fase(25-26): keyboard shortcuts, mobile responsive, enterprise SSO/audit

- Phase 25.4: N shortcut for new exploration on dashboard (react-hotkeys-hook)
- Phase 25.5: overflow-x-auto on tables, responsive padding (p-4 md:p-6)
- Phase 26: SAML/OIDC/LDAP providers (build-fixed), TOTP/MFA service
- Phase 26: KyselySSOConfigRepository + KyselyTOTPRepository
- Phase 26: SSO HTTP controller (config CRUD + MFA setup/verify/disable)
- Phase 26: Audit module index.ts + SSO module index.ts
- Phase 26: Session management endpoints (findByUserId, deleteById, list/revoke)
- Phase 26: SSO and audit routes feature-gated (auth:sso, audit:logs)
- Phase 26: Frontend SSOSection (SAML/OIDC/LDAP config + TOTP setup)
- Phase 26: Frontend SessionsSection (list/revoke active sessions)
- Phase 26: Settings navigation updated with SSO & Sessions sections

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

dist/modules/sso/infrastructure/repositories/KyselySSOConfigRepository.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KyselySSOConfigRepository = void 0;
+const SSOConfig_1 = require("../../domain/entities/SSOConfig");
+const UniqueId_1 = require("../../../../shared/domain/UniqueId");
+class KyselySSOConfigRepository {
+    constructor(db) {
+        this.db = db;
+    }
+    async save(config) {
+        await this.db
+            .insertInto('sso_configs')
+            .values({
+            id: config.id.toString(),
+            organization_id: config.organizationId,
+            provider: config.provider,
+            enabled: config.enabled ? 1 : 0,
+            config_json: JSON.stringify(config.config),
+            created_at: config.createdAt.getTime(),
+        })
+            .onConflict((oc) => oc.column('id').doUpdateSet({
+            enabled: config.enabled ? 1 : 0,
+            config_json: JSON.stringify(config.config),
+        }))
+            .execute();
+    }
+    async findByOrganizationId(organizationId) {
+        const row = await this.db
+            .selectFrom('sso_configs')
+            .selectAll()
+            .where('organization_id', '=', organizationId)
+            .executeTakeFirst();
+        return row ? this.toDomain(row) : null;
+    }
+    async findById(id) {
+        const row = await this.db
+            .selectFrom('sso_configs')
+            .selectAll()
+            .where('id', '=', id)
+            .executeTakeFirst();
+        return row ? this.toDomain(row) : null;
+    }
+    toDomain(row) {
+        return SSOConfig_1.SSOConfig.reconstitute({
+            organizationId: row.organization_id,
+            provider: row.provider,
+            enabled: row.enabled === 1,
+            config: JSON.parse(row.config_json),
+            createdAt: new Date(row.created_at),
+        }, UniqueId_1.UniqueId.from(row.id));
+    }
+}
+exports.KyselySSOConfigRepository = KyselySSOConfigRepository;

dist/modules/sso/infrastructure/repositories/KyselyTOTPRepository.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KyselyTOTPRepository = void 0;
+const TOTPSecret_1 = require("../../domain/entities/TOTPSecret");
+const UniqueId_1 = require("../../../../shared/domain/UniqueId");
+class KyselyTOTPRepository {
+    constructor(db) {
+        this.db = db;
+    }
+    async save(secret) {
+        await this.db
+            .insertInto('totp_secrets')
+            .values({
+            id: secret.id.toString(),
+            user_id: secret.userId,
+            secret: secret.secret,
+            verified: secret.verified ? 1 : 0,
+            created_at: secret.createdAt.getTime(),
+        })
+            .onConflict((oc) => oc.column('user_id').doUpdateSet({
+            secret: secret.secret,
+            verified: secret.verified ? 1 : 0,
+        }))
+            .execute();
+    }
+    async findByUserId(userId) {
+        const row = await this.db
+            .selectFrom('totp_secrets')
+            .selectAll()
+            .where('user_id', '=', userId)
+            .executeTakeFirst();
+        if (!row)
+            return null;
+        return TOTPSecret_1.TOTPSecret.reconstitute({
+            userId: row.user_id,
+            secret: row.secret,
+            verified: row.verified === 1,
+            createdAt: new Date(row.created_at),
+        }, UniqueId_1.UniqueId.from(row.id));
+    }
+    async delete(userId) {
+        await this.db.deleteFrom('totp_secrets').where('user_id', '=', userId).execute();
+    }
+}
+exports.KyselyTOTPRepository = KyselyTOTPRepository;