fase(25-26): keyboard shortcuts, mobile responsive, enterprise SSO/audit

- Phase 25.4: N shortcut for new exploration on dashboard (react-hotkeys-hook)
- Phase 25.5: overflow-x-auto on tables, responsive padding (p-4 md:p-6)
- Phase 26: SAML/OIDC/LDAP providers (build-fixed), TOTP/MFA service
- Phase 26: KyselySSOConfigRepository + KyselyTOTPRepository
- Phase 26: SSO HTTP controller (config CRUD + MFA setup/verify/disable)
- Phase 26: Audit module index.ts + SSO module index.ts
- Phase 26: Session management endpoints (findByUserId, deleteById, list/revoke)
- Phase 26: SSO and audit routes feature-gated (auth:sso, audit:logs)
- Phase 26: Frontend SSOSection (SAML/OIDC/LDAP config + TOTP setup)
- Phase 26: Frontend SessionsSection (list/revoke active sessions)
- Phase 26: Settings navigation updated with SSO & Sessions sections

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

dist/modules/audit/infrastructure/http/AuditController.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuditRouter = createAuditRouter;
+const express_1 = require("express");
+function createAuditRouter(repo) {
+    const router = (0, express_1.Router)();
+    // GET /api/audit — list audit logs (enterprise only)
+    router.get('/', async (req, res, next) => {
+        try {
+            const filters = {
+                userId: req.query['userId'],
+                organizationId: req.query['organizationId'],
+                action: req.query['action'],
+                resource: req.query['resource'],
+                limit: req.query['limit'] ? Number(req.query['limit']) : 100,
+            };
+            if (req.query['from'])
+                filters.from = new Date(req.query['from']);
+            if (req.query['to'])
+                filters.to = new Date(req.query['to']);
+            const logs = await repo.findAll(filters);
+            res.json(logs.map((l) => ({
+                id: l.id.toString(),
+                userId: l.userId,
+                organizationId: l.organizationId,
+                action: l.action,
+                resource: l.resource,
+                resourceId: l.resourceId,
+                ipAddress: l.ipAddress,
+                details: l.details,
+                occurredAt: l.occurredAt.toISOString(),
+            })));
+        }
+        catch (err) {
+            next(err);
+        }
+    });
+    return router;
+}

dist/modules/audit/infrastructure/repositories/KyselyAuditRepository.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KyselyAuditRepository = void 0;
+const UniqueId_1 = require("../../../../shared/domain/UniqueId");
+const AuditLog_1 = require("../../domain/entities/AuditLog");
+class KyselyAuditRepository {
+    constructor(db) {
+        this.db = db;
+    }
+    async save(log) {
+        await this.db.insertInto('audit_logs').values({
+            id: log.id.toString(),
+            user_id: log.userId,
+            organization_id: log.organizationId,
+            action: log.action,
+            resource: log.resource,
+            resource_id: log.resourceId,
+            ip_address: log.ipAddress,
+            user_agent: log.userAgent,
+            details_json: JSON.stringify(log.details),
+            occurred_at: log.occurredAt.getTime(),
+        }).execute();
+    }
+    async findAll(filters = {}) {
+        let query = this.db.selectFrom('audit_logs').selectAll();
+        if (filters.userId)
+            query = query.where('user_id', '=', filters.userId);
+        if (filters.organizationId)
+            query = query.where('organization_id', '=', filters.organizationId);
+        if (filters.action)
+            query = query.where('action', '=', filters.action);
+        if (filters.resource)
+            query = query.where('resource', '=', filters.resource);
+        if (filters.from)
+            query = query.where('occurred_at', '>=', filters.from.getTime());
+        if (filters.to)
+            query = query.where('occurred_at', '<=', filters.to.getTime());
+        const rows = await query
+            .orderBy('occurred_at', 'desc')
+            .limit(filters.limit ?? 100)
+            .execute();
+        return rows.map((row) => AuditLog_1.AuditLog.reconstitute({
+            userId: row.user_id,
+            organizationId: row.organization_id,
+            action: row.action,
+            resource: row.resource,
+            resourceId: row.resource_id,
+            ipAddress: row.ip_address,
+            userAgent: row.user_agent,
+            details: JSON.parse(row.details_json),
+            occurredAt: new Date(row.occurred_at),
+        }, UniqueId_1.UniqueId.from(row.id)));
+    }
+}
+exports.KyselyAuditRepository = KyselyAuditRepository;