feat: M1 admin console — all 10 remaining pages + signal/quality/ops infrastructure

Admin console (issues #63–72):
- Event stream viewer: live-tail ring buffer (500 events) with subject/user filters
- Feature store browser: per-user feature vector history from ml/serving
- Model registry panel: MLflow embed at /admin/models
- Experiment dashboard: LinUCB per-user stats (pulls, reward, θ) + bandit reset
- Recommendation log: per-tip explainability (policy, score, features, latency)
- Reward analytics: daily reaction breakdown + per-policy compare
- Data quality widget: missing-feature rate, stale-token rate, daily completeness
- Ops actions: replay-signal, policy enable/disable; user actions link to Users page
- SQL runner: read-only SELECT runner with saved queries
- Health rollup: fan-out to api/ml/sqlite/event-bus with auto-refresh

Backend:
- tip_scores table: logs features+policy+score+latency at every scoring call (#67)
- saved_queries table: per-admin saved SQL (#71)
- Event bus: 500-event ring buffer + tail() API (#63)
- Admin routes: /events, /tips, /reward-analytics, /data-quality, /health,
  /policies, /replay-signal, /sql, /saved-queries endpoints
- /api/ml/* admin-gated proxy to ml/serving (#64, #66)
- Shadow-policy registry in recommender (#56)

ML serving:
- /reset/{user_id}: clear bandit state + feature history (#66)
- /stats/{user_id}: pulls, cumulative reward, estimated mean, θ (#66)
- /features/{user_id}: last 100 feature vectors logged at scoring time (#64)
- Meta (pulls, rewards) persisted alongside A/b matrices

Web:
- Tip action sheet adds Helpful / Not helpful buttons (#62)
- TipFeedback type extended with helpful/not_helpful actions
- Rewards mapped: helpful=+0.5, not_helpful=−0.5

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

apps/admin/src/lib/api.ts

@@ -0,0 +1,222 @@
+const API = '/api';
+
+async function apiFetch<T>(path: string, init?: RequestInit): Promise<T> {
+  const res = await fetch(`${API}${path}`, {
+    credentials: 'include',
+    ...init,
+    headers: { 'Content-Type': 'application/json', ...init?.headers },
+  });
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: res.statusText }));
+    throw Object.assign(new Error(err.error ?? 'API error'), { status: res.status });
+  }
+  return res.json() as T;
+}
+
+// ── Types ──────────────────────────────────────────────────────────────────
+
+export interface AdminStats {
+  dau: number;
+  wau: number;
+  tipsServedLast7d: number;
+  reactionsLast7d: Record<string, number>;
+  totalUsers: number;
+  activatedUsers: number;
+}
+
+export interface AdminUser {
+  id: string;
+  email: string;
+  name: string | null;
+  image: string | null;
+  role: string;
+  consentGiven: boolean;
+  consentAt: string | null;
+  createdAt: string;
+  deletedAt: string | null;
+}
+
+export interface AdminUserDetail {
+  user: AdminUser;
+  integrations: { provider: string; connectedAt: string }[];
+  tipsServed: number;
+  lastTipAt: string | null;
+  recentFeedback: { id: string; action: string; createdAt: string; tipId: string }[];
+}
+
+export interface AuditAction {
+  id: string;
+  adminId: string;
+  action: string;
+  targetType: string | null;
+  targetId: string | null;
+  detail: string | null;
+  createdAt: string;
+}
+
+export interface StoredEvent {
+  id: number;
+  subject: string;
+  payload: unknown;
+  ts: string;
+}
+
+export interface TipScore {
+  id: string;
+  userId: string;
+  tipId: string;
+  policy: string;
+  mlScore: number | null;
+  featuresJson: string | null;
+  candidateCount: number | null;
+  latencyMs: number | null;
+  servedAt: string;
+}
+
+export interface HealthStatus {
+  ok: boolean;
+  checkedAt: string;
+  services: { name: string; status: string; latencyMs: number }[];
+}
+
+export interface PolicyInfo {
+  name: string;
+  active: boolean;
+}
+
+export interface SavedQuery {
+  id: string;
+  name: string;
+  sql: string;
+  createdAt: string;
+}
+
+export interface BanditStats {
+  user_id: string;
+  pulls: number;
+  reward_count: number;
+  cumulative_reward: number;
+  estimated_mean_reward: number;
+  theta: number[];
+  last_updated: string | null;
+}
+
+export interface FeatureHistory {
+  user_id: string;
+  history: { ts: string; features: Record<string, unknown>; score: number; tip_id: string }[];
+}
+
+// ── Fetchers ───────────────────────────────────────────────────────────────
+
+export function getStats() {
+  return apiFetch<AdminStats>('/admin/stats');
+}
+
+export function getUsers(limit = 50, offset = 0) {
+  return apiFetch<{ users: AdminUser[]; total: number }>(
+    `/admin/users?limit=${limit}&offset=${offset}`,
+  );
+}
+
+export function getUserDetail(id: string) {
+  return apiFetch<AdminUserDetail>(`/admin/users/${id}`);
+}
+
+export function revokeIntegration(userId: string, provider: string) {
+  return apiFetch<{ ok: boolean }>(`/admin/users/${userId}/revoke-integration`, {
+    method: 'POST',
+    body: JSON.stringify({ provider }),
+  });
+}
+
+export function resetBandit(userId: string) {
+  return apiFetch<{ ok: boolean }>(`/admin/users/${userId}/reset-bandit`, {
+    method: 'POST',
+  });
+}
+
+export function getAuditLog(limit = 50, offset = 0) {
+  return apiFetch<{ actions: AuditAction[]; total: number }>(
+    `/admin/audit?limit=${limit}&offset=${offset}`,
+  );
+}
+
+export function getEvents(params: { subject?: string; userId?: string; limit?: number; since?: number } = {}) {
+  const q = new URLSearchParams();
+  if (params.subject) q.set('subject', params.subject);
+  if (params.userId) q.set('userId', params.userId);
+  if (params.limit) q.set('limit', String(params.limit));
+  if (params.since) q.set('since', String(params.since));
+  return apiFetch<{ events: StoredEvent[]; nextSince: number }>(`/admin/events?${q}`);
+}
+
+export function getTips(params: { limit?: number; offset?: number; userId?: string } = {}) {
+  const q = new URLSearchParams();
+  if (params.limit) q.set('limit', String(params.limit));
+  if (params.offset) q.set('offset', String(params.offset));
+  if (params.userId) q.set('userId', params.userId);
+  return apiFetch<{ tips: TipScore[]; total: number }>(`/admin/tips?${q}`);
+}
+
+export function getRewardAnalytics(days = 30) {
+  return apiFetch<{
+    daily: { date: string; action: string; count: number }[];
+    byPolicy: { policy: string; action: string; count: number }[];
+    byHour: { action: string; count: number; avgHour: number }[];
+  }>(`/admin/reward-analytics?days=${days}`);
+}
+
+export function getDataQuality() {
+  return apiFetch<{
+    scoringCallsLast30d: number;
+    missingFeatureRate: number;
+    staleTokenRate: number;
+    totalTokens: number;
+    staleTokens: number;
+    dailyQuality: { date: string; total: number; withFeatures: number; avgCandidates: number }[];
+  }>('/admin/data-quality');
+}
+
+export function getHealth() {
+  return apiFetch<HealthStatus>('/admin/health');
+}
+
+export function getPolicies() {
+  return apiFetch<{ policies: PolicyInfo[] }>('/admin/policies');
+}
+
+export function togglePolicy(name: string, active: boolean) {
+  return apiFetch<{ ok: boolean }>(`/admin/policies/${name}/toggle`, {
+    method: 'POST',
+    body: JSON.stringify({ active }),
+  });
+}
+
+export function replaySignal(subject: string, payload: Record<string, unknown>) {
+  return apiFetch<{ ok: boolean }>('/admin/replay-signal', {
+    method: 'POST',
+    body: JSON.stringify({ subject, payload }),
+  });
+}
+
+export function runSql(query: string) {
+  return apiFetch<{ rows: unknown[]; rowCount: number }>('/admin/sql', {
+    method: 'POST',
+    body: JSON.stringify({ query }),
+  });
+}
+
+export function getSavedQueries() {
+  return apiFetch<{ queries: SavedQuery[] }>('/admin/saved-queries');
+}
+
+export function saveQuery(name: string, querySql: string) {
+  return apiFetch<{ id: string }>('/admin/saved-queries', {
+    method: 'POST',
+    body: JSON.stringify({ name, querySql }),
+  });
+}
+
+export function deleteSavedQuery(id: string) {
+  return apiFetch<{ ok: boolean }>(`/admin/saved-queries/${id}`, { method: 'DELETE' });
+}