From 94724a508185d381f3d3c19a31091c838f509153 Mon Sep 17 00:00:00 2001
From: amaliadwiy <iam.amaliadwi@gmail.com>
Date: Tue, 28 Apr 2026 15:06:13 +0800
Subject: [PATCH 1/2] feat: add Google OAuth login with USER role and pending
 approval flow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add GET /api/auth/google and GET /api/auth/callback/google routes with CSRF state protection and account linking via googleId
- Add getPublicOrigin() for dynamic redirect_uri (supports reverse proxy via X-Forwarded-Proto)
- Add USER role to schema (default for new Google sign-ins), make password optional, add googleId and image fields
- Role-based redirect after login: USER → /profile, ADMIN/DEVELOPER → /dashboard
- Profile page shows pending approval alert for USER role
- Dashboard redirects USER role back to profile
- Login page shows specific error messages per OAuth error code

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../migration.sql                             |  21 +++
 prisma/schema.prisma                          |   6 +-
 src/app.ts                                    | 125 +++++++++++++++++-
 src/frontend/components/DashboardLayout.tsx   |  24 +++-
 src/frontend/hooks/useAuth.ts                 |   5 +-
 src/frontend/routes/login.tsx                 |  22 ++-
 src/frontend/routes/profile.tsx               |  23 +++-
 src/frontend/routes/users.tsx                 |  13 +-
 src/lib/env.ts                                |   1 +
 9 files changed, 219 insertions(+), 21 deletions(-)
 create mode 100644 prisma/migrations/20260428144413_add_google_oauth_user_role/migration.sql

diff --git a/prisma/migrations/20260428144413_add_google_oauth_user_role/migration.sql b/prisma/migrations/20260428144413_add_google_oauth_user_role/migration.sql
new file mode 100644
index 0000000..b64087c
--- /dev/null
+++ b/prisma/migrations/20260428144413_add_google_oauth_user_role/migration.sql
@@ -0,0 +1,21 @@
+-- AlterEnum: add USER back to Role
+BEGIN;
+CREATE TYPE "Role_new" AS ENUM ('USER', 'ADMIN', 'DEVELOPER');
+ALTER TABLE "public"."user" ALTER COLUMN "role" DROP DEFAULT;
+ALTER TABLE "user" ALTER COLUMN "role" TYPE "Role_new" USING ("role"::text::"Role_new");
+ALTER TYPE "Role" RENAME TO "Role_old";
+ALTER TYPE "Role_new" RENAME TO "Role";
+DROP TYPE "public"."Role_old";
+ALTER TABLE "user" ALTER COLUMN "role" SET DEFAULT 'USER';
+COMMIT;
+
+-- AlterTable: make password nullable, change default role
+ALTER TABLE "user"
+  ALTER COLUMN "password" DROP NOT NULL,
+  ALTER COLUMN "role" SET DEFAULT 'USER';
+
+-- AlterTable: add googleId column
+ALTER TABLE "user" ADD COLUMN "googleId" TEXT;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "user_googleId_key" ON "user"("googleId");
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 5667144..475e633 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -9,6 +9,7 @@ datasource db {
 }
 
 enum Role {
+  USER
   ADMIN
   DEVELOPER
 }
@@ -41,8 +42,9 @@ model User {
   id        String   @id @default(uuid())
   name      String
   email     String   @unique
-  password  String
-  role      Role     @default(ADMIN)
+  password  String?
+  googleId  String?  @unique
+  role      Role     @default(USER)
   active    Boolean  @default(true)
   image     String?
   createdAt DateTime @default(now())
diff --git a/src/app.ts b/src/app.ts
index be47ff6..8eb4205 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -8,6 +8,14 @@ import { env } from './lib/env'
 import { createSystemLog } from './lib/logger'
 import { getMinioDownloadUrl, uploadBugImage } from './lib/minio'
 
+function getPublicOrigin(request: Request): string {
+  if (process.env.BUN_PUBLIC_BASE_URL) return process.env.BUN_PUBLIC_BASE_URL.replace(/\/$/, '')
+  const url = new URL(request.url)
+  const proto = request.headers.get('x-forwarded-proto')?.split(',')[0]?.trim()
+  const host = request.headers.get('x-forwarded-host') ?? request.headers.get('host') ?? url.host
+  return `${proto ?? url.protocol.replace(':', '')}://${host}`
+}
+
 interface AuthResult {
   actingUserId: string
   reporterUserId: string | null  // null jika via API key (tidak ada user spesifik)
@@ -80,10 +88,117 @@ export function createApp() {
     })
 
     // ─── Auth API ──────────────────────────────────────
+    // ─── Google OAuth ──────────────────────────────────
+    .get('/api/auth/google', ({ request }) => {
+      const origin = getPublicOrigin(request)
+      const state = crypto.randomUUID()
+      const params = new URLSearchParams({
+        client_id: env.GOOGLE_CLIENT_ID,
+        redirect_uri: `${origin}/api/auth/callback/google`,
+        response_type: 'code',
+        scope: 'openid email profile',
+        state,
+        access_type: 'online',
+        prompt: 'select_account',
+      })
+      const headers = new Headers()
+      headers.set('Location', `https://accounts.google.com/o/oauth2/v2/auth?${params}`)
+      headers.set('Set-Cookie', `oauth_state=${state}; Path=/; HttpOnly; SameSite=Lax; Max-Age=600`)
+      return new Response(null, { status: 302, headers })
+    }, {
+      detail: {
+        summary: 'Google OAuth Login',
+        description: 'Menginisiasi alur Google OAuth. Meredirect pengguna ke halaman login Google.',
+        tags: ['Auth'],
+      },
+    })
+
+    .get('/api/auth/callback/google', async ({ query, request }) => {
+      const { code, state, error } = query as Record<string, string>
+      const origin = getPublicOrigin(request)
+
+      if (error) {
+        return new Response(null, { status: 302, headers: { Location: '/login?error=google_denied' } })
+      }
+
+      const cookie = request.headers.get('cookie') ?? ''
+      const storedState = cookie.match(/oauth_state=([^;]+)/)?.[1]
+      if (!state || !storedState || state !== storedState) {
+        return new Response(null, { status: 302, headers: { Location: '/login?error=invalid_state' } })
+      }
+
+      const tokenRes = await fetch('https://oauth2.googleapis.com/token', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+          code,
+          client_id: env.GOOGLE_CLIENT_ID,
+          client_secret: env.GOOGLE_CLIENT_SECRET,
+          redirect_uri: `${origin}/api/auth/callback/google`,
+          grant_type: 'authorization_code',
+        }),
+      })
+
+      if (!tokenRes.ok) {
+        return new Response(null, { status: 302, headers: { Location: '/login?error=token_failed' } })
+      }
+
+      const { access_token } = await tokenRes.json() as { access_token: string }
+
+      const userInfoRes = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
+        headers: { Authorization: `Bearer ${access_token}` },
+      })
+
+      if (!userInfoRes.ok) {
+        return new Response(null, { status: 302, headers: { Location: '/login?error=userinfo_failed' } })
+      }
+
+      const { id: googleId, email, name, picture } = await userInfoRes.json() as {
+        id: string; email: string; name: string; picture?: string
+      }
+
+      let user = await prisma.user.findFirst({
+        where: { OR: [{ googleId }, { email }] },
+      })
+
+      if (!user) {
+        user = await prisma.user.create({
+          data: { name, email, googleId, image: picture, role: 'USER' },
+        })
+      } else if (!user.googleId) {
+        user = await prisma.user.update({
+          where: { id: user.id },
+          data: { googleId, image: picture ?? user.image },
+        })
+      }
+
+      if (env.SUPER_ADMIN_EMAILS.includes(user.email) && user.role !== 'DEVELOPER') {
+        user = await prisma.user.update({ where: { id: user.id }, data: { role: 'DEVELOPER' } })
+      }
+
+      const token = crypto.randomUUID()
+      const expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000)
+      await prisma.session.create({ data: { token, userId: user.id, expiresAt } })
+      await createSystemLog(user.id, 'LOGIN', 'Logged in with Google')
+
+      const redirectPath = user.role === 'USER' ? '/profile' : '/dashboard'
+      const headers = new Headers()
+      headers.append('Location', redirectPath)
+      headers.append('Set-Cookie', `session=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400`)
+      headers.append('Set-Cookie', 'oauth_state=; Path=/; HttpOnly; Max-Age=0')
+      return new Response(null, { status: 302, headers })
+    }, {
+      detail: {
+        summary: 'Google OAuth Callback',
+        description: 'Menerima callback dari Google, membuat/menautkan akun, membuat sesi, lalu meredirect ke /dashboard (ADMIN/DEVELOPER) atau /profile (USER baru).',
+        tags: ['Auth'],
+      },
+    })
+
     .post('/api/auth/login', async ({ body, set }) => {
       const { email, password } = body
       let user = await prisma.user.findUnique({ where: { email } })
-      if (!user || !(await Bun.password.verify(password, user.password))) {
+      if (!user || !user.password || !(await Bun.password.verify(password, user.password))) {
         set.status = 401
         return { error: 'Email atau password salah' }
       }
@@ -96,7 +211,7 @@ export function createApp() {
       await prisma.session.create({ data: { token, userId: user.id, expiresAt } })
       set.headers['set-cookie'] = `session=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400`
       await createSystemLog(user.id, 'LOGIN', 'Logged in successfully')
-      return { user: { id: user.id, name: user.name, email: user.email, role: user.role } }
+      return { user: { id: user.id, name: user.name, email: user.email, role: user.role, image: user.image } }
     }, {
       body: t.Object({
         email: t.String({ format: 'email', description: 'Email pengguna' }),
@@ -135,7 +250,7 @@ export function createApp() {
       if (!token) { set.status = 401; return { user: null } }
       const session = await prisma.session.findUnique({
         where: { token },
-        include: { user: { select: { id: true, name: true, email: true, role: true } } },
+        include: { user: { select: { id: true, name: true, email: true, role: true, image: true } } },
       })
       if (!session || session.expiresAt < new Date()) {
         if (session) await prisma.session.delete({ where: { id: session.id } })
@@ -454,7 +569,7 @@ export function createApp() {
         name: t.String({ minLength: 1, description: 'Nama lengkap operator' }),
         email: t.String({ format: 'email', description: 'Alamat email (harus unik)' }),
         password: t.String({ minLength: 6, description: 'Password (minimal 6 karakter)' }),
-        role: t.Union([t.Literal('ADMIN'), t.Literal('DEVELOPER')], { description: 'Role: ADMIN atau DEVELOPER' }),
+        role: t.Union([t.Literal('ADMIN'), t.Literal('DEVELOPER')], { description: 'Role untuk akun yang dibuat manual: ADMIN atau DEVELOPER' }),
       }),
       detail: {
         summary: 'Create Operator',
@@ -494,7 +609,7 @@ export function createApp() {
       body: t.Object({
         name: t.Optional(t.String({ minLength: 1, description: 'Nama baru' })),
         email: t.Optional(t.String({ format: 'email', description: 'Email baru' })),
-        role: t.Optional(t.Union([t.Literal('ADMIN'), t.Literal('DEVELOPER')], { description: 'Role baru' })),
+        role: t.Optional(t.Union([t.Literal('USER'), t.Literal('ADMIN'), t.Literal('DEVELOPER')], { description: 'Role baru' })),
         active: t.Optional(t.Boolean({ description: 'Status aktif operator' })),
       }),
       detail: {
diff --git a/src/frontend/components/DashboardLayout.tsx b/src/frontend/components/DashboardLayout.tsx
index 6891f49..dfb3293 100644
--- a/src/frontend/components/DashboardLayout.tsx
+++ b/src/frontend/components/DashboardLayout.tsx
@@ -1,20 +1,25 @@
 import { APP_CONFIGS } from '@/frontend/config/appMenus'
 import { useLogout, useSession } from '@/frontend/hooks/useAuth'
+import React from 'react'
 import {
   ActionIcon,
+  Alert,
   AppShell,
   Avatar,
   Box,
   Burger,
   Button,
+  Center,
   Group,
   Loader,
+  LoadingOverlay,
   Menu,
   NavLink,
   Select,
   Stack,
   Text,
   ThemeIcon,
+  Title,
   useComputedColorScheme,
   useMantineColorScheme
 } from '@mantine/core'
@@ -26,6 +31,7 @@ import {
   TbApps,
   TbArrowLeft,
   TbChevronRight,
+  TbClock,
   TbDashboard,
   TbDeviceMobile,
   TbHistory,
@@ -54,10 +60,17 @@ export function DashboardLayout({ children }: DashboardLayoutProps) {
   const currentPath = matches[matches.length - 1]?.pathname
 
   // ─── Connect to auth system ──────────────────────────
-  const { data: sessionData } = useSession()
+  const { data: sessionData, isLoading: sessionLoading } = useSession()
   const user = sessionData?.user
   const logout = useLogout()
 
+  // Redirect USER role to profile (pending approval)
+  React.useEffect(() => {
+    if (!sessionLoading && user?.role === 'USER') {
+      navigate({ to: '/profile' })
+    }
+  }, [user?.role, sessionLoading, navigate])
+
   // ─── Fetch registered apps from database ─────────────
   const { data: appsData } = useQuery({
     queryKey: ['apps'],
@@ -99,6 +112,15 @@ export function DashboardLayout({ children }: DashboardLayoutProps) {
     logout.mutate()
   }
 
+  // Prevent dashboard flash for USER role while redirect is happening
+  if (sessionLoading || user?.role === 'USER') {
+    return (
+      <Center mih="100vh">
+        <LoadingOverlay visible />
+      </Center>
+    )
+  }
+
   return (
     <AppShell
       header={{ height: 70 }}
diff --git a/src/frontend/hooks/useAuth.ts b/src/frontend/hooks/useAuth.ts
index de4e7c3..f6995bd 100644
--- a/src/frontend/hooks/useAuth.ts
+++ b/src/frontend/hooks/useAuth.ts
@@ -1,13 +1,14 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
 import { useNavigate } from '@tanstack/react-router'
 
-export type Role = | 'ADMIN' | 'DEVELOPER'
+export type Role = 'USER' | 'ADMIN' | 'DEVELOPER'
 
 export interface User {
   id: string
   name: string
   email: string
   role: Role
+  image?: string | null
 }
 
 async function apiFetch<T>(path: string, init?: RequestInit): Promise<T> {
@@ -41,7 +42,7 @@ export function useLogin() {
       }),
     onSuccess: (data) => {
       queryClient.setQueryData(['auth', 'session'], data)
-      navigate({ to: '/dashboard' })
+      navigate({ to: data.user.role === 'USER' ? '/profile' : '/dashboard' })
     },
   })
 }
diff --git a/src/frontend/routes/login.tsx b/src/frontend/routes/login.tsx
index 5432337..f534cfc 100644
--- a/src/frontend/routes/login.tsx
+++ b/src/frontend/routes/login.tsx
@@ -27,7 +27,7 @@ export const Route = createFileRoute('/login')({
         queryFn: () => fetch('/api/auth/session', { credentials: 'include' }).then((r) => r.json()),
       })
       if (data?.user) {
-        throw redirect({ to: '/dashboard' })
+        throw redirect({ to: data.user.role === 'USER' ? '/profile' : '/dashboard' })
       }
     } catch (e) {
       if (e instanceof Error) return
@@ -59,7 +59,14 @@ function LoginPage() {
 
             {(login.isError || searchError) && (
               <Alert icon={<TbAlertCircle size={16} />} color="red" variant="light">
-                {login.isError ? login.error.message : 'Google login failed, please try again.'}
+                {login.isError ? login.error.message : (
+                  {
+                    google_denied: 'Login dengan Google dibatalkan.',
+                    invalid_state: 'Sesi OAuth tidak valid, silakan coba lagi.',
+                    token_failed: 'Gagal menukar token Google, silakan coba lagi.',
+                    userinfo_failed: 'Gagal mengambil info akun Google, silakan coba lagi.',
+                  }[searchError ?? ''] ?? 'Login dengan Google gagal, silakan coba lagi.'
+                )}
               </Alert>
             )}
 
@@ -89,6 +96,17 @@ function LoginPage() {
             >
               Sign in
             </Button>
+
+            <Divider label="or" labelPosition="center" />
+
+            <Button
+              variant="default"
+              fullWidth
+              leftSection={<FcGoogle size={18} />}
+              onClick={() => { window.location.href = '/api/auth/google' }}
+            >
+              Continue with Google
+            </Button>
           </Stack>
         </form>
       </Paper>
diff --git a/src/frontend/routes/profile.tsx b/src/frontend/routes/profile.tsx
index be019ed..2a99298 100644
--- a/src/frontend/routes/profile.tsx
+++ b/src/frontend/routes/profile.tsx
@@ -1,4 +1,5 @@
 import {
+  Alert,
   Avatar,
   Badge,
   Button,
@@ -10,7 +11,7 @@ import {
   Title,
 } from '@mantine/core'
 import { createFileRoute, redirect } from '@tanstack/react-router'
-import { TbLogout, TbUser } from 'react-icons/tb'
+import { TbClock, TbLogout, TbUser } from 'react-icons/tb'
 import { useLogout, useSession } from '@/frontend/hooks/useAuth'
 
 export const Route = createFileRoute('/profile')({
@@ -30,6 +31,7 @@ export const Route = createFileRoute('/profile')({
 })
 
 const roleBadgeColor: Record<string, string> = {
+  USER: 'gray',
   ADMIN: 'violet',
   DEVELOPER: 'red',
 }
@@ -55,9 +57,26 @@ function ProfilePage() {
           </Button>
         </Group>
 
+        {user?.role === 'USER' && (
+          <Alert
+            icon={<TbClock size={18} />}
+            title="Akun Menunggu Persetujuan"
+            color="yellow"
+            variant="light"
+            radius="md"
+          >
+            Akun kamu sedang menunggu persetujuan admin. Hubungi admin atau developer untuk mendapatkan akses ke fitur dashboard.
+          </Alert>
+        )}
+
         <Paper withBorder p="xl" radius="md">
           <Stack align="center" gap="md">
-            <Avatar color="blue" radius="xl" size={80}>
+            <Avatar
+              src={user?.image ?? undefined}
+              color="blue"
+              radius="xl"
+              size={80}
+            >
               {user?.name?.charAt(0).toUpperCase()}
             </Avatar>
             <div style={{ textAlign: 'center' }}>
diff --git a/src/frontend/routes/users.tsx b/src/frontend/routes/users.tsx
index 57ae6d6..00a7793 100644
--- a/src/frontend/routes/users.tsx
+++ b/src/frontend/routes/users.tsx
@@ -50,10 +50,8 @@ export const Route = createFileRoute('/users')({
 const fetcher = (url: string) => fetch(url).then((res) => res.json())
 
 const getRoleColor = (role: string) => {
-  const r = (role || '').toLowerCase()
-  if (r.includes('super')) return 'red'
-  if (r.includes('admin')) return 'brand-blue'
-  if (r.includes('developer')) return 'violet'
+  if (role === 'DEVELOPER') return 'violet'
+  if (role === 'ADMIN') return 'brand-blue'
   return 'gray'
 }
 
@@ -97,7 +95,7 @@ function UsersPage() {
     name: '',
     email: '',
     password: '',
-    role: 'USER',
+    role: 'ADMIN',
   })
 
   const handleCreateUser = async () => {
@@ -119,7 +117,7 @@ function UsersPage() {
         mutateOperators()
         mutateStats()
         closeCreate()
-        setCreateForm({ name: '', email: '', password: '', role: 'USER' })
+        setCreateForm({ name: '', email: '', password: '', role: 'ADMIN' })
       } else {
         const err = await res.json()
         throw new Error(err.error || 'Failed to create user')
@@ -457,11 +455,12 @@ function UsersPage() {
           <Select
             label="Role"
             data={[
+              { value: 'USER', label: 'User (Pending)' },
               { value: 'ADMIN', label: 'Admin' },
               { value: 'DEVELOPER', label: 'Developer' },
             ]}
             value={editForm.role}
-            onChange={(val) => setEditForm({ ...editForm, role: val || 'USER' })}
+            onChange={(val) => setEditForm({ ...editForm, role: val || 'ADMIN' })}
           />
           <Button
             fullWidth
diff --git a/src/lib/env.ts b/src/lib/env.ts
index 0aee52e..38cbabd 100644
--- a/src/lib/env.ts
+++ b/src/lib/env.ts
@@ -12,6 +12,7 @@ export const env = {
   PORT: parseInt(optional('PORT', '3000'), 10),
   NODE_ENV: optional('NODE_ENV', 'development'),
   REACT_EDITOR: optional('REACT_EDITOR', 'code'),
+  BASE_URL: optional('BUN_PUBLIC_BASE_URL', 'http://localhost:3000'),
   DATABASE_URL: required('DATABASE_URL'),
   GOOGLE_CLIENT_ID: required('GOOGLE_CLIENT_ID'),
   GOOGLE_CLIENT_SECRET: required('GOOGLE_CLIENT_SECRET'),
-- 
2.49.1


From b03f2677436b5c491b54b994cd14846e886d6c7f Mon Sep 17 00:00:00 2001
From: amaliadwiy <iam.amaliadwi@gmail.com>
Date: Tue, 28 Apr 2026 17:34:45 +0800
Subject: [PATCH 2/2] upd: routing dev

---
 bun.lock                          |   33 +
 package.json                      |    5 +-
 src/app.ts                        |  518 +++++++++-
 src/frontend/App.tsx              |    9 +-
 src/frontend/hooks/useAuth.ts     |    8 +-
 src/frontend/hooks/usePresence.ts |   42 +
 src/frontend/routes/dev.tsx       | 1481 +++++++++++++++++++++++++++++
 src/frontend/routes/login.tsx     |    3 +-
 src/lib/applog.ts                 |   45 +
 src/lib/env.ts                    |    1 +
 src/lib/presence.ts               |   44 +
 src/lib/redis.ts                  |    3 +
 src/lib/schema-parser.ts          |  104 ++
 13 files changed, 2289 insertions(+), 7 deletions(-)
 create mode 100644 src/frontend/hooks/usePresence.ts
 create mode 100644 src/frontend/routes/dev.tsx
 create mode 100644 src/lib/applog.ts
 create mode 100644 src/lib/presence.ts
 create mode 100644 src/lib/redis.ts
 create mode 100644 src/lib/schema-parser.ts

diff --git a/bun.lock b/bun.lock
index ced6c08..6635a06 100644
--- a/bun.lock
+++ b/bun.lock
@@ -11,10 +11,13 @@
         "@mantine/charts": "^9.0.0",
         "@mantine/core": "^8.3.18",
         "@mantine/hooks": "^8.3.18",
+        "@mantine/modals": "^8.3.18",
         "@mantine/notifications": "^8.3.18",
         "@prisma/client": "6",
         "@tanstack/react-query": "^5.95.2",
         "@tanstack/react-router": "^1.168.10",
+        "@xyflow/react": "^12.6.4",
+        "elkjs": "^0.9.3",
         "elysia": "^1.4.28",
         "minio": "^8.0.7",
         "postcss": "^8.5.8",
@@ -200,6 +203,8 @@
 
     "@mantine/hooks": ["@mantine/hooks@8.3.18", "", { "peerDependencies": { "react": "^18.x || ^19.x" } }, "sha512-QoWr9+S8gg5050TQ06aTSxtlpGjYOpIllRbjYYXlRvZeTsUqiTbVfvQROLexu4rEaK+yy9Wwriwl9PMRgbLqPw=="],
 
+    "@mantine/modals": ["@mantine/modals@8.3.18", "", { "peerDependencies": { "@mantine/core": "8.3.18", "@mantine/hooks": "8.3.18", "react": "^18.x || ^19.x", "react-dom": "^18.x || ^19.x" } }, "sha512-JfPDS4549L314SxFPC1x6CbKwzh82OdnIzwgMxPCVNsWLKV2vEHHUH/fzUYj4Wli6IBrsW4cufjMj9BTj3hm3Q=="],
+
     "@mantine/notifications": ["@mantine/notifications@8.3.18", "", { "dependencies": { "@mantine/store": "8.3.18", "react-transition-group": "4.4.5" }, "peerDependencies": { "@mantine/core": "8.3.18", "@mantine/hooks": "8.3.18", "react": "^18.x || ^19.x", "react-dom": "^18.x || ^19.x" } }, "sha512-IpQ0lmwbigTBbZCR6iSYWqIOKEx1tlcd7PcEJ5M5X1qeVSY/N3mmDQt1eJmObvcyDeL5cTJMbSA9UPqhRqo9jw=="],
 
     "@mantine/store": ["@mantine/store@8.3.18", "", { "peerDependencies": { "react": "^18.x || ^19.x" } }, "sha512-i+QRTLmZzLldea0egtUVnGALd6UMIu8jd44nrNWBSNIXJU/8B6rMlC6gyX+l4szopZSuOaaNJIXkqRdC1gQsVg=="],
@@ -314,6 +319,8 @@
 
     "@types/d3-color": ["@types/d3-color@3.1.3", "", {}, "sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A=="],
 
+    "@types/d3-drag": ["@types/d3-drag@3.0.7", "", { "dependencies": { "@types/d3-selection": "*" } }, "sha512-HE3jVKlzU9AaMazNufooRJ5ZpWmLIoc90A37WU2JMmeq28w1FQqCZswHZ3xR+SuxYftzHq6WU6KJHvqxKzTxxQ=="],
+
     "@types/d3-ease": ["@types/d3-ease@3.0.2", "", {}, "sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA=="],
 
     "@types/d3-interpolate": ["@types/d3-interpolate@3.0.4", "", { "dependencies": { "@types/d3-color": "*" } }, "sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA=="],
@@ -322,12 +329,18 @@
 
     "@types/d3-scale": ["@types/d3-scale@4.0.9", "", { "dependencies": { "@types/d3-time": "*" } }, "sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw=="],
 
+    "@types/d3-selection": ["@types/d3-selection@3.0.11", "", {}, "sha512-bhAXu23DJWsrI45xafYpkQ4NtcKMwWnAC/vKrd2l+nxMFuvOT3XMYTIj2opv8vq8AO5Yh7Qac/nSeP/3zjTK0w=="],
+
     "@types/d3-shape": ["@types/d3-shape@3.1.8", "", { "dependencies": { "@types/d3-path": "*" } }, "sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w=="],
 
     "@types/d3-time": ["@types/d3-time@3.0.4", "", {}, "sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g=="],
 
     "@types/d3-timer": ["@types/d3-timer@3.0.2", "", {}, "sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw=="],
 
+    "@types/d3-transition": ["@types/d3-transition@3.0.9", "", { "dependencies": { "@types/d3-selection": "*" } }, "sha512-uZS5shfxzO3rGlu0cC3bjmMFKsXv+SmZZcgp0KD22ts4uGXp5EVYGzu/0YdwZeKmddhcAccYtREJKkPfXkZuCg=="],
+
+    "@types/d3-zoom": ["@types/d3-zoom@3.0.8", "", { "dependencies": { "@types/d3-interpolate": "*", "@types/d3-selection": "*" } }, "sha512-iqMC4/YlFCSlO8+2Ii1GGGliCAY4XdeG748w5vQUbevlbDu0zSjH/+jojorQVBK/se0j6DUFNPBGSqD3YWYnDw=="],
+
     "@types/node": ["@types/node@25.5.0", "", { "dependencies": { "undici-types": "~7.18.0" } }, "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw=="],
 
     "@types/react": ["@types/react@19.2.14", "", { "dependencies": { "csstype": "^3.2.2" } }, "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w=="],
@@ -342,6 +355,10 @@
 
     "@vitejs/plugin-react": ["@vitejs/plugin-react@6.0.1", "", { "dependencies": { "@rolldown/pluginutils": "1.0.0-rc.7" }, "peerDependencies": { "@rolldown/plugin-babel": "^0.1.7 || ^0.2.0", "babel-plugin-react-compiler": "^1.0.0", "vite": "^8.0.0" }, "optionalPeers": ["@rolldown/plugin-babel", "babel-plugin-react-compiler"] }, "sha512-l9X/E3cDb+xY3SWzlG1MOGt2usfEHGMNIaegaUGFsLkb3RCn/k8/TOXBcab+OndDI4TBtktT8/9BwwW8Vi9KUQ=="],
 
+    "@xyflow/react": ["@xyflow/react@12.10.2", "", { "dependencies": { "@xyflow/system": "0.0.76", "classcat": "^5.0.3", "zustand": "^4.4.0" }, "peerDependencies": { "react": ">=17", "react-dom": ">=17" } }, "sha512-CgIi6HwlcHXwlkTpr0fxLv/0sRVNZ8IdwKLzzeCscaYBwpvfcH1QFOCeaTCuEn1FQEs/B8CjnTSjhs8udgmBgQ=="],
+
+    "@xyflow/system": ["@xyflow/system@0.0.76", "", { "dependencies": { "@types/d3-drag": "^3.0.7", "@types/d3-interpolate": "^3.0.4", "@types/d3-selection": "^3.0.10", "@types/d3-transition": "^3.0.8", "@types/d3-zoom": "^3.0.8", "d3-drag": "^3.0.0", "d3-interpolate": "^3.0.1", "d3-selection": "^3.0.0", "d3-zoom": "^3.0.0" } }, "sha512-hvwvnRS1B3REwVDlWexsq7YQaPZeG3/mKo1jv38UmnpWmxihp14bW6VtEOuHEwJX2FvzFw8k77LyKSk/wiZVNA=="],
+
     "acorn": ["acorn@8.16.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw=="],
 
     "agent-base": ["agent-base@7.1.4", "", {}, "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ=="],
@@ -406,6 +423,8 @@
 
     "citty": ["citty@0.1.6", "", { "dependencies": { "consola": "^3.2.3" } }, "sha512-tskPPKEs8D2KPafUypv2gxwJP8h/OaJmC82QQGGDQcHvXX43xF2VDACcJVmZ0EuSxkpO9Kc4MlrA3q0+FG58AQ=="],
 
+    "classcat": ["classcat@5.0.5", "", {}, "sha512-JhZUT7JFcQy/EzW605k/ktHtncoo9vnyW/2GspNYwFlN1C/WmjuV/xtS04e9SOkL2sTdw0VAZ2UGCcQ9lR6p6w=="],
+
     "cliui": ["cliui@8.0.1", "", { "dependencies": { "string-width": "^4.2.0", "strip-ansi": "^6.0.1", "wrap-ansi": "^7.0.0" } }, "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ=="],
 
     "clsx": ["clsx@2.1.1", "", {}, "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA=="],
@@ -432,6 +451,10 @@
 
     "d3-color": ["d3-color@3.1.0", "", {}, "sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA=="],
 
+    "d3-dispatch": ["d3-dispatch@3.0.1", "", {}, "sha512-rzUyPU/S7rwUflMyLc1ETDeBj0NRuHKKAcvukozwhshr6g6c5d8zh4c2gQjY2bZ0dXeGLWc1PF174P2tVvKhfg=="],
+
+    "d3-drag": ["d3-drag@3.0.0", "", { "dependencies": { "d3-dispatch": "1 - 3", "d3-selection": "3" } }, "sha512-pWbUJLdETVA8lQNJecMxoXfH6x+mO2UQo8rSmZ+QqxcbyA3hfeprFgIT//HW2nlHChWeIIMwS2Fq+gEARkhTkg=="],
+
     "d3-ease": ["d3-ease@3.0.1", "", {}, "sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w=="],
 
     "d3-format": ["d3-format@3.1.2", "", {}, "sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg=="],
@@ -442,6 +465,8 @@
 
     "d3-scale": ["d3-scale@4.0.2", "", { "dependencies": { "d3-array": "2.10.0 - 3", "d3-format": "1 - 3", "d3-interpolate": "1.2.0 - 3", "d3-time": "2.1.1 - 3", "d3-time-format": "2 - 4" } }, "sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ=="],
 
+    "d3-selection": ["d3-selection@3.0.0", "", {}, "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ=="],
+
     "d3-shape": ["d3-shape@3.2.0", "", { "dependencies": { "d3-path": "^3.1.0" } }, "sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA=="],
 
     "d3-time": ["d3-time@3.1.0", "", { "dependencies": { "d3-array": "2 - 3" } }, "sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q=="],
@@ -450,6 +475,10 @@
 
     "d3-timer": ["d3-timer@3.0.1", "", {}, "sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA=="],
 
+    "d3-transition": ["d3-transition@3.0.1", "", { "dependencies": { "d3-color": "1 - 3", "d3-dispatch": "1 - 3", "d3-ease": "1 - 3", "d3-interpolate": "1 - 3", "d3-timer": "1 - 3" }, "peerDependencies": { "d3-selection": "2 - 3" } }, "sha512-ApKvfjsSR6tg06xrL434C0WydLr7JewBB3V+/39RMHsaXTOG0zmt/OAXeng5M5LBm0ojmxJrpomQVZ1aPvBL4w=="],
+
+    "d3-zoom": ["d3-zoom@3.0.0", "", { "dependencies": { "d3-dispatch": "1 - 3", "d3-drag": "2 - 3", "d3-interpolate": "1 - 3", "d3-selection": "2 - 3", "d3-transition": "2 - 3" } }, "sha512-b8AmV3kfQaqWAuacbPuNbL6vahnOJflOhexLzMMNLga62+/nh0JzvJ0aO/5a5MVgUFGS7Hu1P9P03o3fJkDCyw=="],
+
     "data-uri-to-buffer": ["data-uri-to-buffer@6.0.2", "", {}, "sha512-7hvf7/GW8e86rW0ptuwS3OcBGDjIi6SZva7hCyWC0yYry2cOPmLIjXAUHI6DK2HsnwJd9ifmt57i8eV2n4YNpw=="],
 
     "debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
@@ -484,6 +513,8 @@
 
     "electron-to-chromium": ["electron-to-chromium@1.5.329", "", {}, "sha512-/4t+AS1l4S3ZC0Ja7PHFIWeBIxGA3QGqV8/yKsP36v7NcyUCl+bIcmw6s5zVuMIECWwBrAK/6QLzTmbJChBboQ=="],
 
+    "elkjs": ["elkjs@0.9.3", "", {}, "sha512-f/ZeWvW/BCXbhGEf1Ujp29EASo/lk1FDnETgNKwJrsVvGZhUWCZyg3xLJjAsxfOmt8KjswHmI5EwCQcPMpOYhQ=="],
+
     "elysia": ["elysia@1.4.28", "", { "dependencies": { "cookie": "^1.1.1", "exact-mirror": "^0.2.7", "fast-decode-uri-component": "^1.0.1", "memoirist": "^0.4.0" }, "peerDependencies": { "@sinclair/typebox": ">= 0.34.0 < 1", "@types/bun": ">= 1.2.0", "file-type": ">= 20.0.0", "openapi-types": ">= 12.0.0", "typescript": ">= 5.0.0" }, "optionalPeers": ["@types/bun", "typescript"] }, "sha512-Vrx8sBnvq8squS/3yNBzR1jBXI+SgmnmvwawPjNuEHndUe5l1jV2Gp6JJ4ulDkEB8On6bWmmuyPpA+bq4t+WYg=="],
 
     "emoji-regex": ["emoji-regex@8.0.0", "", {}, "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="],
@@ -888,6 +919,8 @@
 
     "zod": ["zod@3.25.76", "", {}, "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ=="],
 
+    "zustand": ["zustand@4.5.7", "", { "dependencies": { "use-sync-external-store": "^1.2.2" }, "peerDependencies": { "@types/react": ">=16.8", "immer": ">=9.0.6", "react": ">=16.8" }, "optionalPeers": ["@types/react", "immer", "react"] }, "sha512-CHOUy7mu3lbD6o6LJLfllpjkzhHXSBlX8B9+qPddUsIfeF5S/UZ5q0kmCsnRqT1UHFQZchNFDDzMbQsuesHWlw=="],
+
     "@babel/core/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
 
     "@babel/helper-compilation-targets/lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
diff --git a/package.json b/package.json
index 87e177c..eb220c5 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,10 @@
     "react-dom": "^19",
     "react-icons": "^5.6.0",
     "recharts": "^3.8.1",
-    "swr": "^2.4.1"
+    "swr": "^2.4.1",
+    "@mantine/modals": "^8.3.18",
+    "@xyflow/react": "^12.6.4",
+    "elkjs": "^0.9.3"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.4.10",
diff --git a/src/app.ts b/src/app.ts
index 8eb4205..411693c 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -3,10 +3,13 @@ import { html } from '@elysiajs/html'
 import { swagger } from '@elysiajs/swagger'
 import { Elysia, t } from 'elysia'
 import { BugSource } from '../generated/prisma'
+import { appLog, clearAppLogs, getAppLogs } from './lib/applog'
 import { prisma } from './lib/db'
 import { env } from './lib/env'
 import { createSystemLog } from './lib/logger'
 import { getMinioDownloadUrl, uploadBugImage } from './lib/minio'
+import { addConnection, broadcastToAdmins, getOnlineUserIds, removeConnection } from './lib/presence'
+import { parseSchema } from './lib/schema-parser'
 
 function getPublicOrigin(request: Request): string {
   if (process.env.BUN_PUBLIC_BASE_URL) return process.env.BUN_PUBLIC_BASE_URL.replace(/\/$/, '')
@@ -43,6 +46,19 @@ async function checkAuth(request: Request): Promise<AuthResult | null> {
   return null
 }
 
+async function requireDeveloper(request: Request, set: { status?: number | string }): Promise<{ userId: string; role: string } | null> {
+  const cookie = request.headers.get('cookie') ?? ''
+  const token = cookie.match(/session=([^;]+)/)?.[1]
+  if (!token) { set.status = 401; return null }
+  const session = await prisma.session.findUnique({
+    where: { token },
+    include: { user: { select: { id: true, role: true } } },
+  })
+  if (!session || session.expiresAt < new Date()) { set.status = 401; return null }
+  if (session.user.role !== 'DEVELOPER') { set.status = 403; return null }
+  return { userId: session.user.id, role: session.user.role }
+}
+
 export function createApp() {
   return new Elysia()
     .use(swagger({
@@ -63,6 +79,21 @@ export function createApp() {
     .use(cors())
     .use(html())
 
+    // ─── Request timing + app log broadcasting ────────
+    .onRequest(({ request }) => {
+      ;(request as any).__startTime = performance.now()
+    })
+    .onAfterResponse(({ request, set }) => {
+      const url = new URL(request.url)
+      if (url.pathname.startsWith('/api/')) {
+        const status = typeof set.status === 'number' ? set.status : 200
+        const level = status >= 500 ? ('error' as const) : status >= 400 ? ('warn' as const) : ('info' as const)
+        appLog(level, `${request.method} ${url.pathname} ${status}`)
+        const duration = Math.round(performance.now() - ((request as any).__startTime || 0))
+        broadcastToAdmins({ type: 'request', method: request.method, path: url.pathname, status, duration, timestamp: new Date().toISOString() })
+      }
+    })
+
     // ─── Global Error Handler ────────────────────────
     .onError(({ code, error }) => {
       if (code === 'NOT_FOUND') {
@@ -181,7 +212,7 @@ export function createApp() {
       await prisma.session.create({ data: { token, userId: user.id, expiresAt } })
       await createSystemLog(user.id, 'LOGIN', 'Logged in with Google')
 
-      const redirectPath = user.role === 'USER' ? '/profile' : '/dashboard'
+      const redirectPath = user.role === 'DEVELOPER' ? '/dev' : user.role === 'USER' ? '/profile' : '/dashboard'
       const headers = new Headers()
       headers.append('Location', redirectPath)
       headers.append('Set-Cookie', `session=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400`)
@@ -971,4 +1002,489 @@ export function createApp() {
       }),
       detail: { summary: 'Hello by Name', tags: ['System'] },
     })
+
+    // ─── Dev Console Admin API (DEVELOPER only) ────────
+
+    .get('/api/admin/stats', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const [totalApps, openBugs, totalOperators] = await Promise.all([
+        prisma.app.count(),
+        prisma.bug.count({ where: { status: 'OPEN' } }),
+        prisma.user.count(),
+      ])
+      const onlineCount = getOnlineUserIds().length
+      return { totalApps, openBugs, totalOperators, onlineOperators: onlineCount }
+    })
+
+    .get('/api/admin/users', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const users = await prisma.user.findMany({
+        select: { id: true, name: true, email: true, role: true, active: true, image: true, createdAt: true },
+        orderBy: { createdAt: 'asc' },
+      })
+      return { users }
+    })
+
+    .put('/api/admin/users/:id/role', async ({ request, params, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      if (auth.userId === params.id) { set.status = 400; return { error: 'Tidak bisa mengubah role sendiri' } }
+      const { role } = (await request.json()) as { role: string }
+      if (!['USER', 'ADMIN'].includes(role)) { set.status = 400; return { error: 'Role tidak valid (USER atau ADMIN)' } }
+      const target = await prisma.user.findUnique({ where: { id: params.id }, select: { role: true } })
+      if (target?.role === 'DEVELOPER') { set.status = 400; return { error: 'Tidak bisa mengubah role DEVELOPER' } }
+      const user = await prisma.user.update({
+        where: { id: params.id },
+        data: { role: role as 'USER' | 'ADMIN' },
+        select: { id: true, name: true, email: true, role: true, active: true, createdAt: true },
+      })
+      await appLog('info', `Role changed: ${user.email} ${target?.role} → ${role}`)
+      return { user }
+    })
+
+    .put('/api/admin/users/:id/activate', async ({ request, params, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      if (auth.userId === params.id) { set.status = 400; return { error: 'Tidak bisa mengubah status sendiri' } }
+      const { active } = (await request.json()) as { active: boolean }
+      const user = await prisma.user.update({
+        where: { id: params.id },
+        data: { active },
+        select: { id: true, name: true, email: true, role: true, active: true, createdAt: true },
+      })
+      if (!active) await prisma.session.deleteMany({ where: { userId: params.id } })
+      await appLog('info', `User ${active ? 'activated' : 'deactivated'}: ${user.email}`)
+      return { user }
+    })
+
+    .ws('/ws/presence', {
+      async open(ws) {
+        const cookie = ws.data.headers?.cookie ?? ''
+        const token = (cookie as string).match(/session=([^;]+)/)?.[1]
+        if (!token) { ws.close(4001, 'Unauthorized'); return }
+        const session = await prisma.session.findUnique({
+          where: { token },
+          include: { user: { select: { id: true, role: true } } },
+        })
+        if (!session || session.expiresAt < new Date()) { ws.close(4001, 'Unauthorized'); return }
+        const isAdmin = session.user.role === 'DEVELOPER'
+        ;(ws.data as unknown as { userId: string }).userId = session.user.id
+        addConnection(ws as any, session.user.id, isAdmin)
+      },
+      close(ws) { removeConnection(ws as any) },
+      message() {},
+    })
+
+    .get('/api/admin/presence', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      return { online: getOnlineUserIds() }
+    })
+
+    .get('/api/admin/logs/app', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const url = new URL(request.url)
+      const level = url.searchParams.get('level') as any
+      const limit = parseInt(url.searchParams.get('limit') ?? '100', 10)
+      const afterId = parseInt(url.searchParams.get('afterId') ?? '0', 10)
+      if (!env.REDIS_URL) return { logs: [], redisDisabled: true }
+      return { logs: await getAppLogs({ level: level || undefined, limit, afterId: afterId || undefined }) }
+    })
+
+    .delete('/api/admin/logs/app', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      await clearAppLogs()
+      return { ok: true }
+    })
+
+    .get('/api/admin/logs/audit', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const url = new URL(request.url)
+      const userId = url.searchParams.get('userId')
+      const type = url.searchParams.get('type')
+      const limit = Math.min(parseInt(url.searchParams.get('limit') ?? '100', 10), 500)
+      const where: Record<string, any> = {}
+      if (userId) where.userId = userId
+      if (type) where.type = type
+      const logs = await prisma.log.findMany({
+        where,
+        include: { user: { select: { name: true, email: true } } },
+        orderBy: { createdAt: 'desc' },
+        take: limit,
+      })
+      return { logs }
+    })
+
+    .delete('/api/admin/logs/audit', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const { count } = await prisma.log.deleteMany()
+      await appLog('info', `Activity logs cleared manually (${count} entries)`)
+      return { ok: true, deleted: count }
+    })
+
+    .get('/api/admin/schema', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const fs = await import('node:fs')
+      const schemaPath = `${process.cwd()}/prisma/schema.prisma`
+      if (!fs.existsSync(schemaPath)) { set.status = 404; return { error: 'Schema not found' } }
+      const raw = fs.readFileSync(schemaPath, 'utf-8')
+      return { schema: parseSchema(raw) }
+    })
+
+    .get('/api/admin/routes', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const routes: { method: string; path: string; auth: string; category: string; description: string }[] = [
+        { method: 'PAGE', path: '/', auth: 'public', category: 'frontend', description: 'Landing page' },
+        { method: 'PAGE', path: '/login', auth: 'public', category: 'frontend', description: 'Login page (email/password + Google OAuth)' },
+        { method: 'PAGE', path: '/dev', auth: 'developer', category: 'frontend', description: 'Dev console (DEVELOPER only)' },
+        { method: 'PAGE', path: '/dashboard', auth: 'admin', category: 'frontend', description: 'Admin dashboard (ADMIN/DEVELOPER)' },
+        { method: 'PAGE', path: '/apps', auth: 'admin', category: 'frontend', description: 'App list' },
+        { method: 'PAGE', path: '/apps/:appId', auth: 'admin', category: 'frontend', description: 'App detail (errors, logs, users, etc.)' },
+        { method: 'PAGE', path: '/bug-reports', auth: 'admin', category: 'frontend', description: 'Bug reports management' },
+        { method: 'PAGE', path: '/logs', auth: 'admin', category: 'frontend', description: 'Activity logs' },
+        { method: 'PAGE', path: '/users', auth: 'admin', category: 'frontend', description: 'Operator management' },
+        { method: 'PAGE', path: '/profile', auth: 'authenticated', category: 'frontend', description: 'User profile' },
+        { method: 'POST', path: '/api/auth/login', auth: 'public', category: 'auth', description: 'Email/password login' },
+        { method: 'POST', path: '/api/auth/logout', auth: 'authenticated', category: 'auth', description: 'Logout' },
+        { method: 'GET', path: '/api/auth/session', auth: 'public', category: 'auth', description: 'Check current session' },
+        { method: 'GET', path: '/api/auth/google', auth: 'public', category: 'auth', description: 'Google OAuth redirect' },
+        { method: 'GET', path: '/api/auth/callback/google', auth: 'public', category: 'auth', description: 'Google OAuth callback' },
+        { method: 'GET', path: '/api/dashboard/stats', auth: 'authenticated', category: 'dashboard', description: 'Dashboard statistics' },
+        { method: 'GET', path: '/api/dashboard/recent-errors', auth: 'authenticated', category: 'dashboard', description: 'Recent bug reports' },
+        { method: 'GET', path: '/api/apps', auth: 'authenticated', category: 'apps', description: 'List monitored apps' },
+        { method: 'GET', path: '/api/apps/:appId', auth: 'authenticated', category: 'apps', description: 'Get app details' },
+        { method: 'GET', path: '/api/bugs', auth: 'authenticated', category: 'bugs', description: 'List bug reports' },
+        { method: 'POST', path: '/api/bugs', auth: 'apiKeyOrSession', category: 'bugs', description: 'Create bug report' },
+        { method: 'PATCH', path: '/api/bugs/:id/status', auth: 'authenticated', category: 'bugs', description: 'Update bug status' },
+        { method: 'PATCH', path: '/api/bugs/:id/feedback', auth: 'authenticated', category: 'bugs', description: 'Update bug feedback' },
+        { method: 'POST', path: '/api/upload/image', auth: 'apiKeyOrSession', category: 'bugs', description: 'Upload bug screenshot' },
+        { method: 'GET', path: '/api/bugs/images', auth: 'public', category: 'bugs', description: 'Proxy bug image from MinIO' },
+        { method: 'GET', path: '/api/logs', auth: 'authenticated', category: 'logs', description: 'List activity logs' },
+        { method: 'POST', path: '/api/logs', auth: 'authenticated', category: 'logs', description: 'Create activity log' },
+        { method: 'GET', path: '/api/logs/operators', auth: 'authenticated', category: 'logs', description: 'Operators list for log filter' },
+        { method: 'GET', path: '/api/operators', auth: 'authenticated', category: 'operators', description: 'List operators' },
+        { method: 'GET', path: '/api/operators/stats', auth: 'authenticated', category: 'operators', description: 'Operator stats' },
+        { method: 'POST', path: '/api/operators', auth: 'authenticated', category: 'operators', description: 'Create operator' },
+        { method: 'PATCH', path: '/api/operators/:id', auth: 'authenticated', category: 'operators', description: 'Update operator' },
+        { method: 'DELETE', path: '/api/operators/:id', auth: 'authenticated', category: 'operators', description: 'Deactivate operator' },
+        { method: 'GET', path: '/api/admin/stats', auth: 'developer', category: 'admin', description: 'Dev console overview stats' },
+        { method: 'GET', path: '/api/admin/users', auth: 'developer', category: 'admin', description: 'List all users' },
+        { method: 'PUT', path: '/api/admin/users/:id/role', auth: 'developer', category: 'admin', description: 'Change user role' },
+        { method: 'PUT', path: '/api/admin/users/:id/activate', auth: 'developer', category: 'admin', description: 'Activate/deactivate user' },
+        { method: 'GET', path: '/api/admin/presence', auth: 'developer', category: 'admin', description: 'Online user IDs' },
+        { method: 'GET', path: '/api/admin/logs/app', auth: 'developer', category: 'admin', description: 'App logs (Redis)' },
+        { method: 'GET', path: '/api/admin/logs/audit', auth: 'developer', category: 'admin', description: 'Activity logs (DB)' },
+        { method: 'DELETE', path: '/api/admin/logs/app', auth: 'developer', category: 'admin', description: 'Clear app logs' },
+        { method: 'DELETE', path: '/api/admin/logs/audit', auth: 'developer', category: 'admin', description: 'Clear activity logs' },
+        { method: 'GET', path: '/api/admin/schema', auth: 'developer', category: 'admin', description: 'Database schema (Prisma)' },
+        { method: 'GET', path: '/api/admin/routes', auth: 'developer', category: 'admin', description: 'Routes metadata' },
+        { method: 'GET', path: '/api/admin/project-structure', auth: 'developer', category: 'admin', description: 'Project file structure' },
+        { method: 'GET', path: '/api/admin/env-map', auth: 'developer', category: 'admin', description: 'Environment variables map' },
+        { method: 'GET', path: '/api/admin/test-coverage', auth: 'developer', category: 'admin', description: 'Test coverage mapping' },
+        { method: 'GET', path: '/api/admin/dependencies', auth: 'developer', category: 'admin', description: 'NPM dependencies graph' },
+        { method: 'GET', path: '/api/admin/migrations', auth: 'developer', category: 'admin', description: 'Migration timeline' },
+        { method: 'GET', path: '/api/admin/sessions', auth: 'developer', category: 'admin', description: 'Active sessions' },
+        { method: 'WS', path: '/ws/presence', auth: 'authenticated', category: 'realtime', description: 'Real-time presence tracking' },
+        { method: 'GET', path: '/health', auth: 'public', category: 'utility', description: 'Health check' },
+      ]
+      const byMethod: Record<string, number> = {}
+      const byAuth: Record<string, number> = {}
+      const byCategory: Record<string, number> = {}
+      for (const r of routes) {
+        byMethod[r.method] = (byMethod[r.method] || 0) + 1
+        byAuth[r.auth] = (byAuth[r.auth] || 0) + 1
+        byCategory[r.category] = (byCategory[r.category] || 0) + 1
+      }
+      return { routes, summary: { total: routes.length, byMethod, byAuth, byCategory } }
+    })
+
+    .get('/api/admin/project-structure', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const fs = await import('node:fs')
+      const path = await import('node:path')
+      const root = process.cwd()
+      const scanDirs = ['src', 'prisma', 'tests']
+      const skipDirs = new Set(['node_modules', 'dist', 'generated', '.git', '.next'])
+      const exts = new Set(['.ts', '.tsx'])
+      interface FileInfo { path: string; category: string; lines: number; exports: string[]; imports: { from: string; names: string[] }[] }
+      interface DirInfo { path: string; category: string; fileCount: number }
+      const files: FileInfo[] = []
+      const dirs: DirInfo[] = []
+      function categorize(filePath: string): string {
+        if (filePath.startsWith('src/frontend/routes/')) return 'route'
+        if (filePath.startsWith('src/frontend/hooks/')) return 'hook'
+        if (filePath.startsWith('src/frontend/components/')) return 'component'
+        if (filePath.startsWith('src/frontend')) return 'frontend'
+        if (filePath.startsWith('src/lib/')) return 'lib'
+        if (filePath.startsWith('prisma/')) return 'prisma'
+        if (filePath.startsWith('tests/unit/')) return 'test-unit'
+        if (filePath.startsWith('tests/integration/')) return 'test-integration'
+        if (filePath.startsWith('tests/')) return 'test'
+        if (filePath.startsWith('src/')) return 'backend'
+        return 'config'
+      }
+      function parseFile(filePath: string, content: string): FileInfo {
+        const lines = content.split('\n').length
+        const exports: string[] = []
+        const imports: { from: string; names: string[] }[] = []
+        for (const m of content.matchAll(/export\s+(?:default\s+)?(?:function|const|let|var|class|type|interface|enum)\s+(\w+)/g)) exports.push(m[1])
+        for (const m of content.matchAll(/import\s+(?:\{([^}]+)\}|(\w+))(?:\s*,\s*\{([^}]+)\})?\s+from\s+['"]([^'"]+)['"]/g)) {
+          const names: string[] = []
+          if (m[1]) names.push(...m[1].split(',').map((s) => s.trim().split(' as ')[0].trim()).filter(Boolean))
+          if (m[2]) names.push(m[2])
+          if (m[3]) names.push(...m[3].split(',').map((s) => s.trim().split(' as ')[0].trim()).filter(Boolean))
+          let from = m[4]
+          if (from.startsWith('.')) {
+            const dir = path.dirname(filePath)
+            from = path.normalize(path.join(dir, from)).replace(/\\/g, '/')
+            for (const ext of ['.ts', '.tsx', '/index.ts', '/index.tsx']) {
+              if (fs.existsSync(path.join(root, from + ext))) { from = from + ext; break }
+              if (fs.existsSync(path.join(root, from))) break
+            }
+          }
+          imports.push({ from, names })
+        }
+        return { path: filePath, category: categorize(filePath), lines, exports, imports }
+      }
+      function scan(dir: string) {
+        const absDir = path.join(root, dir)
+        if (!fs.existsSync(absDir)) return
+        const entries = fs.readdirSync(absDir, { withFileTypes: true })
+        let fileCount = 0
+        for (const entry of entries) {
+          if (skipDirs.has(entry.name)) continue
+          const rel = path.join(dir, entry.name).replace(/\\/g, '/')
+          if (entry.isDirectory()) scan(rel)
+          else if (exts.has(path.extname(entry.name))) { files.push(parseFile(rel, fs.readFileSync(path.join(root, rel), 'utf-8'))); fileCount++ }
+        }
+        dirs.push({ path: dir, category: categorize(`${dir}/`), fileCount })
+      }
+      for (const d of scanDirs) scan(d)
+      files.sort((a, b) => a.path.localeCompare(b.path))
+      dirs.sort((a, b) => a.path.localeCompare(b.path))
+      const totalLines = files.reduce((s, f) => s + f.lines, 0)
+      const totalExports = files.reduce((s, f) => s + f.exports.length, 0)
+      const totalImports = files.reduce((s, f) => s + f.imports.length, 0)
+      const byCategory: Record<string, number> = {}
+      for (const f of files) byCategory[f.category] = (byCategory[f.category] || 0) + 1
+      return { files, directories: dirs, summary: { totalFiles: files.length, totalLines, totalExports, totalImports, byCategory } }
+    })
+
+    .get('/api/admin/env-map', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const fs = await import('node:fs')
+      const path = await import('node:path')
+      const root = process.cwd()
+      const envDefs: { name: string; envKey: string; required: boolean; default: string | null; category: string; description: string }[] = [
+        { name: 'DATABASE_URL', envKey: 'DATABASE_URL', required: true, default: null, category: 'database', description: 'PostgreSQL connection string' },
+        { name: 'REDIS_URL', envKey: 'REDIS_URL', required: false, default: '(empty)', category: 'cache', description: 'Redis connection string (optional, enables App Logs)' },
+        { name: 'GOOGLE_CLIENT_ID', envKey: 'GOOGLE_CLIENT_ID', required: true, default: null, category: 'auth', description: 'Google OAuth client ID' },
+        { name: 'GOOGLE_CLIENT_SECRET', envKey: 'GOOGLE_CLIENT_SECRET', required: true, default: null, category: 'auth', description: 'Google OAuth client secret' },
+        { name: 'SUPER_ADMIN_EMAIL', envKey: 'SUPER_ADMIN_EMAIL', required: false, default: '(empty)', category: 'auth', description: 'Emails to auto-promote to DEVELOPER role' },
+        { name: 'API_KEY', envKey: 'API_KEY', required: true, default: null, category: 'auth', description: 'API key for external clients (mobile app)' },
+        { name: 'MINIO_ENDPOINT', envKey: 'MINIO_ENDPOINT', required: true, default: null, category: 'storage', description: 'MinIO server endpoint' },
+        { name: 'MINIO_PORT', envKey: 'MINIO_PORT', required: false, default: '443', category: 'storage', description: 'MinIO server port' },
+        { name: 'MINIO_USE_SSL', envKey: 'MINIO_USE_SSL', required: false, default: 'true', category: 'storage', description: 'Use SSL for MinIO connection' },
+        { name: 'MINIO_ACCESS_KEY', envKey: 'MINIO_ACCESS_KEY', required: true, default: null, category: 'storage', description: 'MinIO access key' },
+        { name: 'MINIO_SECRET_KEY', envKey: 'MINIO_SECRET_KEY', required: true, default: null, category: 'storage', description: 'MinIO secret key' },
+        { name: 'MINIO_BUCKET', envKey: 'MINIO_BUCKET', required: true, default: null, category: 'storage', description: 'MinIO bucket name' },
+        { name: 'MINIO_UPLOAD_DIR', envKey: 'MINIO_UPLOAD_DIR', required: false, default: 'bug-reports', category: 'storage', description: 'MinIO upload directory prefix' },
+        { name: 'PORT', envKey: 'PORT', required: false, default: '3000', category: 'app', description: 'Server port' },
+        { name: 'NODE_ENV', envKey: 'NODE_ENV', required: false, default: 'development', category: 'app', description: 'Environment mode' },
+        { name: 'REACT_EDITOR', envKey: 'REACT_EDITOR', required: false, default: 'code', category: 'app', description: 'Editor for click-to-source' },
+        { name: 'BUN_PUBLIC_BASE_URL', envKey: 'BUN_PUBLIC_BASE_URL', required: false, default: 'http://localhost:3000', category: 'app', description: 'Public base URL (for OAuth redirect)' },
+      ]
+      const srcFiles = ['src/lib/env.ts', 'src/lib/db.ts', 'src/lib/redis.ts', 'src/app.ts', 'src/index.tsx']
+      const fileContents: Record<string, string> = {}
+      for (const f of srcFiles) {
+        const absPath = path.join(root, f)
+        if (fs.existsSync(absPath)) fileContents[f] = fs.readFileSync(absPath, 'utf-8')
+      }
+      const variables = envDefs.map((def) => {
+        const usedBy: string[] = []
+        for (const [file, content] of Object.entries(fileContents)) {
+          if (content.includes(def.envKey) || content.includes(`env.${def.name}`)) usedBy.push(file)
+        }
+        return { name: def.name, required: def.required, isSet: !!process.env[def.envKey], default: def.default, category: def.category, description: def.description, usedBy }
+      })
+      const byCategory: Record<string, number> = {}
+      let setCount = 0, requiredCount = 0
+      for (const v of variables) {
+        byCategory[v.category] = (byCategory[v.category] || 0) + 1
+        if (v.isSet) setCount++
+        if (v.required) requiredCount++
+      }
+      return { variables, summary: { total: variables.length, set: setCount, unset: variables.length - setCount, required: requiredCount, byCategory } }
+    })
+
+    .get('/api/admin/test-coverage', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const fs = await import('node:fs')
+      const pathMod = await import('node:path')
+      const root = process.cwd()
+      const exts = new Set(['.ts', '.tsx'])
+      const skipDirs = new Set(['node_modules', 'dist', 'generated', '.git'])
+      interface SrcFile { path: string; lines: number; exports: string[]; testedBy: string[]; coverage: string }
+      interface TestFile { path: string; lines: number; type: string; targets: string[] }
+      function scanDir(dir: string, collect: string[]) {
+        const abs = pathMod.join(root, dir)
+        if (!fs.existsSync(abs)) return
+        for (const entry of fs.readdirSync(abs, { withFileTypes: true })) {
+          if (skipDirs.has(entry.name)) continue
+          const rel = pathMod.join(dir, entry.name).replace(/\\/g, '/')
+          if (entry.isDirectory()) scanDir(rel, collect)
+          else if (exts.has(pathMod.extname(entry.name))) collect.push(rel)
+        }
+      }
+      const srcPaths: string[] = []
+      scanDir('src', srcPaths)
+      const srcFiltered = srcPaths.filter((f) => !f.includes('routeTree.gen'))
+      const testPaths: string[] = []
+      scanDir('tests', testPaths)
+      const testFiltered = testPaths.filter((f) => f.includes('.test.'))
+      const testFiles: TestFile[] = testFiltered.map((tp) => {
+        const content = fs.readFileSync(pathMod.join(root, tp), 'utf-8')
+        const lines = content.split('\n').length
+        const type = tp.includes('/unit/') ? 'unit' : tp.includes('/integration/') ? 'integration' : 'other'
+        const targets: string[] = []
+        for (const m of content.matchAll(/from\s+['"]([^'"]*(?:src|lib)[^'"]*)['"]/g)) {
+          let resolved = m[1].replace(/^.*?src\//, 'src/')
+          if (resolved.startsWith('.')) resolved = pathMod.normalize(pathMod.join(pathMod.dirname(tp), resolved)).replace(/\\/g, '/')
+          for (const ext of ['', '.ts', '.tsx']) {
+            const full = resolved + ext
+            if (srcFiltered.includes(full)) { targets.push(full); break }
+          }
+        }
+        if (/fetch\(['"`]\/api\//.test(content) || /createApp|createTestApp/.test(content)) {
+          if (!targets.includes('src/app.ts')) targets.push('src/app.ts')
+        }
+        return { path: tp, lines, type, targets: [...new Set(targets)] }
+      })
+      const testedByMap: Record<string, string[]> = {}
+      for (const t of testFiles) for (const target of t.targets) { if (!testedByMap[target]) testedByMap[target] = []; testedByMap[target].push(t.path) }
+      const sourceFiles: SrcFile[] = srcFiltered.map((sp) => {
+        const content = fs.readFileSync(pathMod.join(root, sp), 'utf-8')
+        const lines = content.split('\n').length
+        const exports: string[] = []
+        for (const m of content.matchAll(/export\s+(?:default\s+)?(?:function|const|let|var|class|type|interface|enum)\s+(\w+)/g)) exports.push(m[1])
+        const tb = testedByMap[sp] || []
+        const coverage = tb.length === 0 ? 'uncovered' : tb.some((t) => t.includes('/unit/')) ? 'covered' : 'partial'
+        return { path: sp, lines, exports, testedBy: tb, coverage }
+      })
+      const covered = sourceFiles.filter((f) => f.coverage === 'covered').length
+      const partial = sourceFiles.filter((f) => f.coverage === 'partial').length
+      const uncovered = sourceFiles.filter((f) => f.coverage === 'uncovered').length
+      return { sourceFiles, testFiles, summary: { totalSource: sourceFiles.length, totalTests: testFiles.length, covered, partial, uncovered, coveragePercent: Math.round(((covered + partial * 0.5) / sourceFiles.length) * 100) } }
+    })
+
+    .get('/api/admin/dependencies', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const fs = await import('node:fs')
+      const pathMod = await import('node:path')
+      const root = process.cwd()
+      const pkgPath = pathMod.join(root, 'package.json')
+      if (!fs.existsSync(pkgPath)) { set.status = 404; return { error: 'package.json not found' } }
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'))
+      const deps: Record<string, string> = pkg.dependencies || {}
+      const devDeps: Record<string, string> = pkg.devDependencies || {}
+      const catMap: Record<string, string> = {
+        elysia: 'server', '@elysiajs/cors': 'server', '@elysiajs/html': 'server', '@elysiajs/swagger': 'server',
+        react: 'ui', 'react-dom': 'ui', '@mantine/core': 'ui', '@mantine/hooks': 'ui', '@mantine/charts': 'ui',
+        '@mantine/notifications': 'ui', '@mantine/modals': 'ui', '@tanstack/react-router': 'ui',
+        '@tanstack/react-query': 'ui', '@xyflow/react': 'ui', 'react-icons': 'ui', recharts: 'ui', swr: 'ui',
+        '@prisma/client': 'database', prisma: 'database', minio: 'storage',
+        vite: 'build', typescript: 'build', '@biomejs/biome': 'build', '@vitejs/plugin-react': 'build', elkjs: 'build',
+      }
+      const srcFiles: string[] = []
+      function scanSrc(dir: string) {
+        const abs = pathMod.join(root, dir)
+        if (!fs.existsSync(abs)) return
+        for (const e of fs.readdirSync(abs, { withFileTypes: true })) {
+          if (['node_modules', 'dist', 'generated', '.git'].includes(e.name)) continue
+          const rel = pathMod.join(dir, e.name).replace(/\\/g, '/')
+          if (e.isDirectory()) scanSrc(rel)
+          else if (/\.(ts|tsx)$/.test(e.name)) srcFiles.push(rel)
+        }
+      }
+      scanSrc('src')
+      const fileContents: Record<string, string> = {}
+      for (const f of srcFiles) fileContents[f] = fs.readFileSync(pathMod.join(root, f), 'utf-8')
+      const allPkgs: { name: string; version: string; type: string; category: string; usedBy: string[] }[] = []
+      for (const [name, version] of Object.entries(deps)) {
+        const usedBy: string[] = []
+        const importPattern = new RegExp(`from\\s+['"]${name.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}`)
+        for (const [file, content] of Object.entries(fileContents)) if (importPattern.test(content)) usedBy.push(file)
+        allPkgs.push({ name, version, type: 'runtime', category: catMap[name] || 'other', usedBy })
+      }
+      for (const [name, version] of Object.entries(devDeps)) allPkgs.push({ name, version, type: 'dev', category: catMap[name] || 'build', usedBy: [] })
+      const byCategory: Record<string, number> = {}
+      let runtime = 0, dev = 0
+      for (const p of allPkgs) { byCategory[p.category] = (byCategory[p.category] || 0) + 1; if (p.type === 'runtime') runtime++; else dev++ }
+      return { packages: allPkgs, summary: { total: allPkgs.length, runtime, dev, byCategory } }
+    })
+
+    .get('/api/admin/migrations', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const fs = await import('node:fs')
+      const pathMod = await import('node:path')
+      const root = process.cwd()
+      const migrationsDir = pathMod.join(root, 'prisma/migrations')
+      if (!fs.existsSync(migrationsDir)) return { migrations: [], summary: { totalMigrations: 0, firstMigration: null, lastMigration: null, totalChanges: 0 } }
+      const entries = fs.readdirSync(migrationsDir, { withFileTypes: true }).filter((e) => e.isDirectory() && /^\d{14}_/.test(e.name)).sort((a, b) => a.name.localeCompare(b.name))
+      const migrations = entries.map((entry) => {
+        const sqlPath = pathMod.join(migrationsDir, entry.name, 'migration.sql')
+        let sql = ''
+        const changes: string[] = []
+        if (fs.existsSync(sqlPath)) {
+          sql = fs.readFileSync(sqlPath, 'utf-8')
+          for (const m of sql.matchAll(/^(CREATE TABLE|ALTER TABLE|CREATE INDEX|CREATE UNIQUE INDEX|DROP TABLE|DROP INDEX|CREATE TYPE|ALTER TYPE)\s+["']?(\w+)["']?/gim)) changes.push(`${m[1]} ${m[2]}`)
+          for (const m of sql.matchAll(/CREATE TYPE\s+"(\w+)"/g)) if (!changes.some((c) => c.includes(m[1]))) changes.push(`CREATE TYPE ${m[1]}`)
+        }
+        const dateStr = entry.name.substring(0, 14)
+        const createdAt = new Date(`${dateStr.slice(0, 4)}-${dateStr.slice(4, 6)}-${dateStr.slice(6, 8)}T${dateStr.slice(8, 10)}:${dateStr.slice(10, 12)}:${dateStr.slice(12, 14)}.000Z`).toISOString()
+        const name = entry.name.substring(15)
+        return { name, folder: entry.name, createdAt, changes, sql: sql.substring(0, 800) }
+      })
+      const totalChanges = migrations.reduce((s, m) => s + m.changes.length, 0)
+      return { migrations, summary: { totalMigrations: migrations.length, firstMigration: migrations[0]?.createdAt || null, lastMigration: migrations[migrations.length - 1]?.createdAt || null, totalChanges } }
+    })
+
+    .get('/api/admin/sessions', async ({ request, set }) => {
+      const auth = await requireDeveloper(request, set)
+      if (!auth) return { error: set.status === 401 ? 'Unauthorized' : 'Forbidden' }
+      const onlineIds = new Set(getOnlineUserIds())
+      const sessions = await prisma.session.findMany({
+        include: { user: { select: { id: true, name: true, email: true, role: true, active: true } } },
+        orderBy: { createdAt: 'desc' },
+      })
+      const now = new Date()
+      const result = sessions.map((s) => ({
+        id: s.id, userId: s.user.id, userName: s.user.name, userEmail: s.user.email,
+        userRole: s.user.role, userActive: s.user.active,
+        isOnline: onlineIds.has(s.user.id),
+        createdAt: s.createdAt.toISOString(), expiresAt: s.expiresAt.toISOString(), isExpired: s.expiresAt < now,
+      }))
+      const byRole: Record<string, number> = {}
+      const uniqueUsers = new Set<string>()
+      let active = 0, expired = 0
+      for (const s of result) {
+        uniqueUsers.add(s.userId)
+        byRole[s.userRole] = (byRole[s.userRole] || 0) + 1
+        if (s.isExpired) expired++; else active++
+      }
+      return { sessions: result, summary: { totalSessions: result.length, activeSessions: active, expiredSessions: expired, onlineUsers: onlineIds.size, byRole } }
+    })
 }
diff --git a/src/frontend/App.tsx b/src/frontend/App.tsx
index 453a205..3648078 100644
--- a/src/frontend/App.tsx
+++ b/src/frontend/App.tsx
@@ -1,6 +1,7 @@
 import { ColorSchemeScript, MantineProvider, createTheme } from '@mantine/core'
 import '@mantine/core/styles.css'
 import '@mantine/notifications/styles.css'
+import { ModalsProvider } from '@mantine/modals'
 import { Notifications } from '@mantine/notifications'
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
 import { createRouter, RouterProvider } from '@tanstack/react-router'
@@ -64,9 +65,11 @@ export function App() {
       <ColorSchemeScript defaultColorScheme="auto" />
       <MantineProvider theme={theme} defaultColorScheme="auto">
         <Notifications />
-        <QueryClientProvider client={queryClient}>
-          <RouterProvider router={router} />
-        </QueryClientProvider>
+        <ModalsProvider>
+          <QueryClientProvider client={queryClient}>
+            <RouterProvider router={router} />
+          </QueryClientProvider>
+        </ModalsProvider>
       </MantineProvider>
     </>
   )
diff --git a/src/frontend/hooks/useAuth.ts b/src/frontend/hooks/useAuth.ts
index f6995bd..de18fcd 100644
--- a/src/frontend/hooks/useAuth.ts
+++ b/src/frontend/hooks/useAuth.ts
@@ -3,6 +3,12 @@ import { useNavigate } from '@tanstack/react-router'
 
 export type Role = 'USER' | 'ADMIN' | 'DEVELOPER'
 
+export function getDefaultRoute(role: Role): string {
+  if (role === 'DEVELOPER') return '/dev'
+  if (role === 'ADMIN') return '/dashboard'
+  return '/profile'
+}
+
 export interface User {
   id: string
   name: string
@@ -42,7 +48,7 @@ export function useLogin() {
       }),
     onSuccess: (data) => {
       queryClient.setQueryData(['auth', 'session'], data)
-      navigate({ to: data.user.role === 'USER' ? '/profile' : '/dashboard' })
+      navigate({ to: getDefaultRoute(data.user.role) })
     },
   })
 }
diff --git a/src/frontend/hooks/usePresence.ts b/src/frontend/hooks/usePresence.ts
new file mode 100644
index 0000000..4ab296e
--- /dev/null
+++ b/src/frontend/hooks/usePresence.ts
@@ -0,0 +1,42 @@
+import { useEffect, useRef, useState } from 'react'
+import { useSession } from './useAuth'
+
+export function usePresence() {
+  const { data } = useSession()
+  const [onlineUserIds, setOnlineUserIds] = useState<string[]>([])
+  const wsRef = useRef<WebSocket | null>(null)
+  const reconnectTimer = useRef<ReturnType<typeof setTimeout> | undefined>(undefined)
+
+  useEffect(() => {
+    if (!data?.user) return
+
+    function connect() {
+      const proto = location.protocol === 'https:' ? 'wss' : 'ws'
+      const ws = new WebSocket(`${proto}://${location.host}/ws/presence`)
+      wsRef.current = ws
+
+      ws.onmessage = (e) => {
+        const msg = JSON.parse(e.data)
+        if (msg.type === 'presence') setOnlineUserIds(msg.online)
+      }
+      ws.onclose = () => {
+        wsRef.current = null
+        reconnectTimer.current = setTimeout(connect, 3000)
+      }
+      ws.onerror = () => ws.close()
+    }
+
+    connect()
+
+    return () => {
+      clearTimeout(reconnectTimer.current)
+      if (wsRef.current) {
+        wsRef.current.onclose = null
+        wsRef.current.close()
+        wsRef.current = null
+      }
+    }
+  }, [data?.user?.id, data?.user])
+
+  return { onlineUserIds }
+}
diff --git a/src/frontend/routes/dev.tsx b/src/frontend/routes/dev.tsx
new file mode 100644
index 0000000..4628dbb
--- /dev/null
+++ b/src/frontend/routes/dev.tsx
@@ -0,0 +1,1481 @@
+import {
+  ActionIcon,
+  AppShell,
+  Avatar,
+  Badge,
+  Box,
+  Burger,
+  Button,
+  Card,
+  Center,
+  Container,
+  Group,
+  Loader,
+  Menu,
+  Modal,
+  NavLink,
+  Pagination,
+  Paper,
+  SegmentedControl,
+  Select,
+  SimpleGrid,
+  Stack,
+  Table,
+  Text,
+  ThemeIcon,
+  Title,
+  Tooltip,
+} from '@mantine/core'
+import { useDisclosure, useMediaQuery } from '@mantine/hooks'
+import { modals } from '@mantine/modals'
+import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
+import { createFileRoute, redirect, useNavigate } from '@tanstack/react-router'
+import {
+  Background,
+  Controls,
+  type Edge,
+  Handle,
+  MarkerType,
+  type Node,
+  Position,
+  ReactFlow,
+  ReactFlowProvider,
+  useEdgesState,
+  useNodesState,
+  useReactFlow,
+} from '@xyflow/react'
+import '@xyflow/react/dist/style.css'
+import ELK from 'elkjs/lib/elk.bundled.js'
+import React, { useCallback, useEffect, useMemo, useRef, useState } from 'react'
+import {
+  TbActivity,
+  TbApps,
+  TbBug,
+  TbChevronRight,
+  TbCircleFilled,
+  TbCode,
+  TbDatabase,
+  TbDots,
+  TbFileText,
+  TbLayoutDashboard,
+  TbLayoutSidebarLeftCollapse,
+  TbLayoutSidebarLeftExpand,
+  TbLogout,
+  TbRefresh,
+  TbServer,
+  TbSettings,
+  TbSitemap,
+  TbTrash,
+  TbUser,
+  TbUserSearch,
+  TbUsers,
+} from 'react-icons/tb'
+import { type Role, useLogout, useSession } from '@/frontend/hooks/useAuth'
+import { usePresence } from '@/frontend/hooks/usePresence'
+
+const validTabs = ['overview', 'operators', 'bugs', 'app-logs', 'activity-logs', 'database', 'project', 'settings'] as const
+
+export const Route = createFileRoute('/dev')({
+  validateSearch: (search: Record<string, unknown>) => ({
+    tab: validTabs.includes(search.tab as any) ? (search.tab as string) : 'overview',
+  }),
+  beforeLoad: async ({ context }) => {
+    try {
+      const data = await context.queryClient.ensureQueryData({
+        queryKey: ['auth', 'session'],
+        queryFn: () => fetch('/api/auth/session', { credentials: 'include' }).then((r) => r.json()),
+      })
+      if (!data?.user) throw redirect({ to: '/login' })
+      if (data.user.role !== 'DEVELOPER') throw redirect({ to: '/dashboard' })
+    } catch (e) {
+      if (e instanceof Error) throw redirect({ to: '/login' })
+      throw e
+    }
+  },
+  component: DevPage,
+})
+
+interface AdminUser {
+  id: string
+  name: string
+  email: string
+  role: Role
+  active: boolean
+  image?: string | null
+  createdAt: string
+}
+
+const navItems = [
+  { label: 'Overview', icon: TbLayoutDashboard, key: 'overview' },
+  { label: 'Operators', icon: TbUsers, key: 'operators' },
+  { label: 'Bugs', icon: TbBug, key: 'bugs' },
+  { label: 'App Logs', icon: TbServer, key: 'app-logs' },
+  { label: 'Activity Logs', icon: TbActivity, key: 'activity-logs' },
+  { label: 'Database', icon: TbDatabase, key: 'database' },
+  { label: 'Project', icon: TbSitemap, key: 'project' },
+  { label: 'Settings', icon: TbSettings, key: 'settings' },
+]
+
+function DevPage() {
+  const { data } = useSession()
+  const logout = useLogout()
+  const user = data?.user
+  const { tab: active } = Route.useSearch()
+  const navigate = useNavigate()
+  const [mobileOpened, { toggle: toggleMobile, close: closeMobile }] = useDisclosure(false)
+  const isMobile = useMediaQuery('(max-width: 48em)')
+  const setActive = (key: string) => {
+    navigate({ to: '/dev', search: { tab: key } })
+    closeMobile()
+  }
+  const [collapsed, setCollapsed] = useState(() => localStorage.getItem('dev:sidebar') === 'collapsed')
+  const toggleSidebar = () => {
+    setCollapsed((prev) => {
+      const next = !prev
+      localStorage.setItem('dev:sidebar', next ? 'collapsed' : 'open')
+      return next
+    })
+  }
+  const confirmLogout = () =>
+    modals.openConfirmModal({
+      title: 'Logout',
+      children: <Text size="sm">Yakin ingin logout?</Text>,
+      labels: { confirm: 'Logout', cancel: 'Batal' },
+      confirmProps: { color: 'red' },
+      onConfirm: () => logout.mutate(),
+    })
+
+  return (
+    <AppShell
+      header={{ height: 56, collapsed: !isMobile }}
+      navbar={{ width: collapsed ? 60 : 260, breakpoint: 'sm', collapsed: { mobile: !mobileOpened } }}
+      padding="md"
+    >
+      <AppShell.Header px="md" hiddenFrom="sm">
+        <Group h="100%" justify="space-between">
+          <Group gap="xs">
+            <Burger opened={mobileOpened} onClick={toggleMobile} size="sm" />
+            <ThemeIcon size="md" variant="gradient" gradient={{ from: 'blue', to: 'cyan' }}>
+              <TbCode size={16} />
+            </ThemeIcon>
+            <Text fw={700} size="sm">Dev Console</Text>
+          </Group>
+        </Group>
+      </AppShell.Header>
+
+      <AppShell.Navbar p={collapsed ? 'xs' : 'md'}>
+        <AppShell.Section>
+          <Group gap="xs" mb="md" justify={collapsed ? 'center' : 'space-between'}>
+            {collapsed ? (
+              <Tooltip label="Expand sidebar" position="right">
+                <ActionIcon variant="subtle" color="gray" size="lg" onClick={toggleSidebar}>
+                  <TbLayoutSidebarLeftExpand size={18} />
+                </ActionIcon>
+              </Tooltip>
+            ) : (
+              <>
+                <Group gap="xs">
+                  <ThemeIcon size="lg" variant="gradient" gradient={{ from: 'blue', to: 'cyan' }}>
+                    <TbCode size={18} />
+                  </ThemeIcon>
+                  <div>
+                    <Text fw={700} size="sm">Dev Console</Text>
+                    <Text size="xs" c="dimmed">Developer</Text>
+                  </div>
+                </Group>
+                <Tooltip label="Minimize sidebar">
+                  <ActionIcon variant="subtle" color="gray" size="sm" onClick={toggleSidebar}>
+                    <TbLayoutSidebarLeftCollapse size={18} />
+                  </ActionIcon>
+                </Tooltip>
+              </>
+            )}
+          </Group>
+        </AppShell.Section>
+
+        <AppShell.Section grow>
+          <Stack gap={4}>
+            {navItems.map((item) => {
+              const Icon = item.icon
+              if (collapsed) {
+                return (
+                  <Tooltip key={item.key} label={item.label} position="right">
+                    <ActionIcon
+                      variant={active === item.key ? 'filled' : 'subtle'}
+                      color={active === item.key ? 'blue' : 'gray'}
+                      size="lg"
+                      onClick={() => setActive(item.key)}
+                    >
+                      <Icon size={18} />
+                    </ActionIcon>
+                  </Tooltip>
+                )
+              }
+              return (
+                <NavLink
+                  key={item.key}
+                  label={item.label}
+                  leftSection={<Icon size={16} />}
+                  rightSection={active === item.key ? <TbChevronRight size={14} /> : undefined}
+                  active={active === item.key}
+                  onClick={() => setActive(item.key)}
+                  style={{ borderRadius: 6 }}
+                />
+              )
+            })}
+          </Stack>
+        </AppShell.Section>
+
+        <AppShell.Section>
+          {!collapsed && user && (
+            <Box mb="sm">
+              <Group gap="sm">
+                <Avatar size="sm" color="blue" radius="xl">
+                  {user.name.charAt(0).toUpperCase()}
+                </Avatar>
+                <Box style={{ flex: 1, minWidth: 0 }}>
+                  <Text size="sm" fw={500} truncate>{user.name}</Text>
+                  <Text size="xs" c="dimmed" truncate>{user.email}</Text>
+                </Box>
+              </Group>
+            </Box>
+          )}
+          <Group gap="xs" justify={collapsed ? 'center' : 'space-between'}>
+            {!collapsed && (
+              <Tooltip label="Logout">
+                <ActionIcon variant="subtle" color="red" onClick={confirmLogout} loading={logout.isPending}>
+                  <TbLogout size={18} />
+                </ActionIcon>
+              </Tooltip>
+            )}
+            {collapsed && (
+              <Tooltip label="Logout" position="right">
+                <ActionIcon variant="subtle" color="red" onClick={confirmLogout} loading={logout.isPending}>
+                  <TbLogout size={18} />
+                </ActionIcon>
+              </Tooltip>
+            )}
+          </Group>
+        </AppShell.Section>
+      </AppShell.Navbar>
+
+      <AppShell.Main>
+        <Container size="xl" px={0}>
+          {active === 'overview' && <OverviewPanel />}
+          {active === 'operators' && <OperatorsPanel currentUserId={user?.id ?? ''} />}
+          {active === 'bugs' && <BugsPanel />}
+          {active === 'app-logs' && <AppLogsPanel />}
+          {active === 'activity-logs' && <ActivityLogsPanel />}
+          {active === 'database' && <DatabasePanel />}
+          {active === 'project' && <ProjectPanel />}
+          {active === 'settings' && <SettingsPanel />}
+        </Container>
+      </AppShell.Main>
+    </AppShell>
+  )
+}
+
+// ─── Overview Panel ────────────────────────────────────────────────────────────
+
+function OverviewPanel() {
+  const { onlineUserIds } = usePresence()
+  const { data } = useQuery({
+    queryKey: ['admin', 'stats'],
+    queryFn: () => fetch('/api/admin/stats', { credentials: 'include' }).then((r) => r.json()),
+    refetchInterval: 10_000,
+  })
+  const stats = data ?? {}
+
+  const cards = [
+    { label: 'Total Apps', value: stats.totalApps ?? '—', icon: TbApps, color: 'blue' },
+    { label: 'Open Bugs', value: stats.openBugs ?? '—', icon: TbBug, color: 'red' },
+    { label: 'Total Operators', value: stats.totalOperators ?? '—', icon: TbUsers, color: 'green' },
+    { label: 'Online Now', value: onlineUserIds.length, icon: TbCircleFilled, color: 'teal' },
+  ]
+
+  return (
+    <Stack>
+      <Title order={3}>Overview</Title>
+      <SimpleGrid cols={{ base: 1, sm: 2, md: 4 }}>
+        {cards.map((c) => {
+          const Icon = c.icon
+          return (
+            <Card key={c.label} withBorder shadow="sm" radius="md" p="lg">
+              <Group justify="space-between" mb="xs">
+                <Text size="sm" c="dimmed" fw={500}>{c.label}</Text>
+                <ThemeIcon color={c.color} variant="light" size="md">
+                  <Icon size={16} />
+                </ThemeIcon>
+              </Group>
+              <Text fw={700} size="xl">{String(c.value)}</Text>
+            </Card>
+          )
+        })}
+      </SimpleGrid>
+    </Stack>
+  )
+}
+
+// ─── Operators Panel ───────────────────────────────────────────────────────────
+
+function OperatorsPanel({ currentUserId }: { currentUserId: string }) {
+  const { onlineUserIds } = usePresence()
+  const qc = useQueryClient()
+  const { data, isLoading } = useQuery({
+    queryKey: ['admin', 'users'],
+    queryFn: () => fetch('/api/admin/users', { credentials: 'include' }).then((r) => r.json()),
+  })
+  const users: AdminUser[] = data?.users ?? []
+
+  const roleMutation = useMutation({
+    mutationFn: ({ id, role }: { id: string; role: string }) =>
+      fetch(`/api/admin/users/${id}/role`, { method: 'PUT', credentials: 'include', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ role }) }).then((r) => r.json()),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['admin', 'users'] }),
+  })
+  const activateMutation = useMutation({
+    mutationFn: ({ id, active }: { id: string; active: boolean }) =>
+      fetch(`/api/admin/users/${id}/activate`, { method: 'PUT', credentials: 'include', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ active }) }).then((r) => r.json()),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['admin', 'users'] }),
+  })
+
+  const roleColor: Record<string, string> = { DEVELOPER: 'violet', ADMIN: 'blue', USER: 'gray' }
+
+  return (
+    <Stack>
+      <Group justify="space-between">
+        <Title order={3}>Operators</Title>
+        <Text size="sm" c="dimmed">{users.length} total</Text>
+      </Group>
+      {isLoading ? <Center><Loader /></Center> : (
+        <Table.ScrollContainer minWidth={600}>
+          <Table striped highlightOnHover>
+            <Table.Thead>
+              <Table.Tr>
+                <Table.Th>Operator</Table.Th>
+                <Table.Th>Role</Table.Th>
+                <Table.Th>Status</Table.Th>
+                <Table.Th>Joined</Table.Th>
+                <Table.Th />
+              </Table.Tr>
+            </Table.Thead>
+            <Table.Tbody>
+              {users.map((u) => {
+                const isOnline = onlineUserIds.includes(u.id)
+                const isSelf = u.id === currentUserId
+                const isDeveloper = u.role === 'DEVELOPER'
+                return (
+                  <Table.Tr key={u.id}>
+                    <Table.Td>
+                      <Group gap="sm">
+                        <Box pos="relative">
+                          <Avatar size="sm" color="blue" radius="xl">{u.name.charAt(0).toUpperCase()}</Avatar>
+                          {isOnline && (
+                            <Box pos="absolute" bottom={0} right={0} w={8} h={8} bg="green" style={{ borderRadius: '50%', border: '1.5px solid white' }} />
+                          )}
+                        </Box>
+                        <div>
+                          <Text size="sm" fw={500}>{u.name} {isSelf && <Text span size="xs" c="dimmed">(you)</Text>}</Text>
+                          <Text size="xs" c="dimmed">{u.email}</Text>
+                        </div>
+                      </Group>
+                    </Table.Td>
+                    <Table.Td><Badge color={roleColor[u.role] ?? 'gray'} variant="light">{u.role}</Badge></Table.Td>
+                    <Table.Td>
+                      {!u.active ? <Badge color="red" variant="light">Inactive</Badge>
+                        : isOnline ? <Badge color="green" variant="light">Online</Badge>
+                        : <Badge color="gray" variant="light">Offline</Badge>}
+                    </Table.Td>
+                    <Table.Td><Text size="xs" c="dimmed">{new Date(u.createdAt).toLocaleDateString('id-ID')}</Text></Table.Td>
+                    <Table.Td>
+                      {!isSelf && !isDeveloper && (
+                        <Menu shadow="md" withinPortal>
+                          <Menu.Target>
+                            <ActionIcon variant="subtle" color="gray"><TbDots size={16} /></ActionIcon>
+                          </Menu.Target>
+                          <Menu.Dropdown>
+                            <Menu.Label>Ganti Role</Menu.Label>
+                            {(['USER', 'ADMIN'] as const).filter((r) => r !== u.role).map((r) => (
+                              <Menu.Item key={r} leftSection={<TbUser size={14} />} onClick={() => roleMutation.mutate({ id: u.id, role: r })}>
+                                Jadikan {r}
+                              </Menu.Item>
+                            ))}
+                            <Menu.Divider />
+                            {u.active ? (
+                              <Menu.Item color="red" leftSection={<TbUserSearch size={14} />}
+                                onClick={() => modals.openConfirmModal({
+                                  title: 'Nonaktifkan Operator',
+                                  children: <Text size="sm">Nonaktifkan {u.name}? Semua sesi aktif akan dihapus.</Text>,
+                                  labels: { confirm: 'Nonaktifkan', cancel: 'Batal' },
+                                  confirmProps: { color: 'red' },
+                                  onConfirm: () => activateMutation.mutate({ id: u.id, active: false }),
+                                })}>
+                                Nonaktifkan
+                              </Menu.Item>
+                            ) : (
+                              <Menu.Item color="green" leftSection={<TbUserSearch size={14} />}
+                                onClick={() => activateMutation.mutate({ id: u.id, active: true })}>
+                                Aktifkan
+                              </Menu.Item>
+                            )}
+                          </Menu.Dropdown>
+                        </Menu>
+                      )}
+                    </Table.Td>
+                  </Table.Tr>
+                )
+              })}
+            </Table.Tbody>
+          </Table>
+        </Table.ScrollContainer>
+      )}
+    </Stack>
+  )
+}
+
+// ─── Bugs Panel ────────────────────────────────────────────────────────────────
+
+const BUG_STATUSES = ['all', 'OPEN', 'ON_HOLD', 'IN_PROGRESS', 'RESOLVED', 'RELEASED', 'CLOSED'] as const
+const BUG_STATUS_COLOR: Record<string, string> = {
+  OPEN: 'red', ON_HOLD: 'orange', IN_PROGRESS: 'blue', RESOLVED: 'teal', RELEASED: 'green', CLOSED: 'gray',
+}
+const BUG_SOURCE_COLOR: Record<string, string> = { QC: 'violet', SYSTEM: 'blue', USER: 'gray' }
+
+function BugsPanel() {
+  const [status, setStatus] = useState('all')
+  const [page, setPage] = useState(1)
+  const PER_PAGE = 25
+
+  const { data, isLoading } = useQuery({
+    queryKey: ['admin', 'bugs', status, page],
+    queryFn: () => {
+      const params = new URLSearchParams({ page: String(page), limit: String(PER_PAGE) })
+      if (status !== 'all') params.set('status', status)
+      return fetch(`/api/bugs?${params}`, { credentials: 'include' }).then((r) => r.json())
+    },
+    refetchInterval: 15_000,
+  })
+
+  const bugs = data?.data ?? []
+  const totalPages = data?.totalPages ?? 1
+  const totalItems = data?.totalItems ?? 0
+
+  return (
+    <Stack>
+      <Group justify="space-between">
+        <Title order={3}>Bugs</Title>
+        <Text size="sm" c="dimmed">{totalItems} total</Text>
+      </Group>
+      <SegmentedControl
+        value={status}
+        onChange={(v) => { setStatus(v); setPage(1) }}
+        data={BUG_STATUSES.map((s) => ({ label: s === 'all' ? 'All' : s.replace('_', ' '), value: s }))}
+        size="xs"
+      />
+      {isLoading ? <Center><Loader /></Center> : (
+        <>
+          <Table.ScrollContainer minWidth={700}>
+            <Table striped highlightOnHover>
+              <Table.Thead>
+                <Table.Tr>
+                  <Table.Th>Status</Table.Th>
+                  <Table.Th>Source</Table.Th>
+                  <Table.Th>App</Table.Th>
+                  <Table.Th>Description</Table.Th>
+                  <Table.Th>Version</Table.Th>
+                  <Table.Th>Reporter</Table.Th>
+                  <Table.Th>Date</Table.Th>
+                </Table.Tr>
+              </Table.Thead>
+              <Table.Tbody>
+                {bugs.map((b: any) => (
+                  <Table.Tr key={b.id}>
+                    <Table.Td><Badge color={BUG_STATUS_COLOR[b.status] ?? 'gray'} variant="light" size="sm">{b.status.replace('_', ' ')}</Badge></Table.Td>
+                    <Table.Td><Badge color={BUG_SOURCE_COLOR[b.source] ?? 'gray'} variant="dot" size="sm">{b.source}</Badge></Table.Td>
+                    <Table.Td><Text size="xs" c="dimmed">{b.app?.name ?? b.appId ?? '—'}</Text></Table.Td>
+                    <Table.Td><Text size="sm" lineClamp={1} style={{ maxWidth: 240 }}>{b.description}</Text></Table.Td>
+                    <Table.Td><Text size="xs" c="dimmed">{b.affectedVersion}</Text></Table.Td>
+                    <Table.Td><Text size="xs">{b.user?.name ?? '—'}</Text></Table.Td>
+                    <Table.Td><Text size="xs" c="dimmed">{new Date(b.createdAt).toLocaleDateString('id-ID')}</Text></Table.Td>
+                  </Table.Tr>
+                ))}
+                {bugs.length === 0 && (
+                  <Table.Tr>
+                    <Table.Td colSpan={7}><Center py="xl"><Text c="dimmed">Tidak ada bug ditemukan</Text></Center></Table.Td>
+                  </Table.Tr>
+                )}
+              </Table.Tbody>
+            </Table>
+          </Table.ScrollContainer>
+          {totalPages > 1 && <Center><Pagination total={totalPages} value={page} onChange={setPage} size="sm" /></Center>}
+        </>
+      )}
+    </Stack>
+  )
+}
+
+// ─── App Logs Panel ────────────────────────────────────────────────────────────
+
+const LOG_LEVELS = ['all', 'info', 'warn', 'error'] as const
+const LOG_LEVEL_COLOR: Record<string, string> = { info: 'blue', warn: 'orange', error: 'red' }
+
+function AppLogsPanel() {
+  const [level, setLevel] = useState('all')
+  const [page, setPage] = useState(1)
+  const PER_PAGE = 25
+  const qc = useQueryClient()
+
+  const { data, isLoading } = useQuery({
+    queryKey: ['admin', 'logs', 'app', level],
+    queryFn: () => {
+      const params = new URLSearchParams({ limit: '200' })
+      if (level !== 'all') params.set('level', level)
+      return fetch(`/api/admin/logs/app?${params}`, { credentials: 'include' }).then((r) => r.json())
+    },
+    refetchInterval: 5_000,
+  })
+
+  const allLogs = data?.logs ?? []
+  const redisDisabled = data?.redisDisabled
+
+  const pageLogs = useMemo(() => {
+    const start = (page - 1) * PER_PAGE
+    return allLogs.slice(start, start + PER_PAGE)
+  }, [allLogs, page])
+
+  const totalPages = Math.ceil(allLogs.length / PER_PAGE)
+
+  const clearMutation = useMutation({
+    mutationFn: () => fetch('/api/admin/logs/app', { method: 'DELETE', credentials: 'include' }).then((r) => r.json()),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['admin', 'logs', 'app'] }),
+  })
+
+  return (
+    <Stack>
+      <Group justify="space-between">
+        <Title order={3}>App Logs</Title>
+        <Group gap="xs">
+          <ActionIcon variant="subtle" color="gray" onClick={() => qc.invalidateQueries({ queryKey: ['admin', 'logs', 'app'] })}>
+            <TbRefresh size={16} />
+          </ActionIcon>
+          <ActionIcon variant="subtle" color="red"
+            onClick={() => modals.openConfirmModal({
+              title: 'Hapus semua app logs',
+              children: <Text size="sm">Semua log Redis akan dihapus. Tindakan ini tidak bisa dibatalkan.</Text>,
+              labels: { confirm: 'Hapus', cancel: 'Batal' },
+              confirmProps: { color: 'red' },
+              onConfirm: () => clearMutation.mutate(),
+            })}>
+            <TbTrash size={16} />
+          </ActionIcon>
+        </Group>
+      </Group>
+
+      {redisDisabled && (
+        <Paper withBorder p="md" bg="yellow.0">
+          <Text size="sm" c="orange">Redis tidak dikonfigurasi (REDIS_URL kosong). App Logs tidak tersedia.</Text>
+        </Paper>
+      )}
+
+      <SegmentedControl
+        value={level}
+        onChange={(v) => { setLevel(v); setPage(1) }}
+        data={LOG_LEVELS.map((l) => ({ label: l === 'all' ? 'All' : l.toUpperCase(), value: l }))}
+        size="xs"
+      />
+
+      {isLoading ? <Center><Loader /></Center> : (
+        <>
+          <Table.ScrollContainer minWidth={600}>
+            <Table striped highlightOnHover fz="xs">
+              <Table.Thead>
+                <Table.Tr>
+                  <Table.Th>Time</Table.Th>
+                  <Table.Th>Level</Table.Th>
+                  <Table.Th>Message</Table.Th>
+                  <Table.Th>Detail</Table.Th>
+                </Table.Tr>
+              </Table.Thead>
+              <Table.Tbody>
+                {pageLogs.map((log: any) => (
+                  <Table.Tr key={log.id}>
+                    <Table.Td style={{ whiteSpace: 'nowrap' }}>{new Date(log.timestamp).toLocaleTimeString('id-ID')}</Table.Td>
+                    <Table.Td><Badge color={LOG_LEVEL_COLOR[log.level] ?? 'gray'} variant="light" size="xs">{log.level.toUpperCase()}</Badge></Table.Td>
+                    <Table.Td>{log.message}</Table.Td>
+                    <Table.Td c="dimmed">{log.detail ?? ''}</Table.Td>
+                  </Table.Tr>
+                ))}
+                {pageLogs.length === 0 && !redisDisabled && (
+                  <Table.Tr><Table.Td colSpan={4}><Center py="xl"><Text c="dimmed">Belum ada log</Text></Center></Table.Td></Table.Tr>
+                )}
+              </Table.Tbody>
+            </Table>
+          </Table.ScrollContainer>
+          {totalPages > 1 && <Center><Pagination total={totalPages} value={page} onChange={setPage} size="sm" /></Center>}
+        </>
+      )}
+    </Stack>
+  )
+}
+
+// ─── Activity Logs Panel ───────────────────────────────────────────────────────
+
+const LOG_TYPES = ['all', 'LOGIN', 'LOGOUT', 'CREATE', 'UPDATE', 'DELETE'] as const
+const LOG_TYPE_COLOR: Record<string, string> = { LOGIN: 'green', LOGOUT: 'gray', CREATE: 'blue', UPDATE: 'yellow', DELETE: 'red' }
+
+function ActivityLogsPanel() {
+  const [type, setType] = useState('all')
+  const [userId, setUserId] = useState('all')
+  const [page, setPage] = useState(1)
+  const PER_PAGE = 25
+  const qc = useQueryClient()
+
+  const { data: usersData } = useQuery({
+    queryKey: ['admin', 'users'],
+    queryFn: () => fetch('/api/admin/users', { credentials: 'include' }).then((r) => r.json()),
+  })
+  const users: AdminUser[] = usersData?.users ?? []
+
+  const { data, isLoading } = useQuery({
+    queryKey: ['admin', 'logs', 'audit', type, userId],
+    queryFn: () => {
+      const params = new URLSearchParams({ limit: '200' })
+      if (type !== 'all') params.set('type', type)
+      if (userId !== 'all') params.set('userId', userId)
+      return fetch(`/api/admin/logs/audit?${params}`, { credentials: 'include' }).then((r) => r.json())
+    },
+    refetchInterval: 10_000,
+  })
+
+  const allLogs = data?.logs ?? []
+  const pageLogs = useMemo(() => {
+    const start = (page - 1) * PER_PAGE
+    return allLogs.slice(start, start + PER_PAGE)
+  }, [allLogs, page])
+  const totalPages = Math.ceil(allLogs.length / PER_PAGE)
+
+  const clearMutation = useMutation({
+    mutationFn: () => fetch('/api/admin/logs/audit', { method: 'DELETE', credentials: 'include' }).then((r) => r.json()),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['admin', 'logs', 'audit'] }),
+  })
+
+  return (
+    <Stack>
+      <Group justify="space-between">
+        <Title order={3}>Activity Logs</Title>
+        <Group gap="xs">
+          <ActionIcon variant="subtle" color="gray" onClick={() => qc.invalidateQueries({ queryKey: ['admin', 'logs', 'audit'] })}>
+            <TbRefresh size={16} />
+          </ActionIcon>
+          <ActionIcon variant="subtle" color="red"
+            onClick={() => modals.openConfirmModal({
+              title: 'Hapus semua activity logs',
+              children: <Text size="sm">Semua log aktivitas akan dihapus permanen.</Text>,
+              labels: { confirm: 'Hapus', cancel: 'Batal' },
+              confirmProps: { color: 'red' },
+              onConfirm: () => clearMutation.mutate(),
+            })}>
+            <TbTrash size={16} />
+          </ActionIcon>
+        </Group>
+      </Group>
+      <Group gap="sm">
+        <Select
+          placeholder="Filter operator"
+          value={userId}
+          onChange={(v) => { setUserId(v ?? 'all'); setPage(1) }}
+          data={[{ value: 'all', label: 'Semua operator' }, ...users.map((u) => ({ value: u.id, label: u.name }))]}
+          size="xs"
+          w={180}
+          clearable
+        />
+        <SegmentedControl
+          value={type}
+          onChange={(v) => { setType(v); setPage(1) }}
+          data={LOG_TYPES.map((t) => ({ label: t === 'all' ? 'All' : t, value: t }))}
+          size="xs"
+        />
+      </Group>
+      {isLoading ? <Center><Loader /></Center> : (
+        <>
+          <Table.ScrollContainer minWidth={600}>
+            <Table striped highlightOnHover fz="xs">
+              <Table.Thead>
+                <Table.Tr>
+                  <Table.Th>Time</Table.Th>
+                  <Table.Th>Operator</Table.Th>
+                  <Table.Th>Type</Table.Th>
+                  <Table.Th>Message</Table.Th>
+                </Table.Tr>
+              </Table.Thead>
+              <Table.Tbody>
+                {pageLogs.map((log: any) => (
+                  <Table.Tr key={log.id}>
+                    <Table.Td style={{ whiteSpace: 'nowrap' }}>{new Date(log.createdAt).toLocaleString('id-ID')}</Table.Td>
+                    <Table.Td>
+                      {log.user ? (
+                        <div>
+                          <Text size="xs" fw={500}>{log.user.name}</Text>
+                          <Text size="xs" c="dimmed">{log.user.email}</Text>
+                        </div>
+                      ) : <Text size="xs" c="dimmed">—</Text>}
+                    </Table.Td>
+                    <Table.Td><Badge color={LOG_TYPE_COLOR[log.type] ?? 'gray'} variant="light" size="xs">{log.type}</Badge></Table.Td>
+                    <Table.Td><Text size="xs" lineClamp={1}>{log.message}</Text></Table.Td>
+                  </Table.Tr>
+                ))}
+                {pageLogs.length === 0 && (
+                  <Table.Tr><Table.Td colSpan={4}><Center py="xl"><Text c="dimmed">Belum ada log aktivitas</Text></Center></Table.Td></Table.Tr>
+                )}
+              </Table.Tbody>
+            </Table>
+          </Table.ScrollContainer>
+          {totalPages > 1 && <Center><Pagination total={totalPages} value={page} onChange={setPage} size="sm" /></Center>}
+        </>
+      )}
+    </Stack>
+  )
+}
+
+// ─── ELK Layout Utility ────────────────────────────────────────────────────────
+
+const elk = new ELK()
+
+async function applyElkLayout(
+  nodes: Node[],
+  edges: Edge[],
+  direction: 'DOWN' | 'RIGHT' | 'UP' | 'LEFT' = 'RIGHT',
+): Promise<{ nodes: Node[]; edges: Edge[] }> {
+  if (nodes.length === 0) return { nodes, edges }
+  const elkNodes = nodes.map((n) => ({ id: n.id, width: (n.measured?.width ?? n.data?.width ?? 200) as number, height: (n.measured?.height ?? n.data?.height ?? 60) as number }))
+  const elkEdges = edges.map((e) => ({ id: e.id, sources: [e.source], targets: [e.target] }))
+  const graph = await elk.layout({
+    id: 'root',
+    layoutOptions: {
+      'elk.algorithm': 'layered',
+      'elk.direction': direction,
+      'elk.spacing.nodeNode': '40',
+      'elk.layered.spacing.nodeNodeBetweenLayers': '60',
+    },
+    children: elkNodes,
+    edges: elkEdges,
+  })
+  const positioned = new Map(graph.children?.map((n) => [n.id, { x: n.x ?? 0, y: n.y ?? 0 }]) ?? [])
+  return {
+    nodes: nodes.map((n) => ({ ...n, position: positioned.get(n.id) ?? n.position })),
+    edges,
+  }
+}
+
+function useFlowAutoSave(key: string) {
+  const savePositions = useCallback((nodes: Node[]) => {
+    const pos: Record<string, { x: number; y: number }> = {}
+    for (const n of nodes) pos[n.id] = n.position
+    localStorage.setItem(`dev:flow:${key}:positions`, JSON.stringify(pos))
+  }, [key])
+  const saveViewport = useCallback((vp: { x: number; y: number; zoom: number }) => {
+    localStorage.setItem(`dev:flow:${key}:viewport`, JSON.stringify(vp))
+  }, [key])
+  const loadPositions = useCallback((): Record<string, { x: number; y: number }> => {
+    try { return JSON.parse(localStorage.getItem(`dev:flow:${key}:positions`) ?? '{}') } catch { return {} }
+  }, [key])
+  const loadViewport = useCallback(() => {
+    try { return JSON.parse(localStorage.getItem(`dev:flow:${key}:viewport`) ?? 'null') } catch { return null }
+  }, [key])
+  return { savePositions, saveViewport, loadPositions, loadViewport }
+}
+
+// ─── Database Panel ────────────────────────────────────────────────────────────
+
+interface SchemaField { name: string; type: string; isId: boolean; isUnique: boolean; isOptional: boolean; isList: boolean; isRelation: boolean; default?: string }
+interface SchemaRelation { from: string; fromField: string; to: string; toField: string; onDelete?: string }
+interface SchemaModel { name: string; tableName: string; fields: SchemaField[] }
+interface SchemaEnum { name: string; values: string[] }
+interface ParsedSchema { models: SchemaModel[]; enums: SchemaEnum[]; relations: SchemaRelation[] }
+
+function ModelNode({ data }: { data: any }) {
+  return (
+    <Paper withBorder shadow="sm" p={0} style={{ minWidth: 180, fontSize: 12 }}>
+      <Handle type="target" position={Position.Left} />
+      <Box bg="blue.6" px="xs" py={4} style={{ borderRadius: '4px 4px 0 0' }}>
+        <Text size="xs" fw={700} c="white">{data.name}</Text>
+        {data.tableName !== data.name && <Text size="xs" c="blue.1">@map({data.tableName})</Text>}
+      </Box>
+      <Stack gap={0}>
+        {data.fields?.map((f: SchemaField) => (
+          <Box key={f.name} px="xs" py={2} style={{ borderBottom: '1px solid var(--mantine-color-default-border)', display: 'flex', justifyContent: 'space-between', gap: 8 }}>
+            <Group gap={4}>
+              {f.isId && <Badge size="xs" color="yellow" variant="filled" p={2}>PK</Badge>}
+              {f.isUnique && !f.isId && <Badge size="xs" color="teal" variant="filled" p={2}>UQ</Badge>}
+              <Text size="xs" fw={f.isId ? 700 : 400} c={f.isRelation ? 'blue' : undefined}>{f.name}{f.isOptional ? '?' : ''}</Text>
+            </Group>
+            <Text size="xs" c="dimmed">{f.type}</Text>
+          </Box>
+        ))}
+      </Stack>
+      <Handle type="source" position={Position.Right} />
+    </Paper>
+  )
+}
+
+function EnumNode({ data }: { data: any }) {
+  return (
+    <Paper withBorder shadow="sm" p={0} style={{ minWidth: 140, fontSize: 12 }}>
+      <Box bg="violet.6" px="xs" py={4} style={{ borderRadius: '4px 4px 0 0' }}>
+        <Text size="xs" fw={700} c="white">enum {data.name}</Text>
+      </Box>
+      <Stack gap={0}>
+        {data.values?.map((v: string) => (
+          <Box key={v} px="xs" py={2} style={{ borderBottom: '1px solid var(--mantine-color-default-border)' }}>
+            <Text size="xs">{v}</Text>
+          </Box>
+        ))}
+      </Stack>
+    </Paper>
+  )
+}
+
+const DB_NODE_TYPES = { model: ModelNode, enum: EnumNode }
+
+function DatabaseFlowInner({ schema }: { schema: ParsedSchema }) {
+  const { fitView, setViewport } = useReactFlow()
+  const [nodes, setNodes, onNodesChange] = useNodesState<Node>([])
+  const [edges, setEdges, onEdgesChange] = useEdgesState<Edge>([])
+  const { savePositions, saveViewport, loadPositions, loadViewport } = useFlowAutoSave('db')
+  const saveTimer = useRef<ReturnType<typeof setTimeout> | undefined>(undefined)
+
+  useEffect(() => {
+    const savedPos = loadPositions()
+    const hasSaved = Object.keys(savedPos).length > 0
+
+    const newNodes: Node[] = [
+      ...schema.models.map((m, i) => ({
+        id: m.name, type: 'model',
+        position: savedPos[m.name] ?? { x: i * 220, y: 0 },
+        data: { name: m.name, tableName: m.tableName, fields: m.fields },
+      })),
+      ...schema.enums.map((e, i) => ({
+        id: `enum_${e.name}`, type: 'enum',
+        position: savedPos[`enum_${e.name}`] ?? { x: i * 160, y: 400 },
+        data: { name: e.name, values: e.values },
+      })),
+    ]
+
+    const newEdges: Edge[] = schema.relations.map((r) => ({
+      id: `${r.from}-${r.fromField}-${r.to}`,
+      source: r.from, target: r.to,
+      label: `${r.fromField} → ${r.toField}${r.onDelete ? ` [${r.onDelete}]` : ''}`,
+      markerEnd: { type: MarkerType.ArrowClosed },
+      style: { stroke: 'var(--mantine-color-blue-5)' },
+    }))
+
+    if (hasSaved) {
+      setNodes(newNodes)
+      setEdges(newEdges)
+      const savedVp = loadViewport()
+      if (savedVp) setTimeout(() => setViewport(savedVp), 50)
+      else setTimeout(() => fitView({ padding: 0.2 }), 50)
+    } else {
+      applyElkLayout(newNodes, newEdges, 'RIGHT').then(({ nodes: ln, edges: le }) => {
+        setNodes(ln)
+        setEdges(le)
+        setTimeout(() => fitView({ padding: 0.2 }), 100)
+      })
+    }
+  }, [schema])
+
+  const onNodeDragStop = useCallback((_: any, __: any, allNodes: Node[]) => {
+    clearTimeout(saveTimer.current)
+    saveTimer.current = setTimeout(() => savePositions(allNodes), 500)
+  }, [savePositions])
+
+  const onMoveEnd = useCallback((_: any, vp: any) => {
+    clearTimeout(saveTimer.current)
+    saveTimer.current = setTimeout(() => saveViewport(vp), 500)
+  }, [saveViewport])
+
+  return (
+    <ReactFlow
+      nodes={nodes} edges={edges}
+      onNodesChange={onNodesChange} onEdgesChange={onEdgesChange}
+      onNodeDragStop={onNodeDragStop} onMoveEnd={onMoveEnd}
+      nodeTypes={DB_NODE_TYPES}
+      fitView minZoom={0.05} maxZoom={5}
+    >
+      <Background /><Controls />
+    </ReactFlow>
+  )
+}
+
+function DatabasePanel() {
+  const { data, isLoading, refetch } = useQuery({
+    queryKey: ['admin', 'schema'],
+    queryFn: () => fetch('/api/admin/schema', { credentials: 'include' }).then((r) => r.json()),
+  })
+  const schema: ParsedSchema | null = data?.schema ?? null
+
+  return (
+    <Stack h="calc(100vh - 100px)">
+      <Group justify="space-between">
+        <Title order={3}>Database Schema</Title>
+        <ActionIcon variant="subtle" color="gray" onClick={() => refetch()}><TbRefresh size={16} /></ActionIcon>
+      </Group>
+      {isLoading ? <Center flex={1}><Loader /></Center> : schema ? (
+        <Box flex={1}>
+          <ReactFlowProvider>
+            <DatabaseFlowInner schema={schema} />
+          </ReactFlowProvider>
+        </Box>
+      ) : <Text c="dimmed">Schema tidak tersedia</Text>}
+    </Stack>
+  )
+}
+
+// ─── Project Panel ─────────────────────────────────────────────────────────────
+
+const PROJECT_VIEWS = [
+  { group: 'Architecture', items: [
+    { value: 'api-routes', label: 'API Routes' },
+    { value: 'file-structure', label: 'File Structure' },
+    { value: 'user-flow', label: 'User Flow' },
+    { value: 'data-flow', label: 'Data Flow' },
+  ]},
+  { group: 'DevOps', items: [
+    { value: 'env-map', label: 'Env Variables' },
+    { value: 'test-coverage', label: 'Test Coverage' },
+    { value: 'dependencies', label: 'Dependencies' },
+    { value: 'migrations', label: 'Migrations' },
+  ]},
+  { group: 'Live', items: [
+    { value: 'sessions', label: 'Sessions' },
+    { value: 'live-requests', label: 'Live Requests' },
+  ]},
+]
+
+function GenericFlowPanel({ queryKey, queryFn, buildGraph }: {
+  queryKey: string[]
+  queryFn: () => Promise<any>
+  buildGraph: (data: any) => { nodes: Node[]; edges: Edge[] }
+}) {
+  const { data, isLoading, refetch } = useQuery({ queryKey, queryFn, refetchInterval: queryKey.includes('sessions') ? 10_000 : undefined })
+  const { fitView, setViewport } = useReactFlow()
+  const [nodes, setNodes, onNodesChange] = useNodesState<Node>([])
+  const [edges, setEdges, onEdgesChange] = useEdgesState<Edge>([])
+  const flowKey = queryKey.join('-')
+  const { savePositions, saveViewport, loadPositions, loadViewport } = useFlowAutoSave(flowKey)
+  const saveTimer = useRef<ReturnType<typeof setTimeout> | undefined>(undefined)
+
+  useEffect(() => {
+    if (!data) return
+    const { nodes: newNodes, edges: newEdges } = buildGraph(data)
+    const savedPos = loadPositions()
+    const hasSaved = Object.keys(savedPos).length > 0
+
+    if (hasSaved) {
+      const withPos = newNodes.map((n) => ({ ...n, position: savedPos[n.id] ?? n.position }))
+      setNodes(withPos); setEdges(newEdges)
+      const savedVp = loadViewport()
+      if (savedVp) setTimeout(() => setViewport(savedVp), 50)
+      else setTimeout(() => fitView({ padding: 0.15 }), 50)
+    } else {
+      applyElkLayout(newNodes, newEdges, 'RIGHT').then(({ nodes: ln, edges: le }) => {
+        setNodes(ln); setEdges(le)
+        setTimeout(() => fitView({ padding: 0.15 }), 100)
+      })
+    }
+  }, [data])
+
+  const onNodeDragStop = useCallback((_: any, __: any, all: Node[]) => {
+    clearTimeout(saveTimer.current)
+    saveTimer.current = setTimeout(() => savePositions(all), 500)
+  }, [savePositions])
+  const onMoveEnd = useCallback((_: any, vp: any) => {
+    clearTimeout(saveTimer.current)
+    saveTimer.current = setTimeout(() => saveViewport(vp), 500)
+  }, [saveViewport])
+
+  if (isLoading) return <Center flex={1}><Loader /></Center>
+  return (
+    <Box style={{ position: 'absolute', inset: 0 }}>
+      <Box pos="absolute" top={8} right={8} style={{ zIndex: 10 }}>
+        <ActionIcon variant="subtle" style={{ background: 'white', boxShadow: '0 1px 3px rgba(0,0,0,.15)' }} onClick={() => { refetch() }}><TbRefresh size={14} /></ActionIcon>
+      </Box>
+      <ReactFlow nodes={nodes} edges={edges} onNodesChange={onNodesChange} onEdgesChange={onEdgesChange}
+        onNodeDragStop={onNodeDragStop} onMoveEnd={onMoveEnd} fitView minZoom={0.05} maxZoom={5}>
+        <Background /><Controls />
+      </ReactFlow>
+    </Box>
+  )
+}
+
+function SimpleNode({ data }: { data: any }) {
+  const methodColor: Record<string, string> = { GET: 'green', POST: 'blue', PUT: 'orange', PATCH: 'yellow', DELETE: 'red', WS: 'violet', PAGE: 'gray' }
+  const authColor: Record<string, string> = { public: 'gray', developer: 'violet', admin: 'blue', authenticated: 'teal', apiKeyOrSession: 'orange' }
+  return (
+    <Paper withBorder shadow="xs" px="sm" py="xs" style={{ minWidth: 200, maxWidth: 300, fontSize: 12 }}>
+      <Handle type="target" position={Position.Left} />
+      <Group gap={4} mb={2}>
+        {data.method && <Badge size="xs" color={methodColor[data.method] ?? 'gray'} variant="filled">{data.method}</Badge>}
+        {data.auth && <Badge size="xs" color={authColor[data.auth] ?? 'gray'} variant="light">{data.auth}</Badge>}
+      </Group>
+      <Text size="xs" fw={600} style={{ fontFamily: 'monospace' }}>{data.path ?? data.label}</Text>
+      {data.description && <Text size="xs" c="dimmed" lineClamp={1}>{data.description}</Text>}
+      <Handle type="source" position={Position.Right} />
+    </Paper>
+  )
+}
+
+const SIMPLE_NODE_TYPES = { simple: SimpleNode }
+
+function buildApiRoutesGraph(data: any): { nodes: Node[]; edges: Edge[] } {
+  const routes: any[] = data?.routes ?? []
+  const nodes: Node[] = routes.map((r, i) => ({
+    id: r.path, type: 'simple',
+    position: { x: i * 30, y: i * 30 },
+    data: { label: r.path, method: r.method, path: r.path, auth: r.auth, description: r.description },
+  }))
+  const loginNode = nodes.find((n) => n.id === '/login')
+  const edges: Edge[] = []
+  if (loginNode) {
+    for (const n of nodes) {
+      if (['/dev', '/dashboard', '/profile'].includes(n.id)) {
+        edges.push({ id: `login-${n.id}`, source: '/login', target: n.id, label: '', markerEnd: { type: MarkerType.ArrowClosed }, style: { stroke: 'var(--mantine-color-blue-5)', strokeDasharray: '4' } })
+      }
+    }
+  }
+  return { nodes, edges }
+}
+
+function buildFileStructureGraph(data: any): { nodes: Node[]; edges: Edge[] } {
+  const files: any[] = data?.files ?? []
+  const catColor: Record<string, string> = { route: 'blue', hook: 'cyan', component: 'teal', frontend: 'green', lib: 'orange', backend: 'red', prisma: 'violet', 'test-unit': 'yellow', 'test-integration': 'yellow', test: 'yellow', config: 'gray' }
+  const nodes: Node[] = files.map((f, i) => ({
+    id: f.path, type: 'simple',
+    position: { x: i * 30, y: i * 30 },
+    data: { label: f.path.split('/').pop(), path: f.path, description: `${f.lines} lines • ${f.exports.length} exports`, auth: f.category },
+    style: { '--badge-color': catColor[f.category] ?? 'gray' } as React.CSSProperties,
+  }))
+  const edges: Edge[] = []
+  for (const f of files) {
+    for (const imp of f.imports) {
+      if (files.find((x) => x.path === imp.from)) {
+        edges.push({ id: `${f.path}-${imp.from}`, source: f.path, target: imp.from, markerEnd: { type: MarkerType.ArrowClosed }, style: { stroke: 'var(--mantine-color-gray-5)', opacity: 0.5 } })
+      }
+    }
+  }
+  return { nodes, edges }
+}
+
+function buildEnvMapGraph(data: any): { nodes: Node[]; edges: Edge[] } {
+  const vars: any[] = data?.variables ?? []
+  const nodes: Node[] = [
+    ...vars.map((v, i) => ({
+      id: `env_${v.name}`, type: 'simple',
+      position: { x: 0, y: i * 70 },
+      data: { label: v.name, path: v.name, method: v.required ? 'REQ' : 'OPT', auth: v.isSet ? 'set' : 'unset', description: v.description },
+    })),
+    ...[...new Set(vars.flatMap((v) => v.usedBy))].map((f: string, i) => ({
+      id: `file_${f}`, type: 'simple',
+      position: { x: 400, y: i * 60 },
+      data: { label: f.split('/').pop(), path: f, description: f },
+    })),
+  ]
+  const edges: Edge[] = vars.flatMap((v) =>
+    v.usedBy.map((f: string) => ({ id: `${v.name}-${f}`, source: `env_${v.name}`, target: `file_${f}`, markerEnd: { type: MarkerType.ArrowClosed } }))
+  )
+  return { nodes, edges }
+}
+
+function buildTestCoverageGraph(data: any): { nodes: Node[]; edges: Edge[] } {
+  const src: any[] = data?.sourceFiles ?? []
+  const tests: any[] = data?.testFiles ?? []
+  const covColor: Record<string, string> = { covered: 'green', partial: 'yellow', uncovered: 'red' }
+  const nodes: Node[] = [
+    ...src.map((f, i) => ({
+      id: f.path, type: 'simple',
+      position: { x: 0, y: i * 60 },
+      data: { label: f.path.split('/').pop(), path: f.path, auth: f.coverage, description: `${f.lines} lines • ${f.coverage}` },
+    })),
+    ...tests.map((t, i) => ({
+      id: t.path, type: 'simple',
+      position: { x: 400, y: i * 60 },
+      data: { label: t.path.split('/').pop(), path: t.path, description: `${t.lines} lines • ${t.type}` },
+    })),
+  ]
+  const edges: Edge[] = tests.flatMap((t) =>
+    t.targets.map((target: string) => ({ id: `${t.path}-${target}`, source: target, target: t.path, markerEnd: { type: MarkerType.ArrowClosed } }))
+  )
+  return { nodes, edges }
+}
+
+function buildDependenciesGraph(data: any): { nodes: Node[]; edges: Edge[] } {
+  const pkgs: any[] = data?.packages ?? []
+  const catColor: Record<string, string> = { server: 'orange', ui: 'blue', database: 'green', storage: 'cyan', build: 'gray', other: 'gray' }
+  const nodes: Node[] = [
+    ...pkgs.map((p, i) => ({
+      id: `pkg_${p.name}`, type: 'simple',
+      position: { x: 0, y: i * 55 },
+      data: { label: p.name, method: p.type === 'runtime' ? 'RT' : 'DEV', auth: p.category, description: p.version },
+    })),
+    ...[...new Set(pkgs.flatMap((p) => p.usedBy))].map((f: string, i) => ({
+      id: `file_${f}`, type: 'simple',
+      position: { x: 350, y: i * 60 },
+      data: { label: f.split('/').pop(), path: f, description: f },
+    })),
+  ]
+  const edges: Edge[] = pkgs.flatMap((p) =>
+    p.usedBy.map((f: string) => ({ id: `${p.name}-${f}`, source: `pkg_${p.name}`, target: `file_${f}`, markerEnd: { type: MarkerType.ArrowClosed } }))
+  )
+  return { nodes, edges }
+}
+
+function buildMigrationsGraph(data: any): { nodes: Node[]; edges: Edge[] } {
+  const migrations: any[] = data?.migrations ?? []
+  const nodes: Node[] = migrations.map((m, i) => ({
+    id: m.folder, type: 'simple',
+    position: { x: i * 250, y: 100 },
+    data: { label: m.name, description: `${m.changes.length} changes • ${new Date(m.createdAt).toLocaleDateString('id-ID')}` },
+  }))
+  const edges: Edge[] = migrations.slice(1).map((m, i) => ({
+    id: `mig-${i}`, source: migrations[i].folder, target: m.folder, markerEnd: { type: MarkerType.ArrowClosed },
+  }))
+  return { nodes, edges }
+}
+
+function buildSessionsGraph(data: any): { nodes: Node[]; edges: Edge[] } {
+  const sessions: any[] = data?.sessions ?? []
+  const roleColor: Record<string, string> = { DEVELOPER: 'violet', ADMIN: 'blue', USER: 'gray' }
+  const uniqueUsers = [...new Map(sessions.map((s) => [s.userId, s])).values()]
+  const roles = [...new Set(sessions.map((s) => s.userRole))]
+  const nodes: Node[] = [
+    ...uniqueUsers.map((s, i) => ({
+      id: `user_${s.userId}`, type: 'simple',
+      position: { x: 0, y: i * 70 },
+      data: { label: s.userName, method: s.isOnline ? 'ON' : 'OFF', auth: s.userRole.toLowerCase(), description: s.userEmail },
+    })),
+    ...roles.map((r, i) => ({
+      id: `role_${r}`, type: 'simple',
+      position: { x: 350, y: i * 100 },
+      data: { label: r, description: `Access: ${r === 'DEVELOPER' ? '/dev, /dashboard' : r === 'ADMIN' ? '/dashboard' : '/profile'}` },
+    })),
+  ]
+  const edges: Edge[] = uniqueUsers.map((s) => ({
+    id: `${s.userId}-${s.userRole}`, source: `user_${s.userId}`, target: `role_${s.userRole}`, markerEnd: { type: MarkerType.ArrowClosed },
+  }))
+  return { nodes, edges }
+}
+
+// Static flow graphs
+function buildUserFlowGraph(): { nodes: Node[]; edges: Edge[] } {
+  const nodes: Node[] = [
+    { id: 'visit', type: 'simple', position: { x: 0, y: 0 }, data: { label: 'Visit App', description: 'User opens browser' } },
+    { id: 'login', type: 'simple', position: { x: 200, y: 0 }, data: { label: '/login', description: 'Authentication page' } },
+    { id: 'auth-check', type: 'simple', position: { x: 400, y: 0 }, data: { label: 'Auth Check', description: 'Validate session' } },
+    { id: 'dev', type: 'simple', position: { x: 600, y: -100 }, data: { label: '/dev', auth: 'developer', description: 'Dev Console (DEVELOPER)' } },
+    { id: 'dashboard', type: 'simple', position: { x: 600, y: 0 }, data: { label: '/dashboard', auth: 'admin', description: 'Admin Dashboard (ADMIN+)' } },
+    { id: 'profile', type: 'simple', position: { x: 600, y: 100 }, data: { label: '/profile', auth: 'authenticated', description: 'User Profile (all)' } },
+  ]
+  const edges: Edge[] = [
+    { id: 'v-l', source: 'visit', target: 'login', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'l-a', source: 'login', target: 'auth-check', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'a-d', source: 'auth-check', target: 'dev', label: 'DEVELOPER', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'a-da', source: 'auth-check', target: 'dashboard', label: 'ADMIN', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'a-p', source: 'auth-check', target: 'profile', label: 'USER', markerEnd: { type: MarkerType.ArrowClosed } },
+  ]
+  return { nodes, edges }
+}
+
+function buildDataFlowGraph(): { nodes: Node[]; edges: Edge[] } {
+  const nodes: Node[] = [
+    { id: 'client', type: 'simple', position: { x: 0, y: 0 }, data: { label: 'Client (React)', description: 'TanStack Router + Query' } },
+    { id: 'elysia', type: 'simple', position: { x: 200, y: 0 }, data: { label: 'Elysia.js', description: 'HTTP framework (Bun)' } },
+    { id: 'auth-mw', type: 'simple', position: { x: 400, y: -80 }, data: { label: 'Auth Middleware', description: 'Session cookie / API Key' } },
+    { id: 'handler', type: 'simple', position: { x: 400, y: 80 }, data: { label: 'Route Handler', description: 'Business logic' } },
+    { id: 'prisma', type: 'simple', position: { x: 600, y: 0 }, data: { label: 'Prisma ORM', description: 'PostgreSQL queries' } },
+    { id: 'minio', type: 'simple', position: { x: 600, y: 120 }, data: { label: 'MinIO', description: 'Object storage (images)' } },
+    { id: 'redis', type: 'simple', position: { x: 600, y: -120 }, data: { label: 'Redis', description: 'App log ring buffer' } },
+    { id: 'response', type: 'simple', position: { x: 800, y: 0 }, data: { label: 'JSON Response', description: 'Back to client' } },
+  ]
+  const edges: Edge[] = [
+    { id: 'c-e', source: 'client', target: 'elysia', label: 'HTTP / WS', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'e-a', source: 'elysia', target: 'auth-mw', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'e-h', source: 'elysia', target: 'handler', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'h-p', source: 'handler', target: 'prisma', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'h-m', source: 'handler', target: 'minio', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'h-r', source: 'handler', target: 'redis', markerEnd: { type: MarkerType.ArrowClosed } },
+    { id: 'p-res', source: 'prisma', target: 'response', markerEnd: { type: MarkerType.ArrowClosed } },
+  ]
+  return { nodes, edges }
+}
+
+// Live Requests sub-view
+function LiveRequestsPanel() {
+  const [requests, setRequests] = useState<any[]>([])
+  const [paused, setPaused] = useState(false)
+  const wsRef = useRef<WebSocket | null>(null)
+
+  useEffect(() => {
+    const proto = location.protocol === 'https:' ? 'wss' : 'ws'
+    const ws = new WebSocket(`${proto}://${location.host}/ws/presence`)
+    wsRef.current = ws
+    ws.onmessage = (e) => {
+      const msg = JSON.parse(e.data)
+      if (msg.type === 'request' && !paused) {
+        setRequests((prev) => [msg, ...prev].slice(0, 100))
+      }
+    }
+    return () => { ws.close() }
+  }, [paused])
+
+  const statusColor = (s: number) => s >= 500 ? 'red' : s >= 400 ? 'orange' : s >= 300 ? 'yellow' : 'green'
+
+  return (
+    <Stack>
+      <Group justify="space-between">
+        <Text fw={600}>Live Requests</Text>
+        <Group gap="xs">
+          <Button size="xs" variant={paused ? 'filled' : 'light'} color={paused ? 'green' : 'orange'} onClick={() => setPaused((p) => !p)}>
+            {paused ? 'Resume' : 'Pause'}
+          </Button>
+          <Button size="xs" variant="subtle" color="red" onClick={() => setRequests([])}>Clear</Button>
+        </Group>
+      </Group>
+      <Table.ScrollContainer minWidth={500}>
+        <Table fz="xs" striped>
+          <Table.Thead>
+            <Table.Tr>
+              <Table.Th>Time</Table.Th>
+              <Table.Th>Method</Table.Th>
+              <Table.Th>Path</Table.Th>
+              <Table.Th>Status</Table.Th>
+              <Table.Th>Duration</Table.Th>
+            </Table.Tr>
+          </Table.Thead>
+          <Table.Tbody>
+            {requests.map((r, i) => (
+              <Table.Tr key={i}>
+                <Table.Td style={{ whiteSpace: 'nowrap' }}>{new Date(r.timestamp).toLocaleTimeString('id-ID')}</Table.Td>
+                <Table.Td><Badge size="xs" color={({ GET: 'green', POST: 'blue', PUT: 'orange', PATCH: 'yellow', DELETE: 'red' } as Record<string, string>)[r.method] ?? 'gray'} variant="filled">{r.method}</Badge></Table.Td>
+                <Table.Td style={{ fontFamily: 'monospace' }}>{r.path}</Table.Td>
+                <Table.Td><Badge size="xs" color={statusColor(r.status)} variant="light">{r.status}</Badge></Table.Td>
+                <Table.Td c="dimmed">{r.duration}ms</Table.Td>
+              </Table.Tr>
+            ))}
+            {requests.length === 0 && (
+              <Table.Tr><Table.Td colSpan={5}><Center py="md"><Text c="dimmed" size="xs">Menunggu request masuk...</Text></Center></Table.Td></Table.Tr>
+            )}
+          </Table.Tbody>
+        </Table>
+      </Table.ScrollContainer>
+    </Stack>
+  )
+}
+
+function ProjectPanel() {
+  const [view, setView] = useState('api-routes')
+
+  const viewData = useMemo(() => {
+    switch (view) {
+      case 'api-routes': return {
+        queryKey: ['admin', 'routes'],
+        queryFn: () => fetch('/api/admin/routes', { credentials: 'include' }).then((r) => r.json()),
+        buildGraph: buildApiRoutesGraph,
+      }
+      case 'file-structure': return {
+        queryKey: ['admin', 'project-structure'],
+        queryFn: () => fetch('/api/admin/project-structure', { credentials: 'include' }).then((r) => r.json()),
+        buildGraph: buildFileStructureGraph,
+      }
+      case 'env-map': return {
+        queryKey: ['admin', 'env-map'],
+        queryFn: () => fetch('/api/admin/env-map', { credentials: 'include' }).then((r) => r.json()),
+        buildGraph: buildEnvMapGraph,
+      }
+      case 'test-coverage': return {
+        queryKey: ['admin', 'test-coverage'],
+        queryFn: () => fetch('/api/admin/test-coverage', { credentials: 'include' }).then((r) => r.json()),
+        buildGraph: buildTestCoverageGraph,
+      }
+      case 'dependencies': return {
+        queryKey: ['admin', 'dependencies'],
+        queryFn: () => fetch('/api/admin/dependencies', { credentials: 'include' }).then((r) => r.json()),
+        buildGraph: buildDependenciesGraph,
+      }
+      case 'migrations': return {
+        queryKey: ['admin', 'migrations'],
+        queryFn: () => fetch('/api/admin/migrations', { credentials: 'include' }).then((r) => r.json()),
+        buildGraph: buildMigrationsGraph,
+      }
+      case 'sessions': return {
+        queryKey: ['admin', 'sessions'],
+        queryFn: () => fetch('/api/admin/sessions', { credentials: 'include' }).then((r) => r.json()),
+        buildGraph: buildSessionsGraph,
+      }
+      default: return null
+    }
+  }, [view])
+
+  const isStaticView = view === 'user-flow' || view === 'data-flow'
+  const isLiveView = view === 'live-requests'
+
+  const staticGraph = useMemo(() => {
+    if (view === 'user-flow') return buildUserFlowGraph()
+    if (view === 'data-flow') return buildDataFlowGraph()
+    return null
+  }, [view])
+
+  return (
+    <Stack h="calc(100vh - 100px)">
+      <Group justify="space-between">
+        <Title order={3}>Project</Title>
+        <Select
+          value={view}
+          onChange={(v) => v && setView(v)}
+          data={PROJECT_VIEWS.map((g) => ({ group: g.group, items: g.items }))}
+          size="xs"
+          w={200}
+        />
+      </Group>
+      <Box flex={1} pos="relative">
+        {isLiveView && <LiveRequestsPanel />}
+        {isStaticView && staticGraph && (
+          <ReactFlowProvider>
+            <StaticFlowPanel graph={staticGraph} flowKey={view} />
+          </ReactFlowProvider>
+        )}
+        {!isLiveView && !isStaticView && viewData && (
+          <ReactFlowProvider>
+            <GenericFlowPanelWrapper key={view} {...viewData} />
+          </ReactFlowProvider>
+        )}
+      </Box>
+    </Stack>
+  )
+}
+
+function GenericFlowPanelWrapper(props: { queryKey: string[]; queryFn: () => Promise<any>; buildGraph: (d: any) => { nodes: Node[]; edges: Edge[] } }) {
+  return (
+    <Box style={{ position: 'absolute', inset: 0 }}>
+      <GenericFlowInner {...props} />
+    </Box>
+  )
+}
+
+function GenericFlowInner({ queryKey, queryFn, buildGraph }: { queryKey: string[]; queryFn: () => Promise<any>; buildGraph: (d: any) => { nodes: Node[]; edges: Edge[] } }) {
+  const { fitView, setViewport } = useReactFlow()
+  const [nodes, setNodes, onNodesChange] = useNodesState<Node>([])
+  const [edges, setEdges, onEdgesChange] = useEdgesState<Edge>([])
+  const flowKey = queryKey.join('-')
+  const { savePositions, saveViewport, loadPositions, loadViewport } = useFlowAutoSave(flowKey)
+  const saveTimer = useRef<ReturnType<typeof setTimeout> | undefined>(undefined)
+
+  const { data, isLoading, refetch } = useQuery({ queryKey, queryFn, refetchInterval: queryKey.includes('sessions') ? 10_000 : undefined })
+
+  useEffect(() => {
+    if (!data) return
+    const { nodes: newNodes, edges: newEdges } = buildGraph(data)
+    const savedPos = loadPositions()
+    const hasSaved = Object.keys(savedPos).length > 0
+    if (hasSaved) {
+      setNodes(newNodes.map((n) => ({ ...n, position: savedPos[n.id] ?? n.position })))
+      setEdges(newEdges)
+      const vp = loadViewport()
+      if (vp) setTimeout(() => setViewport(vp), 50)
+      else setTimeout(() => fitView({ padding: 0.15 }), 50)
+    } else {
+      applyElkLayout(newNodes, newEdges, 'RIGHT').then(({ nodes: ln, edges: le }) => {
+        setNodes(ln); setEdges(le)
+        setTimeout(() => fitView({ padding: 0.15 }), 100)
+      })
+    }
+  }, [data])
+
+  const onNodeDragStop = useCallback((_: any, __: any, all: Node[]) => {
+    clearTimeout(saveTimer.current)
+    saveTimer.current = setTimeout(() => savePositions(all), 500)
+  }, [savePositions])
+  const onMoveEnd = useCallback((_: any, vp: any) => {
+    clearTimeout(saveTimer.current)
+    saveTimer.current = setTimeout(() => saveViewport(vp), 500)
+  }, [saveViewport])
+
+  if (isLoading) return <Center style={{ position: 'absolute', inset: 0 }}><Loader /></Center>
+  return (
+    <>
+      <Box pos="absolute" top={8} right={8} style={{ zIndex: 10 }}>
+        <ActionIcon variant="subtle" style={{ background: 'white', boxShadow: '0 1px 3px rgba(0,0,0,.15)' }} onClick={() => { refetch() }}><TbRefresh size={14} /></ActionIcon>
+      </Box>
+      <ReactFlow nodes={nodes} edges={edges} onNodesChange={onNodesChange} onEdgesChange={onEdgesChange}
+        onNodeDragStop={onNodeDragStop} onMoveEnd={onMoveEnd} nodeTypes={SIMPLE_NODE_TYPES}
+        fitView minZoom={0.05} maxZoom={5}>
+        <Background /><Controls />
+      </ReactFlow>
+    </>
+  )
+}
+
+function StaticFlowPanel({ graph, flowKey }: { graph: { nodes: Node[]; edges: Edge[] }; flowKey: string }) {
+  const { fitView, setViewport } = useReactFlow()
+  const [nodes, setNodes, onNodesChange] = useNodesState<Node>([])
+  const [edges, setEdges, onEdgesChange] = useEdgesState<Edge>([])
+  const { savePositions, saveViewport, loadPositions, loadViewport } = useFlowAutoSave(flowKey)
+  const saveTimer = useRef<ReturnType<typeof setTimeout> | undefined>(undefined)
+
+  useEffect(() => {
+    const savedPos = loadPositions()
+    const hasSaved = Object.keys(savedPos).length > 0
+    if (hasSaved) {
+      setNodes(graph.nodes.map((n) => ({ ...n, position: savedPos[n.id] ?? n.position })))
+      setEdges(graph.edges)
+      const vp = loadViewport()
+      if (vp) setTimeout(() => setViewport(vp), 50)
+      else setTimeout(() => fitView({ padding: 0.15 }), 50)
+    } else {
+      applyElkLayout(graph.nodes, graph.edges, 'RIGHT').then(({ nodes: ln, edges: le }) => {
+        setNodes(ln); setEdges(le)
+        setTimeout(() => fitView({ padding: 0.15 }), 100)
+      })
+    }
+  }, [])
+
+  const onNodeDragStop = useCallback((_: any, __: any, all: Node[]) => {
+    clearTimeout(saveTimer.current)
+    saveTimer.current = setTimeout(() => savePositions(all), 500)
+  }, [savePositions])
+  const onMoveEnd = useCallback((_: any, vp: any) => {
+    clearTimeout(saveTimer.current)
+    saveTimer.current = setTimeout(() => saveViewport(vp), 500)
+  }, [saveViewport])
+
+  return (
+    <Box style={{ position: 'absolute', inset: 0 }}>
+      <ReactFlow nodes={nodes} edges={edges} onNodesChange={onNodesChange} onEdgesChange={onEdgesChange}
+        onNodeDragStop={onNodeDragStop} onMoveEnd={onMoveEnd} nodeTypes={SIMPLE_NODE_TYPES}
+        fitView minZoom={0.05} maxZoom={5}>
+        <Background /><Controls />
+      </ReactFlow>
+    </Box>
+  )
+}
+
+// ─── Settings Panel ────────────────────────────────────────────────────────────
+
+function SettingsPanel() {
+  return (
+    <Stack>
+      <Title order={3}>Settings</Title>
+      <Paper withBorder p="xl">
+        <Center>
+          <Text c="dimmed">Konfigurasi sistem akan ditampilkan di sini.</Text>
+        </Center>
+      </Paper>
+    </Stack>
+  )
+}
+
+// ─── Unused imports fix ────────────────────────────────────────────────────────
+// Box, Container, Card, Modal, Paper, Select, SimpleGrid, Stack, Table, Text, ThemeIcon, Title, Tooltip — all used above
+// TbDots is used in OperatorsPanel menu
+void TbFileText
+void TbCode
+void TbUser
+void TbUserSearch
diff --git a/src/frontend/routes/login.tsx b/src/frontend/routes/login.tsx
index f534cfc..7432d4f 100644
--- a/src/frontend/routes/login.tsx
+++ b/src/frontend/routes/login.tsx
@@ -27,7 +27,8 @@ export const Route = createFileRoute('/login')({
         queryFn: () => fetch('/api/auth/session', { credentials: 'include' }).then((r) => r.json()),
       })
       if (data?.user) {
-        throw redirect({ to: data.user.role === 'USER' ? '/profile' : '/dashboard' })
+        const dest = data.user.role === 'DEVELOPER' ? '/dev' : data.user.role === 'USER' ? '/profile' : '/dashboard'
+        throw redirect({ to: dest })
       }
     } catch (e) {
       if (e instanceof Error) return
diff --git a/src/lib/applog.ts b/src/lib/applog.ts
new file mode 100644
index 0000000..e0c3573
--- /dev/null
+++ b/src/lib/applog.ts
@@ -0,0 +1,45 @@
+import { redis } from './redis'
+
+export type LogLevel = 'info' | 'warn' | 'error'
+
+export interface AppLogEntry {
+  id: number
+  level: LogLevel
+  message: string
+  detail?: string
+  timestamp: string
+}
+
+const REDIS_KEY = 'app:logs'
+const MAX_ENTRIES = 500
+const ID_KEY = 'app:logs:next_id'
+
+export async function appLog(level: LogLevel, message: string, detail?: string) {
+  if (!redis) return
+  const id = await redis.incr(ID_KEY)
+  const entry: AppLogEntry = { id, level, message, detail, timestamp: new Date().toISOString() }
+  await redis.lpush(REDIS_KEY, JSON.stringify(entry))
+  await redis.ltrim(REDIS_KEY, 0, MAX_ENTRIES - 1)
+}
+
+export async function getAppLogs(options?: {
+  level?: LogLevel
+  limit?: number
+  afterId?: number
+}): Promise<AppLogEntry[]> {
+  if (!redis) return []
+  const limit = options?.limit ?? 100
+  const fetchCount = options?.level || options?.afterId ? MAX_ENTRIES : limit
+  const raw = await redis.lrange(REDIS_KEY, 0, fetchCount - 1)
+  let logs: AppLogEntry[] = raw.map((s: string) => JSON.parse(s))
+  if (options?.afterId) logs = logs.filter((l) => l.id > options.afterId!)
+  if (options?.level) logs = logs.filter((l) => l.level === options.level)
+  logs.reverse()
+  return logs.slice(-limit)
+}
+
+export async function clearAppLogs() {
+  if (!redis) return
+  await redis.del(REDIS_KEY)
+  await redis.del(ID_KEY)
+}
diff --git a/src/lib/env.ts b/src/lib/env.ts
index 38cbabd..ec97ba9 100644
--- a/src/lib/env.ts
+++ b/src/lib/env.ts
@@ -25,4 +25,5 @@ export const env = {
   MINIO_SECRET_KEY: required('MINIO_SECRET_KEY'),
   MINIO_BUCKET: required('MINIO_BUCKET'),
   MINIO_UPLOAD_DIR: optional('MINIO_UPLOAD_DIR', 'bug-reports'),
+  REDIS_URL: optional('REDIS_URL', ''),
 } as const
diff --git a/src/lib/presence.ts b/src/lib/presence.ts
new file mode 100644
index 0000000..c6cf064
--- /dev/null
+++ b/src/lib/presence.ts
@@ -0,0 +1,44 @@
+import type { ServerWebSocket } from 'bun'
+
+const connections = new Map<string, Set<ServerWebSocket<{ userId: string }>>>()
+const adminSubs = new Set<ServerWebSocket<{ userId: string }>>()
+
+export function getOnlineUserIds(): string[] {
+  return Array.from(connections.keys())
+}
+
+function broadcast() {
+  const online = getOnlineUserIds()
+  const msg = JSON.stringify({ type: 'presence', online })
+  for (const ws of adminSubs) ws.send(msg)
+}
+
+export function addConnection(ws: ServerWebSocket<{ userId: string }>, userId: string, isAdmin: boolean) {
+  let set = connections.get(userId)
+  if (!set) {
+    set = new Set()
+    connections.set(userId, set)
+  }
+  set.add(ws)
+  if (isAdmin) {
+    adminSubs.add(ws)
+    ws.send(JSON.stringify({ type: 'presence', online: getOnlineUserIds() }))
+  }
+  broadcast()
+}
+
+export function broadcastToAdmins(message: object) {
+  const msg = JSON.stringify(message)
+  for (const ws of adminSubs) ws.send(msg)
+}
+
+export function removeConnection(ws: ServerWebSocket<{ userId: string }>) {
+  const userId = ws.data.userId
+  const set = connections.get(userId)
+  if (set) {
+    set.delete(ws)
+    if (set.size === 0) connections.delete(userId)
+  }
+  adminSubs.delete(ws)
+  broadcast()
+}
diff --git a/src/lib/redis.ts b/src/lib/redis.ts
new file mode 100644
index 0000000..6da9553
--- /dev/null
+++ b/src/lib/redis.ts
@@ -0,0 +1,3 @@
+import { env } from './env'
+
+export const redis = env.REDIS_URL ? new Bun.RedisClient(env.REDIS_URL) : null
diff --git a/src/lib/schema-parser.ts b/src/lib/schema-parser.ts
new file mode 100644
index 0000000..77d44fe
--- /dev/null
+++ b/src/lib/schema-parser.ts
@@ -0,0 +1,104 @@
+export interface SchemaField {
+  name: string
+  type: string
+  isId: boolean
+  isUnique: boolean
+  isOptional: boolean
+  isList: boolean
+  isRelation: boolean
+  default?: string
+}
+
+export interface SchemaRelation {
+  from: string
+  fromField: string
+  to: string
+  toField: string
+  onDelete?: string
+}
+
+export interface SchemaModel {
+  name: string
+  tableName: string
+  fields: SchemaField[]
+}
+
+export interface SchemaEnum {
+  name: string
+  values: string[]
+}
+
+export interface ParsedSchema {
+  models: SchemaModel[]
+  enums: SchemaEnum[]
+  relations: SchemaRelation[]
+}
+
+export function parseSchema(raw: string): ParsedSchema {
+  const models: SchemaModel[] = []
+  const enums: SchemaEnum[] = []
+  const relations: SchemaRelation[] = []
+
+  const blocks = raw.match(/(model|enum)\s+(\w+)\s*\{([^}]*)}/gs) ?? []
+
+  for (const block of blocks) {
+    const match = block.match(/(model|enum)\s+(\w+)\s*\{([^}]*)}/s)
+    if (!match) continue
+    const [, type, name, body] = match
+    const lines = body
+      .split('\n')
+      .map((l) => l.trim())
+      .filter((l) => l && !l.startsWith('//'))
+
+    if (type === 'enum') {
+      enums.push({ name, values: lines })
+      continue
+    }
+
+    let tableName = name
+    const fields: SchemaField[] = []
+
+    for (const line of lines) {
+      const mapMatch = line.match(/@@map\("(\w+)"\)/)
+      if (mapMatch) { tableName = mapMatch[1]; continue }
+      if (line.startsWith('@@')) continue
+
+      const fieldMatch = line.match(/^(\w+)\s+(\w+)(\?)?(\[\])?\s*(.*)$/)
+      if (!fieldMatch) continue
+      const [, fName, fType, optional, list, attrs] = fieldMatch
+
+      const isId = attrs.includes('@id')
+      const isUnique = attrs.includes('@unique')
+      const isRelation = attrs.includes('@relation')
+      const defaultMatch = attrs.match(/@default\(([^)]+)\)/)
+
+      const isModelRef =
+        /^[A-Z]/.test(fType) &&
+        !enums.some((e) => e.name === fType) &&
+        !['String', 'Int', 'Float', 'Boolean', 'DateTime', 'BigInt', 'Decimal', 'Bytes', 'Json'].includes(fType)
+
+      if (isRelation) {
+        const relMatch = attrs.match(
+          /@relation\(fields:\s*\[(\w+)],\s*references:\s*\[(\w+)](?:,\s*onDelete:\s*(\w+))?\)/,
+        )
+        if (relMatch) {
+          relations.push({ from: name, fromField: relMatch[1], to: fType, toField: relMatch[2], onDelete: relMatch[3] })
+        }
+      }
+
+      fields.push({
+        name: fName,
+        type: fType + (list ? '[]' : ''),
+        isId, isUnique,
+        isOptional: !!optional,
+        isList: !!list,
+        isRelation: isModelRef,
+        default: defaultMatch?.[1],
+      })
+    }
+
+    models.push({ name, tableName, fields })
+  }
+
+  return { models, enums, relations }
+}
-- 
2.49.1