feat: add network management page and inline accordion device details

src/lib/api.ts

@@ -177,6 +177,40 @@ export interface AdminLinkedAccount {
   linked_at: string | null;
 }
 
+export interface AdminUserSshCertificate {
+  id: string;
+  ca_id: string;
+  user_id: string;
+  ssh_key_id: string | null;
+  serial: string;
+  key_id: string;
+  cert_type: 'user' | 'host';
+  principals: string[];
+  valid_after: string;
+  valid_before: string;
+  revoked: boolean;
+  revoked_at: string | null;
+  revoke_reason: string | null;
+  status: 'issued' | 'revoked' | 'expired' | 'superseded';
+  request_ip: string | null;
+  request_user_agent: string | null;
+  critical_options: Record<string, string>;
+  extensions: Record<string, string>;
+  created_at: string;
+  updated_at: string;
+  is_valid: boolean;
+  days_until_expiry: number;
+  ssh_key: {
+    id: string;
+    fingerprint: string;
+    key_type: string;
+    key_bits: number;
+    key_comment: string | null;
+    description: string | null;
+    verified: boolean;
+  } | null;
+}
+
 // External Auth Types
 export type ExternalProviderId = 'google' | 'github' | 'microsoft';
 
@@ -698,6 +732,27 @@ export const api = {
         method: 'PUT',
         body: JSON.stringify(policy),
       }, true, requestConfig),
+
+    // Get SSH certificates issued to a user (admin view)
+    getUserSshCertificates: (userId: string, params?: {
+      status?: string;
+      active?: string;
+      cert_type?: string;
+      page?: number;
+      per_page?: number;
+    }, requestConfig?: RequestConfig) => {
+      const qs = params ? '?' + new URLSearchParams(
+        Object.entries(params).filter(([, v]) => v !== undefined).map(([k, v]) => [k, String(v)])
+      ).toString() : '';
+      return request<{
+        user: { id: string; email: string; full_name: string };
+        certificates: AdminUserSshCertificate[];
+        count: number;
+        page: number;
+        per_page: number;
+        pages: number;
+      }>(`/admin/users/${userId}/ssh-certificates${qs}`, {}, true, requestConfig);
+    },
   },
 
   totp: {
@@ -1568,6 +1623,19 @@ export const api = {
         true, requestConfig,
       ),
 
+    // ── Org Members (for Add New Membership dialog) ────────────────────
+    getOrgMembers: (orgId: string, requestConfig?: RequestConfig) =>
+      request<{ members: OrgMember[]; count: number }>(
+        `/organizations/${orgId}/members`,
+        {}, true, requestConfig,
+      ),
+
+    getUserDevices: (orgId: string, userId: string, requestConfig?: RequestConfig) =>
+      request<{ devices: Device[]; count: number }>(
+        `/organizations/${orgId}/users/${userId}/devices`,
+        {}, true, requestConfig,
+      ),
+
     // ── Sessions ──────────────────────────────────────────────────────────────
     listSessions: (orgId: string, requestConfig?: RequestConfig) =>
       request<{ sessions: ActivationSession[]; count: number }>(
@@ -1964,6 +2032,32 @@ export interface AvailableZtNetwork {
   portal_network_name: string | null;
 }
 
+export interface OrgMember {
+  id: string;
+  user_id: string;
+  organization_id: string;
+  role: string;
+  created_at: string;
+  updated_at: string;
+  deleted_at: string | null;
+  invited_at: string | null;
+  invited_by_id: string | null;
+  joined_at: string | null;
+  user: {
+    id: string;
+    email: string;
+    full_name: string | null;
+    status: string;
+    avatar_url: string | null;
+    activated: boolean;
+    email_verified: boolean;
+    created_at: string;
+    updated_at: string;
+    last_login_at: string | null;
+    last_login_ip: string | null;
+  } | null;
+}
+
 export interface Device {
   id: string;
   user_id: string;