feat(users): fill gaps in User Management module [VAN-13]

[fr4nc1stein]

Summary

Closes #18

Implements the missing capabilities in the /admin/users module tracked in VAN-13.

Changes

New API routes

• POST /api/admin/users/[id]/suspend — suspend/unsuspend a user via Clerk ban/unban, with self-suspend and admin-suspend guards
• GET /api/admin/users/[id]/activity — paginated audit log of actions taken by a triager

Modified API routes

• GET /api/admin/users — exposes banned field
• PATCH /api/admin/users — writes role_changed audit log after every role update
• GET /api/admin/users/[id] — exposes banned field
• GET /api/admin/reports — adds ?clerk_user_id= filter for researcher submission history

Audit

• lib/audit.ts — added role_changed, user_suspended, user_unsuspended action types (all internal)

Validation

• lib/validation.ts — added clerkUserId to PaginationSchema

UI (/admin/users)

• 🚫 Suspended badge on banned user rows
• Reports → link for researchers — links to triage filtered by that user
• Activity button for triagers — opens modal with paginated action history
• Suspend / Unsuspend button for non-admin users, with confirm dialog

What is deferred

• User deletion UI — intentionally excluded, under review. Noted in the Linear issue.

Notes

• No schema migrations required — existing audit_logs table is reused with entityType/entityId fields for user-level actions
• Reports are not deleted when a user is suspended — only Clerk session is banned

🤖 Generated with Claude Code