Phase 6: PDF & Polish — PDF generation, admin users/settings, AI tool

Backend:
- Setting + GeneratedPdf models, Alembic migration with default settings seed
- PDF generation service (WeasyPrint + Jinja2 with autoescape)
- Health report HTML template with memory entries + document excerpts
- Admin user management: list, create, update (role/max_chats/is_active)
- Admin settings: self_registration_enabled, default_max_chats
- Self-registration check wired into auth register endpoint
- default_max_chats applied to new user registrations
- AI tool: generate_pdf creates health compilation PDFs
- PDF compile/list/download API endpoints
- WeasyPrint system deps added to Dockerfile

Frontend:
- PDF reports page with generate + download
- Admin users page with create/edit/activate/deactivate
- Admin settings page with self-registration toggle + max chats
- Extended sidebar with PDF reports + admin users/settings links
- English + Russian translations for all new UI

Review fixes applied:
- Jinja2 autoescape enabled (XSS prevention in PDFs)
- db.refresh after flush (created_at populated correctly)
- storage_path removed from API response (no internal path leak)
- Role field uses Literal["user", "admin"] validation
- React hooks called before conditional returns (rules of hooks)
- default_max_chats setting now applied during registration

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

backend/app/api/v1/admin.py

@@ -1,7 +1,7 @@
 import uuid
 from typing import Annotated
 
-from fastapi import APIRouter, Depends, status
+from fastapi import APIRouter, Depends, Query, status
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from app.api.deps import require_admin
@@ -14,7 +14,14 @@ from app.schemas.skill import (
     SkillResponse,
     UpdateSkillRequest,
 )
-from app.services import context_service, skill_service
+from app.schemas.admin import (
+    AdminUserCreateRequest,
+    AdminUserListResponse,
+    AdminUserResponse,
+    AdminUserUpdateRequest,
+)
+from app.schemas.setting import SettingResponse, SettingsListResponse, UpdateSettingRequest
+from app.services import context_service, skill_service, setting_service, admin_user_service
 
 router = APIRouter(prefix="/admin", tags=["admin"])
 
@@ -81,3 +88,65 @@ async def delete_general_skill(
     db: Annotated[AsyncSession, Depends(get_db)],
 ):
     await skill_service.delete_general_skill(db, skill_id)
+
+
+# --- Users ---
+
+@router.get("/users", response_model=AdminUserListResponse)
+async def list_users(
+    _admin: Annotated[User, Depends(require_admin)],
+    db: Annotated[AsyncSession, Depends(get_db)],
+    limit: int = Query(default=50, le=200),
+    offset: int = Query(default=0),
+):
+    users, total = await admin_user_service.list_users(db, limit, offset)
+    return AdminUserListResponse(
+        users=[AdminUserResponse.model_validate(u) for u in users],
+        total=total,
+    )
+
+
+@router.post("/users", response_model=AdminUserResponse, status_code=status.HTTP_201_CREATED)
+async def create_user(
+    data: AdminUserCreateRequest,
+    _admin: Annotated[User, Depends(require_admin)],
+    db: Annotated[AsyncSession, Depends(get_db)],
+):
+    user = await admin_user_service.create_user(
+        db, data.email, data.username, data.password,
+        data.full_name, data.role, data.max_chats,
+    )
+    return AdminUserResponse.model_validate(user)
+
+
+@router.patch("/users/{user_id}", response_model=AdminUserResponse)
+async def update_user(
+    user_id: uuid.UUID,
+    data: AdminUserUpdateRequest,
+    _admin: Annotated[User, Depends(require_admin)],
+    db: Annotated[AsyncSession, Depends(get_db)],
+):
+    user = await admin_user_service.update_user(db, user_id, **data.model_dump(exclude_unset=True))
+    return AdminUserResponse.model_validate(user)
+
+
+# --- Settings ---
+
+@router.get("/settings", response_model=SettingsListResponse)
+async def get_settings(
+    _admin: Annotated[User, Depends(require_admin)],
+    db: Annotated[AsyncSession, Depends(get_db)],
+):
+    settings = await setting_service.get_all_settings(db)
+    return SettingsListResponse(settings=[SettingResponse.model_validate(s) for s in settings])
+
+
+@router.patch("/settings/{key}", response_model=SettingResponse)
+async def update_setting(
+    key: str,
+    data: UpdateSettingRequest,
+    admin: Annotated[User, Depends(require_admin)],
+    db: Annotated[AsyncSession, Depends(get_db)],
+):
+    setting = await setting_service.upsert_setting(db, key, data.value, admin.id)
+    return SettingResponse.model_validate(setting)