Product updates

🚀 [ADDED]

- Loader auth now sends app_name + owner_id and supports env overrides.

- Default auth base URL fallback added.

- Admin app lists now read from Postgres (primary + scoped).

- Create‑app flow mirrors new apps into Postgres in primary mode.

- Reseller panel rebuilt: new layout, key table, logs, and create‑license modal.

- Per‑key actions added (pause, unpause, delete, ban, extend, copy).

- Balance controls expanded (add/remove/set).

- Reseller duration toggles added (day/week/month/lifetime).

- Backend Postgres primary mode added with async read/write paths.

- Metrics, admin presence, auth/profile, and user management now Postgres‑backed.

- Shadow sync system added (service + timer + logs).

- Postgres/Valkey stack provisioned on backend VPS.

- Increased request body limit to 200MB.

- Default compose runtime switched to Postgres primary.

🛠️ [FIXED]

- Loader no longer hard‑fails without AUTH_SERVER_BASE_URL.

- App list mismatch resolved between SQLite/Postgres during migration.

- Manager/reseller assignment updates fixed and stale scoped accounts cleaned.

- Reseller panel nav restored and access locked to reseller‑only pages.

- Modal overflow issues fixed across reseller UI.

- Key generation normalized and capped at 50 per request.

- Scoped app filtering fixed for reseller/manager accounts.

- CSP block for ChangeCrab fixed and widget load race resolved.

- Backend Postgres runtime crashes fixed (sync client removed, env wiring corrected).

- Admin user write paths no longer depend on SQLite.

- Login/register Postgres lookup issues fixed.

- SQLite mutex/await issues resolved in admin list endpoints.

- Docker networking issues on backend VPS recovered.

- Migration quoting/command issues fixed.

- Postgres credential injection fixed in containers.

- Upload size errors resolved after raising max_request_bytes.

❌ [REMOVED]

- Old reseller card‑list inventory.

- Bulk‑only key controls in reseller panel.

🚀 ADDED

• Reseller key management actions inside Manage Reseller modal: Pause, Unpause, Delete per key row.
• Balance controls now support Add, Remove, and Set modes with validation limits.
• Reseller key list search + paged table in modal with default page size of 4.
• Manage Reseller modal now uses two pages: Controls and Generated Licenses.
• Reseller Panel redesigned to match licenses page flow and table‑first layout.
• Added reseller create‑licenses modal with scoped app selection, plan, days, devices, activations, and key count.
• Added top‑level reseller logs section while keeping balance summary visible.

🛠️ FIXED

• Backend now allows app‑assignment updates for both manager and reseller accounts.
• Unassigned scoped team accounts (manager/reseller) are now cleaned up consistently when app access is removed.
• Rebuilt and restarted auth service on VPS with updated assignment logic.
• Reseller Panel nav item restored.
• Reseller role restricted to Reseller Panel only (no Manage Apps or other dashboard pages).
• Login fallback now routes reseller users to Reseller Panel instead of Manage Apps.
• Team Members reseller row now removes Edit Access while keeping Manage app access, Manage Reseller, Edit account, and Delete.
• Fixed reseller modal overflow/hanging layout by widening and restructuring the generated‑keys area.
• Removed bulk‑only key controls and replaced with per‑key controls.
• Fixed app scope lookup for team‑scoped users so assigned apps return correctly from user_app_assignments.
• Updated deployed dashboard bundle and restarted backend so scope + modal changes are live.
• Fixed modal overflow by separating controls from key logs and constraining key‑table width.
• Search/pager/key actions isolated on the Generated Licenses page to prevent layout spill.
• Replaced old card‑list key inventory with searchable/filterable/paged reseller key table.
• Unified reseller key actions to table row controls (copy) with consistent status/usage rendering.
• Improved reseller panel visual hierarchy to align with app owner/manager license experience.

🚀 Added

• Manager role alias support in frontend role system and display mapping
• Manager‑specific page access rules (Apps, Licenses, Files/Modules, Webhooks, Variables, Team Members, Reseller Panel)
• Manager label rendering in top header
• Scoped owner resolver for reseller/admin operations
• Manager support in reseller claims guard
• Manager owner‑resolution support in reseller profile resolver
• Global KeyCloud favicon enforcement for public pages
• Animated KeyCloud tab‑title behavior on public pages and dashboard
• Manager‑specific plan badge (“ASSIGNED MANAGER”)
• Manager‑specific sidebar labeling (“Manager Controls”)
• Backend guard requiring manager accounts to have at least one active app assignment
• Backend auto‑cleanup for unassigned manager accounts
• Backend app‑delete cascade cleanup for app‑linked data
• Manager added to account‑layer role schema/seed and legacy‑role normalization
• Manager role permissions in account‑layer defaults
• Manager subscription override to Developer‑tier usage
• New purple KeyCloud favicon asset wired to public + dashboard HTML
• Backend role re‑resolution in admin_claims
• Team Members access editor modal with permission toggles
• Per‑account side‑nav visibility toggles saved in metadata
• updateAdminUser(...) helper
• Metadata field added to AdminUser type
• Backend permission resolver support for manager/reseller metadata permissions
• Team Members account actions: edit username/password and delete
• Backend support for username/password updates
• Centered overlay portal behavior for Manage App Access modal
• Strict default‑deny navigation gating for manager/reseller accounts
• Changecrab widget integration on public homepage and dashboard
• “What’s New” trigger in public nav and dashboard top bar
• Widget script loading before </body> on public and dashboard pages

🛠️ Fixed

• Team Members role dropdown to show only Manager/Reseller in scoped context
• Team Members default role assignment to manager in scoped context
• Sidebar now hides inaccessible items instead of showing locked entries
• Scoped reseller/admin backend paths to use owner scope
• Reseller profile, balance, subscriptions, logs, and key generation to resolve manager actions against owner scope
• Reseller key generation accounting/logging to include manager actor metadata
• Role‑alias permission handling for developer‑plan access on protected admin endpoints
• Team Members UX with success notice after creation
• Team Members data loading for Developer/Manager contexts
• Dashboard access gate to normalize role aliases/casing
• Scoped backend role comparisons to be case‑insensitive
• Frontend legacy‑role normalization for developer/normal_user aliases
• Backend login gate rejecting manager accounts
• Inconsistent tab branding between public pages and dashboard
• Dashboard HTML entry favicon links
• Manager navigation permissions to allow only scoped pages
• Manager header label previously showing FREE USER
• Orphan manager login by blocking/pruning unassigned managers
• App deletion to remove app‑linked keys and runtime records
• Manager role downcast bug (manager → free_user)
• Manager scope leakage causing unscoped visibility
• Manager usage panel mismatch by returning Developer limits
• Browser tab icon mismatch by replacing old icon paths
• Stale default tab icon fallback
• Manager privilege leak on team accounts and app‑assignment mappings
• Manager permission map to remove manage_users
• Frontend manager visibility to hide Team Members page
• Dashboard data loader to stop fetching admin users for manager sessions
• Manager role‑scoping consistency by enforcing DB role at request time
• Manager app‑scope leak on /api/admin/apps
• Manager app selector to show only assigned app IDs
• Backend deployment state by rebuilding license‑auth
• Frontend deployment state by rebuilding dashboard bundle
• Backend permission resolver to read manager metadata permissions
• Reseller accounts to include management permission aliases
• Manager edit flow to preserve manager role
• Manager hard‑blocks on team endpoints by switching to permission + scope checks
• Page gating logic to follow backend metadata instead of static defaults
• Team Members access modal layout to centered dialog with backdrop
• Modal usability with scrollable content and sticky footer
• Modal mounting via portal
• Team Members page layout to license‑style table and removed deprecated fields
• Frontend admin API typing for username/password edits
• Team Members access toggles to correctly hide sidebar/pages after saving
• Changecrab widget initialization by loading script before </body>