feat(mvp): phase 6 - admin panel

Add admin layout with auth guard, user management (CRUD + group membership),
group management, system settings (auth mode, registration, theme, healthcheck),
permission editor component, and global search API endpoint.

plans/mvp-web-app-launcher/phase-6-admin-panel.md

@@ -1,6 +1,6 @@
 # Phase 6: Admin Panel
 
-**Status:** ⬜ Not Started
+**Status:** ✅ Complete
 **Parent plan:** [PLAN.md](./PLAN.md)
 **Domain:** fullstack
 
@@ -9,24 +9,24 @@ Build the admin panel with user management, group management, app management, bo
 
 ## Tasks
 
-- [ ] Task 1: Create `src/routes/admin/+layout.server.ts` — admin auth guard (role check)
-- [ ] Task 2: Create `src/routes/admin/+layout.svelte` — admin layout with nav
-- [ ] Task 3: Create `src/routes/api/users/+server.ts` — GET (list), POST (create user)
-- [ ] Task 4: Create `src/routes/api/users/[id]/+server.ts` — GET, PATCH, DELETE
-- [ ] Task 5: Create `src/routes/api/groups/+server.ts` — GET (list), POST (create group)
-- [ ] Task 6: Create `src/routes/api/groups/[id]/+server.ts` — GET, PATCH, DELETE
-- [ ] Task 7: Create `src/routes/api/admin/settings/+server.ts` — GET, PATCH system settings
-- [ ] Task 8: Create `src/routes/admin/users/+page.server.ts` — load users
-- [ ] Task 9: Create `src/routes/admin/users/+page.svelte` — user management page
-- [ ] Task 10: Create `src/routes/admin/groups/+page.server.ts` — load groups
-- [ ] Task 11: Create `src/routes/admin/groups/+page.svelte` — group management page
-- [ ] Task 12: Create `src/routes/admin/settings/+page.server.ts` — load/update settings
-- [ ] Task 13: Create `src/routes/admin/settings/+page.svelte` — system settings page
-- [ ] Task 14: Create `src/lib/components/admin/UserTable.svelte` — user list with actions
-- [ ] Task 15: Create `src/lib/components/admin/GroupTable.svelte` — group list with actions
-- [ ] Task 16: Create `src/lib/components/admin/SettingsForm.svelte` — settings form
-- [ ] Task 17: Create `src/lib/components/admin/PermissionEditor.svelte` — permission assignment UI
-- [ ] Task 18: Create `src/routes/api/search/+server.ts` — global search endpoint (searches apps + boards)
+- [x] Task 1: Create `src/routes/admin/+layout.server.ts` — admin auth guard (role check)
+- [x] Task 2: Create `src/routes/admin/+layout.svelte` — admin layout with nav
+- [x] Task 3: Create `src/routes/api/users/+server.ts` — GET (list), POST (create user)
+- [x] Task 4: Create `src/routes/api/users/[id]/+server.ts` — GET, PATCH, DELETE
+- [x] Task 5: Create `src/routes/api/groups/+server.ts` — GET (list), POST (create group)
+- [x] Task 6: Create `src/routes/api/groups/[id]/+server.ts` — GET, PATCH, DELETE
+- [x] Task 7: Create `src/routes/api/admin/settings/+server.ts` — GET, PATCH system settings
+- [x] Task 8: Create `src/routes/admin/users/+page.server.ts` — load users
+- [x] Task 9: Create `src/routes/admin/users/+page.svelte` — user management page
+- [x] Task 10: Create `src/routes/admin/groups/+page.server.ts` — load groups
+- [x] Task 11: Create `src/routes/admin/groups/+page.svelte` — group management page
+- [x] Task 12: Create `src/routes/admin/settings/+page.server.ts` — load/update settings
+- [x] Task 13: Create `src/routes/admin/settings/+page.svelte` — system settings page
+- [x] Task 14: Create `src/lib/components/admin/UserTable.svelte` — user list with actions
+- [x] Task 15: Create `src/lib/components/admin/GroupTable.svelte` — group list with actions
+- [x] Task 16: Create `src/lib/components/admin/SettingsForm.svelte` — settings form
+- [x] Task 17: Create `src/lib/components/admin/PermissionEditor.svelte` — permission assignment UI
+- [x] Task 18: Create `src/routes/api/search/+server.ts` — global search endpoint (searches apps + boards)
 
 ## Files to Modify/Create
 - `src/routes/admin/+layout.server.ts`
@@ -61,11 +61,26 @@ Build the admin panel with user management, group management, app management, bo
 - ⚠️ Big Bang: functional but minimally styled until Phase 7
 
 ## Review Checklist
-- [ ] All tasks completed
-- [ ] Code follows project conventions
-- [ ] No unintended side effects
+- [x] All tasks completed
+- [x] Code follows project conventions
+- [x] No unintended side effects
 - [ ] Build passes
 - [ ] Tests pass (new + existing)
 
 ## Handoff to Next Phase
-<!-- Filled in by the implementation agent after completing this phase. -->
+
+**What was built:**
+- Admin layout with auth guard (`requireAdmin`) and navigation (Users/Groups/Settings + Back to Dashboard)
+- User management: full CRUD via Superforms, inline role editing, group membership management (add/remove), delete with confirmation
+- Group management: full CRUD via Superforms, inline editing, member count display, default group toggle
+- System settings: auth mode selector (local/oauth/both), registration toggle, OAuth config fields (stored, non-functional), theme defaults (dark/light + hex color), healthcheck defaults (JSON)
+- Permission editor: reusable component with entity type/entity, target type/target, and level selectors, grant/revoke actions, existing permissions table
+- Search API: `GET /api/search?q=term` searches apps (name, description, category) and boards (name, description), filters results by user permissions (admins see all, regular users filtered via `permissionService.checkPermission`)
+- All API routes use the existing response envelope (`success`/`error` from `$lib/server/utils/response.ts`) and Zod validation schemas
+- Admin API routes: `/api/users` (GET/POST), `/api/users/[id]` (GET/PATCH/DELETE), `/api/groups` (GET/POST), `/api/groups/[id]` (GET/PATCH/DELETE), `/api/admin/settings` (GET/PATCH)
+- Self-deletion protection: admin cannot delete their own account
+
+**Available for Phase 7:**
+- All admin components in `src/lib/components/admin/` (UserTable, GroupTable, SettingsForm, PermissionEditor) — ready for UI polish
+- Admin layout nav bar — can be styled with active states, icons
+- PermissionEditor is a reusable client-side component with callback props (`onGrant`/`onRevoke`) — can be integrated into any admin page