugin,
 };
-

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "webspresso",
-  "version": "0.0.54",
+  "version": "0.0.57",
   "description": "Minimal, production-ready SSR framework for Node.js with file-based routing, Nunjucks templating, built-in i18n, and CLI tooling",
   "main": "index.js",
   "bin": {
@@ -14,10 +14,7 @@
     "test:e2e:ui": "playwright test --ui",
     "test:e2e:debug": "playwright test --debug",
     "test:e2e:headed": "playwright test --headed",
-    "release": "release-it",
-    "docs:dev": "cd docs && npm run start",
-    "docs:build": "cd docs && npm run build",
-    "docs:serve": "cd docs && npm run serve"
+    "release": "release-it"
   },
   "keywords": [
     "ssr",

package/plugins/admin-panel/core/admin-module.js

@@ -117,8 +117,8 @@ function registerApiRoutes(moduleId, apiConfig, deps) {
   }
 
   for (const route of apiConfig.routes) {
-    if (!route.path || typeof route.handler !== 'function') {
-      throw new Error(`Module "${moduleId}": each API route requires path and handler`);
+    if (typeof route.path !== 'string' || typeof route.handler !== 'function') {
+      throw new Error(`Module "${moduleId}": each API route requires path (string, use "" for prefix root) and handler`);
     }
 
     const method = (route.method || 'get').toLowerCase();

package/plugins/audit-log/admin-component.js

@@ -0,0 +1,129 @@
+/**
+ * Audit log admin page — Mithril component source (string)
+ * @module plugins/audit-log/admin-component
+ */
+
+/**
+ * @param {Object} options
+ * @param {string} [options.apiPrefix='/audit-logs']
+ */
+function generateAuditLogComponent(options = {}) {
+  const apiPrefix = options.apiPrefix || '/audit-logs';
+
+  return `
+(function() {
+  var API = '${apiPrefix}';
+
+  function AuditLogPage() {
+    var rows = [];
+    var loading = true;
+    var error = null;
+    var page = 1;
+    var perPage = 25;
+    var total = 0;
+    var filterModel = '';
+    var filterAction = '';
+
+    function load() {
+      loading = true;
+      error = null;
+      var q = '?page=' + page + '&perPage=' + perPage;
+      if (filterModel) q += '&model=' + encodeURIComponent(filterModel);
+      if (filterAction) q += '&action=' + encodeURIComponent(filterAction);
+      api.get(API + q).then(function(res) {
+        rows = res.data || [];
+        total = (res.meta && res.meta.total) || 0;
+        loading = false;
+      }).catch(function(e) {
+        error = e.message || String(e);
+        loading = false;
+      });
+    }
+
+    return {
+      oninit: load,
+      view: function() {
+        if (loading) {
+          return m('div.p-8.text-gray-500', 'Loading…');
+        }
+        if (error) {
+          return m('div.p-8.text-red-600', error);
+        }
+        var maxPage = Math.max(1, Math.ceil(total / perPage) || 1);
+        return m('div.p-6.space-y-4', [
+          m('div.flex.flex-wrap.items-end.gap-4', [
+            m('div', [
+              m('label.block.text-xs.text-gray-500.mb-1', 'Model'),
+              m('input.border.rounded.px-2.py-1', {
+                value: filterModel,
+                oninput: function(e) { filterModel = e.target.value; },
+                placeholder: 'Post',
+              }),
+            ]),
+            m('div', [
+              m('label.block.text-xs.text-gray-500.mb-1', 'Action'),
+              m('select.border.rounded.px-2.py-1', {
+                value: filterAction,
+                onchange: function(e) { filterAction = e.target.value; },
+              }, [
+                m('option', { value: '' }, 'All'),
+                m('option', { value: 'create' }, 'create'),
+                m('option', { value: 'update' }, 'update'),
+                m('option', { value: 'delete' }, 'delete'),
+                m('option', { value: 'restore' }, 'restore'),
+              ]),
+            ]),
+            m('button.bg-blue-600.text-white.px-4.py-1.rounded', {
+              onclick: function() { page = 1; load(); },
+            }, 'Apply'),
+          ]),
+          m('div.text-sm.text-gray-500', 'Total: ' + total),
+          m('div.overflow-x-auto.border.rounded', [
+            m('table.min-w-full.text-sm', [
+              m('thead.bg-gray-50', [
+                m('tr', [
+                  m('th.text-left.p-2', 'Time'),
+                  m('th.text-left.p-2', 'Actor'),
+                  m('th.text-left.p-2', 'Action'),
+                  m('th.text-left.p-2', 'Model'),
+                  m('th.text-left.p-2', 'Id'),
+                  m('th.text-left.p-2', 'Path'),
+                ]),
+              ]),
+              m('tbody', rows.map(function(r) {
+                return m('tr.border-t', [
+                  m('td.p-2.whitespace-nowrap', r.created_at || ''),
+                  m('td.p-2', (r.actor_email || '') + (r.actor_id != null ? ' #' + r.actor_id : '')),
+                  m('td.p-2', r.action),
+                  m('td.p-2', r.resource_model),
+                  m('td.p-2', r.resource_id != null ? String(r.resource_id) : '—'),
+                  m('td.p-2.max-w-md.truncate', { title: r.path || '' }, r.path || ''),
+                ]);
+              })),
+            ]),
+          ]),
+          m('div.flex.items-center.gap-2', [
+            m('button.px-3.py-1.border.rounded', {
+              disabled: page <= 1,
+              onclick: function() { if (page > 1) { page--; load(); } },
+            }, 'Prev'),
+            m('span.text-sm', 'Page ' + page + ' / ' + maxPage),
+            m('button.px-3.py-1.border.rounded', {
+              disabled: page >= maxPage,
+              onclick: function() { if (page < maxPage) { page++; load(); } },
+            }, 'Next'),
+          ]),
+        ]);
+      },
+    };
+  }
+
+  window.__customPages = window.__customPages || {};
+  window.__customPages['audit-log'] = AuditLogPage;
+})();
+`;
+}
+
+module.exports = {
+  generateAuditLogComponent,
+};

package/plugins/audit-log/api-handlers.js

@@ -0,0 +1,83 @@
+/**
+ * Admin API handlers for audit log listing
+ * @module plugins/audit-log/api-handlers
+ */
+
+/**
+ * @param {Object} options
+ * @param {import('knex').Knex} options.knex
+ * @param {string} [options.tableName='audit_logs']
+ */
+function createAuditLogHandlers(options) {
+  const knex = options.knex;
+  const tableName = options.tableName || 'audit_logs';
+
+  function applyFilters(qb, query) {
+    if (query.model) {
+      qb.where('resource_model', String(query.model));
+    }
+    if (query.action) {
+      qb.where('action', String(query.action));
+    }
+    if (query.from) {
+      qb.where('created_at', '>=', String(query.from));
+    }
+    if (query.to) {
+      qb.where('created_at', '<=', String(query.to));
+    }
+  }
+
+  async function listHandler(req, res) {
+    try {
+      const page = Math.max(1, parseInt(req.query.page, 10) || 1);
+      const perPage = Math.min(100, Math.max(1, parseInt(req.query.perPage, 10) || 25));
+
+      const countQ = knex(tableName).modify((qb) => applyFilters(qb, req.query));
+      const countRow = await countQ.count('* as cnt').first();
+      const total = Number(countRow?.cnt ?? Object.values(countRow || {})[0] ?? 0);
+
+      const rows = await knex(tableName)
+        .modify((qb) => applyFilters(qb, req.query))
+        .orderBy('created_at', 'desc')
+        .offset((page - 1) * perPage)
+        .limit(perPage);
+
+      res.json({
+        data: rows,
+        meta: { page, perPage, total },
+      });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  }
+
+  /**
+   * Programmatic list (for other plugins)
+   * @param {Object} [filters]
+   * @param {string} [filters.model]
+   * @param {string} [filters.action]
+   * @param {string} [filters.from]
+   * @param {string} [filters.to]
+   * @param {number} [filters.limit=100]
+   * @param {number} [filters.offset=0]
+   */
+  async function queryLogs(filters = {}) {
+    const limit = Math.min(500, Math.max(1, filters.limit ?? 100));
+    const offset = Math.max(0, filters.offset ?? 0);
+
+    return knex(tableName)
+      .modify((qb) => applyFilters(qb, filters))
+      .orderBy('created_at', 'desc')
+      .offset(offset)
+      .limit(limit);
+  }
+
+  return {
+    listHandler,
+    queryLogs,
+  };
+}
+
+module.exports = {
+  createAuditLogHandlers,
+};

package/plugins/audit-log/index.js

@@ -0,0 +1,99 @@
+/**
+ * Audit log plugin — admin model CRUD audit trail
+ * @module plugins/audit-log
+ */
+
+const { createAuditMiddleware } = require('./middleware');
+const { createAuditLogHandlers } = require('./api-handlers');
+const { generateAuditLogComponent } = require('./admin-component');
+const { generateAuditLogsMigration } = require('./migration-template');
+const { purgeAuditLogs } = require('./purge');
+
+/**
+ * @param {Object} options
+ * @param {Object} options.db - Database instance (must expose .knex)
+ * @param {string} [options.adminPath='/_admin'] - Must match admin panel `path` option
+ * @param {string} [options.tableName='audit_logs']
+ * @param {boolean} [options.includeDefaultPage=true] - Register Mithril list page + menu
+ * @param {string} [options.apiPrefix='/audit-logs'] - GET list under admin API
+ */
+function auditLogPlugin(options = {}) {
+  const {
+    db,
+    adminPath: adminPathOpt,
+    tableName = 'audit_logs',
+    includeDefaultPage = true,
+    apiPrefix = '/audit-logs',
+  } = options;
+
+  if (!db) {
+    throw new Error('audit-log plugin requires a database instance. Pass `db` in options.');
+  }
+
+  const knex = db.knex || db;
+
+  const handlers = createAuditLogHandlers({ knex, tableName });
+
+  return {
+    name: 'audit-log',
+    version: '1.0.0',
+    description: 'Audit trail for admin panel model CRUD API',
+    dependencies: { 'admin-panel': '*' },
+
+    api: {
+      purgeAuditLogs: (kx, opts = {}) =>
+        purgeAuditLogs(kx || knex, { tableName: opts.tableName || tableName, olderThan: opts.olderThan }),
+      queryLogs: (filters) => handlers.queryLogs(filters),
+      getMigrationTemplate: (name) => generateAuditLogsMigration(name || tableName),
+    },
+
+    register(ctx) {
+      const adminPath = adminPathOpt || '/_admin';
+      ctx.app.use(createAuditMiddleware({ knex, adminPath, tableName }));
+    },
+
+    onRoutesReady(ctx) {
+      const adminApi = ctx.usePlugin('admin-panel');
+      if (!adminApi) {
+        console.warn('[audit-log] admin-panel plugin not found, skipping list API / UI');
+        return;
+      }
+
+      adminApi.registerModule({
+        id: 'audit-log',
+
+        pages: includeDefaultPage
+          ? [{
+            id: 'audit-log',
+            title: 'Audit log',
+            path: '/audit-log',
+            icon: 'database',
+            component: generateAuditLogComponent({ apiPrefix }),
+          }]
+          : [],
+
+        menu: includeDefaultPage
+          ? [{
+            id: 'audit-log',
+            label: 'Audit log',
+            path: '/audit-log',
+            icon: 'database',
+            order: 95,
+          }]
+          : [],
+
+        api: {
+          prefix: apiPrefix,
+          routes: [
+            { method: 'get', path: '', handler: handlers.listHandler },
+          ],
+        },
+      });
+    },
+  };
+}
+
+module.exports = auditLogPlugin;
+module.exports.auditLogPlugin = auditLogPlugin;
+module.exports.generateAuditLogsMigration = generateAuditLogsMigration;
+module.exports.purgeAuditLogs = purgeAuditLogs;

package/plugins/audit-log/middleware.js

@@ -0,0 +1,112 @@
+/**
+ * Express middleware: log successful admin model CRUD to audit_logs
+ * @module plugins/audit-log/middleware
+ */
+
+const { parseAdminModelAudit } = require('./parse');
+
+function stringifyId(val) {
+  if (val === undefined || val === null) {
+    return null;
+  }
+  if (typeof val === 'bigint') {
+    return val.toString();
+  }
+  return String(val);
+}
+
+function extractResourceIdFromJsonBody(body, action) {
+  if (!body || typeof body !== 'object') {
+    return null;
+  }
+  if (action === 'create' && body.data && body.data.id !== undefined) {
+    return stringifyId(body.data.id);
+  }
+  return null;
+}
+
+function buildMetadata(action, req) {
+  if (action === 'update' && req.body && typeof req.body === 'object' && !Array.isArray(req.body)) {
+    const changedFields = Object.keys(req.body);
+    if (changedFields.length) {
+      return { changedFields };
+    }
+  }
+  return null;
+}
+
+/**
+ * @param {Object} options
+ * @param {import('knex').Knex} options.knex
+ * @param {string} options.adminPath
+ * @param {string} [options.tableName='audit_logs']
+ * @returns {import('express').RequestHandler}
+ */
+function createAuditMiddleware(options) {
+  const knex = options.knex;
+  const adminPath = options.adminPath || '/_admin';
+  const tableName = options.tableName || 'audit_logs';
+
+  return function auditLogMiddleware(req, res, next) {
+    const parsed = parseAdminModelAudit(adminPath, req.method, req.path);
+    if (!parsed) {
+      return next();
+    }
+
+    const origJson = res.json.bind(res);
+    let lastJsonBody = null;
+
+    res.json = function auditWrappedJson(body) {
+      if (body !== undefined && body !== null && typeof body === 'object') {
+        lastJsonBody = body;
+      }
+      return origJson(body);
+    };
+
+    res.on('finish', () => {
+      try {
+        if (res.statusCode < 200 || res.statusCode >= 300) {
+          return;
+        }
+        const session = req.session;
+        const actor = session && session.adminUser;
+        if (!actor) {
+          return;
+        }
+
+        const { action, resourceModel, resourceId: pathId } = parsed;
+        let resourceId = pathId;
+        if (action === 'create') {
+          resourceId = extractResourceIdFromJsonBody(lastJsonBody, action) || resourceId;
+        }
+
+        const metadata = buildMetadata(action, req);
+        const pathStr = (req.originalUrl || req.url || req.path || '').slice(0, 2000);
+        const row = {
+          actor_id: actor.id != null ? Number(actor.id) : null,
+          actor_email: actor.email || null,
+          action,
+          resource_model: resourceModel,
+          resource_id: resourceId,
+          http_method: req.method,
+          path: pathStr,
+          ip: req.ip || (req.connection && req.connection.remoteAddress) || null,
+          user_agent: req.get && req.get('user-agent') ? req.get('user-agent').slice(0, 2000) : null,
+          metadata: metadata || null,
+        };
+
+        knex(tableName).insert(row).catch((err) => {
+          console.warn('[audit-log] Failed to insert audit row:', err.message);
+        });
+      } catch (e) {
+        console.warn('[audit-log] finish handler error:', e.message);
+      }
+    });
+
+    next();
+  };
+}
+
+module.exports = {
+  createAuditMiddleware,
+};

package/plugins/audit-log/migration-template.js

@@ -0,0 +1,45 @@
+/**
+ * Migration template for audit_logs table
+ * @module plugins/audit-log/migration-template
+ */
+
+/**
+ * Generate migration file content for audit_logs
+ * @param {string} [tableName='audit_logs']
+ * @returns {string}
+ */
+function generateAuditLogsMigration(tableName = 'audit_logs') {
+  return `/**
+ * Migration: Create ${tableName} table
+ * Auto-generated by audit-log plugin
+ */
+
+exports.up = function(knex) {
+  return knex.schema.createTable('${tableName}', (table) => {
+    table.bigIncrements('id').primary();
+    table.timestamp('created_at').defaultTo(knex.fn.now()).notNullable().index();
+    table.bigInteger('actor_id').nullable().index();
+    table.string('actor_email', 255).nullable();
+    table.string('action', 32).notNullable();
+    table.string('resource_model', 255).notNullable();
+    table.string('resource_id', 255).nullable();
+    table.string('http_method', 16).notNullable();
+    table.string('path', 2000).notNullable();
+    table.string('ip', 64).nullable();
+    table.text('user_agent').nullable();
+    table.json('metadata').nullable();
+
+    table.index(['resource_model', 'created_at']);
+    table.index(['action', 'created_at']);
+  });
+};
+
+exports.down = function(knex) {
+  return knex.schema.dropTableIfExists('${tableName}');
+};
+`;
+}
+
+module.exports = {
+  generateAuditLogsMigration,
+};

package/plugins/audit-log/parse.js

@@ -0,0 +1,58 @@
+/**
+ * Parse admin model CRUD paths for audit logging
+ * @module plugins/audit-log/parse
+ */
+
+/**
+ * Escape string for use in RegExp
+ * @param {string} s
+ * @returns {string}
+ */
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+
+/**
+ * Parse mutation target from request path relative to admin base (no trailing slash).
+ * @param {string} adminPath - e.g. /_admin
+ * @param {string} method - HTTP method uppercased
+ * @param {string} reqPath - req.path
+ * @returns {{ action: string, resourceModel: string, resourceId: string|null }|null}
+ */
+function parseAdminModelAudit(adminPath, method, reqPath) {
+  const base = adminPath.replace(/\/$/, '');
+  if (!reqPath.startsWith(base)) {
+    return null;
+  }
+  const rel = reqPath.slice(base.length);
+  const re = /^\/api\/models\/([^/]+)\/records(?:\/([^/]+))?(?:\/(restore))?$/;
+  const m = re.exec(rel);
+  if (!m) {
+    return null;
+  }
+
+  const resourceModel = m[1];
+  const idPart = m[2];
+  const isRestore = m[3] === 'restore';
+  const M = method.toUpperCase();
+
+  if (M === 'POST' && !idPart) {
+    return { action: 'create', resourceModel, resourceId: null };
+  }
+  if (M === 'POST' && idPart && isRestore) {
+    return { action: 'restore', resourceModel, resourceId: idPart };
+  }
+  if (M === 'PUT' && idPart && !isRestore) {
+    return { action: 'update', resourceModel, resourceId: idPart };
+  }
+  if (M === 'DELETE' && idPart && !isRestore) {
+    return { action: 'delete', resourceModel, resourceId: idPart };
+  }
+
+  return null;
+}
+
+module.exports = {
+  escapeRegex,
+  parseAdminModelAudit,
+};

package/plugins/audit-log/purge.js

@@ -0,0 +1,28 @@
+/**
+ * Delete audit log rows older than a cutoff
+ * @module plugins/audit-log/purge
+ */
+
+/**
+ * @param {import('knex').Knex} knex
+ * @param {Object} options
+ * @param {string} [options.tableName='audit_logs']
+ * @param {Date|string} options.olderThan - Rows with created_at strictly before this are removed
+ * @returns {Promise<number>} Deleted row count (driver-dependent; 0 if unknown)
+ */
+async function purgeAuditLogs(knex, options) {
+  const tableName = options.tableName || 'audit_logs';
+  const olderThan = options.olderThan instanceof Date
+    ? options.olderThan
+    : new Date(options.olderThan);
+
+  if (Number.isNaN(olderThan.getTime())) {
+    throw new Error('purgeAuditLogs: invalid olderThan date');
+  }
+
+  return knex(tableName).where('created_at', '<', olderThan).delete();
+}
+
+module.exports = {
+  purgeAuditLogs,
+};

package/plugins/index.js

@@ -10,6 +10,7 @@ const schemaExplorerPlugin = require('./schema-explorer');
 const adminPanelPlugin = require('./admin-panel');
 const seoCheckerPlugin = require('./seo-checker');
 const siteAnalyticsPlugin = require('./site-analytics');
+const auditLogPlugin = require('./audit-log');
 
 module.exports = {
   sitemapPlugin,
@@ -19,5 +20,6 @@ module.exports = {
   adminPanelPlugin,
   seoCheckerPlugin,
   siteAnalyticsPlugin,
+  auditLogPlugin,
 };
 

package/plugins/seo-checker/panel.js

@@ -172,34 +172,44 @@ function generatePanelStyles() {
   .seo-tabs {
     display: flex;
     padding: 0 12px;
-    gap: 2px;
+    gap: 4px;
     background: rgba(0,0,0,0.2);
     border-bottom: 1px solid rgba(255,255,255,0.06);
     overflow-x: auto;
-    scrollbar-width: none;
+    overflow-y: hidden;
+    scrollbar-width: thin;
+    scrollbar-color: #3f3f46 transparent;
   }
   
   .seo-tabs::-webkit-scrollbar {
-    display: none;
+    height: 4px;
+  }
+  
+  .seo-tabs::-webkit-scrollbar-track {
+    background: transparent;
+  }
+  
+  .seo-tabs::-webkit-scrollbar-thumb {
+    background: #3f3f46;
+    border-radius: 2px;
   }
   
   .seo-tab {
-    flex: 1;
-    min-width: 0;
-    padding: 12px 8px;
+    flex: 0 0 auto;
+    padding: 10px 10px;
     background: none;
     border: none;
     color: #71717a;
     font-size: 10px;
     font-weight: 500;
     text-transform: uppercase;
-    letter-spacing: 0.5px;
+    letter-spacing: 0.3px;
     cursor: pointer;
     transition: all 0.2s;
     display: flex;
     flex-direction: column;
     align-items: center;
-    gap: 6px;
+    gap: 4px;
     border-bottom: 2px solid transparent;
     white-space: nowrap;
   }
@@ -400,7 +410,8 @@ function generatePanelStyles() {
     }
     
     .seo-tab {
-      padding: 10px 6px;
+      flex: 0 0 auto;
+      padding: 8px 8px;
       font-size: 9px;
     }