Merge branch 'main' of https://huggingface.co/spaces/gaurv007/ClauseGuard

web/app/admin/page.tsx

@@ -0,0 +1,334 @@
+"use client";
+
+import { useState, useEffect } from "react";
+import Link from "next/link";
+import {
+  LayoutDashboard, Users, ScanText, Key, Shield, ScrollText, Activity,
+  Search, Ban, CircleCheck, ChevronDown, ChevronUp, Trash2, Crown,
+  ArrowLeft, RefreshCw, TriangleAlert, UserCheck, Eye, EyeOff
+} from "lucide-react";
+
+type Tab = "overview" | "users" | "scans" | "teams" | "api-keys" | "logs";
+
+export default function AdminPage() {
+  const [tab, setTab] = useState<Tab>("overview");
+  const [stats, setStats] = useState<any>(null);
+  const [users, setUsers] = useState<any[]>([]);
+  const [scans, setScans] = useState<any[]>([]);
+  const [teams, setTeams] = useState<any[]>([]);
+  const [apiKeys, setApiKeys] = useState<any[]>([]);
+  const [logs, setLogs] = useState<any[]>([]);
+  const [search, setSearch] = useState("");
+  const [loading, setLoading] = useState(false);
+  const [userTotal, setUserTotal] = useState(0);
+  const [scanTotal, setScanTotal] = useState(0);
+
+  async function fetchData(action: string, params?: Record<string, string>) {
+    const qs = new URLSearchParams({ action, ...params });
+    const res = await fetch(`/api/admin?${qs}`);
+    if (!res.ok) { window.location.href = "/dashboard-pages/dashboard"; return null; }
+    return res.json();
+  }
+
+  async function adminAction(body: any) {
+    setLoading(true);
+    await fetch("/api/admin", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(body) });
+    setLoading(false);
+    loadTab(tab);
+  }
+
+  async function loadTab(t: Tab) {
+    setLoading(true);
+    switch (t) {
+      case "overview": { const d = await fetchData("stats"); if (d) setStats(d); break; }
+      case "users": { const d = await fetchData("users", search ? { search } : {}); if (d) { setUsers(d.users); setUserTotal(d.total); } break; }
+      case "scans": { const d = await fetchData("scans"); if (d) { setScans(d.scans); setScanTotal(d.total); } break; }
+      case "teams": { const d = await fetchData("teams"); if (d) setTeams(d.teams); break; }
+      case "api-keys": { const d = await fetchData("api-keys"); if (d) setApiKeys(d.keys); break; }
+      case "logs": { const d = await fetchData("logs"); if (d) setLogs(d.logs); break; }
+    }
+    setLoading(false);
+  }
+
+  useEffect(() => { loadTab(tab); }, [tab]);
+
+  const TABS: { key: Tab; label: string; icon: any }[] = [
+    { key: "overview", label: "Overview", icon: LayoutDashboard },
+    { key: "users", label: "Users", icon: Users },
+    { key: "scans", label: "Scans", icon: ScanText },
+    { key: "teams", label: "Teams", icon: Shield },
+    { key: "api-keys", label: "API Keys", icon: Key },
+    { key: "logs", label: "Activity", icon: Activity },
+  ];
+
+  const planBadge = (plan: string) => {
+    const c: Record<string, string> = { free: "bg-zinc-100 text-zinc-600", pro: "bg-blue-50 text-blue-700", team: "bg-purple-50 text-purple-700" };
+    return <span className={`text-[11px] font-medium px-2 py-0.5 rounded ${c[plan] || c.free}`}>{plan}</span>;
+  };
+
+  return (
+    <div className="min-h-screen bg-white">
+      <div className="max-w-6xl mx-auto px-5 py-8">
+        {/* Header */}
+        <div className="flex items-center justify-between mb-8">
+          <div>
+            <Link href="/dashboard-pages/dashboard" className="inline-flex items-center gap-1.5 text-sm text-zinc-400 hover:text-zinc-600 mb-2">
+              <ArrowLeft className="w-3.5 h-3.5" /> Dashboard
+            </Link>
+            <h1 className="text-2xl font-semibold tracking-tight flex items-center gap-2">
+              <Crown className="w-6 h-6 text-amber-500" />
+              Admin Panel
+            </h1>
+          </div>
+          <button onClick={() => loadTab(tab)} disabled={loading}
+            className="p-2 rounded-lg hover:bg-zinc-100 text-zinc-400 disabled:opacity-40">
+            <RefreshCw className={`w-4 h-4 ${loading ? "animate-spin" : ""}`} />
+          </button>
+        </div>
+
+        {/* Tabs */}
+        <div className="flex gap-1 mb-6 overflow-x-auto pb-1">
+          {TABS.map((t) => (
+            <button key={t.key} onClick={() => setTab(t.key)}
+              className={`flex items-center gap-2 px-4 py-2 rounded-lg text-sm font-medium whitespace-nowrap transition-colors ${
+                tab === t.key ? "bg-zinc-900 text-white" : "text-zinc-500 hover:bg-zinc-100"
+              }`}>
+              <t.icon className="w-4 h-4" />
+              {t.label}
+            </button>
+          ))}
+        </div>
+
+        {/* Overview */}
+        {tab === "overview" && stats && (
+          <div className="space-y-6">
+            <div className="grid grid-cols-2 md:grid-cols-4 gap-4">
+              {[
+                { label: "Total Users", value: stats.total_users, sub: `${stats.banned_users} banned` },
+                { label: "Pro Users", value: stats.pro_users },
+                { label: "Team Users", value: stats.team_users },
+                { label: "Free Users", value: stats.free_users },
+                { label: "Total Scans", value: stats.total_scans },
+                { label: "Scans Today", value: stats.scans_today },
+                { label: "Teams", value: stats.total_teams },
+                { label: "Active API Keys", value: stats.total_api_keys },
+              ].map((s, i) => (
+                <div key={i} className="border border-zinc-200 rounded-xl p-4">
+                  <p className="text-xs text-zinc-400">{s.label}</p>
+                  <p className="text-2xl font-semibold mt-1">{s.value}</p>
+                  {s.sub && <p className="text-xs text-zinc-400 mt-0.5">{s.sub}</p>}
+                </div>
+              ))}
+            </div>
+          </div>
+        )}
+
+        {/* Users */}
+        {tab === "users" && (
+          <div>
+            <div className="flex gap-2 mb-4">
+              <div className="flex-1 relative">
+                <Search className="w-4 h-4 absolute left-3 top-1/2 -translate-y-1/2 text-zinc-400" />
+                <input value={search} onChange={(e) => setSearch(e.target.value)}
+                  onKeyDown={(e) => e.key === "Enter" && loadTab("users")}
+                  placeholder="Search by email or name..."
+                  className="w-full pl-10 pr-4 py-2.5 border border-zinc-200 rounded-lg text-sm focus:outline-none focus:border-zinc-400" />
+              </div>
+              <button onClick={() => loadTab("users")} className="px-4 bg-zinc-900 text-white rounded-lg text-sm font-medium hover:bg-zinc-800">Search</button>
+            </div>
+            <p className="text-xs text-zinc-400 mb-3">{userTotal} users total</p>
+            <div className="border border-zinc-200 rounded-xl overflow-hidden">
+              <table className="w-full text-sm">
+                <thead className="bg-zinc-50 border-b border-zinc-200">
+                  <tr>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">User</th>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">Plan</th>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">Scans</th>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">Joined</th>
+                    <th className="text-right px-4 py-3 font-medium text-zinc-500">Actions</th>
+                  </tr>
+                </thead>
+                <tbody className="divide-y divide-zinc-100">
+                  {users.map((u) => (
+                    <tr key={u.id} className={`${u.is_banned ? "opacity-50 bg-red-50/30" : "hover:bg-zinc-50"}`}>
+                      <td className="px-4 py-3">
+                        <p className="font-medium flex items-center gap-1.5">
+                          {u.full_name || u.email}
+                          {u.role === "admin" && <Crown className="w-3.5 h-3.5 text-amber-500" />}
+                          {u.is_banned && <Ban className="w-3.5 h-3.5 text-red-500" />}
+                        </p>
+                        <p className="text-xs text-zinc-400">{u.email}</p>
+                      </td>
+                      <td className="px-4 py-3">{planBadge(u.plan)}</td>
+                      <td className="px-4 py-3 text-zinc-500">{u.analyses_this_month}/mo</td>
+                      <td className="px-4 py-3 text-xs text-zinc-400">{new Date(u.created_at).toLocaleDateString()}</td>
+                      <td className="px-4 py-3 text-right">
+                        <div className="flex gap-1 justify-end">
+                          <select defaultValue={u.plan} onChange={(e) => adminAction({ action: "update_plan", userId: u.id, plan: e.target.value })}
+                            className="text-xs border border-zinc-200 rounded px-2 py-1 bg-white">
+                            <option value="free">Free</option>
+                            <option value="pro">Pro</option>
+                            <option value="team">Team</option>
+                          </select>
+                          <button onClick={() => adminAction({ action: "ban_user", userId: u.id, banned: !u.is_banned })}
+                            className={`p-1.5 rounded hover:bg-zinc-100 ${u.is_banned ? "text-emerald-500" : "text-red-400"}`}
+                            title={u.is_banned ? "Unban" : "Ban"}>
+                            {u.is_banned ? <CircleCheck className="w-3.5 h-3.5" /> : <Ban className="w-3.5 h-3.5" />}
+                          </button>
+                        </div>
+                      </td>
+                    </tr>
+                  ))}
+                </tbody>
+              </table>
+            </div>
+          </div>
+        )}
+
+        {/* Scans */}
+        {tab === "scans" && (
+          <div>
+            <p className="text-xs text-zinc-400 mb-3">{scanTotal} scans total</p>
+            <div className="border border-zinc-200 rounded-xl overflow-hidden">
+              <table className="w-full text-sm">
+                <thead className="bg-zinc-50 border-b border-zinc-200">
+                  <tr>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">Source</th>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">Grade</th>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">Risk</th>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">Clauses</th>
+                    <th className="text-left px-4 py-3 font-medium text-zinc-500">Date</th>
+                    <th className="text-right px-4 py-3 font-medium text-zinc-500">Actions</th>
+                  </tr>
+                </thead>
+                <tbody className="divide-y divide-zinc-100">
+                  {scans.map((s) => (
+                    <tr key={s.id} className="hover:bg-zinc-50">
+                      <td className="px-4 py-3 max-w-xs truncate text-zinc-700">{s.source_url || "Manual scan"}</td>
+                      <td className="px-4 py-3">
+                        <span className={`text-xs font-semibold px-2 py-0.5 rounded ${
+                          s.grade === "F" || s.grade === "D" ? "bg-red-50 text-red-700" :
+                          s.grade === "C" ? "bg-amber-50 text-amber-700" : "bg-emerald-50 text-emerald-700"
+                        }`}>{s.grade}</span>
+                      </td>
+                      <td className="px-4 py-3 text-zinc-500">{s.risk_score}/100</td>
+                      <td className="px-4 py-3 text-zinc-500">{s.flagged_count}/{s.total_clauses}</td>
+                      <td className="px-4 py-3 text-xs text-zinc-400">{new Date(s.created_at).toLocaleDateString()}</td>
+                      <td className="px-4 py-3 text-right">
+                        <button onClick={() => adminAction({ action: "delete_scan", scanId: s.id })}
+                          className="p-1.5 rounded hover:bg-red-50 text-red-400" title="Delete">
+                          <Trash2 className="w-3.5 h-3.5" />
+                        </button>
+                      </td>
+                    </tr>
+                  ))}
+                </tbody>
+              </table>
+            </div>
+          </div>
+        )}
+
+        {/* Teams */}
+        {tab === "teams" && (
+          <div className="border border-zinc-200 rounded-xl overflow-hidden">
+            <table className="w-full text-sm">
+              <thead className="bg-zinc-50 border-b border-zinc-200">
+                <tr>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Team</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Owner</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Seats</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Created</th>
+                  <th className="text-right px-4 py-3 font-medium text-zinc-500">Actions</th>
+                </tr>
+              </thead>
+              <tbody className="divide-y divide-zinc-100">
+                {teams.map((t) => (
+                  <tr key={t.id} className="hover:bg-zinc-50">
+                    <td className="px-4 py-3 font-medium">{t.name}</td>
+                    <td className="px-4 py-3 text-xs text-zinc-400 font-mono">{t.owner_id.slice(0, 8)}...</td>
+                    <td className="px-4 py-3 text-zinc-500">{t.max_seats}</td>
+                    <td className="px-4 py-3 text-xs text-zinc-400">{new Date(t.created_at).toLocaleDateString()}</td>
+                    <td className="px-4 py-3 text-right">
+                      <button onClick={() => adminAction({ action: "delete_team", teamId: t.id })}
+                        className="p-1.5 rounded hover:bg-red-50 text-red-400" title="Delete team">
+                        <Trash2 className="w-3.5 h-3.5" />
+                      </button>
+                    </td>
+                  </tr>
+                ))}
+                {teams.length === 0 && <tr><td colSpan={5} className="px-4 py-8 text-center text-zinc-400">No teams yet.</td></tr>}
+              </tbody>
+            </table>
+          </div>
+        )}
+
+        {/* API Keys */}
+        {tab === "api-keys" && (
+          <div className="border border-zinc-200 rounded-xl overflow-hidden">
+            <table className="w-full text-sm">
+              <thead className="bg-zinc-50 border-b border-zinc-200">
+                <tr>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Name</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Key</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Usage</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Status</th>
+                  <th className="text-right px-4 py-3 font-medium text-zinc-500">Actions</th>
+                </tr>
+              </thead>
+              <tbody className="divide-y divide-zinc-100">
+                {apiKeys.map((k) => (
+                  <tr key={k.id} className="hover:bg-zinc-50">
+                    <td className="px-4 py-3 font-medium">{k.name}</td>
+                    <td className="px-4 py-3 text-xs text-zinc-400 font-mono">{k.key_prefix}</td>
+                    <td className="px-4 py-3 text-zinc-500">{k.calls_this_month}/{k.calls_limit}</td>
+                    <td className="px-4 py-3">
+                      <span className={`text-xs font-medium px-2 py-0.5 rounded ${k.is_active ? "bg-emerald-50 text-emerald-700" : "bg-red-50 text-red-700"}`}>
+                        {k.is_active ? "Active" : "Revoked"}
+                      </span>
+                    </td>
+                    <td className="px-4 py-3 text-right">
+                      {k.is_active && (
+                        <button onClick={() => adminAction({ action: "revoke_api_key", keyId: k.id })}
+                          className="p-1.5 rounded hover:bg-red-50 text-red-400" title="Revoke">
+                          <Ban className="w-3.5 h-3.5" />
+                        </button>
+                      )}
+                    </td>
+                  </tr>
+                ))}
+                {apiKeys.length === 0 && <tr><td colSpan={5} className="px-4 py-8 text-center text-zinc-400">No API keys.</td></tr>}
+              </tbody>
+            </table>
+          </div>
+        )}
+
+        {/* Activity Logs */}
+        {tab === "logs" && (
+          <div className="border border-zinc-200 rounded-xl overflow-hidden">
+            <table className="w-full text-sm">
+              <thead className="bg-zinc-50 border-b border-zinc-200">
+                <tr>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Action</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Target</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Details</th>
+                  <th className="text-left px-4 py-3 font-medium text-zinc-500">Time</th>
+                </tr>
+              </thead>
+              <tbody className="divide-y divide-zinc-100">
+                {logs.map((l) => (
+                  <tr key={l.id} className="hover:bg-zinc-50">
+                    <td className="px-4 py-3 font-medium">{l.action}</td>
+                    <td className="px-4 py-3 text-xs text-zinc-400">{l.target_type}: {l.target_id?.slice(0, 8)}...</td>
+                    <td className="px-4 py-3 text-xs text-zinc-400 font-mono">{l.details ? JSON.stringify(l.details) : "—"}</td>
+                    <td className="px-4 py-3 text-xs text-zinc-400">{new Date(l.created_at).toLocaleString()}</td>
+                  </tr>
+                ))}
+                {logs.length === 0 && <tr><td colSpan={4} className="px-4 py-8 text-center text-zinc-400">No admin actions yet.</td></tr>}
+              </tbody>
+            </table>
+          </div>
+        )}
+      </div>
+    </div>
+  );
+}

web/app/api/admin/route.ts

@@ -0,0 +1,162 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@/lib/supabase/server";
+
+const ADMIN_EMAILS = ["ankygaur9972@gmail.com"];
+
+async function checkAdmin() {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user || !ADMIN_EMAILS.includes(user.email || "")) {
+    return { supabase: null, user: null, error: true };
+  }
+  return { supabase, user, error: false };
+}
+
+// GET — admin stats + data
+export async function GET(req: NextRequest) {
+  const { supabase, user, error } = await checkAdmin();
+  if (error || !supabase || !user) return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+
+  const url = new URL(req.url);
+  const action = url.searchParams.get("action");
+
+  switch (action) {
+    case "stats": {
+      const { count: totalUsers } = await supabase.from("profiles").select("id", { count: "exact", head: true });
+      const { count: proUsers } = await supabase.from("profiles").select("id", { count: "exact", head: true }).eq("plan", "pro");
+      const { count: teamUsers } = await supabase.from("profiles").select("id", { count: "exact", head: true }).eq("plan", "team");
+      const { count: totalScans } = await supabase.from("analyses").select("id", { count: "exact", head: true });
+      const { count: totalTeams } = await supabase.from("teams").select("id", { count: "exact", head: true });
+      const { count: totalApiKeys } = await supabase.from("api_keys").select("id", { count: "exact", head: true }).eq("is_active", true);
+      const { count: bannedUsers } = await supabase.from("profiles").select("id", { count: "exact", head: true }).eq("is_banned", true);
+
+      // Scans today
+      const today = new Date();
+      today.setHours(0, 0, 0, 0);
+      const { count: scansToday } = await supabase.from("analyses").select("id", { count: "exact", head: true }).gte("created_at", today.toISOString());
+
+      return NextResponse.json({
+        total_users: totalUsers || 0,
+        pro_users: proUsers || 0,
+        team_users: teamUsers || 0,
+        free_users: (totalUsers || 0) - (proUsers || 0) - (teamUsers || 0),
+        total_scans: totalScans || 0,
+        scans_today: scansToday || 0,
+        total_teams: totalTeams || 0,
+        total_api_keys: totalApiKeys || 0,
+        banned_users: bannedUsers || 0,
+      });
+    }
+
+    case "users": {
+      const limit = parseInt(url.searchParams.get("limit") || "50");
+      const offset = parseInt(url.searchParams.get("offset") || "0");
+      const search = url.searchParams.get("search") || "";
+
+      let query = supabase.from("profiles")
+        .select("id, email, full_name, plan, role, is_banned, analyses_this_month, team_id, razorpay_subscription_id, created_at", { count: "exact" })
+        .order("created_at", { ascending: false })
+        .range(offset, offset + limit - 1);
+
+      if (search) {
+        query = query.or(`email.ilike.%${search}%,full_name.ilike.%${search}%`);
+      }
+
+      const { data: users, count } = await query;
+      return NextResponse.json({ users: users || [], total: count || 0 });
+    }
+
+    case "scans": {
+      const limit = parseInt(url.searchParams.get("limit") || "50");
+      const offset = parseInt(url.searchParams.get("offset") || "0");
+
+      const { data: scans, count } = await supabase.from("analyses")
+        .select("id, user_id, source_url, risk_score, grade, flagged_count, total_clauses, created_at", { count: "exact" })
+        .order("created_at", { ascending: false })
+        .range(offset, offset + limit - 1);
+
+      return NextResponse.json({ scans: scans || [], total: count || 0 });
+    }
+
+    case "teams": {
+      const { data: teams } = await supabase.from("teams").select("*").order("created_at", { ascending: false });
+      return NextResponse.json({ teams: teams || [] });
+    }
+
+    case "api-keys": {
+      const { data: keys } = await supabase.from("api_keys")
+        .select("id, user_id, name, key_prefix, calls_this_month, calls_limit, is_active, created_at")
+        .order("created_at", { ascending: false });
+      return NextResponse.json({ keys: keys || [] });
+    }
+
+    case "logs": {
+      const { data: logs } = await supabase.from("admin_logs")
+        .select("*").order("created_at", { ascending: false }).limit(100);
+      return NextResponse.json({ logs: logs || [] });
+    }
+
+    default:
+      return NextResponse.json({ error: "Invalid action" }, { status: 400 });
+  }
+}
+
+// POST — admin actions
+export async function POST(req: NextRequest) {
+  const { supabase, user, error } = await checkAdmin();
+  if (error || !supabase || !user) return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+
+  const body = await req.json();
+
+  switch (body.action) {
+    case "update_plan": {
+      const { userId, plan } = body;
+      await supabase.from("profiles").update({ plan, updated_at: new Date().toISOString() }).eq("id", userId);
+      await supabase.from("admin_logs").insert({
+        admin_id: user.id, action: "update_plan", target_type: "user", target_id: userId,
+        details: { plan },
+      });
+      return NextResponse.json({ success: true });
+    }
+
+    case "ban_user": {
+      const { userId, banned } = body;
+      await supabase.from("profiles").update({ is_banned: banned, updated_at: new Date().toISOString() }).eq("id", userId);
+      await supabase.from("admin_logs").insert({
+        admin_id: user.id, action: banned ? "ban_user" : "unban_user", target_type: "user", target_id: userId,
+      });
+      return NextResponse.json({ success: true });
+    }
+
+    case "delete_scan": {
+      const { scanId } = body;
+      await supabase.from("analyses").delete().eq("id", scanId);
+      await supabase.from("admin_logs").insert({
+        admin_id: user.id, action: "delete_scan", target_type: "scan", target_id: scanId,
+      });
+      return NextResponse.json({ success: true });
+    }
+
+    case "revoke_api_key": {
+      const { keyId } = body;
+      await supabase.from("api_keys").update({ is_active: false }).eq("id", keyId);
+      await supabase.from("admin_logs").insert({
+        admin_id: user.id, action: "revoke_api_key", target_type: "api_key", target_id: keyId,
+      });
+      return NextResponse.json({ success: true });
+    }
+
+    case "delete_team": {
+      const { teamId } = body;
+      await supabase.from("profiles").update({ team_id: null }).eq("team_id", teamId);
+      await supabase.from("teams").delete().eq("id", teamId);
+      await supabase.from("admin_logs").insert({
+        admin_id: user.id, action: "delete_team", target_type: "team", target_id: teamId,
+      });
+      return NextResponse.json({ success: true });
+    }
+
+    default:
+      return NextResponse.json({ error: "Invalid action" }, { status: 400 });
+  }
+}

web/app/api/api-keys/route.ts

@@ -0,0 +1,70 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@/lib/supabase/server";
+import crypto from "crypto";
+
+// GET — list user's API keys
+export async function GET() {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single();
+  if (profile?.plan === "free") return NextResponse.json({ error: "API access requires Pro or Team plan" }, { status: 403 });
+
+  const { data: keys } = await supabase.from("api_keys")
+    .select("id, name, key_prefix, calls_this_month, calls_limit, is_active, last_used_at, created_at")
+    .eq("user_id", user.id)
+    .order("created_at", { ascending: false });
+
+  return NextResponse.json({ keys: keys || [] });
+}
+
+// POST — create new API key
+export async function POST(req: NextRequest) {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single();
+  if (profile?.plan === "free") return NextResponse.json({ error: "API access requires Pro or Team plan" }, { status: 403 });
+
+  const { name } = await req.json();
+
+  // Generate key: cg_live_ + 32 random hex chars
+  const rawKey = "cg_live_" + crypto.randomBytes(24).toString("hex");
+  const keyHash = crypto.createHash("sha256").update(rawKey).digest("hex");
+  const keyPrefix = rawKey.substring(0, 16) + "...";
+
+  const callsLimit = profile?.plan === "team" ? 10000 : 1000;
+
+  const { error } = await supabase.from("api_keys").insert({
+    user_id: user.id,
+    team_id: profile?.team_id || null,
+    name: name || "Default",
+    key_hash: keyHash,
+    key_prefix: keyPrefix,
+    calls_limit: callsLimit,
+  });
+
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 });
+
+  // Return the full key ONCE — it's never shown again
+  return NextResponse.json({ key: rawKey, prefix: keyPrefix, name, calls_limit: callsLimit });
+}
+
+// DELETE — revoke an API key
+export async function DELETE(req: NextRequest) {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { keyId } = await req.json();
+
+  const { error } = await supabase.from("api_keys")
+    .update({ is_active: false })
+    .eq("id", keyId)
+    .eq("user_id", user.id);
+
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 });
+  return NextResponse.json({ success: true });
+}

web/app/api/custom-rules/route.ts

@@ -0,0 +1,94 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@/lib/supabase/server";
+
+// GET — list custom rules
+export async function GET() {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single();
+  if (profile?.plan !== "team") return NextResponse.json({ error: "Custom rules require Team plan" }, { status: 403 });
+
+  // Fetch user's own rules + team rules
+  let query = supabase.from("custom_rules").select("*").order("created_at", { ascending: false });
+
+  if (profile?.team_id) {
+    query = query.or(`user_id.eq.${user.id},team_id.eq.${profile.team_id}`);
+  } else {
+    query = query.eq("user_id", user.id);
+  }
+
+  const { data: rules } = await query;
+  return NextResponse.json({ rules: rules || [] });
+}
+
+// POST — create a custom rule
+export async function POST(req: NextRequest) {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single();
+  if (profile?.plan !== "team") return NextResponse.json({ error: "Custom rules require Team plan" }, { status: 403 });
+
+  const { name, description, pattern, severity, category } = await req.json();
+
+  if (!name || !pattern || !category) {
+    return NextResponse.json({ error: "name, pattern, and category are required" }, { status: 400 });
+  }
+
+  // Validate regex pattern
+  try { new RegExp(pattern, "i"); } catch {
+    return NextResponse.json({ error: "Invalid regex pattern" }, { status: 400 });
+  }
+
+  const { data: rule, error } = await supabase.from("custom_rules").insert({
+    user_id: user.id,
+    team_id: profile?.team_id || null,
+    name,
+    description: description || null,
+    pattern,
+    severity: severity || "MEDIUM",
+    category,
+  }).select().single();
+
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 });
+  return NextResponse.json({ rule });
+}
+
+// PUT — update a rule
+export async function PUT(req: NextRequest) {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { id, ...updates } = await req.json();
+
+  if (updates.pattern) {
+    try { new RegExp(updates.pattern, "i"); } catch {
+      return NextResponse.json({ error: "Invalid regex pattern" }, { status: 400 });
+    }
+  }
+
+  const { error } = await supabase.from("custom_rules")
+    .update({ ...updates, updated_at: new Date().toISOString() })
+    .eq("id", id)
+    .eq("user_id", user.id);
+
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 });
+  return NextResponse.json({ success: true });
+}
+
+// DELETE — delete a rule
+export async function DELETE(req: NextRequest) {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { id } = await req.json();
+
+  const { error } = await supabase.from("custom_rules").delete().eq("id", id).eq("user_id", user.id);
+  if (error) return NextResponse.json({ error: error.message }, { status: 500 });
+  return NextResponse.json({ success: true });
+}

web/app/api/parse-upload/route.ts

@@ -0,0 +1,45 @@
+import { NextRequest, NextResponse } from "next/server";
+
+export const runtime = "nodejs";
+
+export async function POST(req: NextRequest) {
+  try {
+    const formData = await req.formData();
+    const file = formData.get("file") as File | null;
+
+    if (!file) {
+      return NextResponse.json({ error: "No file uploaded" }, { status: 400 });
+    }
+
+    const name = file.name.toLowerCase();
+    const buffer = Buffer.from(await file.arrayBuffer());
+    let text = "";
+
+    if (name.endsWith(".txt") || name.endsWith(".md")) {
+      text = new TextDecoder().decode(buffer);
+    } else if (name.endsWith(".pdf")) {
+      // pdf-parse v2
+      await import("pdf-parse/worker");
+      const { PDFParse } = await import("pdf-parse");
+      const parser = new PDFParse({ data: buffer });
+      const result = await parser.getText();
+      text = result.text;
+      await parser.destroy();
+    } else if (name.endsWith(".docx")) {
+      const mammoth = (await import("mammoth")).default;
+      const result = await mammoth.extractRawText({ buffer });
+      text = result.value;
+    } else {
+      return NextResponse.json({ error: "Unsupported file type. Use .pdf, .docx, .txt, or .md" }, { status: 400 });
+    }
+
+    if (!text || text.trim().length < 30) {
+      return NextResponse.json({ error: "Could not extract enough text from this file." }, { status: 400 });
+    }
+
+    return NextResponse.json({ text: text.trim(), filename: file.name, size: file.size });
+  } catch (error: any) {
+    console.error("File parse error:", error);
+    return NextResponse.json({ error: "Failed to parse file: " + (error.message || "Unknown error") }, { status: 500 });
+  }
+}

web/app/api/teams/route.ts

@@ -0,0 +1,99 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@/lib/supabase/server";
+import crypto from "crypto";
+
+// GET — fetch current team + members
+export async function GET() {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { data: profile } = await supabase.from("profiles").select("team_id, plan").eq("id", user.id).single();
+  if (!profile?.team_id) return NextResponse.json({ team: null, members: [], invites: [] });
+
+  const { data: team } = await supabase.from("teams").select("*").eq("id", profile.team_id).single();
+  const { data: members } = await supabase.from("profiles").select("id, email, full_name, avatar_url").eq("team_id", profile.team_id);
+  const { data: invites } = await supabase.from("team_invites").select("*").eq("team_id", profile.team_id).eq("status", "pending");
+
+  return NextResponse.json({ team, members: members || [], invites: invites || [] });
+}
+
+// POST — create team or invite member
+export async function POST(req: NextRequest) {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const body = await req.json();
+
+  // Create team
+  if (body.action === "create") {
+    const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single();
+    if (profile?.plan !== "team") return NextResponse.json({ error: "Team plan required" }, { status: 403 });
+    if (profile?.team_id) return NextResponse.json({ error: "Already in a team" }, { status: 400 });
+
+    const { data: team, error } = await supabase.from("teams").insert({
+      name: body.name || "My Team", owner_id: user.id,
+    }).select().single();
+
+    if (error) return NextResponse.json({ error: error.message }, { status: 500 });
+
+    await supabase.from("profiles").update({ team_id: team.id }).eq("id", user.id);
+    return NextResponse.json({ team });
+  }
+
+  // Invite member
+  if (body.action === "invite") {
+    const { data: profile } = await supabase.from("profiles").select("team_id").eq("id", user.id).single();
+    if (!profile?.team_id) return NextResponse.json({ error: "No team" }, { status: 400 });
+
+    // Check seat limit
+    const { count } = await supabase.from("profiles").select("id", { count: "exact" }).eq("team_id", profile.team_id);
+    const { data: team } = await supabase.from("teams").select("max_seats").eq("id", profile.team_id).single();
+    if ((count || 0) >= (team?.max_seats || 5)) return NextResponse.json({ error: "Team is full (max 5 seats)" }, { status: 400 });
+
+    const { error } = await supabase.from("team_invites").insert({
+      team_id: profile.team_id, email: body.email, invited_by: user.id, role: body.role || "member",
+    });
+
+    if (error) return NextResponse.json({ error: error.message }, { status: 500 });
+    return NextResponse.json({ success: true });
+  }
+
+  // Accept invite
+  if (body.action === "accept") {
+    const { data: invite } = await supabase.from("team_invites")
+      .select("*").eq("id", body.invite_id).eq("email", user.email).eq("status", "pending").single();
+
+    if (!invite) return NextResponse.json({ error: "Invite not found" }, { status: 404 });
+
+    await supabase.from("profiles").update({ team_id: invite.team_id }).eq("id", user.id);
+    await supabase.from("team_invites").update({ status: "accepted" }).eq("id", invite.id);
+    return NextResponse.json({ success: true });
+  }
+
+  return NextResponse.json({ error: "Invalid action" }, { status: 400 });
+}
+
+// DELETE — remove member or leave team
+export async function DELETE(req: NextRequest) {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) return NextResponse.json({ error: "Not authenticated" }, { status: 401 });
+
+  const { memberId } = await req.json();
+
+  if (memberId === user.id) {
+    // Leave team
+    await supabase.from("profiles").update({ team_id: null }).eq("id", user.id);
+  } else {
+    // Remove member (owner only)
+    const { data: profile } = await supabase.from("profiles").select("team_id").eq("id", user.id).single();
+    const { data: team } = await supabase.from("teams").select("owner_id").eq("id", profile?.team_id).single();
+    if (team?.owner_id !== user.id) return NextResponse.json({ error: "Only owner can remove members" }, { status: 403 });
+
+    await supabase.from("profiles").update({ team_id: null }).eq("id", memberId);
+  }
+
+  return NextResponse.json({ success: true });
+}

web/app/dashboard-pages/analyze/page.tsx

@@ -1,20 +1,21 @@
 "use client";
 
-import { useState } from "react";
+import { useState, useRef, useEffect } from "react";
 import {
   ScanText, ScanLine, TriangleAlert, CircleAlert, CircleCheck, Info,
-  Download, FileDown, ChevronDown, ChevronUp, Highlighter, Copy, Check,
-  ShieldCheck, ShieldAlert, Scale, Gavel, Ban, Globe, Eye, Stamp, FileX
+  FileDown, ChevronDown, ChevronUp, Copy, Check, Upload, FileText,
+  ShieldCheck, ShieldAlert, Scale, Gavel, Ban, Globe, Eye, Stamp, FileX,
+  Lock, Sparkles as SparklesIcon, X
 } from "lucide-react";
 
 interface Cat { name: string; severity: string; description?: string; confidence?: number; }
 interface Clause { text: string; categories: Cat[]; }
 interface Result { risk_score: number; grade: string; total_clauses: number; flagged_count: number; results: Clause[]; model: string; latency_ms: number; }
 
-const SEV_CONFIG: Record<string, { icon: any; label: string; text: string; bg: string; border: string; dot: string }> = {
-  HIGH: { icon: TriangleAlert, label: "High", text: "text-red-600", bg: "bg-red-50", border: "border-red-200", dot: "bg-red-500" },
-  MEDIUM: { icon: CircleAlert, label: "Medium", text: "text-amber-600", bg: "bg-amber-50", border: "border-amber-200", dot: "bg-amber-500" },
-  LOW: { icon: Info, label: "Low", text: "text-blue-600", bg: "bg-blue-50", border: "border-blue-200", dot: "bg-blue-500" },
+const SEV_CONFIG: Record<string, { icon: any; label: string; text: string; bg: string; border: string }> = {
+  HIGH: { icon: TriangleAlert, label: "High", text: "text-red-600", bg: "bg-red-50", border: "border-red-200" },
+  MEDIUM: { icon: CircleAlert, label: "Medium", text: "text-amber-600", bg: "bg-amber-50", border: "border-amber-200" },
+  LOW: { icon: Info, label: "Low", text: "text-blue-600", bg: "bg-blue-50", border: "border-blue-200" },
 };
 
 const GRADE_STYLE: Record<string, string> = {
@@ -53,18 +54,58 @@ export default function AnalyzePage() {
   const [expandedIdx, setExpandedIdx] = useState<number | null>(null);
   const [filter, setFilter] = useState<string>("all");
   const [copied, setCopied] = useState(false);
+  const [scanCount, setScanCount] = useState(0);
+  const [userPlan, setUserPlan] = useState("free");
+  const [showUpgrade, setShowUpgrade] = useState(false);
+  const fileInputRef = useRef<HTMLInputElement>(null);
+
+  const FREE_LIMIT = 10;
+  const canScan = userPlan !== "free" || scanCount < FREE_LIMIT;
 
   async function handleAnalyze() {
     if (!text || text.trim().length < 50) { setError("Enter at least 50 characters."); return; }
+
+    if (!canScan) { setShowUpgrade(true); return; }
+
     setLoading(true); setError(""); setResults(null); setExpandedIdx(null);
     try {
       const res = await fetch("/api/analyze", { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ text }) });
       if (!res.ok) throw new Error((await res.json()).error || "Failed");
-      setResults(await res.json());
+      const data = await res.json();
+      setResults(data);
+      setScanCount(prev => prev + 1);
     } catch (e: any) { setError(e.message); }
     finally { setLoading(false); }
   }
 
+  async function handleFileUpload(e: React.ChangeEvent<HTMLInputElement>) {
+    const file = e.target.files?.[0];
+    if (!file) return;
+
+    if (userPlan === "free") { setShowUpgrade(true); return; }
+
+    setLoading(true);
+    setError("");
+
+    try {
+      const formData = new FormData();
+      formData.append("file", file);
+
+      const res = await fetch("/api/parse-upload", { method: "POST", body: formData });
+      if (!res.ok) {
+        const err = await res.json();
+        throw new Error(err.error || "Failed to parse file");
+      }
+
+      const { text: extractedText } = await res.json();
+      setText(extractedText);
+    } catch (e: any) {
+      setError(e.message || "Could not read file.");
+    }
+    setLoading(false);
+    if (fileInputRef.current) fileInputRef.current.value = "";
+  }
+
   async function handleDownloadPDF() {
     if (!results) return;
     try {
@@ -94,13 +135,50 @@ export default function AnalyzePage() {
 
   return (
     <div className="min-h-screen bg-white">
+      {/* Upgrade modal */}
+      {showUpgrade && (
+        <div className="fixed inset-0 z-50 flex items-center justify-center bg-black/40">
+          <div className="bg-white rounded-2xl p-6 max-w-sm mx-4 shadow-xl">
+            <div className="flex justify-between items-start">
+              <div className="w-10 h-10 rounded-xl bg-amber-50 flex items-center justify-center">
+                <Lock className="w-5 h-5 text-amber-600" />
+              </div>
+              <button onClick={() => setShowUpgrade(false)} className="p-1 hover:bg-zinc-100 rounded-md"><X className="w-4 h-4 text-zinc-400" /></button>
+            </div>
+            <h3 className="mt-4 text-lg font-semibold">
+              {userPlan === "free" && scanCount >= FREE_LIMIT ? "Free limit reached" : "Pro feature"}
+            </h3>
+            <p className="mt-1.5 text-sm text-zinc-500 leading-relaxed">
+              {userPlan === "free" && scanCount >= FREE_LIMIT
+                ? `You have used all ${FREE_LIMIT} free scans this month. Upgrade to Pro for unlimited scans, file uploads, and AI explanations.`
+                : "File upload is available on the Pro plan. Upgrade to scan contracts and leases directly."}
+            </p>
+            <div className="mt-5 flex gap-2">
+              <a href="/#pricing" className="flex-1 bg-zinc-900 text-white py-2.5 rounded-lg text-sm font-medium text-center hover:bg-zinc-800 transition-colors">
+                View plans
+              </a>
+              <button onClick={() => setShowUpgrade(false)} className="flex-1 border border-zinc-200 py-2.5 rounded-lg text-sm font-medium hover:bg-zinc-50 transition-colors">
+                Not now
+              </button>
+            </div>
+          </div>
+        </div>
+      )}
+
       <div className="max-w-6xl mx-auto px-5 py-10">
-        <div className="mb-8">
-          <h1 className="text-2xl font-semibold tracking-tight flex items-center gap-2">
-            <ScanText className="w-6 h-6 text-zinc-400" />
-            Scan a document
-          </h1>
-          <p className="mt-1 text-sm text-zinc-500">Paste Terms of Service, a contract, or a lease agreement.</p>
+        <div className="mb-8 flex items-start justify-between">
+          <div>
+            <h1 className="text-2xl font-semibold tracking-tight flex items-center gap-2">
+              <ScanText className="w-6 h-6 text-zinc-400" />
+              Scan a document
+            </h1>
+            <p className="mt-1 text-sm text-zinc-500">Paste text or upload a file (.pdf, .docx, .txt).</p>
+          </div>
+          {userPlan === "free" && (
+            <span className="text-xs text-zinc-400 border border-zinc-200 px-2.5 py-1 rounded-md">
+              {scanCount}/{FREE_LIMIT} free scans
+            </span>
+          )}
         </div>
 
         <div className="grid lg:grid-cols-5 gap-6">
@@ -108,16 +186,21 @@ export default function AnalyzePage() {
           <div className="lg:col-span-2">
             <textarea value={text} onChange={(e) => setText(e.target.value)}
               placeholder="Paste your document text here..."
-              className="w-full h-[420px] p-4 border border-zinc-200 rounded-xl text-sm leading-relaxed resize-none focus:outline-none focus:ring-2 focus:ring-zinc-900/10 focus:border-zinc-300 placeholder:text-zinc-300 font-mono" />
+              className="w-full h-[380px] p-4 border border-zinc-200 rounded-xl text-sm leading-relaxed resize-none focus:outline-none focus:ring-2 focus:ring-zinc-900/10 focus:border-zinc-300 placeholder:text-zinc-300 font-mono" />
             <div className="mt-3 flex gap-2">
               <button onClick={handleAnalyze} disabled={loading}
                 className="flex-1 inline-flex items-center justify-center gap-2 bg-zinc-900 text-white py-2.5 rounded-lg text-sm font-medium hover:bg-zinc-800 disabled:opacity-40 transition-colors">
                 {loading ? <><ScanLine className="w-4 h-4 animate-pulse" /> Scanning...</> : <><ScanText className="w-4 h-4" /> Scan</>}
               </button>
               <button onClick={() => setText(EXAMPLE)}
-                className="px-4 border border-zinc-200 rounded-lg text-sm text-zinc-500 hover:bg-zinc-50 transition-colors">
+                className="px-3 border border-zinc-200 rounded-lg text-sm text-zinc-500 hover:bg-zinc-50 transition-colors">
                 Example
               </button>
+              <input ref={fileInputRef} type="file" accept=".txt,.md,.pdf,.docx" className="hidden" onChange={handleFileUpload} />
+              <button onClick={() => fileInputRef.current?.click()}
+                className="px-3 border border-zinc-200 rounded-lg text-zinc-500 hover:bg-zinc-50 transition-colors" title="Upload file">
+                <Upload className="w-4 h-4" />
+              </button>
             </div>
             {error && <p className="mt-2 text-sm text-red-600 flex items-center gap-1.5"><TriangleAlert className="w-3.5 h-3.5" />{error}</p>}
           </div>
@@ -140,11 +223,9 @@ export default function AnalyzePage() {
                         }`} style={{ width: `${results.risk_score}%` }} />
                       </div>
                     </div>
-                    <div className="flex items-center gap-2">
-                      <span className={`text-sm font-semibold px-3 py-1 rounded-lg border ${GRADE_STYLE[results.grade] || GRADE_STYLE.C}`}>
-                        Grade {results.grade}
-                      </span>
-                    </div>
+                    <span className={`text-sm font-semibold px-3 py-1 rounded-lg border ${GRADE_STYLE[results.grade] || GRADE_STYLE.C}`}>
+                      Grade {results.grade}
+                    </span>
                   </div>
                   <div className="mt-4 flex items-center gap-4 text-xs text-zinc-400">
                     <span>{results.total_clauses} clauses</span>
@@ -154,7 +235,7 @@ export default function AnalyzePage() {
                     <span>{results.latency_ms}ms</span>
                     <span className="w-px h-3 bg-zinc-200" />
                     <span className="flex items-center gap-1">
-                      {results.model === "ml" ? <Sparkles className="w-3 h-3" /> : null}
+                      {results.model === "ml" && <SparklesIcon className="w-3 h-3" />}
                       {results.model === "ml" ? "Legal-BERT" : "Pattern matching"}
                     </span>
                   </div>
@@ -188,11 +269,11 @@ export default function AnalyzePage() {
                 </div>
 
                 {/* Clause list */}
-                <div className="space-y-2 max-h-[400px] overflow-y-auto pr-1">
+                <div className="space-y-2 max-h-[380px] overflow-y-auto pr-1">
                   {filtered.length === 0 ? (
                     <div className="border border-dashed border-zinc-200 rounded-xl p-10 text-center">
                       <CircleCheck className="w-8 h-8 text-emerald-400 mx-auto mb-2" />
-                      <p className="text-sm text-zinc-500">{filter === "all" ? "No unfair clauses found." : "No clauses at this severity level."}</p>
+                      <p className="text-sm text-zinc-500">{filter === "all" ? "No unfair clauses found." : "No clauses at this severity."}</p>
                     </div>
                   ) : filtered.map((clause, i) => {
                     const maxSev = clause.categories.reduce((m, c) => {
@@ -204,8 +285,7 @@ export default function AnalyzePage() {
                     const CatIcon = CATEGORY_ICONS[clause.categories[0]?.name] || TriangleAlert;
 
                     return (
-                      <div key={i}
-                        className={`border rounded-xl overflow-hidden transition-all ${conf.border} ${isExpanded ? "shadow-sm" : ""}`}>
+                      <div key={i} className={`border rounded-xl overflow-hidden transition-all ${conf.border} ${isExpanded ? "shadow-sm" : ""}`}>
                         <button onClick={() => setExpandedIdx(isExpanded ? null : i)}
                           className="w-full text-left p-4 flex items-start gap-3 hover:bg-zinc-50/50 transition-colors">
                           <div className={`w-8 h-8 rounded-lg flex items-center justify-center shrink-0 ${conf.bg}`}>
@@ -217,8 +297,7 @@ export default function AnalyzePage() {
                                 const s = SEV_CONFIG[cat.severity] || SEV_CONFIG.MEDIUM;
                                 return (
                                   <span key={j} className={`text-[11px] font-medium px-2 py-0.5 rounded border ${s.bg} ${s.text} ${s.border}`}>
-                                    {cat.name}
-                                    {cat.confidence ? ` ${Math.round(cat.confidence * 100)}%` : ""}
+                                    {cat.name}{cat.confidence ? ` ${Math.round(cat.confidence * 100)}%` : ""}
                                   </span>
                                 );
                               })}
@@ -231,9 +310,7 @@ export default function AnalyzePage() {
                         </button>
                         {isExpanded && (
                           <div className="px-4 pb-4 pt-0 border-t border-zinc-100">
-                            <p className="text-sm text-zinc-700 leading-relaxed mt-3 font-mono bg-zinc-50 rounded-lg p-3">
-                              {clause.text}
-                            </p>
+                            <p className="text-sm text-zinc-700 leading-relaxed mt-3 font-mono bg-zinc-50 rounded-lg p-3">{clause.text}</p>
                             {clause.categories.map((cat, j) => (
                               <div key={j} className="mt-3 flex items-start gap-2">
                                 <TriangleAlert className={`w-3.5 h-3.5 mt-0.5 shrink-0 ${(SEV_CONFIG[cat.severity] || SEV_CONFIG.MEDIUM).text}`} />
@@ -261,7 +338,3 @@ export default function AnalyzePage() {
     </div>
   );
 }
-
-function Sparkles({ className }: { className?: string }) {
-  return <svg className={className} viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><path d="M9.937 15.5A2 2 0 0 0 8.5 14.063l-6.135-1.582a.5.5 0 0 1 0-.962L8.5 9.936A2 2 0 0 0 9.937 8.5l1.582-6.135a.5.5 0 0 1 .963 0L14.063 8.5A2 2 0 0 0 15.5 9.937l6.135 1.581a.5.5 0 0 1 0 .964L15.5 14.063a2 2 0 0 0-1.437 1.437l-1.582 6.135a.5.5 0 0 1-.963 0z"/><path d="M20 3v4"/><path d="M22 5h-4"/></svg>;
-}

web/app/dashboard-pages/team/page.tsx

@@ -0,0 +1,142 @@
+import { createClient } from "@/lib/supabase/server";
+import { redirect } from "next/navigation";
+import Link from "next/link";
+import { ArrowLeft, Users, UserPlus, Crown, Mail, Key, ScrollText, Trash2, Shield } from "lucide-react";
+
+export default async function TeamPage() {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+  if (!user) redirect("/auth/login");
+
+  const { data: profile } = await supabase.from("profiles").select("plan, team_id").eq("id", user.id).single();
+
+  if (profile?.plan !== "team") {
+    return (
+      <div className="min-h-screen bg-white flex items-center justify-center">
+        <div className="text-center max-w-sm">
+          <Users className="w-10 h-10 text-zinc-300 mx-auto mb-4" />
+          <h2 className="text-xl font-semibold">Team features</h2>
+          <p className="mt-2 text-sm text-zinc-500">Upgrade to the Team plan to invite members, share dashboards, and manage API keys.</p>
+          <Link href="/#pricing" className="mt-4 inline-block bg-zinc-900 text-white px-5 py-2.5 rounded-lg text-sm font-medium hover:bg-zinc-800">View plans</Link>
+        </div>
+      </div>
+    );
+  }
+
+  // Fetch team data
+  let team = null, members: any[] = [], invites: any[] = [], analyses: any[] = [];
+
+  if (profile?.team_id) {
+    const { data: t } = await supabase.from("teams").select("*").eq("id", profile.team_id).single();
+    team = t;
+    const { data: m } = await supabase.from("profiles").select("id, email, full_name, avatar_url, analyses_this_month").eq("team_id", profile.team_id);
+    members = m || [];
+    const { data: inv } = await supabase.from("team_invites").select("*").eq("team_id", profile.team_id).eq("status", "pending");
+    invites = inv || [];
+    const { data: a } = await supabase.from("analyses").select("id, source_url, risk_score, grade, flagged_count, created_at, user_id")
+      .eq("team_id", profile.team_id).order("created_at", { ascending: false }).limit(20);
+    analyses = a || [];
+  }
+
+  const isOwner = team?.owner_id === user.id;
+
+  return (
+    <div className="min-h-screen bg-white">
+      <div className="max-w-4xl mx-auto px-5 py-12">
+        <div className="mb-8">
+          <Link href="/dashboard-pages/dashboard" className="inline-flex items-center gap-1.5 text-sm text-zinc-400 hover:text-zinc-600">
+            <ArrowLeft className="w-3.5 h-3.5" /> Dashboard
+          </Link>
+          <h1 className="mt-4 text-2xl font-semibold tracking-tight flex items-center gap-2">
+            <Users className="w-6 h-6 text-zinc-400" />
+            {team?.name || "Team"}
+          </h1>
+        </div>
+
+        {!team ? (
+          <div className="border border-zinc-200 rounded-xl p-8 text-center">
+            <Users className="w-10 h-10 text-zinc-300 mx-auto mb-3" />
+            <h3 className="font-semibold">Create your team</h3>
+            <p className="mt-1 text-sm text-zinc-500">Set up a team to invite members and share scans.</p>
+            <form action="/api/teams" method="POST" className="mt-4">
+              <input type="hidden" name="action" value="create" />
+              <button type="submit" className="bg-zinc-900 text-white px-5 py-2.5 rounded-lg text-sm font-medium hover:bg-zinc-800">Create team</button>
+            </form>
+          </div>
+        ) : (
+          <div className="space-y-8">
+            {/* Members */}
+            <section>
+              <div className="flex items-center justify-between mb-3">
+                <div className="flex items-center gap-2">
+                  <Users className="w-4 h-4 text-zinc-400" />
+                  <h2 className="text-sm font-medium text-zinc-500 uppercase tracking-wider">Members ({members.length}/{team.max_seats})</h2>
+                </div>
+              </div>
+              <div className="border border-zinc-200 rounded-xl divide-y divide-zinc-100">
+                {members.map((m) => (
+                  <div key={m.id} className="px-5 py-3.5 flex items-center justify-between">
+                    <div className="flex items-center gap-3">
+                      <div className="w-8 h-8 rounded-full bg-zinc-100 flex items-center justify-center text-xs font-medium text-zinc-600">
+                        {(m.full_name || m.email || "?")[0].toUpperCase()}
+                      </div>
+                      <div>
+                        <p className="text-sm font-medium flex items-center gap-1.5">
+                          {m.full_name || m.email}
+                          {m.id === team.owner_id && <Crown className="w-3.5 h-3.5 text-amber-500" />}
+                        </p>
+                        <p className="text-xs text-zinc-400">{m.email} · {m.analyses_this_month || 0} scans this month</p>
+                      </div>
+                    </div>
+                  </div>
+                ))}
+                {invites.map((inv) => (
+                  <div key={inv.id} className="px-5 py-3.5 flex items-center justify-between opacity-60">
+                    <div className="flex items-center gap-3">
+                      <div className="w-8 h-8 rounded-full bg-zinc-50 border border-dashed border-zinc-300 flex items-center justify-center">
+                        <Mail className="w-3.5 h-3.5 text-zinc-400" />
+                      </div>
+                      <div>
+                        <p className="text-sm">{inv.email}</p>
+                        <p className="text-xs text-zinc-400">Invite pending</p>
+                      </div>
+                    </div>
+                  </div>
+                ))}
+              </div>
+            </section>
+
+            {/* Recent team scans */}
+            <section>
+              <div className="flex items-center gap-2 mb-3">
+                <Shield className="w-4 h-4 text-zinc-400" />
+                <h2 className="text-sm font-medium text-zinc-500 uppercase tracking-wider">Recent team scans</h2>
+              </div>
+              <div className="border border-zinc-200 rounded-xl divide-y divide-zinc-100">
+                {analyses.length === 0 ? (
+                  <div className="px-5 py-8 text-center text-sm text-zinc-400">No scans yet.</div>
+                ) : analyses.slice(0, 10).map((a) => {
+                  const member = members.find(m => m.id === a.user_id);
+                  return (
+                    <div key={a.id} className="px-5 py-3 flex items-center justify-between">
+                      <div>
+                        <p className="text-sm text-zinc-700 truncate max-w-xs">{a.source_url || "Manual scan"}</p>
+                        <p className="text-xs text-zinc-400 mt-0.5">
+                          {member?.full_name || member?.email || "Unknown"} · {new Date(a.created_at).toLocaleDateString()}
+                        </p>
+                      </div>
+                      <span className={`text-xs font-semibold px-2.5 py-1 rounded-md ${
+                        a.grade === "F" || a.grade === "D" ? "bg-red-50 text-red-700" :
+                        a.grade === "C" ? "bg-amber-50 text-amber-700" : "bg-emerald-50 text-emerald-700"
+                      }`}>{a.grade} · {a.risk_score}</span>
+                    </div>
+                  );
+                })}
+              </div>
+            </section>
+          </div>
+        )}
+      </div>
+    </div>
+  );
+}

web/components/nav.tsx

@@ -2,8 +2,9 @@
 
 import Link from "next/link";
 import { usePathname } from "next/navigation";
-import { ShieldCheck, Menu, X } from "lucide-react";
-import { useState } from "react";
+import { ShieldCheck, Menu, X, Crown } from "lucide-react";
+import { useState, useEffect } from "react";
+import { createClient } from "@/lib/supabase/client";
 
 const links = [
   { href: "/#features", label: "Features" },
@@ -11,10 +12,21 @@ const links = [
   { href: "/dashboard-pages/analyze", label: "Scanner" },
 ];
 
+const ADMIN_EMAILS = ["ankygaur9972@gmail.com"];
+
 export function Nav() {
   const [open, setOpen] = useState(false);
+  const [userEmail, setUserEmail] = useState<string | null>(null);
   const pathname = usePathname();
   const isDashboard = pathname?.startsWith("/dashboard");
+  const isAdmin = userEmail && ADMIN_EMAILS.includes(userEmail);
+
+  useEffect(() => {
+    const supabase = createClient();
+    supabase.auth.getUser().then(({ data }) => {
+      setUserEmail(data.user?.email || null);
+    });
+  }, []);
 
   return (
     <nav className="sticky top-0 z-50 bg-white/80 backdrop-blur-md border-b border-zinc-100">
@@ -24,7 +36,6 @@ export function Nav() {
           <span className="font-semibold text-[15px] tracking-tight text-zinc-900">ClauseGuard</span>
         </Link>
 
-        {/* Desktop */}
         <div className="hidden md:flex items-center gap-1">
           {links.map((l) => (
             <a key={l.href} href={l.href}
@@ -32,8 +43,17 @@ export function Nav() {
               {l.label}
             </a>
           ))}
+
+          {isAdmin && (
+            <Link href="/admin"
+              className="px-3 py-1.5 text-[13px] text-amber-600 hover:text-amber-700 rounded-md hover:bg-amber-50 transition-colors flex items-center gap-1">
+              <Crown className="w-3.5 h-3.5" /> Admin
+            </Link>
+          )}
+
           <div className="w-px h-4 bg-zinc-200 mx-2" />
-          {isDashboard ? (
+
+          {isDashboard || userEmail ? (
             <Link href="/dashboard-pages/settings"
               className="px-3 py-1.5 text-[13px] text-zinc-500 hover:text-zinc-900 rounded-md hover:bg-zinc-50">
               Settings
@@ -44,27 +64,27 @@ export function Nav() {
               Log in
             </Link>
           )}
-          <Link href={isDashboard ? "/dashboard-pages/analyze" : "/auth/signup"}
+          <Link href={isDashboard || userEmail ? "/dashboard-pages/analyze" : "/auth/signup"}
             className="ml-1 px-3.5 py-1.5 text-[13px] font-medium text-white bg-zinc-900 rounded-md hover:bg-zinc-800 transition-colors">
-            {isDashboard ? "New scan" : "Get started"}
+            {isDashboard || userEmail ? "New scan" : "Get started"}
           </Link>
         </div>
 
-        {/* Mobile toggle */}
         <button className="md:hidden p-1.5 rounded-md hover:bg-zinc-100" onClick={() => setOpen(!open)}>
           {open ? <X className="w-5 h-5" /> : <Menu className="w-5 h-5" />}
         </button>
       </div>
 
-      {/* Mobile menu */}
       {open && (
         <div className="md:hidden border-t border-zinc-100 bg-white px-5 py-3 space-y-1">
           {links.map((l) => (
             <a key={l.href} href={l.href} onClick={() => setOpen(false)}
-              className="block px-3 py-2 text-sm text-zinc-600 rounded-md hover:bg-zinc-50">
-              {l.label}
-            </a>
+              className="block px-3 py-2 text-sm text-zinc-600 rounded-md hover:bg-zinc-50">{l.label}</a>
           ))}
+          {isAdmin && (
+            <Link href="/admin" onClick={() => setOpen(false)}
+              className="block px-3 py-2 text-sm text-amber-600 rounded-md hover:bg-amber-50">Admin</Link>
+          )}
           <Link href="/auth/login" onClick={() => setOpen(false)}
             className="block px-3 py-2 text-sm text-zinc-600 rounded-md hover:bg-zinc-50">Log in</Link>
         </div>

web/lib/admin-guard.ts

@@ -0,0 +1,29 @@
+import { createClient } from "@/lib/supabase/server";
+import { redirect } from "next/navigation";
+
+const ADMIN_EMAILS = ["ankygaur9972@gmail.com"];
+
+export async function requireAdmin() {
+  const supabase = await createClient();
+  const { data: { user } } = await supabase.auth.getUser();
+
+  if (!user) redirect("/auth/login");
+
+  // Check email first (fast)
+  if (!ADMIN_EMAILS.includes(user.email || "")) {
+    redirect("/dashboard-pages/dashboard");
+  }
+
+  // Double check role in DB
+  const { data: profile } = await supabase
+    .from("profiles")
+    .select("role")
+    .eq("id", user.id)
+    .single();
+
+  if (profile?.role !== "admin") {
+    redirect("/dashboard-pages/dashboard");
+  }
+
+  return { user, supabase };
+}

web/lib/supabase/admin-schema.sql

@@ -0,0 +1,47 @@
+-- ClauseGuard — Admin Schema Extension
+-- Run AFTER the main schema.sql
+
+-- Add role column to profiles
+ALTER TABLE public.profiles ADD COLUMN IF NOT EXISTS role TEXT DEFAULT 'user' CHECK (role IN ('user', 'admin'));
+
+-- Add is_banned column
+ALTER TABLE public.profiles ADD COLUMN IF NOT EXISTS is_banned BOOLEAN DEFAULT false;
+
+-- Set admin
+UPDATE public.profiles SET role = 'admin' WHERE email = 'ankygaur9972@gmail.com';
+
+-- Activity log
+CREATE TABLE IF NOT EXISTS public.admin_logs (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  admin_id UUID REFERENCES auth.users NOT NULL,
+  action TEXT NOT NULL,
+  target_type TEXT,  -- 'user', 'team', 'scan', 'api_key', 'rule'
+  target_id TEXT,
+  details JSONB,
+  created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_admin_logs_created ON public.admin_logs(created_at DESC);
+
+-- Admin RLS: admins can read all tables
+CREATE POLICY "Admins can read all profiles" ON public.profiles FOR SELECT
+  USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
+
+CREATE POLICY "Admins can update all profiles" ON public.profiles FOR UPDATE
+  USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
+
+CREATE POLICY "Admins can read all analyses" ON public.analyses FOR SELECT
+  USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
+
+CREATE POLICY "Admins can read all teams" ON public.teams FOR SELECT
+  USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
+
+CREATE POLICY "Admins can read all api_keys" ON public.api_keys FOR SELECT
+  USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
+
+CREATE POLICY "Admins can read all custom_rules" ON public.custom_rules FOR SELECT
+  USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));
+
+ALTER TABLE public.admin_logs ENABLE ROW LEVEL SECURITY;
+CREATE POLICY "Admins can manage logs" ON public.admin_logs FOR ALL
+  USING (auth.uid() IN (SELECT id FROM public.profiles WHERE role = 'admin'));

web/lib/supabase/client.ts

@@ -3,6 +3,15 @@ import { createBrowserClient } from "@supabase/ssr";
 export function createClient() {
   return createBrowserClient(
     process.env.NEXT_PUBLIC_SUPABASE_URL!,
-    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY!
+    process.env.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY!,
+    {
+      auth: {
+        autoRefreshToken: true,
+        persistSession: true,
+        // 7 day session — Supabase default is 3600s (1 hour)
+        // This must also be set in Supabase Dashboard → Auth → Settings → JWT Expiry
+        // Set to 604800 (7 days) in the dashboard
+      },
+    }
   );
 }

web/lib/supabase/schema.sql

@@ -1,6 +1,6 @@
--- ClauseGuard — Supabase Database Schema (Razorpay)
+-- ClauseGuard — Full Database Schema (with Teams, API Keys, Custom Rules)
 
--- Profiles
+-- ─── Profiles ───
 CREATE TABLE IF NOT EXISTS public.profiles (
   id UUID REFERENCES auth.users ON DELETE CASCADE PRIMARY KEY,
   email TEXT,
@@ -8,16 +8,41 @@ CREATE TABLE IF NOT EXISTS public.profiles (
   avatar_url TEXT,
   razorpay_subscription_id TEXT,
   plan TEXT DEFAULT 'free' CHECK (plan IN ('free', 'pro', 'team')),
+  team_id UUID REFERENCES public.teams(id) ON DELETE SET NULL,
   analyses_this_month INT DEFAULT 0,
   monthly_reset_at TIMESTAMPTZ DEFAULT date_trunc('month', NOW()),
   created_at TIMESTAMPTZ DEFAULT NOW(),
   updated_at TIMESTAMPTZ DEFAULT NOW()
 );
 
--- Analyses
+-- ─── Teams ───
+CREATE TABLE IF NOT EXISTS public.teams (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  name TEXT NOT NULL,
+  owner_id UUID REFERENCES auth.users NOT NULL,
+  plan TEXT DEFAULT 'team',
+  max_seats INT DEFAULT 5,
+  razorpay_subscription_id TEXT,
+  created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+CREATE TABLE IF NOT EXISTS public.team_invites (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  team_id UUID REFERENCES public.teams ON DELETE CASCADE NOT NULL,
+  email TEXT NOT NULL,
+  role TEXT DEFAULT 'member' CHECK (role IN ('admin', 'member')),
+  status TEXT DEFAULT 'pending' CHECK (status IN ('pending', 'accepted', 'expired')),
+  invited_by UUID REFERENCES auth.users NOT NULL,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  expires_at TIMESTAMPTZ DEFAULT NOW() + INTERVAL '7 days',
+  UNIQUE(team_id, email)
+);
+
+-- ─── Analyses ───
 CREATE TABLE IF NOT EXISTS public.analyses (
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
   user_id UUID REFERENCES public.profiles ON DELETE CASCADE NOT NULL,
+  team_id UUID REFERENCES public.teams ON DELETE SET NULL,
   source_url TEXT,
   source_type TEXT DEFAULT 'tos' CHECK (source_type IN ('tos', 'contract', 'rental', 'other')),
   total_clauses INT NOT NULL,
@@ -28,21 +53,86 @@ CREATE TABLE IF NOT EXISTS public.analyses (
   created_at TIMESTAMPTZ DEFAULT NOW()
 );
 
--- Indexes
+-- ─── API Keys ───
+CREATE TABLE IF NOT EXISTS public.api_keys (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id UUID REFERENCES public.profiles ON DELETE CASCADE NOT NULL,
+  team_id UUID REFERENCES public.teams ON DELETE CASCADE,
+  name TEXT NOT NULL,
+  key_hash TEXT NOT NULL UNIQUE,
+  key_prefix TEXT NOT NULL,  -- first 8 chars for display: "cg_live_a1b2..."
+  calls_this_month INT DEFAULT 0,
+  calls_limit INT DEFAULT 1000,  -- Pro: 1000, Team: 10000
+  last_used_at TIMESTAMPTZ,
+  is_active BOOLEAN DEFAULT true,
+  created_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ─── Custom Clause Rules ───
+CREATE TABLE IF NOT EXISTS public.custom_rules (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id UUID REFERENCES public.profiles ON DELETE CASCADE,
+  team_id UUID REFERENCES public.teams ON DELETE CASCADE,
+  name TEXT NOT NULL,
+  description TEXT,
+  pattern TEXT NOT NULL,          -- regex pattern to match
+  severity TEXT DEFAULT 'MEDIUM' CHECK (severity IN ('HIGH', 'MEDIUM', 'LOW')),
+  category TEXT NOT NULL,         -- custom category name
+  is_active BOOLEAN DEFAULT true,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+-- ─── Indexes ───
 CREATE INDEX IF NOT EXISTS idx_analyses_user_id ON public.analyses(user_id);
+CREATE INDEX IF NOT EXISTS idx_analyses_team_id ON public.analyses(team_id);
 CREATE INDEX IF NOT EXISTS idx_analyses_created_at ON public.analyses(created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_api_keys_key_hash ON public.api_keys(key_hash);
+CREATE INDEX IF NOT EXISTS idx_api_keys_user_id ON public.api_keys(user_id);
+CREATE INDEX IF NOT EXISTS idx_team_invites_email ON public.team_invites(email);
+CREATE INDEX IF NOT EXISTS idx_custom_rules_user_id ON public.custom_rules(user_id);
+CREATE INDEX IF NOT EXISTS idx_custom_rules_team_id ON public.custom_rules(team_id);
 
--- Row Level Security
+-- ─── Row Level Security ───
 ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY;
 ALTER TABLE public.analyses ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.teams ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.team_invites ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.api_keys ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.custom_rules ENABLE ROW LEVEL SECURITY;
+
+-- Profiles
+CREATE POLICY "Users see own profile" ON public.profiles FOR SELECT USING (auth.uid() = id);
+CREATE POLICY "Users update own profile" ON public.profiles FOR UPDATE USING (auth.uid() = id);
+
+-- Analyses: own + team
+CREATE POLICY "Users see own analyses" ON public.analyses FOR SELECT
+  USING (auth.uid() = user_id OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
+CREATE POLICY "Users insert analyses" ON public.analyses FOR INSERT WITH CHECK (auth.uid() = user_id);
+CREATE POLICY "Users delete own analyses" ON public.analyses FOR DELETE USING (auth.uid() = user_id);
+
+-- Teams: members can view, owner can update
+CREATE POLICY "Team members can view" ON public.teams FOR SELECT
+  USING (id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()) OR owner_id = auth.uid());
+CREATE POLICY "Owner can update team" ON public.teams FOR UPDATE USING (owner_id = auth.uid());
+
+-- Team invites: team members can view, admins can insert
+CREATE POLICY "Members see team invites" ON public.team_invites FOR SELECT
+  USING (team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
+CREATE POLICY "Admins can invite" ON public.team_invites FOR INSERT
+  WITH CHECK (invited_by = auth.uid());
+
+-- API Keys: own + team
+CREATE POLICY "Users see own API keys" ON public.api_keys FOR SELECT
+  USING (user_id = auth.uid() OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
+CREATE POLICY "Users manage own API keys" ON public.api_keys FOR ALL USING (user_id = auth.uid());
 
-CREATE POLICY "Users can view own profile" ON public.profiles FOR SELECT USING (auth.uid() = id);
-CREATE POLICY "Users can update own profile" ON public.profiles FOR UPDATE USING (auth.uid() = id);
-CREATE POLICY "Users can view own analyses" ON public.analyses FOR SELECT USING (auth.uid() = user_id);
-CREATE POLICY "Users can insert own analyses" ON public.analyses FOR INSERT WITH CHECK (auth.uid() = user_id);
-CREATE POLICY "Users can delete own analyses" ON public.analyses FOR DELETE USING (auth.uid() = user_id);
+-- Custom Rules: own + team
+CREATE POLICY "Users see own rules" ON public.custom_rules FOR SELECT
+  USING (user_id = auth.uid() OR team_id IN (SELECT team_id FROM public.profiles WHERE id = auth.uid()));
+CREATE POLICY "Users manage own rules" ON public.custom_rules FOR ALL USING (user_id = auth.uid());
 
--- Auto-create profile on signup
+-- ─── Auto-create profile on signup ───
 CREATE OR REPLACE FUNCTION public.handle_new_user()
 RETURNS TRIGGER AS $$
 BEGIN
@@ -56,16 +146,17 @@ BEGIN
 END;
 $$ LANGUAGE plpgsql SECURITY DEFINER;
 
-CREATE OR REPLACE TRIGGER on_auth_user_created
+DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users;
+CREATE TRIGGER on_auth_user_created
   AFTER INSERT ON auth.users
   FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
 
--- Monthly usage reset
+-- ─── Monthly reset ───
 CREATE OR REPLACE FUNCTION public.reset_monthly_usage()
 RETURNS void AS $$
 BEGIN
-  UPDATE public.profiles
-  SET analyses_this_month = 0, monthly_reset_at = date_trunc('month', NOW())
+  UPDATE public.profiles SET analyses_this_month = 0, monthly_reset_at = date_trunc('month', NOW())
   WHERE monthly_reset_at < date_trunc('month', NOW());
+  UPDATE public.api_keys SET calls_this_month = 0;
 END;
 $$ LANGUAGE plpgsql SECURITY DEFINER;

web/next.config.ts

@@ -2,7 +2,7 @@ import type { NextConfig } from "next";
 
 const nextConfig: NextConfig = {
   output: "standalone",
-  serverExternalPackages: ["@react-pdf/renderer"],
+  serverExternalPackages: ["@react-pdf/renderer", "pdf-parse", "mammoth"],
   images: {
     remotePatterns: [
       { protocol: "https", hostname: "avatars.githubusercontent.com" },

web/package.json

@@ -17,6 +17,8 @@
     "razorpay": "2.9.6",
     "resend": "6.12.2",
     "@react-pdf/renderer": "4.5.1",
+    "pdf-parse": "2.4.5",
+    "mammoth": "1.12.0",
     "jose": "6.2.2",
     "lucide-react": "0.474.0",
     "clsx": "2.1.1",