From 79ddcd23f590fde70908147b58b9a71cdb1a1f1e Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 00:13:49 +0000
Subject: [PATCH 01/47] =?UTF-8?q?feat(admin):=20Sprint=205=20=E2=80=94=20A?=
 =?UTF-8?q?udit=20log=20+=20Settings=20(gouvernance)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../migration.sql                             |  22 +++
 prisma/schema.prisma                          |  22 +++
 src/app/admin/audit/page.tsx                  | 134 ++++++++++++++
 src/app/admin/bookings/actions.ts             |   5 +-
 src/app/admin/carbets/actions.ts              |  23 +--
 src/app/admin/organizations/actions.ts        |   5 +-
 src/app/admin/pirogue-providers/actions.ts    |   5 +-
 src/app/admin/reviews/actions.ts              |   5 +-
 .../settings/_components/SettingsForms.tsx    | 171 ++++++++++++++++++
 src/app/admin/settings/actions.ts             |  89 +++++++++
 src/app/admin/settings/page.tsx               | 100 ++++++++++
 src/app/admin/users/actions.ts                |   5 +-
 src/lib/admin/audit.ts                        |  91 ++++++++++
 src/lib/admin/settings.ts                     | 120 ++++++++++++
 14 files changed, 773 insertions(+), 24 deletions(-)
 create mode 100644 prisma/migrations/20260601000000_audit_and_settings/migration.sql
 create mode 100644 src/app/admin/audit/page.tsx
 create mode 100644 src/app/admin/settings/_components/SettingsForms.tsx
 create mode 100644 src/app/admin/settings/actions.ts
 create mode 100644 src/app/admin/settings/page.tsx
 create mode 100644 src/lib/admin/audit.ts
 create mode 100644 src/lib/admin/settings.ts

diff --git a/prisma/migrations/20260601000000_audit_and_settings/migration.sql b/prisma/migrations/20260601000000_audit_and_settings/migration.sql
new file mode 100644
index 0000000..15779de
--- /dev/null
+++ b/prisma/migrations/20260601000000_audit_and_settings/migration.sql
@@ -0,0 +1,22 @@
+CREATE TABLE "AuditLog" (
+  "id" TEXT NOT NULL,
+  "scope" TEXT NOT NULL,
+  "event" TEXT NOT NULL,
+  "target" TEXT,
+  "actorEmail" TEXT,
+  "details" JSONB NOT NULL DEFAULT '{}',
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "AuditLog_pkey" PRIMARY KEY ("id")
+);
+CREATE INDEX "AuditLog_scope_idx" ON "AuditLog"("scope");
+CREATE INDEX "AuditLog_event_idx" ON "AuditLog"("event");
+CREATE INDEX "AuditLog_actorEmail_idx" ON "AuditLog"("actorEmail");
+CREATE INDEX "AuditLog_createdAt_idx" ON "AuditLog"("createdAt");
+
+CREATE TABLE "Setting" (
+  "key" TEXT NOT NULL,
+  "value" JSONB NOT NULL DEFAULT '{}',
+  "updatedAt" TIMESTAMP(3) NOT NULL,
+  "updatedBy" TEXT,
+  CONSTRAINT "Setting_pkey" PRIMARY KEY ("key")
+);
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 63a3b1c..d0cc722 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -326,3 +326,25 @@ model ContentPage {
   @@index([category])
   @@index([published])
 }
+
+model AuditLog {
+  id          String   @id @default(cuid())
+  scope       String
+  event       String
+  target      String?
+  actorEmail  String?
+  details     Json     @default("{}")
+  createdAt   DateTime @default(now())
+
+  @@index([scope])
+  @@index([event])
+  @@index([actorEmail])
+  @@index([createdAt])
+}
+
+model Setting {
+  key       String   @id
+  value     Json     @default("{}")
+  updatedAt DateTime @updatedAt
+  updatedBy String?
+}
diff --git a/src/app/admin/audit/page.tsx b/src/app/admin/audit/page.tsx
new file mode 100644
index 0000000..52cc4fd
--- /dev/null
+++ b/src/app/admin/audit/page.tsx
@@ -0,0 +1,134 @@
+import Link from "next/link";
+import { listAuditAdmin, listAuditScopes } from "@/lib/admin/audit";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = {
+  searchParams: Promise<{
+    q?: string;
+    scope?: string;
+    actor?: string;
+    from?: string;
+    to?: string;
+  }>;
+};
+
+function parseDate(v?: string): Date | undefined {
+  if (!v) return undefined;
+  const d = new Date(v);
+  return isNaN(d.getTime()) ? undefined : d;
+}
+
+export default async function AuditAdminPage({ searchParams }: PageProps) {
+  const sp = await searchParams;
+  const filters = {
+    q: sp.q?.trim() || undefined,
+    scope: sp.scope?.trim() || undefined,
+    actor: sp.actor?.trim() || undefined,
+    from: parseDate(sp.from),
+    to: parseDate(sp.to),
+  };
+  const [rows, scopes] = await Promise.all([listAuditAdmin(filters), listAuditScopes()]);
+  const dateTimeFmt = new Intl.DateTimeFormat("fr-FR", {
+    day: "2-digit", month: "short", year: "2-digit", hour: "2-digit", minute: "2-digit",
+  });
+
+  return (
+    <div className="mx-auto max-w-7xl">
+      <header className="mb-5 mt-2 flex items-end justify-between gap-3">
+        <div>
+          <h1 className="text-2xl font-semibold text-zinc-900">Audit log</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            {rows.length} entrée{rows.length > 1 ? "s" : ""}
+            {rows.length === 300 ? " (limite atteinte — affinez les filtres)" : ""}
+          </p>
+        </div>
+      </header>
+
+      <form className="mb-4 flex flex-wrap items-center gap-2 rounded-lg border border-zinc-200 bg-white p-3" method="get">
+        <input
+          type="text"
+          name="q"
+          defaultValue={filters.q ?? ""}
+          placeholder="Recherche événement, cible, acteur…"
+          className="flex-1 min-w-[200px] rounded-md border border-zinc-300 px-3 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        />
+        <select
+          name="scope"
+          defaultValue={filters.scope ?? ""}
+          className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        >
+          <option value="">Tous scopes</option>
+          {scopes.map((s) => (
+            <option key={s} value={s}>{s}</option>
+          ))}
+        </select>
+        <input
+          type="text"
+          name="actor"
+          defaultValue={filters.actor ?? ""}
+          placeholder="Acteur (email)"
+          className="rounded-md border border-zinc-300 px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        />
+        <label className="flex items-center gap-1 text-xs text-zinc-500">
+          Du
+          <input type="date" name="from" defaultValue={sp.from ?? ""} className="rounded-md border border-zinc-300 px-2 py-1 text-sm" />
+        </label>
+        <label className="flex items-center gap-1 text-xs text-zinc-500">
+          au
+          <input type="date" name="to" defaultValue={sp.to ?? ""} className="rounded-md border border-zinc-300 px-2 py-1 text-sm" />
+        </label>
+        <button type="submit" className="rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-zinc-800">
+          Filtrer
+        </button>
+        {(filters.q || filters.scope || filters.actor || filters.from || filters.to) ? (
+          <Link href="/admin/audit" className="text-sm text-zinc-500 hover:text-zinc-900">
+            Réinit.
+          </Link>
+        ) : null}
+      </form>
+
+      <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+        <table className="w-full text-sm">
+          <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+            <tr>
+              <th className="px-3 py-2 text-left font-semibold">Quand</th>
+              <th className="px-3 py-2 text-left font-semibold">Scope</th>
+              <th className="px-3 py-2 text-left font-semibold">Événement</th>
+              <th className="px-3 py-2 text-left font-semibold">Cible</th>
+              <th className="px-3 py-2 text-left font-semibold">Acteur</th>
+              <th className="px-3 py-2 text-left font-semibold">Détails</th>
+            </tr>
+          </thead>
+          <tbody className="divide-y divide-zinc-100">
+            {rows.length === 0 ? (
+              <tr>
+                <td colSpan={6} className="px-3 py-8 text-center text-sm text-zinc-500">
+                  Aucune entrée d&apos;audit ne correspond aux filtres.
+                </td>
+              </tr>
+            ) : null}
+            {rows.map((r) => (
+              <tr key={r.id} className="hover:bg-zinc-50 align-top">
+                <td className="px-3 py-2 text-[11px] font-mono text-zinc-500 whitespace-nowrap">
+                  {dateTimeFmt.format(r.createdAt)}
+                </td>
+                <td className="px-3 py-2 text-xs text-zinc-700 whitespace-nowrap">{r.scope}</td>
+                <td className="px-3 py-2 font-mono text-xs text-zinc-900 whitespace-nowrap">{r.event}</td>
+                <td className="px-3 py-2 font-mono text-[11px] text-zinc-600">
+                  {r.target ? r.target.slice(0, 24) + (r.target.length > 24 ? "…" : "") : "—"}
+                </td>
+                <td className="px-3 py-2 text-xs text-zinc-700">{r.actorEmail ?? "—"}</td>
+                <td className="px-3 py-2 font-mono text-[11px] text-zinc-600">
+                  {r.details && typeof r.details === "object" && Object.keys(r.details as object).length > 0
+                    ? JSON.stringify(r.details)
+                    : "—"}
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      </div>
+    </div>
+  );
+}
diff --git a/src/app/admin/bookings/actions.ts b/src/app/admin/bookings/actions.ts
index 79c4a4a..a8726d4 100644
--- a/src/app/admin/bookings/actions.ts
+++ b/src/app/admin/bookings/actions.ts
@@ -5,9 +5,10 @@ import { auth } from "@/auth";
 import { BookingStatus, PaymentStatus, UserRole } from "@/generated/prisma/enums";
 import { requireRole } from "@/lib/authorization";
 import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
 
-async function audit(event: string, target: string, actor: string | null, details: unknown) {
-  console.log(JSON.stringify({ scope: "admin.bookings", event, target, actor, details, at: new Date().toISOString() }));
+async function audit(event: string, target: string, actor: string | null, details: Record<string, unknown>) {
+  await recordAudit({ scope: "admin.bookings", event, target, actorEmail: actor, details });
 }
 
 const ALLOWED_STATUS = new Set<string>([
diff --git a/src/app/admin/carbets/actions.ts b/src/app/admin/carbets/actions.ts
index eb1d84c..131fd02 100644
--- a/src/app/admin/carbets/actions.ts
+++ b/src/app/admin/carbets/actions.ts
@@ -5,6 +5,7 @@ import { redirect } from "next/navigation";
 import { z } from "zod";
 import { auth } from "@/auth";
 import { requireRole } from "@/lib/authorization";
+import { recordAudit } from "@/lib/admin/audit";
 import { prisma } from "@/lib/prisma";
 import {
   AccessType,
@@ -197,23 +198,17 @@ export async function reorderMediaAction(carbetId: string, mediaId: string, dire
   return { ok: true as const };
 }
 
-/**
- * Audit léger : log dans la console (Sprint 5 ajoutera une table AuditLog).
- * Pour l'instant on a au moins une trace dans les logs du container.
- */
 async function audit(
-  action: string,
+  event: string,
   entityId: string,
   actor: string | null,
   payload: Record<string, unknown>,
 ) {
-  console.log(
-    JSON.stringify({
-      audit: action,
-      actor,
-      entityId,
-      payload,
-      at: new Date().toISOString(),
-    }),
-  );
+  await recordAudit({
+    scope: "admin.carbets",
+    event,
+    target: entityId,
+    actorEmail: actor,
+    details: payload,
+  });
 }
diff --git a/src/app/admin/organizations/actions.ts b/src/app/admin/organizations/actions.ts
index b7e2daf..5f8bcf6 100644
--- a/src/app/admin/organizations/actions.ts
+++ b/src/app/admin/organizations/actions.ts
@@ -7,9 +7,10 @@ import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
 import { requireRole } from "@/lib/authorization";
 import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
 
-async function audit(event: string, target: string, actor: string | null, details: unknown) {
-  console.log(JSON.stringify({ scope: "admin.organizations", event, target, actor, details, at: new Date().toISOString() }));
+async function audit(event: string, target: string, actor: string | null, details: Record<string, unknown>) {
+  await recordAudit({ scope: "admin.organizations", event, target, actorEmail: actor, details });
 }
 
 const slugRe = /^[a-z0-9](?:[a-z0-9-]{0,80}[a-z0-9])?$/;
diff --git a/src/app/admin/pirogue-providers/actions.ts b/src/app/admin/pirogue-providers/actions.ts
index 2b74779..5111fd8 100644
--- a/src/app/admin/pirogue-providers/actions.ts
+++ b/src/app/admin/pirogue-providers/actions.ts
@@ -7,9 +7,10 @@ import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
 import { requireRole } from "@/lib/authorization";
 import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
 
-async function audit(event: string, target: string, actor: string | null, details: unknown) {
-  console.log(JSON.stringify({ scope: "admin.pirogue", event, target, actor, details, at: new Date().toISOString() }));
+async function audit(event: string, target: string, actor: string | null, details: Record<string, unknown>) {
+  await recordAudit({ scope: "admin.pirogue", event, target, actorEmail: actor, details });
 }
 
 const providerSchema = z.object({
diff --git a/src/app/admin/reviews/actions.ts b/src/app/admin/reviews/actions.ts
index 6182104..6cb5eec 100644
--- a/src/app/admin/reviews/actions.ts
+++ b/src/app/admin/reviews/actions.ts
@@ -6,9 +6,10 @@ import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
 import { requireRole } from "@/lib/authorization";
 import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
 
-async function audit(event: string, target: string, actor: string | null, details: unknown) {
-  console.log(JSON.stringify({ scope: "admin.reviews", event, target, actor, details, at: new Date().toISOString() }));
+async function audit(event: string, target: string, actor: string | null, details: Record<string, unknown>) {
+  await recordAudit({ scope: "admin.reviews", event, target, actorEmail: actor, details });
 }
 
 const updateSchema = z.object({
diff --git a/src/app/admin/settings/_components/SettingsForms.tsx b/src/app/admin/settings/_components/SettingsForms.tsx
new file mode 100644
index 0000000..ca13106
--- /dev/null
+++ b/src/app/admin/settings/_components/SettingsForms.tsx
@@ -0,0 +1,171 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { FormField, inputCls, selectCls } from "@/components/admin/FormField";
+import {
+  savePlatformSettingsAction,
+  saveStripeSettingsAction,
+  saveThemeSettingsAction,
+} from "../actions";
+
+type Action = (fd: FormData) => Promise<{ ok: false; error: string } | { ok: true } | undefined>;
+
+function FormWrapper({
+  action,
+  children,
+  submitLabel = "Enregistrer",
+}: {
+  action: Action;
+  children: React.ReactNode;
+  submitLabel?: string;
+}) {
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [success, setSuccess] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    setSuccess(null);
+    startTransition(async () => {
+      const res = await action(fd);
+      if (res && res.ok === false) setError(res.error);
+      else if (res && res.ok === true) setSuccess("Enregistré.");
+    });
+  }
+
+  return (
+    <form action={onSubmit} className="space-y-4">
+      <fieldset disabled={pending} className="space-y-4">
+        {children}
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+        ) : null}
+        {success ? (
+          <div className="rounded border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">{success}</div>
+        ) : null}
+        <div className="flex items-center justify-end">
+          <button
+            type="submit"
+            className="rounded-md bg-zinc-900 px-5 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+          >
+            {pending ? "Enregistrement…" : submitLabel}
+          </button>
+        </div>
+      </fieldset>
+    </form>
+  );
+}
+
+export function PlatformForm({
+  initial,
+}: {
+  initial: { name: string; defaultLang: string; activeLangs: string[]; currency: string; commissionPercent: number };
+}) {
+  return (
+    <FormWrapper action={savePlatformSettingsAction}>
+      <div className="grid grid-cols-1 gap-4 sm:grid-cols-2">
+        <FormField label="Nom de la plateforme" required>
+          <input name="name" defaultValue={initial.name} required maxLength={80} className={inputCls} />
+        </FormField>
+        <FormField label="Devise (ISO 4217)" required hint="EUR, USD, BRL…">
+          <input
+            name="currency"
+            defaultValue={initial.currency}
+            required
+            pattern="^[A-Z]{3}$"
+            maxLength={3}
+            className={inputCls + " uppercase"}
+          />
+        </FormField>
+        <FormField label="Langue par défaut" required hint="Code ISO 639-1 (fr, en, pt…)">
+          <input
+            name="defaultLang"
+            defaultValue={initial.defaultLang}
+            required
+            pattern="^[a-zA-Z]{2}$"
+            maxLength={2}
+            className={inputCls + " lowercase"}
+          />
+        </FormField>
+        <FormField label="Langues actives" required hint="Séparées par virgule (fr, en, pt).">
+          <input
+            name="activeLangs"
+            defaultValue={initial.activeLangs.join(", ")}
+            required
+            className={inputCls + " lowercase"}
+            placeholder="fr, en"
+          />
+        </FormField>
+        <FormField label="Commission plateforme (%)" hint="Affiché dans les CGV. 0 = pas de commission.">
+          <input
+            name="commissionPercent"
+            type="number"
+            min={0}
+            max={100}
+            step="0.01"
+            defaultValue={initial.commissionPercent.toString()}
+            className={inputCls}
+          />
+        </FormField>
+      </div>
+    </FormWrapper>
+  );
+}
+
+export function ThemeForm({ initial }: { initial: { active: string } }) {
+  return (
+    <FormWrapper action={saveThemeSettingsAction}>
+      <FormField label="Thème actif" hint="Détermine la skin du site public.">
+        <select name="active" defaultValue={initial.active} className={selectCls}>
+          <option value="default">default — sobre (admin-like)</option>
+          <option value="theme-aquarelle">theme-aquarelle — carnet naturaliste XIXᵉ</option>
+          <option value="theme-guyane">theme-guyane — palette tropicale</option>
+        </select>
+      </FormField>
+    </FormWrapper>
+  );
+}
+
+export function StripeForm({
+  initial,
+}: {
+  initial: { currency: string; commissionMode: string; perBookingFeePercent: number };
+}) {
+  return (
+    <FormWrapper action={saveStripeSettingsAction}>
+      <div className="grid grid-cols-1 gap-4 sm:grid-cols-2">
+        <FormField label="Devise Stripe" required hint="Doit correspondre à la devise plateforme.">
+          <input
+            name="currency"
+            defaultValue={initial.currency}
+            required
+            pattern="^[A-Z]{3}$"
+            maxLength={3}
+            className={inputCls + " uppercase"}
+          />
+        </FormField>
+        <FormField label="Modèle économique" required>
+          <select name="commissionMode" defaultValue={initial.commissionMode} className={selectCls}>
+            <option value="none">Aucune monétisation (preview)</option>
+            <option value="owner-subscription">Abonnement loueur (revenu plateforme)</option>
+            <option value="per-booking">Commission par réservation</option>
+          </select>
+        </FormField>
+        <FormField
+          label="Commission par réservation (%)"
+          hint="Utilisé uniquement si modèle = par réservation."
+        >
+          <input
+            name="perBookingFeePercent"
+            type="number"
+            min={0}
+            max={100}
+            step="0.01"
+            defaultValue={initial.perBookingFeePercent.toString()}
+            className={inputCls}
+          />
+        </FormField>
+      </div>
+    </FormWrapper>
+  );
+}
diff --git a/src/app/admin/settings/actions.ts b/src/app/admin/settings/actions.ts
new file mode 100644
index 0000000..c112f4a
--- /dev/null
+++ b/src/app/admin/settings/actions.ts
@@ -0,0 +1,89 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+import { z } from "zod";
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { requireRole } from "@/lib/authorization";
+import { recordAudit } from "@/lib/admin/audit";
+import { setSetting } from "@/lib/admin/settings";
+
+const platformSchema = z.object({
+  name: z.string().trim().min(2).max(80),
+  defaultLang: z.string().trim().length(2),
+  activeLangs: z.array(z.string().trim().length(2)).min(1).max(10),
+  currency: z.string().trim().length(3),
+  commissionPercent: z.coerce.number().min(0).max(100),
+});
+
+const themeSchema = z.object({
+  active: z.enum(["default", "theme-aquarelle", "theme-guyane"]),
+});
+
+const stripeSchema = z.object({
+  currency: z.string().trim().length(3),
+  commissionMode: z.enum(["none", "owner-subscription", "per-booking"]),
+  perBookingFeePercent: z.coerce.number().min(0).max(100),
+});
+
+async function actor() {
+  const session = await auth();
+  return session?.user?.email ?? null;
+}
+
+export async function savePlatformSettingsAction(fd: FormData) {
+  await requireRole([UserRole.ADMIN]);
+  const langsRaw = (fd.get("activeLangs") as string | null) ?? "";
+  const activeLangs = langsRaw
+    .split(/[,;\s]+/)
+    .map((s) => s.trim().toLowerCase())
+    .filter((s) => s.length === 2);
+  const parsed = platformSchema.safeParse({
+    name: fd.get("name"),
+    defaultLang: ((fd.get("defaultLang") as string | null) ?? "").toLowerCase(),
+    activeLangs,
+    currency: ((fd.get("currency") as string | null) ?? "").toUpperCase(),
+    commissionPercent: fd.get("commissionPercent"),
+  });
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  if (!parsed.data.activeLangs.includes(parsed.data.defaultLang)) {
+    return { ok: false as const, error: "La langue par défaut doit faire partie des langues actives." };
+  }
+  const who = await actor();
+  await setSetting("platform", parsed.data, who);
+  await recordAudit({ scope: "admin.settings", event: "platform.update", actorEmail: who, details: parsed.data });
+  revalidatePath("/admin/settings");
+  return { ok: true as const };
+}
+
+export async function saveThemeSettingsAction(fd: FormData) {
+  await requireRole([UserRole.ADMIN]);
+  const parsed = themeSchema.safeParse({ active: fd.get("active") });
+  if (!parsed.success) {
+    return { ok: false as const, error: "Thème invalide." };
+  }
+  const who = await actor();
+  await setSetting("theme", parsed.data, who);
+  await recordAudit({ scope: "admin.settings", event: "theme.update", actorEmail: who, details: parsed.data });
+  revalidatePath("/admin/settings");
+  return { ok: true as const };
+}
+
+export async function saveStripeSettingsAction(fd: FormData) {
+  await requireRole([UserRole.ADMIN]);
+  const parsed = stripeSchema.safeParse({
+    currency: ((fd.get("currency") as string | null) ?? "").toUpperCase(),
+    commissionMode: fd.get("commissionMode"),
+    perBookingFeePercent: fd.get("perBookingFeePercent"),
+  });
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  const who = await actor();
+  await setSetting("stripe", parsed.data, who);
+  await recordAudit({ scope: "admin.settings", event: "stripe.update", actorEmail: who, details: parsed.data });
+  revalidatePath("/admin/settings");
+  return { ok: true as const };
+}
diff --git a/src/app/admin/settings/page.tsx b/src/app/admin/settings/page.tsx
new file mode 100644
index 0000000..5c2ad14
--- /dev/null
+++ b/src/app/admin/settings/page.tsx
@@ -0,0 +1,100 @@
+import { getAllSettings, readEnvSnapshot } from "@/lib/admin/settings";
+import { PlatformForm, StripeForm, ThemeForm } from "./_components/SettingsForms";
+
+export const dynamic = "force-dynamic";
+
+function Badge({ ok, labelOk = "Configuré", labelKo = "Non configuré" }: { ok: boolean; labelOk?: string; labelKo?: string }) {
+  return (
+    <span
+      className={
+        "inline-flex items-center gap-1 rounded-full px-2 py-0.5 text-[11px] font-semibold uppercase tracking-wider ring-1 ring-inset " +
+        (ok ? "bg-emerald-100 text-emerald-800 ring-emerald-300" : "bg-amber-100 text-amber-800 ring-amber-300")
+      }
+    >
+      {ok ? labelOk : labelKo}
+    </span>
+  );
+}
+
+function Row({ label, value }: { label: string; value: React.ReactNode }) {
+  return (
+    <div className="flex items-baseline justify-between gap-3 border-b border-zinc-100 py-1.5 last:border-b-0">
+      <dt className="text-[11px] uppercase tracking-wider text-zinc-500">{label}</dt>
+      <dd className="text-sm text-zinc-900">{value}</dd>
+    </div>
+  );
+}
+
+export default async function SettingsAdminPage() {
+  const [settings, env] = await Promise.all([getAllSettings(), Promise.resolve(readEnvSnapshot())]);
+
+  return (
+    <div className="mx-auto max-w-5xl space-y-6">
+      <header className="mt-2">
+        <h1 className="text-2xl font-semibold text-zinc-900">Paramètres</h1>
+        <p className="mt-1 text-sm text-zinc-500">
+          Configuration plateforme persistée en base + snapshot des variables d&apos;environnement (lecture seule).
+        </p>
+      </header>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Plateforme</h2>
+        <PlatformForm initial={settings.platform} />
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Thème site public</h2>
+        <ThemeForm initial={settings.theme} />
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Monétisation Stripe</h2>
+        <StripeForm initial={settings.stripe} />
+        <div className="mt-5 rounded border border-zinc-200 bg-zinc-50 p-3">
+          <h3 className="mb-2 text-[11px] font-semibold uppercase tracking-wider text-zinc-500">
+            Variables d&apos;environnement Stripe (lecture seule)
+          </h3>
+          <dl className="space-y-1.5">
+            <Row label="STRIPE_SECRET_KEY" value={<Badge ok={env.stripe.secretKeyConfigured} />} />
+            <Row label="STRIPE_PUBLISHABLE_KEY" value={<Badge ok={env.stripe.publishableKeyConfigured} />} />
+            <Row label="STRIPE_WEBHOOK_SECRET" value={<Badge ok={env.stripe.webhookSecretConfigured} />} />
+            <Row label="STRIPE_OWNER_SUBSCRIPTION_PRICE_ID" value={<Badge ok={env.stripe.ownerPriceIdConfigured} labelKo="Manquant ou placeholder" />} />
+          </dl>
+          <p className="mt-2 text-[11px] text-zinc-500">
+            Les clés et secrets restent dans les variables d&apos;environnement du container. Modifications via le déploiement.
+          </p>
+        </div>
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Stockage médias (S3 / MinIO)</h2>
+        <dl className="space-y-1.5">
+          <Row label="Endpoint" value={<code className="text-xs">{env.s3.endpoint ?? "—"}</code>} />
+          <Row label="Région" value={<code className="text-xs">{env.s3.region ?? "—"}</code>} />
+          <Row label="Bucket" value={<code className="text-xs">{env.s3.bucket ?? "—"}</code>} />
+          <Row
+            label="URL publique"
+            value={
+              env.s3.publicUrl ? (
+                <a href={env.s3.publicUrl} target="_blank" rel="noreferrer" className="text-xs text-zinc-900 hover:underline">
+                  {env.s3.publicUrl}
+                </a>
+              ) : "—"
+            }
+          />
+          <Row label="Path-style URL" value={<Badge ok={env.s3.pathStyle} labelOk="Activé" labelKo="Désactivé" />} />
+          <Row label="MINIO_ROOT_USER" value={<Badge ok={env.s3.rootUserConfigured} />} />
+        </dl>
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Déploiement</h2>
+        <dl className="space-y-1.5">
+          <Row label="URL publique" value={<code className="text-xs">{env.app.publicUrl ?? "—"}</code>} />
+          <Row label="URL auth" value={<code className="text-xs">{env.app.authUrl ?? "—"}</code>} />
+          <Row label="Version" value={<code className="text-xs">{env.app.deploymentVersion ?? "—"}</code>} />
+        </dl>
+      </section>
+    </div>
+  );
+}
diff --git a/src/app/admin/users/actions.ts b/src/app/admin/users/actions.ts
index a4138e3..f44718b 100644
--- a/src/app/admin/users/actions.ts
+++ b/src/app/admin/users/actions.ts
@@ -5,6 +5,7 @@ import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
 import { requireRole } from "@/lib/authorization";
 import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
 
 const ROLE_VALUES = new Set<string>([
   UserRole.OWNER,
@@ -14,8 +15,8 @@ const ROLE_VALUES = new Set<string>([
   UserRole.ADMIN,
 ]);
 
-async function audit(event: string, target: string, actor: string | null, details: unknown) {
-  console.log(JSON.stringify({ scope: "admin.users", event, target, actor, details, at: new Date().toISOString() }));
+async function audit(event: string, target: string, actor: string | null, details: Record<string, unknown>) {
+  await recordAudit({ scope: "admin.users", event, target, actorEmail: actor, details });
 }
 
 export async function updateUserRoleAction(id: string, role: string) {
diff --git a/src/lib/admin/audit.ts b/src/lib/admin/audit.ts
new file mode 100644
index 0000000..c39f46e
--- /dev/null
+++ b/src/lib/admin/audit.ts
@@ -0,0 +1,91 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { prisma } from "@/lib/prisma";
+
+export type AuditEntry = {
+  scope: string;
+  event: string;
+  target?: string | null;
+  actorEmail?: string | null;
+  details?: Record<string, unknown> | null;
+};
+
+export async function recordAudit(entry: AuditEntry): Promise<void> {
+  const safeDetails = (entry.details ?? {}) as Prisma.InputJsonValue;
+  try {
+    await prisma.auditLog.create({
+      data: {
+        scope: entry.scope,
+        event: entry.event,
+        target: entry.target ?? null,
+        actorEmail: entry.actorEmail ?? null,
+        details: safeDetails,
+      },
+    });
+  } catch (e) {
+    console.error(
+      JSON.stringify({
+        warn: "audit.persist.failed",
+        scope: entry.scope,
+        event: entry.event,
+        target: entry.target ?? null,
+        actorEmail: entry.actorEmail ?? null,
+        details: entry.details ?? {},
+        error: e instanceof Error ? e.message : String(e),
+      }),
+    );
+  }
+}
+
+export type AuditFilters = {
+  q?: string;
+  scope?: string;
+  event?: string;
+  actor?: string;
+  from?: Date;
+  to?: Date;
+};
+
+export type AuditListItem = {
+  id: string;
+  scope: string;
+  event: string;
+  target: string | null;
+  actorEmail: string | null;
+  details: unknown;
+  createdAt: Date;
+};
+
+export async function listAuditAdmin(filters: AuditFilters = {}): Promise<AuditListItem[]> {
+  const where: Prisma.AuditLogWhereInput = {};
+  if (filters.q) {
+    where.OR = [
+      { event: { contains: filters.q, mode: "insensitive" } },
+      { target: { contains: filters.q, mode: "insensitive" } },
+      { actorEmail: { contains: filters.q, mode: "insensitive" } },
+    ];
+  }
+  if (filters.scope) where.scope = filters.scope;
+  if (filters.event) where.event = filters.event;
+  if (filters.actor) where.actorEmail = filters.actor;
+  if (filters.from || filters.to) {
+    where.createdAt = {};
+    if (filters.from) where.createdAt.gte = filters.from;
+    if (filters.to) where.createdAt.lte = filters.to;
+  }
+  return prisma.auditLog.findMany({
+    where,
+    orderBy: { createdAt: "desc" },
+    take: 300,
+  });
+}
+
+export async function listAuditScopes(): Promise<string[]> {
+  const rows = await prisma.auditLog.findMany({
+    distinct: ["scope"],
+    select: { scope: true },
+    orderBy: { scope: "asc" },
+  });
+  return rows.map((r) => r.scope);
+}
diff --git a/src/lib/admin/settings.ts b/src/lib/admin/settings.ts
new file mode 100644
index 0000000..e4339cf
--- /dev/null
+++ b/src/lib/admin/settings.ts
@@ -0,0 +1,120 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { prisma } from "@/lib/prisma";
+
+export type PlatformSettings = {
+  name: string;
+  defaultLang: string;
+  activeLangs: string[];
+  currency: string;
+  commissionPercent: number;
+};
+
+export type ThemeSettings = {
+  active: "default" | "theme-aquarelle" | "theme-guyane";
+};
+
+export type StripeSettings = {
+  currency: string;
+  commissionMode: "none" | "owner-subscription" | "per-booking";
+  perBookingFeePercent: number;
+};
+
+export type AllSettings = {
+  platform: PlatformSettings;
+  theme: ThemeSettings;
+  stripe: StripeSettings;
+};
+
+export const DEFAULTS: AllSettings = {
+  platform: {
+    name: "Karbé",
+    defaultLang: "fr",
+    activeLangs: ["fr"],
+    currency: "EUR",
+    commissionPercent: 0,
+  },
+  theme: {
+    active: "default",
+  },
+  stripe: {
+    currency: "EUR",
+    commissionMode: "owner-subscription",
+    perBookingFeePercent: 0,
+  },
+};
+
+const KEYS = ["platform", "theme", "stripe"] as const;
+type SettingKey = (typeof KEYS)[number];
+
+export async function getAllSettings(): Promise<AllSettings> {
+  const rows = await prisma.setting.findMany({ where: { key: { in: [...KEYS] } } });
+  const map = new Map(rows.map((r) => [r.key as SettingKey, r.value]));
+  return {
+    platform: { ...DEFAULTS.platform, ...((map.get("platform") as Partial<PlatformSettings>) ?? {}) },
+    theme: { ...DEFAULTS.theme, ...((map.get("theme") as Partial<ThemeSettings>) ?? {}) },
+    stripe: { ...DEFAULTS.stripe, ...((map.get("stripe") as Partial<StripeSettings>) ?? {}) },
+  };
+}
+
+export async function setSetting(
+  key: SettingKey,
+  value: Record<string, unknown>,
+  updatedBy: string | null,
+): Promise<void> {
+  await prisma.setting.upsert({
+    where: { key },
+    create: { key, value: value as Prisma.InputJsonValue, updatedBy: updatedBy ?? null },
+    update: { value: value as Prisma.InputJsonValue, updatedBy: updatedBy ?? null },
+  });
+}
+
+export type EnvSnapshot = {
+  stripe: {
+    secretKeyConfigured: boolean;
+    publishableKeyConfigured: boolean;
+    webhookSecretConfigured: boolean;
+    ownerPriceIdConfigured: boolean;
+  };
+  s3: {
+    endpoint: string | null;
+    region: string | null;
+    bucket: string | null;
+    publicUrl: string | null;
+    pathStyle: boolean;
+    rootUserConfigured: boolean;
+  };
+  app: {
+    publicUrl: string | null;
+    deploymentVersion: string | null;
+    authUrl: string | null;
+  };
+};
+
+export function readEnvSnapshot(): EnvSnapshot {
+  const has = (k: string) => Boolean((process.env[k] ?? "").trim());
+  return {
+    stripe: {
+      secretKeyConfigured: has("STRIPE_SECRET_KEY"),
+      publishableKeyConfigured: has("STRIPE_PUBLISHABLE_KEY") || has("NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY"),
+      webhookSecretConfigured: has("STRIPE_WEBHOOK_SECRET"),
+      ownerPriceIdConfigured:
+        has("STRIPE_OWNER_SUBSCRIPTION_PRICE_ID") &&
+        !(process.env.STRIPE_OWNER_SUBSCRIPTION_PRICE_ID ?? "").includes("REPLACE_ME"),
+    },
+    s3: {
+      endpoint: process.env.S3_ENDPOINT ?? null,
+      region: process.env.S3_REGION ?? null,
+      bucket: process.env.S3_BUCKET ?? null,
+      publicUrl: process.env.S3_PUBLIC_URL ?? null,
+      pathStyle: (process.env.S3_FORCE_PATH_STYLE ?? "false") === "true",
+      rootUserConfigured: has("MINIO_ROOT_USER"),
+    },
+    app: {
+      publicUrl: process.env.NEXT_PUBLIC_SITE_URL ?? process.env.APP_URL ?? null,
+      deploymentVersion: process.env.DEPLOYMENT_VERSION ?? null,
+      authUrl: process.env.AUTH_URL ?? process.env.NEXTAUTH_URL ?? null,
+    },
+  };
+}

From 4e6867b3654e2c10457036aa4104b2d8abbfc3a2 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 00:44:39 +0000
Subject: [PATCH 02/47] =?UTF-8?q?feat(admin):=20Sprint=206=20=E2=80=94=20/?=
 =?UTF-8?q?admin/media=20gallery=20+=20theme=20write-through?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/admin/media/page.tsx      | 137 ++++++++++++++++++++++++++++++
 src/app/admin/settings/actions.ts |  11 +++
 src/lib/admin/media.ts            |  60 +++++++++++++
 3 files changed, 208 insertions(+)
 create mode 100644 src/app/admin/media/page.tsx
 create mode 100644 src/lib/admin/media.ts

diff --git a/src/app/admin/media/page.tsx b/src/app/admin/media/page.tsx
new file mode 100644
index 0000000..36dc856
--- /dev/null
+++ b/src/app/admin/media/page.tsx
@@ -0,0 +1,137 @@
+import Link from "next/link";
+import { MediaType } from "@/generated/prisma/enums";
+import { getMediaStats, listMediaAdmin } from "@/lib/admin/media";
+import { StatusBadge } from "@/components/admin/StatusBadge";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = {
+  searchParams: Promise<{ q?: string; type?: string; carbetId?: string }>;
+};
+
+const TYPE_VALUES = new Set<string>([MediaType.PHOTO, MediaType.VIDEO]);
+
+export default async function MediaAdminPage({ searchParams }: PageProps) {
+  const sp = await searchParams;
+  const filters = {
+    q: sp.q?.trim() || undefined,
+    type: TYPE_VALUES.has(sp.type ?? "") ? (sp.type as MediaType) : undefined,
+    carbetId: sp.carbetId || undefined,
+  };
+  const [items, stats] = await Promise.all([listMediaAdmin(filters), getMediaStats()]);
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "short", year: "2-digit" });
+
+  return (
+    <div className="mx-auto max-w-7xl">
+      <header className="mb-5 mt-2">
+        <h1 className="text-2xl font-semibold text-zinc-900">Médias</h1>
+        <p className="mt-1 text-sm text-zinc-500">
+          {items.length} affiché{items.length > 1 ? "s" : ""}
+          {items.length === 200 ? " (limite atteinte — affinez les filtres)" : ""}
+        </p>
+      </header>
+
+      <section className="mb-4 grid grid-cols-2 gap-3 sm:grid-cols-5">
+        <Stat label="Total fichiers" value={stats.total} />
+        <Stat label="Photos" value={stats.photo} />
+        <Stat label="Vidéos" value={stats.video} />
+        <Stat label="Carbets avec média" value={stats.carbetsWithMedia} />
+        <Stat label="Carbets sans média" value={stats.carbetsWithoutMedia} tone="warn" />
+      </section>
+
+      <form className="mb-4 flex flex-wrap items-center gap-2 rounded-lg border border-zinc-200 bg-white p-3" method="get">
+        <input
+          type="text"
+          name="q"
+          defaultValue={filters.q ?? ""}
+          placeholder="Recherche s3Key, carbet, slug…"
+          className="flex-1 min-w-[220px] rounded-md border border-zinc-300 px-3 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        />
+        <select
+          name="type"
+          defaultValue={filters.type ?? ""}
+          className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        >
+          <option value="">Photos + vidéos</option>
+          <option value={MediaType.PHOTO}>Photos</option>
+          <option value={MediaType.VIDEO}>Vidéos</option>
+        </select>
+        <button type="submit" className="rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-zinc-800">
+          Filtrer
+        </button>
+        {(filters.q || filters.type || filters.carbetId) ? (
+          <Link href="/admin/media" className="text-sm text-zinc-500 hover:text-zinc-900">
+            Réinit.
+          </Link>
+        ) : null}
+      </form>
+
+      {items.length === 0 ? (
+        <div className="rounded-lg border border-zinc-200 bg-white px-4 py-8 text-center text-sm text-zinc-500">
+          Aucun média ne correspond aux filtres.
+        </div>
+      ) : (
+        <div className="grid grid-cols-2 gap-3 sm:grid-cols-3 lg:grid-cols-4 xl:grid-cols-5">
+          {items.map((m) => (
+            <Link
+              key={m.id}
+              href={`/admin/carbets/${m.carbet.id}`}
+              className="group flex flex-col overflow-hidden rounded-lg border border-zinc-200 bg-white shadow-sm transition hover:shadow-md"
+            >
+              <div className="relative aspect-video bg-zinc-100">
+                {m.type === MediaType.PHOTO ? (
+                  // eslint-disable-next-line @next/next/no-img-element
+                  <img
+                    src={m.s3Url}
+                    alt={m.s3Key}
+                    loading="lazy"
+                    className="h-full w-full object-cover transition group-hover:scale-105"
+                  />
+                ) : (
+                  <div className="flex h-full w-full items-center justify-center text-3xl text-zinc-400">▶</div>
+                )}
+                <span className="absolute right-1 top-1 rounded bg-black/60 px-1.5 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-white">
+                  {m.type}
+                </span>
+              </div>
+              <div className="flex flex-col gap-1 p-2 text-xs">
+                <div className="flex items-center justify-between gap-2">
+                  <span className="truncate font-semibold text-zinc-900">{m.carbet.title}</span>
+                  <StatusBadge status={m.carbet.status} />
+                </div>
+                <div className="flex items-center justify-between gap-2 text-[10px] text-zinc-500">
+                  <code className="truncate">{m.s3Key}</code>
+                  <span className="whitespace-nowrap">{dateFmt.format(m.createdAt)}</span>
+                </div>
+              </div>
+            </Link>
+          ))}
+        </div>
+      )}
+    </div>
+  );
+}
+
+function Stat({
+  label,
+  value,
+  tone = "neutral",
+}: {
+  label: string;
+  value: number;
+  tone?: "neutral" | "warn";
+}) {
+  return (
+    <div
+      className={
+        "rounded-lg border bg-white p-3 shadow-sm " +
+        (tone === "warn" && value > 0 ? "border-amber-300" : "border-zinc-200")
+      }
+    >
+      <div className="text-[11px] uppercase tracking-wider text-zinc-500">{label}</div>
+      <div className={"mt-1 text-2xl font-semibold " + (tone === "warn" && value > 0 ? "text-amber-700" : "text-zinc-900")}>
+        {value}
+      </div>
+    </div>
+  );
+}
diff --git a/src/app/admin/settings/actions.ts b/src/app/admin/settings/actions.ts
index c112f4a..7da4291 100644
--- a/src/app/admin/settings/actions.ts
+++ b/src/app/admin/settings/actions.ts
@@ -7,6 +7,7 @@ import { UserRole } from "@/generated/prisma/enums";
 import { requireRole } from "@/lib/authorization";
 import { recordAudit } from "@/lib/admin/audit";
 import { setSetting } from "@/lib/admin/settings";
+import { togglePlugin } from "@/lib/plugins/server";
 
 const platformSchema = z.object({
   name: z.string().trim().min(2).max(80),
@@ -66,8 +67,18 @@ export async function saveThemeSettingsAction(fd: FormData) {
   }
   const who = await actor();
   await setSetting("theme", parsed.data, who);
+
+  // Le rendu du site public est piloté par l'état des plugins thème.
+  // On synchronise : un seul plugin actif (ou aucun pour "default").
+  const wantAquarelle = parsed.data.active === "theme-aquarelle";
+  const wantGuyane = parsed.data.active === "theme-guyane";
+  await togglePlugin("theme-aquarelle", wantAquarelle);
+  await togglePlugin("theme-guyane", wantGuyane);
+
   await recordAudit({ scope: "admin.settings", event: "theme.update", actorEmail: who, details: parsed.data });
   revalidatePath("/admin/settings");
+  revalidatePath("/admin/plugins");
+  revalidatePath("/");
   return { ok: true as const };
 }
 
diff --git a/src/lib/admin/media.ts b/src/lib/admin/media.ts
new file mode 100644
index 0000000..f96654e
--- /dev/null
+++ b/src/lib/admin/media.ts
@@ -0,0 +1,60 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { MediaType } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export type AdminMediaFilters = {
+  q?: string;
+  type?: MediaType;
+  carbetId?: string;
+};
+
+export type AdminMediaListItem = {
+  id: string;
+  type: MediaType;
+  s3Key: string;
+  s3Url: string;
+  sortOrder: number;
+  createdAt: Date;
+  carbet: { id: string; title: string; slug: string; status: string };
+};
+
+export async function listMediaAdmin(filters: AdminMediaFilters = {}): Promise<AdminMediaListItem[]> {
+  const where: Prisma.MediaWhereInput = {};
+  if (filters.q) {
+    where.OR = [
+      { s3Key: { contains: filters.q, mode: "insensitive" } },
+      { carbet: { title: { contains: filters.q, mode: "insensitive" } } },
+      { carbet: { slug: { contains: filters.q, mode: "insensitive" } } },
+    ];
+  }
+  if (filters.type) where.type = filters.type;
+  if (filters.carbetId) where.carbetId = filters.carbetId;
+
+  return prisma.media.findMany({
+    where,
+    orderBy: [{ createdAt: "desc" }],
+    take: 200,
+    select: {
+      id: true,
+      type: true,
+      s3Key: true,
+      s3Url: true,
+      sortOrder: true,
+      createdAt: true,
+      carbet: { select: { id: true, title: true, slug: true, status: true } },
+    },
+  });
+}
+
+export async function getMediaStats() {
+  const [total, photo, video, carbetsWithMedia, carbetsWithoutMedia] = await Promise.all([
+    prisma.media.count(),
+    prisma.media.count({ where: { type: MediaType.PHOTO } }),
+    prisma.media.count({ where: { type: MediaType.VIDEO } }),
+    prisma.carbet.count({ where: { media: { some: {} } } }),
+    prisma.carbet.count({ where: { media: { none: {} } } }),
+  ]);
+  return { total, photo, video, carbetsWithMedia, carbetsWithoutMedia };
+}

From a5ae692cf46ba7e0304c1086c34381f4e54b56c3 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 00:49:31 +0000
Subject: [PATCH 03/47] =?UTF-8?q?fix(admin):=20content-pages=20=C3=A9ditai?=
 =?UTF-8?q?t=20FR=20quel=20que=20soit=20le=20lien=20cliqu=C3=A9=20?=
 =?UTF-8?q?=E2=80=94=20support=20multilang=20complet?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../[slug]/_components/EditorForm.tsx         |  14 +-
 src/app/admin/content-pages/[slug]/page.tsx   |  90 +++++++---
 src/app/admin/content-pages/page.tsx          | 160 ++++++++++++++----
 3 files changed, 204 insertions(+), 60 deletions(-)

diff --git a/src/app/admin/content-pages/[slug]/_components/EditorForm.tsx b/src/app/admin/content-pages/[slug]/_components/EditorForm.tsx
index 64e3818..0f2d54a 100644
--- a/src/app/admin/content-pages/[slug]/_components/EditorForm.tsx
+++ b/src/app/admin/content-pages/[slug]/_components/EditorForm.tsx
@@ -5,6 +5,7 @@ import { useRouter } from "next/navigation";
 
 type Page = {
   slug: string;
+  lang: string;
   title: string;
   body: string;
   category: string;
@@ -25,11 +26,14 @@ export default function EditorForm({ page }: { page: Page }) {
     setMsg(null);
     setErr(null);
     try {
-      const res = await fetch(`/api/admin/content-pages/${encodeURIComponent(page.slug)}`, {
-        method: "PATCH",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ title, body, published }),
-      });
+      const res = await fetch(
+        `/api/admin/content-pages/${encodeURIComponent(page.slug)}?lang=${encodeURIComponent(page.lang)}`,
+        {
+          method: "PATCH",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ title, body, published }),
+        },
+      );
       if (!res.ok) {
         const j = await res.json().catch(() => ({}));
         throw new Error(j?.error || `HTTP ${res.status}`);
diff --git a/src/app/admin/content-pages/[slug]/page.tsx b/src/app/admin/content-pages/[slug]/page.tsx
index d9e6b25..db82c4b 100644
--- a/src/app/admin/content-pages/[slug]/page.tsx
+++ b/src/app/admin/content-pages/[slug]/page.tsx
@@ -2,46 +2,90 @@ import { notFound } from "next/navigation";
 import Link from "next/link";
 import { requireRole } from "@/lib/authorization";
 import { UserRole } from "@/generated/prisma/enums";
-import { getContentPage } from "@/lib/content-pages";
 import { prisma } from "@/lib/prisma";
 import EditorForm from "./_components/EditorForm";
 
 export const dynamic = "force-dynamic";
 
-type PageProps = { params: Promise<{ slug: string }> };
+type PageProps = {
+  params: Promise<{ slug: string }>;
+  searchParams: Promise<{ lang?: string }>;
+};
 
-export default async function EditContentPage({ params }: PageProps) {
+function normalizeLang(v: string | undefined): string {
+  if (!v) return "fr";
+  const l = v.toLowerCase().trim();
+  return /^[a-z]{2}$/.test(l) ? l : "fr";
+}
+
+export default async function EditContentPage({ params, searchParams }: PageProps) {
   await requireRole([UserRole.ADMIN]);
   const { slug } = await params;
-  // Pas getContentPage : il filtre published=true. Ici on veut tout voir.
-  // Admin édite la version FR par défaut. (Édition EN = future feature.)
-  const row = await prisma.contentPage.findUnique({
-    where: { slug_lang: { slug, lang: "fr" } },
-  });
+  const sp = await searchParams;
+  const lang = normalizeLang(sp.lang);
+
+  const [row, siblings] = await Promise.all([
+    prisma.contentPage.findUnique({ where: { slug_lang: { slug, lang } } }),
+    prisma.contentPage.findMany({
+      where: { slug },
+      select: { lang: true, title: true, published: true, updatedAt: true },
+      orderBy: { lang: "asc" },
+    }),
+  ]);
   if (!row) notFound();
-  // Re-construction du type minimal attendu par le formulaire.
+
   const page = {
     slug: row.slug,
+    lang: row.lang,
     title: row.title,
     body: row.body,
     category: row.category,
     published: row.published,
-    updatedAt: row.updatedAt,
   };
-  // Mute eslint sur le _ = getContentPage (gardé importé pour la cohérence future).
-  void getContentPage;
+
   return (
-    <div className="mx-auto max-w-4xl px-4 py-8 sm:px-6 lg:px-8">
-      <Link
-        href="/admin/content-pages"
-        className="text-sm text-gray-600 hover:text-gray-900"
-      >
-        ← Toutes les pages
-      </Link>
-      <h1 className="mt-3 text-2xl font-semibold">Éditer · {page.title}</h1>
-      <p className="mt-1 text-sm text-gray-600">
-        URL publique : <code>/{page.slug}</code>
-      </p>
+    <div className="mx-auto max-w-4xl">
+      <header className="mt-2">
+        <Link href="/admin/content-pages" className="text-xs text-zinc-500 hover:text-zinc-900">
+          ← Toutes les pages
+        </Link>
+        <h1 className="mt-1 flex flex-wrap items-center gap-3 text-2xl font-semibold text-zinc-900">
+          {page.title}
+          <span className="rounded-full bg-zinc-900 px-2 py-0.5 text-[11px] font-semibold uppercase tracking-wider text-white">
+            {page.lang}
+          </span>
+        </h1>
+        <p className="mt-1 text-sm text-zinc-500">
+          URL publique : <code>/{page.slug}</code>
+          {page.lang !== "fr" ? ` · variante ${page.lang}` : ""}
+        </p>
+
+        {siblings.length > 1 ? (
+          <nav className="mt-3 flex flex-wrap items-center gap-1.5 text-xs">
+            <span className="text-zinc-500">Versions :</span>
+            {siblings.map((s) => {
+              const active = s.lang === page.lang;
+              return (
+                <Link
+                  key={s.lang}
+                  href={`/admin/content-pages/${encodeURIComponent(slug)}?lang=${s.lang}`}
+                  className={
+                    "rounded-md px-2.5 py-1 font-semibold uppercase tracking-wider transition " +
+                    (active
+                      ? "bg-zinc-900 text-white"
+                      : "border border-zinc-300 bg-white text-zinc-700 hover:bg-zinc-50")
+                  }
+                  title={s.title + (s.published ? "" : " (dépublié)")}
+                >
+                  {s.lang}
+                  {!s.published ? " ·" : ""}
+                </Link>
+              );
+            })}
+          </nav>
+        ) : null}
+      </header>
+
       <div className="mt-6">
         <EditorForm page={page} />
       </div>
diff --git a/src/app/admin/content-pages/page.tsx b/src/app/admin/content-pages/page.tsx
index 263e290..0f9f2ab 100644
--- a/src/app/admin/content-pages/page.tsx
+++ b/src/app/admin/content-pages/page.tsx
@@ -10,50 +10,146 @@ const CATEGORY_LABEL: Record<string, string> = {
   legal: "Légales",
 };
 
+type Translation = {
+  lang: string;
+  title: string;
+  published: boolean;
+  updatedAt: Date;
+};
+
+type GroupedPage = {
+  slug: string;
+  category: string;
+  translations: Translation[];
+};
+
 export default async function ContentPagesAdminPage() {
   await requireRole([UserRole.ADMIN]);
-  const pages = await listContentPages();
+  const rows = await listContentPages();
 
-  const byCategory = pages.reduce<Record<string, typeof pages>>((acc, p) => {
+  // Regrouper par slug — chaque slug peut avoir plusieurs traductions.
+  const bySlug = new Map<string, GroupedPage>();
+  for (const r of rows) {
+    const existing = bySlug.get(r.slug);
+    const t: Translation = {
+      lang: r.lang,
+      title: r.title,
+      published: r.published,
+      updatedAt: r.updatedAt,
+    };
+    if (existing) {
+      existing.translations.push(t);
+    } else {
+      bySlug.set(r.slug, { slug: r.slug, category: r.category, translations: [t] });
+    }
+  }
+  const pages = Array.from(bySlug.values()).sort((a, b) => a.slug.localeCompare(b.slug));
+
+  const byCategory = pages.reduce<Record<string, GroupedPage[]>>((acc, p) => {
     (acc[p.category] ??= []).push(p);
     return acc;
   }, {});
 
-  return (
-    <div className="mx-auto max-w-5xl px-4 py-8 sm:px-6 lg:px-8">
-      <h1 className="text-2xl font-semibold">Pages éditoriales</h1>
-      <p className="mt-2 text-sm text-gray-600">
-        Pages markdown affichées dans le site public. La catégorie « Général »
-        est gérée par le plugin <code>content-pages</code>, la catégorie « Légales »
-        par <code>legal-pages</code>. Désactiver le plugin dépublie ses pages
-        sans les supprimer.
-      </p>
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "short", year: "2-digit" });
 
-      <div className="mt-6 space-y-8">
+  return (
+    <div className="mx-auto max-w-5xl">
+      <header className="mb-5 mt-2">
+        <h1 className="text-2xl font-semibold text-zinc-900">Pages éditoriales</h1>
+        <p className="mt-2 text-sm text-zinc-600">
+          Pages markdown servies par le site public. Chaque page existe en une ou
+          plusieurs langues — utilisez le bouton de la langue voulue pour éditer
+          la bonne version.
+        </p>
+      </header>
+
+      <div className="space-y-8">
         {Object.entries(byCategory).map(([cat, list]) => (
           <section key={cat}>
-            <h2 className="mb-2 text-sm font-semibold uppercase tracking-wide text-gray-500">
+            <h2 className="mb-2 text-xs font-semibold uppercase tracking-wider text-zinc-500">
               {CATEGORY_LABEL[cat] ?? cat}
             </h2>
-            <ul className="divide-y divide-gray-200 rounded-lg border border-gray-200 bg-white">
-              {list.map((p) => (
-                <li key={p.slug} className="flex items-center justify-between gap-4 px-4 py-3">
-                  <div>
-                    <div className="font-medium">{p.title}</div>
-                    <div className="text-xs text-gray-500">
-                      <code>/{p.slug}</code> · {p.published ? "publié" : "dépublié"} ·
-                      mis à jour le {new Date(p.updatedAt).toLocaleDateString("fr-FR")}
-                    </div>
-                  </div>
-                  <Link
-                    href={`/admin/content-pages/${encodeURIComponent(p.slug)}`}
-                    className="rounded-full bg-gray-900 px-3 py-1 text-xs font-semibold text-white hover:bg-gray-800"
-                  >
-                    Éditer
-                  </Link>
-                </li>
-              ))}
-            </ul>
+            <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+              <table className="w-full text-sm">
+                <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+                  <tr>
+                    <th className="px-4 py-2 text-left font-semibold">Slug</th>
+                    <th className="px-4 py-2 text-left font-semibold">Titre (FR)</th>
+                    <th className="px-4 py-2 text-left font-semibold">Traductions</th>
+                    <th className="px-4 py-2 text-right font-semibold">MAJ</th>
+                    <th className="px-4 py-2 text-right font-semibold">Éditer</th>
+                  </tr>
+                </thead>
+                <tbody className="divide-y divide-zinc-100">
+                  {list.map((p) => {
+                    const fr = p.translations.find((t) => t.lang === "fr");
+                    const others = p.translations.filter((t) => t.lang !== "fr").sort((a, b) => a.lang.localeCompare(b.lang));
+                    const lastUpdated = p.translations
+                      .map((t) => t.updatedAt.getTime())
+                      .reduce((a, b) => Math.max(a, b), 0);
+                    return (
+                      <tr key={p.slug} className="hover:bg-zinc-50">
+                        <td className="px-4 py-2 font-mono text-[11px] text-zinc-700">/{p.slug}</td>
+                        <td className="px-4 py-2">
+                          {fr ? (
+                            <>
+                              <span className="font-medium text-zinc-900">{fr.title}</span>
+                              {!fr.published ? (
+                                <span className="ml-2 rounded-full bg-amber-100 px-1.5 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-amber-800 ring-1 ring-inset ring-amber-300">
+                                  dépublié
+                                </span>
+                              ) : null}
+                            </>
+                          ) : (
+                            <span className="text-zinc-400">— (pas de version FR)</span>
+                          )}
+                        </td>
+                        <td className="px-4 py-2 text-xs text-zinc-700">
+                          {others.length === 0 ? (
+                            <span className="text-zinc-400">—</span>
+                          ) : (
+                            <span className="flex flex-wrap gap-1">
+                              {others.map((t) => (
+                                <span
+                                  key={t.lang}
+                                  className={
+                                    "inline-flex items-center gap-1 rounded-full px-1.5 py-0.5 text-[10px] font-semibold uppercase tracking-wider ring-1 ring-inset " +
+                                    (t.published
+                                      ? "bg-emerald-100 text-emerald-800 ring-emerald-300"
+                                      : "bg-zinc-100 text-zinc-500 ring-zinc-300")
+                                  }
+                                  title={t.title}
+                                >
+                                  {t.lang}
+                                </span>
+                              ))}
+                            </span>
+                          )}
+                        </td>
+                        <td className="px-4 py-2 text-right text-[11px] text-zinc-500">
+                          {lastUpdated ? dateFmt.format(new Date(lastUpdated)) : "—"}
+                        </td>
+                        <td className="px-4 py-2 text-right">
+                          <span className="inline-flex flex-wrap justify-end gap-1">
+                            {p.translations
+                              .sort((a, b) => (a.lang === "fr" ? -1 : b.lang === "fr" ? 1 : a.lang.localeCompare(b.lang)))
+                              .map((t) => (
+                                <Link
+                                  key={t.lang}
+                                  href={`/admin/content-pages/${encodeURIComponent(p.slug)}?lang=${t.lang}`}
+                                  className="rounded-md bg-zinc-900 px-2.5 py-1 text-[11px] font-semibold uppercase tracking-wider text-white hover:bg-zinc-800"
+                                >
+                                  {t.lang}
+                                </Link>
+                              ))}
+                          </span>
+                        </td>
+                      </tr>
+                    );
+                  })}
+                </tbody>
+              </table>
+            </div>
           </section>
         ))}
       </div>

From 1f8dd90979ab629d675da60d4e7f3b01b65ee1fa Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 00:51:19 +0000
Subject: [PATCH 04/47] =?UTF-8?q?fix(admin):=20PATCH=20content-pages=20res?=
 =?UTF-8?q?pecte=20=3Flang=3D=20(sinon=20=C3=A9crasait=20FR)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/api/admin/content-pages/[slug]/route.ts | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/app/api/admin/content-pages/[slug]/route.ts b/src/app/api/admin/content-pages/[slug]/route.ts
index c2db7dd..df9ee1d 100644
--- a/src/app/api/admin/content-pages/[slug]/route.ts
+++ b/src/app/api/admin/content-pages/[slug]/route.ts
@@ -11,21 +11,28 @@ const patchSchema = z.object({
   published: z.boolean().optional(),
 });
 
+function normalizeLang(v: string | null): string {
+  if (!v) return "fr";
+  const l = v.toLowerCase().trim();
+  return /^[a-z]{2}$/.test(l) ? l : "fr";
+}
+
 export async function PATCH(req: Request, ctx: { params: Promise<{ slug: string }> }) {
   await requireRole([UserRole.ADMIN]);
   const { slug } = await ctx.params;
+  const url = new URL(req.url);
+  const lang = normalizeLang(url.searchParams.get("lang"));
   const session = await auth();
   const parsed = patchSchema.safeParse(await req.json().catch(() => ({})));
   if (!parsed.success) {
     return NextResponse.json({ error: "Invalid payload" }, { status: 400 });
   }
-  // L'admin édite la version FR par défaut (édition multi-langues à venir).
   const existing = await prisma.contentPage.findUnique({
-    where: { slug_lang: { slug, lang: "fr" } },
+    where: { slug_lang: { slug, lang } },
   });
   if (!existing) return NextResponse.json({ error: "Not found" }, { status: 404 });
   const updated = await prisma.contentPage.update({
-    where: { slug_lang: { slug, lang: "fr" } },
+    where: { slug_lang: { slug, lang } },
     data: {
       ...(parsed.data.title !== undefined ? { title: parsed.data.title } : {}),
       ...(parsed.data.body !== undefined ? { body: parsed.data.body } : {}),
@@ -35,6 +42,7 @@ export async function PATCH(req: Request, ctx: { params: Promise<{ slug: string
   });
   return NextResponse.json({
     slug: updated.slug,
+    lang: updated.lang,
     title: updated.title,
     published: updated.published,
     updatedAt: updated.updatedAt,

From a9fcd18022ac0271bc6af1e6b306ec37cf03c0ac Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 01:10:49 +0000
Subject: [PATCH 05/47] =?UTF-8?q?feat(admin):=20/admin/home=20=E2=80=94=20?=
 =?UTF-8?q?=C3=A9diteur=20des=20textes=20de=20la=20page=20d'accueil=20(FR+?=
 =?UTF-8?q?EN,=20override=20DB)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../migration.sql                             |   9 +
 prisma/schema.prisma                          |  11 ++
 .../home/_components/HomeTranslationsForm.tsx | 169 ++++++++++++++++++
 src/app/admin/home/actions.ts                 |  67 +++++++
 src/app/admin/home/page.tsx                   |  39 ++++
 src/components/admin/Sidebar.tsx              |   5 +-
 src/lib/admin/home-keys.ts                    |  51 ++++++
 src/lib/admin/translations.ts                 |  72 ++++++++
 src/lib/i18n/overrides.ts                     |  59 ++++++
 src/lib/i18n/server.ts                        |  11 +-
 10 files changed, 491 insertions(+), 2 deletions(-)
 create mode 100644 prisma/migrations/20260601120000_translation_overrides/migration.sql
 create mode 100644 src/app/admin/home/_components/HomeTranslationsForm.tsx
 create mode 100644 src/app/admin/home/actions.ts
 create mode 100644 src/app/admin/home/page.tsx
 create mode 100644 src/lib/admin/home-keys.ts
 create mode 100644 src/lib/admin/translations.ts
 create mode 100644 src/lib/i18n/overrides.ts

diff --git a/prisma/migrations/20260601120000_translation_overrides/migration.sql b/prisma/migrations/20260601120000_translation_overrides/migration.sql
new file mode 100644
index 0000000..5f3bfb5
--- /dev/null
+++ b/prisma/migrations/20260601120000_translation_overrides/migration.sql
@@ -0,0 +1,9 @@
+CREATE TABLE "Translation" (
+  "key" TEXT NOT NULL,
+  "lang" TEXT NOT NULL,
+  "value" TEXT NOT NULL,
+  "updatedAt" TIMESTAMP(3) NOT NULL,
+  "updatedBy" TEXT,
+  CONSTRAINT "Translation_pkey" PRIMARY KEY ("key", "lang")
+);
+CREATE INDEX "Translation_lang_idx" ON "Translation"("lang");
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index d0cc722..caa7314 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -348,3 +348,14 @@ model Setting {
   updatedAt DateTime @updatedAt
   updatedBy String?
 }
+
+model Translation {
+  key       String
+  lang      String
+  value     String
+  updatedAt DateTime @updatedAt
+  updatedBy String?
+
+  @@id([key, lang])
+  @@index([lang])
+}
diff --git a/src/app/admin/home/_components/HomeTranslationsForm.tsx b/src/app/admin/home/_components/HomeTranslationsForm.tsx
new file mode 100644
index 0000000..e0bc7c0
--- /dev/null
+++ b/src/app/admin/home/_components/HomeTranslationsForm.tsx
@@ -0,0 +1,169 @@
+"use client";
+
+import { useMemo, useState, useTransition } from "react";
+import { saveHomeTranslationsAction } from "../actions";
+
+type Row = {
+  key: string;
+  baseFr: string;
+  baseEn: string;
+  overrideFr: string | null;
+  overrideEn: string | null;
+};
+
+type Section = {
+  id: string;
+  label: string;
+  description: string;
+  rows: Row[];
+};
+
+type Props = {
+  sections: Section[];
+};
+
+function autoRows(text: string): number {
+  const lines = text.split("\n").length;
+  return Math.min(8, Math.max(1, lines));
+}
+
+export function HomeTranslationsForm({ sections }: Props) {
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [success, setSuccess] = useState<string | null>(null);
+
+  // État local : on garde uniquement la valeur courante (initialisée avec override ?? base).
+  // Le baseValue est posé en input caché et sert au backend pour décider override vs reset.
+  const initial = useMemo(() => {
+    const m = new Map<string, { fr: string; en: string }>();
+    for (const s of sections) {
+      for (const r of s.rows) {
+        m.set(r.key, { fr: r.overrideFr ?? r.baseFr, en: r.overrideEn ?? r.baseEn });
+      }
+    }
+    return m;
+  }, [sections]);
+
+  function onSubmit(formData: FormData) {
+    setError(null);
+    setSuccess(null);
+    startTransition(async () => {
+      const res = await saveHomeTranslationsAction(formData);
+      if (res.ok === false) {
+        setError(res.error);
+      } else {
+        const parts: string[] = [];
+        if (res.saved) parts.push(`${res.saved} sauvegardé${res.saved > 1 ? "s" : ""}`);
+        if (res.reset) parts.push(`${res.reset} réinitialisé${res.reset > 1 ? "s" : ""} (valeur de base)`);
+        setSuccess(parts.length > 0 ? parts.join(" · ") : "Aucun changement.");
+      }
+    });
+  }
+
+  // On crée un seul formulaire global qui contient toutes les sections.
+  let counter = 0;
+
+  return (
+    <form action={onSubmit} className="space-y-8">
+      <fieldset disabled={pending} className="space-y-8">
+        {sections.map((section) => (
+          <section key={section.id} className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+            <header className="mb-3">
+              <h2 className="text-sm font-semibold uppercase tracking-wider text-zinc-700">
+                {section.label}
+              </h2>
+              <p className="mt-0.5 text-xs text-zinc-500">{section.description}</p>
+            </header>
+
+            <div className="space-y-4">
+              {section.rows.map((r) => {
+                const idxFr = counter++;
+                const idxEn = counter++;
+                const init = initial.get(r.key)!;
+                const hasOverrideFr = r.overrideFr !== null;
+                const hasOverrideEn = r.overrideEn !== null;
+                return (
+                  <div key={r.key} className="rounded-md border border-zinc-100 bg-zinc-50/50 p-3">
+                    <div className="mb-2 flex flex-wrap items-baseline justify-between gap-2">
+                      <code className="text-[11px] font-mono text-zinc-600">{r.key}</code>
+                      <span className="flex gap-1 text-[10px] uppercase tracking-wider">
+                        {hasOverrideFr ? (
+                          <span className="rounded-full bg-emerald-100 px-1.5 py-0.5 font-semibold text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                            FR modifié
+                          </span>
+                        ) : null}
+                        {hasOverrideEn ? (
+                          <span className="rounded-full bg-emerald-100 px-1.5 py-0.5 font-semibold text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                            EN modifié
+                          </span>
+                        ) : null}
+                      </span>
+                    </div>
+
+                    <div className="grid grid-cols-1 gap-3 md:grid-cols-2">
+                      <label className="block">
+                        <span className="mb-1 block text-[10px] font-semibold uppercase tracking-wider text-zinc-500">
+                          FR
+                        </span>
+                        <input type="hidden" name={`entries[${idxFr}][key]`} value={r.key} />
+                        <input type="hidden" name={`entries[${idxFr}][lang]`} value="fr" />
+                        <input type="hidden" name={`entries[${idxFr}][baseValue]`} value={r.baseFr} />
+                        <textarea
+                          name={`entries[${idxFr}][value]`}
+                          rows={autoRows(init.fr)}
+                          defaultValue={init.fr}
+                          maxLength={4000}
+                          className="w-full rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm leading-relaxed focus:border-zinc-900 focus:outline-none"
+                        />
+                        <span className="mt-0.5 block text-[10px] text-zinc-400">
+                          Base : <span className="italic">{r.baseFr.slice(0, 80)}{r.baseFr.length > 80 ? "…" : ""}</span>
+                        </span>
+                      </label>
+                      <label className="block">
+                        <span className="mb-1 block text-[10px] font-semibold uppercase tracking-wider text-zinc-500">
+                          EN
+                        </span>
+                        <input type="hidden" name={`entries[${idxEn}][key]`} value={r.key} />
+                        <input type="hidden" name={`entries[${idxEn}][lang]`} value="en" />
+                        <input type="hidden" name={`entries[${idxEn}][baseValue]`} value={r.baseEn} />
+                        <textarea
+                          name={`entries[${idxEn}][value]`}
+                          rows={autoRows(init.en)}
+                          defaultValue={init.en}
+                          maxLength={4000}
+                          className="w-full rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm leading-relaxed focus:border-zinc-900 focus:outline-none"
+                        />
+                        <span className="mt-0.5 block text-[10px] text-zinc-400">
+                          Base : <span className="italic">{r.baseEn.slice(0, 80)}{r.baseEn.length > 80 ? "…" : ""}</span>
+                        </span>
+                      </label>
+                    </div>
+                  </div>
+                );
+              })}
+            </div>
+          </section>
+        ))}
+
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+        ) : null}
+        {success ? (
+          <div className="rounded border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">{success}</div>
+        ) : null}
+
+        <div className="sticky bottom-3 flex items-center justify-end gap-3 rounded-lg border border-zinc-200 bg-white px-4 py-3 shadow-md">
+          <span className="text-xs text-zinc-500">
+            Laisser une case vide ou identique au texte de base réinitialise l&apos;override.
+          </span>
+          <button
+            type="submit"
+            className="rounded-md bg-zinc-900 px-5 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+          >
+            {pending ? "Enregistrement…" : "Enregistrer les modifications"}
+          </button>
+        </div>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/admin/home/actions.ts b/src/app/admin/home/actions.ts
new file mode 100644
index 0000000..c244d4a
--- /dev/null
+++ b/src/app/admin/home/actions.ts
@@ -0,0 +1,67 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+import { z } from "zod";
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { requireRole } from "@/lib/authorization";
+import { recordAudit } from "@/lib/admin/audit";
+import { deleteTranslationOverride, upsertTranslation } from "@/lib/admin/translations";
+import { invalidateTranslationCache } from "@/lib/i18n/overrides";
+import { isHomeKey } from "@/lib/admin/home-keys";
+
+const entrySchema = z.object({
+  key: z.string().min(1).max(200),
+  lang: z.enum(["fr", "en"]),
+  value: z.string().max(4000),
+  baseValue: z.string().max(4000),
+});
+
+type SaveResult = { ok: true; saved: number; reset: number } | { ok: false; error: string };
+
+export async function saveHomeTranslationsAction(fd: FormData): Promise<SaveResult> {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  const actorEmail = session?.user?.email ?? null;
+
+  // FormData arrive avec entries[N][key], entries[N][lang], entries[N][value], entries[N][baseValue].
+  const grouped = new Map<string, Record<string, string>>();
+  for (const [name, val] of fd.entries()) {
+    if (typeof val !== "string") continue;
+    const m = name.match(/^entries\[(\d+)\]\[(key|lang|value|baseValue)\]$/);
+    if (!m) continue;
+    const [, idx, field] = m;
+    if (!grouped.has(idx)) grouped.set(idx, {});
+    grouped.get(idx)![field] = val;
+  }
+
+  let saved = 0;
+  let reset = 0;
+  for (const raw of grouped.values()) {
+    const parsed = entrySchema.safeParse(raw);
+    if (!parsed.success) continue;
+    if (!isHomeKey(parsed.data.key)) continue;
+
+    const trimmed = parsed.data.value.trim();
+    const base = parsed.data.baseValue;
+    if (trimmed === "" || trimmed === base) {
+      // Suppression de l'override : on revient à la valeur du fichier.
+      await deleteTranslationOverride(parsed.data.key, parsed.data.lang);
+      reset++;
+    } else {
+      await upsertTranslation(parsed.data.key, parsed.data.lang, trimmed, actorEmail);
+      saved++;
+    }
+  }
+
+  invalidateTranslationCache();
+  await recordAudit({
+    scope: "admin.home",
+    event: "translations.save",
+    actorEmail,
+    details: { saved, reset },
+  });
+  revalidatePath("/admin/home");
+  revalidatePath("/");
+  return { ok: true, saved, reset };
+}
diff --git a/src/app/admin/home/page.tsx b/src/app/admin/home/page.tsx
new file mode 100644
index 0000000..a068b6c
--- /dev/null
+++ b/src/app/admin/home/page.tsx
@@ -0,0 +1,39 @@
+import { HOME_SECTIONS } from "@/lib/admin/home-keys";
+import { listTranslationsForKeys } from "@/lib/admin/translations";
+import { HomeTranslationsForm } from "./_components/HomeTranslationsForm";
+
+export const dynamic = "force-dynamic";
+
+export default async function HomeAdminPage() {
+  const allKeys = await listTranslationsForKeys(HOME_SECTIONS.flatMap((s) => s.prefixes));
+  const keysBySection = HOME_SECTIONS.map((s) => ({
+    id: s.id,
+    label: s.label,
+    description: s.description,
+    rows: allKeys.filter((r) => s.prefixes.some((p) => r.key.startsWith(p))),
+  }));
+
+  const totalOverrides = allKeys.reduce(
+    (acc, r) => acc + (r.overrideFr !== null ? 1 : 0) + (r.overrideEn !== null ? 1 : 0),
+    0,
+  );
+
+  return (
+    <div className="mx-auto max-w-6xl">
+      <header className="mb-5 mt-2">
+        <h1 className="text-2xl font-semibold text-zinc-900">Page d&apos;accueil</h1>
+        <p className="mt-1 text-sm text-zinc-600">
+          Édition des textes affichés sur la page d&apos;accueil publique, en français et en anglais.
+          Les modifications sont appliquées immédiatement (cache rafraîchi sous 10 secondes).
+        </p>
+        <p className="mt-1 text-xs text-zinc-500">
+          {totalOverrides === 0
+            ? "Aucun texte personnalisé pour l'instant — les valeurs par défaut viennent des fichiers de traduction."
+            : `${totalOverrides} valeur${totalOverrides > 1 ? "s" : ""} personnalisée${totalOverrides > 1 ? "s" : ""} actuellement active${totalOverrides > 1 ? "s" : ""}.`}
+        </p>
+      </header>
+
+      <HomeTranslationsForm sections={keysBySection} />
+    </div>
+  );
+}
diff --git a/src/components/admin/Sidebar.tsx b/src/components/admin/Sidebar.tsx
index 05e9695..e10428c 100644
--- a/src/components/admin/Sidebar.tsx
+++ b/src/components/admin/Sidebar.tsx
@@ -134,7 +134,10 @@ const GROUPS: NavGroup[] = [
   },
   {
     label: "Contenu",
-    items: [{ href: "/admin/content-pages", label: "Pages éditoriales", icon: ICONS.pages }],
+    items: [
+      { href: "/admin/home", label: "Page d'accueil", icon: ICONS.dashboard },
+      { href: "/admin/content-pages", label: "Pages éditoriales", icon: ICONS.pages },
+    ],
   },
   {
     label: "Système",
diff --git a/src/lib/admin/home-keys.ts b/src/lib/admin/home-keys.ts
new file mode 100644
index 0000000..409b51f
--- /dev/null
+++ b/src/lib/admin/home-keys.ts
@@ -0,0 +1,51 @@
+/**
+ * Sections éditables depuis /admin/home.
+ *
+ * Liste curatée des préfixes de clés qui apparaissent réellement sur la
+ * page d'accueil. Le reste (season, language, access, site) est éditable
+ * via /admin/translations (toutes les clés) une fois construit.
+ */
+export const HOME_SECTIONS: { id: string; label: string; description: string; prefixes: string[] }[] = [
+  {
+    id: "hero",
+    label: "Bandeau d'accueil (hero)",
+    description: "Le visuel plein écran tout en haut — accroche + sous-titre + boutons.",
+    prefixes: ["hero."],
+  },
+  {
+    id: "experiences",
+    label: "Deux expériences",
+    description: "Section présentant les 2 modes (route + fleuve / expédition fleuve).",
+    prefixes: ["experiences."],
+  },
+  {
+    id: "howItWorks",
+    label: "Comment ça marche",
+    description: "Les étapes pour réserver un séjour.",
+    prefixes: ["howItWorks."],
+  },
+  {
+    id: "ce",
+    label: "Comités d'entreprise",
+    description: "Section dédiée aux CE et leurs membres.",
+    prefixes: ["ce."],
+  },
+  {
+    id: "testimonials",
+    label: "Témoignages",
+    description: "Bloc témoignages voyageurs.",
+    prefixes: ["testimonials."],
+  },
+  {
+    id: "footer",
+    label: "Pied de page",
+    description: "Liens et mentions en pied de page.",
+    prefixes: ["footer."],
+  },
+];
+
+export const HOME_PREFIXES: string[] = HOME_SECTIONS.flatMap((s) => s.prefixes);
+
+export function isHomeKey(key: string): boolean {
+  return HOME_PREFIXES.some((p) => key.startsWith(p));
+}
diff --git a/src/lib/admin/translations.ts b/src/lib/admin/translations.ts
new file mode 100644
index 0000000..a2ffbbc
--- /dev/null
+++ b/src/lib/admin/translations.ts
@@ -0,0 +1,72 @@
+import "server-only";
+
+import { prisma } from "@/lib/prisma";
+import frMessages from "@/messages/fr.json";
+import enMessages from "@/messages/en.json";
+
+const BASE: Record<"fr" | "en", Record<string, string>> = {
+  fr: frMessages as Record<string, string>,
+  en: enMessages as Record<string, string>,
+};
+
+export type TranslationRow = {
+  key: string;
+  baseFr: string;
+  baseEn: string;
+  overrideFr: string | null;
+  overrideEn: string | null;
+  updatedAt: Date | null;
+  updatedBy: string | null;
+};
+
+export async function listTranslationsForKeys(prefixes: string[]): Promise<TranslationRow[]> {
+  // Toutes les clés du fichier FR (canonique) qui matchent un préfixe.
+  const allKeys = Object.keys(BASE.fr).filter((k) => prefixes.some((p) => k.startsWith(p)));
+  allKeys.sort();
+
+  const overrides = await prisma.translation.findMany({
+    where: { key: { in: allKeys } },
+    select: { key: true, lang: true, value: true, updatedAt: true, updatedBy: true },
+  });
+  type Override = (typeof overrides)[number];
+  const overrideMap = new Map<string, Map<string, Override>>();
+  for (const o of overrides) {
+    if (!overrideMap.has(o.key)) overrideMap.set(o.key, new Map());
+    overrideMap.get(o.key)!.set(o.lang, o);
+  }
+
+  return allKeys.map((key) => {
+    const rowFr = overrideMap.get(key)?.get("fr");
+    const rowEn = overrideMap.get(key)?.get("en");
+    const lastTs = Math.max(rowFr?.updatedAt.getTime() ?? 0, rowEn?.updatedAt.getTime() ?? 0);
+    const lastEditor = (rowFr?.updatedAt ?? new Date(0)) > (rowEn?.updatedAt ?? new Date(0))
+      ? rowFr?.updatedBy ?? null
+      : rowEn?.updatedBy ?? null;
+    return {
+      key,
+      baseFr: BASE.fr[key] ?? "",
+      baseEn: BASE.en[key] ?? "",
+      overrideFr: rowFr?.value ?? null,
+      overrideEn: rowEn?.value ?? null,
+      updatedAt: lastTs > 0 ? new Date(lastTs) : null,
+      updatedBy: lastEditor,
+    };
+  });
+}
+
+export async function upsertTranslation(
+  key: string,
+  lang: "fr" | "en",
+  value: string,
+  actor: string | null,
+): Promise<void> {
+  await prisma.translation.upsert({
+    where: { key_lang: { key, lang } },
+    create: { key, lang, value, updatedBy: actor },
+    update: { value, updatedBy: actor },
+  });
+}
+
+export async function deleteTranslationOverride(key: string, lang: "fr" | "en"): Promise<void> {
+  await prisma.translation.delete({ where: { key_lang: { key, lang } } }).catch(() => {});
+}
diff --git a/src/lib/i18n/overrides.ts b/src/lib/i18n/overrides.ts
new file mode 100644
index 0000000..365b6d6
--- /dev/null
+++ b/src/lib/i18n/overrides.ts
@@ -0,0 +1,59 @@
+import "server-only";
+
+import { prisma } from "@/lib/prisma";
+import type { Locale } from "./types";
+
+type Cache = {
+  fr: Map<string, string>;
+  en: Map<string, string>;
+  loadedAt: number;
+};
+
+const TTL_MS = 10_000;
+let cache: Cache | null = null;
+let inflight: Promise<Cache> | null = null;
+
+async function refresh(): Promise<Cache> {
+  const rows = await prisma.translation.findMany({
+    select: { key: true, lang: true, value: true },
+  });
+  const fr = new Map<string, string>();
+  const en = new Map<string, string>();
+  for (const r of rows) {
+    if (r.lang === "fr") fr.set(r.key, r.value);
+    else if (r.lang === "en") en.set(r.key, r.value);
+  }
+  cache = { fr, en, loadedAt: Date.now() };
+  return cache;
+}
+
+async function loadCache(): Promise<Cache> {
+  if (cache && Date.now() - cache.loadedAt < TTL_MS) return cache;
+  if (inflight) return inflight;
+  inflight = refresh().finally(() => {
+    inflight = null;
+  });
+  return inflight;
+}
+
+export async function getTranslationOverride(key: string, lang: Locale): Promise<string | undefined> {
+  try {
+    const c = await loadCache();
+    return c[lang].get(key);
+  } catch {
+    return undefined;
+  }
+}
+
+export async function getTranslationOverridesMap(lang: Locale): Promise<Map<string, string>> {
+  try {
+    const c = await loadCache();
+    return c[lang];
+  } catch {
+    return new Map();
+  }
+}
+
+export function invalidateTranslationCache(): void {
+  cache = null;
+}
diff --git a/src/lib/i18n/server.ts b/src/lib/i18n/server.ts
index 30c9203..347d6b2 100644
--- a/src/lib/i18n/server.ts
+++ b/src/lib/i18n/server.ts
@@ -16,6 +16,7 @@ import { isPluginEnabled } from "@/lib/plugins/server";
 
 import frMessages from "@/messages/fr.json";
 import enMessages from "@/messages/en.json";
+import { getTranslationOverride, getTranslationOverridesMap } from "./overrides";
 
 const DICTS: Record<Locale, Record<string, string>> = {
   fr: frMessages as Record<string, string>,
@@ -55,6 +56,8 @@ export async function getLocale(): Promise<Locale> {
  */
 export async function t(key: string, locale?: Locale): Promise<string> {
   const lang = locale ?? (await getLocale());
+  const override = await getTranslationOverride(key, lang);
+  if (override !== undefined) return override;
   const dict = DICTS[lang];
   const fallback = DICTS.fr;
   return dict[key] ?? fallback[key] ?? key;
@@ -63,8 +66,14 @@ export async function t(key: string, locale?: Locale): Promise<string> {
 /**
  * dict(locale) : retourne le dico complet pour passer en prop client-side.
  * Garde le bundle léger (le client ne reçoit qu'une langue à la fois).
+ * Les overrides DB sont fusionnés par-dessus le fichier de base.
  */
 export async function dict(locale?: Locale): Promise<Record<string, string>> {
   const lang = locale ?? (await getLocale());
-  return DICTS[lang];
+  const base = DICTS[lang];
+  const overrides = await getTranslationOverridesMap(lang);
+  if (overrides.size === 0) return base;
+  const merged: Record<string, string> = { ...base };
+  for (const [k, v] of overrides) merged[k] = v;
+  return merged;
 }

From e79b6dd1419cf3bb0de6dec575c1fce94ff17113 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 01:34:00 +0000
Subject: [PATCH 06/47] feat(p0): prix/nuit + booking form public +
 /inscription + /reservations/[id]

---
 .../migration.sql                             |   2 +
 prisma/schema.prisma                          |   2 +
 src/app/admin/carbets/[id]/page.tsx           |   1 +
 .../admin/carbets/_components/CarbetForm.tsx  |  16 +-
 src/app/admin/carbets/actions.ts              |   1 +
 src/app/admin/carbets/page.tsx                |   4 +-
 src/app/api/signup/route.ts                   |  64 +++++++
 src/app/carbets/[slug]/page.tsx               |  14 +-
 src/app/carbets/_components/booking-form.tsx  | 172 ++++++++++++++++++
 src/app/connexion/page.tsx                    |  18 +-
 .../inscription/_components/SignupForm.tsx    | 149 +++++++++++++++
 src/app/inscription/page.tsx                  |  40 ++++
 src/app/reservations/[id]/page.tsx            | 110 +++++++++++
 src/lib/admin/carbets.ts                      |   3 +
 src/lib/carbet-public.ts                      |   3 +
 15 files changed, 590 insertions(+), 9 deletions(-)
 create mode 100644 prisma/migrations/20260601150000_carbet_nightly_price/migration.sql
 create mode 100644 src/app/api/signup/route.ts
 create mode 100644 src/app/carbets/_components/booking-form.tsx
 create mode 100644 src/app/inscription/_components/SignupForm.tsx
 create mode 100644 src/app/inscription/page.tsx
 create mode 100644 src/app/reservations/[id]/page.tsx

diff --git a/prisma/migrations/20260601150000_carbet_nightly_price/migration.sql b/prisma/migrations/20260601150000_carbet_nightly_price/migration.sql
new file mode 100644
index 0000000..e53b6bf
--- /dev/null
+++ b/prisma/migrations/20260601150000_carbet_nightly_price/migration.sql
@@ -0,0 +1,2 @@
+ALTER TABLE "Carbet" ADD COLUMN "nightlyPrice" DECIMAL(10,2) NOT NULL DEFAULT 0;
+UPDATE "Carbet" SET "nightlyPrice" = 80 WHERE "nightlyPrice" = 0;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index caa7314..e9aaf6d 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -124,6 +124,8 @@ model Carbet {
   // Détails d'accès route pour ROAD_AND_RIVER (GPS, distance, type de piste).
   roadAccessNote     String?
   capacity           Int
+  // Prix par nuit pour le carbet entier (toute capacité). En euros.
+  nightlyPrice       Decimal      @db.Decimal(10, 2) @default(0)
   // Contraintes séjour (plugin min-stay). null = pas de contrainte.
   minStayNights      Int?
   maxStayNights      Int?
diff --git a/src/app/admin/carbets/[id]/page.tsx b/src/app/admin/carbets/[id]/page.tsx
index 5e8f635..02c0d80 100644
--- a/src/app/admin/carbets/[id]/page.tsx
+++ b/src/app/admin/carbets/[id]/page.tsx
@@ -87,6 +87,7 @@ export default async function EditCarbetPage({ params }: PageProps) {
           latitude: carbet.latitude.toString(),
           longitude: carbet.longitude.toString(),
           capacity: carbet.capacity,
+          nightlyPrice: carbet.nightlyPrice.toString(),
           accessType: carbet.accessType,
           roadAccessNote: carbet.roadAccessNote,
           pirogueDurationMin: carbet.pirogueDurationMin,
diff --git a/src/app/admin/carbets/_components/CarbetForm.tsx b/src/app/admin/carbets/_components/CarbetForm.tsx
index 6a4f7e4..260996b 100644
--- a/src/app/admin/carbets/_components/CarbetForm.tsx
+++ b/src/app/admin/carbets/_components/CarbetForm.tsx
@@ -18,6 +18,7 @@ export type CarbetFormInitial = {
   latitude?: number | string;
   longitude?: number | string;
   capacity?: number;
+  nightlyPrice?: number | string;
   accessType?: string;
   roadAccessNote?: string | null;
   pirogueDurationMin?: number | null;
@@ -188,9 +189,9 @@ export function CarbetForm({ initial = {}, owners, providers, action, submitLabe
           </div>
         </section>
 
-        {/* Séjour */}
+        {/* Séjour & tarif */}
         <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
-          <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Séjour</h2>
+          <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Séjour &amp; tarif</h2>
           <div className="grid grid-cols-1 gap-4 sm:grid-cols-4">
             <FormField label="Capacité" required hint="Voyageurs max">
               <input
@@ -203,6 +204,17 @@ export function CarbetForm({ initial = {}, owners, providers, action, submitLabe
                 required
               />
             </FormField>
+            <FormField label="Prix / nuit (€)" required hint="Pour le carbet entier.">
+              <input
+                name="nightlyPrice"
+                type="number"
+                min={0}
+                step="0.01"
+                defaultValue={initial.nightlyPrice?.toString() ?? ""}
+                className={inputCls}
+                required
+              />
+            </FormField>
             <FormField label="Capacité min recommandée" hint="Facultatif">
               <input
                 name="minCapacity"
diff --git a/src/app/admin/carbets/actions.ts b/src/app/admin/carbets/actions.ts
index 131fd02..9e2fbff 100644
--- a/src/app/admin/carbets/actions.ts
+++ b/src/app/admin/carbets/actions.ts
@@ -27,6 +27,7 @@ const baseCarbetSchema = z.object({
   latitude: z.coerce.number().min(-90).max(90),
   longitude: z.coerce.number().min(-180).max(180),
   capacity: z.coerce.number().int().min(1).max(100),
+  nightlyPrice: z.coerce.number().min(0).max(100000),
   accessType: z.enum([AccessType.ROAD_AND_RIVER, AccessType.RIVER_ONLY]),
   roadAccessNote: z.string().trim().max(1000).optional().nullable(),
   pirogueDurationMin: z.coerce.number().int().min(0).max(1440).optional().nullable(),
diff --git a/src/app/admin/carbets/page.tsx b/src/app/admin/carbets/page.tsx
index e3c2399..5bf1989 100644
--- a/src/app/admin/carbets/page.tsx
+++ b/src/app/admin/carbets/page.tsx
@@ -99,6 +99,7 @@ export default async function CarbetsAdminPage({ searchParams }: PageProps) {
               <th className="px-4 py-2 text-left font-semibold">Fleuve</th>
               <th className="px-4 py-2 text-left font-semibold">Accès</th>
               <th className="px-4 py-2 text-right font-semibold">Cap.</th>
+              <th className="px-4 py-2 text-right font-semibold">€/nuit</th>
               <th className="px-4 py-2 text-right font-semibold">Médias</th>
               <th className="px-4 py-2 text-right font-semibold">Résas</th>
               <th className="px-4 py-2 text-left font-semibold">Propriétaire</th>
@@ -109,7 +110,7 @@ export default async function CarbetsAdminPage({ searchParams }: PageProps) {
           <tbody className="divide-y divide-zinc-100">
             {carbets.length === 0 ? (
               <tr>
-                <td colSpan={9} className="px-4 py-8 text-center text-sm text-zinc-500">
+                <td colSpan={10} className="px-4 py-8 text-center text-sm text-zinc-500">
                   Aucun carbet ne correspond aux filtres.
                 </td>
               </tr>
@@ -129,6 +130,7 @@ export default async function CarbetsAdminPage({ searchParams }: PageProps) {
                   {c.accessType === AccessType.RIVER_ONLY ? "🛶 Fleuve" : "🛣️ Route+fleuve"}
                 </td>
                 <td className="px-4 py-2 text-right font-mono text-zinc-700">{c.capacity}</td>
+                <td className="px-4 py-2 text-right font-mono text-zinc-700">{Number(c.nightlyPrice).toFixed(0)}</td>
                 <td className="px-4 py-2 text-right font-mono text-zinc-700">{c.mediaCount}</td>
                 <td className="px-4 py-2 text-right font-mono text-zinc-700">{c.bookingsCount}</td>
                 <td className="px-4 py-2 text-zinc-700">{c.ownerName}</td>
diff --git a/src/app/api/signup/route.ts b/src/app/api/signup/route.ts
new file mode 100644
index 0000000..db2f49d
--- /dev/null
+++ b/src/app/api/signup/route.ts
@@ -0,0 +1,64 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { UserRole } from "@/generated/prisma/enums";
+import { hashPassword } from "@/lib/password";
+import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  email: z.string().trim().toLowerCase().email().max(200),
+  password: z.string().min(8).max(200),
+  firstName: z.string().trim().min(1).max(100),
+  lastName: z.string().trim().min(1).max(100),
+  phone: z.string().trim().max(40).optional().nullable(),
+  role: z.enum([UserRole.TOURIST, UserRole.OWNER]).default(UserRole.TOURIST),
+});
+
+export async function POST(req: Request) {
+  let body: unknown;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ error: "Corps JSON invalide." }, { status: 400 });
+  }
+  const parsed = schema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json(
+      { error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") },
+      { status: 400 },
+    );
+  }
+  const data = parsed.data;
+
+  const existing = await prisma.user.findUnique({ where: { email: data.email }, select: { id: true } });
+  if (existing) {
+    return NextResponse.json({ error: "Un compte existe déjà avec cet email." }, { status: 409 });
+  }
+
+  const passwordHash = await hashPassword(data.password);
+  const user = await prisma.user.create({
+    data: {
+      email: data.email,
+      passwordHash,
+      firstName: data.firstName,
+      lastName: data.lastName,
+      phone: data.phone?.trim() || null,
+      role: data.role,
+      isActive: true,
+    },
+    select: { id: true, email: true, role: true },
+  });
+
+  await recordAudit({
+    scope: "public.signup",
+    event: "user.create",
+    target: user.id,
+    actorEmail: user.email,
+    details: { role: user.role },
+  });
+
+  return NextResponse.json({ ok: true, userId: user.id });
+}
diff --git a/src/app/carbets/[slug]/page.tsx b/src/app/carbets/[slug]/page.tsx
index 9a3e51c..e51590a 100644
--- a/src/app/carbets/[slug]/page.tsx
+++ b/src/app/carbets/[slug]/page.tsx
@@ -12,6 +12,7 @@ import {
 import { MediaType, UserRole } from "@/generated/prisma/enums";
 import { formatAverageRating } from "@/lib/reviews";
 
+import { BookingForm } from "../_components/booking-form";
 import { CarbetGallery } from "../_components/carbet-gallery";
 import { ReviewsSection } from "../_components/reviews-section";
 import { StarRating } from "../_components/star-rating";
@@ -226,10 +227,15 @@ export default async function PublicCarbetPage({ params }: PageProps) {
             </dl>
           </div>
 
-          <p className="rounded-md bg-emerald-50 px-3 py-2 text-xs text-emerald-800">
-            La réservation en ligne arrive bientôt. En attendant, contactez
-            l&apos;équipe Karbé pour organiser votre séjour.
-          </p>
+          <BookingForm
+            carbetId={carbet.id}
+            slug={carbet.slug}
+            nightlyPrice={Number(carbet.nightlyPrice)}
+            capacity={carbet.capacity}
+            minStayNights={carbet.minStayNights}
+            maxStayNights={carbet.maxStayNights}
+            isAuthenticated={Boolean(viewerId)}
+          />
         </aside>
       </div>
 
diff --git a/src/app/carbets/_components/booking-form.tsx b/src/app/carbets/_components/booking-form.tsx
new file mode 100644
index 0000000..2c4f1e2
--- /dev/null
+++ b/src/app/carbets/_components/booking-form.tsx
@@ -0,0 +1,172 @@
+"use client";
+
+import { useMemo, useState } from "react";
+import Link from "next/link";
+import { useRouter } from "next/navigation";
+
+type Props = {
+  carbetId: string;
+  slug: string;
+  nightlyPrice: number;
+  capacity: number;
+  minStayNights: number | null;
+  maxStayNights: number | null;
+  isAuthenticated: boolean;
+};
+
+function todayPlus(n: number): string {
+  const d = new Date();
+  d.setHours(0, 0, 0, 0);
+  d.setDate(d.getDate() + n);
+  return d.toISOString().slice(0, 10);
+}
+
+function diffDays(a: string, b: string): number {
+  if (!a || !b) return 0;
+  const da = new Date(a + "T00:00:00Z").getTime();
+  const db = new Date(b + "T00:00:00Z").getTime();
+  return Math.round((db - da) / 86400000);
+}
+
+export function BookingForm({
+  carbetId,
+  slug,
+  nightlyPrice,
+  capacity,
+  minStayNights,
+  maxStayNights,
+  isAuthenticated,
+}: Props) {
+  const router = useRouter();
+  const [startDate, setStartDate] = useState(todayPlus(7));
+  const [endDate, setEndDate] = useState(todayPlus(7 + (minStayNights ?? 2)));
+  const [guestCount, setGuestCount] = useState(Math.min(2, capacity));
+  const [busy, setBusy] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  const nights = useMemo(() => Math.max(0, diffDays(startDate, endDate)), [startDate, endDate]);
+  const total = nights * nightlyPrice;
+  const minN = minStayNights ?? 1;
+  const maxN = maxStayNights ?? 365;
+  const nightsOk = nights >= minN && nights <= maxN;
+  const guestOk = guestCount >= 1 && guestCount <= capacity;
+  const canSubmit = nightsOk && guestOk && !busy;
+
+  async function submit() {
+    if (!isAuthenticated) {
+      const next = `/carbets/${slug}`;
+      router.push(`/connexion?next=${encodeURIComponent(next)}`);
+      return;
+    }
+    setBusy(true);
+    setError(null);
+    try {
+      const res = await fetch("/api/bookings", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ carbetId, startDate, endDate, guestCount }),
+      });
+      const json = await res.json().catch(() => ({}));
+      if (!res.ok) {
+        throw new Error(json?.error || `Erreur ${res.status}`);
+      }
+      router.push(`/reservations/${json.id ?? json.booking?.id ?? ""}`);
+    } catch (e) {
+      setError(e instanceof Error ? e.message : String(e));
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  return (
+    <div className="space-y-3 rounded-lg border border-zinc-200 bg-white p-4 shadow-sm">
+      <div className="flex items-baseline justify-between">
+        <div>
+          <span className="text-2xl font-semibold text-zinc-900">{nightlyPrice.toFixed(0)} €</span>
+          <span className="ml-1 text-sm text-zinc-500">/ nuit</span>
+        </div>
+        <span className="text-xs text-zinc-500">jusqu&apos;à {capacity} voyageurs</span>
+      </div>
+
+      <div className="grid grid-cols-2 gap-2 text-sm">
+        <label className="block">
+          <span className="text-xs text-zinc-500">Arrivée</span>
+          <input
+            type="date"
+            value={startDate}
+            min={todayPlus(0)}
+            onChange={(e) => setStartDate(e.target.value)}
+            className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5"
+          />
+        </label>
+        <label className="block">
+          <span className="text-xs text-zinc-500">Départ</span>
+          <input
+            type="date"
+            value={endDate}
+            min={startDate || todayPlus(1)}
+            onChange={(e) => setEndDate(e.target.value)}
+            className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5"
+          />
+        </label>
+      </div>
+
+      <label className="block text-sm">
+        <span className="text-xs text-zinc-500">Voyageurs</span>
+        <input
+          type="number"
+          min={1}
+          max={capacity}
+          value={guestCount}
+          onChange={(e) => setGuestCount(Math.max(1, Math.min(capacity, Number(e.target.value) || 1)))}
+          className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5"
+        />
+      </label>
+
+      <div className="space-y-1 border-t border-zinc-100 pt-3 text-sm text-zinc-700">
+        <div className="flex justify-between">
+          <span>
+            {nightlyPrice.toFixed(0)} € × {nights} nuit{nights > 1 ? "s" : ""}
+          </span>
+          <span className="font-mono">{(nightlyPrice * nights).toFixed(2)} €</span>
+        </div>
+        <div className="flex justify-between text-base font-semibold text-zinc-900">
+          <span>Total</span>
+          <span className="font-mono">{total.toFixed(2)} €</span>
+        </div>
+      </div>
+
+      {!nightsOk && nights > 0 ? (
+        <div className="rounded border border-amber-200 bg-amber-50 px-3 py-1.5 text-xs text-amber-800">
+          Séjour entre {minN} et {maxN} nuits requis.
+        </div>
+      ) : null}
+
+      {error ? (
+        <div className="rounded border border-rose-200 bg-rose-50 px-3 py-1.5 text-xs text-rose-700">{error}</div>
+      ) : null}
+
+      <button
+        type="button"
+        onClick={submit}
+        disabled={!canSubmit}
+        className="w-full rounded-md bg-emerald-600 px-4 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+      >
+        {busy ? "Envoi…" : isAuthenticated ? "Réserver" : "Se connecter pour réserver"}
+      </button>
+
+      {!isAuthenticated ? (
+        <p className="text-center text-xs text-zinc-500">
+          Pas encore de compte ?{" "}
+          <Link href={`/inscription?next=${encodeURIComponent(`/carbets/${slug}`)}`} className="text-zinc-900 underline">
+            Créer un compte
+          </Link>
+        </p>
+      ) : null}
+
+      <p className="text-center text-[11px] text-zinc-500">
+        Le créneau est bloqué dès l&apos;envoi. Statut « En attente » jusqu&apos;à confirmation du paiement.
+      </p>
+    </div>
+  );
+}
diff --git a/src/app/connexion/page.tsx b/src/app/connexion/page.tsx
index 032a91b..e66082e 100644
--- a/src/app/connexion/page.tsx
+++ b/src/app/connexion/page.tsx
@@ -1,11 +1,16 @@
+import Link from "next/link";
 import { redirect } from "next/navigation";
 
 import { auth, signIn } from "@/auth";
 
-export default async function SignInPage() {
+type Props = { searchParams: Promise<{ next?: string }> };
+
+export default async function SignInPage({ searchParams }: Props) {
   const session = await auth();
+  const sp = await searchParams;
+  const next = sp.next && sp.next.startsWith("/") ? sp.next : "/";
   if (session?.user?.id) {
-    redirect("/");
+    redirect(next);
   }
 
   return (
@@ -48,6 +53,15 @@ export default async function SignInPage() {
         >
           Se connecter
         </button>
+        <p className="border-t border-zinc-100 pt-3 text-center text-sm text-zinc-500">
+          Pas encore de compte ?{" "}
+          <Link
+            href={`/inscription${next !== "/" ? `?next=${encodeURIComponent(next)}` : ""}`}
+            className="text-zinc-900 underline"
+          >
+            Créer un compte
+          </Link>
+        </p>
       </form>
     </main>
   );
diff --git a/src/app/inscription/_components/SignupForm.tsx b/src/app/inscription/_components/SignupForm.tsx
new file mode 100644
index 0000000..2ffd914
--- /dev/null
+++ b/src/app/inscription/_components/SignupForm.tsx
@@ -0,0 +1,149 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+import { signIn } from "next-auth/react";
+
+type Props = { next: string };
+
+export function SignupForm({ next }: Props) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [role, setRole] = useState<"TOURIST" | "OWNER">("TOURIST");
+
+  function onSubmit(formData: FormData) {
+    setError(null);
+    const email = (formData.get("email") as string | null)?.trim() ?? "";
+    const password = (formData.get("password") as string | null) ?? "";
+    const firstName = (formData.get("firstName") as string | null)?.trim() ?? "";
+    const lastName = (formData.get("lastName") as string | null)?.trim() ?? "";
+    const phone = (formData.get("phone") as string | null)?.trim() ?? "";
+
+    if (password.length < 8) {
+      setError("Le mot de passe doit faire au moins 8 caractères.");
+      return;
+    }
+
+    startTransition(async () => {
+      const res = await fetch("/api/signup", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email, password, firstName, lastName, phone: phone || null, role }),
+      });
+      const json = await res.json().catch(() => ({}));
+      if (!res.ok) {
+        setError(json?.error || `Erreur ${res.status}`);
+        return;
+      }
+      const result = await signIn("credentials", {
+        email,
+        password,
+        redirect: false,
+      });
+      if (result?.error) {
+        setError("Compte créé mais connexion impossible. Essayez la page de connexion.");
+        return;
+      }
+      router.push(next);
+      router.refresh();
+    });
+  }
+
+  const inputCls =
+    "w-full rounded-md border border-zinc-300 px-3 py-2 text-sm focus:border-zinc-900 focus:outline-none";
+
+  return (
+    <form action={onSubmit} className="space-y-3">
+      <fieldset disabled={pending} className="space-y-3">
+        <div className="grid grid-cols-2 gap-2">
+          <label className="block">
+            <span className="text-xs text-zinc-600">Prénom</span>
+            <input name="firstName" type="text" required maxLength={100} className={inputCls + " mt-0.5"} />
+          </label>
+          <label className="block">
+            <span className="text-xs text-zinc-600">Nom</span>
+            <input name="lastName" type="text" required maxLength={100} className={inputCls + " mt-0.5"} />
+          </label>
+        </div>
+
+        <label className="block">
+          <span className="text-xs text-zinc-600">Email</span>
+          <input name="email" type="email" required maxLength={200} className={inputCls + " mt-0.5"} />
+        </label>
+
+        <label className="block">
+          <span className="text-xs text-zinc-600">Mot de passe (8 caractères min.)</span>
+          <input
+            name="password"
+            type="password"
+            required
+            minLength={8}
+            maxLength={200}
+            className={inputCls + " mt-0.5"}
+          />
+        </label>
+
+        <label className="block">
+          <span className="text-xs text-zinc-600">Téléphone (optionnel)</span>
+          <input name="phone" type="tel" maxLength={40} className={inputCls + " mt-0.5"} />
+        </label>
+
+        <fieldset className="space-y-1">
+          <legend className="text-xs text-zinc-600">Type de compte</legend>
+          <div className="grid grid-cols-2 gap-2 pt-1">
+            <label
+              className={
+                "flex cursor-pointer flex-col items-start rounded-md border px-3 py-2 text-sm " +
+                (role === "TOURIST"
+                  ? "border-zinc-900 bg-zinc-50 ring-1 ring-zinc-900"
+                  : "border-zinc-300 hover:bg-zinc-50")
+              }
+            >
+              <input
+                type="radio"
+                name="role"
+                value="TOURIST"
+                checked={role === "TOURIST"}
+                onChange={() => setRole("TOURIST")}
+                className="sr-only"
+              />
+              <span className="font-semibold text-zinc-900">Voyageur</span>
+              <span className="text-[11px] text-zinc-500">Réserver un séjour.</span>
+            </label>
+            <label
+              className={
+                "flex cursor-pointer flex-col items-start rounded-md border px-3 py-2 text-sm " +
+                (role === "OWNER"
+                  ? "border-zinc-900 bg-zinc-50 ring-1 ring-zinc-900"
+                  : "border-zinc-300 hover:bg-zinc-50")
+              }
+            >
+              <input
+                type="radio"
+                name="role"
+                value="OWNER"
+                checked={role === "OWNER"}
+                onChange={() => setRole("OWNER")}
+                className="sr-only"
+              />
+              <span className="font-semibold text-zinc-900">Hôte</span>
+              <span className="text-[11px] text-zinc-500">Publier un carbet.</span>
+            </label>
+          </div>
+        </fieldset>
+
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+        ) : null}
+
+        <button
+          type="submit"
+          className="w-full rounded-md bg-zinc-900 px-3 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+        >
+          {pending ? "Création…" : "Créer mon compte"}
+        </button>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/inscription/page.tsx b/src/app/inscription/page.tsx
new file mode 100644
index 0000000..35e871e
--- /dev/null
+++ b/src/app/inscription/page.tsx
@@ -0,0 +1,40 @@
+import { redirect } from "next/navigation";
+import Link from "next/link";
+
+import { auth } from "@/auth";
+import { SignupForm } from "./_components/SignupForm";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = {
+  searchParams: Promise<{ next?: string }>;
+};
+
+export default async function SignupPage({ searchParams }: PageProps) {
+  const session = await auth();
+  const sp = await searchParams;
+  const next = sp.next && sp.next.startsWith("/") ? sp.next : "/";
+  if (session?.user?.id) redirect(next);
+
+  return (
+    <main className="mx-auto flex min-h-[70vh] max-w-md items-center px-6 py-12">
+      <div className="w-full space-y-4 rounded-xl border border-zinc-200 bg-white p-6 shadow-sm">
+        <header>
+          <h1 className="text-2xl font-semibold text-zinc-900">Créer un compte</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            Un compte vous permet de réserver un séjour ou, en tant qu&apos;hôte, de publier votre carbet.
+          </p>
+        </header>
+
+        <SignupForm next={next} />
+
+        <p className="border-t border-zinc-100 pt-3 text-center text-sm text-zinc-500">
+          Déjà un compte ?{" "}
+          <Link href={`/connexion${next !== "/" ? `?next=${encodeURIComponent(next)}` : ""}`} className="text-zinc-900 underline">
+            Se connecter
+          </Link>
+        </p>
+      </div>
+    </main>
+  );
+}
diff --git a/src/app/reservations/[id]/page.tsx b/src/app/reservations/[id]/page.tsx
new file mode 100644
index 0000000..857bf1d
--- /dev/null
+++ b/src/app/reservations/[id]/page.tsx
@@ -0,0 +1,110 @@
+import { notFound, redirect } from "next/navigation";
+import Link from "next/link";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = { params: Promise<{ id: string }> };
+
+const STATUS_LABEL: Record<string, string> = {
+  PENDING: "En attente de confirmation",
+  CONFIRMED: "Confirmée",
+  CANCELLED: "Annulée",
+  COMPLETED: "Terminée",
+};
+
+const PAYMENT_LABEL: Record<string, string> = {
+  PENDING: "Paiement en attente",
+  AUTHORIZED: "Paiement autorisé",
+  SUCCEEDED: "Paiement reçu",
+  FAILED: "Paiement échoué",
+  REFUNDED: "Remboursé",
+};
+
+export default async function ReservationPage({ params }: PageProps) {
+  const { id } = await params;
+  const session = await auth();
+  if (!session?.user?.id) redirect(`/connexion?next=/reservations/${id}`);
+
+  const booking = await prisma.booking.findUnique({
+    where: { id },
+    include: {
+      carbet: { select: { title: true, slug: true, river: true } },
+      tenant: { select: { id: true, email: true } },
+    },
+  });
+  if (!booking) notFound();
+
+  const isOwner = booking.tenant.id === session.user.id;
+  const isAdmin = session.user.role === UserRole.ADMIN;
+  if (!isOwner && !isAdmin) notFound();
+
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" });
+  const nights = Math.max(1, Math.round((booking.endDate.getTime() - booking.startDate.getTime()) / 86400000));
+
+  return (
+    <main className="mx-auto max-w-3xl px-6 py-12">
+      <h1 className="text-3xl font-semibold text-zinc-900">Demande de réservation envoyée</h1>
+      <p className="mt-2 text-sm text-zinc-600">
+        Votre demande pour <strong>{booking.carbet.title}</strong> a bien été enregistrée. Vous recevrez
+        un email dès que l&apos;hôte ou l&apos;équipe Karbé l&apos;aura confirmée.
+      </p>
+
+      <section className="mt-6 space-y-3 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <div className="flex flex-wrap items-baseline justify-between gap-2">
+          <span className="text-xs uppercase tracking-wider text-zinc-500">Référence</span>
+          <code className="font-mono text-sm text-zinc-900">{booking.id}</code>
+        </div>
+        <div className="grid grid-cols-2 gap-3 border-t border-zinc-100 pt-3 text-sm">
+          <div>
+            <div className="text-xs text-zinc-500">Carbet</div>
+            <Link href={`/carbets/${booking.carbet.slug}`} className="font-semibold text-zinc-900 hover:underline">
+              {booking.carbet.title}
+            </Link>
+            <div className="text-xs text-zinc-500">{booking.carbet.river}</div>
+          </div>
+          <div>
+            <div className="text-xs text-zinc-500">Voyageurs</div>
+            <div className="font-semibold text-zinc-900">
+              {booking.guestCount} personne{booking.guestCount > 1 ? "s" : ""}
+            </div>
+          </div>
+          <div>
+            <div className="text-xs text-zinc-500">Arrivée</div>
+            <div className="font-semibold text-zinc-900">{dateFmt.format(booking.startDate)}</div>
+          </div>
+          <div>
+            <div className="text-xs text-zinc-500">Départ</div>
+            <div className="font-semibold text-zinc-900">{dateFmt.format(booking.endDate)}</div>
+          </div>
+          <div className="col-span-2 border-t border-zinc-100 pt-3">
+            <div className="text-xs text-zinc-500">Total ({nights} nuit{nights > 1 ? "s" : ""})</div>
+            <div className="text-2xl font-semibold text-zinc-900 font-mono">
+              {Number(booking.amount).toFixed(2)} {booking.currency}
+            </div>
+          </div>
+        </div>
+        <div className="flex flex-wrap items-center justify-between gap-2 border-t border-zinc-100 pt-3 text-xs">
+          <span className="rounded-full bg-sky-100 px-2 py-0.5 font-semibold uppercase tracking-wider text-sky-800 ring-1 ring-inset ring-sky-300">
+            {STATUS_LABEL[booking.status] ?? booking.status}
+          </span>
+          <span className="rounded-full bg-zinc-100 px-2 py-0.5 font-semibold uppercase tracking-wider text-zinc-700 ring-1 ring-inset ring-zinc-300">
+            {PAYMENT_LABEL[booking.paymentStatus] ?? booking.paymentStatus}
+          </span>
+        </div>
+      </section>
+
+      <div className="mt-6 flex items-center justify-between text-sm">
+        <Link href={`/carbets/${booking.carbet.slug}`} className="text-zinc-700 hover:text-zinc-900 hover:underline">
+          ← Retour au carbet
+        </Link>
+        <Link href="/" className="text-zinc-700 hover:text-zinc-900 hover:underline">
+          Accueil
+        </Link>
+      </div>
+    </main>
+  );
+}
diff --git a/src/lib/admin/carbets.ts b/src/lib/admin/carbets.ts
index b6e1a92..bf773e2 100644
--- a/src/lib/admin/carbets.ts
+++ b/src/lib/admin/carbets.ts
@@ -13,6 +13,7 @@ export type AdminCarbetListItem = {
   title: string;
   river: string;
   capacity: number;
+  nightlyPrice: string;
   status: CarbetStatus;
   accessType: AccessType;
   ownerName: string;
@@ -52,6 +53,7 @@ export async function listCarbetsAdmin(filters: AdminCarbetFilters = {}): Promis
       title: true,
       river: true,
       capacity: true,
+      nightlyPrice: true,
       status: true,
       accessType: true,
       updatedAt: true,
@@ -66,6 +68,7 @@ export async function listCarbetsAdmin(filters: AdminCarbetFilters = {}): Promis
     title: r.title,
     river: r.river,
     capacity: r.capacity,
+    nightlyPrice: r.nightlyPrice.toString(),
     status: r.status,
     accessType: r.accessType,
     ownerName: `${r.owner.firstName} ${r.owner.lastName}`.trim() || r.owner.email,
diff --git a/src/lib/carbet-public.ts b/src/lib/carbet-public.ts
index 82ed693..61af5c4 100644
--- a/src/lib/carbet-public.ts
+++ b/src/lib/carbet-public.ts
@@ -27,6 +27,7 @@ export type PublicCarbetDetail = {
   accessType: AccessType;
   roadAccessNote: string | null;
   capacity: number;
+  nightlyPrice: string;
   minStayNights: number | null;
   maxStayNights: number | null;
   minCapacity: number | null;
@@ -60,6 +61,7 @@ export const getPublicCarbet = cache(
         accessType: true,
         roadAccessNote: true,
         capacity: true,
+        nightlyPrice: true,
         minStayNights: true,
         maxStayNights: true,
         minCapacity: true,
@@ -110,6 +112,7 @@ export const getPublicCarbet = cache(
       accessType: carbet.accessType,
       roadAccessNote: carbet.roadAccessNote,
       capacity: carbet.capacity,
+      nightlyPrice: carbet.nightlyPrice.toString(),
       minStayNights: carbet.minStayNights,
       maxStayNights: carbet.maxStayNights,
       minCapacity: carbet.minCapacity,

From b59b8a0af2debd3091a913d29e1d174e704e77ea Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 02:20:38 +0000
Subject: [PATCH 07/47] =?UTF-8?q?feat(p1):=20calendrier=20dispo=20+=20emai?=
 =?UTF-8?q?ls=20Resend=20+=20amount=20calcul=C3=A9=20+=20best-effort=20wel?=
 =?UTF-8?q?come/confirmation/refund?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package-lock.json                            | 230 ++++++++++++++++++-
 package.json                                 |   1 +
 src/app/admin/bookings/actions.ts            |  38 ++-
 src/app/api/bookings/route.ts                |  41 +++-
 src/app/api/signup/route.ts                  |   4 +
 src/app/carbets/_components/booking-form.tsx |  70 +++++-
 src/lib/email.ts                             | 207 +++++++++++++++++
 7 files changed, 585 insertions(+), 6 deletions(-)
 create mode 100644 src/lib/email.ts

diff --git a/package-lock.json b/package-lock.json
index f80d6c5..547438e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -18,6 +18,7 @@
         "pg": "^8.21.0",
         "react": "19.2.4",
         "react-dom": "19.2.4",
+        "resend": "^4.8.0",
         "stripe": "^18.3.0"
       },
       "devDependencies": {
@@ -2231,6 +2232,24 @@
         }
       }
     },
+    "node_modules/@react-email/render": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@react-email/render/-/render-1.1.2.tgz",
+      "integrity": "sha512-RnRehYN3v9gVlNMehHPHhyp2RQo7+pSkHDtXPvg3s0GbzM9SQMW4Qrf8GRNvtpLC4gsI+Wt0VatNRUFqjvevbw==",
+      "license": "MIT",
+      "dependencies": {
+        "html-to-text": "^9.0.5",
+        "prettier": "^3.5.3",
+        "react-promise-suspense": "^0.3.4"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      },
+      "peerDependencies": {
+        "react": "^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^18.0 || ^19.0 || ^19.0.0-rc"
+      }
+    },
     "node_modules/@rtsao/scc": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@rtsao/scc/-/scc-1.1.0.tgz",
@@ -2238,6 +2257,19 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@selderee/plugin-htmlparser2": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz",
+      "integrity": "sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ==",
+      "license": "MIT",
+      "dependencies": {
+        "domhandler": "^5.0.3",
+        "selderee": "^0.11.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/@smithy/core": {
       "version": "3.24.5",
       "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.24.5.tgz",
@@ -2711,7 +2743,7 @@
       "version": "19.2.3",
       "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-19.2.3.tgz",
       "integrity": "sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ==",
-      "dev": true,
+      "devOptional": true,
       "license": "MIT",
       "peerDependencies": {
         "@types/react": "^19.2.0"
@@ -4028,6 +4060,15 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/deepmerge": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz",
+      "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/deepmerge-ts": {
       "version": "7.1.5",
       "resolved": "https://registry.npmjs.org/deepmerge-ts/-/deepmerge-ts-7.1.5.tgz",
@@ -4121,6 +4162,61 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/dom-serializer": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz",
+      "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==",
+      "license": "MIT",
+      "dependencies": {
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.2",
+        "entities": "^4.2.0"
+      },
+      "funding": {
+        "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1"
+      }
+    },
+    "node_modules/domelementtype": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
+      "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "license": "BSD-2-Clause"
+    },
+    "node_modules/domhandler": {
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz",
+      "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==",
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "domelementtype": "^2.3.0"
+      },
+      "engines": {
+        "node": ">= 4"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domhandler?sponsor=1"
+      }
+    },
+    "node_modules/domutils": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz",
+      "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==",
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "dom-serializer": "^2.0.0",
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domutils?sponsor=1"
+      }
+    },
     "node_modules/dotenv": {
       "version": "17.4.2",
       "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.4.2.tgz",
@@ -4197,6 +4293,18 @@
         "node": ">=10.13.0"
       }
     },
+    "node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/env-paths": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-3.0.0.tgz",
@@ -5405,6 +5513,41 @@
         "node": ">=16.9.0"
       }
     },
+    "node_modules/html-to-text": {
+      "version": "9.0.5",
+      "resolved": "https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz",
+      "integrity": "sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg==",
+      "license": "MIT",
+      "dependencies": {
+        "@selderee/plugin-htmlparser2": "^0.11.0",
+        "deepmerge": "^4.3.1",
+        "dom-serializer": "^2.0.0",
+        "htmlparser2": "^8.0.2",
+        "selderee": "^0.11.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/htmlparser2": {
+      "version": "8.0.2",
+      "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz",
+      "integrity": "sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==",
+      "funding": [
+        "https://github.com/fb55/htmlparser2?sponsor=1",
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3",
+        "domutils": "^3.0.1",
+        "entities": "^4.4.0"
+      }
+    },
     "node_modules/http-status-codes": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/http-status-codes/-/http-status-codes-2.3.0.tgz",
@@ -6067,6 +6210,15 @@
         "node": ">=0.10"
       }
     },
+    "node_modules/leac": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/leac/-/leac-0.6.0.tgz",
+      "integrity": "sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/levn": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -6915,6 +7067,19 @@
         "node": ">=6"
       }
     },
+    "node_modules/parseley": {
+      "version": "0.12.1",
+      "resolved": "https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz",
+      "integrity": "sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw==",
+      "license": "MIT",
+      "dependencies": {
+        "leac": "^0.6.0",
+        "peberminta": "^0.9.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/path-exists": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
@@ -6964,6 +7129,15 @@
       "devOptional": true,
       "license": "MIT"
     },
+    "node_modules/peberminta": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz",
+      "integrity": "sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/perfect-debounce": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/perfect-debounce/-/perfect-debounce-2.1.0.tgz",
@@ -7221,6 +7395,21 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/prettier": {
+      "version": "3.8.3",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
+      "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
+      "license": "MIT",
+      "bin": {
+        "prettier": "bin/prettier.cjs"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    },
     "node_modules/prisma": {
       "version": "7.8.0",
       "resolved": "https://registry.npmjs.org/prisma/-/prisma-7.8.0.tgz",
@@ -7388,6 +7577,21 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/react-promise-suspense": {
+      "version": "0.3.4",
+      "resolved": "https://registry.npmjs.org/react-promise-suspense/-/react-promise-suspense-0.3.4.tgz",
+      "integrity": "sha512-I42jl7L3Ze6kZaq+7zXWSunBa3b1on5yfvUW6Eo/3fFOj6dZ5Bqmcd264nJbTK/gn1HjjILAjSwnZbV4RpSaNQ==",
+      "license": "MIT",
+      "dependencies": {
+        "fast-deep-equal": "^2.0.1"
+      }
+    },
+    "node_modules/react-promise-suspense/node_modules/fast-deep-equal": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz",
+      "integrity": "sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w==",
+      "license": "MIT"
+    },
     "node_modules/readdirp": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-5.0.0.tgz",
@@ -7466,6 +7670,18 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/resend": {
+      "version": "4.8.0",
+      "resolved": "https://registry.npmjs.org/resend/-/resend-4.8.0.tgz",
+      "integrity": "sha512-R8eBOFQDO6dzRTDmaMEdpqrkmgSjPpVXt4nGfWsZdYOet0kqra0xgbvTES6HmCriZEXbmGk3e0DiGIaLFTFSHA==",
+      "license": "MIT",
+      "dependencies": {
+        "@react-email/render": "1.1.2"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/resolve": {
       "version": "2.0.0-next.7",
       "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.7.tgz",
@@ -7623,6 +7839,18 @@
       "integrity": "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==",
       "license": "MIT"
     },
+    "node_modules/selderee": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz",
+      "integrity": "sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA==",
+      "license": "MIT",
+      "dependencies": {
+        "parseley": "^0.12.0"
+      },
+      "funding": {
+        "url": "https://ko-fi.com/killymxi"
+      }
+    },
     "node_modules/semver": {
       "version": "6.3.1",
       "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
diff --git a/package.json b/package.json
index 4b2d77d..e02165a 100644
--- a/package.json
+++ b/package.json
@@ -19,6 +19,7 @@
     "pg": "^8.21.0",
     "react": "19.2.4",
     "react-dom": "19.2.4",
+    "resend": "^4.8.0",
     "stripe": "^18.3.0"
   },
   "devDependencies": {
diff --git a/src/app/admin/bookings/actions.ts b/src/app/admin/bookings/actions.ts
index a8726d4..ca9e401 100644
--- a/src/app/admin/bookings/actions.ts
+++ b/src/app/admin/bookings/actions.ts
@@ -6,6 +6,7 @@ import { BookingStatus, PaymentStatus, UserRole } from "@/generated/prisma/enums
 import { requireRole } from "@/lib/authorization";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
+import { sendBookingConfirmed, sendBookingRefunded } from "@/lib/email";
 
 async function audit(event: string, target: string, actor: string | null, details: Record<string, unknown>) {
   await recordAudit({ scope: "admin.bookings", event, target, actorEmail: actor, details });
@@ -31,11 +32,32 @@ export async function updateBookingStatusAction(id: string, status: string) {
     return { ok: false as const, error: "Statut invalide" };
   }
   const session = await auth();
-  await prisma.booking.update({
+  const before = await prisma.booking.findUnique({
+    where: { id },
+    select: { status: true },
+  });
+  const updated = await prisma.booking.update({
     where: { id },
     data: { status: status as BookingStatus },
+    include: {
+      tenant: { select: { email: true, firstName: true } },
+      carbet: { select: { title: true } },
+    },
   });
   await audit("booking.status.update", id, session?.user?.email ?? null, { status });
+  if (
+    before?.status !== BookingStatus.CONFIRMED &&
+    updated.status === BookingStatus.CONFIRMED
+  ) {
+    sendBookingConfirmed(
+      updated.tenant.email,
+      updated.tenant.firstName,
+      updated.id,
+      updated.carbet.title,
+      updated.startDate,
+      updated.endDate,
+    ).catch(() => {});
+  }
   revalidatePath("/admin/bookings");
   revalidatePath(`/admin/bookings/${id}`);
   return { ok: true as const };
@@ -60,14 +82,26 @@ export async function updateBookingPaymentAction(id: string, paymentStatus: stri
 export async function refundBookingAction(id: string) {
   await requireRole([UserRole.ADMIN]);
   const session = await auth();
-  await prisma.booking.update({
+  const updated = await prisma.booking.update({
     where: { id },
     data: {
       paymentStatus: PaymentStatus.REFUNDED,
       status: BookingStatus.CANCELLED,
     },
+    include: {
+      tenant: { select: { email: true, firstName: true } },
+      carbet: { select: { title: true } },
+    },
   });
   await audit("booking.refund", id, session?.user?.email ?? null, {});
+  sendBookingRefunded(
+    updated.tenant.email,
+    updated.tenant.firstName,
+    updated.id,
+    updated.carbet.title,
+    updated.amount.toString(),
+    updated.currency,
+  ).catch(() => {});
   revalidatePath("/admin/bookings");
   revalidatePath(`/admin/bookings/${id}`);
   return { ok: true as const };
diff --git a/src/app/api/bookings/route.ts b/src/app/api/bookings/route.ts
index 11f94ad..8ada7f7 100644
--- a/src/app/api/bookings/route.ts
+++ b/src/app/api/bookings/route.ts
@@ -16,6 +16,7 @@ import {
   parseIsoDate,
 } from "@/lib/booking";
 import { prisma } from "@/lib/prisma";
+import { sendBookingRequestToOwner, sendBookingRequestToTenant } from "@/lib/email";
 
 export const runtime = "nodejs";
 
@@ -78,6 +79,9 @@ export async function POST(request: Request) {
       ownerId: true,
       capacity: true,
       status: true,
+      nightlyPrice: true,
+      title: true,
+      owner: { select: { email: true, firstName: true } },
     },
   });
 
@@ -183,6 +187,12 @@ export async function POST(request: Request) {
     }
   }
 
+  const nights = Math.max(
+    1,
+    Math.round((endDate.getTime() - startDate.getTime()) / 86400000),
+  );
+  const computedAmount = Number(carbet.nightlyPrice) * nights;
+
   const booking = await prisma.booking.create({
     data: {
       carbetId: carbet.id,
@@ -191,7 +201,7 @@ export async function POST(request: Request) {
       endDate,
       guestCount,
       status: BookingStatus.PENDING,
-      amount: 0,
+      amount: computedAmount.toFixed(2),
       currency: "EUR",
     },
     select: {
@@ -207,5 +217,34 @@ export async function POST(request: Request) {
     },
   });
 
+  // Best-effort emails (n'échouent pas la réservation si Resend down).
+  const tenant = await prisma.user.findUnique({
+    where: { id: session.user.id },
+    select: { email: true, firstName: true, lastName: true },
+  });
+  if (tenant) {
+    sendBookingRequestToTenant(
+      tenant.email,
+      tenant.firstName,
+      booking.id,
+      carbet.title,
+      booking.startDate,
+      booking.endDate,
+      computedAmount.toFixed(2),
+      "EUR",
+    ).catch(() => {});
+  }
+  if (carbet.owner?.email && tenant) {
+    sendBookingRequestToOwner(
+      carbet.owner.email,
+      carbet.owner.firstName,
+      booking.id,
+      carbet.title,
+      `${tenant.firstName} ${tenant.lastName}`.trim(),
+      booking.startDate,
+      booking.endDate,
+    ).catch(() => {});
+  }
+
   return NextResponse.json({ booking }, { status: 201 });
 }
diff --git a/src/app/api/signup/route.ts b/src/app/api/signup/route.ts
index db2f49d..b1044b8 100644
--- a/src/app/api/signup/route.ts
+++ b/src/app/api/signup/route.ts
@@ -5,6 +5,7 @@ import { UserRole } from "@/generated/prisma/enums";
 import { hashPassword } from "@/lib/password";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
+import { sendSignupWelcome } from "@/lib/email";
 
 export const runtime = "nodejs";
 
@@ -60,5 +61,8 @@ export async function POST(req: Request) {
     details: { role: user.role },
   });
 
+  // Best-effort welcome email.
+  sendSignupWelcome(user.email, data.firstName).catch(() => {});
+
   return NextResponse.json({ ok: true, userId: user.id });
 }
diff --git a/src/app/carbets/_components/booking-form.tsx b/src/app/carbets/_components/booking-form.tsx
index 2c4f1e2..c2d85a2 100644
--- a/src/app/carbets/_components/booking-form.tsx
+++ b/src/app/carbets/_components/booking-form.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { useMemo, useState } from "react";
+import { useEffect, useMemo, useState } from "react";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
 
@@ -43,6 +43,26 @@ export function BookingForm({
   const [guestCount, setGuestCount] = useState(Math.min(2, capacity));
   const [busy, setBusy] = useState(false);
   const [error, setError] = useState<string | null>(null);
+  const [blockedDates, setBlockedDates] = useState<Set<string>>(new Set());
+
+  // Fetch availability sur les 90 prochains jours pour griser/avertir.
+  useEffect(() => {
+    const ctrl = new AbortController();
+    const from = todayPlus(0);
+    const to = todayPlus(90);
+    fetch(`/api/carbets/${carbetId}/availability?from=${from}&to=${to}`, { signal: ctrl.signal })
+      .then((r) => (r.ok ? r.json() : null))
+      .then((j) => {
+        if (!j?.calendar) return;
+        const blocked = new Set<string>();
+        for (const d of j.calendar as { date: string; isAvailable: boolean }[]) {
+          if (!d.isAvailable) blocked.add(d.date);
+        }
+        setBlockedDates(blocked);
+      })
+      .catch(() => {});
+    return () => ctrl.abort();
+  }, [carbetId]);
 
   const nights = useMemo(() => Math.max(0, diffDays(startDate, endDate)), [startDate, endDate]);
   const total = nights * nightlyPrice;
@@ -50,7 +70,28 @@ export function BookingForm({
   const maxN = maxStayNights ?? 365;
   const nightsOk = nights >= minN && nights <= maxN;
   const guestOk = guestCount >= 1 && guestCount <= capacity;
-  const canSubmit = nightsOk && guestOk && !busy;
+
+  // Vérifie qu'aucun jour de la plage sélectionnée n'est bloqué.
+  const conflictDates = useMemo(() => {
+    if (blockedDates.size === 0 || nights === 0) return [];
+    const out: string[] = [];
+    const startMs = new Date(startDate + "T00:00:00Z").getTime();
+    for (let i = 0; i < nights; i++) {
+      const d = new Date(startMs + i * 86400000).toISOString().slice(0, 10);
+      if (blockedDates.has(d)) out.push(d);
+    }
+    return out;
+  }, [blockedDates, startDate, nights]);
+  const hasConflict = conflictDates.length > 0;
+
+  const canSubmit = nightsOk && guestOk && !busy && !hasConflict;
+
+  // Prochaines dates bloquées (max 6) pour affichage informatif.
+  const upcomingBlocked = useMemo(() => {
+    return Array.from(blockedDates)
+      .sort()
+      .slice(0, 6);
+  }, [blockedDates]);
 
   async function submit() {
     if (!isAuthenticated) {
@@ -142,6 +183,31 @@ export function BookingForm({
         </div>
       ) : null}
 
+      {hasConflict ? (
+        <div className="rounded border border-rose-200 bg-rose-50 px-3 py-1.5 text-xs text-rose-700">
+          Cette plage chevauche {conflictDates.length} jour{conflictDates.length > 1 ? "s" : ""} déjà
+          pris ou bloqué{conflictDates.length > 1 ? "s" : ""} (
+          {conflictDates.slice(0, 3).join(", ")}
+          {conflictDates.length > 3 ? "…" : ""}). Changez les dates.
+        </div>
+      ) : null}
+
+      {upcomingBlocked.length > 0 && !hasConflict ? (
+        <details className="rounded border border-zinc-100 bg-zinc-50 px-3 py-1.5 text-xs text-zinc-600">
+          <summary className="cursor-pointer">Voir les prochaines dates indisponibles</summary>
+          <div className="mt-1.5 flex flex-wrap gap-1">
+            {upcomingBlocked.map((d) => (
+              <code key={d} className="rounded bg-white px-1.5 py-0.5 text-[10px] text-zinc-700">
+                {d}
+              </code>
+            ))}
+            {blockedDates.size > upcomingBlocked.length ? (
+              <span className="text-[10px] text-zinc-500">+ {blockedDates.size - upcomingBlocked.length} autres</span>
+            ) : null}
+          </div>
+        </details>
+      ) : null}
+
       {error ? (
         <div className="rounded border border-rose-200 bg-rose-50 px-3 py-1.5 text-xs text-rose-700">{error}</div>
       ) : null}
diff --git a/src/lib/email.ts b/src/lib/email.ts
new file mode 100644
index 0000000..3712ee7
--- /dev/null
+++ b/src/lib/email.ts
@@ -0,0 +1,207 @@
+/**
+ * Service email — Resend si `RESEND_API_KEY` est configuré, sinon log console.
+ *
+ * Le code consommateur ne doit jamais bloquer ni jeter d'erreur sur un échec
+ * d'envoi (best-effort, le booking est l'action principale).
+ */
+
+import "server-only";
+
+let resendClient: import("resend").Resend | null | undefined;
+
+async function getResend(): Promise<import("resend").Resend | null> {
+  if (resendClient !== undefined) return resendClient;
+  const key = process.env.RESEND_API_KEY?.trim();
+  if (!key) {
+    resendClient = null;
+    return null;
+  }
+  try {
+    const { Resend } = await import("resend");
+    resendClient = new Resend(key);
+    return resendClient;
+  } catch (e) {
+    console.error("[email] resend init failed:", e instanceof Error ? e.message : e);
+    resendClient = null;
+    return null;
+  }
+}
+
+export type EmailOpts = {
+  to: string | string[];
+  subject: string;
+  html: string;
+  text?: string;
+  replyTo?: string;
+};
+
+const DEFAULT_FROM = process.env.RESEND_FROM ?? "Karbé <no-reply@karbe.cosmolan.fr>";
+
+export async function sendEmail(opts: EmailOpts): Promise<{ ok: boolean; id?: string; reason?: string }> {
+  const client = await getResend();
+  if (!client) {
+    console.log(
+      "[email] dry-run (no RESEND_API_KEY):",
+      JSON.stringify({ to: opts.to, subject: opts.subject }),
+    );
+    return { ok: true, reason: "dry-run" };
+  }
+  try {
+    const { data, error } = await client.emails.send({
+      from: DEFAULT_FROM,
+      to: Array.isArray(opts.to) ? opts.to : [opts.to],
+      subject: opts.subject,
+      html: opts.html,
+      text: opts.text,
+      replyTo: opts.replyTo,
+    });
+    if (error) {
+      console.error("[email] resend error:", error);
+      return { ok: false, reason: error.message };
+    }
+    return { ok: true, id: data?.id };
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    console.error("[email] send failed:", msg);
+    return { ok: false, reason: msg };
+  }
+}
+
+// ---------- Templates ----------
+
+const SITE_URL = process.env.NEXT_PUBLIC_SITE_URL ?? "https://karbe.cosmolan.fr";
+
+const baseStyle = `
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+  color: #18181b;
+  max-width: 580px;
+  margin: 0 auto;
+  padding: 24px;
+  line-height: 1.5;
+`;
+
+function wrap(title: string, content: string): string {
+  return `<!doctype html><html><body style="background:#fafafa;margin:0;padding:24px 12px;">
+    <div style="${baseStyle}background:white;border-radius:12px;box-shadow:0 1px 3px rgba(0,0,0,0.05);">
+      <h1 style="margin:0 0 16px;font-size:22px;font-weight:600;color:#18181b;">${title}</h1>
+      ${content}
+      <hr style="margin:24px 0;border:0;border-top:1px solid #e4e4e7;" />
+      <p style="font-size:11px;color:#71717a;margin:0;">
+        Karbé · <a href="${SITE_URL}" style="color:#71717a;">${SITE_URL}</a><br/>
+        Cet email a été envoyé suite à une action sur votre compte. Si ce n'est pas vous, ignorez-le.
+      </p>
+    </div>
+  </body></html>`;
+}
+
+export async function sendSignupWelcome(to: string, firstName: string): Promise<void> {
+  await sendEmail({
+    to,
+    subject: "Bienvenue sur Karbé",
+    html: wrap(
+      `Bienvenue ${firstName} !`,
+      `<p>Votre compte Karbé est créé. Vous pouvez désormais réserver un séjour ou, si vous êtes hôte, publier votre carbet.</p>
+       <p><a href="${SITE_URL}/carbets" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Découvrir les carbets</a></p>`,
+    ),
+    text: `Bienvenue ${firstName} ! Votre compte Karbé est créé. ${SITE_URL}/carbets`,
+  });
+}
+
+export async function sendBookingRequestToTenant(
+  to: string,
+  firstName: string,
+  bookingId: string,
+  carbetTitle: string,
+  startDate: Date,
+  endDate: Date,
+  amount: string,
+  currency: string,
+): Promise<void> {
+  const fmt = (d: Date) =>
+    new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" }).format(d);
+  await sendEmail({
+    to,
+    subject: `Demande de réservation enregistrée — ${carbetTitle}`,
+    html: wrap(
+      "Demande de réservation envoyée",
+      `<p>Bonjour ${firstName},</p>
+       <p>Votre demande de réservation pour <strong>${carbetTitle}</strong> a bien été enregistrée :</p>
+       <ul>
+         <li>Arrivée : ${fmt(startDate)}</li>
+         <li>Départ : ${fmt(endDate)}</li>
+         <li>Montant : ${Number(amount).toFixed(2)} ${currency}</li>
+       </ul>
+       <p>Vous recevrez un nouvel email dès que l'hôte ou l'équipe Karbé confirmera votre séjour.</p>
+       <p><a href="${SITE_URL}/reservations/${bookingId}" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Voir ma réservation</a></p>`,
+    ),
+  });
+}
+
+export async function sendBookingRequestToOwner(
+  to: string,
+  ownerFirstName: string,
+  bookingId: string,
+  carbetTitle: string,
+  tenantName: string,
+  startDate: Date,
+  endDate: Date,
+): Promise<void> {
+  const fmt = (d: Date) =>
+    new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" }).format(d);
+  await sendEmail({
+    to,
+    subject: `Nouvelle demande de réservation — ${carbetTitle}`,
+    html: wrap(
+      "Nouvelle demande à confirmer",
+      `<p>Bonjour ${ownerFirstName},</p>
+       <p><strong>${tenantName}</strong> souhaite réserver <strong>${carbetTitle}</strong> :</p>
+       <ul>
+         <li>Du ${fmt(startDate)} au ${fmt(endDate)}</li>
+       </ul>
+       <p>Connectez-vous à votre espace hôte pour confirmer ou refuser.</p>
+       <p><a href="${SITE_URL}/espace-hote" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Mon espace hôte</a></p>`,
+    ),
+  });
+}
+
+export async function sendBookingConfirmed(
+  to: string,
+  firstName: string,
+  bookingId: string,
+  carbetTitle: string,
+  startDate: Date,
+  endDate: Date,
+): Promise<void> {
+  const fmt = (d: Date) =>
+    new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" }).format(d);
+  await sendEmail({
+    to,
+    subject: `Réservation confirmée — ${carbetTitle}`,
+    html: wrap(
+      "Votre séjour est confirmé",
+      `<p>Bonjour ${firstName},</p>
+       <p>Votre réservation pour <strong>${carbetTitle}</strong> du ${fmt(startDate)} au ${fmt(endDate)} est confirmée.</p>
+       <p><a href="${SITE_URL}/reservations/${bookingId}" style="display:inline-block;background:#16a34a;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Voir ma réservation</a></p>`,
+    ),
+  });
+}
+
+export async function sendBookingRefunded(
+  to: string,
+  firstName: string,
+  bookingId: string,
+  carbetTitle: string,
+  amount: string,
+  currency: string,
+): Promise<void> {
+  await sendEmail({
+    to,
+    subject: `Remboursement traité — ${carbetTitle}`,
+    html: wrap(
+      "Remboursement en cours",
+      `<p>Bonjour ${firstName},</p>
+       <p>Votre réservation pour <strong>${carbetTitle}</strong> a été annulée et le remboursement de <strong>${Number(amount).toFixed(2)} ${currency}</strong> est en cours de traitement par Stripe (3 à 5 jours ouvrés).</p>
+       <p><a href="${SITE_URL}/reservations/${bookingId}" style="color:#18181b;">Détails de la réservation</a></p>`,
+    ),
+  });
+}

From 14fd9a59405d77d9548c4c947bdbc3cd6c8ae0ad Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 02:27:14 +0000
Subject: [PATCH 08/47] feat(p2): vitest + 27 tests + /api/health enrichi +
 /api/metrics + workflow CI

---
 .forgejo/workflows/ci.yml    |   59 +
 package-lock.json            | 2102 +++++++++++++++++++++++++++++++++-
 package.json                 |   11 +-
 src/app/api/health/route.ts  |   96 +-
 src/app/api/metrics/route.ts |   78 ++
 tests/lib/booking.test.ts    |  107 ++
 tests/lib/email.test.ts      |   30 +
 tests/lib/password.test.ts   |   27 +
 tests/lib/reviews.test.ts    |   50 +
 vitest.config.ts             |   21 +
 10 files changed, 2572 insertions(+), 9 deletions(-)
 create mode 100644 .forgejo/workflows/ci.yml
 create mode 100644 src/app/api/metrics/route.ts
 create mode 100644 tests/lib/booking.test.ts
 create mode 100644 tests/lib/email.test.ts
 create mode 100644 tests/lib/password.test.ts
 create mode 100644 tests/lib/reviews.test.ts
 create mode 100644 vitest.config.ts

diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
new file mode 100644
index 0000000..c148849
--- /dev/null
+++ b/.forgejo/workflows/ci.yml
@@ -0,0 +1,59 @@
+name: CI
+
+# Lance lint + typecheck + tests + build sur push/PR.
+#
+# Workflow dormant tant qu'aucun runner Forgejo n'est enregistré.
+# Pour activer :
+#   1) Sur git.cosmolan.fr, générer un token runner :
+#      Admin → Actions → Runners → Create new Runner Token
+#      (ou pour ce repo seul : Settings → Actions → Runners → Create)
+#   2) Sur la machine d'exécution :
+#        wget https://codeberg.org/forgejo/runner/releases/download/v6.7.0/forgejo-runner-6.7.0-linux-amd64
+#        chmod +x forgejo-runner-6.7.0-linux-amd64
+#        ./forgejo-runner-6.7.0-linux-amd64 register \
+#          --instance https://git.cosmolan.fr \
+#          --token <TOKEN> \
+#          --name karbe-ci \
+#          --labels "ubuntu-latest:docker://node:20"
+#   3) Démarrer :
+#        ./forgejo-runner-6.7.0-linux-amd64 daemon
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci --no-audit --no-fund
+
+      - name: Generate Prisma client
+        run: npx prisma generate
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Typecheck
+        run: npm run typecheck
+
+      - name: Test
+        run: npm test
+
+      - name: Build (smoke)
+        run: npm run build
+        env:
+          # Stubs nécessaires au build statique — pas de connexion réelle.
+          DATABASE_URL: "postgresql://stub:stub@localhost:5432/stub?schema=public"
+          NEXTAUTH_SECRET: "ci-secret-not-for-production"
+          AUTH_SECRET: "ci-secret-not-for-production"
+          NEXT_PUBLIC_SITE_URL: "https://example.invalid"
diff --git a/package-lock.json b/package-lock.json
index 547438e..eb5b2bd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -26,12 +26,14 @@
         "@types/node": "^20.19.41",
         "@types/react": "^19.2.15",
         "@types/react-dom": "^19.2.3",
+        "@vitest/coverage-v8": "^3.2.4",
         "dotenv": "^17.4.2",
         "eslint": "^9.39.4",
         "eslint-config-next": "^16.2.6",
         "prisma": "^7.8.0",
         "tailwindcss": "^4",
-        "typescript": "^5.9.3"
+        "typescript": "^5.9.3",
+        "vitest": "^3.2.4"
       }
     },
     "node_modules/@alloc/quick-lru": {
@@ -47,6 +49,20 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/@ampproject/remapping": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
+      "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@jridgewell/gen-mapping": "^0.3.5",
+        "@jridgewell/trace-mapping": "^0.3.24"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
     "node_modules/@auth/core": {
       "version": "0.41.2",
       "resolved": "https://registry.npmjs.org/@auth/core/-/core-0.41.2.tgz",
@@ -706,7 +722,7 @@
       "version": "7.29.7",
       "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
       "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
-      "dev": true,
+      "devOptional": true,
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
@@ -716,7 +732,7 @@
       "version": "7.29.7",
       "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
       "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
-      "dev": true,
+      "devOptional": true,
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
@@ -750,7 +766,7 @@
       "version": "7.29.7",
       "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
       "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
-      "dev": true,
+      "devOptional": true,
       "license": "MIT",
       "dependencies": {
         "@babel/types": "^7.29.7"
@@ -800,7 +816,7 @@
       "version": "7.29.7",
       "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
       "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
-      "dev": true,
+      "devOptional": true,
       "license": "MIT",
       "dependencies": {
         "@babel/helper-string-parser": "^7.29.7",
@@ -810,6 +826,16 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@bcoe/v8-coverage": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-1.0.2.tgz",
+      "integrity": "sha512-6zABk/ECA/QYSCQ1NGiVwwbQerUCZ+TQbp64Q3AgmfNvurHH0j8TtXa1qbShXA6qqkpAj4V5W8pP6mLe1mcMqA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/@electric-sql/pglite": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/@electric-sql/pglite/-/pglite-0.4.1.tgz",
@@ -873,6 +899,448 @@
         "tslib": "^2.4.0"
       }
     },
+    "node_modules/@esbuild/aix-ppc64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.12.tgz",
+      "integrity": "sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.12.tgz",
+      "integrity": "sha512-VJ+sKvNA/GE7Ccacc9Cha7bpS8nyzVv0jdVgwNDaR4gDMC/2TTRc33Ip8qrNYUcpkOHUT5OZ0bUcNNVZQ9RLlg==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.12.tgz",
+      "integrity": "sha512-6AAmLG7zwD1Z159jCKPvAxZd4y/VTO0VkprYy+3N2FtJ8+BQWFXU+OxARIwA46c5tdD9SsKGZ/1ocqBS/gAKHg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-x64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.12.tgz",
+      "integrity": "sha512-5jbb+2hhDHx5phYR2By8GTWEzn6I9UqR11Kwf22iKbNpYrsmRB18aX/9ivc5cabcUiAT/wM+YIZ6SG9QO6a8kg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-arm64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.12.tgz",
+      "integrity": "sha512-N3zl+lxHCifgIlcMUP5016ESkeQjLj/959RxxNYIthIg+CQHInujFuXeWbWMgnTo4cp5XVHqFPmpyu9J65C1Yg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-x64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.12.tgz",
+      "integrity": "sha512-HQ9ka4Kx21qHXwtlTUVbKJOAnmG1ipXhdWTmNXiPzPfWKpXqASVcWdnf2bnL73wgjNrFXAa3yYvBSd9pzfEIpA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.12.tgz",
+      "integrity": "sha512-gA0Bx759+7Jve03K1S0vkOu5Lg/85dou3EseOGUes8flVOGxbhDDh/iZaoek11Y8mtyKPGF3vP8XhnkDEAmzeg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.12.tgz",
+      "integrity": "sha512-TGbO26Yw2xsHzxtbVFGEXBFH0FRAP7gtcPE7P5yP7wGy7cXK2oO7RyOhL5NLiqTlBh47XhmIUXuGciXEqYFfBQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.12.tgz",
+      "integrity": "sha512-lPDGyC1JPDou8kGcywY0YILzWlhhnRjdof3UlcoqYmS9El818LLfJJc3PXXgZHrHCAKs/Z2SeZtDJr5MrkxtOw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.12.tgz",
+      "integrity": "sha512-8bwX7a8FghIgrupcxb4aUmYDLp8pX06rGh5HqDT7bB+8Rdells6mHvrFHHW2JAOPZUbnjUpKTLg6ECyzvas2AQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.12.tgz",
+      "integrity": "sha512-0y9KrdVnbMM2/vG8KfU0byhUN+EFCny9+8g202gYqSSVMonbsCfLjUO+rCci7pM0WBEtz+oK/PIwHkzxkyharA==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.12.tgz",
+      "integrity": "sha512-h///Lr5a9rib/v1GGqXVGzjL4TMvVTv+s1DPoxQdz7l/AYv6LDSxdIwzxkrPW438oUXiDtwM10o9PmwS/6Z0Ng==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.12.tgz",
+      "integrity": "sha512-iyRrM1Pzy9GFMDLsXn1iHUm18nhKnNMWscjmp4+hpafcZjrr2WbT//d20xaGljXDBYHqRcl8HnxbX6uaA/eGVw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.12.tgz",
+      "integrity": "sha512-9meM/lRXxMi5PSUqEXRCtVjEZBGwB7P/D4yT8UG/mwIdze2aV4Vo6U5gD3+RsoHXKkHCfSxZKzmDssVlRj1QQA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.12.tgz",
+      "integrity": "sha512-Zr7KR4hgKUpWAwb1f3o5ygT04MzqVrGEGXGLnj15YQDJErYu/BGg+wmFlIDOdJp0PmB0lLvxFIOXZgFRrdjR0w==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.12.tgz",
+      "integrity": "sha512-MsKncOcgTNvdtiISc/jZs/Zf8d0cl/t3gYWX8J9ubBnVOwlk65UIEEvgBORTiljloIWnBzLs4qhzPkJcitIzIg==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.12.tgz",
+      "integrity": "sha512-uqZMTLr/zR/ed4jIGnwSLkaHmPjOjJvnm6TVVitAa08SLS9Z0VM8wIRx7gWbJB5/J54YuIMInDquWyYvQLZkgw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.12.tgz",
+      "integrity": "sha512-xXwcTq4GhRM7J9A8Gv5boanHhRa/Q9KLVmcyXHCTaM4wKfIpWkdXiMog/KsnxzJ0A1+nD+zoecuzqPmCRyBGjg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.12.tgz",
+      "integrity": "sha512-Ld5pTlzPy3YwGec4OuHh1aCVCRvOXdH8DgRjfDy/oumVovmuSzWfnSJg+VtakB9Cm0gxNO9BzWkj6mtO1FMXkQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.12.tgz",
+      "integrity": "sha512-fF96T6KsBo/pkQI950FARU9apGNTSlZGsv1jZBAlcLL1MLjLNIWPBkj5NlSz8aAzYKg+eNqknrUJ24QBybeR5A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-x64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.12.tgz",
+      "integrity": "sha512-MZyXUkZHjQxUvzK7rN8DJ3SRmrVrke8ZyRusHlP+kuwqTcfWLyqMOE3sScPPyeIXN/mDJIfGXvcMqCgYKekoQw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openharmony-arm64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.12.tgz",
+      "integrity": "sha512-rm0YWsqUSRrjncSXGA7Zv78Nbnw4XL6/dzr20cyrQf7ZmRcsovpcRBdhD43Nuk3y7XIoW2OxMVvwuRvk9XdASg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/sunos-x64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.12.tgz",
+      "integrity": "sha512-3wGSCDyuTHQUzt0nV7bocDy72r2lI33QL3gkDNGkod22EsYl04sMf0qLb8luNKTOmgF/eDEDP5BFNwoBKH441w==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-arm64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.12.tgz",
+      "integrity": "sha512-rMmLrur64A7+DKlnSuwqUdRKyd3UE7oPJZmnljqEptesKM8wx9J8gx5u0+9Pq0fQQW8vqeKebwNXdfOyP+8Bsg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-ia32": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.12.tgz",
+      "integrity": "sha512-HkqnmmBoCbCwxUKKNPBixiWDGCpQGVsrQfJoVGYLPT41XWF8lHuE5N6WhVia2n4o5QK5M4tYr21827fNhi4byQ==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-x64": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.12.tgz",
+      "integrity": "sha512-alJC0uCZpTFrSL0CCDjcgleBXPnCrEAhTBILpeAp7M/OFgoqtAetfBzX0xM00MUsVVPpVjlPuMbREqnZCXaTnA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/@eslint-community/eslint-utils": {
       "version": "4.9.1",
       "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.1.tgz",
@@ -1562,6 +2030,34 @@
         "url": "https://opencollective.com/libvips"
       }
     },
+    "node_modules/@isaacs/cliui": {
+      "version": "8.0.2",
+      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
+      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^5.1.2",
+        "string-width-cjs": "npm:string-width@^4.2.0",
+        "strip-ansi": "^7.0.1",
+        "strip-ansi-cjs": "npm:strip-ansi@^6.0.1",
+        "wrap-ansi": "^8.1.0",
+        "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@istanbuljs/schema": {
+      "version": "0.1.6",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.6.tgz",
+      "integrity": "sha512-+Sg6GCR/wy1oSmQDFq4LQDAhm3ETKnorxN+y5nbLULOR3P0c14f2Wurzj3/xqPXtasLFfHd5iRFQ7AJt4KH2cw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/@jridgewell/gen-mapping": {
       "version": "0.3.13",
       "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
@@ -1851,6 +2347,17 @@
         "url": "https://github.com/sponsors/panva"
       }
     },
+    "node_modules/@pkgjs/parseargs": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
+      "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "engines": {
+        "node": ">=14"
+      }
+    },
     "node_modules/@prisma/adapter-pg": {
       "version": "7.8.0",
       "resolved": "https://registry.npmjs.org/@prisma/adapter-pg/-/adapter-pg-7.8.0.tgz",
@@ -2250,6 +2757,395 @@
         "react-dom": "^18.0 || ^19.0 || ^19.0.0-rc"
       }
     },
+    "node_modules/@rollup/rollup-android-arm-eabi": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.4.tgz",
+      "integrity": "sha512-F5QXMSiFebS9hKZj02XhWLLnRpJ3B3AROP0tWbFBSj+6kCbg5m9j5JoHKd4mmSVy5mS/IMQloYgYxCuJC0fxEQ==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-android-arm64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.4.tgz",
+      "integrity": "sha512-GxxTKApUpzRhof7poWvCJHRF51C67u1R7D6DiluBE8wKU1u5GWE8t+v81JvJYtbawoBFX1hLv5Ei4eVjkWokaw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-arm64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.4.tgz",
+      "integrity": "sha512-tua0TaJxMOB1R0V0RS1jFZ/RpURFDJIOR2A6jWwQeawuFyS4gBW+rntLRaQd0EQ4bd6Vp44Z2rXW+YYDBsj6IA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-x64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.4.tgz",
+      "integrity": "sha512-CSKq7MsP+5PFIcydhAiR1K0UhEI1A2jWXVKHPCBZ151yOutENwvnPocgVHkivu2kviURtCEB6zUQw0vs8RrhMg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-arm64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.4.tgz",
+      "integrity": "sha512-+O8OkVdyvXMtJEciu2wS/pzm1IxntEEQx3z5TAVy4l32G0etZn+RsA48ARRrFm6Ri8fvqPQfgrvNxSjKAbnd3g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-x64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.4.tgz",
+      "integrity": "sha512-Iw3oMskH3AfNuhU0MSN7vNbdi4me/NiYo2azqPz/Le16zHSa+3RRmliCMWWQmh4lcndccU40xcJuTYJZxNo/lw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.4.tgz",
+      "integrity": "sha512-EIPRXTVQpHyF8WOo219AD2yEltPehLTcTMz2fn6JsatLYSzQf00hj3rulF+yauOlF9/FtM2WpkT/hJh/KJFGhA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-musleabihf": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.4.tgz",
+      "integrity": "sha512-J3Yh9PzzF1Ovah2At+lHiGQdsYgArxBbXv/zHfSyaiFQEqvNv7DcW98pCrmdjCZBrqBiKrKKe2V+aaSGWuBe/w==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.4.tgz",
+      "integrity": "sha512-BFDEZMYfUvLn37ONE1yMBojPxnMlTFsdyNoqncT0qFq1mAfllL+ATMMJd8TeuVMiX84s1KbcxcZbXInmcO2mRg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.4.tgz",
+      "integrity": "sha512-pc9EYOSlOgdQ2uPl1o9PF6/kLSgaUosia7gOuS8mB69IxJvlclko1MECXysjs5ryez1/5zjYqx3+xYU0TU6R1A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.4.tgz",
+      "integrity": "sha512-NxnomyxYerDh5n4iLrNa+sH+Z+U4BMEE46V2PgQ/hoB909i8gV1M5wPojWg9fk1jWpO3IQnOs20K4wyZuFLEFQ==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.4.tgz",
+      "integrity": "sha512-nbJnQ8a3z1mtmrwImCYhc6BGpThAyYVRQxw9uKSKG4wR6aAYno9sVjJ0zaZcW9BPJX1GbrDPf+SvdWjgTuDmnw==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.4.tgz",
+      "integrity": "sha512-2EU6acNrQLd8tYvo/LXW535wupT3m6fo7HKo6lr7ktQoItxTyOL1ZCR/GfGCuXl2vR+zmfI6eRXkSemafv+iVg==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.4.tgz",
+      "integrity": "sha512-WeBtoMuaMxiiIrO2IYP3xs6GMWkJP2C0EoT8beTLkUPmzV1i/UcOSVw1d5r9KBODtHKilG5yFxsGRnBbK3wJ4A==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.4.tgz",
+      "integrity": "sha512-FJHFfqpKUI3A10WrWKiFbBZ7yVbGT4q4B5o1qKFFojqpaYoh9LrQgqWCmmcxQzVSXYtyB5bzkXrYzlHTs21MYA==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.4.tgz",
+      "integrity": "sha512-mcEl6CUT5IAUmQf1m9FYSmVqCJlpQ8r8eyftFUHG8i9OhY7BkBXSUdnLH5DOf0wCOjcP9v/QO93zpmF1SptCCw==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-s390x-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.4.tgz",
+      "integrity": "sha512-ynt3JxVd2w2buzoKDWIyiV1pJW93xlQic1THVLXilz429oijRpSHivZAgp65KBu+cMcgf1eVVjdnTLvPxgCuoQ==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.4.tgz",
+      "integrity": "sha512-Boiz5+MsaROEWDf+GGEwF8VMHGhlUoQMtIPjOgA5fv4osupqTVnJteQNKJwUcnUog2G55jYXH7KZFFiJe0TEzQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.4.tgz",
+      "integrity": "sha512-+qfSY27qIrFfI/Hom04KYFw3GKZSGU4lXus51wsb5EuySfFlWRwjkKWoE9emgRw/ukoT4Udsj4W/+xxG8VbPKg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-openbsd-x64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.4.tgz",
+      "integrity": "sha512-VpTfOPHgVXEBeeR8hZ2O0F3aSso+JDWqTWmTmzcQKted54IAdUVbxE+j/MVxUsKa8L20HJhv3vUezVPoquqWjA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-openharmony-arm64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.4.tgz",
+      "integrity": "sha512-IPOsh5aRYuLv/nkU51X10Bf75Bsf6+gZdx1X+QP5QM6lIJFHHqbHLG0uJn/hWthzo13UAc2umiUorqZy3axoZg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-arm64-msvc": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.4.tgz",
+      "integrity": "sha512-4QzE9E81OohJ/HKzHhsqU+zcYYojVOXlFMs1DdyMT6qXl/niOH7AVElmmEdUNHHS/oRkc++d5k6Vy85zFs0DEw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-ia32-msvc": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.4.tgz",
+      "integrity": "sha512-zTPgT1YuHHcd+Tmx7h8aml0FWFVelV5N54oHow9SLj+GfoDy/huQ+UV396N/C7KpMDMiPspRktzM1/0r1usYEA==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.4.tgz",
+      "integrity": "sha512-DRS4G7mi9lJxqEDezIkKCaUIKCrLUUDCUaCsTPCi/rtqaC6D/jjwslMQyiDU50Ka0JKpeXeRBFBAXwArY52vBw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-msvc": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.4.tgz",
+      "integrity": "sha512-QVTUovf40zgTqlFVrKA1uXMVvU2QWEFWfAH8Wdc48IxLvrJMQVMBRjuQyUpzZCDkakImib9eVazbWlC6ksWtJw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
     "node_modules/@rtsao/scc": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@rtsao/scc/-/scc-1.1.0.tgz",
@@ -2688,6 +3584,24 @@
         "tslib": "^2.4.0"
       }
     },
+    "node_modules/@types/chai": {
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/@types/chai/-/chai-5.2.3.tgz",
+      "integrity": "sha512-Mw558oeA9fFbv65/y4mHtXDs9bPnFMZAL/jxdPFUpOHHIXX91mcgEHbS5Lahr+pwZFR8A7GQleRWeI6cGFC2UA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/deep-eql": "*",
+        "assertion-error": "^2.0.1"
+      }
+    },
+    "node_modules/@types/deep-eql": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/@types/deep-eql/-/deep-eql-4.0.2.tgz",
+      "integrity": "sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@types/estree": {
       "version": "1.0.9",
       "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.9.tgz",
@@ -3357,6 +4271,155 @@
         "win32"
       ]
     },
+    "node_modules/@vitest/coverage-v8": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-3.2.4.tgz",
+      "integrity": "sha512-EyF9SXU6kS5Ku/U82E259WSnvg6c8KTjppUncuNdm5QHpe17mwREHnjDzozC8x9MZ0xfBUFSaLkRv4TMA75ALQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@ampproject/remapping": "^2.3.0",
+        "@bcoe/v8-coverage": "^1.0.2",
+        "ast-v8-to-istanbul": "^0.3.3",
+        "debug": "^4.4.1",
+        "istanbul-lib-coverage": "^3.2.2",
+        "istanbul-lib-report": "^3.0.1",
+        "istanbul-lib-source-maps": "^5.0.6",
+        "istanbul-reports": "^3.1.7",
+        "magic-string": "^0.30.17",
+        "magicast": "^0.3.5",
+        "std-env": "^3.9.0",
+        "test-exclude": "^7.0.1",
+        "tinyrainbow": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "@vitest/browser": "3.2.4",
+        "vitest": "3.2.4"
+      },
+      "peerDependenciesMeta": {
+        "@vitest/browser": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@vitest/expect": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-3.2.4.tgz",
+      "integrity": "sha512-Io0yyORnB6sikFlt8QW5K7slY4OjqNX9jmJQ02QDda8lyM6B5oNgVWoSoKPac8/kgnCUzuHQKrSLtu/uOqqrig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/chai": "^5.2.2",
+        "@vitest/spy": "3.2.4",
+        "@vitest/utils": "3.2.4",
+        "chai": "^5.2.0",
+        "tinyrainbow": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/mocker": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-3.2.4.tgz",
+      "integrity": "sha512-46ryTE9RZO/rfDd7pEqFl7etuyzekzEhUbTW3BvmeO/BcCMEgq59BKhek3dXDWgAj4oMK6OZi+vRr1wPW6qjEQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/spy": "3.2.4",
+        "estree-walker": "^3.0.3",
+        "magic-string": "^0.30.17"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "msw": "^2.4.9",
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0"
+      },
+      "peerDependenciesMeta": {
+        "msw": {
+          "optional": true
+        },
+        "vite": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@vitest/pretty-format": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-3.2.4.tgz",
+      "integrity": "sha512-IVNZik8IVRJRTr9fxlitMKeJeXFFFN0JaB9PHPGQ8NKQbGpfjlTx9zO4RefN8gp7eqjNy8nyK3NZmBzOPeIxtA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tinyrainbow": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/runner": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-3.2.4.tgz",
+      "integrity": "sha512-oukfKT9Mk41LreEW09vt45f8wx7DordoWUZMYdY/cyAk7w5TWkTRCNZYF7sX7n2wB7jyGAl74OxgwhPgKaqDMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/utils": "3.2.4",
+        "pathe": "^2.0.3",
+        "strip-literal": "^3.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/snapshot": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-3.2.4.tgz",
+      "integrity": "sha512-dEYtS7qQP2CjU27QBC5oUOxLE/v5eLkGqPE0ZKEIDGMs4vKWe7IjgLOeauHsR0D5YuuycGRO5oSRXnwnmA78fQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/pretty-format": "3.2.4",
+        "magic-string": "^0.30.17",
+        "pathe": "^2.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/spy": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-3.2.4.tgz",
+      "integrity": "sha512-vAfasCOe6AIK70iP5UD11Ac4siNUNJ9i/9PZ3NKx07sG6sUxeag1LWdNrMWeKKYBLlzuK+Gn65Yd5nyL6ds+nw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tinyspy": "^4.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/utils": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-3.2.4.tgz",
+      "integrity": "sha512-fB2V0JFrQSMsCo9HiSq3Ezpdv4iYaXRG1Sx8edX3MwxfyNn83mKiGzOcH+Fkxt4MHxr3y42fQi1oeAInqgX2QA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/pretty-format": "3.2.4",
+        "loupe": "^3.1.4",
+        "tinyrainbow": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
     "node_modules/acorn": {
       "version": "8.16.0",
       "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz",
@@ -3397,6 +4460,19 @@
         "url": "https://github.com/sponsors/epoberezkin"
       }
     },
+    "node_modules/ansi-regex": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
+      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
     "node_modules/ansi-styles": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
@@ -3590,6 +4666,16 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/assertion-error": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-2.0.1.tgz",
+      "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      }
+    },
     "node_modules/ast-types-flow": {
       "version": "0.0.8",
       "resolved": "https://registry.npmjs.org/ast-types-flow/-/ast-types-flow-0.0.8.tgz",
@@ -3597,6 +4683,25 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/ast-v8-to-istanbul": {
+      "version": "0.3.12",
+      "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-0.3.12.tgz",
+      "integrity": "sha512-BRRC8VRZY2R4Z4lFIL35MwNXmwVqBityvOIwETtsCSwvjl0IdgFsy9NhdaA6j74nUdtJJlIypeRhpDam19Wq3g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.31",
+        "estree-walker": "^3.0.3",
+        "js-tokens": "^10.0.0"
+      }
+    },
+    "node_modules/ast-v8-to-istanbul/node_modules/js-tokens": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-10.0.0.tgz",
+      "integrity": "sha512-lM/UBzQmfJRo9ABXbPWemivdCW8V2G8FHaHdypQaIy523snUjog0W71ayWXTjiR+ixeMyVHN2XcpnTd/liPg/Q==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/async-function": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/async-function/-/async-function-1.0.0.tgz",
@@ -3781,6 +4886,16 @@
         }
       }
     },
+    "node_modules/cac": {
+      "version": "6.7.14",
+      "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
+      "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/call-bind": {
       "version": "1.0.9",
       "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.9.tgz",
@@ -3859,6 +4974,23 @@
       ],
       "license": "CC-BY-4.0"
     },
+    "node_modules/chai": {
+      "version": "5.3.3",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-5.3.3.tgz",
+      "integrity": "sha512-4zNhdJD/iOjSH0A05ea+Ke6MU5mmpQcbQsSOkgdaUMJ9zTlDTD/GYlwohmIE2u0gaxHYiVHEn1Fw9mZ/ktJWgw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "assertion-error": "^2.0.1",
+        "check-error": "^2.1.1",
+        "deep-eql": "^5.0.1",
+        "loupe": "^3.1.0",
+        "pathval": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/chalk": {
       "version": "4.1.2",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
@@ -3889,6 +5021,16 @@
         "pnpm": ">=8"
       }
     },
+    "node_modules/check-error": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/check-error/-/check-error-2.1.3.tgz",
+      "integrity": "sha512-PAJdDJusoxnwm1VwW07VWwUN1sl7smmC3OKggvndJFadxxDRyFJBX/ggnu/KE4kQAB7a3Dp8f/YXC1FlUprWmA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 16"
+      }
+    },
     "node_modules/chokidar": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-5.0.0.tgz",
@@ -4053,6 +5195,16 @@
         }
       }
     },
+    "node_modules/deep-eql": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-5.0.2.tgz",
+      "integrity": "sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/deep-is": {
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
@@ -4244,6 +5396,13 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/eastasianwidth": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
+      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/effect": {
       "version": "3.20.0",
       "resolved": "https://registry.npmjs.org/effect/-/effect-3.20.0.tgz",
@@ -4433,6 +5592,13 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/es-module-lexer": {
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz",
+      "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/es-object-atoms": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.2.tgz",
@@ -4492,6 +5658,48 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/esbuild": {
+      "version": "0.25.12",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.12.tgz",
+      "integrity": "sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.25.12",
+        "@esbuild/android-arm": "0.25.12",
+        "@esbuild/android-arm64": "0.25.12",
+        "@esbuild/android-x64": "0.25.12",
+        "@esbuild/darwin-arm64": "0.25.12",
+        "@esbuild/darwin-x64": "0.25.12",
+        "@esbuild/freebsd-arm64": "0.25.12",
+        "@esbuild/freebsd-x64": "0.25.12",
+        "@esbuild/linux-arm": "0.25.12",
+        "@esbuild/linux-arm64": "0.25.12",
+        "@esbuild/linux-ia32": "0.25.12",
+        "@esbuild/linux-loong64": "0.25.12",
+        "@esbuild/linux-mips64el": "0.25.12",
+        "@esbuild/linux-ppc64": "0.25.12",
+        "@esbuild/linux-riscv64": "0.25.12",
+        "@esbuild/linux-s390x": "0.25.12",
+        "@esbuild/linux-x64": "0.25.12",
+        "@esbuild/netbsd-arm64": "0.25.12",
+        "@esbuild/netbsd-x64": "0.25.12",
+        "@esbuild/openbsd-arm64": "0.25.12",
+        "@esbuild/openbsd-x64": "0.25.12",
+        "@esbuild/openharmony-arm64": "0.25.12",
+        "@esbuild/sunos-x64": "0.25.12",
+        "@esbuild/win32-arm64": "0.25.12",
+        "@esbuild/win32-ia32": "0.25.12",
+        "@esbuild/win32-x64": "0.25.12"
+      }
+    },
     "node_modules/escalade": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
@@ -4911,6 +6119,16 @@
         "node": ">=4.0"
       }
     },
+    "node_modules/estree-walker": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz",
+      "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "^1.0.0"
+      }
+    },
     "node_modules/esutils": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
@@ -4921,6 +6139,16 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/expect-type": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
+      "integrity": "sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
     "node_modules/exsolve": {
       "version": "1.0.8",
       "resolved": "https://registry.npmjs.org/exsolve/-/exsolve-1.0.8.tgz",
@@ -5163,6 +6391,21 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
     "node_modules/function-bind": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
@@ -5318,6 +6561,28 @@
         "giget": "dist/cli.mjs"
       }
     },
+    "node_modules/glob": {
+      "version": "10.5.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
+      "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "foreground-child": "^3.1.0",
+        "jackspeak": "^3.1.2",
+        "minimatch": "^9.0.4",
+        "minipass": "^7.1.2",
+        "package-json-from-dist": "^1.0.0",
+        "path-scurry": "^1.11.1"
+      },
+      "bin": {
+        "glob": "dist/esm/bin.mjs"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/glob-parent": {
       "version": "6.0.2",
       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
@@ -5331,6 +6596,32 @@
         "node": ">=10.13.0"
       }
     },
+    "node_modules/glob/node_modules/brace-expansion": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.1.tgz",
+      "integrity": "sha512-WR1cURNjuvBLMZBMbqM0UoE+WAfdUcEV1ccD8PVBVOI+Z3ND4+SZbN8RsfT2bMuG1qwz5RFvPukSZm5fF2D5eA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/glob/node_modules/minimatch": {
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/globals": {
       "version": "14.0.0",
       "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz",
@@ -5513,6 +6804,13 @@
         "node": ">=16.9.0"
       }
     },
+    "node_modules/html-escaper": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
+      "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/html-to-text": {
       "version": "9.0.5",
       "resolved": "https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz",
@@ -5808,6 +7106,16 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/is-generator-function": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.1.2.tgz",
@@ -6060,6 +7368,60 @@
       "devOptional": true,
       "license": "ISC"
     },
+    "node_modules/istanbul-lib-coverage": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz",
+      "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-report": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz",
+      "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "istanbul-lib-coverage": "^3.0.0",
+        "make-dir": "^4.0.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/istanbul-lib-source-maps": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-5.0.6.tgz",
+      "integrity": "sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.23",
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/istanbul-reports": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.2.0.tgz",
+      "integrity": "sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "html-escaper": "^2.0.0",
+        "istanbul-lib-report": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/iterator.prototype": {
       "version": "1.1.5",
       "resolved": "https://registry.npmjs.org/iterator.prototype/-/iterator.prototype-1.1.5.tgz",
@@ -6078,6 +7440,22 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/jackspeak": {
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz",
+      "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "@isaacs/cliui": "^8.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      },
+      "optionalDependencies": {
+        "@pkgjs/parseargs": "^0.11.0"
+      }
+    },
     "node_modules/jiti": {
       "version": "2.7.0",
       "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.7.0.tgz",
@@ -6537,6 +7915,13 @@
         "loose-envify": "cli.js"
       }
     },
+    "node_modules/loupe": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/loupe/-/loupe-3.2.1.tgz",
+      "integrity": "sha512-CdzqowRJCeLU72bHvWqwRBBlLcMEtIvGrlvef74kMnV2AolS9Y8xUv1I0U/MNAWMhBlKIoyuEgoJ0t/bbwHbLQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/lru-cache": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
@@ -6573,6 +7958,47 @@
         "@jridgewell/sourcemap-codec": "^1.5.5"
       }
     },
+    "node_modules/magicast": {
+      "version": "0.3.5",
+      "resolved": "https://registry.npmjs.org/magicast/-/magicast-0.3.5.tgz",
+      "integrity": "sha512-L0WhttDl+2BOsybvEOLK7fW3UA0OQ0IQ2d6Zl2x/a6vVRs3bAY0ECOSHHeL5jD+SbOpOCUEi0y1DgHEn9Qn1AQ==",
+      "devOptional": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.25.4",
+        "@babel/types": "^7.25.4",
+        "source-map-js": "^1.2.0"
+      }
+    },
+    "node_modules/make-dir": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz",
+      "integrity": "sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.5.3"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/make-dir/node_modules/semver": {
+      "version": "7.8.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz",
+      "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/math-intrinsics": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
@@ -6629,6 +8055,16 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/minipass": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz",
+      "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      }
+    },
     "node_modules/ms": {
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
@@ -7054,6 +8490,13 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/package-json-from-dist": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz",
+      "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==",
+      "dev": true,
+      "license": "BlueOak-1.0.0"
+    },
     "node_modules/parent-module": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
@@ -7122,6 +8565,30 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/path-scurry": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
+      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "lru-cache": "^10.2.0",
+        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/path-scurry/node_modules/lru-cache": {
+      "version": "10.4.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
+      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
+      "dev": true,
+      "license": "ISC"
+    },
     "node_modules/pathe": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz",
@@ -7129,6 +8596,16 @@
       "devOptional": true,
       "license": "MIT"
     },
+    "node_modules/pathval": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/pathval/-/pathval-2.0.1.tgz",
+      "integrity": "sha512-//nshmD55c46FuFw26xV/xFAaB5HF9Xdap7HJBBnrKdAd6/GxDBaNA1870O79+9ueg61cZLSVc+OaFlfmObYVQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.16"
+      }
+    },
     "node_modules/peberminta": {
       "version": "0.9.0",
       "resolved": "https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz",
@@ -7747,6 +9224,58 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/rollup": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.4.tgz",
+      "integrity": "sha512-WHeFSbZYsPu3+bLoNRUuAO+wavNlocOPf3wSHTP7hcFKVnJeWsYlCDbr3mTS14FCizf9ccIxXA8sGL8zKeQN3g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "1.0.8"
+      },
+      "bin": {
+        "rollup": "dist/bin/rollup"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "npm": ">=8.0.0"
+      },
+      "optionalDependencies": {
+        "@rollup/rollup-android-arm-eabi": "4.60.4",
+        "@rollup/rollup-android-arm64": "4.60.4",
+        "@rollup/rollup-darwin-arm64": "4.60.4",
+        "@rollup/rollup-darwin-x64": "4.60.4",
+        "@rollup/rollup-freebsd-arm64": "4.60.4",
+        "@rollup/rollup-freebsd-x64": "4.60.4",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.60.4",
+        "@rollup/rollup-linux-arm-musleabihf": "4.60.4",
+        "@rollup/rollup-linux-arm64-gnu": "4.60.4",
+        "@rollup/rollup-linux-arm64-musl": "4.60.4",
+        "@rollup/rollup-linux-loong64-gnu": "4.60.4",
+        "@rollup/rollup-linux-loong64-musl": "4.60.4",
+        "@rollup/rollup-linux-ppc64-gnu": "4.60.4",
+        "@rollup/rollup-linux-ppc64-musl": "4.60.4",
+        "@rollup/rollup-linux-riscv64-gnu": "4.60.4",
+        "@rollup/rollup-linux-riscv64-musl": "4.60.4",
+        "@rollup/rollup-linux-s390x-gnu": "4.60.4",
+        "@rollup/rollup-linux-x64-gnu": "4.60.4",
+        "@rollup/rollup-linux-x64-musl": "4.60.4",
+        "@rollup/rollup-openbsd-x64": "4.60.4",
+        "@rollup/rollup-openharmony-arm64": "4.60.4",
+        "@rollup/rollup-win32-arm64-msvc": "4.60.4",
+        "@rollup/rollup-win32-ia32-msvc": "4.60.4",
+        "@rollup/rollup-win32-x64-gnu": "4.60.4",
+        "@rollup/rollup-win32-x64-msvc": "4.60.4",
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/rollup/node_modules/@types/estree": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
+      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/run-parallel": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
@@ -8069,6 +9598,13 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/siginfo": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz",
+      "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==",
+      "dev": true,
+      "license": "ISC"
+    },
     "node_modules/signal-exit": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
@@ -8117,6 +9653,13 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/stackback": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz",
+      "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/std-env": {
       "version": "3.10.0",
       "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz",
@@ -8138,6 +9681,70 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/string-width": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
+      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "eastasianwidth": "^0.2.0",
+        "emoji-regex": "^9.2.2",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/string-width-cjs": {
+      "name": "string-width",
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/string-width-cjs/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/string-width-cjs/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/string-width-cjs/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/string.prototype.includes": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/string.prototype.includes/-/string.prototype.includes-2.0.1.tgz",
@@ -8251,6 +9858,46 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/strip-ansi": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^6.2.2"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "node_modules/strip-ansi-cjs": {
+      "name": "strip-ansi",
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi-cjs/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/strip-bom": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
@@ -8274,6 +9921,26 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/strip-literal": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-3.1.0.tgz",
+      "integrity": "sha512-8r3mkIM/2+PpjHoOtiAW8Rg3jJLHaV7xPwG+YRGrv6FP0wwk/toTpATxWYOW0BKdWwl82VT2tFYi5DlROa0Mxg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "js-tokens": "^9.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/strip-literal/node_modules/js-tokens": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.1.tgz",
+      "integrity": "sha512-mxa9E9ITFOt0ban3j6L5MpjwegGz6lBQmM1IJkWeBZGcMxto50+eWdjC/52xDbS2vy0k7vIMK0Fe2wfL9OQSpQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/stripe": {
       "version": "18.5.0",
       "resolved": "https://registry.npmjs.org/stripe/-/stripe-18.5.0.tgz",
@@ -8376,6 +10043,74 @@
         "url": "https://opencollective.com/webpack"
       }
     },
+    "node_modules/test-exclude": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-7.0.2.tgz",
+      "integrity": "sha512-u9E6A+ZDYdp7a4WnarkXPZOx8Ilz46+kby6p1yZ8zsGTz9gYa6FIS7lj2oezzNKmtdyyJNNmmXDppga5GB7kSw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@istanbuljs/schema": "^0.1.2",
+        "glob": "^10.4.1",
+        "minimatch": "^10.2.2"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/test-exclude/node_modules/balanced-match": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/test-exclude/node_modules/brace-expansion": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/test-exclude/node_modules/minimatch": {
+      "version": "10.2.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "brace-expansion": "^5.0.5"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/tinybench": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz",
+      "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/tinyexec": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-0.3.2.tgz",
+      "integrity": "sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/tinyglobby": {
       "version": "0.2.16",
       "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz",
@@ -8424,6 +10159,36 @@
         "url": "https://github.com/sponsors/jonschlinkert"
       }
     },
+    "node_modules/tinypool": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.1.1.tgz",
+      "integrity": "sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      }
+    },
+    "node_modules/tinyrainbow": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-2.0.0.tgz",
+      "integrity": "sha512-op4nsTR47R6p0vMUUoYl/a+ljLFVtlfaXkLQmqfLR1qHma1h/ysYk4hEXZ880bf2CYgTskvTa/e196Vd5dDQXw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/tinyspy": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-4.0.4.tgz",
+      "integrity": "sha512-azl+t0z7pw/z958Gy9svOTuzqIk6xq+NSheJzn5MMWtWTFywIacg2wUlzKFGtt3cthx0r2SxMK0yzJOR0IES7Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
@@ -8730,6 +10495,221 @@
         }
       }
     },
+    "node_modules/vite": {
+      "version": "6.4.2",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-6.4.2.tgz",
+      "integrity": "sha512-2N/55r4JDJ4gdrCvGgINMy+HH3iRpNIz8K6SFwVsA+JbQScLiC+clmAxBgwiSPgcG9U15QmvqCGWzMbqda5zGQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "^0.25.0",
+        "fdir": "^6.4.4",
+        "picomatch": "^4.0.2",
+        "postcss": "^8.5.3",
+        "rollup": "^4.34.9",
+        "tinyglobby": "^0.2.13"
+      },
+      "bin": {
+        "vite": "bin/vite.js"
+      },
+      "engines": {
+        "node": "^18.0.0 || ^20.0.0 || >=22.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/vitejs/vite?sponsor=1"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      },
+      "peerDependencies": {
+        "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0",
+        "jiti": ">=1.21.0",
+        "less": "*",
+        "lightningcss": "^1.21.0",
+        "sass": "*",
+        "sass-embedded": "*",
+        "stylus": "*",
+        "sugarss": "*",
+        "terser": "^5.16.0",
+        "tsx": "^4.8.1",
+        "yaml": "^2.4.2"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "jiti": {
+          "optional": true
+        },
+        "less": {
+          "optional": true
+        },
+        "lightningcss": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        },
+        "stylus": {
+          "optional": true
+        },
+        "sugarss": {
+          "optional": true
+        },
+        "terser": {
+          "optional": true
+        },
+        "tsx": {
+          "optional": true
+        },
+        "yaml": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vite-node": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-3.2.4.tgz",
+      "integrity": "sha512-EbKSKh+bh1E1IFxeO0pg1n4dvoOTt0UDiXMd/qn++r98+jPO1xtJilvXldeuQ8giIB5IkpjCgMleHMNEsGH6pg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cac": "^6.7.14",
+        "debug": "^4.4.1",
+        "es-module-lexer": "^1.7.0",
+        "pathe": "^2.0.3",
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0"
+      },
+      "bin": {
+        "vite-node": "vite-node.mjs"
+      },
+      "engines": {
+        "node": "^18.0.0 || ^20.0.0 || >=22.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/vite/node_modules/fdir": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
+      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "picomatch": "^3 || ^4"
+      },
+      "peerDependenciesMeta": {
+        "picomatch": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vite/node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/vitest": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-3.2.4.tgz",
+      "integrity": "sha512-LUCP5ev3GURDysTWiP47wRRUpLKMOfPh+yKTx3kVIEiu5KOMeqzpnYNsKyOoVrULivR8tLcks4+lga33Whn90A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/chai": "^5.2.2",
+        "@vitest/expect": "3.2.4",
+        "@vitest/mocker": "3.2.4",
+        "@vitest/pretty-format": "^3.2.4",
+        "@vitest/runner": "3.2.4",
+        "@vitest/snapshot": "3.2.4",
+        "@vitest/spy": "3.2.4",
+        "@vitest/utils": "3.2.4",
+        "chai": "^5.2.0",
+        "debug": "^4.4.1",
+        "expect-type": "^1.2.1",
+        "magic-string": "^0.30.17",
+        "pathe": "^2.0.3",
+        "picomatch": "^4.0.2",
+        "std-env": "^3.9.0",
+        "tinybench": "^2.9.0",
+        "tinyexec": "^0.3.2",
+        "tinyglobby": "^0.2.14",
+        "tinypool": "^1.1.1",
+        "tinyrainbow": "^2.0.0",
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0",
+        "vite-node": "3.2.4",
+        "why-is-node-running": "^2.3.0"
+      },
+      "bin": {
+        "vitest": "vitest.mjs"
+      },
+      "engines": {
+        "node": "^18.0.0 || ^20.0.0 || >=22.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "@edge-runtime/vm": "*",
+        "@types/debug": "^4.1.12",
+        "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0",
+        "@vitest/browser": "3.2.4",
+        "@vitest/ui": "3.2.4",
+        "happy-dom": "*",
+        "jsdom": "*"
+      },
+      "peerDependenciesMeta": {
+        "@edge-runtime/vm": {
+          "optional": true
+        },
+        "@types/debug": {
+          "optional": true
+        },
+        "@types/node": {
+          "optional": true
+        },
+        "@vitest/browser": {
+          "optional": true
+        },
+        "@vitest/ui": {
+          "optional": true
+        },
+        "happy-dom": {
+          "optional": true
+        },
+        "jsdom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vitest/node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
     "node_modules/which": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
@@ -8835,6 +10815,23 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/why-is-node-running": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz",
+      "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "siginfo": "^2.0.0",
+        "stackback": "0.0.2"
+      },
+      "bin": {
+        "why-is-node-running": "cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/word-wrap": {
       "version": "1.2.5",
       "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
@@ -8845,6 +10842,101 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/wrap-ansi": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
+      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^6.1.0",
+        "string-width": "^5.0.1",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi-cjs": {
+      "name": "wrap-ansi",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi-cjs/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/wrap-ansi-cjs/node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/ansi-styles": {
+      "version": "6.2.3",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz",
+      "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
     "node_modules/xml-naming": {
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/xml-naming/-/xml-naming-0.1.0.tgz",
diff --git a/package.json b/package.json
index e02165a..6a33258 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,10 @@
     "build": "next build",
     "start": "next start",
     "lint": "eslint",
-    "postinstall": "prisma generate"
+    "postinstall": "prisma generate",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.1056.0",
@@ -27,11 +30,13 @@
     "@types/node": "^20.19.41",
     "@types/react": "^19.2.15",
     "@types/react-dom": "^19.2.3",
+    "@vitest/coverage-v8": "^3.2.4",
     "dotenv": "^17.4.2",
     "eslint": "^9.39.4",
     "eslint-config-next": "^16.2.6",
     "prisma": "^7.8.0",
     "tailwindcss": "^4",
-    "typescript": "^5.9.3"
+    "typescript": "^5.9.3",
+    "vitest": "^3.2.4"
   }
-}
+}
\ No newline at end of file
diff --git a/src/app/api/health/route.ts b/src/app/api/health/route.ts
index 5f5ced5..776677d 100644
--- a/src/app/api/health/route.ts
+++ b/src/app/api/health/route.ts
@@ -1,7 +1,101 @@
 import { NextResponse } from "next/server";
+import { S3Client, HeadBucketCommand } from "@aws-sdk/client-s3";
+
+import { prisma } from "@/lib/prisma";
 
 export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+type Probe = {
+  name: string;
+  ok: boolean;
+  latencyMs: number;
+  details?: string;
+};
+
+async function probeDb(): Promise<Probe> {
+  const t0 = Date.now();
+  try {
+    await prisma.$queryRaw`SELECT 1 AS ok`;
+    return { name: "database", ok: true, latencyMs: Date.now() - t0 };
+  } catch (e) {
+    return {
+      name: "database",
+      ok: false,
+      latencyMs: Date.now() - t0,
+      details: e instanceof Error ? e.message : String(e),
+    };
+  }
+}
+
+async function probeS3(): Promise<Probe> {
+  const t0 = Date.now();
+  const bucket = process.env.S3_BUCKET;
+  const endpoint = process.env.S3_ENDPOINT;
+  if (!bucket || !endpoint) {
+    return { name: "s3", ok: false, latencyMs: 0, details: "S3_BUCKET ou S3_ENDPOINT manquant" };
+  }
+  try {
+    const client = new S3Client({
+      endpoint,
+      region: process.env.S3_REGION ?? "us-east-1",
+      forcePathStyle: (process.env.S3_FORCE_PATH_STYLE ?? "false") === "true",
+      credentials: {
+        accessKeyId: process.env.MINIO_ROOT_USER ?? process.env.S3_ACCESS_KEY ?? "",
+        secretAccessKey: process.env.MINIO_ROOT_PASSWORD ?? process.env.S3_SECRET_KEY ?? "",
+      },
+    });
+    await client.send(new HeadBucketCommand({ Bucket: bucket }));
+    return { name: "s3", ok: true, latencyMs: Date.now() - t0 };
+  } catch (e) {
+    return {
+      name: "s3",
+      ok: false,
+      latencyMs: Date.now() - t0,
+      details: e instanceof Error ? e.message : String(e),
+    };
+  }
+}
+
+function probeResend(): Probe {
+  return {
+    name: "resend",
+    ok: Boolean(process.env.RESEND_API_KEY?.trim()),
+    latencyMs: 0,
+    details: process.env.RESEND_API_KEY ? undefined : "RESEND_API_KEY non configuré (dry-run)",
+  };
+}
+
+function probeStripe(): Probe {
+  const key = (process.env.STRIPE_SECRET_KEY ?? "").trim();
+  const configured = key.length > 0 && !key.includes("REPLACE_ME");
+  return {
+    name: "stripe",
+    ok: configured,
+    latencyMs: 0,
+    details: configured ? undefined : "STRIPE_SECRET_KEY non configuré",
+  };
+}
 
 export async function GET() {
-  return NextResponse.json({ status: "ok" });
+  const t0 = Date.now();
+  const [db, s3] = await Promise.all([probeDb(), probeS3()]);
+  const resend = probeResend();
+  const stripe = probeStripe();
+  const probes = [db, s3, resend, stripe];
+
+  // DB est critique (503 si down). Le reste = non bloquant.
+  const critical = db.ok;
+  const status = critical ? 200 : 503;
+
+  return NextResponse.json(
+    {
+      status: critical ? "ok" : "degraded",
+      version: process.env.DEPLOYMENT_VERSION ?? "unknown",
+      uptimeSeconds: Math.round(process.uptime()),
+      latencyMs: Date.now() - t0,
+      probes,
+    },
+    { status },
+  );
 }
diff --git a/src/app/api/metrics/route.ts b/src/app/api/metrics/route.ts
new file mode 100644
index 0000000..6bbae30
--- /dev/null
+++ b/src/app/api/metrics/route.ts
@@ -0,0 +1,78 @@
+import { NextResponse } from "next/server";
+
+import { BookingStatus, CarbetStatus, UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+/**
+ * Metrics publiques, agrégées (jamais de PII).
+ * Format JSON simple — consommable par un script cron ou un dashboard léger.
+ */
+export async function GET() {
+  const now = new Date();
+  const last24h = new Date(now.getTime() - 86_400_000);
+  const last7d = new Date(now.getTime() - 7 * 86_400_000);
+  const last30d = new Date(now.getTime() - 30 * 86_400_000);
+
+  const [
+    carbetsPublished,
+    carbetsTotal,
+    bookings24h,
+    bookings7d,
+    bookings30d,
+    bookingsByStatus,
+    usersTotal,
+    usersByRole,
+    mediaTotal,
+    auditLast24h,
+  ] = await Promise.all([
+    prisma.carbet.count({ where: { status: CarbetStatus.PUBLISHED } }),
+    prisma.carbet.count(),
+    prisma.booking.count({ where: { createdAt: { gte: last24h } } }),
+    prisma.booking.count({ where: { createdAt: { gte: last7d } } }),
+    prisma.booking.count({ where: { createdAt: { gte: last30d } } }),
+    prisma.booking.groupBy({
+      by: ["status"],
+      _count: { _all: true },
+    }),
+    prisma.user.count(),
+    prisma.user.groupBy({
+      by: ["role"],
+      _count: { _all: true },
+    }),
+    prisma.media.count(),
+    prisma.auditLog.count({ where: { createdAt: { gte: last24h } } }),
+  ]);
+
+  return NextResponse.json({
+    generatedAt: now.toISOString(),
+    carbets: {
+      total: carbetsTotal,
+      published: carbetsPublished,
+    },
+    bookings: {
+      last24h: bookings24h,
+      last7d: bookings7d,
+      last30d: bookings30d,
+      byStatus: Object.fromEntries(
+        Object.values(BookingStatus).map((s) => [
+          s,
+          bookingsByStatus.find((b) => b.status === s)?._count._all ?? 0,
+        ]),
+      ),
+    },
+    users: {
+      total: usersTotal,
+      byRole: Object.fromEntries(
+        Object.values(UserRole).map((r) => [
+          r,
+          usersByRole.find((u) => u.role === r)?._count._all ?? 0,
+        ]),
+      ),
+    },
+    media: { total: mediaTotal },
+    audit: { last24h: auditLast24h },
+  });
+}
diff --git a/tests/lib/booking.test.ts b/tests/lib/booking.test.ts
new file mode 100644
index 0000000..b25c14d
--- /dev/null
+++ b/tests/lib/booking.test.ts
@@ -0,0 +1,107 @@
+import { describe, it, expect } from "vitest";
+
+import {
+  DAY_MS,
+  enumerateUtcDays,
+  hasOverlap,
+  isPublicAllowedByDefaultPolicy,
+  isWeekendUtcDay,
+  normalizeUtcDayStart,
+  parseIsoDate,
+} from "@/lib/booking";
+
+describe("parseIsoDate", () => {
+  it("accepts ISO YYYY-MM-DD", () => {
+    const d = parseIsoDate("2026-06-15");
+    expect(d).toBeInstanceOf(Date);
+    expect(d?.toISOString().startsWith("2026-06-15")).toBe(true);
+  });
+
+  it("returns null for garbage input", () => {
+    expect(parseIsoDate("not a date")).toBeNull();
+    expect(parseIsoDate(null)).toBeNull();
+    expect(parseIsoDate(undefined)).toBeNull();
+    expect(parseIsoDate(123)).toBeNull();
+  });
+});
+
+describe("normalizeUtcDayStart", () => {
+  it("zeroes out time components", () => {
+    const d = new Date("2026-06-15T17:30:45.123Z");
+    const n = normalizeUtcDayStart(d);
+    expect(n.getUTCHours()).toBe(0);
+    expect(n.getUTCMinutes()).toBe(0);
+    expect(n.getUTCSeconds()).toBe(0);
+    expect(n.getUTCMilliseconds()).toBe(0);
+    expect(n.toISOString().slice(0, 10)).toBe("2026-06-15");
+  });
+});
+
+describe("hasOverlap", () => {
+  const d = (iso: string) => new Date(iso);
+
+  it("detects partial overlap", () => {
+    expect(
+      hasOverlap(d("2026-06-10"), d("2026-06-15"), d("2026-06-13"), d("2026-06-20")),
+    ).toBe(true);
+  });
+
+  it("returns false for adjacent intervals (touching)", () => {
+    expect(
+      hasOverlap(d("2026-06-10"), d("2026-06-15"), d("2026-06-15"), d("2026-06-20")),
+    ).toBe(false);
+  });
+
+  it("returns false for fully separate", () => {
+    expect(
+      hasOverlap(d("2026-06-01"), d("2026-06-05"), d("2026-06-10"), d("2026-06-15")),
+    ).toBe(false);
+  });
+
+  it("returns true when one contains the other", () => {
+    expect(
+      hasOverlap(d("2026-06-01"), d("2026-06-30"), d("2026-06-10"), d("2026-06-15")),
+    ).toBe(true);
+  });
+});
+
+describe("enumerateUtcDays", () => {
+  it("enumerates each day between start and end (exclusive)", () => {
+    const days = enumerateUtcDays(new Date("2026-06-10"), new Date("2026-06-13"));
+    expect(days.length).toBe(3);
+    expect(days[0].toISOString().slice(0, 10)).toBe("2026-06-10");
+    expect(days[2].toISOString().slice(0, 10)).toBe("2026-06-12");
+  });
+
+  it("returns empty when start === end", () => {
+    const days = enumerateUtcDays(new Date("2026-06-10"), new Date("2026-06-10"));
+    expect(days).toEqual([]);
+  });
+});
+
+describe("isWeekendUtcDay", () => {
+  it("flags Saturday (2026-06-13)", () => {
+    expect(isWeekendUtcDay(new Date("2026-06-13"))).toBe(true);
+  });
+  it("flags Sunday (2026-06-14)", () => {
+    expect(isWeekendUtcDay(new Date("2026-06-14"))).toBe(true);
+  });
+  it("rejects Monday (2026-06-15)", () => {
+    expect(isWeekendUtcDay(new Date("2026-06-15"))).toBe(false);
+  });
+});
+
+describe("isPublicAllowedByDefaultPolicy", () => {
+  it("blocks weekends by default (CE-priority policy)", () => {
+    expect(isPublicAllowedByDefaultPolicy(new Date("2026-06-13"))).toBe(false);
+  });
+  it("allows weekdays", () => {
+    expect(isPublicAllowedByDefaultPolicy(new Date("2026-06-15"))).toBe(true);
+  });
+});
+
+describe("DAY_MS constant", () => {
+  it("equals 86_400_000", () => {
+    expect(DAY_MS).toBe(86_400_000);
+  });
+});
diff --git a/tests/lib/email.test.ts b/tests/lib/email.test.ts
new file mode 100644
index 0000000..f8a965d
--- /dev/null
+++ b/tests/lib/email.test.ts
@@ -0,0 +1,30 @@
+import { describe, it, expect, beforeEach, vi } from "vitest";
+
+// Mock server-only avant l'import du module sous test (sinon ça jette).
+vi.mock("server-only", () => ({}));
+
+describe("sendEmail (dry-run sans RESEND_API_KEY)", () => {
+  beforeEach(() => {
+    delete process.env.RESEND_API_KEY;
+    vi.resetModules();
+  });
+
+  it("renvoie ok=true + reason=dry-run quand pas de clé", async () => {
+    const { sendEmail } = await import("@/lib/email");
+    const res = await sendEmail({
+      to: "test@example.com",
+      subject: "hello",
+      html: "<p>world</p>",
+    });
+    expect(res.ok).toBe(true);
+    expect(res.reason).toBe("dry-run");
+  });
+
+  it("n'écrit pas d'erreur quand pas de clé", async () => {
+    const errSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+    const { sendEmail } = await import("@/lib/email");
+    await sendEmail({ to: "x@y.z", subject: "s", html: "h" });
+    expect(errSpy).not.toHaveBeenCalled();
+    errSpy.mockRestore();
+  });
+});
diff --git a/tests/lib/password.test.ts b/tests/lib/password.test.ts
new file mode 100644
index 0000000..3232701
--- /dev/null
+++ b/tests/lib/password.test.ts
@@ -0,0 +1,27 @@
+import { describe, it, expect } from "vitest";
+
+import { hashPassword, verifyPassword } from "@/lib/password";
+
+describe("password hashing", () => {
+  it("round-trips a correct password", async () => {
+    const plain = "correct horse battery staple";
+    const hash = await hashPassword(plain);
+    expect(hash).not.toEqual(plain);
+    expect(hash.startsWith("$2")).toBe(true);
+    expect(await verifyPassword(plain, hash)).toBe(true);
+  });
+
+  it("rejects incorrect password", async () => {
+    const hash = await hashPassword("rightpass123");
+    expect(await verifyPassword("wrongpass", hash)).toBe(false);
+  });
+
+  it("produces different hashes for the same plaintext (salted)", async () => {
+    const plain = "samepw";
+    const a = await hashPassword(plain);
+    const b = await hashPassword(plain);
+    expect(a).not.toEqual(b);
+    expect(await verifyPassword(plain, a)).toBe(true);
+    expect(await verifyPassword(plain, b)).toBe(true);
+  });
+});
diff --git a/tests/lib/reviews.test.ts b/tests/lib/reviews.test.ts
new file mode 100644
index 0000000..d136b8e
--- /dev/null
+++ b/tests/lib/reviews.test.ts
@@ -0,0 +1,50 @@
+import { describe, it, expect } from "vitest";
+
+import {
+  REVIEW_COMMENT_MAX,
+  REVIEW_HOST_RESPONSE_MAX,
+  REVIEW_RATING_MAX,
+  REVIEW_RATING_MIN,
+  formatAverageRating,
+  isValidRating,
+} from "@/lib/reviews";
+
+describe("rating constants", () => {
+  it("min=1 max=5", () => {
+    expect(REVIEW_RATING_MIN).toBe(1);
+    expect(REVIEW_RATING_MAX).toBe(5);
+  });
+  it("comment + host response caps are sensible", () => {
+    expect(REVIEW_COMMENT_MAX).toBeGreaterThan(0);
+    expect(REVIEW_HOST_RESPONSE_MAX).toBeGreaterThan(0);
+  });
+});
+
+describe("isValidRating", () => {
+  it("accepts integers 1-5", () => {
+    for (let i = REVIEW_RATING_MIN; i <= REVIEW_RATING_MAX; i++) {
+      expect(isValidRating(i)).toBe(true);
+    }
+  });
+  it("rejects out-of-range", () => {
+    expect(isValidRating(0)).toBe(false);
+    expect(isValidRating(6)).toBe(false);
+    expect(isValidRating(-1)).toBe(false);
+  });
+  it("rejects non-integers and non-numbers", () => {
+    expect(isValidRating(3.5)).toBe(false);
+    expect(isValidRating("3")).toBe(false);
+    expect(isValidRating(null)).toBe(false);
+    expect(isValidRating(undefined)).toBe(false);
+  });
+});
+
+describe("formatAverageRating", () => {
+  it("returns dash for null", () => {
+    expect(formatAverageRating(null)).toMatch(/—|-|n\/a/i);
+  });
+  it("formats a number with one decimal", () => {
+    const s = formatAverageRating(4.567);
+    expect(s).toMatch(/4[.,]/);
+  });
+});
diff --git a/vitest.config.ts b/vitest.config.ts
new file mode 100644
index 0000000..997df99
--- /dev/null
+++ b/vitest.config.ts
@@ -0,0 +1,21 @@
+import { defineConfig } from "vitest/config";
+import path from "node:path";
+
+export default defineConfig({
+  test: {
+    environment: "node",
+    include: ["tests/**/*.test.ts"],
+    exclude: ["node_modules", ".next", "dist"],
+    coverage: {
+      provider: "v8",
+      reporter: ["text", "json-summary"],
+      include: ["src/lib/**/*.ts"],
+      exclude: ["src/lib/**/*.d.ts", "src/lib/admin/**", "src/lib/plugins/**"],
+    },
+  },
+  resolve: {
+    alias: {
+      "@": path.resolve(__dirname, "./src"),
+    },
+  },
+});

From 6eed6bffc8888d4391cbf23b5ddafbd407d9dc07 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 04:18:49 +0000
Subject: [PATCH 09/47] fix(ci): 5 erreurs ESLint Next 16 (Date.now impure, <a>
 vers /admin, setState dans effect)

---
 .../carbets/[id]/_components/MediaManager.tsx |  3 +--
 src/app/admin/page.tsx                        | 25 ++++++++++---------
 src/components/admin/CommandPalette.tsx       |  7 ++++--
 src/components/admin/TopBar.tsx               | 20 +++++++++++----
 4 files changed, 34 insertions(+), 21 deletions(-)

diff --git a/src/app/admin/carbets/[id]/_components/MediaManager.tsx b/src/app/admin/carbets/[id]/_components/MediaManager.tsx
index 47947da..ab91606 100644
--- a/src/app/admin/carbets/[id]/_components/MediaManager.tsx
+++ b/src/app/admin/carbets/[id]/_components/MediaManager.tsx
@@ -1,7 +1,6 @@
 "use client";
 
 import { useState, useTransition } from "react";
-import Image from "next/image";
 import { addMediaAction, removeMediaAction, reorderMediaAction } from "../../actions";
 import { FormField, inputCls, selectCls } from "@/components/admin/FormField";
 
@@ -125,7 +124,7 @@ export function MediaManager({ carbetId, media: initial }: { carbetId: string; m
             </select>
           </FormField>
         </div>
-        <input type="hidden" name="s3Key" value={`external/${Date.now()}`} />
+        {/* Le serveur calcule un s3Key déterministe à partir de l'URL si vide. */}
         {error ? <div className="rounded border border-rose-200 bg-rose-50 px-2 py-1 text-xs text-rose-700">{error}</div> : null}
         <div className="flex justify-end">
           <button
diff --git a/src/app/admin/page.tsx b/src/app/admin/page.tsx
index 3249e89..59af7be 100644
--- a/src/app/admin/page.tsx
+++ b/src/app/admin/page.tsx
@@ -1,3 +1,4 @@
+import Link from "next/link";
 import { formatEur, getAdminKpis } from "@/lib/admin/kpis";
 import { KPICard } from "@/components/admin/KPICard";
 
@@ -66,34 +67,34 @@ export default async function AdminDashboard() {
         </h2>
         <ul className="mt-3 grid grid-cols-1 gap-2 text-sm sm:grid-cols-2 lg:grid-cols-3">
           <li>
-            <a href="/admin/carbets" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
+            <Link href="/admin/carbets" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
               Gérer les carbets
-            </a>
+            </Link>
           </li>
           <li>
-            <a href="/admin/bookings" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
+            <Link href="/admin/bookings" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
               Voir les réservations
-            </a>
+            </Link>
           </li>
           <li>
-            <a href="/admin/content-pages" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
+            <Link href="/admin/content-pages" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
               Éditer les pages
-            </a>
+            </Link>
           </li>
           <li>
-            <a href="/admin/plugins" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
+            <Link href="/admin/plugins" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
               Activer / désactiver des plugins
-            </a>
+            </Link>
           </li>
           <li>
-            <a href="/admin/users" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
+            <Link href="/admin/users" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
               Modérer les utilisateurs
-            </a>
+            </Link>
           </li>
           <li>
-            <a href="/admin/settings" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
+            <Link href="/admin/settings" className="block rounded border border-zinc-200 px-3 py-2 hover:border-zinc-300 hover:bg-zinc-50">
               Paramètres
-            </a>
+            </Link>
           </li>
         </ul>
       </section>
diff --git a/src/components/admin/CommandPalette.tsx b/src/components/admin/CommandPalette.tsx
index 16f82dd..2d395da 100644
--- a/src/components/admin/CommandPalette.tsx
+++ b/src/components/admin/CommandPalette.tsx
@@ -50,12 +50,15 @@ export function CommandPalette() {
   }, []);
 
   useEffect(() => {
-    if (open) {
+    if (!open) return;
+    // Différé via microtask pour éviter le warning "Calling setState synchronously
+    // within an effect can trigger cascading renders" (react-hooks/purity).
+    queueMicrotask(() => {
       setQuery("");
       setHits([]);
       setSelected(0);
       setTimeout(() => inputRef.current?.focus(), 50);
-    }
+    });
   }, [open]);
 
   const runSearch = useCallback(async (q: string) => {
diff --git a/src/components/admin/TopBar.tsx b/src/components/admin/TopBar.tsx
index e06f7c0..339ef48 100644
--- a/src/components/admin/TopBar.tsx
+++ b/src/components/admin/TopBar.tsx
@@ -1,12 +1,22 @@
 "use client";
 
-import { useEffect, useState } from "react";
+import { useSyncExternalStore } from "react";
+
+function subscribe() {
+  // navigator.userAgent ne change pas durant la session, pas d'abonnement réel.
+  return () => {};
+}
+
+function getSnapshot(): boolean {
+  return navigator.userAgent.includes("Mac");
+}
+
+function getServerSnapshot(): boolean {
+  return false;
+}
 
 export function TopBar({ userEmail }: { userEmail: string }) {
-  const [isMac, setIsMac] = useState(false);
-  useEffect(() => {
-    setIsMac(navigator.userAgent.includes("Mac"));
-  }, []);
+  const isMac = useSyncExternalStore(subscribe, getSnapshot, getServerSnapshot);
 
   return (
     <div className="flex h-12 shrink-0 items-center justify-between gap-3 border-b border-zinc-200 bg-white px-4">

From 3bc52b2b6043b0a353012424fba4cacf8aba88d9 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 04:29:52 +0000
Subject: [PATCH 10/47] =?UTF-8?q?feat:=20global=20SiteHeader=20avec=20user?=
 =?UTF-8?q?=20menu=20(login/inscription,=20Mes=20r=C3=A9servations,=20Espa?=
 =?UTF-8?q?ce=20h=C3=B4te,=20Admin)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/layout.tsx                 |  2 +
 src/components/SignOutButton.tsx   | 19 +++++++
 src/components/SiteHeader.tsx      | 79 ++++++++++++++++++++++++++++++
 src/components/SiteHeaderGuard.tsx | 26 ++++++++++
 src/middleware.ts                  | 23 +++++++++
 5 files changed, 149 insertions(+)
 create mode 100644 src/components/SignOutButton.tsx
 create mode 100644 src/components/SiteHeader.tsx
 create mode 100644 src/components/SiteHeaderGuard.tsx
 create mode 100644 src/middleware.ts

diff --git a/src/app/layout.tsx b/src/app/layout.tsx
index 30c807f..2a05155 100644
--- a/src/app/layout.tsx
+++ b/src/app/layout.tsx
@@ -4,6 +4,7 @@ import "./globals.css";
 import { PluginProvider } from "@/lib/plugins/client";
 import { getEnabledPluginKeys, syncPluginsFromRegistry } from "@/lib/plugins/server";
 import { SeasonBanner } from "@/components/SeasonBanner";
+import { SiteHeaderGuard } from "@/components/SiteHeaderGuard";
 import { LocaleProvider } from "@/lib/i18n/client";
 import { dict, getLocale } from "@/lib/i18n/server";
 
@@ -102,6 +103,7 @@ export default async function RootLayout({
         <PluginProvider enabledKeys={enabledKeys}>
           <LocaleProvider locale={locale} messages={messages}>
             <SeasonBanner />
+            <SiteHeaderGuard />
             {children}
           </LocaleProvider>
         </PluginProvider>
diff --git a/src/components/SignOutButton.tsx b/src/components/SignOutButton.tsx
new file mode 100644
index 0000000..9837157
--- /dev/null
+++ b/src/components/SignOutButton.tsx
@@ -0,0 +1,19 @@
+import { signOut } from "@/auth";
+
+export function SignOutButton() {
+  return (
+    <form
+      action={async () => {
+        "use server";
+        await signOut({ redirectTo: "/" });
+      }}
+    >
+      <button
+        type="submit"
+        className="text-xs text-zinc-500 hover:text-zinc-900"
+      >
+        Se déconnecter
+      </button>
+    </form>
+  );
+}
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
new file mode 100644
index 0000000..5e88e57
--- /dev/null
+++ b/src/components/SiteHeader.tsx
@@ -0,0 +1,79 @@
+/**
+ * Header global affiché sur toutes les pages PUBLIQUES (hors /admin qui a son
+ * propre shell). Charge la session côté serveur pour adapter les liens.
+ */
+
+import Link from "next/link";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+
+import { SignOutButton } from "./SignOutButton";
+
+export async function SiteHeader() {
+  const session = await auth();
+  const u = session?.user;
+  const isAdmin = u?.role === UserRole.ADMIN;
+  const isOwner = u?.role === UserRole.OWNER || isAdmin;
+
+  return (
+    <header className="sticky top-0 z-30 border-b border-zinc-200 bg-white/85 backdrop-blur supports-[backdrop-filter]:bg-white/70">
+      <div className="mx-auto flex h-12 max-w-7xl items-center justify-between gap-4 px-4">
+        <Link href="/" className="flex items-center gap-2 text-base font-semibold text-zinc-900">
+          <span className="inline-flex h-6 w-6 items-center justify-center rounded-md bg-emerald-600 text-xs font-bold text-white">
+            K
+          </span>
+          Karbé
+        </Link>
+
+        <nav className="hidden items-center gap-5 text-sm text-zinc-700 sm:flex">
+          <Link href="/carbets" className="hover:text-zinc-900">
+            Carbets
+          </Link>
+          <Link href="/comment-ca-marche" className="hover:text-zinc-900">
+            Comment ça marche
+          </Link>
+          <Link href="/pour-comites-entreprise" className="hover:text-zinc-900">
+            Comités d&apos;entreprise
+          </Link>
+        </nav>
+
+        <div className="flex items-center gap-3 text-sm">
+          {u ? (
+            <>
+              <Link href="/mes-reservations" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
+                Mes réservations
+              </Link>
+              {isOwner ? (
+                <Link href="/espace-hote" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
+                  Espace hôte
+                </Link>
+              ) : null}
+              {isAdmin ? (
+                <Link href="/admin" className="hidden rounded-md bg-zinc-900 px-2.5 py-1 text-xs font-semibold text-white hover:bg-zinc-800 sm:inline-block">
+                  Admin
+                </Link>
+              ) : null}
+              <span className="hidden max-w-[14ch] truncate text-xs text-zinc-500 md:inline" title={u.email ?? ""}>
+                {u.name || u.email}
+              </span>
+              <SignOutButton />
+            </>
+          ) : (
+            <>
+              <Link href="/connexion" className="text-zinc-700 hover:text-zinc-900">
+                Connexion
+              </Link>
+              <Link
+                href="/inscription"
+                className="rounded-md bg-zinc-900 px-3 py-1 text-xs font-semibold text-white hover:bg-zinc-800"
+              >
+                Créer un compte
+              </Link>
+            </>
+          )}
+        </div>
+      </div>
+    </header>
+  );
+}
diff --git a/src/components/SiteHeaderGuard.tsx b/src/components/SiteHeaderGuard.tsx
new file mode 100644
index 0000000..6a1eddb
--- /dev/null
+++ b/src/components/SiteHeaderGuard.tsx
@@ -0,0 +1,26 @@
+/**
+ * N'affiche le SiteHeader QUE sur les pages publiques.
+ * Sur /admin, le shell admin a déjà sa propre TopBar + Sidebar.
+ * Sur /connexion et /inscription, on garde la page nue.
+ */
+
+import { headers } from "next/headers";
+
+import { SiteHeader } from "./SiteHeader";
+
+export async function SiteHeaderGuard() {
+  const h = await headers();
+  // Next.js 16 expose le pathname via le header x-pathname si on l'a posé,
+  // sinon on retombe sur next-url ou referer. On utilise une heuristique simple :
+  // pathname depuis x-invoke-path (Next internal) ou x-next-url-path-prefix.
+  const pathname =
+    h.get("x-pathname") ??
+    h.get("x-invoke-path") ??
+    h.get("next-url") ??
+    "";
+
+  if (pathname.startsWith("/admin")) return null;
+  if (pathname === "/connexion" || pathname === "/inscription") return null;
+
+  return <SiteHeader />;
+}
diff --git a/src/middleware.ts b/src/middleware.ts
new file mode 100644
index 0000000..db39867
--- /dev/null
+++ b/src/middleware.ts
@@ -0,0 +1,23 @@
+/**
+ * Middleware Karbé.
+ *
+ * Pose `x-pathname` sur tous les requests pour que les server components puissent
+ * lire le path courant via `headers()` (utile pour SiteHeaderGuard qui décide
+ * de rendre ou non le header global selon /admin vs reste).
+ */
+
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+
+export function middleware(request: NextRequest) {
+  const response = NextResponse.next();
+  response.headers.set("x-pathname", request.nextUrl.pathname);
+  return response;
+}
+
+export const config = {
+  // Exclut les assets statiques + API auth (qu'on ne veut pas modifier).
+  matcher: [
+    "/((?!_next/static|_next/image|favicon.ico|api/auth|api/health|api/metrics).*)",
+  ],
+};

From 31aa7a4865d6a281fb914f973be6a6295c93089e Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 05:27:33 +0000
Subject: [PATCH 11/47] feat: calendrier visuel mensuel + carte Leaflet sur
 fiche carbet

---
 package-lock.json                             |  49 +++++
 package.json                                  |   5 +-
 src/app/carbets/[slug]/page.tsx               |  20 ++
 src/app/carbets/_components/booking-form.tsx  | 137 +++++--------
 .../carbets/_components/carbet-map-inner.tsx  |  74 +++++++
 src/app/carbets/_components/carbet-map.tsx    |  31 +++
 src/app/carbets/_components/mini-calendar.tsx | 186 ++++++++++++++++++
 7 files changed, 417 insertions(+), 85 deletions(-)
 create mode 100644 src/app/carbets/_components/carbet-map-inner.tsx
 create mode 100644 src/app/carbets/_components/carbet-map.tsx
 create mode 100644 src/app/carbets/_components/mini-calendar.tsx

diff --git a/package-lock.json b/package-lock.json
index eb5b2bd..c1f89be 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,12 +12,15 @@
         "@aws-sdk/client-s3": "^3.1056.0",
         "@prisma/adapter-pg": "^7.8.0",
         "@prisma/client": "^7.8.0",
+        "@types/leaflet": "^1.9.21",
         "bcryptjs": "^3.0.3",
+        "leaflet": "^1.9.4",
         "next": "16.2.6",
         "next-auth": "^5.0.0-beta.31",
         "pg": "^8.21.0",
         "react": "19.2.4",
         "react-dom": "19.2.4",
+        "react-leaflet": "^5.0.0",
         "resend": "^4.8.0",
         "stripe": "^18.3.0"
       },
@@ -2757,6 +2760,17 @@
         "react-dom": "^18.0 || ^19.0 || ^19.0.0-rc"
       }
     },
+    "node_modules/@react-leaflet/core": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@react-leaflet/core/-/core-3.0.0.tgz",
+      "integrity": "sha512-3EWmekh4Nz+pGcr+xjf0KNyYfC3U2JjnkWsh0zcqaexYqmmB5ZhH37kz41JXGmKzpaMZCnPofBBm64i+YrEvGQ==",
+      "license": "Hippocratic-2.1",
+      "peerDependencies": {
+        "leaflet": "^1.9.0",
+        "react": "^19.0.0",
+        "react-dom": "^19.0.0"
+      }
+    },
     "node_modules/@rollup/rollup-android-arm-eabi": {
       "version": "4.60.4",
       "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.4.tgz",
@@ -3609,6 +3623,12 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@types/geojson": {
+      "version": "7946.0.16",
+      "resolved": "https://registry.npmjs.org/@types/geojson/-/geojson-7946.0.16.tgz",
+      "integrity": "sha512-6C8nqWur3j98U6+lXDfTUWIfgvZU+EumvpHKcYjujKH7woYyLj2sUmff0tRhrqM7BohUw7Pz3ZB1jj2gW9Fvmg==",
+      "license": "MIT"
+    },
     "node_modules/@types/json-schema": {
       "version": "7.0.15",
       "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
@@ -3623,6 +3643,15 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@types/leaflet": {
+      "version": "1.9.21",
+      "resolved": "https://registry.npmjs.org/@types/leaflet/-/leaflet-1.9.21.tgz",
+      "integrity": "sha512-TbAd9DaPGSnzp6QvtYngntMZgcRk+igFELwR2N99XZn7RXUdKgsXMR+28bUO0rPsWp8MIu/f47luLIQuSLYv/w==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/geojson": "*"
+      }
+    },
     "node_modules/@types/node": {
       "version": "20.19.41",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.41.tgz",
@@ -7597,6 +7626,12 @@
         "url": "https://ko-fi.com/killymxi"
       }
     },
+    "node_modules/leaflet": {
+      "version": "1.9.4",
+      "resolved": "https://registry.npmjs.org/leaflet/-/leaflet-1.9.4.tgz",
+      "integrity": "sha512-nxS1ynzJOmOlHp+iL3FyWqK89GtNL8U8rvlMOsQdTTssxZwCXh8N2NB3GDQOL+YR3XnWyZAxwQixURb+FA74PA==",
+      "license": "BSD-2-Clause"
+    },
     "node_modules/levn": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -9054,6 +9089,20 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/react-leaflet": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/react-leaflet/-/react-leaflet-5.0.0.tgz",
+      "integrity": "sha512-CWbTpr5vcHw5bt9i4zSlPEVQdTVcML390TjeDG0cK59z1ylexpqC6M1PJFjV8jD7CF+ACBFsLIDs6DRMoLEofw==",
+      "license": "Hippocratic-2.1",
+      "dependencies": {
+        "@react-leaflet/core": "^3.0.0"
+      },
+      "peerDependencies": {
+        "leaflet": "^1.9.0",
+        "react": "^19.0.0",
+        "react-dom": "^19.0.0"
+      }
+    },
     "node_modules/react-promise-suspense": {
       "version": "0.3.4",
       "resolved": "https://registry.npmjs.org/react-promise-suspense/-/react-promise-suspense-0.3.4.tgz",
diff --git a/package.json b/package.json
index 6a33258..000a852 100644
--- a/package.json
+++ b/package.json
@@ -16,12 +16,15 @@
     "@aws-sdk/client-s3": "^3.1056.0",
     "@prisma/adapter-pg": "^7.8.0",
     "@prisma/client": "^7.8.0",
+    "@types/leaflet": "^1.9.21",
     "bcryptjs": "^3.0.3",
+    "leaflet": "^1.9.4",
     "next": "16.2.6",
     "next-auth": "^5.0.0-beta.31",
     "pg": "^8.21.0",
     "react": "19.2.4",
     "react-dom": "19.2.4",
+    "react-leaflet": "^5.0.0",
     "resend": "^4.8.0",
     "stripe": "^18.3.0"
   },
@@ -39,4 +42,4 @@
     "typescript": "^5.9.3",
     "vitest": "^3.2.4"
   }
-}
\ No newline at end of file
+}
diff --git a/src/app/carbets/[slug]/page.tsx b/src/app/carbets/[slug]/page.tsx
index e51590a..53544fd 100644
--- a/src/app/carbets/[slug]/page.tsx
+++ b/src/app/carbets/[slug]/page.tsx
@@ -14,6 +14,7 @@ import { formatAverageRating } from "@/lib/reviews";
 
 import { BookingForm } from "../_components/booking-form";
 import { CarbetGallery } from "../_components/carbet-gallery";
+import { CarbetMap } from "../_components/carbet-map";
 import { ReviewsSection } from "../_components/reviews-section";
 import { StarRating } from "../_components/star-rating";
 import { AccessTypeBadge } from "@/components/AccessTypeBadge";
@@ -144,6 +145,25 @@ export default async function PublicCarbetPage({ params }: PageProps) {
             provider={carbet.pirogueProvider}
           />
 
+          <section className="mt-10">
+            <h2 className="text-xl font-semibold text-zinc-900">
+              Où se trouve ce carbet
+            </h2>
+            <p className="mt-1 text-sm text-zinc-600">
+              Fleuve <strong>{carbet.river}</strong> · embarquement à{" "}
+              <strong>{carbet.embarkPoint}</strong>
+            </p>
+            <div className="mt-3">
+              <CarbetMap
+                latitude={Number(carbet.latitude)}
+                longitude={Number(carbet.longitude)}
+                title={carbet.title}
+                river={carbet.river}
+                embarkPoint={carbet.embarkPoint}
+              />
+            </div>
+          </section>
+
           {carbet.amenities.length > 0 ? (
             <section className="mt-10">
               <h2 className="text-xl font-semibold text-zinc-900">
diff --git a/src/app/carbets/_components/booking-form.tsx b/src/app/carbets/_components/booking-form.tsx
index c2d85a2..522a017 100644
--- a/src/app/carbets/_components/booking-form.tsx
+++ b/src/app/carbets/_components/booking-form.tsx
@@ -4,6 +4,8 @@ import { useEffect, useMemo, useState } from "react";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
 
+import { MiniCalendar } from "./mini-calendar";
+
 type Props = {
   carbetId: string;
   slug: string;
@@ -38,8 +40,8 @@ export function BookingForm({
   isAuthenticated,
 }: Props) {
   const router = useRouter();
-  const [startDate, setStartDate] = useState(todayPlus(7));
-  const [endDate, setEndDate] = useState(todayPlus(7 + (minStayNights ?? 2)));
+  const [startDate, setStartDate] = useState<string | null>(null);
+  const [endDate, setEndDate] = useState<string | null>(null);
   const [guestCount, setGuestCount] = useState(Math.min(2, capacity));
   const [busy, setBusy] = useState(false);
   const [error, setError] = useState<string | null>(null);
@@ -64,34 +66,18 @@ export function BookingForm({
     return () => ctrl.abort();
   }, [carbetId]);
 
-  const nights = useMemo(() => Math.max(0, diffDays(startDate, endDate)), [startDate, endDate]);
+  const nights = useMemo(
+    () => (startDate && endDate ? Math.max(0, diffDays(startDate, endDate)) : 0),
+    [startDate, endDate],
+  );
   const total = nights * nightlyPrice;
   const minN = minStayNights ?? 1;
   const maxN = maxStayNights ?? 365;
-  const nightsOk = nights >= minN && nights <= maxN;
+  const datesSelected = Boolean(startDate && endDate);
+  const nightsOk = datesSelected && nights >= minN && nights <= maxN;
   const guestOk = guestCount >= 1 && guestCount <= capacity;
 
-  // Vérifie qu'aucun jour de la plage sélectionnée n'est bloqué.
-  const conflictDates = useMemo(() => {
-    if (blockedDates.size === 0 || nights === 0) return [];
-    const out: string[] = [];
-    const startMs = new Date(startDate + "T00:00:00Z").getTime();
-    for (let i = 0; i < nights; i++) {
-      const d = new Date(startMs + i * 86400000).toISOString().slice(0, 10);
-      if (blockedDates.has(d)) out.push(d);
-    }
-    return out;
-  }, [blockedDates, startDate, nights]);
-  const hasConflict = conflictDates.length > 0;
-
-  const canSubmit = nightsOk && guestOk && !busy && !hasConflict;
-
-  // Prochaines dates bloquées (max 6) pour affichage informatif.
-  const upcomingBlocked = useMemo(() => {
-    return Array.from(blockedDates)
-      .sort()
-      .slice(0, 6);
-  }, [blockedDates]);
+  const canSubmit = nightsOk && guestOk && !busy;
 
   async function submit() {
     if (!isAuthenticated) {
@@ -129,28 +115,34 @@ export function BookingForm({
         <span className="text-xs text-zinc-500">jusqu&apos;à {capacity} voyageurs</span>
       </div>
 
-      <div className="grid grid-cols-2 gap-2 text-sm">
-        <label className="block">
-          <span className="text-xs text-zinc-500">Arrivée</span>
-          <input
-            type="date"
-            value={startDate}
-            min={todayPlus(0)}
-            onChange={(e) => setStartDate(e.target.value)}
-            className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5"
-          />
-        </label>
-        <label className="block">
-          <span className="text-xs text-zinc-500">Départ</span>
-          <input
-            type="date"
-            value={endDate}
-            min={startDate || todayPlus(1)}
-            onChange={(e) => setEndDate(e.target.value)}
-            className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5"
-          />
-        </label>
-      </div>
+      <MiniCalendar
+        startDate={startDate}
+        endDate={endDate}
+        blockedDates={blockedDates}
+        onChange={(s, e) => {
+          setStartDate(s);
+          setEndDate(e);
+          setError(null);
+        }}
+      />
+
+      {datesSelected ? (
+        <div className="flex items-center justify-between rounded-md bg-zinc-50 px-3 py-1.5 text-xs text-zinc-700">
+          <span>
+            <strong>{startDate}</strong> → <strong>{endDate}</strong>
+          </span>
+          <button
+            type="button"
+            onClick={() => {
+              setStartDate(null);
+              setEndDate(null);
+            }}
+            className="text-zinc-500 hover:text-zinc-900"
+          >
+            Réinitialiser
+          </button>
+        </div>
+      ) : null}
 
       <label className="block text-sm">
         <span className="text-xs text-zinc-500">Voyageurs</span>
@@ -164,50 +156,27 @@ export function BookingForm({
         />
       </label>
 
-      <div className="space-y-1 border-t border-zinc-100 pt-3 text-sm text-zinc-700">
-        <div className="flex justify-between">
-          <span>
-            {nightlyPrice.toFixed(0)} € × {nights} nuit{nights > 1 ? "s" : ""}
-          </span>
-          <span className="font-mono">{(nightlyPrice * nights).toFixed(2)} €</span>
+      {datesSelected ? (
+        <div className="space-y-1 border-t border-zinc-100 pt-3 text-sm text-zinc-700">
+          <div className="flex justify-between">
+            <span>
+              {nightlyPrice.toFixed(0)} € × {nights} nuit{nights > 1 ? "s" : ""}
+            </span>
+            <span className="font-mono">{(nightlyPrice * nights).toFixed(2)} €</span>
+          </div>
+          <div className="flex justify-between text-base font-semibold text-zinc-900">
+            <span>Total</span>
+            <span className="font-mono">{total.toFixed(2)} €</span>
+          </div>
         </div>
-        <div className="flex justify-between text-base font-semibold text-zinc-900">
-          <span>Total</span>
-          <span className="font-mono">{total.toFixed(2)} €</span>
-        </div>
-      </div>
+      ) : null}
 
-      {!nightsOk && nights > 0 ? (
+      {datesSelected && !nightsOk ? (
         <div className="rounded border border-amber-200 bg-amber-50 px-3 py-1.5 text-xs text-amber-800">
           Séjour entre {minN} et {maxN} nuits requis.
         </div>
       ) : null}
 
-      {hasConflict ? (
-        <div className="rounded border border-rose-200 bg-rose-50 px-3 py-1.5 text-xs text-rose-700">
-          Cette plage chevauche {conflictDates.length} jour{conflictDates.length > 1 ? "s" : ""} déjà
-          pris ou bloqué{conflictDates.length > 1 ? "s" : ""} (
-          {conflictDates.slice(0, 3).join(", ")}
-          {conflictDates.length > 3 ? "…" : ""}). Changez les dates.
-        </div>
-      ) : null}
-
-      {upcomingBlocked.length > 0 && !hasConflict ? (
-        <details className="rounded border border-zinc-100 bg-zinc-50 px-3 py-1.5 text-xs text-zinc-600">
-          <summary className="cursor-pointer">Voir les prochaines dates indisponibles</summary>
-          <div className="mt-1.5 flex flex-wrap gap-1">
-            {upcomingBlocked.map((d) => (
-              <code key={d} className="rounded bg-white px-1.5 py-0.5 text-[10px] text-zinc-700">
-                {d}
-              </code>
-            ))}
-            {blockedDates.size > upcomingBlocked.length ? (
-              <span className="text-[10px] text-zinc-500">+ {blockedDates.size - upcomingBlocked.length} autres</span>
-            ) : null}
-          </div>
-        </details>
-      ) : null}
-
       {error ? (
         <div className="rounded border border-rose-200 bg-rose-50 px-3 py-1.5 text-xs text-rose-700">{error}</div>
       ) : null}
diff --git a/src/app/carbets/_components/carbet-map-inner.tsx b/src/app/carbets/_components/carbet-map-inner.tsx
new file mode 100644
index 0000000..63d1ab6
--- /dev/null
+++ b/src/app/carbets/_components/carbet-map-inner.tsx
@@ -0,0 +1,74 @@
+"use client";
+
+import { MapContainer, TileLayer, Marker, Popup } from "react-leaflet";
+import L from "leaflet";
+
+import "leaflet/dist/leaflet.css";
+
+// Fix icône Leaflet (les paths par défaut pointent vers un CDN qui n'existe plus).
+// On utilise un SVG inline en data URL.
+const ICON = L.divIcon({
+  className: "karbe-leaflet-marker",
+  html: `
+    <div style="
+      width:32px;height:32px;
+      transform:translate(-50%,-100%);
+      display:flex;align-items:center;justify-content:center;
+    ">
+      <svg viewBox="0 0 32 40" width="32" height="40" xmlns="http://www.w3.org/2000/svg">
+        <path d="M16 0 C7 0 0 7 0 16 C0 26 16 40 16 40 C16 40 32 26 32 16 C32 7 25 0 16 0 Z"
+              fill="#059669" stroke="#064e3b" stroke-width="1.5"/>
+        <circle cx="16" cy="15" r="5" fill="white"/>
+      </svg>
+    </div>
+  `,
+  iconSize: [32, 40],
+  iconAnchor: [16, 40],
+  popupAnchor: [0, -36],
+});
+
+type Props = {
+  latitude: number;
+  longitude: number;
+  title: string;
+  river: string;
+  embarkPoint: string;
+};
+
+export function CarbetMapInner({ latitude, longitude, title, river, embarkPoint }: Props) {
+  const position: [number, number] = [latitude, longitude];
+
+  return (
+    <div className="overflow-hidden rounded-lg border border-zinc-200">
+      <MapContainer
+        center={position}
+        zoom={11}
+        scrollWheelZoom={false}
+        style={{ height: 280, width: "100%" }}
+      >
+        <TileLayer
+          attribution='&copy; <a href="https://www.openstreetmap.org/copyright">OpenStreetMap</a>'
+          url="https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png"
+        />
+        <Marker position={position} icon={ICON}>
+          <Popup>
+            <strong>{title}</strong>
+            <br />
+            <span className="text-xs">Fleuve {river}</span>
+            <br />
+            <span className="text-xs text-zinc-600">Embarquement : {embarkPoint}</span>
+            <br />
+            <a
+              href={`https://www.openstreetmap.org/?mlat=${latitude}&mlon=${longitude}#map=14/${latitude}/${longitude}`}
+              target="_blank"
+              rel="noreferrer"
+              className="text-xs text-emerald-700 underline"
+            >
+              Ouvrir dans OpenStreetMap ↗
+            </a>
+          </Popup>
+        </Marker>
+      </MapContainer>
+    </div>
+  );
+}
diff --git a/src/app/carbets/_components/carbet-map.tsx b/src/app/carbets/_components/carbet-map.tsx
new file mode 100644
index 0000000..31b9718
--- /dev/null
+++ b/src/app/carbets/_components/carbet-map.tsx
@@ -0,0 +1,31 @@
+"use client";
+
+/**
+ * Carte interactive sur la fiche carbet — Leaflet + OpenStreetMap.
+ *
+ * Chargée dynamiquement (ssr:false) car Leaflet manipule window.
+ */
+
+import dynamic from "next/dynamic";
+
+const CarbetMapInner = dynamic(
+  () => import("./carbet-map-inner").then((m) => m.CarbetMapInner),
+  {
+    ssr: false,
+    loading: () => (
+      <div className="h-[280px] w-full animate-pulse rounded-lg bg-zinc-100" />
+    ),
+  },
+);
+
+type Props = {
+  latitude: number;
+  longitude: number;
+  title: string;
+  river: string;
+  embarkPoint: string;
+};
+
+export function CarbetMap(props: Props) {
+  return <CarbetMapInner {...props} />;
+}
diff --git a/src/app/carbets/_components/mini-calendar.tsx b/src/app/carbets/_components/mini-calendar.tsx
new file mode 100644
index 0000000..bdcbb0d
--- /dev/null
+++ b/src/app/carbets/_components/mini-calendar.tsx
@@ -0,0 +1,186 @@
+"use client";
+
+import { useMemo, useState } from "react";
+
+type Props = {
+  startDate: string | null;
+  endDate: string | null;
+  blockedDates: Set<string>;
+  onChange: (start: string | null, end: string | null) => void;
+};
+
+const MONTH_LABEL = [
+  "Janvier", "Février", "Mars", "Avril", "Mai", "Juin",
+  "Juillet", "Août", "Septembre", "Octobre", "Novembre", "Décembre",
+];
+const DOW_LABEL = ["L", "M", "M", "J", "V", "S", "D"];
+
+function isoDay(d: Date): string {
+  return d.toISOString().slice(0, 10);
+}
+
+function startOfMonth(d: Date): Date {
+  return new Date(Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), 1));
+}
+
+function addMonths(d: Date, n: number): Date {
+  return new Date(Date.UTC(d.getUTCFullYear(), d.getUTCMonth() + n, 1));
+}
+
+/** Génère la grille du mois : 6 semaines × 7 jours, en commençant un lundi. */
+function monthGrid(monthStart: Date): (Date | null)[] {
+  const year = monthStart.getUTCFullYear();
+  const month = monthStart.getUTCMonth();
+  // Premier jour du mois — décale pour que la semaine commence un lundi (0=L, 6=D)
+  const firstDay = new Date(Date.UTC(year, month, 1));
+  const firstDow = (firstDay.getUTCDay() + 6) % 7;
+  const lastDay = new Date(Date.UTC(year, month + 1, 0)).getUTCDate();
+  const cells: (Date | null)[] = [];
+  for (let i = 0; i < firstDow; i++) cells.push(null);
+  for (let d = 1; d <= lastDay; d++) {
+    cells.push(new Date(Date.UTC(year, month, d)));
+  }
+  while (cells.length % 7 !== 0) cells.push(null);
+  // Toujours 6 lignes pour éviter le saut de hauteur
+  while (cells.length < 42) cells.push(null);
+  return cells;
+}
+
+export function MiniCalendar({ startDate, endDate, blockedDates, onChange }: Props) {
+  const today = useMemo(() => {
+    const d = new Date();
+    return new Date(Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), d.getUTCDate()));
+  }, []);
+
+  const [viewMonth, setViewMonth] = useState<Date>(() => {
+    const ref = startDate ? new Date(startDate + "T00:00:00Z") : today;
+    return startOfMonth(ref);
+  });
+
+  const cells = useMemo(() => monthGrid(viewMonth), [viewMonth]);
+
+  const startISO = startDate;
+  const endISO = endDate;
+
+  function onClick(day: Date) {
+    const iso = isoDay(day);
+    if (day.getTime() < today.getTime()) return;
+    if (blockedDates.has(iso)) return;
+
+    // Aucune sélection ou les deux déjà posées → reset + nouvelle start
+    if (!startISO || (startISO && endISO)) {
+      onChange(iso, null);
+      return;
+    }
+    // Une seule (start) déjà sélectionnée
+    if (iso === startISO) {
+      onChange(null, null);
+      return;
+    }
+    if (iso < startISO) {
+      onChange(iso, null);
+      return;
+    }
+    // Vérifie qu'aucun jour intermédiaire n'est bloqué
+    const startMs = new Date(startISO + "T00:00:00Z").getTime();
+    const endMs = day.getTime();
+    for (let t = startMs; t < endMs; t += 86_400_000) {
+      const d = new Date(t).toISOString().slice(0, 10);
+      if (blockedDates.has(d)) {
+        // Tombe sur un jour bloqué → on resélectionne start
+        onChange(iso, null);
+        return;
+      }
+    }
+    onChange(startISO, iso);
+  }
+
+  const canGoBack = viewMonth > startOfMonth(today);
+
+  return (
+    <div className="rounded-md border border-zinc-200 bg-white p-2">
+      <header className="mb-1 flex items-center justify-between">
+        <button
+          type="button"
+          disabled={!canGoBack}
+          onClick={() => setViewMonth(addMonths(viewMonth, -1))}
+          className="rounded p-1 text-zinc-600 hover:bg-zinc-100 disabled:opacity-30"
+          aria-label="Mois précédent"
+        >
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2.5">
+            <path d="M15 6 L9 12 L15 18" />
+          </svg>
+        </button>
+        <span className="text-sm font-semibold text-zinc-900">
+          {MONTH_LABEL[viewMonth.getUTCMonth()]} {viewMonth.getUTCFullYear()}
+        </span>
+        <button
+          type="button"
+          onClick={() => setViewMonth(addMonths(viewMonth, 1))}
+          className="rounded p-1 text-zinc-600 hover:bg-zinc-100"
+          aria-label="Mois suivant"
+        >
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2.5">
+            <path d="M9 6 L15 12 L9 18" />
+          </svg>
+        </button>
+      </header>
+
+      <div className="grid grid-cols-7 gap-0.5 text-center text-[10px] uppercase tracking-wider text-zinc-400">
+        {DOW_LABEL.map((d, i) => (
+          <div key={i} className="py-0.5">
+            {d}
+          </div>
+        ))}
+      </div>
+
+      <div className="grid grid-cols-7 gap-0.5">
+        {cells.map((cell, i) => {
+          if (!cell) return <div key={i} className="h-7" />;
+          const iso = isoDay(cell);
+          const isPast = cell.getTime() < today.getTime();
+          const isBlocked = blockedDates.has(iso);
+          const isStart = iso === startISO;
+          const isEnd = iso === endISO;
+          const inRange = startISO && endISO && iso > startISO && iso < endISO;
+          const isToday = iso === isoDay(today);
+          const disabled = isPast || isBlocked;
+
+          let cls =
+            "relative h-7 rounded text-xs flex items-center justify-center transition";
+          if (disabled) {
+            cls += " text-zinc-300 cursor-not-allowed";
+            if (isBlocked && !isPast) cls += " line-through";
+          } else if (isStart || isEnd) {
+            cls += " bg-emerald-600 text-white font-semibold cursor-pointer";
+          } else if (inRange) {
+            cls += " bg-emerald-100 text-emerald-900 cursor-pointer";
+          } else {
+            cls += " text-zinc-800 hover:bg-zinc-100 cursor-pointer";
+            if (isToday) cls += " ring-1 ring-zinc-400";
+          }
+
+          return (
+            <button
+              key={i}
+              type="button"
+              disabled={disabled}
+              onClick={() => onClick(cell)}
+              className={cls}
+            >
+              {cell.getUTCDate()}
+            </button>
+          );
+        })}
+      </div>
+
+      <p className="mt-2 text-[11px] text-zinc-500">
+        {!startISO
+          ? "Choisissez votre date d'arrivée."
+          : !endISO
+            ? "Choisissez votre date de départ."
+            : ""}
+      </p>
+    </div>
+  );
+}

From a6df96db7edefdf19d7d6431f0c24b5683ecdf70 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 10:16:37 +0000
Subject: [PATCH 12/47] =?UTF-8?q?feat:=20reset=20password=20+=20page=20mon?=
 =?UTF-8?q?-compte=20(RGPD)=20+=20facettes=20recherche=20(prix=20max,=20?=
 =?UTF-8?q?=C3=A9quipements)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../migration.sql                             |   9 ++
 prisma/schema.prisma                          |  10 ++
 src/app/api/me/export/route.ts                | 103 ++++++++++++++++
 src/app/api/password/reset-request/route.ts   |  50 ++++++++
 src/app/api/password/reset/route.ts           |  40 ++++++
 src/app/connexion/page.tsx                    |   5 +
 src/app/mon-compte/_components/DangerZone.tsx |  67 ++++++++++
 .../mon-compte/_components/PasswordForm.tsx   |  69 +++++++++++
 .../mon-compte/_components/ProfileForm.tsx    |  88 ++++++++++++++
 src/app/mon-compte/actions.ts                 | 115 ++++++++++++++++++
 src/app/mon-compte/page.tsx                   |  71 +++++++++++
 .../[token]/_components/ResetForm.tsx         |  75 ++++++++++++
 src/app/mot-de-passe-oublie/[token]/page.tsx  |  33 +++++
 .../_components/ResetRequestForm.tsx          |  52 ++++++++
 src/app/mot-de-passe-oublie/page.tsx          |  34 ++++++
 src/components/SiteHeader.tsx                 |   3 +
 src/lib/carbet-search.ts                      |  30 +++++
 src/lib/email.ts                              |  17 +++
 src/lib/password-reset.ts                     |  51 ++++++++
 19 files changed, 922 insertions(+)
 create mode 100644 prisma/migrations/20260601060000_password_reset_token/migration.sql
 create mode 100644 src/app/api/me/export/route.ts
 create mode 100644 src/app/api/password/reset-request/route.ts
 create mode 100644 src/app/api/password/reset/route.ts
 create mode 100644 src/app/mon-compte/_components/DangerZone.tsx
 create mode 100644 src/app/mon-compte/_components/PasswordForm.tsx
 create mode 100644 src/app/mon-compte/_components/ProfileForm.tsx
 create mode 100644 src/app/mon-compte/actions.ts
 create mode 100644 src/app/mon-compte/page.tsx
 create mode 100644 src/app/mot-de-passe-oublie/[token]/_components/ResetForm.tsx
 create mode 100644 src/app/mot-de-passe-oublie/[token]/page.tsx
 create mode 100644 src/app/mot-de-passe-oublie/_components/ResetRequestForm.tsx
 create mode 100644 src/app/mot-de-passe-oublie/page.tsx
 create mode 100644 src/lib/password-reset.ts

diff --git a/prisma/migrations/20260601060000_password_reset_token/migration.sql b/prisma/migrations/20260601060000_password_reset_token/migration.sql
new file mode 100644
index 0000000..50033de
--- /dev/null
+++ b/prisma/migrations/20260601060000_password_reset_token/migration.sql
@@ -0,0 +1,9 @@
+CREATE TABLE "PasswordResetToken" (
+  "tokenHash" TEXT NOT NULL,
+  "userId" TEXT NOT NULL,
+  "expiresAt" TIMESTAMP(3) NOT NULL,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "PasswordResetToken_pkey" PRIMARY KEY ("tokenHash")
+);
+CREATE INDEX "PasswordResetToken_userId_idx" ON "PasswordResetToken"("userId");
+CREATE INDEX "PasswordResetToken_expiresAt_idx" ON "PasswordResetToken"("expiresAt");
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index e9aaf6d..f59864e 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -361,3 +361,13 @@ model Translation {
   @@id([key, lang])
   @@index([lang])
 }
+
+model PasswordResetToken {
+  tokenHash String   @id
+  userId    String
+  expiresAt DateTime
+  createdAt DateTime @default(now())
+
+  @@index([userId])
+  @@index([expiresAt])
+}
diff --git a/src/app/api/me/export/route.ts b/src/app/api/me/export/route.ts
new file mode 100644
index 0000000..a235301
--- /dev/null
+++ b/src/app/api/me/export/route.ts
@@ -0,0 +1,103 @@
+import { NextResponse } from "next/server";
+
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+/** RGPD article 20 — droit à la portabilité. Renvoie un JSON avec toutes les données utilisateur. */
+export async function GET() {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+  const userId = session.user.id;
+
+  const [user, bookings, reviews, carbets, subscriptions] = await Promise.all([
+    prisma.user.findUnique({
+      where: { id: userId },
+      select: {
+        id: true,
+        email: true,
+        firstName: true,
+        lastName: true,
+        phone: true,
+        role: true,
+        avatarUrl: true,
+        isActive: true,
+        createdAt: true,
+        updatedAt: true,
+        organizationId: true,
+      },
+    }),
+    prisma.booking.findMany({
+      where: { tenantId: userId },
+      select: {
+        id: true,
+        carbetId: true,
+        startDate: true,
+        endDate: true,
+        guestCount: true,
+        status: true,
+        paymentStatus: true,
+        amount: true,
+        currency: true,
+        createdAt: true,
+      },
+    }),
+    prisma.review.findMany({
+      where: { authorId: userId },
+      select: {
+        id: true,
+        bookingId: true,
+        carbetId: true,
+        rating: true,
+        comment: true,
+        createdAt: true,
+      },
+    }),
+    prisma.carbet.findMany({
+      where: { ownerId: userId },
+      select: { id: true, slug: true, title: true, status: true, createdAt: true },
+    }),
+    prisma.subscription.findMany({
+      where: { ownerId: userId },
+      select: { id: true, carbetId: true, status: true, provider: true, startedAt: true },
+    }),
+  ]);
+
+  await recordAudit({
+    scope: "public.profile",
+    event: "data.export",
+    target: userId,
+    actorEmail: session.user.email ?? null,
+    details: {},
+  });
+
+  const filename = `karbe-mes-donnees-${new Date().toISOString().slice(0, 10)}.json`;
+  return new NextResponse(
+    JSON.stringify(
+      {
+        exportedAt: new Date().toISOString(),
+        rgpdNotice:
+          "Conformément à l'article 20 du RGPD. Pour exercer vos autres droits, contactez contact@karbe.cosmolan.fr.",
+        user,
+        bookings,
+        reviews,
+        carbets,
+        subscriptions,
+      },
+      null,
+      2,
+    ),
+    {
+      status: 200,
+      headers: {
+        "Content-Type": "application/json; charset=utf-8",
+        "Content-Disposition": `attachment; filename="${filename}"`,
+      },
+    },
+  );
+}
diff --git a/src/app/api/password/reset-request/route.ts b/src/app/api/password/reset-request/route.ts
new file mode 100644
index 0000000..1eaedc9
--- /dev/null
+++ b/src/app/api/password/reset-request/route.ts
@@ -0,0 +1,50 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { createPasswordResetToken } from "@/lib/password-reset";
+import { prisma } from "@/lib/prisma";
+import { sendPasswordReset } from "@/lib/email";
+import { recordAudit } from "@/lib/admin/audit";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  email: z.string().trim().toLowerCase().email(),
+});
+
+const SITE_URL = process.env.NEXT_PUBLIC_SITE_URL ?? "https://karbe.cosmolan.fr";
+
+export async function POST(req: Request) {
+  let body: unknown;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ error: "Corps JSON invalide." }, { status: 400 });
+  }
+  const parsed = schema.safeParse(body);
+  if (!parsed.success) {
+    // Réponse générique pour ne pas leak la validité du format à un attaquant.
+    return NextResponse.json({ ok: true });
+  }
+
+  const user = await prisma.user.findUnique({
+    where: { email: parsed.data.email },
+    select: { id: true, email: true, firstName: true, isActive: true },
+  });
+
+  if (user && user.isActive) {
+    const token = await createPasswordResetToken(user.id);
+    const resetUrl = `${SITE_URL}/mot-de-passe-oublie/${token}`;
+    sendPasswordReset(user.email, resetUrl).catch(() => {});
+    await recordAudit({
+      scope: "public.password",
+      event: "reset.request",
+      target: user.id,
+      actorEmail: user.email,
+      details: {},
+    });
+  }
+
+  // Réponse identique que l'email existe ou non (énumération-safe).
+  return NextResponse.json({ ok: true });
+}
diff --git a/src/app/api/password/reset/route.ts b/src/app/api/password/reset/route.ts
new file mode 100644
index 0000000..1883076
--- /dev/null
+++ b/src/app/api/password/reset/route.ts
@@ -0,0 +1,40 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { consumePasswordResetToken } from "@/lib/password-reset";
+import { recordAudit } from "@/lib/admin/audit";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  token: z.string().min(20).max(200),
+  password: z.string().min(8).max(200),
+});
+
+export async function POST(req: Request) {
+  let body: unknown;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ error: "Corps JSON invalide." }, { status: 400 });
+  }
+  const parsed = schema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json(
+      { error: parsed.error.issues.map((i) => i.message).join(" · ") },
+      { status: 400 },
+    );
+  }
+  const result = await consumePasswordResetToken(parsed.data.token, parsed.data.password);
+  if (!result.ok) {
+    return NextResponse.json({ error: result.reason }, { status: 400 });
+  }
+  await recordAudit({
+    scope: "public.password",
+    event: "reset.success",
+    target: result.userId,
+    actorEmail: null,
+    details: {},
+  });
+  return NextResponse.json({ ok: true });
+}
diff --git a/src/app/connexion/page.tsx b/src/app/connexion/page.tsx
index e66082e..5ac18e4 100644
--- a/src/app/connexion/page.tsx
+++ b/src/app/connexion/page.tsx
@@ -53,6 +53,11 @@ export default async function SignInPage({ searchParams }: Props) {
         >
           Se connecter
         </button>
+        <p className="text-center text-xs text-zinc-500">
+          <Link href="/mot-de-passe-oublie" className="hover:text-zinc-900 underline">
+            Mot de passe oublié ?
+          </Link>
+        </p>
         <p className="border-t border-zinc-100 pt-3 text-center text-sm text-zinc-500">
           Pas encore de compte ?{" "}
           <Link
diff --git a/src/app/mon-compte/_components/DangerZone.tsx b/src/app/mon-compte/_components/DangerZone.tsx
new file mode 100644
index 0000000..0671134
--- /dev/null
+++ b/src/app/mon-compte/_components/DangerZone.tsx
@@ -0,0 +1,67 @@
+"use client";
+
+import { useState, useTransition } from "react";
+
+import { deleteAccountAction } from "../actions";
+
+export function DangerZone() {
+  const [pending, startTransition] = useTransition();
+  const [step, setStep] = useState<"idle" | "confirm">("idle");
+  const [typed, setTyped] = useState("");
+
+  function deleteAccount() {
+    startTransition(async () => {
+      await deleteAccountAction();
+    });
+  }
+
+  return (
+    <div className="space-y-2 text-sm text-zinc-700">
+      <p>
+        La suppression anonymise votre compte (nom, email, téléphone effacés). Vos réservations
+        passées restent en base pour les obligations comptables, mais ne sont plus rattachées à
+        des données personnelles identifiantes.
+      </p>
+      {step === "idle" ? (
+        <button
+          type="button"
+          onClick={() => setStep("confirm")}
+          className="rounded-md border border-rose-300 bg-white px-3 py-1.5 text-xs font-semibold text-rose-700 hover:bg-rose-50"
+        >
+          Supprimer mon compte
+        </button>
+      ) : (
+        <div className="space-y-2 rounded border border-rose-300 bg-rose-50 p-3 text-sm">
+          <p className="text-rose-900">
+            Pour confirmer, saisissez <code className="rounded bg-white px-1">SUPPRIMER</code> ci-dessous.
+          </p>
+          <input
+            type="text"
+            value={typed}
+            onChange={(e) => setTyped(e.target.value)}
+            className="w-full rounded-md border border-rose-300 px-3 py-1.5 text-sm focus:border-rose-500 focus:outline-none"
+            disabled={pending}
+          />
+          <div className="flex justify-end gap-2">
+            <button
+              type="button"
+              onClick={() => setStep("idle")}
+              disabled={pending}
+              className="text-xs text-zinc-600 hover:text-zinc-900"
+            >
+              Annuler
+            </button>
+            <button
+              type="button"
+              disabled={typed !== "SUPPRIMER" || pending}
+              onClick={deleteAccount}
+              className="rounded-md bg-rose-700 px-3 py-1.5 text-xs font-semibold text-white hover:bg-rose-800 disabled:opacity-50"
+            >
+              {pending ? "Suppression…" : "Confirmer la suppression"}
+            </button>
+          </div>
+        </div>
+      )}
+    </div>
+  );
+}
diff --git a/src/app/mon-compte/_components/PasswordForm.tsx b/src/app/mon-compte/_components/PasswordForm.tsx
new file mode 100644
index 0000000..b809b87
--- /dev/null
+++ b/src/app/mon-compte/_components/PasswordForm.tsx
@@ -0,0 +1,69 @@
+"use client";
+
+import { useRef, useState, useTransition } from "react";
+
+import { changePasswordAction } from "../actions";
+
+export function PasswordForm() {
+  const formRef = useRef<HTMLFormElement>(null);
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [success, setSuccess] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    setSuccess(null);
+    const next = (fd.get("next") as string | null) ?? "";
+    const confirm = (fd.get("confirm") as string | null) ?? "";
+    if (next !== confirm) {
+      setError("Les deux nouveaux mots de passe ne correspondent pas.");
+      return;
+    }
+    startTransition(async () => {
+      const res = await changePasswordAction(fd);
+      if (res && res.ok === false) setError(res.error);
+      else {
+        setSuccess("Mot de passe mis à jour.");
+        formRef.current?.reset();
+      }
+    });
+  }
+
+  const inputCls =
+    "mt-0.5 w-full rounded-md border border-zinc-300 px-3 py-2 text-sm focus:border-zinc-900 focus:outline-none";
+
+  return (
+    <form ref={formRef} action={onSubmit} className="space-y-3">
+      <fieldset disabled={pending} className="space-y-3">
+        <label className="block">
+          <span className="text-xs text-zinc-600">Mot de passe actuel</span>
+          <input name="current" type="password" required className={inputCls} />
+        </label>
+        <div className="grid grid-cols-2 gap-2">
+          <label className="block">
+            <span className="text-xs text-zinc-600">Nouveau mot de passe</span>
+            <input name="next" type="password" required minLength={8} className={inputCls} />
+          </label>
+          <label className="block">
+            <span className="text-xs text-zinc-600">Confirmer</span>
+            <input name="confirm" type="password" required minLength={8} className={inputCls} />
+          </label>
+        </div>
+
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+        ) : null}
+        {success ? (
+          <div className="rounded border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">{success}</div>
+        ) : null}
+
+        <button
+          type="submit"
+          className="rounded-md bg-zinc-900 px-4 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+        >
+          {pending ? "Mise à jour…" : "Changer le mot de passe"}
+        </button>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/mon-compte/_components/ProfileForm.tsx b/src/app/mon-compte/_components/ProfileForm.tsx
new file mode 100644
index 0000000..23eac80
--- /dev/null
+++ b/src/app/mon-compte/_components/ProfileForm.tsx
@@ -0,0 +1,88 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+import { updateProfileAction } from "../actions";
+
+type Props = {
+  initial: { firstName: string; lastName: string; phone: string | null };
+};
+
+export function ProfileForm({ initial }: Props) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [success, setSuccess] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    setSuccess(null);
+    startTransition(async () => {
+      const res = await updateProfileAction(fd);
+      if (res && res.ok === false) setError(res.error);
+      else {
+        setSuccess("Profil enregistré.");
+        router.refresh();
+      }
+    });
+  }
+
+  const inputCls =
+    "mt-0.5 w-full rounded-md border border-zinc-300 px-3 py-2 text-sm focus:border-zinc-900 focus:outline-none";
+
+  return (
+    <form action={onSubmit} className="space-y-3">
+      <fieldset disabled={pending} className="space-y-3">
+        <div className="grid grid-cols-2 gap-2">
+          <label className="block">
+            <span className="text-xs text-zinc-600">Prénom</span>
+            <input
+              name="firstName"
+              type="text"
+              required
+              maxLength={100}
+              defaultValue={initial.firstName}
+              className={inputCls}
+            />
+          </label>
+          <label className="block">
+            <span className="text-xs text-zinc-600">Nom</span>
+            <input
+              name="lastName"
+              type="text"
+              required
+              maxLength={100}
+              defaultValue={initial.lastName}
+              className={inputCls}
+            />
+          </label>
+        </div>
+        <label className="block">
+          <span className="text-xs text-zinc-600">Téléphone (optionnel)</span>
+          <input
+            name="phone"
+            type="tel"
+            maxLength={40}
+            defaultValue={initial.phone ?? ""}
+            className={inputCls}
+          />
+        </label>
+
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+        ) : null}
+        {success ? (
+          <div className="rounded border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">{success}</div>
+        ) : null}
+
+        <button
+          type="submit"
+          className="rounded-md bg-zinc-900 px-4 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+        >
+          {pending ? "Enregistrement…" : "Enregistrer"}
+        </button>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/mon-compte/actions.ts b/src/app/mon-compte/actions.ts
new file mode 100644
index 0000000..c002a49
--- /dev/null
+++ b/src/app/mon-compte/actions.ts
@@ -0,0 +1,115 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+import { redirect } from "next/navigation";
+import { z } from "zod";
+
+import { auth, signOut } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { hashPassword, verifyPassword } from "@/lib/password";
+import { recordAudit } from "@/lib/admin/audit";
+
+const profileSchema = z.object({
+  firstName: z.string().trim().min(1).max(100),
+  lastName: z.string().trim().min(1).max(100),
+  phone: z.string().trim().max(40).optional().nullable(),
+});
+
+const passwordSchema = z
+  .object({
+    current: z.string().min(1),
+    next: z.string().min(8).max(200),
+  })
+  .refine((d) => d.current !== d.next, { message: "Le nouveau mdp doit être différent de l'ancien." });
+
+async function requireSelf() {
+  const session = await auth();
+  if (!session?.user?.id) throw new Error("Non authentifié");
+  return session;
+}
+
+export async function updateProfileAction(fd: FormData) {
+  const session = await requireSelf();
+  const parsed = profileSchema.safeParse({
+    firstName: fd.get("firstName"),
+    lastName: fd.get("lastName"),
+    phone: ((fd.get("phone") as string | null) ?? "").trim() || null,
+  });
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => i.message).join(" · ") };
+  }
+  await prisma.user.update({
+    where: { id: session.user.id },
+    data: parsed.data,
+  });
+  await recordAudit({
+    scope: "public.profile",
+    event: "profile.update",
+    target: session.user.id,
+    actorEmail: session.user.email ?? null,
+    details: parsed.data,
+  });
+  revalidatePath("/mon-compte");
+  return { ok: true as const };
+}
+
+export async function changePasswordAction(fd: FormData) {
+  const session = await requireSelf();
+  const parsed = passwordSchema.safeParse({
+    current: fd.get("current"),
+    next: fd.get("next"),
+  });
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => i.message).join(" · ") };
+  }
+  const user = await prisma.user.findUnique({
+    where: { id: session.user.id },
+    select: { passwordHash: true },
+  });
+  if (!user) return { ok: false as const, error: "Utilisateur introuvable." };
+  const ok = await verifyPassword(parsed.data.current, user.passwordHash);
+  if (!ok) return { ok: false as const, error: "Mot de passe actuel incorrect." };
+  await prisma.user.update({
+    where: { id: session.user.id },
+    data: { passwordHash: await hashPassword(parsed.data.next) },
+  });
+  await recordAudit({
+    scope: "public.profile",
+    event: "password.change",
+    target: session.user.id,
+    actorEmail: session.user.email ?? null,
+    details: {},
+  });
+  return { ok: true as const };
+}
+
+/** Supprime le compte + cascade : bookings restent en DB (anonymisées) pour les obligations comptables. */
+export async function deleteAccountAction() {
+  const session = await requireSelf();
+  const userId = session.user.id;
+  const email = session.user.email ?? "";
+
+  // Anonymise plutôt que supprimer pour préserver l'historique comptable des bookings.
+  const anon = `anonymise-${userId}@karbe.invalid`;
+  await prisma.user.update({
+    where: { id: userId },
+    data: {
+      email: anon,
+      firstName: "Compte",
+      lastName: "supprimé",
+      phone: null,
+      passwordHash: "", // verrouille le login (bcrypt.compare retournera toujours false)
+      isActive: false,
+    },
+  });
+  await prisma.passwordResetToken.deleteMany({ where: { userId } });
+  await recordAudit({
+    scope: "public.profile",
+    event: "account.delete",
+    target: userId,
+    actorEmail: email,
+    details: { anonymisedTo: anon },
+  });
+  await signOut({ redirect: false });
+  redirect("/?account=deleted");
+}
diff --git a/src/app/mon-compte/page.tsx b/src/app/mon-compte/page.tsx
new file mode 100644
index 0000000..982b78a
--- /dev/null
+++ b/src/app/mon-compte/page.tsx
@@ -0,0 +1,71 @@
+import { redirect } from "next/navigation";
+
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+
+import { ProfileForm } from "./_components/ProfileForm";
+import { PasswordForm } from "./_components/PasswordForm";
+import { DangerZone } from "./_components/DangerZone";
+
+export const dynamic = "force-dynamic";
+
+export default async function MyAccountPage() {
+  const session = await auth();
+  if (!session?.user?.id) redirect("/connexion?next=/mon-compte");
+
+  const user = await prisma.user.findUnique({
+    where: { id: session.user.id },
+    select: { email: true, firstName: true, lastName: true, phone: true, role: true, createdAt: true },
+  });
+  if (!user) redirect("/connexion");
+
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" });
+
+  return (
+    <main className="mx-auto max-w-3xl px-6 py-10">
+      <header className="mb-6">
+        <h1 className="text-3xl font-semibold text-zinc-900">Mon compte</h1>
+        <p className="mt-1 text-sm text-zinc-600">
+          Connecté avec <strong>{user.email}</strong> · inscrit le {dateFmt.format(user.createdAt)}
+        </p>
+      </header>
+
+      <section className="mb-6 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">Identité</h2>
+        <ProfileForm
+          initial={{ firstName: user.firstName, lastName: user.lastName, phone: user.phone }}
+        />
+      </section>
+
+      <section className="mb-6 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Sécurité
+        </h2>
+        <PasswordForm />
+      </section>
+
+      <section className="mb-6 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Mes données (RGPD)
+        </h2>
+        <p className="mb-3 text-sm text-zinc-600">
+          Téléchargez l&apos;intégralité des données associées à votre compte au format JSON,
+          conformément à l&apos;article 20 du RGPD (droit à la portabilité).
+        </p>
+        <a
+          href="/api/me/export"
+          className="inline-flex items-center gap-2 rounded-md border border-zinc-300 bg-white px-3 py-1.5 text-sm font-semibold text-zinc-900 hover:bg-zinc-50"
+        >
+          Télécharger mes données
+        </a>
+      </section>
+
+      <section className="rounded-lg border border-rose-200 bg-rose-50/50 p-5">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-rose-700">
+          Zone dangereuse
+        </h2>
+        <DangerZone />
+      </section>
+    </main>
+  );
+}
diff --git a/src/app/mot-de-passe-oublie/[token]/_components/ResetForm.tsx b/src/app/mot-de-passe-oublie/[token]/_components/ResetForm.tsx
new file mode 100644
index 0000000..e77c3e7
--- /dev/null
+++ b/src/app/mot-de-passe-oublie/[token]/_components/ResetForm.tsx
@@ -0,0 +1,75 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+export function ResetForm({ token }: { token: string }) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    const password = (fd.get("password") as string | null) ?? "";
+    const confirm = (fd.get("confirm") as string | null) ?? "";
+    if (password.length < 8) {
+      setError("Mot de passe trop court (8 caractères min).");
+      return;
+    }
+    if (password !== confirm) {
+      setError("Les deux mots de passe ne correspondent pas.");
+      return;
+    }
+    startTransition(async () => {
+      const res = await fetch("/api/password/reset", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ token, password }),
+      });
+      const json = await res.json().catch(() => ({}));
+      if (!res.ok) {
+        setError(json?.error || `Erreur ${res.status}`);
+        return;
+      }
+      router.push("/connexion?reset=ok");
+    });
+  }
+
+  return (
+    <form action={onSubmit} className="space-y-3">
+      <fieldset disabled={pending} className="space-y-3">
+        <label className="block">
+          <span className="text-xs text-zinc-600">Nouveau mot de passe</span>
+          <input
+            name="password"
+            type="password"
+            required
+            minLength={8}
+            className="mt-0.5 w-full rounded-md border border-zinc-300 px-3 py-2 text-sm"
+          />
+        </label>
+        <label className="block">
+          <span className="text-xs text-zinc-600">Confirmer le mot de passe</span>
+          <input
+            name="confirm"
+            type="password"
+            required
+            minLength={8}
+            className="mt-0.5 w-full rounded-md border border-zinc-300 px-3 py-2 text-sm"
+          />
+        </label>
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">
+            {error}
+          </div>
+        ) : null}
+        <button
+          type="submit"
+          className="w-full rounded-md bg-zinc-900 px-3 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+        >
+          {pending ? "Enregistrement…" : "Définir le nouveau mot de passe"}
+        </button>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/mot-de-passe-oublie/[token]/page.tsx b/src/app/mot-de-passe-oublie/[token]/page.tsx
new file mode 100644
index 0000000..80893ac
--- /dev/null
+++ b/src/app/mot-de-passe-oublie/[token]/page.tsx
@@ -0,0 +1,33 @@
+import Link from "next/link";
+
+import { ResetForm } from "./_components/ResetForm";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = { params: Promise<{ token: string }> };
+
+export default async function ResetPage({ params }: PageProps) {
+  const { token } = await params;
+
+  return (
+    <main className="mx-auto flex min-h-[70vh] max-w-md items-center px-6 py-12">
+      <div className="w-full space-y-4 rounded-xl border border-zinc-200 bg-white p-6 shadow-sm">
+        <header>
+          <h1 className="text-2xl font-semibold text-zinc-900">Nouveau mot de passe</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            Choisissez un mot de passe d&apos;au moins 8 caractères. Vous serez redirigé vers la
+            connexion une fois enregistré.
+          </p>
+        </header>
+
+        <ResetForm token={token} />
+
+        <p className="border-t border-zinc-100 pt-3 text-center text-sm text-zinc-500">
+          <Link href="/connexion" className="text-zinc-900 underline">
+            Retour à la connexion
+          </Link>
+        </p>
+      </div>
+    </main>
+  );
+}
diff --git a/src/app/mot-de-passe-oublie/_components/ResetRequestForm.tsx b/src/app/mot-de-passe-oublie/_components/ResetRequestForm.tsx
new file mode 100644
index 0000000..563622a
--- /dev/null
+++ b/src/app/mot-de-passe-oublie/_components/ResetRequestForm.tsx
@@ -0,0 +1,52 @@
+"use client";
+
+import { useState, useTransition } from "react";
+
+export function ResetRequestForm() {
+  const [pending, startTransition] = useTransition();
+  const [done, setDone] = useState(false);
+
+  function onSubmit(fd: FormData) {
+    const email = (fd.get("email") as string | null)?.trim() ?? "";
+    if (!email) return;
+    startTransition(async () => {
+      await fetch("/api/password/reset-request", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email }),
+      }).catch(() => {});
+      setDone(true);
+    });
+  }
+
+  if (done) {
+    return (
+      <div className="rounded border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">
+        Si un compte existe pour cet email, vous recevrez un lien dans quelques instants. Pensez à
+        vérifier vos spams.
+      </div>
+    );
+  }
+
+  return (
+    <form action={onSubmit} className="space-y-3">
+      <fieldset disabled={pending} className="space-y-3">
+        <label className="block">
+          <span className="text-xs text-zinc-600">Email</span>
+          <input
+            name="email"
+            type="email"
+            required
+            className="mt-0.5 w-full rounded-md border border-zinc-300 px-3 py-2 text-sm"
+          />
+        </label>
+        <button
+          type="submit"
+          className="w-full rounded-md bg-zinc-900 px-3 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+        >
+          {pending ? "Envoi…" : "Envoyer le lien"}
+        </button>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/mot-de-passe-oublie/page.tsx b/src/app/mot-de-passe-oublie/page.tsx
new file mode 100644
index 0000000..1ac4a60
--- /dev/null
+++ b/src/app/mot-de-passe-oublie/page.tsx
@@ -0,0 +1,34 @@
+import { redirect } from "next/navigation";
+import Link from "next/link";
+
+import { auth } from "@/auth";
+import { ResetRequestForm } from "./_components/ResetRequestForm";
+
+export const dynamic = "force-dynamic";
+
+export default async function ForgotPasswordPage() {
+  const session = await auth();
+  if (session?.user?.id) redirect("/");
+
+  return (
+    <main className="mx-auto flex min-h-[70vh] max-w-md items-center px-6 py-12">
+      <div className="w-full space-y-4 rounded-xl border border-zinc-200 bg-white p-6 shadow-sm">
+        <header>
+          <h1 className="text-2xl font-semibold text-zinc-900">Mot de passe oublié</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            Saisissez votre email. Si un compte existe, vous recevrez un lien valable 1 heure pour
+            choisir un nouveau mot de passe.
+          </p>
+        </header>
+
+        <ResetRequestForm />
+
+        <p className="border-t border-zinc-100 pt-3 text-center text-sm text-zinc-500">
+          <Link href="/connexion" className="text-zinc-900 underline">
+            Retour à la connexion
+          </Link>
+        </p>
+      </div>
+    </main>
+  );
+}
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
index 5e88e57..96d9836 100644
--- a/src/components/SiteHeader.tsx
+++ b/src/components/SiteHeader.tsx
@@ -44,6 +44,9 @@ export async function SiteHeader() {
               <Link href="/mes-reservations" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                 Mes réservations
               </Link>
+              <Link href="/mon-compte" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
+                Mon compte
+              </Link>
               {isOwner ? (
                 <Link href="/espace-hote" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                   Espace hôte
diff --git a/src/lib/carbet-search.ts b/src/lib/carbet-search.ts
index 0f25da3..bed9fd5 100644
--- a/src/lib/carbet-search.ts
+++ b/src/lib/carbet-search.ts
@@ -16,6 +16,8 @@ export type CarbetSearchFilters = {
   // Filtre plugin access-type : si "river-only" exclu, on garde uniquement
   // ROAD_AND_RIVER. Si "all" ou non spécifié, tout passe.
   accessibility?: "road-only" | "all";
+  priceMax?: number;
+  amenities?: string[];
 };
 
 export type RawSearchParams = {
@@ -69,6 +71,24 @@ export function parseSearchFilters(
     filters.accessibility = accessibility;
   }
 
+  const priceMaxRaw = pickString(searchParams.priceMax);
+  if (priceMaxRaw) {
+    const priceMax = Number(priceMaxRaw);
+    if (Number.isFinite(priceMax) && priceMax > 0 && priceMax <= 10000) {
+      filters.priceMax = priceMax;
+    }
+  }
+
+  const amenitiesRaw = searchParams.amenities;
+  if (amenitiesRaw) {
+    const arr = Array.isArray(amenitiesRaw) ? amenitiesRaw : [amenitiesRaw];
+    const keys = arr
+      .flatMap((s) => s.split(","))
+      .map((s) => s.trim())
+      .filter((s) => /^[a-z0-9-]{1,40}$/.test(s));
+    if (keys.length > 0) filters.amenities = keys.slice(0, 10);
+  }
+
   return filters;
 }
 
@@ -112,6 +132,16 @@ function buildWhere(filters: CarbetSearchFilters): Prisma.CarbetWhereInput {
     where.accessType = AccessType.ROAD_AND_RIVER;
   }
 
+  if (filters.priceMax !== undefined) {
+    where.nightlyPrice = { lte: filters.priceMax };
+  }
+
+  if (filters.amenities && filters.amenities.length > 0) {
+    where.AND = filters.amenities.map((key) => ({
+      amenities: { some: { amenity: { key } } },
+    }));
+  }
+
   if (filters.startDate && filters.endDate) {
     where.availabilities = {
       some: {
diff --git a/src/lib/email.ts b/src/lib/email.ts
index 3712ee7..4652796 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -186,6 +186,23 @@ export async function sendBookingConfirmed(
   });
 }
 
+export async function sendPasswordReset(
+  to: string,
+  resetUrl: string,
+): Promise<void> {
+  await sendEmail({
+    to,
+    subject: "Réinitialisation de votre mot de passe Karbé",
+    html: wrap(
+      "Réinitialiser votre mot de passe",
+      `<p>Vous avez demandé à réinitialiser votre mot de passe Karbé. Cliquez sur le lien ci-dessous pour choisir un nouveau mot de passe (valable 1 heure) :</p>
+       <p><a href="${resetUrl}" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Réinitialiser mon mot de passe</a></p>
+       <p style="font-size:12px;color:#71717a;">Si vous n'avez pas fait cette demande, ignorez simplement cet email — votre mot de passe ne change pas.</p>`,
+    ),
+    text: `Réinitialiser votre mot de passe Karbé : ${resetUrl} (valable 1h).`,
+  });
+}
+
 export async function sendBookingRefunded(
   to: string,
   firstName: string,
diff --git a/src/lib/password-reset.ts b/src/lib/password-reset.ts
new file mode 100644
index 0000000..31959da
--- /dev/null
+++ b/src/lib/password-reset.ts
@@ -0,0 +1,51 @@
+import "server-only";
+
+import crypto from "node:crypto";
+
+import { prisma } from "@/lib/prisma";
+import { hashPassword } from "@/lib/password";
+
+const TOKEN_TTL_MS = 60 * 60 * 1000; // 1 hour
+
+function hashToken(token: string): string {
+  return crypto.createHash("sha256").update(token).digest("hex");
+}
+
+/** Crée un token (renvoie la version *plain* à mettre dans l'URL email). */
+export async function createPasswordResetToken(userId: string): Promise<string> {
+  const token = crypto.randomBytes(32).toString("base64url");
+  const tokenHash = hashToken(token);
+  const expiresAt = new Date(Date.now() + TOKEN_TTL_MS);
+  await prisma.passwordResetToken.create({
+    data: { tokenHash, userId, expiresAt },
+  });
+  return token;
+}
+
+/** Vérifie un token plain → renvoie userId si valide & non expiré. */
+export async function consumePasswordResetToken(
+  plainToken: string,
+  newPassword: string,
+): Promise<{ ok: true; userId: string } | { ok: false; reason: string }> {
+  const tokenHash = hashToken(plainToken);
+  const row = await prisma.passwordResetToken.findUnique({ where: { tokenHash } });
+  if (!row) return { ok: false, reason: "Lien invalide." };
+  if (row.expiresAt < new Date()) {
+    await prisma.passwordResetToken.delete({ where: { tokenHash } }).catch(() => {});
+    return { ok: false, reason: "Lien expiré." };
+  }
+  const passwordHash = await hashPassword(newPassword);
+  await prisma.$transaction([
+    prisma.user.update({ where: { id: row.userId }, data: { passwordHash } }),
+    prisma.passwordResetToken.deleteMany({ where: { userId: row.userId } }),
+  ]);
+  return { ok: true, userId: row.userId };
+}
+
+/** Cleanup utility — peut être lancé par un cron. */
+export async function purgeExpiredResetTokens(): Promise<number> {
+  const result = await prisma.passwordResetToken.deleteMany({
+    where: { expiresAt: { lt: new Date() } },
+  });
+  return result.count;
+}

From a58815ec9cc9bcf9a2830f457762a533af126423 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 10:21:03 +0000
Subject: [PATCH 13/47] fix: ajout effectif facettes priceMax + amenities dans
 SearchFilters (oubli PR#57)

---
 .../carbets/_components/search-filters.tsx    | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/src/app/carbets/_components/search-filters.tsx b/src/app/carbets/_components/search-filters.tsx
index 999f66c..fb383f2 100644
--- a/src/app/carbets/_components/search-filters.tsx
+++ b/src/app/carbets/_components/search-filters.tsx
@@ -1,6 +1,7 @@
 import Link from "next/link";
 
 import type { CarbetSearchFilters } from "@/lib/carbet-search";
+import { AMENITY_CATALOG } from "@/lib/amenities";
 
 type SearchFiltersProps = {
   filters: CarbetSearchFilters;
@@ -73,6 +74,48 @@ export function SearchFilters({ filters, rivers }: SearchFiltersProps) {
         />
       </label>
 
+      <label className="flex flex-col gap-1 text-sm">
+        <span className="font-medium text-zinc-700">Budget max (€/nuit)</span>
+        <input
+          type="number"
+          name="priceMax"
+          min={1}
+          step="10"
+          defaultValue={filters.priceMax ?? ""}
+          placeholder="ex. 100"
+          className="rounded-md border border-zinc-300 px-3 py-2 text-zinc-900 focus:border-emerald-500 focus:outline-none"
+        />
+      </label>
+
+      <fieldset className="flex flex-col gap-1 text-sm sm:col-span-2 lg:col-span-5">
+        <legend className="font-medium text-zinc-700">Équipements souhaités</legend>
+        <div className="flex flex-wrap gap-2 pt-1">
+          {AMENITY_CATALOG.map((a) => {
+            const checked = (filters.amenities ?? []).includes(a.key);
+            return (
+              <label
+                key={a.key}
+                className={
+                  "flex cursor-pointer items-center gap-1 rounded-full border px-2.5 py-1 text-xs " +
+                  (checked
+                    ? "border-emerald-600 bg-emerald-50 text-emerald-900"
+                    : "border-zinc-300 bg-white text-zinc-700 hover:border-zinc-400")
+                }
+              >
+                <input
+                  type="checkbox"
+                  name="amenities"
+                  value={a.key}
+                  defaultChecked={checked}
+                  className="sr-only"
+                />
+                {a.label}
+              </label>
+            );
+          })}
+        </div>
+      </fieldset>
+
       <div className="flex items-end gap-2 sm:col-span-2 lg:col-span-5 lg:justify-end">
         <Link
           href="/carbets"

From 1e6acf29b9cd906917ca72c1aab1e1ae825b491a Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 16:16:25 +0000
Subject: [PATCH 14/47] =?UTF-8?q?feat:=20dashboard=20espace=20h=C3=B4te=20?=
 =?UTF-8?q?(KPIs=20+=20r=C3=A9sa=20pending=20+=20carbets=20+=20activit?=
 =?UTF-8?q?=C3=A9)=20+=20lightbox=20galerie?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../carbets/_components/carbet-gallery.tsx    | 222 ++++++++++++++----
 .../_components/BookingDecision.tsx           |  77 ++++++
 src/app/espace-hote/actions.ts                |  75 ++++++
 src/lib/host-dashboard.ts                     | 203 ++++++++++++++++
 4 files changed, 527 insertions(+), 50 deletions(-)
 create mode 100644 src/app/espace-hote/_components/BookingDecision.tsx
 create mode 100644 src/app/espace-hote/actions.ts
 create mode 100644 src/lib/host-dashboard.ts

diff --git a/src/app/carbets/_components/carbet-gallery.tsx b/src/app/carbets/_components/carbet-gallery.tsx
index 807adda..a5c7ca1 100644
--- a/src/app/carbets/_components/carbet-gallery.tsx
+++ b/src/app/carbets/_components/carbet-gallery.tsx
@@ -1,3 +1,7 @@
+"use client";
+
+import { useCallback, useEffect, useState } from "react";
+
 import type { PublicCarbetMedia } from "@/lib/carbet-public";
 import { MediaType } from "@/generated/prisma/enums";
 
@@ -6,9 +10,36 @@ type Props = {
   media: PublicCarbetMedia[];
 };
 
-// SSR-friendly gallery: shows a cover (photo or video) plus a strip of
-// secondary media. No client component — all native HTML controls.
+/**
+ * Galerie publique : grille de vignettes ; clic = lightbox plein écran avec
+ * navigation prev/next, fermeture par Esc ou clic backdrop. Pas de dep externe.
+ */
 export function CarbetGallery({ title, media }: Props) {
+  const [active, setActive] = useState<number | null>(null);
+
+  const close = useCallback(() => setActive(null), []);
+  const next = useCallback(() => {
+    setActive((i) => (i === null ? null : (i + 1) % media.length));
+  }, [media.length]);
+  const prev = useCallback(() => {
+    setActive((i) => (i === null ? null : (i - 1 + media.length) % media.length));
+  }, [media.length]);
+
+  useEffect(() => {
+    if (active === null) return;
+    function onKey(e: KeyboardEvent) {
+      if (e.key === "Escape") close();
+      else if (e.key === "ArrowRight") next();
+      else if (e.key === "ArrowLeft") prev();
+    }
+    window.addEventListener("keydown", onKey);
+    document.body.style.overflow = "hidden";
+    return () => {
+      window.removeEventListener("keydown", onKey);
+      document.body.style.overflow = "";
+    };
+  }, [active, close, next, prev]);
+
   if (media.length === 0) {
     return (
       <div className="flex aspect-[16/9] w-full items-center justify-center rounded-lg bg-zinc-100 text-sm text-zinc-400">
@@ -17,57 +48,148 @@ export function CarbetGallery({ title, media }: Props) {
     );
   }
 
-  const [cover, ...rest] = media;
+  const cover = media[0];
+  const rest = media.slice(1);
+  const current = active === null ? null : media[active];
 
   return (
-    <div className="space-y-3">
-      <figure className="overflow-hidden rounded-lg bg-zinc-100">
-        {cover.type === MediaType.VIDEO ? (
-          <video
-            src={cover.url}
-            controls
-            playsInline
-            preload="metadata"
-            className="aspect-[16/9] w-full bg-black object-contain"
-          />
-        ) : (
-          // eslint-disable-next-line @next/next/no-img-element
-          <img
-            src={cover.url}
-            alt={`Photo principale de ${title}`}
-            className="aspect-[16/9] w-full object-cover"
-          />
-        )}
-      </figure>
+    <>
+      <div className="space-y-3">
+        <button
+          type="button"
+          onClick={() => setActive(0)}
+          className="block w-full overflow-hidden rounded-lg bg-zinc-100 transition hover:opacity-95"
+          aria-label="Ouvrir la photo principale en grand"
+        >
+          {cover.type === MediaType.VIDEO ? (
+            <video
+              src={cover.url}
+              controls
+              playsInline
+              preload="metadata"
+              className="aspect-[16/9] w-full bg-black object-contain"
+            />
+          ) : (
+            // eslint-disable-next-line @next/next/no-img-element
+            <img
+              src={cover.url}
+              alt={`Photo principale de ${title}`}
+              className="aspect-[16/9] w-full cursor-zoom-in object-cover"
+            />
+          )}
+        </button>
 
-      {rest.length > 0 ? (
-        <ul className="grid grid-cols-2 gap-3 sm:grid-cols-4">
-          {rest.map((item) => (
-            <li
-              key={item.id}
-              className="overflow-hidden rounded-md bg-zinc-100"
-            >
-              {item.type === MediaType.VIDEO ? (
-                <video
-                  src={item.url}
-                  preload="metadata"
-                  controls
-                  playsInline
-                  className="aspect-square w-full bg-black object-contain"
-                />
-              ) : (
-                // eslint-disable-next-line @next/next/no-img-element
-                <img
-                  src={item.url}
-                  alt={`Média de ${title}`}
-                  loading="lazy"
-                  className="aspect-square w-full object-cover"
-                />
-              )}
-            </li>
-          ))}
-        </ul>
+        {rest.length > 0 ? (
+          <ul className="grid grid-cols-2 gap-3 sm:grid-cols-4">
+            {rest.map((item, idx) => (
+              <li key={item.id} className="overflow-hidden rounded-md bg-zinc-100">
+                <button
+                  type="button"
+                  onClick={() => setActive(idx + 1)}
+                  className="block w-full"
+                  aria-label="Ouvrir en grand"
+                >
+                  {item.type === MediaType.VIDEO ? (
+                    <video
+                      src={item.url}
+                      preload="metadata"
+                      controls
+                      playsInline
+                      className="aspect-square w-full bg-black object-contain"
+                    />
+                  ) : (
+                    // eslint-disable-next-line @next/next/no-img-element
+                    <img
+                      src={item.url}
+                      alt={`Média de ${title}`}
+                      loading="lazy"
+                      className="aspect-square w-full cursor-zoom-in object-cover transition hover:scale-105"
+                    />
+                  )}
+                </button>
+              </li>
+            ))}
+          </ul>
+        ) : null}
+      </div>
+
+      {current ? (
+        <div
+          className="fixed inset-0 z-50 flex items-center justify-center bg-black/85 backdrop-blur-sm"
+          onClick={close}
+          role="dialog"
+          aria-modal="true"
+          aria-label="Galerie photo"
+        >
+          <button
+            type="button"
+            onClick={close}
+            className="absolute right-4 top-4 rounded-full bg-white/10 p-2 text-white hover:bg-white/20"
+            aria-label="Fermer"
+          >
+            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
+              <path d="M6 6 L18 18 M6 18 L18 6" />
+            </svg>
+          </button>
+
+          {media.length > 1 ? (
+            <>
+              <button
+                type="button"
+                onClick={(e) => {
+                  e.stopPropagation();
+                  prev();
+                }}
+                className="absolute left-4 top-1/2 -translate-y-1/2 rounded-full bg-white/10 p-3 text-white hover:bg-white/20"
+                aria-label="Précédent"
+              >
+                <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2.5">
+                  <path d="M15 6 L9 12 L15 18" />
+                </svg>
+              </button>
+              <button
+                type="button"
+                onClick={(e) => {
+                  e.stopPropagation();
+                  next();
+                }}
+                className="absolute right-4 top-1/2 -translate-y-1/2 rounded-full bg-white/10 p-3 text-white hover:bg-white/20"
+                aria-label="Suivant"
+              >
+                <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2.5">
+                  <path d="M9 6 L15 12 L9 18" />
+                </svg>
+              </button>
+            </>
+          ) : null}
+
+          <div
+            className="max-h-[88vh] max-w-[92vw]"
+            onClick={(e) => e.stopPropagation()}
+          >
+            {current.type === MediaType.VIDEO ? (
+              <video
+                src={current.url}
+                controls
+                autoPlay
+                playsInline
+                className="max-h-[88vh] max-w-[92vw] object-contain"
+              />
+            ) : (
+              // eslint-disable-next-line @next/next/no-img-element
+              <img
+                src={current.url}
+                alt={`Photo ${active! + 1} sur ${media.length} de ${title}`}
+                className="max-h-[88vh] max-w-[92vw] object-contain"
+              />
+            )}
+          </div>
+
+          <div className="absolute bottom-4 left-1/2 -translate-x-1/2 rounded-full bg-white/10 px-3 py-1 text-xs text-white">
+            {active! + 1} / {media.length}
+          </div>
+        </div>
       ) : null}
-    </div>
+    </>
   );
 }
diff --git a/src/app/espace-hote/_components/BookingDecision.tsx b/src/app/espace-hote/_components/BookingDecision.tsx
new file mode 100644
index 0000000..9380ea2
--- /dev/null
+++ b/src/app/espace-hote/_components/BookingDecision.tsx
@@ -0,0 +1,77 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+import { confirmBookingAsHost, rejectBookingAsHost } from "../actions";
+
+export function BookingDecision({ bookingId }: { bookingId: string }) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [confirmReject, setConfirmReject] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  function accept() {
+    setError(null);
+    startTransition(async () => {
+      const res = await confirmBookingAsHost(bookingId);
+      if (res && res.ok === false) setError(res.error);
+      router.refresh();
+    });
+  }
+  function reject() {
+    setError(null);
+    startTransition(async () => {
+      const res = await rejectBookingAsHost(bookingId);
+      if (res && res.ok === false) setError(res.error);
+      setConfirmReject(false);
+      router.refresh();
+    });
+  }
+
+  return (
+    <div className="flex flex-wrap items-center gap-1.5">
+      {confirmReject ? (
+        <div className="flex items-center gap-1.5 rounded border border-rose-300 bg-rose-50 px-2 py-1">
+          <span className="text-xs text-rose-900">Refuser ?</span>
+          <button
+            type="button"
+            onClick={reject}
+            disabled={pending}
+            className="rounded bg-rose-700 px-2 py-1 text-[11px] font-semibold text-white hover:bg-rose-800 disabled:opacity-50"
+          >
+            Oui
+          </button>
+          <button
+            type="button"
+            onClick={() => setConfirmReject(false)}
+            disabled={pending}
+            className="text-[11px] text-zinc-500 hover:text-zinc-900"
+          >
+            Annuler
+          </button>
+        </div>
+      ) : (
+        <>
+          <button
+            type="button"
+            onClick={accept}
+            disabled={pending}
+            className="rounded bg-emerald-600 px-2.5 py-1 text-[11px] font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+          >
+            Confirmer
+          </button>
+          <button
+            type="button"
+            onClick={() => setConfirmReject(true)}
+            disabled={pending}
+            className="rounded border border-rose-300 bg-white px-2.5 py-1 text-[11px] font-semibold text-rose-700 hover:bg-rose-50 disabled:opacity-50"
+          >
+            Refuser
+          </button>
+        </>
+      )}
+      {error ? <span className="text-[11px] text-rose-700">{error}</span> : null}
+    </div>
+  );
+}
diff --git a/src/app/espace-hote/actions.ts b/src/app/espace-hote/actions.ts
new file mode 100644
index 0000000..fa9208c
--- /dev/null
+++ b/src/app/espace-hote/actions.ts
@@ -0,0 +1,75 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+
+import { auth } from "@/auth";
+import { BookingStatus, UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
+import { sendBookingConfirmed } from "@/lib/email";
+
+async function requireBookingOwnership(bookingId: string) {
+  const session = await auth();
+  if (!session?.user?.id) throw new Error("Non authentifié");
+  const booking = await prisma.booking.findUnique({
+    where: { id: bookingId },
+    include: {
+      carbet: { select: { ownerId: true, title: true } },
+      tenant: { select: { email: true, firstName: true } },
+    },
+  });
+  if (!booking) throw new Error("Réservation introuvable");
+  const isAdmin = session.user.role === UserRole.ADMIN;
+  if (!isAdmin && booking.carbet.ownerId !== session.user.id) {
+    throw new Error("Accès refusé");
+  }
+  return { session, booking };
+}
+
+export async function confirmBookingAsHost(bookingId: string) {
+  const { session, booking } = await requireBookingOwnership(bookingId);
+  if (booking.status !== BookingStatus.PENDING) {
+    return { ok: false as const, error: "Cette réservation ne peut plus être confirmée." };
+  }
+  const updated = await prisma.booking.update({
+    where: { id: bookingId },
+    data: { status: BookingStatus.CONFIRMED },
+  });
+  await recordAudit({
+    scope: "host.bookings",
+    event: "confirm",
+    target: bookingId,
+    actorEmail: session.user.email ?? null,
+    details: {},
+  });
+  sendBookingConfirmed(
+    booking.tenant.email,
+    booking.tenant.firstName,
+    bookingId,
+    booking.carbet.title,
+    updated.startDate,
+    updated.endDate,
+  ).catch(() => {});
+  revalidatePath("/espace-hote");
+  return { ok: true as const };
+}
+
+export async function rejectBookingAsHost(bookingId: string) {
+  const { session, booking } = await requireBookingOwnership(bookingId);
+  if (booking.status !== BookingStatus.PENDING) {
+    return { ok: false as const, error: "Cette réservation ne peut plus être refusée." };
+  }
+  await prisma.booking.update({
+    where: { id: bookingId },
+    data: { status: BookingStatus.CANCELLED },
+  });
+  await recordAudit({
+    scope: "host.bookings",
+    event: "reject",
+    target: bookingId,
+    actorEmail: session.user.email ?? null,
+    details: {},
+  });
+  revalidatePath("/espace-hote");
+  return { ok: true as const };
+}
diff --git a/src/lib/host-dashboard.ts b/src/lib/host-dashboard.ts
new file mode 100644
index 0000000..586ff65
--- /dev/null
+++ b/src/lib/host-dashboard.ts
@@ -0,0 +1,203 @@
+import "server-only";
+
+import { BookingStatus, PaymentStatus, UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export type HostKpis = {
+  revenueTotal: string;
+  revenue30d: string;
+  revenue365d: string;
+  bookingsPending: number;
+  bookingsConfirmedUpcoming: number;
+  bookingsTotal: number;
+  carbetsCount: number;
+  carbetsPublished: number;
+  occupancyRate30d: number; // 0..1
+  nextArrival: { id: string; carbetTitle: string; startDate: Date; tenantName: string } | null;
+};
+
+type Scope = { ownerId: string; isAdmin: boolean };
+
+function scopeWhere(scope: Scope) {
+  return scope.isAdmin ? {} : { carbet: { ownerId: scope.ownerId } };
+}
+
+function carbetWhere(scope: Scope) {
+  return scope.isAdmin ? {} : { ownerId: scope.ownerId };
+}
+
+export async function getHostKpis(scope: Scope): Promise<HostKpis> {
+  const now = new Date();
+  const last30 = new Date(now.getTime() - 30 * 86_400_000);
+  const last365 = new Date(now.getTime() - 365 * 86_400_000);
+
+  const [revAll, rev30, rev365, pending, upcomingConfirmed, total, carbetsTotal, carbetsPub, nextArrival] =
+    await Promise.all([
+      prisma.booking.aggregate({
+        where: {
+          ...scopeWhere(scope),
+          status: { in: [BookingStatus.CONFIRMED, BookingStatus.COMPLETED] },
+          paymentStatus: { in: [PaymentStatus.SUCCEEDED, PaymentStatus.AUTHORIZED] },
+        },
+        _sum: { amount: true },
+      }),
+      prisma.booking.aggregate({
+        where: {
+          ...scopeWhere(scope),
+          status: { in: [BookingStatus.CONFIRMED, BookingStatus.COMPLETED] },
+          paymentStatus: { in: [PaymentStatus.SUCCEEDED, PaymentStatus.AUTHORIZED] },
+          createdAt: { gte: last30 },
+        },
+        _sum: { amount: true },
+      }),
+      prisma.booking.aggregate({
+        where: {
+          ...scopeWhere(scope),
+          status: { in: [BookingStatus.CONFIRMED, BookingStatus.COMPLETED] },
+          paymentStatus: { in: [PaymentStatus.SUCCEEDED, PaymentStatus.AUTHORIZED] },
+          createdAt: { gte: last365 },
+        },
+        _sum: { amount: true },
+      }),
+      prisma.booking.count({
+        where: { ...scopeWhere(scope), status: BookingStatus.PENDING },
+      }),
+      prisma.booking.count({
+        where: {
+          ...scopeWhere(scope),
+          status: BookingStatus.CONFIRMED,
+          startDate: { gte: now },
+        },
+      }),
+      prisma.booking.count({ where: scopeWhere(scope) }),
+      prisma.carbet.count({ where: carbetWhere(scope) }),
+      prisma.carbet.count({ where: { ...carbetWhere(scope), status: "PUBLISHED" } }),
+      prisma.booking.findFirst({
+        where: {
+          ...scopeWhere(scope),
+          status: BookingStatus.CONFIRMED,
+          startDate: { gte: now },
+        },
+        orderBy: { startDate: "asc" },
+        select: {
+          id: true,
+          startDate: true,
+          carbet: { select: { title: true } },
+          tenant: { select: { firstName: true, lastName: true } },
+        },
+      }),
+    ]);
+
+  // Taux d'occupation 30j : nuits réservées / (carbets publiés × 30)
+  const occupiedNights = await prisma.booking.findMany({
+    where: {
+      ...scopeWhere(scope),
+      status: { in: [BookingStatus.CONFIRMED, BookingStatus.COMPLETED] },
+      startDate: { lt: now },
+      endDate: { gte: last30 },
+    },
+    select: { startDate: true, endDate: true },
+  });
+  let totalNightsOccupied = 0;
+  for (const b of occupiedNights) {
+    const s = Math.max(b.startDate.getTime(), last30.getTime());
+    const e = Math.min(b.endDate.getTime(), now.getTime());
+    if (e > s) totalNightsOccupied += Math.floor((e - s) / 86_400_000);
+  }
+  const denom = Math.max(1, carbetsPub * 30);
+  const occupancyRate30d = Math.min(1, totalNightsOccupied / denom);
+
+  return {
+    revenueTotal: (revAll._sum.amount ?? 0).toString(),
+    revenue30d: (rev30._sum.amount ?? 0).toString(),
+    revenue365d: (rev365._sum.amount ?? 0).toString(),
+    bookingsPending: pending,
+    bookingsConfirmedUpcoming: upcomingConfirmed,
+    bookingsTotal: total,
+    carbetsCount: carbetsTotal,
+    carbetsPublished: carbetsPub,
+    occupancyRate30d,
+    nextArrival: nextArrival
+      ? {
+          id: nextArrival.id,
+          carbetTitle: nextArrival.carbet.title,
+          startDate: nextArrival.startDate,
+          tenantName: `${nextArrival.tenant.firstName} ${nextArrival.tenant.lastName}`.trim(),
+        }
+      : null,
+  };
+}
+
+export type HostRecentBooking = {
+  id: string;
+  carbetId: string;
+  carbetTitle: string;
+  carbetSlug: string;
+  tenantName: string;
+  startDate: Date;
+  endDate: Date;
+  guestCount: number;
+  status: BookingStatus;
+  paymentStatus: PaymentStatus;
+  amount: string;
+  currency: string;
+};
+
+export async function listHostRecentBookings(
+  scope: Scope,
+  limit = 10,
+): Promise<HostRecentBooking[]> {
+  const rows = await prisma.booking.findMany({
+    where: scopeWhere(scope),
+    orderBy: [{ status: "asc" }, { createdAt: "desc" }],
+    take: limit,
+    select: {
+      id: true,
+      startDate: true,
+      endDate: true,
+      guestCount: true,
+      status: true,
+      paymentStatus: true,
+      amount: true,
+      currency: true,
+      carbet: { select: { id: true, title: true, slug: true } },
+      tenant: { select: { firstName: true, lastName: true } },
+    },
+  });
+  return rows.map((r) => ({
+    id: r.id,
+    carbetId: r.carbet.id,
+    carbetTitle: r.carbet.title,
+    carbetSlug: r.carbet.slug,
+    tenantName: `${r.tenant.firstName} ${r.tenant.lastName}`.trim(),
+    startDate: r.startDate,
+    endDate: r.endDate,
+    guestCount: r.guestCount,
+    status: r.status,
+    paymentStatus: r.paymentStatus,
+    amount: r.amount.toString(),
+    currency: r.currency,
+  }));
+}
+
+export async function listHostCarbets(scope: Scope) {
+  const rows = await prisma.carbet.findMany({
+    where: carbetWhere(scope),
+    orderBy: [{ updatedAt: "desc" }],
+    select: {
+      id: true,
+      slug: true,
+      title: true,
+      status: true,
+      nightlyPrice: true,
+      capacity: true,
+      river: true,
+      _count: { select: { bookings: true, reviews: true, media: true } },
+    },
+  });
+  return rows.map((r) => ({ ...r, nightlyPrice: r.nightlyPrice.toString() }));
+}
+
+export function isScopeAdmin(role: UserRole | string | undefined): boolean {
+  return role === UserRole.ADMIN;
+}

From 55c024433643a59bcd6320bf232365c96a88a923 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 16:20:06 +0000
Subject: [PATCH 15/47] fix: rebrancher espace-hote/page.tsx sur le nouveau
 dashboard (oubli PR#59)

---
 src/app/espace-hote/page.tsx | 292 +++++++++++++++++++++++++++++++++--
 1 file changed, 277 insertions(+), 15 deletions(-)

diff --git a/src/app/espace-hote/page.tsx b/src/app/espace-hote/page.tsx
index d412d73..32f3d03 100644
--- a/src/app/espace-hote/page.tsx
+++ b/src/app/espace-hote/page.tsx
@@ -1,25 +1,287 @@
 import Link from "next/link";
 
+import { auth } from "@/auth";
 import { requireRole } from "@/lib/authorization";
+import { BookingStatus, UserRole } from "@/generated/prisma/enums";
+import {
+  getHostKpis,
+  listHostCarbets,
+  listHostRecentBookings,
+  isScopeAdmin,
+} from "@/lib/host-dashboard";
 
-export default async function HostPage() {
-  const session = await requireRole(["OWNER", "ADMIN"]);
+import { BookingDecision } from "./_components/BookingDecision";
+
+export const dynamic = "force-dynamic";
+
+const STATUS_TONES: Record<string, string> = {
+  PENDING: "bg-sky-100 text-sky-800 ring-sky-300",
+  CONFIRMED: "bg-emerald-100 text-emerald-800 ring-emerald-300",
+  CANCELLED: "bg-rose-100 text-rose-700 ring-rose-300",
+  COMPLETED: "bg-zinc-100 text-zinc-700 ring-zinc-300",
+  SUCCEEDED: "bg-emerald-100 text-emerald-800 ring-emerald-300",
+  REFUNDED: "bg-amber-100 text-amber-800 ring-amber-300",
+  FAILED: "bg-rose-100 text-rose-700 ring-rose-300",
+  AUTHORIZED: "bg-indigo-100 text-indigo-800 ring-indigo-300",
+  DRAFT: "bg-zinc-100 text-zinc-700 ring-zinc-300",
+  PUBLISHED: "bg-emerald-100 text-emerald-800 ring-emerald-300",
+  ARCHIVED: "bg-amber-100 text-amber-800 ring-amber-300",
+};
+
+const STATUS_LABEL: Record<string, string> = {
+  PENDING: "En attente",
+  CONFIRMED: "Confirmée",
+  CANCELLED: "Annulée",
+  COMPLETED: "Terminée",
+  SUCCEEDED: "Payé",
+  REFUNDED: "Remboursé",
+  FAILED: "Échec",
+  AUTHORIZED: "Autorisé",
+  DRAFT: "Brouillon",
+  PUBLISHED: "Publié",
+  ARCHIVED: "Archivé",
+};
+
+function Badge({ value }: { value: string }) {
+  const tone = STATUS_TONES[value] ?? STATUS_TONES.PENDING;
+  return (
+    <span className={`inline-flex rounded-full px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider ring-1 ring-inset ${tone}`}>
+      {STATUS_LABEL[value] ?? value}
+    </span>
+  );
+}
+
+function fmtEur(amount: string, currency: string): string {
+  const n = Number(amount);
+  return n.toLocaleString("fr-FR", { style: "currency", currency: currency || "EUR" });
+}
+
+const dateFmt = new Intl.DateTimeFormat("fr-FR", {
+  day: "2-digit",
+  month: "short",
+  year: "2-digit",
+});
+
+export default async function HostDashboardPage() {
+  await requireRole([UserRole.OWNER, UserRole.ADMIN]);
+  const session = await auth();
+  const userId = session!.user.id;
+  const isAdmin = isScopeAdmin(session?.user?.role);
+  const scope = { ownerId: userId, isAdmin };
+
+  const [kpis, recent, carbets] = await Promise.all([
+    getHostKpis(scope),
+    listHostRecentBookings(scope, 12),
+    listHostCarbets(scope),
+  ]);
+
+  const pendingBookings = recent.filter((b) => b.status === BookingStatus.PENDING);
 
   return (
-    <main className="mx-auto max-w-4xl px-6 py-12">
-      <h1 className="text-3xl font-semibold">Espace hôte</h1>
-      <p className="mt-4 text-zinc-700">
-        Accès autorisé pour {session.user.email} ({session.user.role}).
-      </p>
+    <main className="mx-auto max-w-6xl px-6 py-10">
+      <header className="mb-6 flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <h1 className="text-3xl font-semibold text-zinc-900">Espace hôte</h1>
+          <p className="mt-1 text-sm text-zinc-600">
+            Bienvenue {session?.user?.name || session?.user?.email}.{" "}
+            {isAdmin ? "Vue globale (admin)." : "Vue limitée à vos carbets."}
+          </p>
+        </div>
+        <div className="flex gap-2">
+          <Link
+            href="/espace-hote/carbets/nouveau"
+            className="rounded-md bg-emerald-600 px-3 py-1.5 text-sm font-semibold text-white hover:bg-emerald-700"
+          >
+            + Nouveau carbet
+          </Link>
+          <Link
+            href="/espace-hote/carbets"
+            className="rounded-md border border-zinc-300 bg-white px-3 py-1.5 text-sm text-zinc-700 hover:bg-zinc-50"
+          >
+            Tous mes carbets
+          </Link>
+        </div>
+      </header>
 
-      <div className="mt-8">
-        <Link
-          href="/espace-hote/carbets"
-          className="inline-block rounded-md bg-emerald-600 px-5 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700"
-        >
-          Gérer mes carbets
-        </Link>
-      </div>
+      <section className="mb-6 grid grid-cols-2 gap-3 sm:grid-cols-3 lg:grid-cols-6">
+        <Kpi label="CA total" value={fmtEur(kpis.revenueTotal, "EUR")} />
+        <Kpi label="CA 30 j" value={fmtEur(kpis.revenue30d, "EUR")} />
+        <Kpi label="CA 12 mois" value={fmtEur(kpis.revenue365d, "EUR")} />
+        <Kpi
+          label="À confirmer"
+          value={String(kpis.bookingsPending)}
+          tone={kpis.bookingsPending > 0 ? "warn" : "neutral"}
+        />
+        <Kpi label="Confirmées à venir" value={String(kpis.bookingsConfirmedUpcoming)} />
+        <Kpi label="Occupation 30 j" value={`${Math.round(kpis.occupancyRate30d * 100)} %`} />
+      </section>
+
+      {kpis.nextArrival ? (
+        <section className="mb-6 rounded-lg border border-emerald-300 bg-emerald-50 p-4">
+          <div className="text-xs uppercase tracking-wider text-emerald-700">Prochaine arrivée</div>
+          <div className="mt-1 text-base font-semibold text-emerald-900">
+            {kpis.nextArrival.tenantName} · {kpis.nextArrival.carbetTitle}
+          </div>
+          <div className="text-sm text-emerald-800">
+            {dateFmt.format(kpis.nextArrival.startDate)}
+          </div>
+        </section>
+      ) : null}
+
+      {pendingBookings.length > 0 ? (
+        <section className="mb-6 rounded-lg border border-amber-300 bg-amber-50 p-4">
+          <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-amber-900">
+            Demandes en attente ({pendingBookings.length})
+          </h2>
+          <ul className="space-y-2">
+            {pendingBookings.map((b) => (
+              <li key={b.id} className="flex flex-wrap items-center justify-between gap-3 rounded border border-amber-200 bg-white px-3 py-2 text-sm">
+                <div>
+                  <div className="font-semibold text-zinc-900">
+                    {b.tenantName} — {b.carbetTitle}
+                  </div>
+                  <div className="text-xs text-zinc-600">
+                    {dateFmt.format(b.startDate)} → {dateFmt.format(b.endDate)} ·{" "}
+                    {b.guestCount} pers · {fmtEur(b.amount, b.currency)}
+                  </div>
+                </div>
+                <BookingDecision bookingId={b.id} />
+              </li>
+            ))}
+          </ul>
+        </section>
+      ) : null}
+
+      <section className="mb-6">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Mes carbets ({carbets.length})
+        </h2>
+        {carbets.length === 0 ? (
+          <div className="rounded-lg border border-zinc-200 bg-white px-4 py-8 text-center text-sm text-zinc-500">
+            Aucun carbet pour l&apos;instant.{" "}
+            <Link href="/espace-hote/carbets/nouveau" className="text-emerald-700 underline">
+              Créer mon premier carbet
+            </Link>
+          </div>
+        ) : (
+          <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+            <table className="w-full text-sm">
+              <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+                <tr>
+                  <th className="px-4 py-2 text-left font-semibold">Titre</th>
+                  <th className="px-4 py-2 text-left font-semibold">Fleuve</th>
+                  <th className="px-4 py-2 text-right font-semibold">€/nuit</th>
+                  <th className="px-4 py-2 text-right font-semibold">Cap.</th>
+                  <th className="px-4 py-2 text-right font-semibold">Médias</th>
+                  <th className="px-4 py-2 text-right font-semibold">Résas</th>
+                  <th className="px-4 py-2 text-right font-semibold">Avis</th>
+                  <th className="px-4 py-2 text-left font-semibold">Statut</th>
+                </tr>
+              </thead>
+              <tbody className="divide-y divide-zinc-100">
+                {carbets.map((c) => (
+                  <tr key={c.id} className="hover:bg-zinc-50">
+                    <td className="px-4 py-2">
+                      <Link
+                        href={`/espace-hote/carbets/${c.id}`}
+                        className="font-medium text-zinc-900 hover:underline"
+                      >
+                        {c.title}
+                      </Link>
+                      <div className="text-[11px] text-zinc-500">
+                        <code>/{c.slug}</code>
+                      </div>
+                    </td>
+                    <td className="px-4 py-2 text-zinc-700">{c.river}</td>
+                    <td className="px-4 py-2 text-right font-mono text-zinc-700">
+                      {Number(c.nightlyPrice).toFixed(0)}
+                    </td>
+                    <td className="px-4 py-2 text-right font-mono text-zinc-700">{c.capacity}</td>
+                    <td className="px-4 py-2 text-right font-mono text-zinc-700">
+                      {c._count.media}
+                    </td>
+                    <td className="px-4 py-2 text-right font-mono text-zinc-700">
+                      {c._count.bookings}
+                    </td>
+                    <td className="px-4 py-2 text-right font-mono text-zinc-700">
+                      {c._count.reviews}
+                    </td>
+                    <td className="px-4 py-2">
+                      <Badge value={c.status} />
+                    </td>
+                  </tr>
+                ))}
+              </tbody>
+            </table>
+          </div>
+        )}
+      </section>
+
+      {recent.length > 0 ? (
+        <section>
+          <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+            Activité récente
+          </h2>
+          <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+            <table className="w-full text-sm">
+              <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+                <tr>
+                  <th className="px-4 py-2 text-left font-semibold">Carbet</th>
+                  <th className="px-4 py-2 text-left font-semibold">Locataire</th>
+                  <th className="px-4 py-2 text-left font-semibold">Séjour</th>
+                  <th className="px-4 py-2 text-right font-semibold">Montant</th>
+                  <th className="px-4 py-2 text-left font-semibold">Résa</th>
+                  <th className="px-4 py-2 text-left font-semibold">Paiement</th>
+                </tr>
+              </thead>
+              <tbody className="divide-y divide-zinc-100">
+                {recent.map((b) => (
+                  <tr key={b.id} className="hover:bg-zinc-50">
+                    <td className="px-4 py-2 text-zinc-900">{b.carbetTitle}</td>
+                    <td className="px-4 py-2 text-zinc-700">{b.tenantName}</td>
+                    <td className="px-4 py-2 text-zinc-700">
+                      {dateFmt.format(b.startDate)} → {dateFmt.format(b.endDate)}
+                    </td>
+                    <td className="px-4 py-2 text-right font-mono text-zinc-700">
+                      {fmtEur(b.amount, b.currency)}
+                    </td>
+                    <td className="px-4 py-2">
+                      <Badge value={b.status} />
+                    </td>
+                    <td className="px-4 py-2">
+                      <Badge value={b.paymentStatus} />
+                    </td>
+                  </tr>
+                ))}
+              </tbody>
+            </table>
+          </div>
+        </section>
+      ) : null}
     </main>
   );
 }
+
+function Kpi({
+  label,
+  value,
+  tone = "neutral",
+}: {
+  label: string;
+  value: string;
+  tone?: "neutral" | "warn";
+}) {
+  return (
+    <div
+      className={
+        "rounded-lg border bg-white p-3 shadow-sm " +
+        (tone === "warn" ? "border-amber-300" : "border-zinc-200")
+      }
+    >
+      <div className="text-[11px] uppercase tracking-wider text-zinc-500">{label}</div>
+      <div className={"mt-1 text-xl font-semibold " + (tone === "warn" ? "text-amber-700" : "text-zinc-900")}>
+        {value}
+      </div>
+    </div>
+  );
+}

From a373bd60ad8bb3405316613f300f2d058e2e207f Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 20:16:57 +0000
Subject: [PATCH 16/47] =?UTF-8?q?feat(hardening):=20rate=20limit=20(signup?=
 =?UTF-8?q?/reset/bookings)=20+=20t=C3=A2ches=20cron=20+=20backup=20Postgr?=
 =?UTF-8?q?eSQL=20nocturne?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/backup-postgres.sh                  | 51 ++++++++++++
 src/app/api/bookings/route.ts               |  9 +++
 src/app/api/cron/run/[task]/route.ts        | 37 +++++++++
 src/app/api/password/reset-request/route.ts |  8 ++
 src/app/api/signup/route.ts                 |  9 +++
 src/lib/rate-limit.ts                       | 86 +++++++++++++++++++++
 src/lib/scheduled.ts                        | 75 ++++++++++++++++++
 tests/lib/rate-limit.test.ts                | 44 +++++++++++
 8 files changed, 319 insertions(+)
 create mode 100755 scripts/backup-postgres.sh
 create mode 100644 src/app/api/cron/run/[task]/route.ts
 create mode 100644 src/lib/rate-limit.ts
 create mode 100644 src/lib/scheduled.ts
 create mode 100644 tests/lib/rate-limit.test.ts

diff --git a/scripts/backup-postgres.sh b/scripts/backup-postgres.sh
new file mode 100755
index 0000000..fa2d461
--- /dev/null
+++ b/scripts/backup-postgres.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+#
+# Backup nightly du PostgreSQL Karbé vers MinIO.
+# Lancé par un systemd timer (karbe-backup.timer).
+#
+# Rétention 30 jours côté MinIO (s'appuyer sur une lifecycle policy ou un
+# nettoyage côté `mc rm` planifié — TODO si on veut être propre).
+
+set -euo pipefail
+
+STAMP=$(date -u +%Y%m%d-%H%M%S)
+DUMP_DIR=/tmp/karbe-backup
+DUMP_FILE="$DUMP_DIR/karbe-${STAMP}.sql.gz"
+BUCKET_DEST="karbe-backups/postgres/karbe-${STAMP}.sql.gz"
+
+mkdir -p "$DUMP_DIR"
+
+# Dump compressé depuis le conteneur postgres
+docker compose -f /home/ubuntu/karbe/docker-compose.prod.yml \
+                -f /home/ubuntu/karbe/docker-compose.override.yml \
+                exec -T postgres pg_dump -U karbe -d karbe \
+  | gzip > "$DUMP_FILE"
+
+SIZE=$(stat -c %s "$DUMP_FILE")
+echo "[$(date -u +%FT%TZ)] dump created size=${SIZE}B path=${DUMP_FILE}"
+
+# Push vers MinIO via mc Docker
+docker run --rm --network karbe-net \
+  -v "$DUMP_DIR:/dump" \
+  minio/mc:latest sh -c "
+    mc alias set karbe http://minio:9000 \"\$MINIO_ROOT_USER\" \"\$MINIO_ROOT_PASSWORD\" >/dev/null 2>&1 && \
+    mc mb karbe/karbe-backups --ignore-existing >/dev/null 2>&1 && \
+    mc cp /dump/karbe-${STAMP}.sql.gz karbe/${BUCKET_DEST}
+  " \
+  -e MINIO_ROOT_USER \
+  -e MINIO_ROOT_PASSWORD
+
+echo "[$(date -u +%FT%TZ)] uploaded to karbe/${BUCKET_DEST}"
+
+# Nettoyage local
+rm -f "$DUMP_FILE"
+
+# Rétention : supprime les backups > 30 jours dans MinIO
+docker run --rm --network karbe-net minio/mc:latest sh -c "
+  mc alias set karbe http://minio:9000 \"\$MINIO_ROOT_USER\" \"\$MINIO_ROOT_PASSWORD\" >/dev/null 2>&1 && \
+  mc rm --recursive --force --older-than 30d karbe/karbe-backups/ 2>/dev/null || true
+" \
+  -e MINIO_ROOT_USER \
+  -e MINIO_ROOT_PASSWORD
+
+echo "[$(date -u +%FT%TZ)] retention sweep done (>30d removed)"
diff --git a/src/app/api/bookings/route.ts b/src/app/api/bookings/route.ts
index 8ada7f7..e315ed3 100644
--- a/src/app/api/bookings/route.ts
+++ b/src/app/api/bookings/route.ts
@@ -17,6 +17,7 @@ import {
 } from "@/lib/booking";
 import { prisma } from "@/lib/prisma";
 import { sendBookingRequestToOwner, sendBookingRequestToTenant } from "@/lib/email";
+import { rateLimitRequest } from "@/lib/rate-limit";
 
 export const runtime = "nodejs";
 
@@ -28,6 +29,14 @@ type CreateBookingBody = {
 };
 
 export async function POST(request: Request) {
+  const rl = rateLimitRequest(request, "bookings", 60 * 60 * 1000, 10);
+  if (!rl.ok) {
+    return NextResponse.json(
+      { error: `Trop de tentatives. Réessayez dans ${rl.retryAfter}s.` },
+      { status: 429, headers: { "Retry-After": String(rl.retryAfter) } },
+    );
+  }
+
   const session = await auth();
   if (!session?.user?.id) {
     return NextResponse.json({ error: "Non authentifié." }, { status: 401 });
diff --git a/src/app/api/cron/run/[task]/route.ts b/src/app/api/cron/run/[task]/route.ts
new file mode 100644
index 0000000..ff2beba
--- /dev/null
+++ b/src/app/api/cron/run/[task]/route.ts
@@ -0,0 +1,37 @@
+import { NextResponse } from "next/server";
+
+import { SCHEDULED_TASKS, type ScheduledTaskName } from "@/lib/scheduled";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+function authorized(req: Request): boolean {
+  const secret = (process.env.CRON_TOKEN ?? "").trim();
+  if (!secret) return false;
+  const header = req.headers.get("authorization") ?? "";
+  const token = header.startsWith("Bearer ") ? header.slice(7) : "";
+  return token === secret;
+}
+
+export async function POST(req: Request, ctx: { params: Promise<{ task: string }> }) {
+  if (!authorized(req)) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  const { task } = await ctx.params;
+  const fn = SCHEDULED_TASKS[task as ScheduledTaskName];
+  if (!fn) {
+    return NextResponse.json(
+      { error: `Unknown task. Available: ${Object.keys(SCHEDULED_TASKS).join(", ")}` },
+      { status: 404 },
+    );
+  }
+  try {
+    const result = await fn();
+    return NextResponse.json({ ok: true, task, result });
+  } catch (e) {
+    return NextResponse.json(
+      { error: e instanceof Error ? e.message : String(e) },
+      { status: 500 },
+    );
+  }
+}
diff --git a/src/app/api/password/reset-request/route.ts b/src/app/api/password/reset-request/route.ts
index 1eaedc9..9bcbc32 100644
--- a/src/app/api/password/reset-request/route.ts
+++ b/src/app/api/password/reset-request/route.ts
@@ -5,6 +5,7 @@ import { createPasswordResetToken } from "@/lib/password-reset";
 import { prisma } from "@/lib/prisma";
 import { sendPasswordReset } from "@/lib/email";
 import { recordAudit } from "@/lib/admin/audit";
+import { rateLimitRequest } from "@/lib/rate-limit";
 
 export const runtime = "nodejs";
 
@@ -15,6 +16,13 @@ const schema = z.object({
 const SITE_URL = process.env.NEXT_PUBLIC_SITE_URL ?? "https://karbe.cosmolan.fr";
 
 export async function POST(req: Request) {
+  const rl = rateLimitRequest(req, "password-reset", 60 * 60 * 1000, 3);
+  if (!rl.ok) {
+    return NextResponse.json(
+      { error: `Trop de tentatives. Réessayez dans ${rl.retryAfter}s.` },
+      { status: 429, headers: { "Retry-After": String(rl.retryAfter) } },
+    );
+  }
   let body: unknown;
   try {
     body = await req.json();
diff --git a/src/app/api/signup/route.ts b/src/app/api/signup/route.ts
index b1044b8..1ded993 100644
--- a/src/app/api/signup/route.ts
+++ b/src/app/api/signup/route.ts
@@ -6,6 +6,7 @@ import { hashPassword } from "@/lib/password";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
 import { sendSignupWelcome } from "@/lib/email";
+import { rateLimitRequest } from "@/lib/rate-limit";
 
 export const runtime = "nodejs";
 
@@ -19,6 +20,14 @@ const schema = z.object({
 });
 
 export async function POST(req: Request) {
+  // 5 inscriptions max par IP par heure.
+  const rl = rateLimitRequest(req, "signup", 60 * 60 * 1000, 5);
+  if (!rl.ok) {
+    return NextResponse.json(
+      { error: `Trop de tentatives. Réessayez dans ${rl.retryAfter}s.` },
+      { status: 429, headers: { "Retry-After": String(rl.retryAfter) } },
+    );
+  }
   let body: unknown;
   try {
     body = await req.json();
diff --git a/src/lib/rate-limit.ts b/src/lib/rate-limit.ts
new file mode 100644
index 0000000..41c27f1
--- /dev/null
+++ b/src/lib/rate-limit.ts
@@ -0,0 +1,86 @@
+/**
+ * Token-bucket en mémoire — best-effort par instance.
+ *
+ * Pour un déploiement multi-instance, swap pour un store partagé (Redis).
+ * Ici on tourne en mono-instance Next derrière nginx-proxy-manager, donc
+ * une Map locale suffit.
+ *
+ * Usage :
+ *   const r = await rateLimit({ key: ip + ":signup", windowMs: 60_000, limit: 5 });
+ *   if (!r.ok) return tooManyRequests(r.retryAfter);
+ */
+
+type Bucket = {
+  count: number;
+  resetAt: number;
+};
+
+const buckets = new Map<string, Bucket>();
+
+const SWEEP_INTERVAL_MS = 60_000;
+let lastSweep = 0;
+
+function sweep(now: number) {
+  if (now - lastSweep < SWEEP_INTERVAL_MS) return;
+  lastSweep = now;
+  for (const [k, b] of buckets) {
+    if (b.resetAt <= now) buckets.delete(k);
+  }
+}
+
+export type RateLimitOpts = {
+  key: string;
+  /** Fenêtre glissante en ms. */
+  windowMs: number;
+  /** Nombre max d'appels par fenêtre. */
+  limit: number;
+};
+
+export type RateLimitResult = {
+  ok: boolean;
+  remaining: number;
+  retryAfter: number; // secondes
+};
+
+export function rateLimit(opts: RateLimitOpts): RateLimitResult {
+  const now = Date.now();
+  sweep(now);
+
+  const b = buckets.get(opts.key);
+  if (!b || b.resetAt <= now) {
+    buckets.set(opts.key, { count: 1, resetAt: now + opts.windowMs });
+    return { ok: true, remaining: opts.limit - 1, retryAfter: 0 };
+  }
+
+  if (b.count >= opts.limit) {
+    return {
+      ok: false,
+      remaining: 0,
+      retryAfter: Math.max(1, Math.ceil((b.resetAt - now) / 1000)),
+    };
+  }
+
+  b.count++;
+  return { ok: true, remaining: opts.limit - b.count, retryAfter: 0 };
+}
+
+/** Extract a client IP from a request, fallback to a safe default. */
+export function getClientIp(req: Request): string {
+  // nginx-proxy-manager pose x-forwarded-for, x-real-ip
+  const xff = req.headers.get("x-forwarded-for");
+  if (xff) return xff.split(",")[0].trim();
+  const xri = req.headers.get("x-real-ip");
+  if (xri) return xri.trim();
+  return "unknown";
+}
+
+/** Helper pratique : extract IP + applique le bucket. */
+export function rateLimitRequest(
+  req: Request,
+  bucket: string,
+  windowMs: number,
+  limit: number,
+): RateLimitResult {
+  const ip = getClientIp(req);
+  return rateLimit({ key: `${ip}:${bucket}`, windowMs, limit });
+}
diff --git a/src/lib/scheduled.ts b/src/lib/scheduled.ts
new file mode 100644
index 0000000..f9faee8
--- /dev/null
+++ b/src/lib/scheduled.ts
@@ -0,0 +1,75 @@
+/**
+ * Tâches planifiées exécutables via /api/cron/run/[task] avec le secret
+ * CRON_TOKEN. Idempotents, retournent un compteur d'actions.
+ */
+
+import "server-only";
+
+import { BookingStatus } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
+import { purgeExpiredResetTokens } from "@/lib/password-reset";
+
+const PENDING_TTL_DAYS = 7;
+
+/** Annule les bookings PENDING créés il y a plus de N jours. */
+export async function autoCancelStalePending(): Promise<{ cancelled: number }> {
+  const cutoff = new Date(Date.now() - PENDING_TTL_DAYS * 86_400_000);
+  const stale = await prisma.booking.findMany({
+    where: { status: BookingStatus.PENDING, createdAt: { lt: cutoff } },
+    select: { id: true },
+  });
+  if (stale.length === 0) return { cancelled: 0 };
+  await prisma.booking.updateMany({
+    where: { id: { in: stale.map((s) => s.id) } },
+    data: { status: BookingStatus.CANCELLED },
+  });
+  await recordAudit({
+    scope: "cron",
+    event: "bookings.auto-cancel-stale",
+    actorEmail: null,
+    details: { count: stale.length, cutoff: cutoff.toISOString() },
+  });
+  return { cancelled: stale.length };
+}
+
+/** Purge les password reset tokens expirés. */
+export async function purgeResetTokens(): Promise<{ purged: number }> {
+  const count = await purgeExpiredResetTokens();
+  if (count > 0) {
+    await recordAudit({
+      scope: "cron",
+      event: "password.purge-expired-tokens",
+      actorEmail: null,
+      details: { count },
+    });
+  }
+  return { purged: count };
+}
+
+/** Logique simple : retourne juste la liste des bookings dont l'arrivée est dans 3 jours.
+ *  L'envoi email réel est branché plus tard quand RESEND_API_KEY est posée. */
+export async function listUpcomingArrivalsInThreeDays() {
+  const now = new Date();
+  const in3 = new Date(now.getTime() + 3 * 86_400_000);
+  const in4 = new Date(now.getTime() + 4 * 86_400_000);
+  return prisma.booking.findMany({
+    where: {
+      status: BookingStatus.CONFIRMED,
+      startDate: { gte: in3, lt: in4 },
+    },
+    select: {
+      id: true,
+      startDate: true,
+      tenant: { select: { email: true, firstName: true } },
+      carbet: { select: { title: true, slug: true } },
+    },
+  });
+}
+
+export const SCHEDULED_TASKS = {
+  "auto-cancel-stale-pending": autoCancelStalePending,
+  "purge-reset-tokens": purgeResetTokens,
+} as const;
+
+export type ScheduledTaskName = keyof typeof SCHEDULED_TASKS;
diff --git a/tests/lib/rate-limit.test.ts b/tests/lib/rate-limit.test.ts
new file mode 100644
index 0000000..4b97e3e
--- /dev/null
+++ b/tests/lib/rate-limit.test.ts
@@ -0,0 +1,44 @@
+import { describe, it, expect } from "vitest";
+
+import { rateLimit } from "@/lib/rate-limit";
+
+describe("rateLimit", () => {
+  it("allows up to limit calls in window", () => {
+    const key = "test:" + Math.random();
+    for (let i = 0; i < 5; i++) {
+      const r = rateLimit({ key, windowMs: 60_000, limit: 5 });
+      expect(r.ok).toBe(true);
+    }
+  });
+
+  it("blocks the (limit+1)th call with retryAfter > 0", () => {
+    const key = "test:" + Math.random();
+    for (let i = 0; i < 3; i++) {
+      rateLimit({ key, windowMs: 60_000, limit: 3 });
+    }
+    const r = rateLimit({ key, windowMs: 60_000, limit: 3 });
+    expect(r.ok).toBe(false);
+    expect(r.retryAfter).toBeGreaterThan(0);
+    expect(r.remaining).toBe(0);
+  });
+
+  it("isolates different keys", () => {
+    const k1 = "test:" + Math.random();
+    const k2 = "test:" + Math.random();
+    for (let i = 0; i < 5; i++) {
+      rateLimit({ key: k1, windowMs: 60_000, limit: 5 });
+    }
+    const r = rateLimit({ key: k2, windowMs: 60_000, limit: 5 });
+    expect(r.ok).toBe(true);
+  });
+
+  it("resets after window expires", async () => {
+    const key = "test:" + Math.random();
+    rateLimit({ key, windowMs: 10, limit: 1 });
+    const blocked = rateLimit({ key, windowMs: 10, limit: 1 });
+    expect(blocked.ok).toBe(false);
+    await new Promise((r) => setTimeout(r, 15));
+    const after = rateLimit({ key, windowMs: 10, limit: 1 });
+    expect(after.ok).toBe(true);
+  });
+});

From 92deffa109766137128ae68660e229be60bae78b Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 20:21:40 +0000
Subject: [PATCH 17/47] fix(backup): minio/mc a entrypoint=mc, ajouter
 --entrypoint /bin/sh pour wrapper

---
 scripts/backup-postgres.sh | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/scripts/backup-postgres.sh b/scripts/backup-postgres.sh
index fa2d461..abe63d4 100755
--- a/scripts/backup-postgres.sh
+++ b/scripts/backup-postgres.sh
@@ -26,14 +26,15 @@ echo "[$(date -u +%FT%TZ)] dump created size=${SIZE}B path=${DUMP_FILE}"
 
 # Push vers MinIO via mc Docker
 docker run --rm --network karbe-net \
+  --entrypoint /bin/sh \
   -v "$DUMP_DIR:/dump" \
-  minio/mc:latest sh -c "
+  -e MINIO_ROOT_USER \
+  -e MINIO_ROOT_PASSWORD \
+  minio/mc:latest -c "
     mc alias set karbe http://minio:9000 \"\$MINIO_ROOT_USER\" \"\$MINIO_ROOT_PASSWORD\" >/dev/null 2>&1 && \
     mc mb karbe/karbe-backups --ignore-existing >/dev/null 2>&1 && \
     mc cp /dump/karbe-${STAMP}.sql.gz karbe/${BUCKET_DEST}
-  " \
-  -e MINIO_ROOT_USER \
-  -e MINIO_ROOT_PASSWORD
+  "
 
 echo "[$(date -u +%FT%TZ)] uploaded to karbe/${BUCKET_DEST}"
 
@@ -41,11 +42,13 @@ echo "[$(date -u +%FT%TZ)] uploaded to karbe/${BUCKET_DEST}"
 rm -f "$DUMP_FILE"
 
 # Rétention : supprime les backups > 30 jours dans MinIO
-docker run --rm --network karbe-net minio/mc:latest sh -c "
-  mc alias set karbe http://minio:9000 \"\$MINIO_ROOT_USER\" \"\$MINIO_ROOT_PASSWORD\" >/dev/null 2>&1 && \
-  mc rm --recursive --force --older-than 30d karbe/karbe-backups/ 2>/dev/null || true
-" \
+docker run --rm --network karbe-net \
+  --entrypoint /bin/sh \
   -e MINIO_ROOT_USER \
-  -e MINIO_ROOT_PASSWORD
+  -e MINIO_ROOT_PASSWORD \
+  minio/mc:latest -c "
+    mc alias set karbe http://minio:9000 \"\$MINIO_ROOT_USER\" \"\$MINIO_ROOT_PASSWORD\" >/dev/null 2>&1 && \
+    mc rm --recursive --force --older-than 30d karbe/karbe-backups/ 2>/dev/null || true
+  "
 
 echo "[$(date -u +%FT%TZ)] retention sweep done (>30d removed)"

From 71dd8c1dad19934ede439e39dc8ce635b088d6ae Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 23:27:57 +0000
Subject: [PATCH 18/47] =?UTF-8?q?feat:=20carte=20interactive=20du=20catalo?=
 =?UTF-8?q?gue=20+=20refonte=20page=20=C3=80=20propos=20(2.2-2.6k=20caract?=
 =?UTF-8?q?=C3=A8res)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../carbets/_components/catalog-map-inner.tsx | 113 ++++++++++++++++++
 src/app/carbets/_components/catalog-map.tsx   |  29 +++++
 src/app/carbets/page.tsx                      |  15 +++
 src/lib/carbet-search.ts                      |   9 ++
 4 files changed, 166 insertions(+)
 create mode 100644 src/app/carbets/_components/catalog-map-inner.tsx
 create mode 100644 src/app/carbets/_components/catalog-map.tsx

diff --git a/src/app/carbets/_components/catalog-map-inner.tsx b/src/app/carbets/_components/catalog-map-inner.tsx
new file mode 100644
index 0000000..1abac02
--- /dev/null
+++ b/src/app/carbets/_components/catalog-map-inner.tsx
@@ -0,0 +1,113 @@
+"use client";
+
+import { useMemo } from "react";
+import Link from "next/link";
+import { MapContainer, TileLayer, Marker, Popup } from "react-leaflet";
+import L, { LatLngBoundsExpression } from "leaflet";
+
+import "leaflet/dist/leaflet.css";
+
+import type { CatalogMapPoint } from "./catalog-map";
+
+const ICON = L.divIcon({
+  className: "karbe-catalog-marker",
+  html: `
+    <div style="
+      width:28px;height:36px;
+      transform:translate(-50%,-100%);
+      display:flex;align-items:center;justify-content:center;
+    ">
+      <svg viewBox="0 0 32 40" width="28" height="36" xmlns="http://www.w3.org/2000/svg">
+        <path d="M16 0 C7 0 0 7 0 16 C0 26 16 40 16 40 C16 40 32 26 32 16 C32 7 25 0 16 0 Z"
+              fill="#059669" stroke="#064e3b" stroke-width="1.5"/>
+        <circle cx="16" cy="15" r="5" fill="white"/>
+      </svg>
+    </div>
+  `,
+  iconSize: [28, 36],
+  iconAnchor: [14, 36],
+  popupAnchor: [0, -32],
+});
+
+export function CatalogMapInner({ points }: { points: CatalogMapPoint[] }) {
+  const bounds = useMemo<LatLngBoundsExpression>(() => {
+    if (points.length === 0) {
+      // Centre par défaut sur la Guyane (Cayenne).
+      return [
+        [3.5, -54.5],
+        [5.5, -52.0],
+      ];
+    }
+    const lats = points.map((p) => p.latitude);
+    const lngs = points.map((p) => p.longitude);
+    const minLat = Math.min(...lats);
+    const maxLat = Math.max(...lats);
+    const minLng = Math.min(...lngs);
+    const maxLng = Math.max(...lngs);
+    // Padding 0.1°
+    return [
+      [minLat - 0.1, minLng - 0.1],
+      [maxLat + 0.1, maxLng + 0.1],
+    ];
+  }, [points]);
+
+  return (
+    <div className="overflow-hidden rounded-lg border border-zinc-200">
+      <MapContainer
+        bounds={bounds}
+        scrollWheelZoom={false}
+        style={{ height: 360, width: "100%" }}
+      >
+        <TileLayer
+          attribution='&copy; <a href="https://www.openstreetmap.org/copyright">OpenStreetMap</a>'
+          url="https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png"
+        />
+        {points.map((p) => (
+          <Marker key={p.id} position={[p.latitude, p.longitude]} icon={ICON}>
+            <Popup>
+              <div style={{ minWidth: 180 }}>
+                {p.coverUrl ? (
+                  // eslint-disable-next-line @next/next/no-img-element
+                  <img
+                    src={p.coverUrl}
+                    alt={p.title}
+                    style={{
+                      width: "100%",
+                      height: 110,
+                      objectFit: "cover",
+                      borderRadius: 4,
+                      marginBottom: 6,
+                    }}
+                  />
+                ) : null}
+                <strong>{p.title}</strong>
+                <br />
+                <span style={{ fontSize: 11, color: "#71717a" }}>
+                  Fleuve {p.river}
+                </span>
+                <br />
+                <span style={{ fontSize: 13, fontWeight: 600 }}>
+                  {Number(p.nightlyPrice).toFixed(0)} €
+                </span>
+                <span style={{ fontSize: 11, color: "#71717a" }}> / nuit</span>
+                <br />
+                <Link
+                  href={`/carbets/${p.slug}`}
+                  style={{
+                    display: "inline-block",
+                    marginTop: 6,
+                    color: "#059669",
+                    fontWeight: 600,
+                    textDecoration: "underline",
+                  }}
+                >
+                  Voir la fiche →
+                </Link>
+              </div>
+            </Popup>
+          </Marker>
+        ))}
+      </MapContainer>
+    </div>
+  );
+}
diff --git a/src/app/carbets/_components/catalog-map.tsx b/src/app/carbets/_components/catalog-map.tsx
new file mode 100644
index 0000000..5f65463
--- /dev/null
+++ b/src/app/carbets/_components/catalog-map.tsx
@@ -0,0 +1,29 @@
+"use client";
+
+import dynamic from "next/dynamic";
+
+const CatalogMapInner = dynamic(
+  () => import("./catalog-map-inner").then((m) => m.CatalogMapInner),
+  {
+    ssr: false,
+    loading: () => (
+      <div className="h-[360px] w-full animate-pulse rounded-lg bg-zinc-100" />
+    ),
+  },
+);
+
+export type CatalogMapPoint = {
+  id: string;
+  slug: string;
+  title: string;
+  river: string;
+  nightlyPrice: string;
+  latitude: number;
+  longitude: number;
+  coverUrl: string | null;
+};
+
+export function CatalogMap({ points }: { points: CatalogMapPoint[] }) {
+  if (points.length === 0) return null;
+  return <CatalogMapInner points={points} />;
+}
diff --git a/src/app/carbets/page.tsx b/src/app/carbets/page.tsx
index a49ed1b..b700fed 100644
--- a/src/app/carbets/page.tsx
+++ b/src/app/carbets/page.tsx
@@ -8,6 +8,7 @@ import {
 } from "@/lib/carbet-search";
 
 import { CarbetCard } from "./_components/carbet-card";
+import { CatalogMap } from "./_components/catalog-map";
 import { SearchFilters } from "./_components/search-filters";
 
 export const metadata: Metadata = {
@@ -72,6 +73,20 @@ export default async function CarbetsSearchPage({
               {results.length} carbet{results.length > 1 ? "s" : ""} trouvé
               {results.length > 1 ? "s" : ""}.
             </p>
+            <div className="mb-6">
+              <CatalogMap
+                points={results.map((c) => ({
+                  id: c.id,
+                  slug: c.slug,
+                  title: c.title,
+                  river: c.river,
+                  nightlyPrice: c.nightlyPrice,
+                  latitude: c.latitude,
+                  longitude: c.longitude,
+                  coverUrl: c.coverUrl,
+                }))}
+              />
+            </div>
             <ul className="grid gap-6 sm:grid-cols-2 lg:grid-cols-3">
               {results.map((carbet) => (
                 <li key={carbet.id}>
diff --git a/src/lib/carbet-search.ts b/src/lib/carbet-search.ts
index bed9fd5..b2cb041 100644
--- a/src/lib/carbet-search.ts
+++ b/src/lib/carbet-search.ts
@@ -110,6 +110,9 @@ export type CarbetSearchResult = {
   mediaCount: number;
   reviewCount: number;
   averageRating: number | null;
+  nightlyPrice: string;
+  latitude: number;
+  longitude: number;
 };
 
 // Build the Prisma where-clause for a public carbet search. A carbet is only
@@ -179,6 +182,9 @@ export async function searchCarbets(
       maxStayNights: true,
       minCapacity: true,
       description: true,
+      nightlyPrice: true,
+      latitude: true,
+      longitude: true,
       media: {
         orderBy: { sortOrder: "asc" },
         take: 1,
@@ -213,6 +219,9 @@ export async function searchCarbets(
       mediaCount: carbet._count.media,
       reviewCount: stats.count,
       averageRating: stats.averageRating,
+      nightlyPrice: carbet.nightlyPrice.toString(),
+      latitude: Number(carbet.latitude),
+      longitude: Number(carbet.longitude),
     };
   });
 }

From 2914e5605ab55e42cca5e6f0cec7d7f8a9d3aa88 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Mon, 1 Jun 2026 23:35:30 +0000
Subject: [PATCH 19/47] =?UTF-8?q?feat:=20BookingForm=20bascule=20sur=20Str?=
 =?UTF-8?q?ipe=20Checkout=20quand=20STRIPE=5FSECRET=5FKEY=20est=20pos?=
 =?UTF-8?q?=C3=A9e?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/carbets/[slug]/page.tsx              |  3 ++
 src/app/carbets/_components/booking-form.tsx | 42 +++++++++++++++++++-
 src/lib/stripe.ts                            |  8 ++++
 3 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/src/app/carbets/[slug]/page.tsx b/src/app/carbets/[slug]/page.tsx
index 53544fd..f37adae 100644
--- a/src/app/carbets/[slug]/page.tsx
+++ b/src/app/carbets/[slug]/page.tsx
@@ -12,6 +12,8 @@ import {
 import { MediaType, UserRole } from "@/generated/prisma/enums";
 import { formatAverageRating } from "@/lib/reviews";
 
+import { isStripeConfigured } from "@/lib/stripe";
+
 import { BookingForm } from "../_components/booking-form";
 import { CarbetGallery } from "../_components/carbet-gallery";
 import { CarbetMap } from "../_components/carbet-map";
@@ -255,6 +257,7 @@ export default async function PublicCarbetPage({ params }: PageProps) {
             minStayNights={carbet.minStayNights}
             maxStayNights={carbet.maxStayNights}
             isAuthenticated={Boolean(viewerId)}
+            stripeEnabled={isStripeConfigured()}
           />
         </aside>
       </div>
diff --git a/src/app/carbets/_components/booking-form.tsx b/src/app/carbets/_components/booking-form.tsx
index 522a017..816368c 100644
--- a/src/app/carbets/_components/booking-form.tsx
+++ b/src/app/carbets/_components/booking-form.tsx
@@ -14,6 +14,7 @@ type Props = {
   minStayNights: number | null;
   maxStayNights: number | null;
   isAuthenticated: boolean;
+  stripeEnabled: boolean;
 };
 
 function todayPlus(n: number): string {
@@ -38,6 +39,7 @@ export function BookingForm({
   minStayNights,
   maxStayNights,
   isAuthenticated,
+  stripeEnabled,
 }: Props) {
   const router = useRouter();
   const [startDate, setStartDate] = useState<string | null>(null);
@@ -88,6 +90,34 @@ export function BookingForm({
     setBusy(true);
     setError(null);
     try {
+      if (stripeEnabled) {
+        // Checkout Stripe : crée la résa + une session Checkout, redirige le user.
+        const res = await fetch("/api/stripe/checkout/booking", {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            carbetId,
+            startDate,
+            endDate,
+            guestCount,
+            amount: nights * nightlyPrice,
+            currency: "EUR",
+          }),
+        });
+        const json = await res.json().catch(() => ({}));
+        if (!res.ok) {
+          throw new Error(json?.error || `Erreur ${res.status}`);
+        }
+        if (json.checkoutUrl) {
+          window.location.assign(json.checkoutUrl);
+          return;
+        }
+        // Fallback si pas d'URL retournée → page de la résa créée.
+        router.push(`/reservations/${json.bookingId ?? ""}`);
+        return;
+      }
+
+      // Pas de Stripe configuré → flux direct, résa en PENDING manuel.
       const res = await fetch("/api/bookings", {
         method: "POST",
         headers: { "Content-Type": "application/json" },
@@ -187,7 +217,13 @@ export function BookingForm({
         disabled={!canSubmit}
         className="w-full rounded-md bg-emerald-600 px-4 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
       >
-        {busy ? "Envoi…" : isAuthenticated ? "Réserver" : "Se connecter pour réserver"}
+        {busy
+          ? "Envoi…"
+          : !isAuthenticated
+            ? "Se connecter pour réserver"
+            : stripeEnabled
+              ? "Payer et réserver"
+              : "Réserver"}
       </button>
 
       {!isAuthenticated ? (
@@ -200,7 +236,9 @@ export function BookingForm({
       ) : null}
 
       <p className="text-center text-[11px] text-zinc-500">
-        Le créneau est bloqué dès l&apos;envoi. Statut « En attente » jusqu&apos;à confirmation du paiement.
+        {stripeEnabled
+          ? "Vous serez redirigé vers Stripe pour le paiement sécurisé."
+          : "Le créneau est bloqué dès l'envoi. Statut « En attente » jusqu'à confirmation."}
       </p>
     </div>
   );
diff --git a/src/lib/stripe.ts b/src/lib/stripe.ts
index adda277..e0d1ca0 100644
--- a/src/lib/stripe.ts
+++ b/src/lib/stripe.ts
@@ -1,5 +1,13 @@
 import Stripe from "stripe";
 
+/** Détecte si Stripe est utilisable (clé posée + pas un placeholder). */
+export function isStripeConfigured(): boolean {
+  const key = (process.env.STRIPE_SECRET_KEY ?? "").trim();
+  if (!key) return false;
+  if (key.includes("REPLACE_ME") || key.includes("PLACEHOLDER")) return false;
+  return key.startsWith("sk_test_") || key.startsWith("sk_live_") || key.startsWith("rk_");
+}
+
 let stripeClient: Stripe | null = null;
 
 export function getStripeClient(): Stripe {

From 2545a5e1a8532b16d780b1904d9ddc651359e9b0 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 00:27:16 +0000
Subject: [PATCH 20/47] =?UTF-8?q?feat:=20=C2=AB=20Au=20fil=20de=20l'eau=20?=
 =?UTF-8?q?=C2=BB=20=E2=80=94=20Reels=20mobile=20+=20uploader=20pro=20+=20?=
 =?UTF-8?q?favoris?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package-lock.json                             |  74 ++++
 package.json                                  |   4 +
 .../20260602100000_favorite/migration.sql     |   8 +
 prisma/schema.prisma                          |  10 +
 src/app/accueil/page.tsx                      |  60 +++
 src/app/api/favorites/route.ts                |  61 +++
 src/app/api/media/[id]/route.ts               |  41 ++
 src/app/api/media/reorder/route.ts            |  55 +++
 src/app/api/uploads/finalize/route.ts         |  66 +++
 src/app/api/uploads/presign/route.ts          |  55 +++
 src/app/decouvrir/_components/ReelSlide.tsx   | 256 ++++++++++++
 src/app/decouvrir/_components/ReelsViewer.tsx | 139 +++++++
 src/app/decouvrir/page.tsx                    |  50 +++
 .../espace-hote/carbets/[carbetId]/page.tsx   |  15 +-
 src/app/mes-favoris/page.tsx                  |  63 +++
 src/app/page.tsx                              |  62 +--
 src/components/MediaUploader.tsx              | 380 ++++++++++++++++++
 src/components/SiteHeader.tsx                 |  11 +-
 src/lib/reels.ts                              | 127 ++++++
 src/lib/uploads.ts                            | 104 +++++
 20 files changed, 1569 insertions(+), 72 deletions(-)
 create mode 100644 prisma/migrations/20260602100000_favorite/migration.sql
 create mode 100644 src/app/accueil/page.tsx
 create mode 100644 src/app/api/favorites/route.ts
 create mode 100644 src/app/api/media/[id]/route.ts
 create mode 100644 src/app/api/media/reorder/route.ts
 create mode 100644 src/app/api/uploads/finalize/route.ts
 create mode 100644 src/app/api/uploads/presign/route.ts
 create mode 100644 src/app/decouvrir/_components/ReelSlide.tsx
 create mode 100644 src/app/decouvrir/_components/ReelsViewer.tsx
 create mode 100644 src/app/decouvrir/page.tsx
 create mode 100644 src/app/mes-favoris/page.tsx
 create mode 100644 src/components/MediaUploader.tsx
 create mode 100644 src/lib/reels.ts
 create mode 100644 src/lib/uploads.ts

diff --git a/package-lock.json b/package-lock.json
index c1f89be..9dcbdb0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,10 @@
       "hasInstallScript": true,
       "dependencies": {
         "@aws-sdk/client-s3": "^3.1056.0",
+        "@aws-sdk/s3-request-presigner": "^3.1058.0",
+        "@dnd-kit/core": "^6.3.1",
+        "@dnd-kit/sortable": "^8.0.0",
+        "@dnd-kit/utilities": "^3.2.2",
         "@prisma/adapter-pg": "^7.8.0",
         "@prisma/client": "^7.8.0",
         "@types/leaflet": "^1.9.21",
@@ -509,6 +513,23 @@
         "node": ">=20.0.0"
       }
     },
+    "node_modules/@aws-sdk/s3-request-presigner": {
+      "version": "3.1058.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/s3-request-presigner/-/s3-request-presigner-3.1058.0.tgz",
+      "integrity": "sha512-IRgNfn8U3zfsZ0JkpmwjS59R/XyHMHxpuwW6HVuJhik+FsbClhNkujEO0w1WqJvXrF4FX+7qIAwUrvlwNvaZ7Q==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "^3.974.15",
+        "@aws-sdk/signature-v4-multi-region": "^3.996.30",
+        "@aws-sdk/types": "^3.973.9",
+        "@smithy/core": "^3.24.5",
+        "@smithy/types": "^4.14.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
     "node_modules/@aws-sdk/signature-v4-multi-region": {
       "version": "3.996.30",
       "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.996.30.tgz",
@@ -839,6 +860,59 @@
         "node": ">=18"
       }
     },
+    "node_modules/@dnd-kit/accessibility": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/accessibility/-/accessibility-3.1.1.tgz",
+      "integrity": "sha512-2P+YgaXF+gRsIihwwY1gCsQSYnu9Zyj2py8kY5fFvUM1qm2WA2u639R6YNVfU4GWr+ZM5mqEsfHZZLoRONbemw==",
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "react": ">=16.8.0"
+      }
+    },
+    "node_modules/@dnd-kit/core": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/core/-/core-6.3.1.tgz",
+      "integrity": "sha512-xkGBRQQab4RLwgXxoqETICr6S5JlogafbhNsidmrkVv2YRs5MLwpjoF2qpiGjQt8S9AoxtIV603s0GIUpY5eYQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@dnd-kit/accessibility": "^3.1.1",
+        "@dnd-kit/utilities": "^3.2.2",
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "react": ">=16.8.0",
+        "react-dom": ">=16.8.0"
+      }
+    },
+    "node_modules/@dnd-kit/sortable": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/sortable/-/sortable-8.0.0.tgz",
+      "integrity": "sha512-U3jk5ebVXe1Lr7c2wU7SBZjcWdQP+j7peHJfCspnA81enlu88Mgd7CC8Q+pub9ubP7eKVETzJW+IBAhsqbSu/g==",
+      "license": "MIT",
+      "dependencies": {
+        "@dnd-kit/utilities": "^3.2.2",
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "@dnd-kit/core": "^6.1.0",
+        "react": ">=16.8.0"
+      }
+    },
+    "node_modules/@dnd-kit/utilities": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/utilities/-/utilities-3.2.2.tgz",
+      "integrity": "sha512-+MKAJEOfaBe5SmV6t34p80MMKhjvUz0vRrvVJbPT0WElzaOJ/1xs+D+KDv+tD/NE5ujfrChEcshd4fLn0wpiqg==",
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "react": ">=16.8.0"
+      }
+    },
     "node_modules/@electric-sql/pglite": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/@electric-sql/pglite/-/pglite-0.4.1.tgz",
diff --git a/package.json b/package.json
index 000a852..5bb9e15 100644
--- a/package.json
+++ b/package.json
@@ -14,6 +14,10 @@
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.1056.0",
+    "@aws-sdk/s3-request-presigner": "^3.1058.0",
+    "@dnd-kit/core": "^6.3.1",
+    "@dnd-kit/sortable": "^8.0.0",
+    "@dnd-kit/utilities": "^3.2.2",
     "@prisma/adapter-pg": "^7.8.0",
     "@prisma/client": "^7.8.0",
     "@types/leaflet": "^1.9.21",
diff --git a/prisma/migrations/20260602100000_favorite/migration.sql b/prisma/migrations/20260602100000_favorite/migration.sql
new file mode 100644
index 0000000..8abf012
--- /dev/null
+++ b/prisma/migrations/20260602100000_favorite/migration.sql
@@ -0,0 +1,8 @@
+CREATE TABLE "Favorite" (
+  "userId" TEXT NOT NULL,
+  "carbetId" TEXT NOT NULL,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "Favorite_pkey" PRIMARY KEY ("userId", "carbetId")
+);
+CREATE INDEX "Favorite_userId_idx" ON "Favorite"("userId");
+CREATE INDEX "Favorite_carbetId_idx" ON "Favorite"("carbetId");
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index f59864e..83d75c2 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -371,3 +371,13 @@ model PasswordResetToken {
   @@index([userId])
   @@index([expiresAt])
 }
+
+model Favorite {
+  userId    String
+  carbetId  String
+  createdAt DateTime @default(now())
+
+  @@id([userId, carbetId])
+  @@index([userId])
+  @@index([carbetId])
+}
diff --git a/src/app/accueil/page.tsx b/src/app/accueil/page.tsx
new file mode 100644
index 0000000..513e1ac
--- /dev/null
+++ b/src/app/accueil/page.tsx
@@ -0,0 +1,60 @@
+import Link from "next/link";
+import { IfPluginEnabled } from "@/components/IfPluginEnabled";
+import { HeroSection } from "@/components/landing/HeroSection";
+import { ExperiencesSection } from "@/components/landing/ExperiencesSection";
+import { HowItWorksSection } from "@/components/landing/HowItWorksSection";
+import { CESection } from "@/components/landing/CESection";
+import { TestimonialsSection } from "@/components/landing/TestimonialsSection";
+import { LandingFooter } from "@/components/landing/Footer";
+
+export const metadata = { title: "Accueil — Karbé" };
+
+/**
+ * Landing « marketing » historique (hero + sections + footer riche). Conservée
+ * à /accueil après la promotion de /decouvrir comme nouvelle page d'index.
+ */
+export default function LandingPage() {
+  return (
+    <>
+      <IfPluginEnabled
+        plugin="landing-hero"
+        fallback={
+          <div className="flex flex-1 items-center justify-center bg-zinc-50 px-6 dark:bg-black">
+            <main className="flex w-full max-w-2xl flex-col items-center gap-6 text-center">
+              <h1 className="text-4xl font-semibold tracking-tight text-black sm:text-5xl dark:text-zinc-50">
+                Karbé — carbets fluviaux de Guyane
+              </h1>
+              <p className="max-w-xl text-lg leading-8 text-zinc-600 dark:text-zinc-400">
+                La marketplace pour louer des carbets le long des fleuves de Guyane.
+              </p>
+              <div className="flex flex-wrap items-center justify-center gap-3">
+                <Link
+                  href="/decouvrir"
+                  className="rounded-md bg-emerald-600 px-5 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700"
+                >
+                  Au fil de l&apos;eau
+                </Link>
+                <Link
+                  href="/carbets"
+                  className="rounded-md border border-zinc-300 px-5 py-2.5 text-sm font-medium text-zinc-700 hover:bg-zinc-100 dark:border-zinc-700 dark:text-zinc-200 dark:hover:bg-zinc-900"
+                >
+                  Catalogue
+                </Link>
+              </div>
+            </main>
+          </div>
+        }
+      >
+        <HeroSection />
+      </IfPluginEnabled>
+
+      <IfPluginEnabled plugin="landing-sections">
+        <ExperiencesSection />
+        <HowItWorksSection />
+        <CESection />
+        <TestimonialsSection />
+        <LandingFooter />
+      </IfPluginEnabled>
+    </>
+  );
+}
diff --git a/src/app/api/favorites/route.ts b/src/app/api/favorites/route.ts
new file mode 100644
index 0000000..14824d5
--- /dev/null
+++ b/src/app/api/favorites/route.ts
@@ -0,0 +1,61 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  carbetId: z.string().min(1),
+});
+
+async function requireSelf() {
+  const session = await auth();
+  if (!session?.user?.id) throw new Error("Unauth");
+  return session.user.id;
+}
+
+export async function GET() {
+  try {
+    const userId = await requireSelf();
+    const rows = await prisma.favorite.findMany({
+      where: { userId },
+      orderBy: { createdAt: "desc" },
+      select: { carbetId: true },
+    });
+    return NextResponse.json({ ids: rows.map((r) => r.carbetId) });
+  } catch {
+    return NextResponse.json({ ids: [] });
+  }
+}
+
+export async function POST(req: Request) {
+  try {
+    const userId = await requireSelf();
+    const parsed = schema.safeParse(await req.json().catch(() => ({})));
+    if (!parsed.success) return NextResponse.json({ error: "Payload invalide" }, { status: 400 });
+    await prisma.favorite.upsert({
+      where: { userId_carbetId: { userId, carbetId: parsed.data.carbetId } },
+      create: { userId, carbetId: parsed.data.carbetId },
+      update: {},
+    });
+    return NextResponse.json({ ok: true });
+  } catch {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+}
+
+export async function DELETE(req: Request) {
+  try {
+    const userId = await requireSelf();
+    const parsed = schema.safeParse(await req.json().catch(() => ({})));
+    if (!parsed.success) return NextResponse.json({ error: "Payload invalide" }, { status: 400 });
+    await prisma.favorite
+      .delete({ where: { userId_carbetId: { userId, carbetId: parsed.data.carbetId } } })
+      .catch(() => null);
+    return NextResponse.json({ ok: true });
+  } catch {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+}
diff --git a/src/app/api/media/[id]/route.ts b/src/app/api/media/[id]/route.ts
new file mode 100644
index 0000000..56bebef
--- /dev/null
+++ b/src/app/api/media/[id]/route.ts
@@ -0,0 +1,41 @@
+import { NextResponse } from "next/server";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
+
+export const runtime = "nodejs";
+
+async function requireOwnership(mediaId: string) {
+  const session = await auth();
+  if (!session?.user?.id) throw new Error("Non authentifié");
+  const m = await prisma.media.findUnique({
+    where: { id: mediaId },
+    select: { id: true, carbetId: true, carbet: { select: { ownerId: true } } },
+  });
+  if (!m) throw new Error("Média introuvable");
+  const isAdmin = session.user.role === UserRole.ADMIN;
+  if (!isAdmin && m.carbet.ownerId !== session.user.id) throw new Error("Accès refusé");
+  return { session, media: m };
+}
+
+export async function DELETE(_req: Request, ctx: { params: Promise<{ id: string }> }) {
+  const { id } = await ctx.params;
+  try {
+    const { session, media } = await requireOwnership(id);
+    await prisma.media.delete({ where: { id } });
+    await recordAudit({
+      scope: "uploads",
+      event: "media.delete",
+      target: id,
+      actorEmail: session.user.email ?? null,
+      details: { carbetId: media.carbetId },
+    });
+    return NextResponse.json({ ok: true });
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    const status = msg === "Non authentifié" ? 401 : msg === "Accès refusé" ? 403 : 404;
+    return NextResponse.json({ error: msg }, { status });
+  }
+}
diff --git a/src/app/api/media/reorder/route.ts b/src/app/api/media/reorder/route.ts
new file mode 100644
index 0000000..e463118
--- /dev/null
+++ b/src/app/api/media/reorder/route.ts
@@ -0,0 +1,55 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+import { recordAudit } from "@/lib/admin/audit";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  carbetId: z.string().min(1),
+  orderedIds: z.array(z.string()).min(1).max(50),
+});
+
+export async function POST(req: Request) {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+  const parsed = schema.safeParse(await req.json().catch(() => ({})));
+  if (!parsed.success) {
+    return NextResponse.json({ error: "Payload invalide" }, { status: 400 });
+  }
+  const { carbetId, orderedIds } = parsed.data;
+  const carbet = await prisma.carbet.findUnique({
+    where: { id: carbetId },
+    select: { ownerId: true },
+  });
+  if (!carbet) return NextResponse.json({ error: "Carbet introuvable" }, { status: 404 });
+  const isAdmin = session.user.role === UserRole.ADMIN;
+  if (!isAdmin && carbet.ownerId !== session.user.id) {
+    return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+  }
+  const existing = await prisma.media.findMany({
+    where: { carbetId, id: { in: orderedIds } },
+    select: { id: true },
+  });
+  if (existing.length !== orderedIds.length) {
+    return NextResponse.json({ error: "Certains médias n'appartiennent pas au carbet." }, { status: 400 });
+  }
+  await prisma.$transaction(
+    orderedIds.map((id, idx) =>
+      prisma.media.update({ where: { id }, data: { sortOrder: idx } }),
+    ),
+  );
+  await recordAudit({
+    scope: "uploads",
+    event: "media.reorder",
+    target: carbetId,
+    actorEmail: session.user.email ?? null,
+    details: { count: orderedIds.length },
+  });
+  return NextResponse.json({ ok: true });
+}
diff --git a/src/app/api/uploads/finalize/route.ts b/src/app/api/uploads/finalize/route.ts
new file mode 100644
index 0000000..91fd2cd
--- /dev/null
+++ b/src/app/api/uploads/finalize/route.ts
@@ -0,0 +1,66 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { MediaType, UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+import { classifyMime } from "@/lib/uploads";
+import { recordAudit } from "@/lib/admin/audit";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  carbetId: z.string().min(1),
+  s3Key: z.string().min(5).max(500),
+  s3Url: z.string().url(),
+  mime: z.string().min(3).max(100),
+});
+
+export async function POST(req: Request) {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+  const parsed = schema.safeParse(await req.json().catch(() => ({})));
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.issues[0]?.message ?? "Payload invalide" }, { status: 400 });
+  }
+  const kind = classifyMime(parsed.data.mime);
+  if (!kind) return NextResponse.json({ error: "Type non supporté" }, { status: 400 });
+
+  const carbet = await prisma.carbet.findUnique({
+    where: { id: parsed.data.carbetId },
+    select: { id: true, ownerId: true },
+  });
+  if (!carbet) return NextResponse.json({ error: "Carbet introuvable" }, { status: 404 });
+  const isOwner = carbet.ownerId === session.user.id;
+  const isAdmin = session.user.role === UserRole.ADMIN;
+  if (!isOwner && !isAdmin) {
+    return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+  }
+
+  // S3Key doit appartenir au carbet — verrou pour éviter qu'un user finalise une key étrangère.
+  if (!parsed.data.s3Key.startsWith(`carbets/${carbet.id}/`)) {
+    return NextResponse.json({ error: "s3Key invalide pour ce carbet" }, { status: 400 });
+  }
+
+  const existingCount = await prisma.media.count({ where: { carbetId: carbet.id } });
+  const media = await prisma.media.create({
+    data: {
+      carbetId: carbet.id,
+      type: kind === "photo" ? MediaType.PHOTO : MediaType.VIDEO,
+      s3Key: parsed.data.s3Key,
+      s3Url: parsed.data.s3Url,
+      sortOrder: existingCount,
+    },
+    select: { id: true, type: true, s3Url: true, s3Key: true, sortOrder: true },
+  });
+  await recordAudit({
+    scope: "uploads",
+    event: "media.finalize",
+    target: media.id,
+    actorEmail: session.user.email ?? null,
+    details: { carbetId: carbet.id, kind },
+  });
+  return NextResponse.json({ media });
+}
diff --git a/src/app/api/uploads/presign/route.ts b/src/app/api/uploads/presign/route.ts
new file mode 100644
index 0000000..cbf60c6
--- /dev/null
+++ b/src/app/api/uploads/presign/route.ts
@@ -0,0 +1,55 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+import { presignCarbetUpload } from "@/lib/uploads";
+import { rateLimitRequest } from "@/lib/rate-limit";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  carbetId: z.string().min(1),
+  mime: z.string().min(3).max(100),
+  sizeBytes: z.coerce.number().int().min(1).max(500 * 1024 * 1024),
+});
+
+export async function POST(req: Request) {
+  const rl = rateLimitRequest(req, "presign", 60_000, 60);
+  if (!rl.ok) {
+    return NextResponse.json(
+      { error: `Trop de demandes. Réessayez dans ${rl.retryAfter}s.` },
+      { status: 429 },
+    );
+  }
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+  const parsed = schema.safeParse(await req.json().catch(() => ({})));
+  if (!parsed.success) {
+    return NextResponse.json({ error: parsed.error.issues[0]?.message ?? "Payload invalide" }, { status: 400 });
+  }
+
+  const carbet = await prisma.carbet.findUnique({
+    where: { id: parsed.data.carbetId },
+    select: { id: true, ownerId: true },
+  });
+  if (!carbet) return NextResponse.json({ error: "Carbet introuvable" }, { status: 404 });
+  const isOwner = carbet.ownerId === session.user.id;
+  const isAdmin = session.user.role === UserRole.ADMIN;
+  if (!isOwner && !isAdmin) {
+    return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+  }
+
+  const result = await presignCarbetUpload({
+    carbetId: carbet.id,
+    mime: parsed.data.mime,
+    sizeBytes: parsed.data.sizeBytes,
+  });
+  if ("error" in result) {
+    return NextResponse.json({ error: result.error }, { status: 400 });
+  }
+  return NextResponse.json(result);
+}
diff --git a/src/app/decouvrir/_components/ReelSlide.tsx b/src/app/decouvrir/_components/ReelSlide.tsx
new file mode 100644
index 0000000..26e3809
--- /dev/null
+++ b/src/app/decouvrir/_components/ReelSlide.tsx
@@ -0,0 +1,256 @@
+"use client";
+
+import { useCallback, useEffect, useRef, useState } from "react";
+import Link from "next/link";
+
+import type { ReelCarbet } from "@/lib/reels";
+
+type Props = {
+  carbet: ReelCarbet;
+  isActive: boolean;
+  shouldPreload: boolean;
+  isFavorite: boolean;
+  onToggleFavorite: () => void;
+};
+
+export function ReelSlide({ carbet, isActive, shouldPreload, isFavorite, onToggleFavorite }: Props) {
+  const [mediaIndex, setMediaIndex] = useState(0);
+  const [muted, setMuted] = useState(true);
+  const touchStart = useRef<{ x: number; y: number } | null>(null);
+  const videoRef = useRef<HTMLVideoElement>(null);
+
+  const current = carbet.media[mediaIndex];
+
+  const nextMedia = useCallback(() => {
+    setMediaIndex((i) => (i + 1) % carbet.media.length);
+  }, [carbet.media.length]);
+  const prevMedia = useCallback(() => {
+    setMediaIndex((i) => (i - 1 + carbet.media.length) % carbet.media.length);
+  }, [carbet.media.length]);
+
+  // Auto-play/pause vidéos quand slide active
+  useEffect(() => {
+    if (!videoRef.current) return;
+    if (isActive && current?.type === "VIDEO") {
+      videoRef.current.play().catch(() => {});
+    } else {
+      videoRef.current.pause();
+    }
+  }, [isActive, current?.type, mediaIndex]);
+
+  // Reset au changement de slide (différé pour éviter cascading renders)
+  useEffect(() => {
+    if (isActive) return;
+    queueMicrotask(() => setMediaIndex(0));
+  }, [isActive]);
+
+  // Navigation clavier ← →
+  useEffect(() => {
+    if (!isActive) return;
+    function onKey(e: KeyboardEvent) {
+      const tag = (e.target as HTMLElement | null)?.tagName?.toLowerCase();
+      if (tag === "input" || tag === "textarea") return;
+      if (e.key === "ArrowRight" || e.key === "l") {
+        e.preventDefault();
+        nextMedia();
+      } else if (e.key === "ArrowLeft" || e.key === "h") {
+        e.preventDefault();
+        prevMedia();
+      }
+    }
+    window.addEventListener("keydown", onKey);
+    return () => window.removeEventListener("keydown", onKey);
+  }, [isActive, nextMedia, prevMedia]);
+
+  function onTouchStart(e: React.TouchEvent) {
+    const t = e.touches[0];
+    touchStart.current = { x: t.clientX, y: t.clientY };
+  }
+  function onTouchEnd(e: React.TouchEvent) {
+    if (!touchStart.current) return;
+    const t = e.changedTouches[0];
+    const dx = t.clientX - touchStart.current.x;
+    const dy = t.clientY - touchStart.current.y;
+    touchStart.current = null;
+    // Seuil horizontal > vertical pour considérer un swipe horizontal
+    if (Math.abs(dx) > 40 && Math.abs(dx) > Math.abs(dy) * 1.2) {
+      if (dx < 0) nextMedia();
+      else prevMedia();
+    }
+  }
+
+  const share = useCallback(async () => {
+    const url = `${window.location.origin}/carbets/${carbet.slug}`;
+    const title = carbet.title;
+    if (navigator.share) {
+      navigator.share({ title, url }).catch(() => {});
+    } else {
+      navigator.clipboard?.writeText(url).catch(() => {});
+    }
+  }, [carbet.slug, carbet.title]);
+
+  if (!current) return null;
+
+  return (
+    <div
+      className="relative h-full w-full bg-black"
+      onTouchStart={onTouchStart}
+      onTouchEnd={onTouchEnd}
+    >
+      {/* Média */}
+      <div className="absolute inset-0 flex items-center justify-center">
+        {current.type === "VIDEO" ? (
+          <video
+            ref={videoRef}
+            src={shouldPreload ? current.url : undefined}
+            data-src={current.url}
+            muted={muted}
+            playsInline
+            loop
+            preload={shouldPreload ? "auto" : "none"}
+            className="h-full w-full object-cover"
+            onClick={() => setMuted((m) => !m)}
+          />
+        ) : (
+          // eslint-disable-next-line @next/next/no-img-element
+          <img
+            src={shouldPreload ? current.url : undefined}
+            data-src={current.url}
+            alt={`${carbet.title} — média ${mediaIndex + 1}`}
+            loading={shouldPreload ? "eager" : "lazy"}
+            className="h-full w-full object-cover"
+          />
+        )}
+      </div>
+
+      {/* Voile dégradé en bas pour lisibilité */}
+      <div className="pointer-events-none absolute inset-x-0 bottom-0 h-2/5 bg-gradient-to-t from-black/85 via-black/30 to-transparent" />
+
+      {/* Indicateurs progression médias (sticks en haut) */}
+      {carbet.media.length > 1 ? (
+        <div className="pointer-events-none absolute left-3 right-3 top-12 flex gap-1">
+          {carbet.media.map((_, i) => (
+            <span
+              key={i}
+              className={
+                "h-0.5 flex-1 rounded-full " +
+                (i === mediaIndex ? "bg-white" : i < mediaIndex ? "bg-white/60" : "bg-white/30")
+              }
+            />
+          ))}
+        </div>
+      ) : null}
+
+      {/* Zones tap horizontales (50/50) sur desktop */}
+      <button
+        type="button"
+        onClick={prevMedia}
+        className="absolute inset-y-0 left-0 z-10 hidden w-1/3 cursor-default md:block"
+        aria-label="Média précédent"
+      />
+      <button
+        type="button"
+        onClick={nextMedia}
+        className="absolute inset-y-0 right-0 z-10 hidden w-1/3 cursor-default md:block"
+        aria-label="Média suivant"
+      />
+
+      {/* Sidebar boutons droite (mobile) */}
+      <div className="absolute bottom-32 right-3 z-20 flex flex-col items-center gap-4">
+        <button
+          type="button"
+          onClick={onToggleFavorite}
+          className="flex flex-col items-center text-white"
+          aria-label={isFavorite ? "Retirer des favoris" : "Ajouter aux favoris"}
+        >
+          <span
+            className={
+              "flex h-12 w-12 items-center justify-center rounded-full backdrop-blur transition " +
+              (isFavorite ? "bg-rose-500/90" : "bg-white/10 hover:bg-white/20")
+            }
+          >
+            <svg width="22" height="22" viewBox="0 0 24 24" fill={isFavorite ? "white" : "none"} stroke="currentColor" strokeWidth="2">
+              <path d="M20.84 4.61a5.5 5.5 0 0 0-7.78 0L12 5.67l-1.06-1.06a5.5 5.5 0 0 0-7.78 7.78l1.06 1.06L12 21.23l7.78-7.78 1.06-1.06a5.5 5.5 0 0 0 0-7.78z" />
+            </svg>
+          </span>
+          <span className="mt-0.5 text-[10px] font-semibold">Favori</span>
+        </button>
+
+        <button
+          type="button"
+          onClick={share}
+          className="flex flex-col items-center text-white"
+          aria-label="Partager"
+        >
+          <span className="flex h-12 w-12 items-center justify-center rounded-full bg-white/10 backdrop-blur hover:bg-white/20">
+            <svg width="22" height="22" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
+              <circle cx="18" cy="5" r="3" />
+              <circle cx="6" cy="12" r="3" />
+              <circle cx="18" cy="19" r="3" />
+              <path d="M8.59 13.51 L15.42 17.49" />
+              <path d="M15.41 6.51 L8.59 10.49" />
+            </svg>
+          </span>
+          <span className="mt-0.5 text-[10px] font-semibold">Partager</span>
+        </button>
+
+        {current.type === "VIDEO" ? (
+          <button
+            type="button"
+            onClick={() => setMuted((m) => !m)}
+            className="flex flex-col items-center text-white"
+            aria-label={muted ? "Activer le son" : "Couper le son"}
+          >
+            <span className="flex h-10 w-10 items-center justify-center rounded-full bg-white/10 backdrop-blur hover:bg-white/20">
+              {muted ? (
+                <svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
+                  <path d="M11 5L6 9H2v6h4l5 4V5z" />
+                  <line x1="23" y1="9" x2="17" y2="15" />
+                  <line x1="17" y1="9" x2="23" y2="15" />
+                </svg>
+              ) : (
+                <svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
+                  <path d="M11 5L6 9H2v6h4l5 4V5z" />
+                  <path d="M15.54 8.46a5 5 0 0 1 0 7.07" />
+                </svg>
+              )}
+            </span>
+          </button>
+        ) : null}
+      </div>
+
+      {/* Bloc info bas + CTAs */}
+      <div className="absolute inset-x-0 bottom-0 z-10 p-4 pb-6 text-white">
+        <div className="mb-2 flex items-baseline gap-2">
+          <h2 className="text-lg font-semibold">{carbet.title}</h2>
+          {carbet.averageRating !== null ? (
+            <span className="text-xs text-white/80">
+              ★ {carbet.averageRating.toFixed(1)} ({carbet.reviewCount})
+            </span>
+          ) : null}
+        </div>
+        <div className="mb-2 flex flex-wrap items-center gap-x-3 gap-y-1 text-xs text-white/80">
+          <span>📍 {carbet.river}</span>
+          <span>·</span>
+          <span>👥 jusqu&apos;à {carbet.capacity}</span>
+          <span>·</span>
+          <span className="font-mono font-semibold text-white">{Number(carbet.nightlyPrice).toFixed(0)} € / nuit</span>
+        </div>
+        <div className="flex flex-wrap gap-2">
+          <Link
+            href={`/carbets/${carbet.slug}`}
+            className="rounded-full bg-white/10 px-4 py-2 text-xs font-semibold backdrop-blur hover:bg-white/20"
+          >
+            Voir la fiche
+          </Link>
+          <Link
+            href={`/carbets/${carbet.slug}#reserver`}
+            className="rounded-full bg-emerald-500 px-4 py-2 text-xs font-semibold hover:bg-emerald-400"
+          >
+            Réserver
+          </Link>
+        </div>
+      </div>
+    </div>
+  );
+}
diff --git a/src/app/decouvrir/_components/ReelsViewer.tsx b/src/app/decouvrir/_components/ReelsViewer.tsx
new file mode 100644
index 0000000..e7f925c
--- /dev/null
+++ b/src/app/decouvrir/_components/ReelsViewer.tsx
@@ -0,0 +1,139 @@
+"use client";
+
+import { useCallback, useEffect, useMemo, useRef, useState } from "react";
+import Link from "next/link";
+import { useRouter } from "next/navigation";
+
+import type { ReelCarbet } from "@/lib/reels";
+
+import { ReelSlide } from "./ReelSlide";
+
+type Props = {
+  carbets: ReelCarbet[];
+  initialFavoriteIds: string[];
+  isAuthenticated: boolean;
+};
+
+export function ReelsViewer({ carbets, initialFavoriteIds, isAuthenticated }: Props) {
+  const router = useRouter();
+  const containerRef = useRef<HTMLDivElement>(null);
+  const slideRefs = useRef<(HTMLDivElement | null)[]>([]);
+  const [activeIndex, setActiveIndex] = useState(0);
+  const [favorites, setFavorites] = useState<Set<string>>(new Set(initialFavoriteIds));
+
+  // Détection du carbet actif via IntersectionObserver
+  useEffect(() => {
+    const observer = new IntersectionObserver(
+      (entries) => {
+        const visible = entries.filter((e) => e.isIntersecting);
+        if (visible.length === 0) return;
+        const best = visible.reduce((a, b) => (a.intersectionRatio > b.intersectionRatio ? a : b));
+        const idx = slideRefs.current.findIndex((el) => el === best.target);
+        if (idx !== -1) setActiveIndex(idx);
+      },
+      { root: containerRef.current, threshold: [0.55, 0.85] },
+    );
+    slideRefs.current.forEach((el) => el && observer.observe(el));
+    return () => observer.disconnect();
+  }, [carbets.length]);
+
+  // Navigation clavier ↑↓
+  useEffect(() => {
+    function onKey(e: KeyboardEvent) {
+      const tag = (e.target as HTMLElement | null)?.tagName?.toLowerCase();
+      if (tag === "input" || tag === "textarea") return;
+      if (e.key === "ArrowDown" || e.key === "j") {
+        e.preventDefault();
+        const next = Math.min(activeIndex + 1, carbets.length - 1);
+        slideRefs.current[next]?.scrollIntoView({ behavior: "smooth", block: "start" });
+      } else if (e.key === "ArrowUp" || e.key === "k") {
+        e.preventDefault();
+        const prev = Math.max(activeIndex - 1, 0);
+        slideRefs.current[prev]?.scrollIntoView({ behavior: "smooth", block: "start" });
+      }
+    }
+    window.addEventListener("keydown", onKey);
+    return () => window.removeEventListener("keydown", onKey);
+  }, [activeIndex, carbets.length]);
+
+  const toggleFavorite = useCallback(
+    async (carbetId: string) => {
+      if (!isAuthenticated) {
+        router.push(`/connexion?next=${encodeURIComponent("/decouvrir")}`);
+        return;
+      }
+      const isFav = favorites.has(carbetId);
+      // Optimistic update
+      setFavorites((prev) => {
+        const next = new Set(prev);
+        if (isFav) next.delete(carbetId);
+        else next.add(carbetId);
+        return next;
+      });
+      const method = isFav ? "DELETE" : "POST";
+      const res = await fetch("/api/favorites", {
+        method,
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ carbetId }),
+      });
+      if (!res.ok) {
+        // Rollback
+        setFavorites((prev) => {
+          const next = new Set(prev);
+          if (isFav) next.add(carbetId);
+          else next.delete(carbetId);
+          return next;
+        });
+      }
+    },
+    [favorites, isAuthenticated, router],
+  );
+
+  // Préchargement N+1 et N-1 médias (un peu d'AGGRESSIVE prefetch)
+  const preloadIndexes = useMemo(
+    () => [activeIndex - 1, activeIndex, activeIndex + 1].filter((i) => i >= 0 && i < carbets.length),
+    [activeIndex, carbets.length],
+  );
+
+  return (
+    <div className="fixed inset-x-0 bottom-0 top-12 z-10 bg-black">
+      {/* Bouton retour catalogue */}
+      <Link
+        href="/carbets"
+        className="absolute right-3 top-3 z-20 rounded-full bg-white/10 px-3 py-1.5 text-xs font-semibold text-white backdrop-blur hover:bg-white/20"
+      >
+        ← Catalogue
+      </Link>
+
+      {/* Compteur */}
+      <div className="absolute left-3 top-3 z-20 rounded-full bg-white/10 px-3 py-1.5 text-xs font-semibold text-white backdrop-blur">
+        {activeIndex + 1} / {carbets.length}
+      </div>
+
+      <div
+        ref={containerRef}
+        className="h-full snap-y snap-mandatory overflow-y-scroll overscroll-contain"
+        style={{ scrollSnapType: "y mandatory" }}
+      >
+        {carbets.map((c, idx) => (
+          <div
+            key={c.id}
+            ref={(el) => {
+              slideRefs.current[idx] = el;
+            }}
+            className="h-full snap-start snap-always"
+            style={{ scrollSnapAlign: "start" }}
+          >
+            <ReelSlide
+              carbet={c}
+              isActive={idx === activeIndex}
+              shouldPreload={preloadIndexes.includes(idx)}
+              isFavorite={favorites.has(c.id)}
+              onToggleFavorite={() => toggleFavorite(c.id)}
+            />
+          </div>
+        ))}
+      </div>
+    </div>
+  );
+}
diff --git a/src/app/decouvrir/page.tsx b/src/app/decouvrir/page.tsx
new file mode 100644
index 0000000..ed232bf
--- /dev/null
+++ b/src/app/decouvrir/page.tsx
@@ -0,0 +1,50 @@
+import Link from "next/link";
+
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { listReelCarbets } from "@/lib/reels";
+
+import { ReelsViewer } from "./_components/ReelsViewer";
+
+export const dynamic = "force-dynamic";
+
+export const metadata = {
+  title: "Au fil de l'eau",
+  description: "Découvrez les carbets de Guyane façon Reels — swipez pour explorer.",
+};
+
+export default async function DecouvrirPage() {
+  const session = await auth();
+  const userId = session?.user?.id ?? null;
+  const [carbets, favoriteIds] = await Promise.all([
+    listReelCarbets({ take: 30 }),
+    userId
+      ? prisma.favorite.findMany({ where: { userId }, select: { carbetId: true } }).then((r) => r.map((x) => x.carbetId))
+      : Promise.resolve([] as string[]),
+  ]);
+
+  if (carbets.length === 0) {
+    return (
+      <main className="mx-auto max-w-2xl px-6 py-20 text-center">
+        <h1 className="text-3xl font-semibold text-zinc-900">Au fil de l&apos;eau</h1>
+        <p className="mt-3 text-sm text-zinc-600">
+          Pas encore assez de carbets avec des photos pour démarrer le mode immersif.
+        </p>
+        <Link
+          href="/carbets"
+          className="mt-6 inline-block rounded-md bg-emerald-600 px-5 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700"
+        >
+          Voir le catalogue
+        </Link>
+      </main>
+    );
+  }
+
+  return (
+    <ReelsViewer
+      carbets={carbets}
+      initialFavoriteIds={favoriteIds}
+      isAuthenticated={Boolean(userId)}
+    />
+  );
+}
diff --git a/src/app/espace-hote/carbets/[carbetId]/page.tsx b/src/app/espace-hote/carbets/[carbetId]/page.tsx
index 93768b1..2b8b069 100644
--- a/src/app/espace-hote/carbets/[carbetId]/page.tsx
+++ b/src/app/espace-hote/carbets/[carbetId]/page.tsx
@@ -3,11 +3,10 @@ import { notFound } from "next/navigation";
 
 import { canManageCarbet, requireOwnerSession } from "@/lib/carbet-access";
 import { prisma } from "@/lib/prisma";
-import { isStorageConfigured } from "@/lib/storage";
+import { MediaUploader } from "@/components/MediaUploader";
 
 import { updateCarbet } from "../actions";
 import { CarbetForm } from "../_components/carbet-form";
-import { MediaManager } from "../_components/media-manager";
 
 export default async function EditCarbetPage({
   params,
@@ -36,7 +35,7 @@ export default async function EditCarbetPage({
       status: true,
       media: {
         orderBy: { sortOrder: "asc" },
-        select: { id: true, type: true, s3Url: true, sortOrder: true },
+        select: { id: true, type: true, s3Url: true, s3Key: true, sortOrder: true },
       },
       amenities: { select: { amenity: { select: { key: true } } } },
     },
@@ -80,14 +79,10 @@ export default async function EditCarbetPage({
       <section className="mt-8">
         <h2 className="text-lg font-semibold text-zinc-900">Médias</h2>
         <p className="mb-4 mt-1 text-sm text-zinc-600">
-          Le premier média sert de photo de couverture. Réordonnez avec les
-          flèches.
+          Déposez photos et vidéos courtes, réorganisez par glisser-déposer.
+          Le premier média sert de cover sur le catalogue et la home.
         </p>
-        <MediaManager
-          carbetId={carbet.id}
-          media={carbet.media}
-          storageConfigured={isStorageConfigured()}
-        />
+        <MediaUploader carbetId={carbet.id} initialMedia={carbet.media} />
       </section>
 
       <section className="mt-10 border-t border-zinc-200 pt-8">
diff --git a/src/app/mes-favoris/page.tsx b/src/app/mes-favoris/page.tsx
new file mode 100644
index 0000000..6ec4097
--- /dev/null
+++ b/src/app/mes-favoris/page.tsx
@@ -0,0 +1,63 @@
+import { redirect } from "next/navigation";
+import Link from "next/link";
+
+import { auth } from "@/auth";
+import { listFavoriteCarbets } from "@/lib/reels";
+
+export const dynamic = "force-dynamic";
+
+export const metadata = { title: "Mes favoris" };
+
+export default async function MyFavoritesPage() {
+  const session = await auth();
+  if (!session?.user?.id) redirect("/connexion?next=/mes-favoris");
+
+  const carbets = await listFavoriteCarbets(session.user.id);
+
+  return (
+    <main className="mx-auto max-w-5xl px-6 py-10">
+      <h1 className="text-3xl font-semibold text-zinc-900">Mes favoris</h1>
+      <p className="mt-1 text-sm text-zinc-600">
+        {carbets.length === 0
+          ? "Aucun favori pour l'instant — ajoutez des carbets depuis le mode Au fil de l'eau ou les fiches."
+          : `${carbets.length} carbet${carbets.length > 1 ? "s" : ""} sauvegardé${carbets.length > 1 ? "s" : ""}.`}
+      </p>
+
+      {carbets.length === 0 ? (
+        <div className="mt-8">
+          <Link
+            href="/decouvrir"
+            className="inline-block rounded-md bg-emerald-600 px-5 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700"
+          >
+            Découvrir des carbets
+          </Link>
+        </div>
+      ) : (
+        <ul className="mt-8 grid gap-6 sm:grid-cols-2 lg:grid-cols-3">
+          {carbets.map((c) => (
+            <li key={c.id} className="overflow-hidden rounded-lg border border-zinc-200 bg-white shadow-sm">
+              <Link href={`/carbets/${c.slug}`} className="block">
+                {c.media[0] ? (
+                  // eslint-disable-next-line @next/next/no-img-element
+                  <img
+                    src={c.media[0].url}
+                    alt={c.title}
+                    className="aspect-video w-full object-cover"
+                  />
+                ) : (
+                  <div className="aspect-video w-full bg-zinc-100" />
+                )}
+                <div className="p-3">
+                  <h2 className="font-semibold text-zinc-900">{c.title}</h2>
+                  <p className="mt-0.5 text-xs text-zinc-500">
+                    {c.river} · {Number(c.nightlyPrice).toFixed(0)} € / nuit
+                  </p>
+                </div>
+              </Link>
+            </li>
+          ))}
+        </ul>
+      )}
+    </main>
+  );
+}
diff --git a/src/app/page.tsx b/src/app/page.tsx
index 5d0099b..ad5f2bd 100644
--- a/src/app/page.tsx
+++ b/src/app/page.tsx
@@ -1,63 +1,9 @@
-import Link from "next/link";
-import { IfPluginEnabled } from "@/components/IfPluginEnabled";
-import { HeroSection } from "@/components/landing/HeroSection";
-import { ExperiencesSection } from "@/components/landing/ExperiencesSection";
-import { HowItWorksSection } from "@/components/landing/HowItWorksSection";
-import { CESection } from "@/components/landing/CESection";
-import { TestimonialsSection } from "@/components/landing/TestimonialsSection";
-import { LandingFooter } from "@/components/landing/Footer";
+import { redirect } from "next/navigation";
 
 /**
- * Page d'accueil — la majorité du contenu est conditionnée par les plugins :
- *   - `landing-hero`      → hero plein écran
- *   - `landing-sections`  → 2 expériences + comment ça marche + CE + témoignages + footer riche
- *
- * Si aucun de ces plugins n'est activé, on retombe sur la home historique
- * minimaliste (fallback). Activable depuis /admin/plugins.
+ * Home redirige vers le mode immersif « Au fil de l'eau » par défaut.
+ * L'ancien hero/landing reste accessible via /accueil.
  */
 export default function Home() {
-  return (
-    <>
-      <IfPluginEnabled
-        plugin="landing-hero"
-        fallback={
-          // Fallback héro minimaliste — historique
-          <div className="flex flex-1 items-center justify-center bg-zinc-50 px-6 dark:bg-black">
-            <main className="flex w-full max-w-2xl flex-col items-center gap-6 text-center">
-              <h1 className="text-4xl font-semibold tracking-tight text-black sm:text-5xl dark:text-zinc-50">
-                Karbé — carbets fluviaux de Guyane
-              </h1>
-              <p className="max-w-xl text-lg leading-8 text-zinc-600 dark:text-zinc-400">
-                La marketplace pour louer des carbets le long des fleuves de Guyane.
-              </p>
-              <div className="flex flex-wrap items-center justify-center gap-3">
-                <Link
-                  href="/carbets"
-                  className="rounded-md bg-emerald-600 px-5 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700"
-                >
-                  Découvrir les carbets
-                </Link>
-                <Link
-                  href="/espace-hote"
-                  className="rounded-md border border-zinc-300 px-5 py-2.5 text-sm font-medium text-zinc-700 hover:bg-zinc-100 dark:border-zinc-700 dark:text-zinc-200 dark:hover:bg-zinc-900"
-                >
-                  Espace hôte
-                </Link>
-              </div>
-            </main>
-          </div>
-        }
-      >
-        <HeroSection />
-      </IfPluginEnabled>
-
-      <IfPluginEnabled plugin="landing-sections">
-        <ExperiencesSection />
-        <HowItWorksSection />
-        <CESection />
-        <TestimonialsSection />
-        <LandingFooter />
-      </IfPluginEnabled>
-    </>
-  );
+  redirect("/decouvrir");
 }
diff --git a/src/components/MediaUploader.tsx b/src/components/MediaUploader.tsx
new file mode 100644
index 0000000..815d991
--- /dev/null
+++ b/src/components/MediaUploader.tsx
@@ -0,0 +1,380 @@
+"use client";
+
+import { useCallback, useEffect, useId, useMemo, useRef, useState } from "react";
+import {
+  DndContext,
+  PointerSensor,
+  TouchSensor,
+  KeyboardSensor,
+  closestCenter,
+  useSensor,
+  useSensors,
+  type DragEndEvent,
+} from "@dnd-kit/core";
+import {
+  SortableContext,
+  arrayMove,
+  rectSortingStrategy,
+  useSortable,
+  sortableKeyboardCoordinates,
+} from "@dnd-kit/sortable";
+import { CSS } from "@dnd-kit/utilities";
+
+export type MediaItem = {
+  id: string;
+  type: "PHOTO" | "VIDEO";
+  s3Url: string;
+  s3Key: string;
+  sortOrder: number;
+};
+
+type Props = {
+  carbetId: string;
+  initialMedia: MediaItem[];
+};
+
+type UploadEntry = {
+  tempId: string;
+  name: string;
+  sizeBytes: number;
+  mime: string;
+  progress: number;
+  error?: string;
+  done: boolean;
+};
+
+const MAX_PARALLEL = 3;
+
+export function MediaUploader({ carbetId, initialMedia }: Props) {
+  const [items, setItems] = useState<MediaItem[]>(
+    [...initialMedia].sort((a, b) => a.sortOrder - b.sortOrder),
+  );
+  const [uploads, setUploads] = useState<UploadEntry[]>([]);
+  const [dragging, setDragging] = useState(false);
+  const inputId = useId();
+  const fileInput = useRef<HTMLInputElement>(null);
+  const queueRef = useRef<File[]>([]);
+  const activeRef = useRef(0);
+
+  const sensors = useSensors(
+    useSensor(PointerSensor, { activationConstraint: { distance: 6 } }),
+    useSensor(TouchSensor, { activationConstraint: { delay: 150, tolerance: 6 } }),
+    useSensor(KeyboardSensor, { coordinateGetter: sortableKeyboardCoordinates }),
+  );
+
+  const allIds = useMemo(() => items.map((i) => i.id), [items]);
+
+  const reorderOnServer = useCallback(
+    async (orderedIds: string[]) => {
+      await fetch("/api/media/reorder", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ carbetId, orderedIds }),
+      }).catch(() => {});
+    },
+    [carbetId],
+  );
+
+  function onDragEnd(e: DragEndEvent) {
+    const { active, over } = e;
+    if (!over || active.id === over.id) return;
+    setItems((prev) => {
+      const oldIdx = prev.findIndex((p) => p.id === active.id);
+      const newIdx = prev.findIndex((p) => p.id === over.id);
+      if (oldIdx < 0 || newIdx < 0) return prev;
+      const next = arrayMove(prev, oldIdx, newIdx);
+      reorderOnServer(next.map((m) => m.id));
+      return next;
+    });
+  }
+
+  const setCover = useCallback(
+    (id: string) => {
+      setItems((prev) => {
+        const idx = prev.findIndex((p) => p.id === id);
+        if (idx <= 0) return prev;
+        const next = arrayMove(prev, idx, 0);
+        reorderOnServer(next.map((m) => m.id));
+        return next;
+      });
+    },
+    [reorderOnServer],
+  );
+
+  const removeItem = useCallback(async (id: string) => {
+    if (!confirm("Supprimer ce média ?")) return;
+    const res = await fetch(`/api/media/${id}`, { method: "DELETE" });
+    if (res.ok) setItems((prev) => prev.filter((p) => p.id !== id));
+  }, []);
+
+  const processFile = useCallback(async function processFile(file: File): Promise<void> {
+    const tempId = crypto.randomUUID();
+    setUploads((u) => [
+      ...u,
+      { tempId, name: file.name, sizeBytes: file.size, mime: file.type, progress: 0, done: false },
+    ]);
+    try {
+      const presignRes = await fetch("/api/uploads/presign", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ carbetId, mime: file.type, sizeBytes: file.size }),
+      });
+      const presign = await presignRes.json();
+      if (!presignRes.ok) throw new Error(presign?.error || "presign refusé");
+
+      await new Promise<void>((resolve, reject) => {
+        const xhr = new XMLHttpRequest();
+        xhr.upload.addEventListener("progress", (ev) => {
+          if (!ev.lengthComputable) return;
+          const pct = Math.round((ev.loaded / ev.total) * 100);
+          setUploads((u) => u.map((x) => (x.tempId === tempId ? { ...x, progress: pct } : x)));
+        });
+        xhr.addEventListener("load", () =>
+          xhr.status >= 200 && xhr.status < 300 ? resolve() : reject(new Error(`HTTP ${xhr.status}`)),
+        );
+        xhr.addEventListener("error", () => reject(new Error("Réseau coupé")));
+        xhr.open("PUT", presign.uploadUrl);
+        xhr.setRequestHeader("Content-Type", file.type);
+        xhr.send(file);
+      });
+
+      const finalizeRes = await fetch("/api/uploads/finalize", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          carbetId,
+          s3Key: presign.s3Key,
+          s3Url: presign.publicUrl,
+          mime: file.type,
+        }),
+      });
+      const finalize = await finalizeRes.json();
+      if (!finalizeRes.ok) throw new Error(finalize?.error || "finalize refusé");
+      setItems((prev) => [...prev, finalize.media]);
+      setUploads((u) => u.map((x) => (x.tempId === tempId ? { ...x, progress: 100, done: true } : x)));
+      // Cleanup après 2s
+      setTimeout(() => {
+        setUploads((u) => u.filter((x) => x.tempId !== tempId));
+      }, 2000);
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      setUploads((u) => u.map((x) => (x.tempId === tempId ? { ...x, error: msg } : x)));
+    }
+  }, [carbetId]);
+
+  const popQueueRef = useRef<() => void>(() => {});
+  const popQueue = useCallback(() => {
+    while (activeRef.current < MAX_PARALLEL && queueRef.current.length > 0) {
+      const file = queueRef.current.shift()!;
+      activeRef.current++;
+      processFile(file).finally(() => {
+        activeRef.current--;
+        popQueueRef.current();
+      });
+    }
+  }, [processFile]);
+  useEffect(() => {
+    popQueueRef.current = popQueue;
+  }, [popQueue]);
+
+  function addFiles(files: FileList | File[]) {
+    const arr = Array.from(files);
+    queueRef.current.push(...arr);
+    popQueue();
+  }
+
+  function onChange(e: React.ChangeEvent<HTMLInputElement>) {
+    if (e.target.files) addFiles(e.target.files);
+    if (fileInput.current) fileInput.current.value = "";
+  }
+
+  function onDrop(e: React.DragEvent<HTMLDivElement>) {
+    e.preventDefault();
+    setDragging(false);
+    if (e.dataTransfer.files) addFiles(e.dataTransfer.files);
+  }
+
+  // Permet le coller depuis presse-papier
+  useEffect(() => {
+    function onPaste(e: ClipboardEvent) {
+      if (!e.clipboardData?.files?.length) return;
+      addFiles(e.clipboardData.files);
+    }
+    window.addEventListener("paste", onPaste);
+    return () => window.removeEventListener("paste", onPaste);
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, []);
+
+  return (
+    <div className="space-y-3">
+      <div
+        onDragOver={(e) => {
+          e.preventDefault();
+          setDragging(true);
+        }}
+        onDragLeave={() => setDragging(false)}
+        onDrop={onDrop}
+        className={
+          "rounded-lg border-2 border-dashed p-4 text-center transition " +
+          (dragging
+            ? "border-emerald-500 bg-emerald-50"
+            : "border-zinc-300 bg-zinc-50 hover:border-zinc-400")
+        }
+      >
+        <label htmlFor={inputId} className="block cursor-pointer">
+          <div className="text-sm text-zinc-700">
+            <strong>Déposez vos photos ou vidéos</strong> ici, ou cliquez pour parcourir
+          </div>
+          <div className="mt-1 text-xs text-zinc-500">
+            JPG / PNG / WebP / AVIF (max 10 Mo) · MP4 / MOV / WebM (max 200 Mo) · plusieurs fichiers OK
+          </div>
+        </label>
+        <input
+          id={inputId}
+          ref={fileInput}
+          type="file"
+          accept="image/jpeg,image/png,image/webp,image/avif,video/mp4,video/quicktime,video/webm"
+          multiple
+          capture="environment"
+          onChange={onChange}
+          className="sr-only"
+        />
+      </div>
+
+      {uploads.length > 0 ? (
+        <ul className="space-y-1.5">
+          {uploads.map((u) => (
+            <li key={u.tempId} className="rounded border border-zinc-200 bg-white px-3 py-2 text-xs">
+              <div className="flex items-center justify-between">
+                <span className="truncate font-medium text-zinc-700">{u.name}</span>
+                <span className="ml-2 text-zinc-500">
+                  {u.error
+                    ? "❌"
+                    : u.done
+                      ? "✓"
+                      : `${Math.round(u.sizeBytes / 1000)} ko · ${u.progress}%`}
+                </span>
+              </div>
+              <div className="mt-1 h-1 overflow-hidden rounded-full bg-zinc-200">
+                <div
+                  className={
+                    "h-full transition-all " +
+                    (u.error ? "bg-rose-500" : u.done ? "bg-emerald-500" : "bg-emerald-600")
+                  }
+                  style={{ width: `${u.progress}%` }}
+                />
+              </div>
+              {u.error ? <div className="mt-1 text-rose-700">{u.error}</div> : null}
+            </li>
+          ))}
+        </ul>
+      ) : null}
+
+      {items.length > 0 ? (
+        <DndContext sensors={sensors} collisionDetection={closestCenter} onDragEnd={onDragEnd}>
+          <SortableContext items={allIds} strategy={rectSortingStrategy}>
+            <div className="grid grid-cols-2 gap-2 sm:grid-cols-3 md:grid-cols-4">
+              {items.map((item, idx) => (
+                <SortableTile
+                  key={item.id}
+                  item={item}
+                  isCover={idx === 0}
+                  onSetCover={() => setCover(item.id)}
+                  onDelete={() => removeItem(item.id)}
+                />
+              ))}
+            </div>
+          </SortableContext>
+        </DndContext>
+      ) : (
+        <p className="rounded border border-dashed border-zinc-200 px-3 py-6 text-center text-xs text-zinc-500">
+          Pas encore de média. Ajoutez votre premier ci-dessus.
+        </p>
+      )}
+
+      <p className="text-[11px] text-zinc-500">
+        Glissez-déposez pour réordonner · Étoile = cover (image principale sur le catalogue)
+      </p>
+    </div>
+  );
+}
+
+function SortableTile({
+  item,
+  isCover,
+  onSetCover,
+  onDelete,
+}: {
+  item: MediaItem;
+  isCover: boolean;
+  onSetCover: () => void;
+  onDelete: () => void;
+}) {
+  const { attributes, listeners, setNodeRef, transform, transition, isDragging } = useSortable({
+    id: item.id,
+  });
+  const style = {
+    transform: CSS.Transform.toString(transform),
+    transition,
+    opacity: isDragging ? 0.5 : 1,
+  };
+  return (
+    <div
+      ref={setNodeRef}
+      style={style}
+      className={
+        "group relative overflow-hidden rounded-md border bg-zinc-100 " +
+        (isCover ? "border-emerald-500 ring-2 ring-emerald-300" : "border-zinc-200")
+      }
+    >
+      <div {...attributes} {...listeners} className="aspect-square w-full cursor-grab touch-none active:cursor-grabbing">
+        {item.type === "VIDEO" ? (
+          <video
+            src={item.s3Url}
+            preload="metadata"
+            muted
+            playsInline
+            className="h-full w-full bg-black object-cover"
+          />
+        ) : (
+          // eslint-disable-next-line @next/next/no-img-element
+          <img
+            src={item.s3Url}
+            alt=""
+            loading="lazy"
+            draggable={false}
+            className="h-full w-full object-cover"
+          />
+        )}
+      </div>
+      {isCover ? (
+        <span className="absolute left-1 top-1 rounded bg-emerald-600 px-1.5 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-white">
+          Cover
+        </span>
+      ) : null}
+      <span className="pointer-events-none absolute right-1 top-1 rounded bg-black/60 px-1 py-0.5 text-[9px] font-semibold uppercase tracking-wider text-white">
+        {item.type}
+      </span>
+      <div className="absolute inset-x-0 bottom-0 flex justify-end gap-1 bg-gradient-to-t from-black/70 to-transparent p-1.5 opacity-0 transition group-hover:opacity-100 group-focus-within:opacity-100">
+        {!isCover ? (
+          <button
+            type="button"
+            onClick={onSetCover}
+            className="rounded bg-white/90 px-2 py-0.5 text-[10px] font-semibold text-zinc-900 hover:bg-white"
+            title="Définir comme cover"
+          >
+            ★ Cover
+          </button>
+        ) : null}
+        <button
+          type="button"
+          onClick={onDelete}
+          className="rounded bg-rose-600 px-2 py-0.5 text-[10px] font-semibold text-white hover:bg-rose-700"
+          title="Supprimer"
+        >
+          ✕
+        </button>
+      </div>
+    </div>
+  );
+}
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
index 96d9836..08ffe77 100644
--- a/src/components/SiteHeader.tsx
+++ b/src/components/SiteHeader.tsx
@@ -27,20 +27,23 @@ export async function SiteHeader() {
         </Link>
 
         <nav className="hidden items-center gap-5 text-sm text-zinc-700 sm:flex">
+          <Link href="/decouvrir" className="hover:text-zinc-900">
+            Au fil de l&apos;eau
+          </Link>
           <Link href="/carbets" className="hover:text-zinc-900">
-            Carbets
+            Catalogue
           </Link>
           <Link href="/comment-ca-marche" className="hover:text-zinc-900">
             Comment ça marche
           </Link>
-          <Link href="/pour-comites-entreprise" className="hover:text-zinc-900">
-            Comités d&apos;entreprise
-          </Link>
         </nav>
 
         <div className="flex items-center gap-3 text-sm">
           {u ? (
             <>
+              <Link href="/mes-favoris" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
+                Favoris
+              </Link>
               <Link href="/mes-reservations" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                 Mes réservations
               </Link>
diff --git a/src/lib/reels.ts b/src/lib/reels.ts
new file mode 100644
index 0000000..6ac0033
--- /dev/null
+++ b/src/lib/reels.ts
@@ -0,0 +1,127 @@
+import "server-only";
+
+import { CarbetStatus } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export type ReelMedia = {
+  id: string;
+  type: "PHOTO" | "VIDEO";
+  url: string;
+};
+
+export type ReelCarbet = {
+  id: string;
+  slug: string;
+  title: string;
+  river: string;
+  embarkPoint: string;
+  capacity: number;
+  nightlyPrice: string;
+  ownerFirstName: string;
+  averageRating: number | null;
+  reviewCount: number;
+  media: ReelMedia[];
+};
+
+export async function listReelCarbets(opts: { take?: number } = {}): Promise<ReelCarbet[]> {
+  const take = opts.take ?? 30;
+  const rows = await prisma.carbet.findMany({
+    where: {
+      status: CarbetStatus.PUBLISHED,
+      media: { some: {} }, // au moins 1 média
+    },
+    orderBy: [{ lastBookedAt: { sort: "desc", nulls: "last" } }, { updatedAt: "desc" }],
+    take,
+    select: {
+      id: true,
+      slug: true,
+      title: true,
+      river: true,
+      embarkPoint: true,
+      capacity: true,
+      nightlyPrice: true,
+      owner: { select: { firstName: true } },
+      media: {
+        orderBy: { sortOrder: "asc" },
+        select: { id: true, type: true, s3Url: true },
+      },
+      reviews: { select: { rating: true } },
+    },
+  });
+
+  return rows.map((c) => {
+    const ratings = c.reviews.map((r) => r.rating);
+    const avg = ratings.length === 0 ? null : ratings.reduce((a, b) => a + b, 0) / ratings.length;
+    return {
+      id: c.id,
+      slug: c.slug,
+      title: c.title,
+      river: c.river,
+      embarkPoint: c.embarkPoint,
+      capacity: c.capacity,
+      nightlyPrice: c.nightlyPrice.toString(),
+      ownerFirstName: c.owner.firstName,
+      averageRating: avg,
+      reviewCount: ratings.length,
+      media: c.media.map((m) => ({
+        id: m.id,
+        type: m.type as "PHOTO" | "VIDEO",
+        url: m.s3Url,
+      })),
+    };
+  });
+}
+
+export async function listFavoriteCarbets(userId: string): Promise<ReelCarbet[]> {
+  const favs = await prisma.favorite.findMany({
+    where: { userId },
+    select: { carbetId: true },
+    orderBy: { createdAt: "desc" },
+  });
+  if (favs.length === 0) return [];
+  const ids = favs.map((f) => f.carbetId);
+  const rows = await prisma.carbet.findMany({
+    where: { id: { in: ids }, status: CarbetStatus.PUBLISHED },
+    select: {
+      id: true,
+      slug: true,
+      title: true,
+      river: true,
+      embarkPoint: true,
+      capacity: true,
+      nightlyPrice: true,
+      owner: { select: { firstName: true } },
+      media: {
+        orderBy: { sortOrder: "asc" },
+        select: { id: true, type: true, s3Url: true },
+      },
+      reviews: { select: { rating: true } },
+    },
+  });
+  // Respecter l'ordre des favoris (le plus récent en premier)
+  const byId = new Map(rows.map((r) => [r.id, r]));
+  return ids
+    .map((id) => byId.get(id))
+    .filter((r): r is NonNullable<typeof r> => Boolean(r))
+    .map((c) => {
+      const ratings = c.reviews.map((r) => r.rating);
+      const avg = ratings.length === 0 ? null : ratings.reduce((a, b) => a + b, 0) / ratings.length;
+      return {
+        id: c.id,
+        slug: c.slug,
+        title: c.title,
+        river: c.river,
+        embarkPoint: c.embarkPoint,
+        capacity: c.capacity,
+        nightlyPrice: c.nightlyPrice.toString(),
+        ownerFirstName: c.owner.firstName,
+        averageRating: avg,
+        reviewCount: ratings.length,
+        media: c.media.map((m) => ({
+          id: m.id,
+          type: m.type as "PHOTO" | "VIDEO",
+          url: m.s3Url,
+        })),
+      };
+    });
+}
diff --git a/src/lib/uploads.ts b/src/lib/uploads.ts
new file mode 100644
index 0000000..708504a
--- /dev/null
+++ b/src/lib/uploads.ts
@@ -0,0 +1,104 @@
+import "server-only";
+
+import crypto from "node:crypto";
+import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+
+const ENDPOINT = process.env.S3_ENDPOINT ?? "";
+const PUBLIC_BASE = process.env.S3_PUBLIC_URL ?? "";
+const BUCKET = process.env.S3_BUCKET ?? "";
+const REGION = process.env.S3_REGION ?? "us-east-1";
+const ACCESS_KEY = process.env.MINIO_ROOT_USER ?? process.env.S3_ACCESS_KEY ?? "";
+const SECRET_KEY = process.env.MINIO_ROOT_PASSWORD ?? process.env.S3_SECRET_KEY ?? "";
+
+const PUBLIC_BASE_EXTERNAL =
+  process.env.S3_PUBLIC_URL_EXTERNAL ?? PUBLIC_BASE;
+const ENDPOINT_EXTERNAL = process.env.S3_ENDPOINT_EXTERNAL ?? ENDPOINT;
+
+const s3Internal = new S3Client({
+  endpoint: ENDPOINT,
+  region: REGION,
+  forcePathStyle: (process.env.S3_FORCE_PATH_STYLE ?? "false") === "true",
+  credentials: { accessKeyId: ACCESS_KEY, secretAccessKey: SECRET_KEY },
+});
+
+const s3Presign = new S3Client({
+  endpoint: ENDPOINT_EXTERNAL,
+  region: REGION,
+  forcePathStyle: (process.env.S3_FORCE_PATH_STYLE ?? "false") === "true",
+  credentials: { accessKeyId: ACCESS_KEY, secretAccessKey: SECRET_KEY },
+});
+
+export type PresignResult = {
+  s3Key: string;
+  uploadUrl: string;
+  publicUrl: string;
+  expiresIn: number;
+};
+
+const ALLOWED_PHOTO_MIMES = new Set(["image/jpeg", "image/png", "image/webp", "image/avif"]);
+const ALLOWED_VIDEO_MIMES = new Set(["video/mp4", "video/quicktime", "video/webm"]);
+
+export type UploadKind = "photo" | "video";
+
+export function classifyMime(mime: string): UploadKind | null {
+  if (ALLOWED_PHOTO_MIMES.has(mime)) return "photo";
+  if (ALLOWED_VIDEO_MIMES.has(mime)) return "video";
+  return null;
+}
+
+const MAX_PHOTO = 10 * 1024 * 1024;
+const MAX_VIDEO = 200 * 1024 * 1024;
+
+export function maxBytesFor(kind: UploadKind): number {
+  return kind === "photo" ? MAX_PHOTO : MAX_VIDEO;
+}
+
+export function extensionFor(mime: string): string {
+  switch (mime) {
+    case "image/jpeg":
+      return "jpg";
+    case "image/png":
+      return "png";
+    case "image/webp":
+      return "webp";
+    case "image/avif":
+      return "avif";
+    case "video/mp4":
+      return "mp4";
+    case "video/quicktime":
+      return "mov";
+    case "video/webm":
+      return "webm";
+    default:
+      return "bin";
+  }
+}
+
+export async function presignCarbetUpload(opts: {
+  carbetId: string;
+  mime: string;
+  sizeBytes: number;
+}): Promise<PresignResult | { error: string }> {
+  const kind = classifyMime(opts.mime);
+  if (!kind) return { error: `Type non supporté : ${opts.mime}` };
+  const max = maxBytesFor(kind);
+  if (opts.sizeBytes > max) {
+    return { error: `Fichier trop volumineux (${Math.round(opts.sizeBytes / 1_000_000)} Mo, max ${Math.round(max / 1_000_000)} Mo).` };
+  }
+  const id = crypto.randomBytes(12).toString("hex");
+  const ext = extensionFor(opts.mime);
+  const s3Key = `carbets/${opts.carbetId}/${Date.now()}-${id}.${ext}`;
+
+  const cmd = new PutObjectCommand({
+    Bucket: BUCKET,
+    Key: s3Key,
+    ContentType: opts.mime,
+  });
+  const uploadUrl = await getSignedUrl(s3Presign, cmd, { expiresIn: 600 });
+  const publicUrl = `${PUBLIC_BASE_EXTERNAL.replace(/\/$/, "")}/${s3Key}`;
+  return { s3Key, uploadUrl, publicUrl, expiresIn: 600 };
+}
+
+export { s3Internal };
+export { BUCKET as UPLOAD_BUCKET };

From 701a1f02bd2576fa0081c2b2267cb74073ba4337 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 00:52:57 +0000
Subject: [PATCH 21/47] =?UTF-8?q?feat:=20Reels=20plein=20=C3=A9cran=20mobi?=
 =?UTF-8?q?le=20+=20MediaUploader=20dans=20l'admin?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/admin/carbets/[id]/page.tsx           | 27 +++++++++++--------
 src/app/decouvrir/_components/ReelsViewer.tsx | 25 ++++++++++++++---
 src/components/SiteHeaderGuard.tsx            |  2 ++
 3 files changed, 40 insertions(+), 14 deletions(-)

diff --git a/src/app/admin/carbets/[id]/page.tsx b/src/app/admin/carbets/[id]/page.tsx
index 02c0d80..7799bef 100644
--- a/src/app/admin/carbets/[id]/page.tsx
+++ b/src/app/admin/carbets/[id]/page.tsx
@@ -7,7 +7,7 @@ import {
 } from "@/lib/admin/carbets";
 import { CarbetForm } from "../_components/CarbetForm";
 import { StatusBadge } from "@/components/admin/StatusBadge";
-import { MediaManager } from "./_components/MediaManager";
+import { MediaUploader } from "@/components/MediaUploader";
 import { StatusActions } from "./_components/StatusActions";
 import { updateCarbetAction } from "../actions";
 
@@ -61,16 +61,21 @@ export default async function EditCarbetPage({ params }: PageProps) {
         </div>
       </header>
 
-      <MediaManager
-        carbetId={carbet.id}
-        media={carbet.media.map((m) => ({
-          id: m.id,
-          type: m.type,
-          s3Key: m.s3Key,
-          s3Url: m.s3Url,
-          sortOrder: m.sortOrder,
-        }))}
-      />
+      <section className="mb-6 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Médias
+        </h2>
+        <MediaUploader
+          carbetId={carbet.id}
+          initialMedia={carbet.media.map((m) => ({
+            id: m.id,
+            type: m.type,
+            s3Key: m.s3Key,
+            s3Url: m.s3Url,
+            sortOrder: m.sortOrder,
+          }))}
+        />
+      </section>
 
       <CarbetForm
         owners={owners}
diff --git a/src/app/decouvrir/_components/ReelsViewer.tsx b/src/app/decouvrir/_components/ReelsViewer.tsx
index e7f925c..aec37ce 100644
--- a/src/app/decouvrir/_components/ReelsViewer.tsx
+++ b/src/app/decouvrir/_components/ReelsViewer.tsx
@@ -96,20 +96,39 @@ export function ReelsViewer({ carbets, initialFavoriteIds, isAuthenticated }: Pr
   );
 
   return (
-    <div className="fixed inset-x-0 bottom-0 top-12 z-10 bg-black">
+    <div
+      className="fixed inset-0 z-10 bg-black"
+      style={{
+        // 100dvh sur navigateurs récents pour éviter le saut quand la barre d'URL mobile se masque
+        height: "100dvh",
+      }}
+    >
       {/* Bouton retour catalogue */}
       <Link
         href="/carbets"
-        className="absolute right-3 top-3 z-20 rounded-full bg-white/10 px-3 py-1.5 text-xs font-semibold text-white backdrop-blur hover:bg-white/20"
+        className="absolute right-3 z-20 rounded-full bg-white/10 px-3 py-1.5 text-xs font-semibold text-white backdrop-blur hover:bg-white/20"
+        style={{ top: "max(0.75rem, env(safe-area-inset-top, 0px))" }}
       >
         ← Catalogue
       </Link>
 
       {/* Compteur */}
-      <div className="absolute left-3 top-3 z-20 rounded-full bg-white/10 px-3 py-1.5 text-xs font-semibold text-white backdrop-blur">
+      <div
+        className="absolute left-3 z-20 rounded-full bg-white/10 px-3 py-1.5 text-xs font-semibold text-white backdrop-blur"
+        style={{ top: "max(0.75rem, env(safe-area-inset-top, 0px))" }}
+      >
         {activeIndex + 1} / {carbets.length}
       </div>
 
+      {/* Logo Karbé en surimpression haut centre */}
+      <Link
+        href="/accueil"
+        className="absolute left-1/2 z-20 -translate-x-1/2 text-sm font-semibold text-white/90 hover:text-white"
+        style={{ top: "max(1rem, env(safe-area-inset-top, 0px))" }}
+      >
+        Karbé
+      </Link>
+
       <div
         ref={containerRef}
         className="h-full snap-y snap-mandatory overflow-y-scroll overscroll-contain"
diff --git a/src/components/SiteHeaderGuard.tsx b/src/components/SiteHeaderGuard.tsx
index 6a1eddb..b1530d1 100644
--- a/src/components/SiteHeaderGuard.tsx
+++ b/src/components/SiteHeaderGuard.tsx
@@ -21,6 +21,8 @@ export async function SiteHeaderGuard() {
 
   if (pathname.startsWith("/admin")) return null;
   if (pathname === "/connexion" || pathname === "/inscription") return null;
+  // Mode immersif : on cache le header pour donner 100dvh aux Reels
+  if (pathname === "/decouvrir" || pathname.startsWith("/decouvrir/")) return null;
 
   return <SiteHeader />;
 }

From e2d3b6a686094795d349e93026decec7d8806bea Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 01:05:25 +0000
Subject: [PATCH 22/47] feat: variantes responsives 320/800/1600 via sharp +
 srcset partout (Reels, cards, galerie, favoris)

---
 package-lock.json                             |   5 +-
 package.json                                  |   1 +
 src/app/api/uploads/finalize/route.ts         |  23 ++++
 src/app/carbets/_components/carbet-card.tsx   |   6 +-
 .../carbets/_components/carbet-gallery.tsx    |  12 ++
 src/app/decouvrir/_components/ReelSlide.tsx   |   5 +
 src/app/mes-favoris/page.tsx                  |   5 +
 src/components/ResponsiveImage.tsx            |  56 ++++++++
 src/lib/image-variants.ts                     |  41 ++++++
 src/lib/variants-server.ts                    | 126 ++++++++++++++++++
 tests/lib/image-variants.test.ts              |  38 ++++++
 11 files changed, 312 insertions(+), 6 deletions(-)
 create mode 100644 src/components/ResponsiveImage.tsx
 create mode 100644 src/lib/image-variants.ts
 create mode 100644 src/lib/variants-server.ts
 create mode 100644 tests/lib/image-variants.test.ts

diff --git a/package-lock.json b/package-lock.json
index 9dcbdb0..7d8475d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -26,6 +26,7 @@
         "react-dom": "19.2.4",
         "react-leaflet": "^5.0.0",
         "resend": "^4.8.0",
+        "sharp": "^0.34.5",
         "stripe": "^18.3.0"
       },
       "devDependencies": {
@@ -1646,7 +1647,6 @@
       "resolved": "https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz",
       "integrity": "sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ==",
       "license": "MIT",
-      "optional": true,
       "engines": {
         "node": ">=18"
       }
@@ -5398,7 +5398,6 @@
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
       "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
-      "devOptional": true,
       "license": "Apache-2.0",
       "engines": {
         "node": ">=8"
@@ -9574,7 +9573,6 @@
       "integrity": "sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==",
       "hasInstallScript": true,
       "license": "Apache-2.0",
-      "optional": true,
       "dependencies": {
         "@img/colour": "^1.0.0",
         "detect-libc": "^2.1.2",
@@ -9618,7 +9616,6 @@
       "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz",
       "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==",
       "license": "ISC",
-      "optional": true,
       "bin": {
         "semver": "bin/semver.js"
       },
diff --git a/package.json b/package.json
index 5bb9e15..e0a10f1 100644
--- a/package.json
+++ b/package.json
@@ -30,6 +30,7 @@
     "react-dom": "19.2.4",
     "react-leaflet": "^5.0.0",
     "resend": "^4.8.0",
+    "sharp": "^0.34.5",
     "stripe": "^18.3.0"
   },
   "devDependencies": {
diff --git a/src/app/api/uploads/finalize/route.ts b/src/app/api/uploads/finalize/route.ts
index 91fd2cd..c9f7cd8 100644
--- a/src/app/api/uploads/finalize/route.ts
+++ b/src/app/api/uploads/finalize/route.ts
@@ -6,6 +6,7 @@ import { MediaType, UserRole } from "@/generated/prisma/enums";
 import { prisma } from "@/lib/prisma";
 import { classifyMime } from "@/lib/uploads";
 import { recordAudit } from "@/lib/admin/audit";
+import { generateImageVariants } from "@/lib/variants-server";
 
 export const runtime = "nodejs";
 
@@ -62,5 +63,27 @@ export async function POST(req: Request) {
     actorEmail: session.user.email ?? null,
     details: { carbetId: carbet.id, kind },
   });
+
+  // Génération des variantes responsives (best-effort, n'échoue pas la requête).
+  // L'utilisateur attend quelques secondes mais l'expérience derrière est bien meilleure.
+  try {
+    const variants = await generateImageVariants({
+      originalS3Key: parsed.data.s3Key,
+      mime: parsed.data.mime,
+    });
+    if (!variants.skipped) {
+      const okCount = variants.results.filter((r) => r.ok).length;
+      await recordAudit({
+        scope: "uploads",
+        event: "media.variants",
+        target: media.id,
+        actorEmail: session.user.email ?? null,
+        details: { generated: okCount, total: variants.results.length },
+      });
+    }
+  } catch (e) {
+    console.error("[uploads] variants generation error:", e);
+  }
+
   return NextResponse.json({ media });
 }
diff --git a/src/app/carbets/_components/carbet-card.tsx b/src/app/carbets/_components/carbet-card.tsx
index 9a6a53b..c11003a 100644
--- a/src/app/carbets/_components/carbet-card.tsx
+++ b/src/app/carbets/_components/carbet-card.tsx
@@ -3,6 +3,7 @@ import Link from "next/link";
 import type { CarbetSearchResult } from "@/lib/carbet-search";
 import { formatPirogueDuration, truncate } from "@/lib/format";
 import { formatAverageRating } from "@/lib/reviews";
+import { buildSrcSet } from "@/lib/image-variants";
 import { AccessTypeBadge } from "@/components/AccessTypeBadge";
 import { StayConstraints } from "@/components/StayConstraints";
 
@@ -14,13 +15,14 @@ export function CarbetCard({ carbet }: { carbet: CarbetSearchResult }) {
     <article className="group flex flex-col overflow-hidden rounded-lg border border-zinc-200 bg-white shadow-sm transition hover:border-emerald-300 hover:shadow-md">
       <Link href={href} className="relative block aspect-[4/3] bg-zinc-100">
         {carbet.coverUrl ? (
-          // Use a plain <img> here — uploaded media URLs come from MinIO/S3 and
-          // don't go through next/image's optimizer in this environment.
           // eslint-disable-next-line @next/next/no-img-element
           <img
             src={carbet.coverUrl}
+            srcSet={buildSrcSet(carbet.coverUrl)}
+            sizes="(min-width: 1024px) 320px, (min-width: 640px) 50vw, 100vw"
             alt={`Photo de ${carbet.title}`}
             loading="lazy"
+            decoding="async"
             className="h-full w-full object-cover transition group-hover:scale-[1.02]"
           />
         ) : (
diff --git a/src/app/carbets/_components/carbet-gallery.tsx b/src/app/carbets/_components/carbet-gallery.tsx
index a5c7ca1..4122a35 100644
--- a/src/app/carbets/_components/carbet-gallery.tsx
+++ b/src/app/carbets/_components/carbet-gallery.tsx
@@ -4,6 +4,7 @@ import { useCallback, useEffect, useState } from "react";
 
 import type { PublicCarbetMedia } from "@/lib/carbet-public";
 import { MediaType } from "@/generated/prisma/enums";
+import { buildSrcSet } from "@/lib/image-variants";
 
 type Props = {
   title: string;
@@ -73,7 +74,11 @@ export function CarbetGallery({ title, media }: Props) {
             // eslint-disable-next-line @next/next/no-img-element
             <img
               src={cover.url}
+              srcSet={buildSrcSet(cover.url)}
+              sizes="(min-width: 768px) 800px, 100vw"
               alt={`Photo principale de ${title}`}
+              fetchPriority="high"
+              decoding="async"
               className="aspect-[16/9] w-full cursor-zoom-in object-cover"
             />
           )}
@@ -101,8 +106,11 @@ export function CarbetGallery({ title, media }: Props) {
                     // eslint-disable-next-line @next/next/no-img-element
                     <img
                       src={item.url}
+                      srcSet={buildSrcSet(item.url)}
+                      sizes="(min-width: 640px) 200px, 50vw"
                       alt={`Média de ${title}`}
                       loading="lazy"
+                      decoding="async"
                       className="aspect-square w-full cursor-zoom-in object-cover transition hover:scale-105"
                     />
                   )}
@@ -179,7 +187,11 @@ export function CarbetGallery({ title, media }: Props) {
               // eslint-disable-next-line @next/next/no-img-element
               <img
                 src={current.url}
+                srcSet={buildSrcSet(current.url)}
+                sizes="(min-width: 1200px) 1600px, 92vw"
                 alt={`Photo ${active! + 1} sur ${media.length} de ${title}`}
+                fetchPriority="high"
+                decoding="async"
                 className="max-h-[88vh] max-w-[92vw] object-contain"
               />
             )}
diff --git a/src/app/decouvrir/_components/ReelSlide.tsx b/src/app/decouvrir/_components/ReelSlide.tsx
index 26e3809..a8476f4 100644
--- a/src/app/decouvrir/_components/ReelSlide.tsx
+++ b/src/app/decouvrir/_components/ReelSlide.tsx
@@ -4,6 +4,7 @@ import { useCallback, useEffect, useRef, useState } from "react";
 import Link from "next/link";
 
 import type { ReelCarbet } from "@/lib/reels";
+import { buildSrcSet } from "@/lib/image-variants";
 
 type Props = {
   carbet: ReelCarbet;
@@ -115,9 +116,13 @@ export function ReelSlide({ carbet, isActive, shouldPreload, isFavorite, onToggl
           // eslint-disable-next-line @next/next/no-img-element
           <img
             src={shouldPreload ? current.url : undefined}
+            srcSet={shouldPreload ? buildSrcSet(current.url) : undefined}
+            sizes="(min-width: 768px) 800px, 100vw"
             data-src={current.url}
             alt={`${carbet.title} — média ${mediaIndex + 1}`}
             loading={shouldPreload ? "eager" : "lazy"}
+            fetchPriority={shouldPreload ? "high" : "auto"}
+            decoding="async"
             className="h-full w-full object-cover"
           />
         )}
diff --git a/src/app/mes-favoris/page.tsx b/src/app/mes-favoris/page.tsx
index 6ec4097..5887400 100644
--- a/src/app/mes-favoris/page.tsx
+++ b/src/app/mes-favoris/page.tsx
@@ -3,6 +3,7 @@ import Link from "next/link";
 
 import { auth } from "@/auth";
 import { listFavoriteCarbets } from "@/lib/reels";
+import { buildSrcSet } from "@/lib/image-variants";
 
 export const dynamic = "force-dynamic";
 
@@ -41,7 +42,11 @@ export default async function MyFavoritesPage() {
                   // eslint-disable-next-line @next/next/no-img-element
                   <img
                     src={c.media[0].url}
+                    srcSet={buildSrcSet(c.media[0].url)}
+                    sizes="(min-width: 1024px) 320px, (min-width: 640px) 50vw, 100vw"
                     alt={c.title}
+                    loading="lazy"
+                    decoding="async"
                     className="aspect-video w-full object-cover"
                   />
                 ) : (
diff --git a/src/components/ResponsiveImage.tsx b/src/components/ResponsiveImage.tsx
new file mode 100644
index 0000000..61bfaa6
--- /dev/null
+++ b/src/components/ResponsiveImage.tsx
@@ -0,0 +1,56 @@
+/**
+ * <img> avec srcset/sizes pré-rempli sur les variantes Karbé.
+ * Drop-in remplacement pour les balises `<img src=… />` côté front.
+ */
+
+import { buildSrcSet } from "@/lib/image-variants";
+
+type Props = {
+  src: string;
+  alt: string;
+  /** Indication CSS pour le browser. Ex: "(min-width: 768px) 800px, 100vw" */
+  sizes?: string;
+  className?: string;
+  loading?: "lazy" | "eager";
+  fetchPriority?: "high" | "low" | "auto";
+  width?: number;
+  height?: number;
+  decoding?: "async" | "sync" | "auto";
+  draggable?: boolean;
+  style?: React.CSSProperties;
+  onClick?: () => void;
+};
+
+export function ResponsiveImage({
+  src,
+  alt,
+  sizes = "(min-width: 768px) 800px, 100vw",
+  className,
+  loading = "lazy",
+  fetchPriority = "auto",
+  width,
+  height,
+  decoding = "async",
+  draggable,
+  style,
+  onClick,
+}: Props) {
+  return (
+    // eslint-disable-next-line @next/next/no-img-element
+    <img
+      src={src}
+      srcSet={buildSrcSet(src)}
+      sizes={sizes}
+      alt={alt}
+      loading={loading}
+      fetchPriority={fetchPriority}
+      decoding={decoding}
+      width={width}
+      height={height}
+      draggable={draggable}
+      style={style}
+      className={className}
+      onClick={onClick}
+    />
+  );
+}
diff --git a/src/lib/image-variants.ts b/src/lib/image-variants.ts
new file mode 100644
index 0000000..5d0e22a
--- /dev/null
+++ b/src/lib/image-variants.ts
@@ -0,0 +1,41 @@
+/**
+ * Variantes responsive : génération + URL helpers.
+ *
+ * Convention de nommage : <s3Key>.jpg -> <s3Key>-320.jpg, -800.jpg, -1600.jpg.
+ * Le format est forcé à JPEG pour les variantes (compression efficace,
+ * supporté partout). L'original reste tel quel (PNG/WebP/AVIF préservés).
+ *
+ * Helper côté client : variantUrl(originalUrl, width) → URL de la variante.
+ * Le browser fait le fallback automatiquement via srcset si la variante 404.
+ */
+
+export const VARIANT_WIDTHS = [320, 800, 1600] as const;
+export type VariantWidth = (typeof VARIANT_WIDTHS)[number];
+
+/** Calcule l'URL d'une variante depuis l'URL originale. */
+export function variantUrl(originalUrl: string, width: VariantWidth): string {
+  const lastDot = originalUrl.lastIndexOf(".");
+  if (lastDot === -1) return originalUrl;
+  const base = originalUrl.slice(0, lastDot);
+  return `${base}-${width}.jpg`;
+}
+
+/** Calcule la s3Key d'une variante depuis la s3Key originale. */
+export function variantS3Key(originalKey: string, width: VariantWidth): string {
+  const lastDot = originalKey.lastIndexOf(".");
+  if (lastDot === -1) return originalKey;
+  const base = originalKey.slice(0, lastDot);
+  return `${base}-${width}.jpg`;
+}
+
+/**
+ * srcSet attribut pour un `<img>`. Le browser pick la meilleure variante
+ * selon viewport+DPR. Si une variante 404, srcset fallback en cascade ;
+ * on ajoute toujours l'original comme dernière entrée pour garantir
+ * qu'au moins UNE source fonctionne.
+ */
+export function buildSrcSet(originalUrl: string): string {
+  return VARIANT_WIDTHS.map((w) => `${variantUrl(originalUrl, w)} ${w}w`)
+    .concat([`${originalUrl} 2000w`])
+    .join(", ");
+}
diff --git a/src/lib/variants-server.ts b/src/lib/variants-server.ts
new file mode 100644
index 0000000..06f3177
--- /dev/null
+++ b/src/lib/variants-server.ts
@@ -0,0 +1,126 @@
+/**
+ * Génération de variantes responsive côté serveur (Node).
+ *
+ * - Télécharge l'original depuis MinIO via l'endpoint interne.
+ * - sharp → 3 variantes (320 / 800 / 1600 px de large max, JPEG quality 80).
+ * - Upload chaque variante avec naming convention <base>-<w>.jpg.
+ * - Skippe vidéos (sharp ne les traite pas).
+ *
+ * Best-effort : si une variante échoue, on log et on continue. L'original
+ * fonctionne toujours côté front grâce au srcset fallback.
+ */
+
+import "server-only";
+
+import { S3Client, PutObjectCommand, GetObjectCommand } from "@aws-sdk/client-s3";
+import type { Readable } from "node:stream";
+
+import { VARIANT_WIDTHS, variantS3Key, type VariantWidth } from "./image-variants";
+
+const ENDPOINT = process.env.S3_ENDPOINT ?? "";
+const BUCKET = process.env.S3_BUCKET ?? "";
+const REGION = process.env.S3_REGION ?? "us-east-1";
+const ACCESS_KEY = process.env.MINIO_ROOT_USER ?? process.env.S3_ACCESS_KEY ?? "";
+const SECRET_KEY = process.env.MINIO_ROOT_PASSWORD ?? process.env.S3_SECRET_KEY ?? "";
+
+const s3 = new S3Client({
+  endpoint: ENDPOINT,
+  region: REGION,
+  forcePathStyle: (process.env.S3_FORCE_PATH_STYLE ?? "false") === "true",
+  credentials: { accessKeyId: ACCESS_KEY, secretAccessKey: SECRET_KEY },
+});
+
+async function streamToBuffer(stream: Readable | ReadableStream<Uint8Array>): Promise<Buffer> {
+  if ("getReader" in stream) {
+    const reader = stream.getReader();
+    const chunks: Uint8Array[] = [];
+    while (true) {
+      const { value, done } = await reader.read();
+      if (done) break;
+      if (value) chunks.push(value);
+    }
+    return Buffer.concat(chunks);
+  }
+  const chunks: Buffer[] = [];
+  for await (const c of stream as Readable) chunks.push(c as Buffer);
+  return Buffer.concat(chunks);
+}
+
+export type VariantResult = {
+  width: VariantWidth;
+  s3Key: string;
+  ok: boolean;
+  reason?: string;
+};
+
+/**
+ * Génère les 3 variantes responsives pour une image originale.
+ * Skip silencieusement si mime === video/*.
+ */
+export async function generateImageVariants(opts: {
+  originalS3Key: string;
+  mime: string;
+}): Promise<{ skipped: boolean; results: VariantResult[] }> {
+  if (opts.mime.startsWith("video/")) {
+    return { skipped: true, results: [] };
+  }
+
+  let sharp: (input: Buffer) => import("sharp").Sharp;
+  try {
+    const mod = await import("sharp");
+    sharp = (mod as unknown as { default: (input: Buffer) => import("sharp").Sharp }).default;
+  } catch {
+    return { skipped: true, results: [] };
+  }
+
+  // 1. Download original
+  let originalBuffer: Buffer;
+  try {
+    const get = await s3.send(new GetObjectCommand({ Bucket: BUCKET, Key: opts.originalS3Key }));
+    if (!get.Body) throw new Error("Empty body");
+    originalBuffer = await streamToBuffer(get.Body as Readable);
+  } catch (e) {
+    return {
+      skipped: false,
+      results: VARIANT_WIDTHS.map((w) => ({
+        width: w,
+        s3Key: variantS3Key(opts.originalS3Key, w),
+        ok: false,
+        reason: e instanceof Error ? e.message : "download failed",
+      })),
+    };
+  }
+
+  // 2. Variantes en parallèle
+  const results = await Promise.all(
+    VARIANT_WIDTHS.map(async (w): Promise<VariantResult> => {
+      const targetKey = variantS3Key(opts.originalS3Key, w);
+      try {
+        const buf = await sharp(originalBuffer)
+          .rotate() // respecte l'EXIF orientation
+          .resize({ width: w, withoutEnlargement: true })
+          .jpeg({ quality: 80, progressive: true, mozjpeg: true })
+          .toBuffer();
+        await s3.send(
+          new PutObjectCommand({
+            Bucket: BUCKET,
+            Key: targetKey,
+            Body: buf,
+            ContentType: "image/jpeg",
+            CacheControl: "public, max-age=31536000, immutable",
+          }),
+        );
+        return { width: w, s3Key: targetKey, ok: true };
+      } catch (e) {
+        return {
+          width: w,
+          s3Key: targetKey,
+          ok: false,
+          reason: e instanceof Error ? e.message : "resize/upload failed",
+        };
+      }
+    }),
+  );
+
+  return { skipped: false, results };
+}
diff --git a/tests/lib/image-variants.test.ts b/tests/lib/image-variants.test.ts
new file mode 100644
index 0000000..18fec19
--- /dev/null
+++ b/tests/lib/image-variants.test.ts
@@ -0,0 +1,38 @@
+import { describe, it, expect } from "vitest";
+
+import { VARIANT_WIDTHS, buildSrcSet, variantS3Key, variantUrl } from "@/lib/image-variants";
+
+describe("VARIANT_WIDTHS", () => {
+  it("contient 320, 800, 1600", () => {
+    expect(VARIANT_WIDTHS).toEqual([320, 800, 1600]);
+  });
+});
+
+describe("variantUrl", () => {
+  it("transforme .jpg en -320.jpg", () => {
+    expect(variantUrl("https://x/y/abc.jpg", 320)).toBe("https://x/y/abc-320.jpg");
+  });
+  it("force JPEG sortie même pour PNG/WebP en input", () => {
+    expect(variantUrl("https://x/y/abc.png", 800)).toBe("https://x/y/abc-800.jpg");
+    expect(variantUrl("https://x/y/abc.webp", 1600)).toBe("https://x/y/abc-1600.jpg");
+  });
+  it("renvoie l'original si pas d'extension", () => {
+    expect(variantUrl("https://x/y/abc", 320)).toBe("https://x/y/abc");
+  });
+});
+
+describe("variantS3Key", () => {
+  it("transforme correctement la s3Key", () => {
+    expect(variantS3Key("carbets/foo/123-abc.jpg", 800)).toBe("carbets/foo/123-abc-800.jpg");
+  });
+});
+
+describe("buildSrcSet", () => {
+  it("contient les 3 variantes + fallback original", () => {
+    const set = buildSrcSet("https://x/abc.jpg");
+    expect(set).toContain("abc-320.jpg 320w");
+    expect(set).toContain("abc-800.jpg 800w");
+    expect(set).toContain("abc-1600.jpg 1600w");
+    expect(set).toContain("abc.jpg 2000w");
+  });
+});

From 4fb7c948ad608253f0f78706d37398d6b948e6ec Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 01:27:20 +0000
Subject: [PATCH 23/47] feat(cron): regenerate-variants task pour batch tous
 les Media existants

---
 src/lib/scheduled.ts | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/src/lib/scheduled.ts b/src/lib/scheduled.ts
index f9faee8..d3272f8 100644
--- a/src/lib/scheduled.ts
+++ b/src/lib/scheduled.ts
@@ -5,10 +5,11 @@
 
 import "server-only";
 
-import { BookingStatus } from "@/generated/prisma/enums";
+import { BookingStatus, MediaType } from "@/generated/prisma/enums";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
 import { purgeExpiredResetTokens } from "@/lib/password-reset";
+import { generateImageVariants } from "@/lib/variants-server";
 
 const PENDING_TTL_DAYS = 7;
 
@@ -67,9 +68,44 @@ export async function listUpcomingArrivalsInThreeDays() {
   });
 }
 
+/** Régénère les variantes responsives pour tous les Media PHOTO en base. */
+export async function regenerateAllVariants(): Promise<{ scanned: number; ok: number; skipped: number; failed: number }> {
+  const medias = await prisma.media.findMany({
+    where: { type: MediaType.PHOTO },
+    select: { id: true, s3Key: true },
+  });
+  let ok = 0;
+  let skipped = 0;
+  let failed = 0;
+  for (const m of medias) {
+    const ext = m.s3Key.split(".").pop()?.toLowerCase();
+    if (!ext || !["jpg", "jpeg", "png", "webp", "avif"].includes(ext)) {
+      skipped++;
+      continue;
+    }
+    const mime =
+      ext === "png" ? "image/png" :
+      ext === "webp" ? "image/webp" :
+      ext === "avif" ? "image/avif" :
+      "image/jpeg";
+    const result = await generateImageVariants({ originalS3Key: m.s3Key, mime });
+    if (result.skipped) skipped++;
+    else if (result.results.every((r) => r.ok)) ok++;
+    else failed++;
+  }
+  await recordAudit({
+    scope: "cron",
+    event: "variants.regenerate-all",
+    actorEmail: null,
+    details: { scanned: medias.length, ok, skipped, failed },
+  });
+  return { scanned: medias.length, ok, skipped, failed };
+}
+
 export const SCHEDULED_TASKS = {
   "auto-cancel-stale-pending": autoCancelStalePending,
   "purge-reset-tokens": purgeResetTokens,
+  "regenerate-variants": regenerateAllVariants,
 } as const;
 
 export type ScheduledTaskName = keyof typeof SCHEDULED_TASKS;

From bc158ca144dec17e68949719b4ad8cb7853dc31a Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 01:53:22 +0000
Subject: [PATCH 24/47] =?UTF-8?q?feat(pwa):=20manifest=20+=20ic=C3=B4nes?=
 =?UTF-8?q?=20192/512/maskable=20+=20Apple=20touch=20+=20viewport=20theme-?=
 =?UTF-8?q?color?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 public/icons/apple-touch-icon.png  | Bin 0 -> 1059 bytes
 public/icons/favicon-32.png        | Bin 0 -> 208 bytes
 public/icons/icon-192-maskable.png | Bin 0 -> 1069 bytes
 public/icons/icon-192.png          | Bin 0 -> 1202 bytes
 public/icons/icon-512-maskable.png | Bin 0 -> 3118 bytes
 public/icons/icon-512.png          | Bin 0 -> 3479 bytes
 public/manifest.webmanifest        |  60 +++++++++++++++++++++++++++++
 src/app/layout.tsx                 |  22 +++++++++++
 8 files changed, 82 insertions(+)
 create mode 100644 public/icons/apple-touch-icon.png
 create mode 100644 public/icons/favicon-32.png
 create mode 100644 public/icons/icon-192-maskable.png
 create mode 100644 public/icons/icon-192.png
 create mode 100644 public/icons/icon-512-maskable.png
 create mode 100644 public/icons/icon-512.png
 create mode 100644 public/manifest.webmanifest

diff --git a/public/icons/apple-touch-icon.png b/public/icons/apple-touch-icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..a185b6796551f6bded99d10c48959adfd315c2d7
GIT binary patch
literal 1059
zcmeAS@N?(olHy`uVBq!ia0vp^TR@nD2}o{QKQWbof%%oEi(^Q|oVRzp^KN@cv|jXD
zJbAAbchI+2f&3ghWTU4)n*G%xUG9QI?aywdrN2IY{uuUPX8pT=%qyl_bR2P1;ZrIU
z=xp|oae1U5#6FQqLjUiTKK#D@__q2Vug||v{x2jn8D_)9T=OMoDk`_vosHdTvC269
z*i`vzM*^qMG+OtcN58LYiP5{NEy{gSHoA}Rsn<PPap=2IR)v60-|t$@#ceujk9ORA
zZuIJ8(j&zibF=go&yX?yrLp)BNc?z++tx^*BZbZ1x4S<DF;=Rv9b+$yS@O@i=lzkw
zU8n3Poe?<RxvF;8)(IAVfzKa**m|UJ1K0iexoUlfuY5aHYhNg{U{(GL84sD=S3XbO
zXWWsz*lQnijaK2BZBN?g$W95|vnf7%j#1aijdu>k*Odpm2_6?Z&Cl{;Wsg!{<?3^t
zFV+AVDQ`b2{+$|l<m278;M83@i#r}~&TZ%Y8U<8*L^8y`SMK;T9k2JPQzkyXG1*me
zL61?IjP+)X<SBt}-O2T0sWXgDSrp1la+O@!b16wCdw+X*h}h@wmqFEqKH6VWPx9*|
z{M+T6`E}~wqu!<ol1uMecxmqc_h(<)*<(73O=OR!+?cxC;d7x#?VM#lE$-cyOTXV6
zSFk;LdE4V13f<?g?|SAGn)!ZlPUHvgE5_G0O%)F3`||kt<G0he=l`AdXUYH9&R;Kn
z*k<&8NvKR#{Y$gHqFc=q3V*$@?CZ2Mdu`uWbdE!EVZY*|884F8Ha^n$6_L5d;uL4J
z&+%Fw@#8M?-aJz7mQ^h!H;?Zq^!Z|#{KcZn&Zuxo(F?K5!SauO%(vSoa6G<GO0o8f
zVxRgKL&4+4zce1rC_Eu{xkUa^MdA~?BOh=56TFlm|0p8sfZdUehcaqAlIPBi_K614
z-HyKmj=NR6d1wPU)A#)rI36eaU9pcj=U$T5duN&Um+ScpWioGbtlS2q*Uz>)QrKk&
z)DdZxW4QIJVqdZ8-F6GV?PV=jF1K6gT}qOFw8O8sw&QWo>TNS_0}bPidg(0lJ;Kf@
z?~Sue`KmqrxA|5+J$z{E{(m(wg;$b1mBha%Mz1_Nsdaxvy`kl*&zl-fKWjf3ICpw>
n{mnlHmK{Dc$wcTG@`Zhcr?s15`92?D=4bG9^>bP0l+XkKi=OZ8

literal 0
HcmV?d00001

diff --git a/public/icons/favicon-32.png b/public/icons/favicon-32.png
new file mode 100644
index 0000000000000000000000000000000000000000..c062acf25a431e2370c4a48921b89282250b7bfd
GIT binary patch
literal 208
zcmeAS@N?(olHy`uVBq!ia0vp^3LwnE1SJ1Ryj={WrhB?LhE&XXJI$M`!GOmlI`F*|
zzsUPrQ@foCl4nXr=_G}*Cd%o*Jice=(urGneE%~BGhAEFf7IsM@5&Pm-+3l*oo-u{
z*RVwW=7MF)n=kSnIH}!`)c0O{oohw<A`WIn+eWr16Gn-;N!>sHK6}Bxf=%@Bqzj6t
zW0lGR4Kz64E#U0=8D|paWVk>gsk^|f{q?T1C;qR0{GCx;KFiAItmga!KqoSIy85}S
Ib4q9e045hvoB#j-

literal 0
HcmV?d00001

diff --git a/public/icons/icon-192-maskable.png b/public/icons/icon-192-maskable.png
new file mode 100644
index 0000000000000000000000000000000000000000..e80f81192a1e0b24809cb8e17670bfea31e1c067
GIT binary patch
literal 1069
zcmeAS@N?(olHy`uVBq!ia0vp^2SAvE2}s`E_d9@rf%%K4i(^Q|oVRx``aN=BXnk0?
z`PaH14nNk#y>;zP6imEjocr?3_t?By91qXWT-UL0&pdzDX}>mqXMS*l#l^+JW#EZ_
z@BT7m)y_L-I(={Lp7nn{t`+>hY5RGym5+n$?%?yr%Z&?LY}Y?uzdT~W-Me$<J1;Tb
z=umA{WqXv#c53ocAZPc^S@V^z1?yah(|c{1VI|DHr8)1FrdWo%yMKC8<2JLi{_<Z%
zxVLOPe|hKZ5;dk<9#5+)+aGh>K2&Zy_pJX$hwRrc?PJU%7l@X|19{pnzxF*>=e~09
zd{x!l`ALnpUOl+`b*D~%@nf0j={f<-?f+(8nZWAR8v|6^X?T8(wphl(_OCq#_D7j?
z1B`8&uLQH0c;A=Li#aA3c3Sqluh@%?kuP~nfzq~1=Ka>WuzpUYsm_I5?pKlpbzQ8#
zGH-t9i3A!IE)!iGxj^63>hL-Lm--7*<t@U`C+%f5**oXHqs<#lo6T(Nmwyqz@Z{~|
zziE<rg|l9NQ>$vuHLzd$xWP*^U;h2;y~ke7{33JVi1yx9|CqI;qAm+C?ktb<f6fRD
zS?#OJr##OyuKg>Oz2eKS+6A-vZ<$p7{QbK%u((tr;OTD3{k5A54^Effxp4aR&zbL!
z2c+(m&&Z#2aRcwy8vc-#C$sI}{GHI?buqxfA%51L_l611Oux==*lyI#`6BAZg$!kt
z1=5Ee=d5UB`J&BxRp5fHRF#JVzsm8O9K4(>y4vcL7eq<z@^moPu{&p#=i#t9^Tniw
zX%{Y-GwN=6WAS>uBBQH`%7QBofQlPgk4KsV>6wPoLIK{)W-1GgJ(Ej!&-ZXxEwNmY
zac$}~5!vlPdi8JlO=1^bnf-8`Z!L5|OsjvhGEnW?lA9A6%&x{eGu?_hTUfTBjb%%J
zo|Mpqyk8j}4%Jl^b8PE@Quh~1Tb;?*cx)M|pv0u4giKifS=l_x-u1z(+;t~&fAt>u
zkiTHZvWKQ?bHp!v-@L1eZ~FgtKq<|)IU*Onym)W(W!CcNv%;>M<ecy|5zJpEw2@x9
b>4|(<#a4diTVkfbVt~QZ)z4*}Q$iB}>-D)j

literal 0
HcmV?d00001

diff --git a/public/icons/icon-192.png b/public/icons/icon-192.png
new file mode 100644
index 0000000000000000000000000000000000000000..cb0fd1351de30e4ac11173a6c54cdeb59338e79e
GIT binary patch
literal 1202
zcmeAS@N?(olHy`uVBq!ia0vp^2SAvE2}s`E_d9@rfu+*Z#WAE}&fB{ei*6YRv_AAz
zKe>AnyVCnvtK)V!uQ+(@(!@1)ul|oMn{%LLzq`SNZ*L!087{as|6)1AMnM4;78XuM
zM<<5~0(4@Y{Qbf@A?;i7&S`ZgpMMYUuYPoGqWr}P^E<m6HoQ-@W&Uqf*wSiV))T4l
zzU<lY!<Ofmc0Su9m)vM`d)0AID{e6jiSVxy+)u7O{!`(devqkBWGPVcPx0(?O{_)F
z>+0rQPu7`WzP;+t^34g2GMwT48y)Vkc!3mtEZ*6+`gnu_|Fp^4Nw#hd$)Pm@r=<Hf
zBqr^Rxqpa>cZ1Zt9YB*y_W6LwWi00_<Tg5}S4R1N`DrNjf<@6zJgk@XmG;w(rTwh0
zQtju;d`{L0P@jASNEXkl=iI<9wqofQu%=uYAN8AmB)G2}*#b05W!8r?QHl$^mcCpv
zNB%L#YG+$>odC&mYedCXIK<j^K0h9@pm|lhdb#Z}CRs;Y>xc!mHjgViS#POaGd>J7
z<jWL08;~Uzl>62y>0DSJ_VSFe{V}Gy0sgXLE1u3YjkXmtUl6u`-f?5Oz$*>YlJfZL
zUH#8qo>@?*ljqQV{{8ypvTwd$NiKc1=J+D^l-s;_AJ2KEet7i;pv*>QgSUSo`WnO*
z%N?EhdZQ2H&5q+mpQ>~s9iBa~nC-i*LCmCN)*Qx<n_ipTWcsx;=KPxWpkP*$ClBZB
zS*XG|*T$xQyWOj0?WYAUOgz5+`|8b^(p`VU++Nma)jX-?e|pa6$1D8;htmI-e!t57
z^Q=5`TiZRmb<;0?U-<0d75U|L!6u>3lJl6a&U}^lF8yA^n%l;&SIz_a>OxbS2uq5a
zGZWLV<;M%noSj*|$V+LtI%J!Kv^31isGFmj*U?~h@q!@BmiD$dr3K=*<kEjiDJ^i$
z$lzv_y;{&^Wa{FOnvv1k&~@>GEz_!tuPnST2ryn<tf;IYINwWIVQSr+RyjqctmIp5
z94ls8N-HgxcI2^6k~7Pddm+4n0pg!cTpadl9FJT8lwSV@C{n%?sKz)%KK&n%{=6io
zqrq?LdPOFy=(~l_wka}6Df>FJnD`tOu>{Jnb>9<U>=pkNoXPUU>0;rttQL+F6FYbX
zC+I(vQc@`IlTVie(#sbC?Wk+b=xB(su9(9M)W`JU&V=s&+RTL;@n*%7)nCKc-P>FJ
zt4;p;lig`cpPjuj*Ss#@{G{p6b(O0u7TnfdyYKzq`Nh8bvU8jx9Zr|u`B~<kHz`{w
sZgVN4|02bQ%&8ML;I)DH(x9F(YO<;Ct<#ETz_N(J)78&qol`;+0P+OvSO5S3

literal 0
HcmV?d00001

diff --git a/public/icons/icon-512-maskable.png b/public/icons/icon-512-maskable.png
new file mode 100644
index 0000000000000000000000000000000000000000..5041e00da694f92bdac7631bea54b51700f64626
GIT binary patch
literal 3118
zcmeHK`&Uy}7T&oxhJ+f#7itm=qNuY(1qnd~LsT9zFyN!Kwp9!YL@+{>+QdQ4^#x9i
zDAFY$Xk0P_I?|evQeZ^6R3)Nf<Yl0O$%ujxEHDNMA&)uf|1fLKTGOA-zWeNN?{9zS
zp1tn<%f{G9rYp-80GLr5!Zrh7$i#r|T(Vf}zX$kaG%9TEr}C2bJulKf)p!V7`WC<5
z(d<&Bcw-D9d|NxqmQQSs&s0{21z%-XJ+FwrZz{NXbNMXzvt9P_6EJWvaQ6Y&^!xJv
zF2Sg_YdOKR$`AHT6qv^*s_!Tm5$X<clS_&#2G(0mrXb6rSFZF<r7?6C8>F=%hpj;t
zaS{$Oj>T+fUlU+EW53=7giDdVvXUbFWtT=#s$lZr?Fw731jz4|_6MEd_3mYFy|I2S
z8)ozbB0xL?UUv(SQB{j!FU6MSS{f{^<~YvS>1;SrXtzG4fpw=z*9li%eLzTV5>A|m
zE30o&CF8_sk-hFQ4K_uD@?mTDZH=N$b(#s!KlUT42j|1aL{sL2neM&=V+g2KNkCmz
zZOkxzn92s<ho*iH1j=vG?&tzhU}!?ZpA_kdIB~#QH|}q%&0~Vcz9E_Q7!%6+6=Sdc
z`A}GF)ZUYT-;Eo=+%{Df1D<FOgceIDQS(Qtvu@2~Lrib!aa3m)igD2iB#3zFhvZ)e
z@6%v?fUWB+6KJD4Cv*`i7?y5bMKGapfA3qFwf`U=W}h-@^AM6M6L8|dkTjNiM5Fi#
z$^A6RlIhKclHQ|E?A|UgP}8k*jxxb*bQod9nS5B8Yt(L(fD~aTKcvC!to@c?d*yUC
z489$AGCG1fpVg*nKy|aytwqOxyujz!avg)sGu<VPCh;;pbP~bb6eO*9ufXQ%Se4C$
zxz(Bmy{X@i5At(H?I21Y6lAYxput#I21=jl$A<1SoiqIi+MBKuRA^|R*hf11nSlX!
zbzggiCDY?`;jo}h^#;+tIB>*U0>j+MScOLM6rJ7<H-Wj>UV?NgIK78^UIOixR#-e8
zs5gSwrdq*<P2!&MLc8)FO_;}4)O5nNRWehsJzxgq$}7_rRCxC`N}kkW%As_j)AuUX
zkEonhk#UMjO;MMvjc`0LiA8+y;5{|v<e{BMyPYvkE5|rR_795sSW84`OaqNHHI~?O
z9ZD^Yyx+*NA*rJ15LC;mDxXr580knR^qiVJkmjq_zu!A}`Ni?P^3a$tsJU0KufG#~
z$YCuA_DQt144JiIRAS;#JFz6If?gIXiH4dN9S5E*y*$`pF6E{yfRMM1@rLcPQPBk>
z3jUf(Xx6k5`opG3dZp5S+Ndp|66J%u>x)=U3aR5!BEAUwSxF`KS|@B@1>nuHW)_uL
z+EJGH-gav?MYJo$`^h@!OnANe+VI>jia}ja)!+NeP%fP!io6lq6tABZh>>@_b!+|R
zQw($#;M0IujI2yshnu3R^ToVq=+vDp(D`WIoX_}{g;0CqnyU1klQ44GXKTzm{!ka`
zu@EG_D=hlIzVtmk6@F?j$wnkF#HiiP{`sS!O9vUi_Opv3?oK;jE?H^OANf+=T7o9X
zD6V}H4)X5&d`s!R+74MWHx4g64a28gXr}G?n{WeQWKTM$IqqqL$}z5-^9)kvLHED%
z_tmvMEdF}tGbr<d?ssYKT)u$^-~9W{z`*0Kn@7c-e%#2y<bV{>34M_HlnNKI0^Hi>
zl!oVk-*hIyWI%q=NOX1};m?3AtsuXQF01h~3RA?x$Zj6YT?jF8xWOMIUHks&)(W(F
zP_Z62EW^mn3)7$^7PdC~>egO>*hNqgg&S^CiR4r`gxp;-bZc4U7gS<273!j4!!t1F
z!$yDmfpaveALU9oZa4$yN-4w0$um2hlPOoC@l(^GH6mdWkGR7C<!#s9aC;imY~v9N
zD8!EJJE;CQ-sm>4ggHP4GQHM;!Sh~%OG7pl1iUYCUkZAC3;`_iXDZlt{y5;p6fMCZ
zs0E(S2k8=~$R7jQ?02g-;PUf8_V9>6I)v;ji5KGXLLhs2#B~OQgyV$;KvvRfQLSHn
zK+R-|R%1}y0)5_~{@c_aj`IjM10?8V&_r0qBSsi7n0#Wu%X|XJyRj0&htMKVEIvCQ
z$f>b)D2u=wq#UMbF$OuU&^QmIKUO-kAZGo~oU%zTZb5P*HOM9&QAvlAIDF+vAl-B8
z5ts_Js}xQYh<sUOA{DYThmllC44C{!yt5d{8XmD7Jv3K8QgbN;gVP4lLX?QZBbpg#
zv=$->-nv7flBS+XA;vjs*WJRSKvwXGMQA$)muCan{qe3_D{+zm6-WmHNN*m2#&pFl
z9l~xs3uM}F4f}4uYY?f6A8(`JWI9yD;LeU;@rbkNA)_1x7hVG4$qbL)Z$bF5?*`!`
zO2c3ki;Tk{oJEF%*Pa*7pga&>q<zPL_Eg~ofUgo<QpqqXn8We3yN3=RUNsR2Qj874
z?*PIW|DB~hR9sKA*yIOoHm<{FZw|OT^5pN@_Cw<q%l?mhX18}}-pDezo?3Zhz@Ct{
z1u&E~aev!k!4b#U<q@U$xx8<)4-A>do6N6w?Ry-lal(DINo>QEqm-)>^i9Zj4h%T;
i+uZnl`5#i^ngbW)W=P8Q5vk}u0HVTU!+uyNI`$u7ttJxy

literal 0
HcmV?d00001

diff --git a/public/icons/icon-512.png b/public/icons/icon-512.png
new file mode 100644
index 0000000000000000000000000000000000000000..abb04bf9ea494914cd2ccb8303170d0f2be0cde0
GIT binary patch
literal 3479
zcmeHK>sM1(7T@>Y5E7O_Anj5TkRXZ(NTZ}dk(Qvy%P1@>RVyXI2cR;7C?izuy*vaT
zR9K1{YD<D3QnipNjt!_KDuoJ^SCmHuNgE49t>Tc@l#*o5^`Dse&@Var?6V)g{Wv@4
z9*<ie$#LL0001XCDtrR~jz}C>^m2%|`fJ2bj1CXmnEl0XBkMBXy6<wd_sN!fiI?o6
z5A8HD<${<?S7wfPvPuqhUHg~l*@nK~WZCkl(eIjX`@@qzWiMxg!~+MX7=Tr5koaK0
zS_n|d06`f*feTP^e;@wOlTd5>grx3U4(B|xIG^))S${heH+ES)?vPLZVnIgT2bY_B
z$pSxt%2#I-@FC;knNzk1k}C$ie~nF_2HM443Tp(pRSYVou6YF?dJ-QQkctbU6h_%m
z4$Lj<CB<mB;i{q8NMeYRo-wAIWD!7#PsNf|wrzD3<*Bd^G+@ASTVdr}ZVv)gCAD2l
zL+ukm9z?!MkF=3Gk|73pv%79|!lQ@-gZEAKT}(*0GvQH+cH4EYMok`P5S3;z1x-hK
zBV@(aSB*G+W6S=TAj?`c2K<mO5mZlPWr>blh7e;_&GY%7ZqG-^WMv%4esL8cJD*Iz
zKbKjqB0RB&-$!`%Bi#~(m5Ug%rgCe9Z3l|mx5joDEk{U{58E{cXbc0$@A#MlOVe#q
zR&c;v)Id7&Ve-7u<9jCfcho5-*Jq(vl*X54<vk|!&cxU65W^2Ur;8de$^0OzzZh5t
z4o<JM+JA#doI(eVmM~zxX6om_O%h>qn{M<~=s6A~|6$UnPcLe~wAZENJhT)Hn;Qxd
zzabN8ZYQXmYoX=~v@J#99*-NyQqI=MW<zN6AgIJT<wzRDJv_D2L#IT>pY9up<<?Ou
z#RxL4<cq<_@WY)^(|8~s9_W868cPFVlc5S7-9(f~r<@uDdEB}ehmm77rad-n-jAwT
zeCg+jgEQkx`7o=+G#(>{xp^x+>J~xIkSneFZUPn-TNCO&1gerVv}!*J)_(7dYc2-@
zvYsN<6fPeU+Ds`vV$dK}<_?0=eJr%N+lKBiVNuf<3b&zz16|vu1DEsR`gp6-B@KE8
z&(fH^5Y_p;J*iXXGk}*dzIsg^rLPU3j|^#`meuDs8)H$kqGq`q%!jnGR^<v5#D(u@
zi9#gt;cHp~b?@d&f0^irCtCzGY??Y|>~2Yej8Q=qxzw`aGthp$FCz4d_P3p8wqHjz
z?9M?lk5b<pmUH0T&L51kQyQ?+y@S2za3~GJ11-_Xgy4ai7HK@ep~AglNlh__@;8)x
z+C~O!Cj`fgvpt63n9w>=^o$K>{6y34wnl}YAUS#Z9wCOYjj5*9?})*B<6cx;-BAwp
zRT<xM(ij_x&XT6@d5a-AZl7s2x+3jYSE7^|JD8HBtVkQm74RYcY=u>b^Wk@?5ZQIj
zg}D0+8jEY8pP*f6sa(PbyUwN4Ng`a>e8ITo1tVBzdgt|j$}d3Y%YmLh10zDabxD`|
zq*bJ=`91Dh*f5h#T6R~QYMd_>TaqNW(~~gb{il!f7f0FzTTr(OI)2RR;mwh`mRmDi
zv8d~rZ=2hr{qB~%@u`4<;6bY7bCbN^INOU$C9JH=?;reRr|31^13U22x}SX~&(?of
z(D(*^2&TUlulLh+AE~|j8viAz?ct4Ev8{_>W@qxhe_6L74<<{{uqqq~OBBSj;NaY(
zQVD2ci9cRF_6Y~`>1V31Zw2gjh6>>W`G>f6KTlowZTJdY>syyUZz{7k3I?@`n;m;9
zeK0xyo@0$CYK>slm;jzvV{u=Cx~=<s(CCAy+4XrB8Pt!RH@k0feO*ADF-dAKRJvjE
zCB%!x^~XM9P~&bh15+1~%j~=1kJ|ZF4w!zeqxEJ^dYJ%*Qwr{w7}Qor>$>cs;#e?u
zOr&>o?8v~i=`{~sZ^cJ=L&AZ{63gQ-o>pyrX2B+&SHC)NaM(8ey*Af8_3M%wWU&-7
z-*s!bQ1htd^(GGG%#zgRdztnAI+&XaEkjFly60{!A3*wXDEaNVhlWZW66{3OK9=N!
z{r(#-L;7H14a^^w4))f>>a$9j!o2j+(Zo;4!t&3A4;(n3J0}jDb+Ggc7n07!xz(JO
z>-wcUOzt20SXQ-6g&kM`#ZiPF$F(XEba_Lu-*3UJ0JH{FW9I<f@wc45aY%(ZTxjos
z)U{9>PN+OFm7?I8fTQQ(l4u^Zu_1mJxGjLU#1`Z~!xvM9aHt~;$~6_93qZQ<1uZ)Z
z*KQO+KNpg#F!gB=Rvxd<7g2=_YS%6Z@rF(*p~o<JW<#R=F504VO&V>oT2YT+IJ!Vy
z=Rx;s%*_*8dcnK~qC`W!D(txzJn4hGZ0HqHJ8(%;c^xvjj)Cs!#dry^ITrLm909u2
zGF<|)x`zeBeXt7sR$>dBK$Cuo#)V;2q=-7shLB3EGY0gHY}!aS1NyH#28}1E!;H+$
zI8CfG((+yy^`3}gv*<S3xCqUk5yX`{!}9fnPYkGXFJ7gX1zbptAZpiuY9UAEgi)=&
zC@P6JMtzV91}-c=$rLWfDDK&tj(wC54wrS%x&SilIC2RNbH2(#fwCD85MPT)Q3$)^
zd2+U*0wnhF2$_5@4kM{>gbk)@x_CWXjwAny)1Y+{QE0vtuOc)G&`MgHk?nF8%!(v5
zg`hpgl-Y^ojyM?lVEsZg={fok9IE(#21gMwT&N8rQrClO7Du%NqhbngBi$3|zr(cw
zEAxW5K8mAe(8NOu^<mseko<$EML2%l1?c_IDZh>o_=JIc9#89y!w0=|l@&k6Az9%v
zj9Re^V%Z>FOJqwyo@_vs&{7N-yNnGl1gE4@RH(xF;1o`nqd;(yIavgfFP!N>88}pm
z0HYE{_!1coz0-;ITkvTYP>rL?yR$*<&vS|fYBZS6?Hn9tRuh@%HM5pL70!sPN0>CH
z0c3qtBOA?mrc?^lq9)qA9RoJ6A;!Ew`w>s*ih)>TMOo-V`(&Qb9)mwL*>Cqyfh<rf
znPupW;rZzm>Bl&@WesJOE<_1}pL(cF23=t^d{meAAh0Sn;_4_D1}s0yL}P$zNXS4{
zj6_HRICJ~IeVP8w?N9>T2mdc#$q&feq1tc!JG#$*TVgXCEDr-KUKOV-Q#SU|K;3P>
z2h|&@LhD=Kuw5z|6T4w1$16x?Ym>b$P6;uT7o?n<*JP(3*ksjrBu?!PF}QYTC!b1b
u5@|hfqTuOF3V>-F@%NX&o6n)&$?x8~-{+h+YZLn5g6K8t!|PVb^ZpC!gyZ=D

literal 0
HcmV?d00001

diff --git a/public/manifest.webmanifest b/public/manifest.webmanifest
new file mode 100644
index 0000000..2f32e8d
--- /dev/null
+++ b/public/manifest.webmanifest
@@ -0,0 +1,60 @@
+{
+  "name": "Karbé — carbets fluviaux de Guyane",
+  "short_name": "Karbé",
+  "description": "Au fil de l'eau : louez des carbets le long des fleuves de Guyane.",
+  "start_url": "/decouvrir",
+  "id": "/decouvrir",
+  "scope": "/",
+  "display": "standalone",
+  "orientation": "portrait",
+  "background_color": "#000000",
+  "theme_color": "#059669",
+  "lang": "fr",
+  "categories": ["travel", "lifestyle"],
+  "icons": [
+    {
+      "src": "/icons/icon-192.png",
+      "sizes": "192x192",
+      "type": "image/png",
+      "purpose": "any"
+    },
+    {
+      "src": "/icons/icon-512.png",
+      "sizes": "512x512",
+      "type": "image/png",
+      "purpose": "any"
+    },
+    {
+      "src": "/icons/icon-192-maskable.png",
+      "sizes": "192x192",
+      "type": "image/png",
+      "purpose": "maskable"
+    },
+    {
+      "src": "/icons/icon-512-maskable.png",
+      "sizes": "512x512",
+      "type": "image/png",
+      "purpose": "maskable"
+    }
+  ],
+  "shortcuts": [
+    {
+      "name": "Au fil de l'eau",
+      "short_name": "Découvrir",
+      "url": "/decouvrir",
+      "icons": [{ "src": "/icons/icon-192.png", "sizes": "192x192" }]
+    },
+    {
+      "name": "Mes favoris",
+      "short_name": "Favoris",
+      "url": "/mes-favoris",
+      "icons": [{ "src": "/icons/icon-192.png", "sizes": "192x192" }]
+    },
+    {
+      "name": "Mon compte",
+      "short_name": "Compte",
+      "url": "/mon-compte",
+      "icons": [{ "src": "/icons/icon-192.png", "sizes": "192x192" }]
+    }
+  ]
+}
diff --git a/src/app/layout.tsx b/src/app/layout.tsx
index 2a05155..1e1dc82 100644
--- a/src/app/layout.tsx
+++ b/src/app/layout.tsx
@@ -52,6 +52,21 @@ export const metadata: Metadata = {
   },
   description:
     "Karbé, la marketplace de location de carbets fluviaux de Guyane.",
+  manifest: "/manifest.webmanifest",
+  applicationName: "Karbé",
+  appleWebApp: {
+    capable: true,
+    statusBarStyle: "black-translucent",
+    title: "Karbé",
+  },
+  icons: {
+    icon: [
+      { url: "/icons/favicon-32.png", sizes: "32x32", type: "image/png" },
+      { url: "/icons/icon-192.png", sizes: "192x192", type: "image/png" },
+      { url: "/icons/icon-512.png", sizes: "512x512", type: "image/png" },
+    ],
+    apple: "/icons/apple-touch-icon.png",
+  },
   openGraph: {
     type: "website",
     siteName: "Karbé",
@@ -62,6 +77,13 @@ export const metadata: Metadata = {
   },
 };
 
+export const viewport = {
+  themeColor: "#059669",
+  width: "device-width",
+  initialScale: 1,
+  viewportFit: "cover" as const,
+};
+
 export default async function RootLayout({
   children,
 }: Readonly<{

From d5732917e318a4e9fa6a96bacaa95c1826f24a82 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 02:03:23 +0000
Subject: [PATCH 25/47] =?UTF-8?q?feat(reels):=20swipe=20horizontal=20anim?=
 =?UTF-8?q?=C3=A9=20avec=20suivi=20du=20doigt=20+=20snap?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/decouvrir/_components/ReelSlide.tsx | 290 +++++++++++++++-----
 1 file changed, 216 insertions(+), 74 deletions(-)

diff --git a/src/app/decouvrir/_components/ReelSlide.tsx b/src/app/decouvrir/_components/ReelSlide.tsx
index a8476f4..7c1b4e7 100644
--- a/src/app/decouvrir/_components/ReelSlide.tsx
+++ b/src/app/decouvrir/_components/ReelSlide.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { useCallback, useEffect, useRef, useState } from "react";
+import { useCallback, useEffect, useMemo, useRef, useState } from "react";
 import Link from "next/link";
 
 import type { ReelCarbet } from "@/lib/reels";
@@ -14,36 +14,71 @@ type Props = {
   onToggleFavorite: () => void;
 };
 
+const SWIPE_THRESHOLD_RATIO = 0.18; // % de la largeur pour valider le swipe
+const VELOCITY_THRESHOLD = 0.4; // px/ms — un flick rapide même court valide
+
 export function ReelSlide({ carbet, isActive, shouldPreload, isFavorite, onToggleFavorite }: Props) {
   const [mediaIndex, setMediaIndex] = useState(0);
   const [muted, setMuted] = useState(true);
-  const touchStart = useRef<{ x: number; y: number } | null>(null);
-  const videoRef = useRef<HTMLVideoElement>(null);
+  const [dragX, setDragX] = useState(0);
+  const [transitioning, setTransitioning] = useState(false);
+  const [containerWidth, setContainerWidth] = useState(0);
+  const containerRef = useRef<HTMLDivElement>(null);
+  const videoRefs = useRef<Map<number, HTMLVideoElement>>(new Map());
+  const drag = useRef<{
+    startX: number;
+    startY: number;
+    startTime: number;
+    locked: "horizontal" | "vertical" | null;
+  } | null>(null);
 
+  const total = carbet.media.length;
   const current = carbet.media[mediaIndex];
 
-  const nextMedia = useCallback(() => {
-    setMediaIndex((i) => (i + 1) % carbet.media.length);
-  }, [carbet.media.length]);
-  const prevMedia = useCallback(() => {
-    setMediaIndex((i) => (i - 1 + carbet.media.length) % carbet.media.length);
-  }, [carbet.media.length]);
+  const goTo = useCallback(
+    (next: number, animated = true) => {
+      const clamped = ((next % total) + total) % total;
+      setTransitioning(animated);
+      setMediaIndex(clamped);
+      setDragX(0);
+    },
+    [total],
+  );
 
-  // Auto-play/pause vidéos quand slide active
+  const nextMedia = useCallback(() => goTo(mediaIndex + 1), [goTo, mediaIndex]);
+  const prevMedia = useCallback(() => goTo(mediaIndex - 1), [goTo, mediaIndex]);
+
+  // Suit la largeur du container pour les calculs de seuils / progress
   useEffect(() => {
-    if (!videoRef.current) return;
-    if (isActive && current?.type === "VIDEO") {
-      videoRef.current.play().catch(() => {});
-    } else {
-      videoRef.current.pause();
-    }
-  }, [isActive, current?.type, mediaIndex]);
+    const el = containerRef.current;
+    if (!el) return;
+    const update = () => setContainerWidth(el.offsetWidth || window.innerWidth);
+    update();
+    const ro = new ResizeObserver(update);
+    ro.observe(el);
+    window.addEventListener("resize", update);
+    return () => {
+      ro.disconnect();
+      window.removeEventListener("resize", update);
+    };
+  }, []);
 
-  // Reset au changement de slide (différé pour éviter cascading renders)
+  // Auto-play/pause vidéos selon média actif
+  useEffect(() => {
+    videoRefs.current.forEach((video, idx) => {
+      if (idx === mediaIndex && isActive && carbet.media[idx]?.type === "VIDEO") {
+        video.play().catch(() => {});
+      } else {
+        video.pause();
+      }
+    });
+  }, [isActive, mediaIndex, carbet.media]);
+
+  // Reset au changement de slide carbet (différé pour éviter cascading renders)
   useEffect(() => {
     if (isActive) return;
-    queueMicrotask(() => setMediaIndex(0));
-  }, [isActive]);
+    queueMicrotask(() => goTo(0, false));
+  }, [isActive, goTo]);
 
   // Navigation clavier ← →
   useEffect(() => {
@@ -65,21 +100,88 @@ export function ReelSlide({ carbet, isActive, shouldPreload, isFavorite, onToggl
 
   function onTouchStart(e: React.TouchEvent) {
     const t = e.touches[0];
-    touchStart.current = { x: t.clientX, y: t.clientY };
+    drag.current = {
+      startX: t.clientX,
+      startY: t.clientY,
+      startTime: Date.now(),
+      locked: null,
+    };
+    setTransitioning(false);
   }
-  function onTouchEnd(e: React.TouchEvent) {
-    if (!touchStart.current) return;
-    const t = e.changedTouches[0];
-    const dx = t.clientX - touchStart.current.x;
-    const dy = t.clientY - touchStart.current.y;
-    touchStart.current = null;
-    // Seuil horizontal > vertical pour considérer un swipe horizontal
-    if (Math.abs(dx) > 40 && Math.abs(dx) > Math.abs(dy) * 1.2) {
-      if (dx < 0) nextMedia();
-      else prevMedia();
+
+  function onTouchMove(e: React.TouchEvent) {
+    if (!drag.current) return;
+    const t = e.touches[0];
+    const dx = t.clientX - drag.current.startX;
+    const dy = t.clientY - drag.current.startY;
+
+    // Première détection : verrouille l'axe (horizontal ou vertical)
+    if (drag.current.locked === null) {
+      if (Math.abs(dx) < 6 && Math.abs(dy) < 6) return; // trop petit, attend
+      drag.current.locked = Math.abs(dx) > Math.abs(dy) ? "horizontal" : "vertical";
+    }
+
+    if (drag.current.locked !== "horizontal") return;
+    // Empêche le scroll vertical pendant un swipe horizontal
+    e.stopPropagation();
+    if (e.cancelable) e.preventDefault();
+
+    // Résistance aux bords : si on swipe gauche sur le 1er ou droite sur le dernier,
+    // on glisse moins (effet rubber-band)
+    let effective = dx;
+    if (total <= 1) {
+      effective = dx * 0.2;
+    } else if (mediaIndex === 0 && dx > 0) {
+      effective = dx * 0.35;
+    } else if (mediaIndex === total - 1 && dx < 0) {
+      effective = dx * 0.35;
+    }
+    setDragX(effective);
+  }
+
+  function onTouchEnd() {
+    if (!drag.current) return;
+    const wasHorizontal = drag.current.locked === "horizontal";
+    const elapsed = Date.now() - drag.current.startTime;
+    const width = containerWidth || window.innerWidth;
+    const velocity = Math.abs(dragX) / Math.max(1, elapsed); // px/ms
+    drag.current = null;
+
+    if (!wasHorizontal) {
+      setDragX(0);
+      return;
+    }
+
+    const distance = Math.abs(dragX);
+    const isFlick = velocity > VELOCITY_THRESHOLD && distance > 20;
+    const isSlow = distance > width * SWIPE_THRESHOLD_RATIO;
+    const shouldChange = (isFlick || isSlow) && total > 1;
+
+    if (shouldChange) {
+      if (dragX < 0 && mediaIndex < total - 1) {
+        goTo(mediaIndex + 1);
+      } else if (dragX > 0 && mediaIndex > 0) {
+        goTo(mediaIndex - 1);
+      } else {
+        // Bord : retour à 0
+        setTransitioning(true);
+        setDragX(0);
+      }
+    } else {
+      setTransitioning(true);
+      setDragX(0);
     }
   }
 
+  // Préchargement intelligent : current, current ± 1
+  const preloadIndexes = useMemo(() => {
+    const s = new Set<number>();
+    s.add(mediaIndex);
+    if (mediaIndex > 0) s.add(mediaIndex - 1);
+    if (mediaIndex < total - 1) s.add(mediaIndex + 1);
+    return s;
+  }, [mediaIndex, total]);
+
   const share = useCallback(async () => {
     const url = `${window.location.origin}/carbets/${carbet.slug}`;
     const title = carbet.title;
@@ -92,57 +194,97 @@ export function ReelSlide({ carbet, isActive, shouldPreload, isFavorite, onToggl
 
   if (!current) return null;
 
+  const offsetPct = -mediaIndex * 100;
+
   return (
-    <div
-      className="relative h-full w-full bg-black"
-      onTouchStart={onTouchStart}
-      onTouchEnd={onTouchEnd}
-    >
-      {/* Média */}
-      <div className="absolute inset-0 flex items-center justify-center">
-        {current.type === "VIDEO" ? (
-          <video
-            ref={videoRef}
-            src={shouldPreload ? current.url : undefined}
-            data-src={current.url}
-            muted={muted}
-            playsInline
-            loop
-            preload={shouldPreload ? "auto" : "none"}
-            className="h-full w-full object-cover"
-            onClick={() => setMuted((m) => !m)}
-          />
-        ) : (
-          // eslint-disable-next-line @next/next/no-img-element
-          <img
-            src={shouldPreload ? current.url : undefined}
-            srcSet={shouldPreload ? buildSrcSet(current.url) : undefined}
-            sizes="(min-width: 768px) 800px, 100vw"
-            data-src={current.url}
-            alt={`${carbet.title} — média ${mediaIndex + 1}`}
-            loading={shouldPreload ? "eager" : "lazy"}
-            fetchPriority={shouldPreload ? "high" : "auto"}
-            decoding="async"
-            className="h-full w-full object-cover"
-          />
-        )}
+    <div className="relative h-full w-full overflow-hidden bg-black">
+      {/* Track : tous les médias en ligne, transformX selon index + drag */}
+      <div
+        ref={containerRef}
+        className="absolute inset-0 flex"
+        style={{
+          width: `${total * 100}%`,
+          transform: `translateX(calc(${offsetPct / total}% + ${dragX}px))`,
+          transition: transitioning ? "transform 320ms cubic-bezier(0.22, 0.61, 0.36, 1)" : "none",
+          touchAction: "pan-y",
+        }}
+        onTouchStart={onTouchStart}
+        onTouchMove={onTouchMove}
+        onTouchEnd={onTouchEnd}
+        onTransitionEnd={() => setTransitioning(false)}
+      >
+        {carbet.media.map((m, idx) => {
+          const visible = preloadIndexes.has(idx) || shouldPreload;
+          return (
+            <div
+              key={m.id}
+              className="relative flex h-full shrink-0 items-center justify-center"
+              style={{ width: `${100 / total}%` }}
+              aria-hidden={idx !== mediaIndex}
+            >
+              {m.type === "VIDEO" ? (
+                <video
+                  ref={(el) => {
+                    if (el) videoRefs.current.set(idx, el);
+                    else videoRefs.current.delete(idx);
+                  }}
+                  src={visible ? m.url : undefined}
+                  muted={muted}
+                  playsInline
+                  loop
+                  preload={visible ? "auto" : "none"}
+                  className="h-full w-full object-cover"
+                />
+              ) : (
+                // eslint-disable-next-line @next/next/no-img-element
+                <img
+                  src={visible ? m.url : undefined}
+                  srcSet={visible ? buildSrcSet(m.url) : undefined}
+                  sizes="(min-width: 768px) 800px, 100vw"
+                  alt={`${carbet.title} — média ${idx + 1}`}
+                  loading={idx === mediaIndex ? "eager" : "lazy"}
+                  fetchPriority={idx === mediaIndex ? "high" : "auto"}
+                  decoding="async"
+                  draggable={false}
+                  className="h-full w-full select-none object-cover"
+                />
+              )}
+            </div>
+          );
+        })}
       </div>
 
       {/* Voile dégradé en bas pour lisibilité */}
       <div className="pointer-events-none absolute inset-x-0 bottom-0 h-2/5 bg-gradient-to-t from-black/85 via-black/30 to-transparent" />
 
       {/* Indicateurs progression médias (sticks en haut) */}
-      {carbet.media.length > 1 ? (
+      {total > 1 ? (
         <div className="pointer-events-none absolute left-3 right-3 top-12 flex gap-1">
-          {carbet.media.map((_, i) => (
-            <span
-              key={i}
-              className={
-                "h-0.5 flex-1 rounded-full " +
-                (i === mediaIndex ? "bg-white" : i < mediaIndex ? "bg-white/60" : "bg-white/30")
-              }
-            />
-          ))}
+          {carbet.media.map((_, i) => {
+            const isActiveStick = i === mediaIndex;
+            const wasSeen = i < mediaIndex;
+            // Progression visuelle pendant le drag (preview du swipe)
+            const progress = isActiveStick && Math.abs(dragX) > 0 && containerWidth > 0
+              ? Math.min(1, Math.abs(dragX) / containerWidth)
+              : 0;
+            return (
+              <span
+                key={i}
+                className={
+                  "relative h-0.5 flex-1 overflow-hidden rounded-full " +
+                  (isActiveStick ? "bg-white/30" : wasSeen ? "bg-white/60" : "bg-white/30")
+                }
+              >
+                <span
+                  className={
+                    "absolute inset-y-0 left-0 bg-white " +
+                    (isActiveStick ? "w-full" : wasSeen ? "w-full" : "w-0")
+                  }
+                  style={progress > 0 ? { width: `${progress * 100}%` } : undefined}
+                />
+              </span>
+            );
+          })}
         </div>
       ) : null}
 

From dc2b07507fe23290815c6c6f1ad61f567ad8cbb8 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 02:26:02 +0000
Subject: [PATCH 26/47] =?UTF-8?q?feat:=204=20crit=C3=A8res=20op=C3=A9ratio?=
 =?UTF-8?q?nnels=20(route/capacit=C3=A9/=C3=A9lectricit=C3=A9/GSM)=20+=20p?=
 =?UTF-8?q?resets=20profils=20+=20badges?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../migration.sql                             |  15 +++
 prisma/schema.prisma                          |  18 +++
 src/app/carbets/[slug]/page.tsx               |  15 +++
 src/app/carbets/_components/carbet-card.tsx   |  14 +-
 .../carbets/_components/search-filters.tsx    | 110 +++++++++++++++-
 .../carbets/_components/search-profiles.tsx   |  29 +++++
 src/app/carbets/page.tsx                      |   2 +
 src/components/OperationalBadges.tsx          | 120 ++++++++++++++++++
 src/lib/carbet-public.ts                      |  12 ++
 src/lib/carbet-search.ts                      |  88 ++++++++++++-
 src/lib/search-profiles.ts                    |  79 ++++++++++++
 11 files changed, 494 insertions(+), 8 deletions(-)
 create mode 100644 prisma/migrations/20260602030000_operational_criteria/migration.sql
 create mode 100644 src/app/carbets/_components/search-profiles.tsx
 create mode 100644 src/components/OperationalBadges.tsx
 create mode 100644 src/lib/search-profiles.ts

diff --git a/prisma/migrations/20260602030000_operational_criteria/migration.sql b/prisma/migrations/20260602030000_operational_criteria/migration.sql
new file mode 100644
index 0000000..5bdca5f
--- /dev/null
+++ b/prisma/migrations/20260602030000_operational_criteria/migration.sql
@@ -0,0 +1,15 @@
+CREATE TYPE "RoadAccess" AS ENUM ('NONE', 'DRY_SEASON_ONLY', 'ALL_YEAR');
+CREATE TYPE "Electricity" AS ENUM ('NONE', 'SOLAR', 'GENERATOR_READY', 'EDF');
+
+ALTER TABLE "Carbet" ADD COLUMN "roadAccess" "RoadAccess";
+ALTER TABLE "Carbet" ADD COLUMN "electricity" "Electricity";
+ALTER TABLE "Carbet" ADD COLUMN "gsmAtCarbet" BOOLEAN NOT NULL DEFAULT false;
+ALTER TABLE "Carbet" ADD COLUMN "gsmExitDistanceKm" DECIMAL(4,2);
+
+-- Seed des 6 carbets démo avec valeurs réalistes
+UPDATE "Carbet" SET "roadAccess" = 'NONE',             "electricity" = 'SOLAR',           "gsmAtCarbet" = false, "gsmExitDistanceKm" = 1.5 WHERE id = 'demo-carbet-awara';
+UPDATE "Carbet" SET "roadAccess" = 'ALL_YEAR',         "electricity" = 'EDF',             "gsmAtCarbet" = true                              WHERE id = 'demo-carbet-kourou';
+UPDATE "Carbet" SET "roadAccess" = 'ALL_YEAR',         "electricity" = 'EDF',             "gsmAtCarbet" = true                              WHERE id = 'demo-carbet-mahury';
+UPDATE "Carbet" SET "roadAccess" = 'NONE',             "electricity" = 'GENERATOR_READY', "gsmAtCarbet" = false, "gsmExitDistanceKm" = 4.0 WHERE id = 'demo-carbet-maripa';
+UPDATE "Carbet" SET "roadAccess" = 'DRY_SEASON_ONLY',  "electricity" = 'SOLAR',           "gsmAtCarbet" = false, "gsmExitDistanceKm" = 0.5 WHERE id = 'demo-carbet-paripou';
+UPDATE "Carbet" SET "roadAccess" = 'ALL_YEAR',         "electricity" = 'EDF',             "gsmAtCarbet" = true                              WHERE id = 'demo-carbet-wapa';
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 83d75c2..0636340 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -124,6 +124,11 @@ model Carbet {
   // Détails d'accès route pour ROAD_AND_RIVER (GPS, distance, type de piste).
   roadAccessNote     String?
   capacity           Int
+  // 4 critères opérationnels dealbreakers (dispo en filtres + badges UI)
+  roadAccess         RoadAccess?
+  electricity        Electricity?
+  gsmAtCarbet        Boolean      @default(false)
+  gsmExitDistanceKm  Decimal?     @db.Decimal(4, 2)
   // Prix par nuit pour le carbet entier (toute capacité). En euros.
   nightlyPrice       Decimal      @db.Decimal(10, 2) @default(0)
   // Contraintes séjour (plugin min-stay). null = pas de contrainte.
@@ -381,3 +386,16 @@ model Favorite {
   @@index([userId])
   @@index([carbetId])
 }
+
+enum RoadAccess {
+  NONE
+  DRY_SEASON_ONLY
+  ALL_YEAR
+}
+
+enum Electricity {
+  NONE
+  SOLAR
+  GENERATOR_READY
+  EDF
+}
diff --git a/src/app/carbets/[slug]/page.tsx b/src/app/carbets/[slug]/page.tsx
index f37adae..ae53374 100644
--- a/src/app/carbets/[slug]/page.tsx
+++ b/src/app/carbets/[slug]/page.tsx
@@ -20,6 +20,7 @@ import { CarbetMap } from "../_components/carbet-map";
 import { ReviewsSection } from "../_components/reviews-section";
 import { StarRating } from "../_components/star-rating";
 import { AccessTypeBadge } from "@/components/AccessTypeBadge";
+import { OperationalBadges } from "@/components/OperationalBadges";
 import { StayConstraints } from "@/components/StayConstraints";
 import { PirogueTransportBlock } from "@/components/PirogueTransportBlock";
 
@@ -131,6 +132,20 @@ export default async function PublicCarbetPage({ params }: PageProps) {
         <CarbetGallery title={carbet.title} media={carbet.media} />
       </section>
 
+      <section className="mt-6">
+        <h2 className="mb-3 text-base font-semibold uppercase tracking-wider text-zinc-500">
+          Critères opérationnels
+        </h2>
+        <OperationalBadges
+          roadAccess={carbet.roadAccess}
+          capacity={carbet.capacity}
+          electricity={carbet.electricity}
+          gsmAtCarbet={carbet.gsmAtCarbet}
+          gsmExitDistanceKm={carbet.gsmExitDistanceKm}
+          variant="full"
+        />
+      </section>
+
       <div className="mt-10 grid gap-10 lg:grid-cols-3">
         <div className="lg:col-span-2">
           <section>
diff --git a/src/app/carbets/_components/carbet-card.tsx b/src/app/carbets/_components/carbet-card.tsx
index c11003a..f32cc8e 100644
--- a/src/app/carbets/_components/carbet-card.tsx
+++ b/src/app/carbets/_components/carbet-card.tsx
@@ -5,6 +5,7 @@ import { formatPirogueDuration, truncate } from "@/lib/format";
 import { formatAverageRating } from "@/lib/reviews";
 import { buildSrcSet } from "@/lib/image-variants";
 import { AccessTypeBadge } from "@/components/AccessTypeBadge";
+import { OperationalBadges } from "@/components/OperationalBadges";
 import { StayConstraints } from "@/components/StayConstraints";
 
 import { StarRating } from "./star-rating";
@@ -41,9 +42,18 @@ export function CarbetCard({ carbet }: { carbet: CarbetSearchResult }) {
           <AccessTypeBadge accessType={carbet.accessType} />
         </div>
         <p className="mt-1 text-sm text-zinc-600">
-          Fleuve {carbet.river} · {carbet.capacity} voyageur
-          {carbet.capacity > 1 ? "s" : ""}
+          Fleuve {carbet.river}
         </p>
+        <div className="mt-2">
+          <OperationalBadges
+            roadAccess={carbet.roadAccess}
+            capacity={carbet.capacity}
+            electricity={carbet.electricity}
+            gsmAtCarbet={carbet.gsmAtCarbet}
+            gsmExitDistanceKm={carbet.gsmExitDistanceKm}
+            variant="compact"
+          />
+        </div>
         <div className="mt-1 flex flex-wrap gap-1">
           <StayConstraints
             minNights={carbet.minStayNights}
diff --git a/src/app/carbets/_components/search-filters.tsx b/src/app/carbets/_components/search-filters.tsx
index fb383f2..13454f4 100644
--- a/src/app/carbets/_components/search-filters.tsx
+++ b/src/app/carbets/_components/search-filters.tsx
@@ -2,6 +2,7 @@ import Link from "next/link";
 
 import type { CarbetSearchFilters } from "@/lib/carbet-search";
 import { AMENITY_CATALOG } from "@/lib/amenities";
+import { Electricity, RoadAccess } from "@/generated/prisma/enums";
 
 type SearchFiltersProps = {
   filters: CarbetSearchFilters;
@@ -62,14 +63,27 @@ export function SearchFilters({ filters, rivers }: SearchFiltersProps) {
       </label>
 
       <label className="flex flex-col gap-1 text-sm">
-        <span className="font-medium text-zinc-700">Voyageurs</span>
+        <span className="font-medium text-zinc-700">Voyageurs min</span>
         <input
           type="number"
           name="capacity"
           min={1}
           max={100}
           defaultValue={filters.capacity ?? ""}
-          placeholder="Nombre min."
+          placeholder="Au moins"
+          className="rounded-md border border-zinc-300 px-3 py-2 text-zinc-900 focus:border-emerald-500 focus:outline-none"
+        />
+      </label>
+
+      <label className="flex flex-col gap-1 text-sm">
+        <span className="font-medium text-zinc-700">Voyageurs max</span>
+        <input
+          type="number"
+          name="capacityMax"
+          min={1}
+          max={100}
+          defaultValue={filters.capacityMax ?? ""}
+          placeholder="Au plus"
           className="rounded-md border border-zinc-300 px-3 py-2 text-zinc-900 focus:border-emerald-500 focus:outline-none"
         />
       </label>
@@ -87,6 +101,98 @@ export function SearchFilters({ filters, rivers }: SearchFiltersProps) {
         />
       </label>
 
+      <fieldset className="flex flex-col gap-1 text-sm sm:col-span-2 lg:col-span-5">
+        <legend className="font-medium text-zinc-700">Accès route</legend>
+        <div className="flex flex-wrap gap-2 pt-1">
+          {[
+            { value: RoadAccess.ALL_YEAR, label: "🛣️ Route toute saison" },
+            { value: RoadAccess.DRY_SEASON_ONLY, label: "🟠 Route saison sèche" },
+            { value: RoadAccess.NONE, label: "🛶 Pirogue uniquement" },
+          ].map((opt) => {
+            const checked = (filters.roadAccess ?? []).includes(opt.value);
+            return (
+              <label
+                key={opt.value}
+                className={
+                  "flex cursor-pointer items-center gap-1 rounded-full border px-2.5 py-1 text-xs " +
+                  (checked
+                    ? "border-emerald-600 bg-emerald-50 text-emerald-900"
+                    : "border-zinc-300 bg-white text-zinc-700 hover:border-zinc-400")
+                }
+              >
+                <input
+                  type="checkbox"
+                  name="roadAccess"
+                  value={opt.value}
+                  defaultChecked={checked}
+                  className="sr-only"
+                />
+                {opt.label}
+              </label>
+            );
+          })}
+        </div>
+      </fieldset>
+
+      <fieldset className="flex flex-col gap-1 text-sm sm:col-span-2 lg:col-span-5">
+        <legend className="font-medium text-zinc-700">Électricité</legend>
+        <div className="flex flex-wrap gap-2 pt-1">
+          {[
+            { value: Electricity.EDF, label: "⚡ EDF / raccordé" },
+            { value: Electricity.GENERATOR_READY, label: "🔌 Préinstall groupe" },
+            { value: Electricity.SOLAR, label: "☀️ Solaire" },
+            { value: Electricity.NONE, label: "🕯️ Aucune" },
+          ].map((opt) => {
+            const checked = (filters.electricity ?? []).includes(opt.value);
+            return (
+              <label
+                key={opt.value}
+                className={
+                  "flex cursor-pointer items-center gap-1 rounded-full border px-2.5 py-1 text-xs " +
+                  (checked
+                    ? "border-emerald-600 bg-emerald-50 text-emerald-900"
+                    : "border-zinc-300 bg-white text-zinc-700 hover:border-zinc-400")
+                }
+              >
+                <input
+                  type="checkbox"
+                  name="electricity"
+                  value={opt.value}
+                  defaultChecked={checked}
+                  className="sr-only"
+                />
+                {opt.label}
+              </label>
+            );
+          })}
+        </div>
+      </fieldset>
+
+      <label className="flex flex-col gap-1 text-sm sm:col-span-2 lg:col-span-5">
+        <span className="font-medium text-zinc-700">
+          📶 Réseau GSM accessible — distance max{" "}
+          <span className="font-mono text-emerald-700">
+            {filters.gsmMaxKm === 0 ? "(au carbet)" : filters.gsmMaxKm ? `≤ ${filters.gsmMaxKm} km` : "(non filtré)"}
+          </span>
+        </span>
+        <div className="flex items-center gap-3">
+          <span className="text-xs text-zinc-500">Au carbet</span>
+          <input
+            type="range"
+            name="gsmMaxKm"
+            min={0}
+            max={10}
+            step={0.5}
+            defaultValue={filters.gsmMaxKm ?? ""}
+            className="flex-1 accent-emerald-600"
+          />
+          <span className="text-xs text-zinc-500">10 km</span>
+        </div>
+        <span className="text-[11px] text-zinc-500">
+          0 km = exige le réseau directement au carbet · 10 km = peu importe.
+        </span>
+      </label>
+
       <fieldset className="flex flex-col gap-1 text-sm sm:col-span-2 lg:col-span-5">
         <legend className="font-medium text-zinc-700">Équipements souhaités</legend>
         <div className="flex flex-wrap gap-2 pt-1">
diff --git a/src/app/carbets/_components/search-profiles.tsx b/src/app/carbets/_components/search-profiles.tsx
new file mode 100644
index 0000000..cd11732
--- /dev/null
+++ b/src/app/carbets/_components/search-profiles.tsx
@@ -0,0 +1,29 @@
+"use client";
+
+import Link from "next/link";
+
+import { SEARCH_PROFILES, buildProfileUrl } from "@/lib/search-profiles";
+
+export function SearchProfiles() {
+  return (
+    <div className="mb-4">
+      <div className="mb-2 text-xs uppercase tracking-wider text-zinc-500">
+        Profils de séjour
+      </div>
+      <ul className="-mx-1 flex flex-wrap gap-1.5 px-1">
+        {SEARCH_PROFILES.map((p) => (
+          <li key={p.id}>
+            <Link
+              href={buildProfileUrl(p.id)}
+              title={p.description}
+              className="inline-flex items-center gap-1.5 rounded-full border border-zinc-200 bg-white px-3 py-1.5 text-sm text-zinc-800 transition hover:border-emerald-400 hover:bg-emerald-50 hover:text-emerald-900"
+            >
+              <span aria-hidden>{p.emoji}</span>
+              <span className="font-medium">{p.label}</span>
+            </Link>
+          </li>
+        ))}
+      </ul>
+    </div>
+  );
+}
diff --git a/src/app/carbets/page.tsx b/src/app/carbets/page.tsx
index b700fed..512c79f 100644
--- a/src/app/carbets/page.tsx
+++ b/src/app/carbets/page.tsx
@@ -10,6 +10,7 @@ import {
 import { CarbetCard } from "./_components/carbet-card";
 import { CatalogMap } from "./_components/catalog-map";
 import { SearchFilters } from "./_components/search-filters";
+import { SearchProfiles } from "./_components/search-profiles";
 
 export const metadata: Metadata = {
   title: "Rechercher un carbet",
@@ -57,6 +58,7 @@ export default async function CarbetsSearchPage({
         </p>
       </header>
 
+      <SearchProfiles />
       <SearchFilters filters={filters} rivers={rivers} />
 
       <section className="mt-8" aria-live="polite">
diff --git a/src/components/OperationalBadges.tsx b/src/components/OperationalBadges.tsx
new file mode 100644
index 0000000..e2f3ea0
--- /dev/null
+++ b/src/components/OperationalBadges.tsx
@@ -0,0 +1,120 @@
+/**
+ * Badges opérationnels Karbé : 4 critères dealbreakers affichés en compact
+ * sur les cards catalog + en gros sur la fiche carbet.
+ *
+ * - Route (NONE / DRY_SEASON_ONLY / ALL_YEAR)
+ * - Capacité (X voyageurs max)
+ * - Électricité (NONE / SOLAR / GENERATOR_READY / EDF)
+ * - GSM (au carbet OUI / à X km / zone blanche)
+ */
+
+import { Electricity, RoadAccess } from "@/generated/prisma/enums";
+
+type Props = {
+  roadAccess: RoadAccess | null;
+  capacity: number;
+  electricity: Electricity | null;
+  gsmAtCarbet: boolean;
+  gsmExitDistanceKm: number | null;
+  /** "compact" pour les cards, "full" pour la fiche détail. */
+  variant?: "compact" | "full";
+};
+
+type Badge = {
+  emoji: string;
+  label: string;
+  tone: "good" | "neutral" | "warn";
+};
+
+function roadBadge(r: RoadAccess | null): Badge {
+  if (r === RoadAccess.ALL_YEAR) return { emoji: "🛣️", label: "Route toute saison", tone: "good" };
+  if (r === RoadAccess.DRY_SEASON_ONLY) return { emoji: "🛣️", label: "Route saison sèche", tone: "warn" };
+  if (r === RoadAccess.NONE) return { emoji: "🛶", label: "Pirogue uniquement", tone: "neutral" };
+  return { emoji: "🛣️", label: "Accès non précisé", tone: "neutral" };
+}
+
+function capacityBadge(c: number): Badge {
+  return { emoji: "👥", label: `${c} voyageur${c > 1 ? "s" : ""}`, tone: "neutral" };
+}
+
+function electricityBadge(e: Electricity | null): Badge {
+  if (e === Electricity.EDF) return { emoji: "⚡", label: "EDF / raccordé", tone: "good" };
+  if (e === Electricity.GENERATOR_READY) return { emoji: "🔌", label: "Préinstall groupe", tone: "good" };
+  if (e === Electricity.SOLAR) return { emoji: "☀️", label: "Solaire", tone: "neutral" };
+  if (e === Electricity.NONE) return { emoji: "🕯️", label: "Aucune électricité", tone: "warn" };
+  return { emoji: "⚡", label: "Électricité non précisée", tone: "neutral" };
+}
+
+function gsmBadge(atCarbet: boolean, exitKm: number | null): Badge {
+  if (atCarbet) return { emoji: "📶", label: "Réseau au carbet", tone: "good" };
+  if (exitKm !== null) {
+    const tone: Badge["tone"] = exitKm <= 1 ? "neutral" : "warn";
+    return { emoji: "📵", label: `Réseau à ${exitKm.toFixed(exitKm < 1 ? 1 : 0)} km`, tone };
+  }
+  return { emoji: "📵", label: "Zone blanche", tone: "warn" };
+}
+
+const TONE_CLASSES_COMPACT: Record<Badge["tone"], string> = {
+  good: "bg-emerald-50 text-emerald-800 ring-emerald-200",
+  neutral: "bg-zinc-100 text-zinc-700 ring-zinc-200",
+  warn: "bg-amber-50 text-amber-800 ring-amber-200",
+};
+
+const TONE_CLASSES_FULL: Record<Badge["tone"], string> = {
+  good: "bg-emerald-50 text-emerald-900 ring-emerald-300 border-emerald-200",
+  neutral: "bg-white text-zinc-900 ring-zinc-300 border-zinc-200",
+  warn: "bg-amber-50 text-amber-900 ring-amber-300 border-amber-200",
+};
+
+export function OperationalBadges({
+  roadAccess,
+  capacity,
+  electricity,
+  gsmAtCarbet,
+  gsmExitDistanceKm,
+  variant = "compact",
+}: Props) {
+  const badges: Badge[] = [
+    roadBadge(roadAccess),
+    capacityBadge(capacity),
+    electricityBadge(electricity),
+    gsmBadge(gsmAtCarbet, gsmExitDistanceKm),
+  ];
+
+  if (variant === "compact") {
+    return (
+      <ul className="flex flex-wrap gap-1.5">
+        {badges.map((b, i) => (
+          <li
+            key={i}
+            className={
+              "inline-flex items-center gap-1 rounded-full px-2 py-0.5 text-[10px] font-semibold ring-1 ring-inset " +
+              TONE_CLASSES_COMPACT[b.tone]
+            }
+          >
+            <span aria-hidden>{b.emoji}</span>
+            <span>{b.label}</span>
+          </li>
+        ))}
+      </ul>
+    );
+  }
+
+  // full : grille 2×2 pour la fiche
+  return (
+    <ul className="grid grid-cols-1 gap-2 sm:grid-cols-2">
+      {badges.map((b, i) => (
+        <li
+          key={i}
+          className={
+            "flex items-center gap-3 rounded-lg border px-3 py-2 ring-1 ring-inset " +
+            TONE_CLASSES_FULL[b.tone]
+          }
+        >
+          <span aria-hidden className="text-xl">{b.emoji}</span>
+          <span className="text-sm font-medium">{b.label}</span>
+        </li>
+      ))}
+    </ul>
+  );
+}
diff --git a/src/lib/carbet-public.ts b/src/lib/carbet-public.ts
index 61af5c4..c09b2fb 100644
--- a/src/lib/carbet-public.ts
+++ b/src/lib/carbet-public.ts
@@ -28,6 +28,10 @@ export type PublicCarbetDetail = {
   roadAccessNote: string | null;
   capacity: number;
   nightlyPrice: string;
+  roadAccess: import("@/generated/prisma/enums").RoadAccess | null;
+  electricity: import("@/generated/prisma/enums").Electricity | null;
+  gsmAtCarbet: boolean;
+  gsmExitDistanceKm: number | null;
   minStayNights: number | null;
   maxStayNights: number | null;
   minCapacity: number | null;
@@ -62,6 +66,10 @@ export const getPublicCarbet = cache(
         roadAccessNote: true,
         capacity: true,
         nightlyPrice: true,
+        roadAccess: true,
+        electricity: true,
+        gsmAtCarbet: true,
+        gsmExitDistanceKm: true,
         minStayNights: true,
         maxStayNights: true,
         minCapacity: true,
@@ -113,6 +121,10 @@ export const getPublicCarbet = cache(
       roadAccessNote: carbet.roadAccessNote,
       capacity: carbet.capacity,
       nightlyPrice: carbet.nightlyPrice.toString(),
+      roadAccess: carbet.roadAccess,
+      electricity: carbet.electricity,
+      gsmAtCarbet: carbet.gsmAtCarbet,
+      gsmExitDistanceKm: carbet.gsmExitDistanceKm !== null ? Number(carbet.gsmExitDistanceKm) : null,
       minStayNights: carbet.minStayNights,
       maxStayNights: carbet.maxStayNights,
       minCapacity: carbet.minCapacity,
diff --git a/src/lib/carbet-search.ts b/src/lib/carbet-search.ts
index b2cb041..cd53126 100644
--- a/src/lib/carbet-search.ts
+++ b/src/lib/carbet-search.ts
@@ -5,6 +5,8 @@ import {
   AvailabilityBlockReason,
   AvailabilityScope,
   CarbetStatus,
+  Electricity,
+  RoadAccess,
 } from "@/generated/prisma/enums";
 import { getCarbetReviewStatsMany } from "@/lib/reviews-server";
 
@@ -13,11 +15,16 @@ export type CarbetSearchFilters = {
   startDate?: Date;
   endDate?: Date;
   capacity?: number;
-  // Filtre plugin access-type : si "river-only" exclu, on garde uniquement
-  // ROAD_AND_RIVER. Si "all" ou non spécifié, tout passe.
+  capacityMax?: number;
   accessibility?: "road-only" | "all";
   priceMax?: number;
   amenities?: string[];
+  /** Niveaux d'accès route acceptés (multi). */
+  roadAccess?: RoadAccess[];
+  /** Niveaux d'électricité acceptés (multi). */
+  electricity?: Electricity[];
+  /** Distance max en km pour atteindre le réseau GSM. 0 = exige le réseau au carbet. */
+  gsmMaxKm?: number;
 };
 
 export type RawSearchParams = {
@@ -71,6 +78,45 @@ export function parseSearchFilters(
     filters.accessibility = accessibility;
   }
 
+  const capacityMaxRaw = pickString(searchParams.capacityMax);
+  if (capacityMaxRaw) {
+    const cmax = Number(capacityMaxRaw);
+    if (Number.isInteger(cmax) && cmax > 0 && cmax <= 100) filters.capacityMax = cmax;
+  }
+
+  const roadRaw = searchParams.roadAccess;
+  if (roadRaw) {
+    const arr = Array.isArray(roadRaw) ? roadRaw : [roadRaw];
+    const keys = arr
+      .flatMap((s) => s.split(","))
+      .map((s) => s.trim())
+      .filter((s): s is RoadAccess =>
+        s === RoadAccess.NONE || s === RoadAccess.DRY_SEASON_ONLY || s === RoadAccess.ALL_YEAR,
+      );
+    if (keys.length > 0) filters.roadAccess = Array.from(new Set(keys));
+  }
+
+  const elecRaw = searchParams.electricity;
+  if (elecRaw) {
+    const arr = Array.isArray(elecRaw) ? elecRaw : [elecRaw];
+    const keys = arr
+      .flatMap((s) => s.split(","))
+      .map((s) => s.trim())
+      .filter((s): s is Electricity =>
+        s === Electricity.NONE ||
+        s === Electricity.SOLAR ||
+        s === Electricity.GENERATOR_READY ||
+        s === Electricity.EDF,
+      );
+    if (keys.length > 0) filters.electricity = Array.from(new Set(keys));
+  }
+
+  const gsmMaxRaw = pickString(searchParams.gsmMaxKm);
+  if (gsmMaxRaw) {
+    const km = Number(gsmMaxRaw);
+    if (Number.isFinite(km) && km >= 0 && km <= 50) filters.gsmMaxKm = km;
+  }
+
   const priceMaxRaw = pickString(searchParams.priceMax);
   if (priceMaxRaw) {
     const priceMax = Number(priceMaxRaw);
@@ -113,6 +159,10 @@ export type CarbetSearchResult = {
   nightlyPrice: string;
   latitude: number;
   longitude: number;
+  roadAccess: RoadAccess | null;
+  electricity: Electricity | null;
+  gsmAtCarbet: boolean;
+  gsmExitDistanceKm: number | null;
 };
 
 // Build the Prisma where-clause for a public carbet search. A carbet is only
@@ -127,8 +177,30 @@ function buildWhere(filters: CarbetSearchFilters): Prisma.CarbetWhereInput {
     where.river = { contains: filters.river, mode: "insensitive" };
   }
 
-  if (filters.capacity) {
-    where.capacity = { gte: filters.capacity };
+  if (filters.capacity || filters.capacityMax) {
+    where.capacity = {};
+    if (filters.capacity) where.capacity.gte = filters.capacity;
+    if (filters.capacityMax) where.capacity.lte = filters.capacityMax;
+  }
+
+  if (filters.roadAccess && filters.roadAccess.length > 0) {
+    where.roadAccess = { in: filters.roadAccess };
+  }
+
+  if (filters.electricity && filters.electricity.length > 0) {
+    where.electricity = { in: filters.electricity };
+  }
+
+  if (filters.gsmMaxKm !== undefined) {
+    if (filters.gsmMaxKm === 0) {
+      where.gsmAtCarbet = true;
+    } else {
+      where.OR = [
+        ...(where.OR ?? []),
+        { gsmAtCarbet: true },
+        { gsmExitDistanceKm: { lte: filters.gsmMaxKm } },
+      ];
+    }
   }
 
   if (filters.accessibility === "road-only") {
@@ -182,6 +254,10 @@ export async function searchCarbets(
       maxStayNights: true,
       minCapacity: true,
       description: true,
+      roadAccess: true,
+      electricity: true,
+      gsmAtCarbet: true,
+      gsmExitDistanceKm: true,
       nightlyPrice: true,
       latitude: true,
       longitude: true,
@@ -222,6 +298,10 @@ export async function searchCarbets(
       nightlyPrice: carbet.nightlyPrice.toString(),
       latitude: Number(carbet.latitude),
       longitude: Number(carbet.longitude),
+      roadAccess: carbet.roadAccess,
+      electricity: carbet.electricity,
+      gsmAtCarbet: carbet.gsmAtCarbet,
+      gsmExitDistanceKm: carbet.gsmExitDistanceKm !== null ? Number(carbet.gsmExitDistanceKm) : null,
     };
   });
 }
diff --git a/src/lib/search-profiles.ts b/src/lib/search-profiles.ts
new file mode 100644
index 0000000..cff37da
--- /dev/null
+++ b/src/lib/search-profiles.ts
@@ -0,0 +1,79 @@
+/**
+ * Profils de séjour prédéfinis — chips au-dessus des facettes.
+ * Chaque profil pose un set de query params qui pré-cochent les filtres.
+ */
+
+import { Electricity, RoadAccess } from "@/generated/prisma/enums";
+
+export type SearchProfile = {
+  id: string;
+  emoji: string;
+  label: string;
+  description: string;
+  params: Record<string, string>;
+};
+
+export const SEARCH_PROFILES: SearchProfile[] = [
+  {
+    id: "deconnexion",
+    emoji: "🌿",
+    label: "Déconnexion totale",
+    description: "Zone blanche, pas d'électricité, accès pirogue, 2-4 personnes.",
+    params: {
+      roadAccess: RoadAccess.NONE,
+      electricity: `${Electricity.NONE},${Electricity.SOLAR}`,
+      capacityMax: "4",
+    },
+  },
+  {
+    id: "teletravail",
+    emoji: "💻",
+    label: "Télétravail nature",
+    description: "Route, EDF, 4G au carbet — bureau au bord du fleuve.",
+    params: {
+      roadAccess: RoadAccess.ALL_YEAR,
+      electricity: Electricity.EDF,
+      gsmMaxKm: "0",
+    },
+  },
+  {
+    id: "famille-weekend",
+    emoji: "🏝️",
+    label: "Famille week-end",
+    description: "Route toute saison, électricité, capacité 4-8.",
+    params: {
+      roadAccess: RoadAccess.ALL_YEAR,
+      electricity: `${Electricity.EDF},${Electricity.GENERATOR_READY}`,
+      capacity: "4",
+      capacityMax: "8",
+    },
+  },
+  {
+    id: "astreinte",
+    emoji: "📞",
+    label: "Astreinte sereine",
+    description: "Réseau accessible (au max 1 km), EDF, route saison sèche min.",
+    params: {
+      gsmMaxKm: "1",
+      electricity: `${Electricity.EDF},${Electricity.GENERATOR_READY}`,
+      roadAccess: `${RoadAccess.DRY_SEASON_ONLY},${RoadAccess.ALL_YEAR}`,
+    },
+  },
+  {
+    id: "aventure",
+    emoji: "🛶",
+    label: "Aventure expédition",
+    description: "Accès pirogue uniquement, petit groupe 2-4.",
+    params: {
+      roadAccess: RoadAccess.NONE,
+      capacityMax: "4",
+    },
+  },
+];
+
+export function buildProfileUrl(profileId: string): string {
+  const profile = SEARCH_PROFILES.find((p) => p.id === profileId);
+  if (!profile) return "/carbets";
+  const search = new URLSearchParams(profile.params);
+  return `/carbets?${search.toString()}`;
+}

From 4901bb950ebc826de43adeb50b0498ed0157a896 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 02:46:34 +0000
Subject: [PATCH 27/47] =?UTF-8?q?feat(forms):=204=20crit=C3=A8res=20op?=
 =?UTF-8?q?=C3=A9rationnels=20dans=20formulaires=20admin=20+=20espace=20h?=
 =?UTF-8?q?=C3=B4te?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/admin/carbets/[id]/page.tsx           |  4 +
 .../admin/carbets/_components/CarbetForm.tsx  | 61 +++++++++++++
 src/app/admin/carbets/actions.ts              | 16 +++-
 .../espace-hote/carbets/[carbetId]/page.tsx   |  8 ++
 .../carbets/_components/carbet-form.tsx       | 88 +++++++++++++++++++
 src/app/espace-hote/carbets/actions.ts        | 53 ++++++++++-
 6 files changed, 228 insertions(+), 2 deletions(-)

diff --git a/src/app/admin/carbets/[id]/page.tsx b/src/app/admin/carbets/[id]/page.tsx
index 7799bef..bf7a972 100644
--- a/src/app/admin/carbets/[id]/page.tsx
+++ b/src/app/admin/carbets/[id]/page.tsx
@@ -94,6 +94,10 @@ export default async function EditCarbetPage({ params }: PageProps) {
           capacity: carbet.capacity,
           nightlyPrice: carbet.nightlyPrice.toString(),
           accessType: carbet.accessType,
+          roadAccess: carbet.roadAccess,
+          electricity: carbet.electricity,
+          gsmAtCarbet: carbet.gsmAtCarbet,
+          gsmExitDistanceKm: carbet.gsmExitDistanceKm !== null ? carbet.gsmExitDistanceKm.toString() : null,
           roadAccessNote: carbet.roadAccessNote,
           pirogueDurationMin: carbet.pirogueDurationMin,
           minStayNights: carbet.minStayNights,
diff --git a/src/app/admin/carbets/_components/CarbetForm.tsx b/src/app/admin/carbets/_components/CarbetForm.tsx
index 260996b..4ddabe8 100644
--- a/src/app/admin/carbets/_components/CarbetForm.tsx
+++ b/src/app/admin/carbets/_components/CarbetForm.tsx
@@ -20,6 +20,10 @@ export type CarbetFormInitial = {
   capacity?: number;
   nightlyPrice?: number | string;
   accessType?: string;
+  roadAccess?: string | null;
+  electricity?: string | null;
+  gsmAtCarbet?: boolean;
+  gsmExitDistanceKm?: number | string | null;
   roadAccessNote?: string | null;
   pirogueDurationMin?: number | null;
   minStayNights?: number | null;
@@ -189,6 +193,63 @@ export function CarbetForm({ initial = {}, owners, providers, action, submitLabe
           </div>
         </section>
 
+        {/* Critères opérationnels */}
+        <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+          <h2 className="mb-1 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+            Critères opérationnels
+          </h2>
+          <p className="mb-4 text-xs text-zinc-500">
+            Les 4 dealbreakers d&apos;un séjour en carbet guyanais. Indispensable pour les filtres recherche.
+          </p>
+          <div className="grid grid-cols-1 gap-4 sm:grid-cols-2">
+            <FormField label="🛣️ Accès route" hint="Praticabilité de l'accès depuis la route">
+              <select name="roadAccess" defaultValue={initial.roadAccess ?? ""} className={selectCls}>
+                <option value="">— non précisé —</option>
+                <option value="ALL_YEAR">🛣️ Toute saison</option>
+                <option value="DRY_SEASON_ONLY">🟠 Saison sèche uniquement</option>
+                <option value="NONE">🛶 Pirogue uniquement</option>
+              </select>
+            </FormField>
+
+            <FormField label="⚡ Électricité" hint="Comment est alimenté le carbet ?">
+              <select name="electricity" defaultValue={initial.electricity ?? ""} className={selectCls}>
+                <option value="">— non précisé —</option>
+                <option value="EDF">⚡ EDF / raccordé réseau</option>
+                <option value="GENERATOR_READY">🔌 Préinstallation groupe électrogène</option>
+                <option value="SOLAR">☀️ Solaire</option>
+                <option value="NONE">🕯️ Aucune électricité</option>
+              </select>
+            </FormField>
+
+            <FormField label="📶 Réseau GSM au carbet" hint="Téléphone capte directement sur place ?">
+              <select
+                name="gsmAtCarbet"
+                defaultValue={initial.gsmAtCarbet ? "yes" : "no"}
+                className={selectCls}
+              >
+                <option value="yes">✅ Oui, signal au carbet</option>
+                <option value="no">❌ Non, zone sans réseau</option>
+              </select>
+            </FormField>
+
+            <FormField
+              label="📵 Distance pour atteindre le réseau (km)"
+              hint="Si pas de réseau au carbet — sinon laisser vide"
+            >
+              <input
+                name="gsmExitDistanceKm"
+                type="number"
+                min={0}
+                max={50}
+                step="0.1"
+                defaultValue={initial.gsmExitDistanceKm?.toString() ?? ""}
+                placeholder="ex. 1.5"
+                className={inputCls}
+              />
+            </FormField>
+          </div>
+        </section>
+
         {/* Séjour & tarif */}
         <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
           <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Séjour &amp; tarif</h2>
diff --git a/src/app/admin/carbets/actions.ts b/src/app/admin/carbets/actions.ts
index 9e2fbff..2004bd8 100644
--- a/src/app/admin/carbets/actions.ts
+++ b/src/app/admin/carbets/actions.ts
@@ -10,7 +10,9 @@ import { prisma } from "@/lib/prisma";
 import {
   AccessType,
   CarbetStatus,
+  Electricity,
   MediaType,
+  RoadAccess,
   TransportMode,
   UserRole,
 } from "@/generated/prisma/enums";
@@ -29,6 +31,16 @@ const baseCarbetSchema = z.object({
   capacity: z.coerce.number().int().min(1).max(100),
   nightlyPrice: z.coerce.number().min(0).max(100000),
   accessType: z.enum([AccessType.ROAD_AND_RIVER, AccessType.RIVER_ONLY]),
+  roadAccess: z
+    .enum([RoadAccess.NONE, RoadAccess.DRY_SEASON_ONLY, RoadAccess.ALL_YEAR])
+    .optional()
+    .nullable(),
+  electricity: z
+    .enum([Electricity.NONE, Electricity.SOLAR, Electricity.GENERATOR_READY, Electricity.EDF])
+    .optional()
+    .nullable(),
+  gsmAtCarbet: z.preprocess((v) => v === "yes" || v === true, z.boolean()),
+  gsmExitDistanceKm: z.coerce.number().min(0).max(50).optional().nullable(),
   roadAccessNote: z.string().trim().max(1000).optional().nullable(),
   pirogueDurationMin: z.coerce.number().int().min(0).max(1440).optional().nullable(),
   minStayNights: z.coerce.number().int().min(1).max(365).optional().nullable(),
@@ -53,9 +65,11 @@ function parseFromFormData(fd: FormData) {
     if (typeof v === "string") obj[k] = v;
   }
   // Normalise les champs optionnels nullables
-  ["roadAccessNote", "pirogueDurationMin", "minStayNights", "maxStayNights", "minCapacity", "transportMode", "pirogueProviderId"].forEach(
+  ["roadAccessNote", "pirogueDurationMin", "minStayNights", "maxStayNights", "minCapacity", "transportMode", "pirogueProviderId", "roadAccess", "electricity", "gsmExitDistanceKm"].forEach(
     (k) => (obj[k] = normalizeNullable(obj[k] as string | null | undefined)),
   );
+  // gsmAtCarbet : si pas posté, on garde la valeur (sera traité par preprocess Zod)
+  if (!("gsmAtCarbet" in obj)) obj.gsmAtCarbet = "no";
   return obj;
 }
 
diff --git a/src/app/espace-hote/carbets/[carbetId]/page.tsx b/src/app/espace-hote/carbets/[carbetId]/page.tsx
index 2b8b069..39ae0f9 100644
--- a/src/app/espace-hote/carbets/[carbetId]/page.tsx
+++ b/src/app/espace-hote/carbets/[carbetId]/page.tsx
@@ -32,6 +32,10 @@ export default async function EditCarbetPage({
       embarkPoint: true,
       pirogueDurationMin: true,
       capacity: true,
+      roadAccess: true,
+      electricity: true,
+      gsmAtCarbet: true,
+      gsmExitDistanceKm: true,
       status: true,
       media: {
         orderBy: { sortOrder: "asc" },
@@ -54,6 +58,10 @@ export default async function EditCarbetPage({
     embarkPoint: carbet.embarkPoint,
     pirogueDurationMin: String(carbet.pirogueDurationMin),
     capacity: String(carbet.capacity),
+    roadAccess: carbet.roadAccess ?? "",
+    electricity: carbet.electricity ?? "",
+    gsmAtCarbet: carbet.gsmAtCarbet,
+    gsmExitDistanceKm: carbet.gsmExitDistanceKm !== null ? carbet.gsmExitDistanceKm.toString() : "",
     status: carbet.status,
     amenityKeys: carbet.amenities.map((entry) => entry.amenity.key),
   };
diff --git a/src/app/espace-hote/carbets/_components/carbet-form.tsx b/src/app/espace-hote/carbets/_components/carbet-form.tsx
index ac2d234..3a484c6 100644
--- a/src/app/espace-hote/carbets/_components/carbet-form.tsx
+++ b/src/app/espace-hote/carbets/_components/carbet-form.tsx
@@ -17,6 +17,10 @@ export type CarbetFormDefaults = {
   embarkPoint: string;
   pirogueDurationMin: string;
   capacity: string;
+  roadAccess: string;
+  electricity: string;
+  gsmAtCarbet: boolean;
+  gsmExitDistanceKm: string;
   status: CarbetStatus;
   amenityKeys: string[];
 };
@@ -216,6 +220,90 @@ export function CarbetForm({
         </div>
       </section>
 
+      <section className="space-y-4 rounded-md border border-emerald-200 bg-emerald-50/30 p-4">
+        <div>
+          <h2 className="text-lg font-semibold text-zinc-900">
+            Critères opérationnels
+          </h2>
+          <p className="text-xs text-zinc-600">
+            Les 4 dealbreakers d&apos;un séjour en carbet. Ces critères apparaissent
+            en grand sur votre fiche et alimentent les filtres recherche.
+          </p>
+        </div>
+        <div className="grid grid-cols-1 gap-4 sm:grid-cols-2">
+          <div>
+            <label className={labelClass} htmlFor="roadAccess">
+              🛣️ Accès route
+            </label>
+            <select
+              id="roadAccess"
+              name="roadAccess"
+              defaultValue={defaults.roadAccess ?? ""}
+              className={inputClass}
+            >
+              <option value="">— non précisé —</option>
+              <option value="ALL_YEAR">🛣️ Toute saison</option>
+              <option value="DRY_SEASON_ONLY">🟠 Saison sèche uniquement</option>
+              <option value="NONE">🛶 Pirogue uniquement</option>
+            </select>
+            <FieldError message={state.errors.roadAccess} />
+          </div>
+          <div>
+            <label className={labelClass} htmlFor="electricity">
+              ⚡ Électricité
+            </label>
+            <select
+              id="electricity"
+              name="electricity"
+              defaultValue={defaults.electricity ?? ""}
+              className={inputClass}
+            >
+              <option value="">— non précisé —</option>
+              <option value="EDF">⚡ EDF / raccordé réseau</option>
+              <option value="GENERATOR_READY">🔌 Préinstall groupe électrogène</option>
+              <option value="SOLAR">☀️ Solaire</option>
+              <option value="NONE">🕯️ Aucune électricité</option>
+            </select>
+            <FieldError message={state.errors.electricity} />
+          </div>
+          <div>
+            <label className={labelClass} htmlFor="gsmAtCarbet">
+              📶 Réseau GSM au carbet
+            </label>
+            <select
+              id="gsmAtCarbet"
+              name="gsmAtCarbet"
+              defaultValue={defaults.gsmAtCarbet ? "yes" : "no"}
+              className={inputClass}
+            >
+              <option value="yes">✅ Oui, signal au carbet</option>
+              <option value="no">❌ Non, zone sans réseau</option>
+            </select>
+            <FieldError message={state.errors.gsmAtCarbet} />
+          </div>
+          <div>
+            <label className={labelClass} htmlFor="gsmExitDistanceKm">
+              📵 Distance pour atteindre le réseau (km)
+            </label>
+            <input
+              id="gsmExitDistanceKm"
+              name="gsmExitDistanceKm"
+              type="number"
+              min={0}
+              max={50}
+              step="0.1"
+              defaultValue={defaults.gsmExitDistanceKm ?? ""}
+              placeholder="ex. 1.5"
+              className={inputClass}
+            />
+            <p className="mt-1 text-xs text-zinc-500">
+              Laissez vide si réseau au carbet
+            </p>
+            <FieldError message={state.errors.gsmExitDistanceKm} />
+          </div>
+        </div>
+      </section>
+
       <section className="space-y-4">
         <h2 className="text-lg font-semibold text-zinc-900">Commodités</h2>
         <div className="grid grid-cols-1 gap-2 sm:grid-cols-2">
diff --git a/src/app/espace-hote/carbets/actions.ts b/src/app/espace-hote/carbets/actions.ts
index 8964376..ba29ac4 100644
--- a/src/app/espace-hote/carbets/actions.ts
+++ b/src/app/espace-hote/carbets/actions.ts
@@ -9,7 +9,7 @@ import { prisma } from "@/lib/prisma";
 import { ensureUniqueCarbetSlug } from "@/lib/slug";
 import { deleteObject } from "@/lib/storage";
 import { Prisma } from "@/generated/prisma/client";
-import { CarbetStatus } from "@/generated/prisma/enums";
+import { CarbetStatus, Electricity, RoadAccess } from "@/generated/prisma/enums";
 
 import type { CarbetFormState } from "./form-types";
 
@@ -22,10 +22,26 @@ type ParsedCarbet = {
   embarkPoint: string;
   pirogueDurationMin: number;
   capacity: number;
+  roadAccess: RoadAccess | null;
+  electricity: Electricity | null;
+  gsmAtCarbet: boolean;
+  gsmExitDistanceKm: number | null;
   status: CarbetStatus;
   amenities: string[];
 };
 
+function isRoadAccess(v: string): v is RoadAccess {
+  return v === RoadAccess.NONE || v === RoadAccess.DRY_SEASON_ONLY || v === RoadAccess.ALL_YEAR;
+}
+function isElectricity(v: string): v is Electricity {
+  return (
+    v === Electricity.NONE ||
+    v === Electricity.SOLAR ||
+    v === Electricity.GENERATOR_READY ||
+    v === Electricity.EDF
+  );
+}
+
 function isCarbetStatus(value: string): value is CarbetStatus {
   return (Object.values(CarbetStatus) as string[]).includes(value);
 }
@@ -107,6 +123,29 @@ function parseCarbetForm(formData: FormData): {
 
   const status = isCarbetStatus(statusRaw) ? statusRaw : CarbetStatus.DRAFT;
 
+  // Critères opérationnels
+  const roadAccessRaw = String(formData.get("roadAccess") ?? "").trim();
+  const roadAccess = isRoadAccess(roadAccessRaw) ? roadAccessRaw : null;
+
+  const electricityRaw = String(formData.get("electricity") ?? "").trim();
+  const electricity = isElectricity(electricityRaw) ? electricityRaw : null;
+
+  const gsmAtCarbet = String(formData.get("gsmAtCarbet") ?? "no") === "yes";
+
+  const gsmExitRaw = String(formData.get("gsmExitDistanceKm") ?? "").trim();
+  let gsmExitDistanceKm: number | null = null;
+  if (gsmExitRaw) {
+    const n = Number(gsmExitRaw);
+    if (Number.isFinite(n) && n >= 0 && n <= 50) {
+      gsmExitDistanceKm = n;
+    } else {
+      errors.gsmExitDistanceKm = "Distance invalide (0 à 50 km).";
+    }
+  }
+
+  // Cohérence : si GSM au carbet, on ignore la distance
+  const finalGsmExitDistanceKm = gsmAtCarbet ? null : gsmExitDistanceKm;
+
   return {
     data: {
       title,
@@ -117,6 +156,10 @@ function parseCarbetForm(formData: FormData): {
       embarkPoint,
       pirogueDurationMin,
       capacity,
+      roadAccess,
+      electricity,
+      gsmAtCarbet,
+      gsmExitDistanceKm: finalGsmExitDistanceKm,
       status,
       amenities,
     },
@@ -183,6 +226,10 @@ export async function createCarbet(
         embarkPoint: data.embarkPoint,
         pirogueDurationMin: data.pirogueDurationMin,
         capacity: data.capacity,
+        roadAccess: data.roadAccess,
+        electricity: data.electricity,
+        gsmAtCarbet: data.gsmAtCarbet,
+        gsmExitDistanceKm: data.gsmExitDistanceKm,
         status: CarbetStatus.DRAFT,
       },
       select: { id: true },
@@ -239,6 +286,10 @@ export async function updateCarbet(
         embarkPoint: data.embarkPoint,
         pirogueDurationMin: data.pirogueDurationMin,
         capacity: data.capacity,
+        roadAccess: data.roadAccess,
+        electricity: data.electricity,
+        gsmAtCarbet: data.gsmAtCarbet,
+        gsmExitDistanceKm: data.gsmExitDistanceKm,
         status: data.status,
       },
     });

From e2f3f070faed517c8b63594a5d64817961c69945 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 03:26:04 +0000
Subject: [PATCH 28/47] =?UTF-8?q?feat(rental):=20Sprint=20A=20=E2=80=94=20?=
 =?UTF-8?q?mod=C3=A8le=20Prisma=20+=20admin=20CRUD=20+=20seed=2013=20items?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../migration.sql                             | 112 +++++++++++++
 prisma/schema.prisma                          | 143 +++++++++++++++-
 .../[id]/_components/ItemInlineActions.tsx    |  86 ++++++++++
 src/app/admin/rental-items/[id]/page.tsx      |  83 ++++++++++
 .../rental-items/_components/ItemForm.tsx     | 141 ++++++++++++++++
 src/app/admin/rental-items/actions.ts         | 129 +++++++++++++++
 src/app/admin/rental-items/new/page.tsx       |  31 ++++
 src/app/admin/rental-items/page.tsx           | 152 ++++++++++++++++++
 .../_components/ProviderInlineActions.tsx     | 120 ++++++++++++++
 src/app/admin/rental-providers/[id]/page.tsx  | 136 ++++++++++++++++
 .../_components/ProviderForm.tsx              | 132 +++++++++++++++
 src/app/admin/rental-providers/actions.ts     | 150 +++++++++++++++++
 src/app/admin/rental-providers/new/page.tsx   |  21 +++
 src/app/admin/rental-providers/page.tsx       | 149 +++++++++++++++++
 src/app/admin/rentals/page.tsx                | 141 ++++++++++++++++
 src/components/admin/Sidebar.tsx              |   3 +
 src/lib/admin/rental-bookings.ts              |  60 +++++++
 src/lib/admin/rental-items.ts                 | 111 +++++++++++++
 src/lib/admin/rental-providers.ts             | 106 ++++++++++++
 19 files changed, 2000 insertions(+), 6 deletions(-)
 create mode 100644 prisma/migrations/20260603000000_rental_marketplace/migration.sql
 create mode 100644 src/app/admin/rental-items/[id]/_components/ItemInlineActions.tsx
 create mode 100644 src/app/admin/rental-items/[id]/page.tsx
 create mode 100644 src/app/admin/rental-items/_components/ItemForm.tsx
 create mode 100644 src/app/admin/rental-items/actions.ts
 create mode 100644 src/app/admin/rental-items/new/page.tsx
 create mode 100644 src/app/admin/rental-items/page.tsx
 create mode 100644 src/app/admin/rental-providers/[id]/_components/ProviderInlineActions.tsx
 create mode 100644 src/app/admin/rental-providers/[id]/page.tsx
 create mode 100644 src/app/admin/rental-providers/_components/ProviderForm.tsx
 create mode 100644 src/app/admin/rental-providers/actions.ts
 create mode 100644 src/app/admin/rental-providers/new/page.tsx
 create mode 100644 src/app/admin/rental-providers/page.tsx
 create mode 100644 src/app/admin/rentals/page.tsx
 create mode 100644 src/lib/admin/rental-bookings.ts
 create mode 100644 src/lib/admin/rental-items.ts
 create mode 100644 src/lib/admin/rental-providers.ts

diff --git a/prisma/migrations/20260603000000_rental_marketplace/migration.sql b/prisma/migrations/20260603000000_rental_marketplace/migration.sql
new file mode 100644
index 0000000..65b4eb1
--- /dev/null
+++ b/prisma/migrations/20260603000000_rental_marketplace/migration.sql
@@ -0,0 +1,112 @@
+-- UserRole : ajouter RENTAL_PROVIDER
+ALTER TYPE "UserRole" ADD VALUE IF NOT EXISTS 'RENTAL_PROVIDER';
+
+-- Enums dédiés
+CREATE TYPE "RentalCategory" AS ENUM ('SLEEP', 'NAVIGATION', 'FISHING', 'COOKING', 'SAFETY');
+CREATE TYPE "RentalBookingStatus" AS ENUM ('PENDING', 'CONFIRMED', 'HANDED_OVER', 'RETURNED', 'CANCELLED');
+
+-- RentalProvider
+CREATE TABLE "RentalProvider" (
+  "id" TEXT NOT NULL,
+  "name" TEXT NOT NULL,
+  "isSystemD" BOOLEAN NOT NULL DEFAULT false,
+  "managedByUserId" TEXT,
+  "contactEmail" TEXT,
+  "contactPhone" TEXT,
+  "rivers" TEXT[] DEFAULT ARRAY[]::TEXT[],
+  "description" TEXT,
+  "commissionPct" DECIMAL(5,2) NOT NULL DEFAULT 0,
+  "active" BOOLEAN NOT NULL DEFAULT true,
+  "approved" BOOLEAN NOT NULL DEFAULT false,
+  "approvedAt" TIMESTAMP(3),
+  "approvedBy" TEXT,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  "updatedAt" TIMESTAMP(3) NOT NULL,
+  CONSTRAINT "RentalProvider_pkey" PRIMARY KEY ("id"),
+  CONSTRAINT "RentalProvider_managedByUserId_fkey" FOREIGN KEY ("managedByUserId") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE
+);
+CREATE INDEX "RentalProvider_active_approved_idx" ON "RentalProvider"("active", "approved");
+CREATE INDEX "RentalProvider_managedByUserId_idx" ON "RentalProvider"("managedByUserId");
+
+-- RentalItem
+CREATE TABLE "RentalItem" (
+  "id" TEXT NOT NULL,
+  "providerId" TEXT NOT NULL,
+  "category" "RentalCategory" NOT NULL,
+  "name" TEXT NOT NULL,
+  "description" TEXT,
+  "imageUrl" TEXT,
+  "pricePerDay" DECIMAL(8,2) NOT NULL,
+  "pricePerWeek" DECIMAL(8,2),
+  "deposit" DECIMAL(8,2) NOT NULL DEFAULT 0,
+  "totalQty" INTEGER NOT NULL DEFAULT 1,
+  "withMotor" BOOLEAN NOT NULL DEFAULT false,
+  "fuelIncluded" BOOLEAN NOT NULL DEFAULT false,
+  "requiresLicense" BOOLEAN NOT NULL DEFAULT false,
+  "active" BOOLEAN NOT NULL DEFAULT true,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  "updatedAt" TIMESTAMP(3) NOT NULL,
+  CONSTRAINT "RentalItem_pkey" PRIMARY KEY ("id"),
+  CONSTRAINT "RentalItem_providerId_fkey" FOREIGN KEY ("providerId") REFERENCES "RentalProvider"("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+CREATE INDEX "RentalItem_providerId_idx" ON "RentalItem"("providerId");
+CREATE INDEX "RentalItem_category_active_idx" ON "RentalItem"("category", "active");
+
+-- RentalItemAvailability
+CREATE TABLE "RentalItemAvailability" (
+  "id" TEXT NOT NULL,
+  "itemId" TEXT NOT NULL,
+  "startDate" TIMESTAMP(3) NOT NULL,
+  "endDate" TIMESTAMP(3) NOT NULL,
+  "qty" INTEGER NOT NULL,
+  "reason" TEXT NOT NULL,
+  "rentalBookingId" TEXT,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "RentalItemAvailability_pkey" PRIMARY KEY ("id"),
+  CONSTRAINT "RentalItemAvailability_itemId_fkey" FOREIGN KEY ("itemId") REFERENCES "RentalItem"("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+CREATE INDEX "RentalItemAvailability_itemId_startDate_endDate_idx" ON "RentalItemAvailability"("itemId", "startDate", "endDate");
+CREATE INDEX "RentalItemAvailability_rentalBookingId_idx" ON "RentalItemAvailability"("rentalBookingId");
+
+-- RentalBooking
+CREATE TABLE "RentalBooking" (
+  "id" TEXT NOT NULL,
+  "bookingId" TEXT,
+  "tenantId" TEXT NOT NULL,
+  "providerId" TEXT NOT NULL,
+  "startDate" TIMESTAMP(3) NOT NULL,
+  "endDate" TIMESTAMP(3) NOT NULL,
+  "status" "RentalBookingStatus" NOT NULL DEFAULT 'PENDING',
+  "paymentStatus" "PaymentStatus" NOT NULL DEFAULT 'PENDING',
+  "itemsTotal" DECIMAL(10,2) NOT NULL,
+  "depositTotal" DECIMAL(10,2) NOT NULL,
+  "commissionAmount" DECIMAL(10,2) NOT NULL DEFAULT 0,
+  "amount" DECIMAL(10,2) NOT NULL,
+  "currency" TEXT NOT NULL DEFAULT 'EUR',
+  "stripeSessionId" TEXT,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  "updatedAt" TIMESTAMP(3) NOT NULL,
+  CONSTRAINT "RentalBooking_pkey" PRIMARY KEY ("id"),
+  CONSTRAINT "RentalBooking_bookingId_fkey" FOREIGN KEY ("bookingId") REFERENCES "Booking"("id") ON DELETE SET NULL ON UPDATE CASCADE,
+  CONSTRAINT "RentalBooking_tenantId_fkey" FOREIGN KEY ("tenantId") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE,
+  CONSTRAINT "RentalBooking_providerId_fkey" FOREIGN KEY ("providerId") REFERENCES "RentalProvider"("id") ON DELETE RESTRICT ON UPDATE CASCADE
+);
+CREATE INDEX "RentalBooking_tenantId_status_idx" ON "RentalBooking"("tenantId", "status");
+CREATE INDEX "RentalBooking_providerId_status_idx" ON "RentalBooking"("providerId", "status");
+CREATE INDEX "RentalBooking_bookingId_idx" ON "RentalBooking"("bookingId");
+CREATE INDEX "RentalBooking_startDate_endDate_idx" ON "RentalBooking"("startDate", "endDate");
+
+-- RentalLine
+CREATE TABLE "RentalLine" (
+  "id" TEXT NOT NULL,
+  "rentalBookingId" TEXT NOT NULL,
+  "itemId" TEXT NOT NULL,
+  "qty" INTEGER NOT NULL,
+  "pricePerDay" DECIMAL(8,2) NOT NULL,
+  "deposit" DECIMAL(8,2) NOT NULL DEFAULT 0,
+  "lineTotal" DECIMAL(10,2) NOT NULL,
+  CONSTRAINT "RentalLine_pkey" PRIMARY KEY ("id"),
+  CONSTRAINT "RentalLine_rentalBookingId_fkey" FOREIGN KEY ("rentalBookingId") REFERENCES "RentalBooking"("id") ON DELETE CASCADE ON UPDATE CASCADE,
+  CONSTRAINT "RentalLine_itemId_fkey" FOREIGN KEY ("itemId") REFERENCES "RentalItem"("id") ON DELETE RESTRICT ON UPDATE CASCADE
+);
+CREATE INDEX "RentalLine_rentalBookingId_idx" ON "RentalLine"("rentalBookingId");
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 0636340..7580413 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -13,6 +13,7 @@ enum UserRole {
   CE_MEMBER
   TOURIST
   ADMIN
+  RENTAL_PROVIDER
 }
 
 enum CarbetStatus {
@@ -97,11 +98,13 @@ model User {
   createdAt      DateTime @default(now())
   updatedAt      DateTime @updatedAt
 
-  organization  Organization?  @relation(fields: [organizationId], references: [id], onDelete: SetNull)
-  carbets       Carbet[]       @relation("CarbetOwner")
-  bookings      Booking[]      @relation("BookingTenant")
-  reviews       Review[]       @relation("ReviewAuthor")
-  subscriptions Subscription[]
+  organization     Organization?    @relation(fields: [organizationId], references: [id], onDelete: SetNull)
+  carbets          Carbet[]         @relation("CarbetOwner")
+  bookings         Booking[]        @relation("BookingTenant")
+  reviews          Review[]         @relation("ReviewAuthor")
+  subscriptions    Subscription[]
+  rentalProviders  RentalProvider[]
+  rentalBookings   RentalBooking[]  @relation("RentalBookingTenant")
 
   @@index([organizationId])
   @@index([role])
@@ -249,7 +252,8 @@ model Booking {
   carbet Carbet @relation(fields: [carbetId], references: [id], onDelete: Restrict)
   tenant User   @relation("BookingTenant", fields: [tenantId], references: [id], onDelete: Restrict)
 
-  review Review?
+  review         Review?
+  rentalBookings RentalBooking[]
 
   @@index([carbetId])
   @@index([tenantId])
@@ -399,3 +403,130 @@ enum Electricity {
   GENERATOR_READY
   EDF
 }
+
+enum RentalCategory {
+  SLEEP
+  NAVIGATION
+  FISHING
+  COOKING
+  SAFETY
+}
+
+enum RentalBookingStatus {
+  PENDING
+  CONFIRMED
+  HANDED_OVER
+  RETURNED
+  CANCELLED
+}
+
+model RentalProvider {
+  id              String   @id @default(cuid())
+  name            String
+  isSystemD       Boolean  @default(false)
+  managedByUserId String?
+  contactEmail    String?
+  contactPhone    String?
+  rivers          String[] @default([])
+  description     String?
+  commissionPct   Decimal  @db.Decimal(5, 2) @default(0)
+  active          Boolean  @default(true)
+  approved        Boolean  @default(false)
+  approvedAt      DateTime?
+  approvedBy      String?
+  createdAt       DateTime @default(now())
+  updatedAt       DateTime @updatedAt
+
+  manager        User?           @relation(fields: [managedByUserId], references: [id], onDelete: SetNull)
+  items          RentalItem[]
+  rentalBookings RentalBooking[]
+
+  @@index([active, approved])
+  @@index([managedByUserId])
+}
+
+model RentalItem {
+  id              String         @id @default(cuid())
+  providerId      String
+  category        RentalCategory
+  name            String
+  description     String?
+  imageUrl        String?
+  pricePerDay     Decimal        @db.Decimal(8, 2)
+  pricePerWeek    Decimal?       @db.Decimal(8, 2)
+  deposit         Decimal        @db.Decimal(8, 2) @default(0)
+  totalQty        Int            @default(1)
+  withMotor       Boolean        @default(false)
+  fuelIncluded    Boolean        @default(false)
+  requiresLicense Boolean        @default(false)
+  active          Boolean        @default(true)
+  createdAt       DateTime       @default(now())
+  updatedAt       DateTime       @updatedAt
+
+  provider       RentalProvider           @relation(fields: [providerId], references: [id], onDelete: Cascade)
+  availabilities RentalItemAvailability[]
+  lines          RentalLine[]
+
+  @@index([providerId])
+  @@index([category, active])
+}
+
+model RentalItemAvailability {
+  id              String   @id @default(cuid())
+  itemId          String
+  startDate       DateTime
+  endDate         DateTime
+  qty             Int
+  reason          String
+  rentalBookingId String?
+  createdAt       DateTime @default(now())
+
+  item RentalItem @relation(fields: [itemId], references: [id], onDelete: Cascade)
+
+  @@index([itemId, startDate, endDate])
+  @@index([rentalBookingId])
+}
+
+model RentalBooking {
+  id               String              @id @default(cuid())
+  bookingId        String?
+  tenantId         String
+  providerId       String
+  startDate        DateTime
+  endDate          DateTime
+  status           RentalBookingStatus @default(PENDING)
+  paymentStatus    PaymentStatus       @default(PENDING)
+  itemsTotal       Decimal             @db.Decimal(10, 2)
+  depositTotal     Decimal             @db.Decimal(10, 2)
+  commissionAmount Decimal             @db.Decimal(10, 2) @default(0)
+  amount           Decimal             @db.Decimal(10, 2)
+  currency         String              @default("EUR")
+  stripeSessionId  String?
+  createdAt        DateTime            @default(now())
+  updatedAt        DateTime            @updatedAt
+
+  booking  Booking?       @relation(fields: [bookingId], references: [id], onDelete: SetNull)
+  tenant   User           @relation("RentalBookingTenant", fields: [tenantId], references: [id], onDelete: Restrict)
+  provider RentalProvider @relation(fields: [providerId], references: [id], onDelete: Restrict)
+  lines    RentalLine[]
+
+  @@index([tenantId, status])
+  @@index([providerId, status])
+  @@index([bookingId])
+  @@index([startDate, endDate])
+}
+
+model RentalLine {
+  id              String  @id @default(cuid())
+  rentalBookingId String
+  itemId          String
+  qty             Int
+  pricePerDay     Decimal @db.Decimal(8, 2)
+  deposit         Decimal @db.Decimal(8, 2) @default(0)
+  lineTotal       Decimal @db.Decimal(10, 2)
+
+  rentalBooking RentalBooking @relation(fields: [rentalBookingId], references: [id], onDelete: Cascade)
+  item          RentalItem    @relation(fields: [itemId], references: [id], onDelete: Restrict)
+
+  @@index([rentalBookingId])
+}
diff --git a/src/app/admin/rental-items/[id]/_components/ItemInlineActions.tsx b/src/app/admin/rental-items/[id]/_components/ItemInlineActions.tsx
new file mode 100644
index 0000000..8a6a00f
--- /dev/null
+++ b/src/app/admin/rental-items/[id]/_components/ItemInlineActions.tsx
@@ -0,0 +1,86 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+type Props = {
+  active: boolean;
+  toggleActiveAction: (active: boolean) => Promise<{ ok: true } | { ok: false; error: string } | undefined>;
+  deleteAction: () => Promise<{ ok: true } | { ok: false; error: string } | undefined | void>;
+};
+
+export function ItemInlineActions({ active, toggleActiveAction, deleteAction }: Props) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [confirmDelete, setConfirmDelete] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  function toggle() {
+    setError(null);
+    startTransition(async () => {
+      const res = await toggleActiveAction(!active);
+      if (res && (res as { ok?: boolean }).ok === false) setError((res as { error: string }).error);
+      router.refresh();
+    });
+  }
+  function del() {
+    setError(null);
+    startTransition(async () => {
+      const res = await deleteAction();
+      if (res && (res as { ok?: boolean }).ok === false) {
+        setError((res as { error: string }).error);
+        setConfirmDelete(false);
+      }
+    });
+  }
+
+  return (
+    <div className="flex flex-col items-end gap-2">
+      <div className="flex flex-wrap items-center gap-2">
+        <button
+          type="button"
+          onClick={toggle}
+          disabled={pending}
+          className={
+            active
+              ? "rounded-md border border-amber-300 bg-amber-50 px-3 py-1.5 text-xs font-semibold text-amber-800 hover:bg-amber-100 disabled:opacity-50"
+              : "rounded-md bg-emerald-600 px-3 py-1.5 text-xs font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+          }
+        >
+          {active ? "Désactiver" : "Réactiver"}
+        </button>
+        {confirmDelete ? (
+          <div className="flex items-center gap-2 rounded border border-rose-300 bg-rose-50 px-2 py-1">
+            <span className="text-xs text-rose-900">Supprimer ?</span>
+            <button
+              type="button"
+              onClick={del}
+              disabled={pending}
+              className="rounded bg-rose-700 px-2 py-1 text-[11px] font-semibold text-white hover:bg-rose-800 disabled:opacity-50"
+            >
+              Oui
+            </button>
+            <button
+              type="button"
+              onClick={() => setConfirmDelete(false)}
+              disabled={pending}
+              className="text-[11px] text-zinc-500 hover:text-zinc-900"
+            >
+              Annuler
+            </button>
+          </div>
+        ) : (
+          <button
+            type="button"
+            onClick={() => setConfirmDelete(true)}
+            disabled={pending}
+            className="rounded-md border border-rose-300 bg-rose-50 px-3 py-1.5 text-xs font-semibold text-rose-700 hover:bg-rose-100 disabled:opacity-50"
+          >
+            Supprimer
+          </button>
+        )}
+      </div>
+      {error ? <div className="rounded border border-rose-200 bg-rose-50 px-2 py-1 text-xs text-rose-700">{error}</div> : null}
+    </div>
+  );
+}
diff --git a/src/app/admin/rental-items/[id]/page.tsx b/src/app/admin/rental-items/[id]/page.tsx
new file mode 100644
index 0000000..8f4dd4a
--- /dev/null
+++ b/src/app/admin/rental-items/[id]/page.tsx
@@ -0,0 +1,83 @@
+import { notFound } from "next/navigation";
+import Link from "next/link";
+
+import { StatusBadge } from "@/components/admin/StatusBadge";
+import { getRentalItemForAdmin, listProvidersForSelect, RENTAL_CATEGORY_LABEL } from "@/lib/admin/rental-items";
+
+import { ItemForm } from "../_components/ItemForm";
+import { ItemInlineActions } from "./_components/ItemInlineActions";
+import { deleteRentalItemAction, toggleRentalItemActiveAction, updateRentalItemAction } from "../actions";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = { params: Promise<{ id: string }> };
+
+export default async function EditRentalItemPage({ params }: PageProps) {
+  const { id } = await params;
+  const [item, providers] = await Promise.all([getRentalItemForAdmin(id), listProvidersForSelect()]);
+  if (!item) notFound();
+
+  const updateThis = async (fd: FormData) => {
+    "use server";
+    return await updateRentalItemAction(id, fd);
+  };
+  const toggleActiveThis = async (active: boolean) => {
+    "use server";
+    return await toggleRentalItemActiveAction(id, active);
+  };
+  const deleteThis = async () => {
+    "use server";
+    return await deleteRentalItemAction(id);
+  };
+
+  return (
+    <div className="mx-auto max-w-4xl space-y-6">
+      <header className="mt-2 flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <Link href="/admin/rental-items" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Tous les items
+          </Link>
+          <h1 className="mt-1 flex items-center gap-3 text-2xl font-semibold text-zinc-900">
+            {item.name}
+            <StatusBadge status={item.active ? "ACTIVE" : "INACTIVE"} />
+          </h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            {RENTAL_CATEGORY_LABEL[item.category]} ·{" "}
+            <Link href={`/admin/rental-providers/${item.provider.id}`} className="text-zinc-900 hover:underline">
+              {item.provider.name}
+            </Link>
+            {item.provider.isSystemD ? " (System D)" : ""}
+          </p>
+        </div>
+        <ItemInlineActions
+          active={item.active}
+          toggleActiveAction={toggleActiveThis}
+          deleteAction={deleteThis}
+        />
+      </header>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <ItemForm
+          providers={providers}
+          action={updateThis}
+          submitLabel="Enregistrer les modifications"
+          initial={{
+            providerId: item.providerId,
+            category: item.category,
+            name: item.name,
+            description: item.description,
+            imageUrl: item.imageUrl,
+            pricePerDay: item.pricePerDay.toString(),
+            pricePerWeek: item.pricePerWeek?.toString() ?? null,
+            deposit: item.deposit.toString(),
+            totalQty: item.totalQty,
+            withMotor: item.withMotor,
+            fuelIncluded: item.fuelIncluded,
+            requiresLicense: item.requiresLicense,
+            active: item.active,
+          }}
+        />
+      </section>
+    </div>
+  );
+}
diff --git a/src/app/admin/rental-items/_components/ItemForm.tsx b/src/app/admin/rental-items/_components/ItemForm.tsx
new file mode 100644
index 0000000..523dabc
--- /dev/null
+++ b/src/app/admin/rental-items/_components/ItemForm.tsx
@@ -0,0 +1,141 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { FormField, inputCls, selectCls, textareaCls } from "@/components/admin/FormField";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/admin/rental-items";
+import { RentalCategory } from "@/generated/prisma/enums";
+
+type Props = {
+  providers: { id: string; name: string; isSystemD: boolean }[];
+  initial?: {
+    providerId?: string;
+    category?: string;
+    name?: string;
+    description?: string | null;
+    imageUrl?: string | null;
+    pricePerDay?: string | number;
+    pricePerWeek?: string | number | null;
+    deposit?: string | number;
+    totalQty?: number;
+    withMotor?: boolean;
+    fuelIncluded?: boolean;
+    requiresLicense?: boolean;
+    active?: boolean;
+  };
+  action: (fd: FormData) => Promise<{ ok: false; error: string } | { ok: true } | undefined>;
+  submitLabel?: string;
+};
+
+const CATEGORIES: RentalCategory[] = [
+  RentalCategory.SLEEP,
+  RentalCategory.NAVIGATION,
+  RentalCategory.FISHING,
+  RentalCategory.COOKING,
+  RentalCategory.SAFETY,
+];
+
+export function ItemForm({ providers, initial = {}, action, submitLabel = "Enregistrer" }: Props) {
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [success, setSuccess] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    setSuccess(null);
+    startTransition(async () => {
+      const res = await action(fd);
+      if (res && res.ok === false) setError(res.error);
+      else if (res && res.ok === true) setSuccess("Enregistré.");
+    });
+  }
+
+  return (
+    <form action={onSubmit} className="space-y-4">
+      <fieldset disabled={pending} className="space-y-4">
+        <div className="grid grid-cols-1 gap-4 sm:grid-cols-2">
+          <FormField label="Prestataire" required>
+            <select name="providerId" defaultValue={initial.providerId ?? ""} required className={selectCls}>
+              <option value="" disabled>— sélectionner —</option>
+              {providers.map((p) => (
+                <option key={p.id} value={p.id}>
+                  {p.name}{p.isSystemD ? " (System D)" : ""}
+                </option>
+              ))}
+            </select>
+          </FormField>
+          <FormField label="Catégorie" required>
+            <select name="category" defaultValue={initial.category ?? ""} required className={selectCls}>
+              <option value="" disabled>— sélectionner —</option>
+              {CATEGORIES.map((c) => (
+                <option key={c} value={c}>{RENTAL_CATEGORY_LABEL[c]}</option>
+              ))}
+            </select>
+          </FormField>
+          <FormField label="Nom de l'item" required className="sm:col-span-2">
+            <input name="name" defaultValue={initial.name ?? ""} required maxLength={200} className={inputCls} placeholder="ex. Hamac coton large, Pirogue 5m avec moteur 15CV" />
+          </FormField>
+          <FormField label="Description" className="sm:col-span-2">
+            <textarea name="description" rows={3} defaultValue={initial.description ?? ""} maxLength={5000} className={textareaCls} />
+          </FormField>
+          <FormField label="URL image" hint="Optionnel, URL publique vers photo MinIO.">
+            <input name="imageUrl" type="url" defaultValue={initial.imageUrl ?? ""} maxLength={500} className={inputCls} />
+          </FormField>
+          <FormField label="Stock total (qté)" required>
+            <input name="totalQty" type="number" min={1} max={1000} defaultValue={initial.totalQty?.toString() ?? "1"} required className={inputCls} />
+          </FormField>
+          <FormField label="Prix / jour (€)" required>
+            <input name="pricePerDay" type="number" min={0} step="0.5" defaultValue={initial.pricePerDay?.toString() ?? ""} required className={inputCls} />
+          </FormField>
+          <FormField label="Prix / semaine (€)" hint="Optionnel — tarif dégressif sur 7+ jours.">
+            <input name="pricePerWeek" type="number" min={0} step="0.5" defaultValue={initial.pricePerWeek?.toString() ?? ""} className={inputCls} />
+          </FormField>
+          <FormField label="Caution (€)" hint="Dépôt de garantie (bloqué pendant la location).">
+            <input name="deposit" type="number" min={0} step="1" defaultValue={initial.deposit?.toString() ?? "0"} className={inputCls} />
+          </FormField>
+          <FormField label="Statut">
+            <label className="flex items-center gap-2 px-1 py-2 text-sm">
+              <input type="checkbox" name="active" defaultChecked={initial.active ?? true} className="h-4 w-4 rounded border-zinc-300" />
+              Actif (visible au catalogue)
+            </label>
+          </FormField>
+        </div>
+
+        <fieldset className="rounded-lg border border-zinc-200 bg-zinc-50 p-3">
+          <legend className="px-1 text-xs font-semibold uppercase tracking-wider text-zinc-500">
+            Spécifications navigation
+          </legend>
+          <div className="flex flex-wrap gap-4 pt-1 text-sm">
+            <label className="flex items-center gap-2">
+              <input type="checkbox" name="withMotor" defaultChecked={initial.withMotor ?? false} className="h-4 w-4 rounded border-zinc-300" />
+              Avec moteur
+            </label>
+            <label className="flex items-center gap-2">
+              <input type="checkbox" name="fuelIncluded" defaultChecked={initial.fuelIncluded ?? false} className="h-4 w-4 rounded border-zinc-300" />
+              Essence incluse
+            </label>
+            <label className="flex items-center gap-2">
+              <input type="checkbox" name="requiresLicense" defaultChecked={initial.requiresLicense ?? false} className="h-4 w-4 rounded border-zinc-300" />
+              Permis bateau requis
+            </label>
+          </div>
+        </fieldset>
+
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+        ) : null}
+        {success ? (
+          <div className="rounded border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">{success}</div>
+        ) : null}
+
+        <div className="flex items-center justify-end">
+          <button
+            type="submit"
+            className="rounded-md bg-zinc-900 px-5 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+          >
+            {pending ? "Enregistrement…" : submitLabel}
+          </button>
+        </div>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/admin/rental-items/actions.ts b/src/app/admin/rental-items/actions.ts
new file mode 100644
index 0000000..c5eaad2
--- /dev/null
+++ b/src/app/admin/rental-items/actions.ts
@@ -0,0 +1,129 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+import { redirect } from "next/navigation";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { RentalCategory, UserRole } from "@/generated/prisma/enums";
+import { requireRole } from "@/lib/authorization";
+import { recordAudit } from "@/lib/admin/audit";
+import { prisma } from "@/lib/prisma";
+
+const itemSchema = z.object({
+  providerId: z.string().min(1),
+  category: z.enum([
+    RentalCategory.SLEEP,
+    RentalCategory.NAVIGATION,
+    RentalCategory.FISHING,
+    RentalCategory.COOKING,
+    RentalCategory.SAFETY,
+  ]),
+  name: z.string().trim().min(2).max(200),
+  description: z.string().trim().max(5000).nullable().optional(),
+  imageUrl: z.string().trim().url().max(500).nullable().optional(),
+  pricePerDay: z.coerce.number().min(0).max(10000),
+  pricePerWeek: z.coerce.number().min(0).max(50000).nullable().optional(),
+  deposit: z.coerce.number().min(0).max(10000),
+  totalQty: z.coerce.number().int().min(1).max(1000),
+  withMotor: z.boolean(),
+  fuelIncluded: z.boolean(),
+  requiresLicense: z.boolean(),
+  active: z.boolean(),
+});
+
+function parseFD(fd: FormData) {
+  const get = (k: string) => {
+    const v = (fd.get(k) as string | null) ?? "";
+    return v.trim() === "" ? null : v.trim();
+  };
+  return {
+    providerId: ((fd.get("providerId") as string | null) ?? "").trim(),
+    category: ((fd.get("category") as string | null) ?? "").trim(),
+    name: ((fd.get("name") as string | null) ?? "").trim(),
+    description: get("description"),
+    imageUrl: get("imageUrl"),
+    pricePerDay: fd.get("pricePerDay"),
+    pricePerWeek: get("pricePerWeek"),
+    deposit: fd.get("deposit") ?? "0",
+    totalQty: fd.get("totalQty") ?? "1",
+    withMotor: fd.get("withMotor") === "on",
+    fuelIncluded: fd.get("fuelIncluded") === "on",
+    requiresLicense: fd.get("requiresLicense") === "on",
+    active: fd.get("active") === "on",
+  };
+}
+
+export async function createRentalItemAction(fd: FormData) {
+  await requireRole([UserRole.ADMIN]);
+  const parsed = itemSchema.safeParse(parseFD(fd));
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  const session = await auth();
+  const created = await prisma.rentalItem.create({ data: parsed.data });
+  await recordAudit({
+    scope: "admin.rental-items",
+    event: "create",
+    target: created.id,
+    actorEmail: session?.user?.email ?? null,
+    details: { name: created.name, providerId: created.providerId },
+  });
+  revalidatePath("/admin/rental-items");
+  redirect(`/admin/rental-items/${created.id}`);
+}
+
+export async function updateRentalItemAction(id: string, fd: FormData) {
+  await requireRole([UserRole.ADMIN]);
+  const parsed = itemSchema.safeParse(parseFD(fd));
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  const session = await auth();
+  await prisma.rentalItem.update({ where: { id }, data: parsed.data });
+  await recordAudit({
+    scope: "admin.rental-items",
+    event: "update",
+    target: id,
+    actorEmail: session?.user?.email ?? null,
+    details: { name: parsed.data.name },
+  });
+  revalidatePath("/admin/rental-items");
+  revalidatePath(`/admin/rental-items/${id}`);
+  return { ok: true as const };
+}
+
+export async function toggleRentalItemActiveAction(id: string, active: boolean) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  await prisma.rentalItem.update({ where: { id }, data: { active } });
+  await recordAudit({
+    scope: "admin.rental-items",
+    event: "active.update",
+    target: id,
+    actorEmail: session?.user?.email ?? null,
+    details: { active },
+  });
+  revalidatePath("/admin/rental-items");
+  revalidatePath(`/admin/rental-items/${id}`);
+  return { ok: true as const };
+}
+
+export async function deleteRentalItemAction(id: string) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  const linesCount = await prisma.rentalLine.count({ where: { itemId: id } });
+  if (linesCount > 0) {
+    return { ok: false as const, error: `Impossible : ${linesCount} ligne(s) de réservation pointe(nt) sur cet item.` };
+  }
+  await prisma.rentalItem.delete({ where: { id } });
+  await recordAudit({
+    scope: "admin.rental-items",
+    event: "delete",
+    target: id,
+    actorEmail: session?.user?.email ?? null,
+    details: {},
+  });
+  revalidatePath("/admin/rental-items");
+  redirect("/admin/rental-items");
+}
diff --git a/src/app/admin/rental-items/new/page.tsx b/src/app/admin/rental-items/new/page.tsx
new file mode 100644
index 0000000..fec17d0
--- /dev/null
+++ b/src/app/admin/rental-items/new/page.tsx
@@ -0,0 +1,31 @@
+import Link from "next/link";
+import { ItemForm } from "../_components/ItemForm";
+import { createRentalItemAction } from "../actions";
+import { listProvidersForSelect } from "@/lib/admin/rental-items";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = { searchParams: Promise<{ providerId?: string }> };
+
+export default async function NewRentalItemPage({ searchParams }: PageProps) {
+  const sp = await searchParams;
+  const providers = await listProvidersForSelect();
+  return (
+    <div className="mx-auto max-w-3xl space-y-6">
+      <header className="mt-2">
+        <Link href="/admin/rental-items" className="text-xs text-zinc-500 hover:text-zinc-900">
+          ← Tous les items
+        </Link>
+        <h1 className="mt-1 text-2xl font-semibold text-zinc-900">Nouvel item locable</h1>
+      </header>
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <ItemForm
+          providers={providers}
+          action={createRentalItemAction}
+          submitLabel="Créer l'item"
+          initial={{ providerId: sp.providerId, active: true, totalQty: 1 }}
+        />
+      </section>
+    </div>
+  );
+}
diff --git a/src/app/admin/rental-items/page.tsx b/src/app/admin/rental-items/page.tsx
new file mode 100644
index 0000000..d67a556
--- /dev/null
+++ b/src/app/admin/rental-items/page.tsx
@@ -0,0 +1,152 @@
+import Link from "next/link";
+import { RentalCategory } from "@/generated/prisma/enums";
+import {
+  RENTAL_CATEGORY_LABEL,
+  isRentalCategory,
+  listProvidersForSelect,
+  listRentalItemsAdmin,
+} from "@/lib/admin/rental-items";
+import { StatusBadge } from "@/components/admin/StatusBadge";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = {
+  searchParams: Promise<{
+    q?: string;
+    category?: string;
+    providerId?: string;
+    active?: string;
+  }>;
+};
+
+export default async function RentalItemsAdminPage({ searchParams }: PageProps) {
+  const sp = await searchParams;
+  const filters = {
+    q: sp.q?.trim() || undefined,
+    category: sp.category && isRentalCategory(sp.category) ? sp.category : undefined,
+    providerId: sp.providerId || undefined,
+    active: sp.active === "yes" || sp.active === "no" ? (sp.active as "yes" | "no") : undefined,
+  };
+  const [rows, providers] = await Promise.all([listRentalItemsAdmin(filters), listProvidersForSelect()]);
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "short", year: "2-digit" });
+
+  return (
+    <div className="mx-auto max-w-7xl">
+      <header className="mb-5 mt-2 flex items-end justify-between gap-3">
+        <div>
+          <h1 className="text-2xl font-semibold text-zinc-900">Catalogue d&apos;items locables</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            {rows.length} item{rows.length > 1 ? "s" : ""}
+          </p>
+        </div>
+        <Link
+          href="/admin/rental-items/new"
+          className="inline-flex items-center gap-1.5 rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-semibold text-white hover:bg-zinc-800"
+        >
+          + Nouvel item
+        </Link>
+      </header>
+
+      <form className="mb-4 flex flex-wrap items-center gap-2 rounded-lg border border-zinc-200 bg-white p-3" method="get">
+        <input
+          type="text"
+          name="q"
+          defaultValue={filters.q ?? ""}
+          placeholder="Recherche nom, description…"
+          className="flex-1 min-w-[220px] rounded-md border border-zinc-300 px-3 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        />
+        <select
+          name="category"
+          defaultValue={filters.category ?? ""}
+          className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        >
+          <option value="">Toutes catégories</option>
+          {Object.values(RentalCategory).map((c) => (
+            <option key={c} value={c}>{RENTAL_CATEGORY_LABEL[c]}</option>
+          ))}
+        </select>
+        <select
+          name="providerId"
+          defaultValue={filters.providerId ?? ""}
+          className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        >
+          <option value="">Tous prestataires</option>
+          {providers.map((p) => (
+            <option key={p.id} value={p.id}>{p.name}</option>
+          ))}
+        </select>
+        <select
+          name="active"
+          defaultValue={filters.active ?? ""}
+          className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        >
+          <option value="">Actifs + inactifs</option>
+          <option value="yes">Actifs</option>
+          <option value="no">Inactifs</option>
+        </select>
+        <button type="submit" className="rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-zinc-800">
+          Filtrer
+        </button>
+        {(filters.q || filters.category || filters.providerId || filters.active) ? (
+          <Link href="/admin/rental-items" className="text-sm text-zinc-500 hover:text-zinc-900">Réinit.</Link>
+        ) : null}
+      </form>
+
+      <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+        <table className="w-full text-sm">
+          <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+            <tr>
+              <th className="px-4 py-2 text-left font-semibold">Nom</th>
+              <th className="px-4 py-2 text-left font-semibold">Catégorie</th>
+              <th className="px-4 py-2 text-left font-semibold">Prestataire</th>
+              <th className="px-4 py-2 text-right font-semibold">€ / jour</th>
+              <th className="px-4 py-2 text-right font-semibold">Stock</th>
+              <th className="px-4 py-2 text-right font-semibold">Caution</th>
+              <th className="px-4 py-2 text-left font-semibold">État</th>
+              <th className="px-4 py-2 text-right font-semibold">MAJ</th>
+            </tr>
+          </thead>
+          <tbody className="divide-y divide-zinc-100">
+            {rows.length === 0 ? (
+              <tr>
+                <td colSpan={8} className="px-4 py-8 text-center text-sm text-zinc-500">
+                  Aucun item.
+                </td>
+              </tr>
+            ) : null}
+            {rows.map((i) => (
+              <tr key={i.id} className="hover:bg-zinc-50">
+                <td className="px-4 py-2">
+                  <Link href={`/admin/rental-items/${i.id}`} className="font-medium text-zinc-900 hover:underline">
+                    {i.name}
+                  </Link>
+                  <div className="text-[11px] text-zinc-500">
+                    {i.withMotor ? "⚙️ moteur · " : ""}
+                    {i.requiresLicense ? "🪪 permis · " : ""}
+                    {i.fuelIncluded ? "⛽ essence · " : ""}
+                  </div>
+                </td>
+                <td className="px-4 py-2 text-zinc-700">{RENTAL_CATEGORY_LABEL[i.category]}</td>
+                <td className="px-4 py-2">
+                  <Link href={`/admin/rental-providers/${i.providerId}`} className="text-zinc-900 hover:underline">
+                    {i.providerName}
+                  </Link>
+                  {i.providerIsSystemD ? (
+                    <span className="ml-1 rounded-full bg-emerald-100 px-1 py-0 text-[9px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                      SD
+                    </span>
+                  ) : null}
+                </td>
+                <td className="px-4 py-2 text-right font-mono text-zinc-700">{Number(i.pricePerDay).toFixed(0)}</td>
+                <td className="px-4 py-2 text-right font-mono text-zinc-700">{i.totalQty}</td>
+                <td className="px-4 py-2 text-right font-mono text-zinc-700">{Number(i.deposit).toFixed(0)}</td>
+                <td className="px-4 py-2"><StatusBadge status={i.active ? "ACTIVE" : "INACTIVE"} /></td>
+                <td className="px-4 py-2 text-right text-[11px] text-zinc-500">{dateFmt.format(i.updatedAt)}</td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      </div>
+    </div>
+  );
+}
diff --git a/src/app/admin/rental-providers/[id]/_components/ProviderInlineActions.tsx b/src/app/admin/rental-providers/[id]/_components/ProviderInlineActions.tsx
new file mode 100644
index 0000000..1839fae
--- /dev/null
+++ b/src/app/admin/rental-providers/[id]/_components/ProviderInlineActions.tsx
@@ -0,0 +1,120 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+type Props = {
+  approved: boolean;
+  active: boolean;
+  itemsCount: number;
+  approveAction: () => Promise<{ ok: true } | { ok: false; error: string } | undefined>;
+  toggleActiveAction: (active: boolean) => Promise<{ ok: true } | { ok: false; error: string } | undefined>;
+  deleteAction: () => Promise<{ ok: true } | { ok: false; error: string } | undefined | void>;
+};
+
+export function ProviderInlineActions({
+  approved,
+  active,
+  itemsCount,
+  approveAction,
+  toggleActiveAction,
+  deleteAction,
+}: Props) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [confirmDelete, setConfirmDelete] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  function approve() {
+    setError(null);
+    startTransition(async () => {
+      const res = await approveAction();
+      if (res && (res as { ok?: boolean }).ok === false) setError((res as { error: string }).error);
+      router.refresh();
+    });
+  }
+  function toggle() {
+    setError(null);
+    startTransition(async () => {
+      const res = await toggleActiveAction(!active);
+      if (res && (res as { ok?: boolean }).ok === false) setError((res as { error: string }).error);
+      router.refresh();
+    });
+  }
+  function del() {
+    setError(null);
+    startTransition(async () => {
+      const res = await deleteAction();
+      if (res && (res as { ok?: boolean }).ok === false) {
+        setError((res as { error: string }).error);
+        setConfirmDelete(false);
+      }
+    });
+  }
+
+  return (
+    <div className="flex flex-col items-end gap-2">
+      <div className="flex flex-wrap items-center gap-2">
+        {!approved ? (
+          <button
+            type="button"
+            onClick={approve}
+            disabled={pending}
+            className="rounded-md bg-emerald-600 px-3 py-1.5 text-xs font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+          >
+            ✓ Approuver
+          </button>
+        ) : null}
+        <button
+          type="button"
+          onClick={toggle}
+          disabled={pending}
+          className={
+            active
+              ? "rounded-md border border-amber-300 bg-amber-50 px-3 py-1.5 text-xs font-semibold text-amber-800 hover:bg-amber-100 disabled:opacity-50"
+              : "rounded-md bg-emerald-600 px-3 py-1.5 text-xs font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+          }
+        >
+          {active ? "Désactiver" : "Réactiver"}
+        </button>
+        {itemsCount === 0 ? (
+          confirmDelete ? (
+            <div className="flex items-center gap-2 rounded border border-rose-300 bg-rose-50 px-2 py-1">
+              <span className="text-xs text-rose-900">Supprimer ?</span>
+              <button
+                type="button"
+                onClick={del}
+                disabled={pending}
+                className="rounded bg-rose-700 px-2 py-1 text-[11px] font-semibold text-white hover:bg-rose-800 disabled:opacity-50"
+              >
+                Oui
+              </button>
+              <button
+                type="button"
+                onClick={() => setConfirmDelete(false)}
+                disabled={pending}
+                className="text-[11px] text-zinc-500 hover:text-zinc-900"
+              >
+                Annuler
+              </button>
+            </div>
+          ) : (
+            <button
+              type="button"
+              onClick={() => setConfirmDelete(true)}
+              disabled={pending}
+              className="rounded-md border border-rose-300 bg-rose-50 px-3 py-1.5 text-xs font-semibold text-rose-700 hover:bg-rose-100 disabled:opacity-50"
+            >
+              Supprimer
+            </button>
+          )
+        ) : (
+          <span className="rounded border border-zinc-200 bg-zinc-50 px-2 py-1 text-[11px] text-zinc-500">
+            {itemsCount} item(s) — supprimez-les d&apos;abord
+          </span>
+        )}
+      </div>
+      {error ? <div className="rounded border border-rose-200 bg-rose-50 px-2 py-1 text-xs text-rose-700">{error}</div> : null}
+    </div>
+  );
+}
diff --git a/src/app/admin/rental-providers/[id]/page.tsx b/src/app/admin/rental-providers/[id]/page.tsx
new file mode 100644
index 0000000..5358bd1
--- /dev/null
+++ b/src/app/admin/rental-providers/[id]/page.tsx
@@ -0,0 +1,136 @@
+import { notFound } from "next/navigation";
+import Link from "next/link";
+
+import { StatusBadge } from "@/components/admin/StatusBadge";
+import { getRentalProviderForAdmin } from "@/lib/admin/rental-providers";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/admin/rental-items";
+
+import { ProviderForm } from "../_components/ProviderForm";
+import { ProviderInlineActions } from "./_components/ProviderInlineActions";
+import {
+  approveRentalProviderAction,
+  deleteRentalProviderAction,
+  toggleRentalProviderActiveAction,
+  updateRentalProviderAction,
+} from "../actions";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = { params: Promise<{ id: string }> };
+
+export default async function EditRentalProviderPage({ params }: PageProps) {
+  const { id } = await params;
+  const p = await getRentalProviderForAdmin(id);
+  if (!p) notFound();
+
+  const updateThis = async (fd: FormData) => {
+    "use server";
+    return await updateRentalProviderAction(id, fd);
+  };
+  const approveThis = async () => {
+    "use server";
+    return await approveRentalProviderAction(id);
+  };
+  const toggleActiveThis = async (active: boolean) => {
+    "use server";
+    return await toggleRentalProviderActiveAction(id, active);
+  };
+  const deleteThis = async () => {
+    "use server";
+    return await deleteRentalProviderAction(id);
+  };
+
+  return (
+    <div className="mx-auto max-w-5xl space-y-6">
+      <header className="mt-2 flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <Link href="/admin/rental-providers" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Tous les prestataires
+          </Link>
+          <h1 className="mt-1 flex items-center gap-3 text-2xl font-semibold text-zinc-900">
+            {p.name}
+            {p.isSystemD ? (
+              <span className="rounded-full bg-emerald-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                System D
+              </span>
+            ) : null}
+            <StatusBadge status={p.active ? "ACTIVE" : "INACTIVE"} />
+            {p.approved ? (
+              <span className="rounded-full bg-emerald-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                Approuvé
+              </span>
+            ) : (
+              <span className="rounded-full bg-amber-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-amber-800 ring-1 ring-inset ring-amber-300">
+                En attente
+              </span>
+            )}
+          </h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            Fleuves : {p.rivers.join(", ") || "—"} · {p._count.items} item(s) · {p._count.rentalBookings} réservation(s) · Commission {Number(p.commissionPct).toFixed(1)}%
+          </p>
+        </div>
+        <ProviderInlineActions
+          approved={p.approved}
+          active={p.active}
+          itemsCount={p._count.items}
+          approveAction={approveThis}
+          toggleActiveAction={toggleActiveThis}
+          deleteAction={deleteThis}
+        />
+      </header>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-4 text-sm font-semibold uppercase tracking-wider text-zinc-500">Informations</h2>
+        <ProviderForm
+          action={updateThis}
+          submitLabel="Enregistrer"
+          initial={{
+            name: p.name,
+            isSystemD: p.isSystemD,
+            contactEmail: p.contactEmail,
+            contactPhone: p.contactPhone,
+            rivers: p.rivers,
+            description: p.description,
+            commissionPct: p.commissionPct.toString(),
+            active: p.active,
+          }}
+        />
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-4 flex items-center justify-between text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          <span>Items ({p.items.length})</span>
+          <Link href={`/admin/rental-items?providerId=${p.id}`} className="text-xs normal-case tracking-normal text-zinc-700 underline hover:text-zinc-900">
+            Voir tous les items
+          </Link>
+        </h2>
+        {p.items.length === 0 ? (
+          <p className="text-sm text-zinc-500">
+            Pas encore d&apos;item.{" "}
+            <Link href={`/admin/rental-items/new?providerId=${p.id}`} className="text-zinc-900 underline">
+              Créer un premier item
+            </Link>
+          </p>
+        ) : (
+          <ul className="divide-y divide-zinc-100">
+            {p.items.map((i) => (
+              <li key={i.id} className="flex items-center justify-between gap-3 py-2 text-sm">
+                <Link href={`/admin/rental-items/${i.id}`} className="text-zinc-900 hover:underline">
+                  {i.name}
+                  <span className="ml-2 text-[11px] text-zinc-500">
+                    {RENTAL_CATEGORY_LABEL[i.category]}
+                  </span>
+                </Link>
+                <span className="flex items-center gap-3">
+                  <span className="font-mono text-xs text-zinc-700">{Number(i.pricePerDay).toFixed(0)} €/j</span>
+                  <span className="text-[11px] text-zinc-500">qty {i.totalQty}</span>
+                  <StatusBadge status={i.active ? "ACTIVE" : "INACTIVE"} />
+                </span>
+              </li>
+            ))}
+          </ul>
+        )}
+      </section>
+    </div>
+  );
+}
diff --git a/src/app/admin/rental-providers/_components/ProviderForm.tsx b/src/app/admin/rental-providers/_components/ProviderForm.tsx
new file mode 100644
index 0000000..baf84a9
--- /dev/null
+++ b/src/app/admin/rental-providers/_components/ProviderForm.tsx
@@ -0,0 +1,132 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { FormField, inputCls, textareaCls } from "@/components/admin/FormField";
+
+type Props = {
+  initial?: {
+    name?: string;
+    isSystemD?: boolean;
+    contactEmail?: string | null;
+    contactPhone?: string | null;
+    rivers?: string[];
+    description?: string | null;
+    commissionPct?: number | string;
+    active?: boolean;
+  };
+  action: (fd: FormData) => Promise<{ ok: false; error: string } | { ok: true } | undefined>;
+  submitLabel?: string;
+};
+
+export function ProviderForm({ initial = {}, action, submitLabel = "Enregistrer" }: Props) {
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [success, setSuccess] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    setSuccess(null);
+    startTransition(async () => {
+      const res = await action(fd);
+      if (res && res.ok === false) setError(res.error);
+      else if (res && res.ok === true) setSuccess("Enregistré.");
+    });
+  }
+
+  return (
+    <form action={onSubmit} className="space-y-4">
+      <fieldset disabled={pending} className="space-y-4">
+        <div className="grid grid-cols-1 gap-4 sm:grid-cols-2">
+          <FormField label="Nom du prestataire" required>
+            <input name="name" defaultValue={initial.name ?? ""} required maxLength={200} className={inputCls} />
+          </FormField>
+          <FormField label="Type">
+            <label className="flex items-center gap-2 px-1 py-2 text-sm">
+              <input
+                type="checkbox"
+                name="isSystemD"
+                defaultChecked={initial.isSystemD ?? false}
+                className="h-4 w-4 rounded border-zinc-300"
+              />
+              Fournisseur officiel System D (0 % commission)
+            </label>
+          </FormField>
+          <FormField label="Email contact">
+            <input
+              name="contactEmail"
+              type="email"
+              defaultValue={initial.contactEmail ?? ""}
+              maxLength={200}
+              className={inputCls}
+            />
+          </FormField>
+          <FormField label="Téléphone contact">
+            <input
+              name="contactPhone"
+              defaultValue={initial.contactPhone ?? ""}
+              maxLength={50}
+              className={inputCls}
+            />
+          </FormField>
+          <FormField label="Commission (%)" hint="0 pour System D, 5-15 % pour les prestataires externes.">
+            <input
+              name="commissionPct"
+              type="number"
+              min={0}
+              max={50}
+              step="0.5"
+              defaultValue={initial.commissionPct?.toString() ?? "10"}
+              className={inputCls}
+            />
+          </FormField>
+          <FormField label="Statut">
+            <label className="flex items-center gap-2 px-1 py-2 text-sm">
+              <input
+                type="checkbox"
+                name="active"
+                defaultChecked={initial.active ?? true}
+                className="h-4 w-4 rounded border-zinc-300"
+              />
+              Actif
+            </label>
+          </FormField>
+        </div>
+
+        <FormField label="Fleuves desservis" required hint="Séparer par virgule, point-virgule ou retour à la ligne.">
+          <input
+            name="rivers"
+            defaultValue={(initial.rivers ?? []).join(", ")}
+            placeholder="Maroni, Approuague, Oyapock"
+            className={inputCls}
+          />
+        </FormField>
+
+        <FormField label="Description" hint="Présentation, points forts, conditions particulières.">
+          <textarea
+            name="description"
+            rows={4}
+            defaultValue={initial.description ?? ""}
+            maxLength={5000}
+            className={textareaCls}
+          />
+        </FormField>
+
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+        ) : null}
+        {success ? (
+          <div className="rounded border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">{success}</div>
+        ) : null}
+
+        <div className="flex items-center justify-end gap-2">
+          <button
+            type="submit"
+            className="rounded-md bg-zinc-900 px-5 py-2 text-sm font-semibold text-white hover:bg-zinc-800 disabled:opacity-50"
+          >
+            {pending ? "Enregistrement…" : submitLabel}
+          </button>
+        </div>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/admin/rental-providers/actions.ts b/src/app/admin/rental-providers/actions.ts
new file mode 100644
index 0000000..3561471
--- /dev/null
+++ b/src/app/admin/rental-providers/actions.ts
@@ -0,0 +1,150 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+import { redirect } from "next/navigation";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { requireRole } from "@/lib/authorization";
+import { recordAudit } from "@/lib/admin/audit";
+import { prisma } from "@/lib/prisma";
+
+const providerSchema = z.object({
+  name: z.string().trim().min(2).max(200),
+  isSystemD: z.boolean(),
+  managedByUserId: z.string().nullable().optional(),
+  contactEmail: z.string().trim().email().max(200).nullable().optional(),
+  contactPhone: z.string().trim().max(50).nullable().optional(),
+  rivers: z.array(z.string().trim().min(1).max(80)).max(20),
+  description: z.string().trim().max(5000).nullable().optional(),
+  commissionPct: z.coerce.number().min(0).max(50),
+  active: z.boolean(),
+});
+
+function parseFD(fd: FormData) {
+  const riversRaw = (fd.get("rivers") as string | null) ?? "";
+  const rivers = riversRaw
+    .split(/[,;\n]/)
+    .map((s) => s.trim())
+    .filter((s) => s.length > 0);
+  const get = (k: string) => {
+    const v = (fd.get(k) as string | null) ?? "";
+    return v.trim() === "" ? null : v.trim();
+  };
+  return {
+    name: ((fd.get("name") as string | null) ?? "").trim(),
+    isSystemD: fd.get("isSystemD") === "on",
+    managedByUserId: get("managedByUserId"),
+    contactEmail: get("contactEmail"),
+    contactPhone: get("contactPhone"),
+    rivers,
+    description: get("description"),
+    commissionPct: fd.get("commissionPct"),
+    active: fd.get("active") === "on",
+  };
+}
+
+export async function createRentalProviderAction(fd: FormData) {
+  await requireRole([UserRole.ADMIN]);
+  const parsed = providerSchema.safeParse(parseFD(fd));
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  const session = await auth();
+  const created = await prisma.rentalProvider.create({
+    data: {
+      ...parsed.data,
+      approved: true, // créé par admin → approuvé d'office
+      approvedAt: new Date(),
+      approvedBy: session?.user?.email ?? null,
+    },
+  });
+  await recordAudit({
+    scope: "admin.rental-providers",
+    event: "create",
+    target: created.id,
+    actorEmail: session?.user?.email ?? null,
+    details: { name: created.name, isSystemD: created.isSystemD },
+  });
+  revalidatePath("/admin/rental-providers");
+  redirect(`/admin/rental-providers/${created.id}`);
+}
+
+export async function updateRentalProviderAction(id: string, fd: FormData) {
+  await requireRole([UserRole.ADMIN]);
+  const parsed = providerSchema.safeParse(parseFD(fd));
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  const session = await auth();
+  await prisma.rentalProvider.update({ where: { id }, data: parsed.data });
+  await recordAudit({
+    scope: "admin.rental-providers",
+    event: "update",
+    target: id,
+    actorEmail: session?.user?.email ?? null,
+    details: { name: parsed.data.name },
+  });
+  revalidatePath("/admin/rental-providers");
+  revalidatePath(`/admin/rental-providers/${id}`);
+  return { ok: true as const };
+}
+
+export async function approveRentalProviderAction(id: string) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  await prisma.rentalProvider.update({
+    where: { id },
+    data: {
+      approved: true,
+      approvedAt: new Date(),
+      approvedBy: session?.user?.email ?? null,
+    },
+  });
+  await recordAudit({
+    scope: "admin.rental-providers",
+    event: "approve",
+    target: id,
+    actorEmail: session?.user?.email ?? null,
+    details: {},
+  });
+  revalidatePath("/admin/rental-providers");
+  revalidatePath(`/admin/rental-providers/${id}`);
+  return { ok: true as const };
+}
+
+export async function toggleRentalProviderActiveAction(id: string, active: boolean) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  await prisma.rentalProvider.update({ where: { id }, data: { active } });
+  await recordAudit({
+    scope: "admin.rental-providers",
+    event: "active.update",
+    target: id,
+    actorEmail: session?.user?.email ?? null,
+    details: { active },
+  });
+  revalidatePath("/admin/rental-providers");
+  revalidatePath(`/admin/rental-providers/${id}`);
+  return { ok: true as const };
+}
+
+export async function deleteRentalProviderAction(id: string) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  const itemsCount = await prisma.rentalItem.count({ where: { providerId: id } });
+  if (itemsCount > 0) {
+    return { ok: false as const, error: `Impossible : ${itemsCount} item(s) attaché(s).` };
+  }
+  await prisma.rentalProvider.delete({ where: { id } });
+  await recordAudit({
+    scope: "admin.rental-providers",
+    event: "delete",
+    target: id,
+    actorEmail: session?.user?.email ?? null,
+    details: {},
+  });
+  revalidatePath("/admin/rental-providers");
+  redirect("/admin/rental-providers");
+}
diff --git a/src/app/admin/rental-providers/new/page.tsx b/src/app/admin/rental-providers/new/page.tsx
new file mode 100644
index 0000000..c836fea
--- /dev/null
+++ b/src/app/admin/rental-providers/new/page.tsx
@@ -0,0 +1,21 @@
+import Link from "next/link";
+import { ProviderForm } from "../_components/ProviderForm";
+import { createRentalProviderAction } from "../actions";
+
+export const dynamic = "force-dynamic";
+
+export default function NewRentalProviderPage() {
+  return (
+    <div className="mx-auto max-w-3xl space-y-6">
+      <header className="mt-2">
+        <Link href="/admin/rental-providers" className="text-xs text-zinc-500 hover:text-zinc-900">
+          ← Tous les prestataires
+        </Link>
+        <h1 className="mt-1 text-2xl font-semibold text-zinc-900">Nouveau prestataire location</h1>
+      </header>
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <ProviderForm action={createRentalProviderAction} submitLabel="Créer le prestataire" />
+      </section>
+    </div>
+  );
+}
diff --git a/src/app/admin/rental-providers/page.tsx b/src/app/admin/rental-providers/page.tsx
new file mode 100644
index 0000000..d2548e3
--- /dev/null
+++ b/src/app/admin/rental-providers/page.tsx
@@ -0,0 +1,149 @@
+import Link from "next/link";
+import { listRentalProvidersAdmin, listRentalProviderRivers } from "@/lib/admin/rental-providers";
+import { StatusBadge } from "@/components/admin/StatusBadge";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = {
+  searchParams: Promise<{
+    q?: string;
+    approved?: string;
+    active?: string;
+    river?: string;
+  }>;
+};
+
+export default async function RentalProvidersAdminPage({ searchParams }: PageProps) {
+  const sp = await searchParams;
+  const filters = {
+    q: sp.q?.trim() || undefined,
+    approved: sp.approved === "yes" || sp.approved === "no" ? (sp.approved as "yes" | "no") : undefined,
+    active: sp.active === "yes" || sp.active === "no" ? (sp.active as "yes" | "no") : undefined,
+    river: sp.river || undefined,
+  };
+  const [rows, rivers] = await Promise.all([listRentalProvidersAdmin(filters), listRentalProviderRivers()]);
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "short", year: "2-digit" });
+
+  return (
+    <div className="mx-auto max-w-7xl">
+      <header className="mb-5 mt-2 flex items-end justify-between gap-3">
+        <div>
+          <h1 className="text-2xl font-semibold text-zinc-900">Prestataires location matériel</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            {rows.length} résultat{rows.length > 1 ? "s" : ""}
+          </p>
+        </div>
+        <Link
+          href="/admin/rental-providers/new"
+          className="inline-flex items-center gap-1.5 rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-semibold text-white hover:bg-zinc-800"
+        >
+          + Nouveau prestataire
+        </Link>
+      </header>
+
+      <form className="mb-4 flex flex-wrap items-center gap-2 rounded-lg border border-zinc-200 bg-white p-3" method="get">
+        <input
+          type="text"
+          name="q"
+          defaultValue={filters.q ?? ""}
+          placeholder="Recherche nom, email, description…"
+          className="flex-1 min-w-[220px] rounded-md border border-zinc-300 px-3 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        />
+        <select
+          name="approved"
+          defaultValue={filters.approved ?? ""}
+          className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        >
+          <option value="">Tous statuts approbation</option>
+          <option value="yes">Approuvés</option>
+          <option value="no">En attente</option>
+        </select>
+        <select
+          name="active"
+          defaultValue={filters.active ?? ""}
+          className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        >
+          <option value="">Actifs + inactifs</option>
+          <option value="yes">Actifs</option>
+          <option value="no">Inactifs</option>
+        </select>
+        <select
+          name="river"
+          defaultValue={filters.river ?? ""}
+          className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        >
+          <option value="">Tous fleuves</option>
+          {rivers.map((r) => (
+            <option key={r} value={r}>{r}</option>
+          ))}
+        </select>
+        <button type="submit" className="rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-zinc-800">
+          Filtrer
+        </button>
+        {(filters.q || filters.approved || filters.active || filters.river) ? (
+          <Link href="/admin/rental-providers" className="text-sm text-zinc-500 hover:text-zinc-900">
+            Réinit.
+          </Link>
+        ) : null}
+      </form>
+
+      <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+        <table className="w-full text-sm">
+          <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+            <tr>
+              <th className="px-4 py-2 text-left font-semibold">Nom</th>
+              <th className="px-4 py-2 text-left font-semibold">Fleuves</th>
+              <th className="px-4 py-2 text-right font-semibold">Items</th>
+              <th className="px-4 py-2 text-right font-semibold">Comm.</th>
+              <th className="px-4 py-2 text-left font-semibold">Approbation</th>
+              <th className="px-4 py-2 text-left font-semibold">État</th>
+              <th className="px-4 py-2 text-right font-semibold">MAJ</th>
+            </tr>
+          </thead>
+          <tbody className="divide-y divide-zinc-100">
+            {rows.length === 0 ? (
+              <tr>
+                <td colSpan={7} className="px-4 py-8 text-center text-sm text-zinc-500">
+                  Aucun prestataire ne correspond aux filtres.
+                </td>
+              </tr>
+            ) : null}
+            {rows.map((p) => (
+              <tr key={p.id} className="hover:bg-zinc-50">
+                <td className="px-4 py-2">
+                  <Link href={`/admin/rental-providers/${p.id}`} className="font-medium text-zinc-900 hover:underline">
+                    {p.name}
+                  </Link>
+                  {p.isSystemD ? (
+                    <span className="ml-2 rounded-full bg-emerald-100 px-1.5 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                      System D
+                    </span>
+                  ) : null}
+                  <div className="text-[11px] text-zinc-500">{p.contactEmail ?? "—"}</div>
+                </td>
+                <td className="px-4 py-2 text-zinc-700">
+                  {p.rivers.length === 0 ? <span className="text-zinc-400">—</span> : p.rivers.join(", ")}
+                </td>
+                <td className="px-4 py-2 text-right font-mono text-zinc-700">{p.itemsCount}</td>
+                <td className="px-4 py-2 text-right font-mono text-zinc-700">{Number(p.commissionPct).toFixed(1)}%</td>
+                <td className="px-4 py-2">
+                  {p.approved ? (
+                    <span className="rounded-full bg-emerald-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                      Approuvé
+                    </span>
+                  ) : (
+                    <span className="rounded-full bg-amber-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-amber-800 ring-1 ring-inset ring-amber-300">
+                      En attente
+                    </span>
+                  )}
+                </td>
+                <td className="px-4 py-2"><StatusBadge status={p.active ? "ACTIVE" : "INACTIVE"} /></td>
+                <td className="px-4 py-2 text-right text-[11px] text-zinc-500">{dateFmt.format(p.updatedAt)}</td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      </div>
+    </div>
+  );
+}
diff --git a/src/app/admin/rentals/page.tsx b/src/app/admin/rentals/page.tsx
new file mode 100644
index 0000000..34ddb12
--- /dev/null
+++ b/src/app/admin/rentals/page.tsx
@@ -0,0 +1,141 @@
+import Link from "next/link";
+import { PaymentStatus, RentalBookingStatus } from "@/generated/prisma/enums";
+import { listRentalBookingsAdmin, RENTAL_STATUS_LABEL } from "@/lib/admin/rental-bookings";
+import { StatusBadge } from "@/components/admin/StatusBadge";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = {
+  searchParams: Promise<{
+    q?: string;
+    status?: string;
+    paymentStatus?: string;
+    providerId?: string;
+  }>;
+};
+
+const RENTAL_STATUS_VALUES = new Set<string>([
+  RentalBookingStatus.PENDING,
+  RentalBookingStatus.CONFIRMED,
+  RentalBookingStatus.HANDED_OVER,
+  RentalBookingStatus.RETURNED,
+  RentalBookingStatus.CANCELLED,
+]);
+
+const PAYMENT_VALUES = new Set<string>([
+  PaymentStatus.PENDING,
+  PaymentStatus.AUTHORIZED,
+  PaymentStatus.SUCCEEDED,
+  PaymentStatus.FAILED,
+  PaymentStatus.REFUNDED,
+]);
+
+export default async function RentalsAdminPage({ searchParams }: PageProps) {
+  const sp = await searchParams;
+  const filters = {
+    q: sp.q?.trim() || undefined,
+    status: RENTAL_STATUS_VALUES.has(sp.status ?? "") ? (sp.status as RentalBookingStatus) : undefined,
+    paymentStatus: PAYMENT_VALUES.has(sp.paymentStatus ?? "") ? (sp.paymentStatus as PaymentStatus) : undefined,
+    providerId: sp.providerId || undefined,
+  };
+  const rows = await listRentalBookingsAdmin(filters);
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "short", year: "2-digit" });
+
+  return (
+    <div className="mx-auto max-w-7xl">
+      <header className="mb-5 mt-2">
+        <h1 className="text-2xl font-semibold text-zinc-900">Réservations matériel</h1>
+        <p className="mt-1 text-sm text-zinc-500">
+          {rows.length} résultat{rows.length > 1 ? "s" : ""}
+        </p>
+      </header>
+
+      <form className="mb-4 flex flex-wrap items-center gap-2 rounded-lg border border-zinc-200 bg-white p-3" method="get">
+        <input
+          type="text"
+          name="q"
+          defaultValue={filters.q ?? ""}
+          placeholder="Recherche ID, email locataire, prestataire…"
+          className="flex-1 min-w-[200px] rounded-md border border-zinc-300 px-3 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+        />
+        <select name="status" defaultValue={filters.status ?? ""} className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none">
+          <option value="">Tous statuts</option>
+          {Object.values(RentalBookingStatus).map((s) => (
+            <option key={s} value={s}>{RENTAL_STATUS_LABEL[s]}</option>
+          ))}
+        </select>
+        <select name="paymentStatus" defaultValue={filters.paymentStatus ?? ""} className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none">
+          <option value="">Tous paiements</option>
+          {Object.values(PaymentStatus).map((s) => (
+            <option key={s} value={s}>{s}</option>
+          ))}
+        </select>
+        <button type="submit" className="rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-zinc-800">
+          Filtrer
+        </button>
+        {(filters.q || filters.status || filters.paymentStatus) ? (
+          <Link href="/admin/rentals" className="text-sm text-zinc-500 hover:text-zinc-900">Réinit.</Link>
+        ) : null}
+      </form>
+
+      <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+        <table className="w-full text-sm">
+          <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+            <tr>
+              <th className="px-4 py-2 text-left font-semibold">ID</th>
+              <th className="px-4 py-2 text-left font-semibold">Locataire</th>
+              <th className="px-4 py-2 text-left font-semibold">Prestataire</th>
+              <th className="px-4 py-2 text-left font-semibold">Items</th>
+              <th className="px-4 py-2 text-left font-semibold">Période</th>
+              <th className="px-4 py-2 text-right font-semibold">Montant</th>
+              <th className="px-4 py-2 text-left font-semibold">Statut</th>
+              <th className="px-4 py-2 text-left font-semibold">Paiement</th>
+            </tr>
+          </thead>
+          <tbody className="divide-y divide-zinc-100">
+            {rows.length === 0 ? (
+              <tr>
+                <td colSpan={8} className="px-4 py-8 text-center text-sm text-zinc-500">
+                  Aucune réservation matériel.
+                </td>
+              </tr>
+            ) : null}
+            {rows.map((r) => (
+              <tr key={r.id} className="hover:bg-zinc-50">
+                <td className="px-4 py-2 font-mono text-[11px] text-zinc-700">{r.id.slice(0, 10)}…</td>
+                <td className="px-4 py-2 text-zinc-700">
+                  {r.tenant.firstName} {r.tenant.lastName}
+                  <div className="text-[11px] text-zinc-500">{r.tenant.email}</div>
+                </td>
+                <td className="px-4 py-2">
+                  <Link href={`/admin/rental-providers/${r.provider.id}`} className="text-zinc-900 hover:underline">
+                    {r.provider.name}
+                  </Link>
+                  {r.provider.isSystemD ? <span className="ml-1 text-[9px] font-semibold text-emerald-700">SD</span> : null}
+                </td>
+                <td className="px-4 py-2 text-zinc-700">
+                  {r.lines.length} ligne{r.lines.length > 1 ? "s" : ""}
+                  <div className="text-[11px] text-zinc-500 truncate max-w-[200px]">
+                    {r.lines.map((l) => `${l.qty}× ${l.item.name}`).join(", ")}
+                  </div>
+                </td>
+                <td className="px-4 py-2 text-zinc-700">
+                  {dateFmt.format(r.startDate)} → {dateFmt.format(r.endDate)}
+                </td>
+                <td className="px-4 py-2 text-right font-mono text-zinc-900">
+                  {Number(r.amount).toFixed(2)} {r.currency}
+                </td>
+                <td className="px-4 py-2">
+                  <StatusBadge status={r.status} />
+                </td>
+                <td className="px-4 py-2">
+                  <StatusBadge status={r.paymentStatus} />
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      </div>
+    </div>
+  );
+}
diff --git a/src/components/admin/Sidebar.tsx b/src/components/admin/Sidebar.tsx
index e10428c..ad30de2 100644
--- a/src/components/admin/Sidebar.tsx
+++ b/src/components/admin/Sidebar.tsx
@@ -115,6 +115,8 @@ const GROUPS: NavGroup[] = [
     items: [
       { href: "/admin/carbets", label: "Carbets", icon: ICONS.carbets },
       { href: "/admin/pirogue-providers", label: "Prestataires pirogue", icon: ICONS.pirogue },
+      { href: "/admin/rental-providers", label: "Prestataires matériel", icon: ICONS.pirogue },
+      { href: "/admin/rental-items", label: "Items locables", icon: ICONS.media },
       { href: "/admin/media", label: "Médias", icon: ICONS.media },
     ],
   },
@@ -122,6 +124,7 @@ const GROUPS: NavGroup[] = [
     label: "Activité",
     items: [
       { href: "/admin/bookings", label: "Réservations", icon: ICONS.bookings },
+      { href: "/admin/rentals", label: "Locations matériel", icon: ICONS.bookings },
       { href: "/admin/reviews", label: "Avis & modération", icon: ICONS.reviews },
     ],
   },
diff --git a/src/lib/admin/rental-bookings.ts b/src/lib/admin/rental-bookings.ts
new file mode 100644
index 0000000..21b35e5
--- /dev/null
+++ b/src/lib/admin/rental-bookings.ts
@@ -0,0 +1,60 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { RentalBookingStatus, PaymentStatus } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export type AdminRentalBookingFilters = {
+  q?: string;
+  status?: RentalBookingStatus;
+  paymentStatus?: PaymentStatus;
+  providerId?: string;
+};
+
+export const RENTAL_STATUS_LABEL: Record<RentalBookingStatus, string> = {
+  PENDING: "En attente",
+  CONFIRMED: "Confirmée",
+  HANDED_OVER: "Remis client",
+  RETURNED: "Retourné",
+  CANCELLED: "Annulée",
+};
+
+export async function listRentalBookingsAdmin(
+  filters: AdminRentalBookingFilters = {},
+) {
+  const where: Prisma.RentalBookingWhereInput = {};
+  if (filters.q) {
+    where.OR = [
+      { id: { contains: filters.q, mode: "insensitive" } },
+      { tenant: { email: { contains: filters.q, mode: "insensitive" } } },
+      { provider: { name: { contains: filters.q, mode: "insensitive" } } },
+    ];
+  }
+  if (filters.status) where.status = filters.status;
+  if (filters.paymentStatus) where.paymentStatus = filters.paymentStatus;
+  if (filters.providerId) where.providerId = filters.providerId;
+
+  return prisma.rentalBooking.findMany({
+    where,
+    orderBy: [{ createdAt: "desc" }],
+    take: 200,
+    include: {
+      tenant: { select: { id: true, firstName: true, lastName: true, email: true } },
+      provider: { select: { id: true, name: true, isSystemD: true } },
+      booking: { select: { id: true, carbet: { select: { title: true, slug: true } } } },
+      lines: { include: { item: { select: { name: true, category: true } } } },
+    },
+  });
+}
+
+export async function getRentalBookingForAdmin(id: string) {
+  return prisma.rentalBooking.findUnique({
+    where: { id },
+    include: {
+      tenant: { select: { id: true, firstName: true, lastName: true, email: true, phone: true } },
+      provider: { select: { id: true, name: true, isSystemD: true, contactEmail: true, contactPhone: true } },
+      booking: { select: { id: true, carbet: { select: { id: true, title: true, slug: true } } } },
+      lines: { include: { item: { select: { id: true, name: true, category: true, imageUrl: true } } } },
+    },
+  });
+}
diff --git a/src/lib/admin/rental-items.ts b/src/lib/admin/rental-items.ts
new file mode 100644
index 0000000..d5c1bb0
--- /dev/null
+++ b/src/lib/admin/rental-items.ts
@@ -0,0 +1,111 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { RentalCategory } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export const RENTAL_CATEGORY_LABEL: Record<RentalCategory, string> = {
+  SLEEP: "💤 Couchage",
+  NAVIGATION: "🛶 Navigation",
+  FISHING: "🎣 Pêche",
+  COOKING: "🍳 Cuisine",
+  SAFETY: "🦺 Sécurité",
+};
+
+export type AdminRentalItemFilters = {
+  q?: string;
+  category?: RentalCategory;
+  providerId?: string;
+  active?: "yes" | "no";
+};
+
+export type AdminRentalItemListItem = {
+  id: string;
+  name: string;
+  category: RentalCategory;
+  providerId: string;
+  providerName: string;
+  providerIsSystemD: boolean;
+  pricePerDay: string;
+  pricePerWeek: string | null;
+  deposit: string;
+  totalQty: number;
+  withMotor: boolean;
+  fuelIncluded: boolean;
+  requiresLicense: boolean;
+  active: boolean;
+  imageUrl: string | null;
+  updatedAt: Date;
+};
+
+const CATEGORY_VALUES: RentalCategory[] = [
+  RentalCategory.SLEEP,
+  RentalCategory.NAVIGATION,
+  RentalCategory.FISHING,
+  RentalCategory.COOKING,
+  RentalCategory.SAFETY,
+];
+
+export function isRentalCategory(v: string): v is RentalCategory {
+  return (CATEGORY_VALUES as string[]).includes(v);
+}
+
+export async function listRentalItemsAdmin(
+  filters: AdminRentalItemFilters = {},
+): Promise<AdminRentalItemListItem[]> {
+  const where: Prisma.RentalItemWhereInput = {};
+  if (filters.q) {
+    where.OR = [
+      { name: { contains: filters.q, mode: "insensitive" } },
+      { description: { contains: filters.q, mode: "insensitive" } },
+    ];
+  }
+  if (filters.category) where.category = filters.category;
+  if (filters.providerId) where.providerId = filters.providerId;
+  if (filters.active === "yes") where.active = true;
+  if (filters.active === "no") where.active = false;
+
+  const rows = await prisma.rentalItem.findMany({
+    where,
+    orderBy: [{ category: "asc" }, { name: "asc" }],
+    take: 300,
+    include: {
+      provider: { select: { name: true, isSystemD: true } },
+    },
+  });
+  return rows.map((r) => ({
+    id: r.id,
+    name: r.name,
+    category: r.category,
+    providerId: r.providerId,
+    providerName: r.provider.name,
+    providerIsSystemD: r.provider.isSystemD,
+    pricePerDay: r.pricePerDay.toString(),
+    pricePerWeek: r.pricePerWeek?.toString() ?? null,
+    deposit: r.deposit.toString(),
+    totalQty: r.totalQty,
+    withMotor: r.withMotor,
+    fuelIncluded: r.fuelIncluded,
+    requiresLicense: r.requiresLicense,
+    active: r.active,
+    imageUrl: r.imageUrl,
+    updatedAt: r.updatedAt,
+  }));
+}
+
+export async function getRentalItemForAdmin(id: string) {
+  return prisma.rentalItem.findUnique({
+    where: { id },
+    include: {
+      provider: { select: { id: true, name: true, isSystemD: true } },
+    },
+  });
+}
+
+export async function listProvidersForSelect() {
+  return prisma.rentalProvider.findMany({
+    where: { active: true },
+    orderBy: [{ isSystemD: "desc" }, { name: "asc" }],
+    select: { id: true, name: true, isSystemD: true, approved: true },
+  });
+}
diff --git a/src/lib/admin/rental-providers.ts b/src/lib/admin/rental-providers.ts
new file mode 100644
index 0000000..b1e4d97
--- /dev/null
+++ b/src/lib/admin/rental-providers.ts
@@ -0,0 +1,106 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { prisma } from "@/lib/prisma";
+
+export type AdminRentalProviderFilters = {
+  q?: string;
+  approved?: "yes" | "no";
+  active?: "yes" | "no";
+  river?: string;
+};
+
+export type AdminRentalProviderListItem = {
+  id: string;
+  name: string;
+  isSystemD: boolean;
+  contactEmail: string | null;
+  contactPhone: string | null;
+  rivers: string[];
+  commissionPct: string;
+  active: boolean;
+  approved: boolean;
+  itemsCount: number;
+  updatedAt: Date;
+};
+
+export async function listRentalProvidersAdmin(
+  filters: AdminRentalProviderFilters = {},
+): Promise<AdminRentalProviderListItem[]> {
+  const where: Prisma.RentalProviderWhereInput = {};
+  if (filters.q) {
+    where.OR = [
+      { name: { contains: filters.q, mode: "insensitive" } },
+      { contactEmail: { contains: filters.q, mode: "insensitive" } },
+      { description: { contains: filters.q, mode: "insensitive" } },
+    ];
+  }
+  if (filters.approved === "yes") where.approved = true;
+  if (filters.approved === "no") where.approved = false;
+  if (filters.active === "yes") where.active = true;
+  if (filters.active === "no") where.active = false;
+  if (filters.river) where.rivers = { has: filters.river };
+
+  const rows = await prisma.rentalProvider.findMany({
+    where,
+    orderBy: [{ approved: "asc" }, { isSystemD: "desc" }, { name: "asc" }],
+    take: 200,
+    select: {
+      id: true,
+      name: true,
+      isSystemD: true,
+      contactEmail: true,
+      contactPhone: true,
+      rivers: true,
+      commissionPct: true,
+      active: true,
+      approved: true,
+      updatedAt: true,
+      _count: { select: { items: true } },
+    },
+  });
+  return rows.map((r) => ({
+    id: r.id,
+    name: r.name,
+    isSystemD: r.isSystemD,
+    contactEmail: r.contactEmail,
+    contactPhone: r.contactPhone,
+    rivers: r.rivers,
+    commissionPct: r.commissionPct.toString(),
+    active: r.active,
+    approved: r.approved,
+    itemsCount: r._count.items,
+    updatedAt: r.updatedAt,
+  }));
+}
+
+export async function getRentalProviderForAdmin(id: string) {
+  return prisma.rentalProvider.findUnique({
+    where: { id },
+    include: {
+      manager: { select: { id: true, firstName: true, lastName: true, email: true } },
+      items: {
+        orderBy: [{ category: "asc" }, { name: "asc" }],
+        select: {
+          id: true,
+          name: true,
+          category: true,
+          pricePerDay: true,
+          totalQty: true,
+          active: true,
+        },
+      },
+      _count: { select: { items: true, rentalBookings: true } },
+    },
+  });
+}
+
+export async function listRentalProviderRivers(): Promise<string[]> {
+  const rows = await prisma.rentalProvider.findMany({
+    where: { active: true, approved: true },
+    select: { rivers: true },
+  });
+  const set = new Set<string>();
+  for (const r of rows) for (const x of r.rivers) set.add(x);
+  return Array.from(set).sort();
+}

From 90cc7a94af423e5f75fdd6cd39764c0758bcf779 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 03:31:22 +0000
Subject: [PATCH 29/47] fix(rental): extract category labels en fichier neutre
 (importable client)

---
 .../rental-items/_components/ItemForm.tsx     | 13 ++----------
 src/lib/admin/rental-items.ts                 | 20 +-----------------
 src/lib/rental-category-labels.ts             | 21 +++++++++++++++++++
 3 files changed, 24 insertions(+), 30 deletions(-)
 create mode 100644 src/lib/rental-category-labels.ts

diff --git a/src/app/admin/rental-items/_components/ItemForm.tsx b/src/app/admin/rental-items/_components/ItemForm.tsx
index 523dabc..27ad4b2 100644
--- a/src/app/admin/rental-items/_components/ItemForm.tsx
+++ b/src/app/admin/rental-items/_components/ItemForm.tsx
@@ -2,8 +2,7 @@
 
 import { useState, useTransition } from "react";
 import { FormField, inputCls, selectCls, textareaCls } from "@/components/admin/FormField";
-import { RENTAL_CATEGORY_LABEL } from "@/lib/admin/rental-items";
-import { RentalCategory } from "@/generated/prisma/enums";
+import { RENTAL_CATEGORY_LABEL, RENTAL_CATEGORIES } from "@/lib/rental-category-labels";
 
 type Props = {
   providers: { id: string; name: string; isSystemD: boolean }[];
@@ -26,14 +25,6 @@ type Props = {
   submitLabel?: string;
 };
 
-const CATEGORIES: RentalCategory[] = [
-  RentalCategory.SLEEP,
-  RentalCategory.NAVIGATION,
-  RentalCategory.FISHING,
-  RentalCategory.COOKING,
-  RentalCategory.SAFETY,
-];
-
 export function ItemForm({ providers, initial = {}, action, submitLabel = "Enregistrer" }: Props) {
   const [pending, startTransition] = useTransition();
   const [error, setError] = useState<string | null>(null);
@@ -66,7 +57,7 @@ export function ItemForm({ providers, initial = {}, action, submitLabel = "Enreg
           <FormField label="Catégorie" required>
             <select name="category" defaultValue={initial.category ?? ""} required className={selectCls}>
               <option value="" disabled>— sélectionner —</option>
-              {CATEGORIES.map((c) => (
+              {RENTAL_CATEGORIES.map((c) => (
                 <option key={c} value={c}>{RENTAL_CATEGORY_LABEL[c]}</option>
               ))}
             </select>
diff --git a/src/lib/admin/rental-items.ts b/src/lib/admin/rental-items.ts
index d5c1bb0..01dd655 100644
--- a/src/lib/admin/rental-items.ts
+++ b/src/lib/admin/rental-items.ts
@@ -4,13 +4,7 @@ import { Prisma } from "@/generated/prisma/client";
 import { RentalCategory } from "@/generated/prisma/enums";
 import { prisma } from "@/lib/prisma";
 
-export const RENTAL_CATEGORY_LABEL: Record<RentalCategory, string> = {
-  SLEEP: "💤 Couchage",
-  NAVIGATION: "🛶 Navigation",
-  FISHING: "🎣 Pêche",
-  COOKING: "🍳 Cuisine",
-  SAFETY: "🦺 Sécurité",
-};
+export { RENTAL_CATEGORY_LABEL, RENTAL_CATEGORIES, isRentalCategory } from "@/lib/rental-category-labels";
 
 export type AdminRentalItemFilters = {
   q?: string;
@@ -38,18 +32,6 @@ export type AdminRentalItemListItem = {
   updatedAt: Date;
 };
 
-const CATEGORY_VALUES: RentalCategory[] = [
-  RentalCategory.SLEEP,
-  RentalCategory.NAVIGATION,
-  RentalCategory.FISHING,
-  RentalCategory.COOKING,
-  RentalCategory.SAFETY,
-];
-
-export function isRentalCategory(v: string): v is RentalCategory {
-  return (CATEGORY_VALUES as string[]).includes(v);
-}
-
 export async function listRentalItemsAdmin(
   filters: AdminRentalItemFilters = {},
 ): Promise<AdminRentalItemListItem[]> {
diff --git a/src/lib/rental-category-labels.ts b/src/lib/rental-category-labels.ts
new file mode 100644
index 0000000..63f14a1
--- /dev/null
+++ b/src/lib/rental-category-labels.ts
@@ -0,0 +1,21 @@
+import { RentalCategory } from "@/generated/prisma/enums";
+
+export const RENTAL_CATEGORY_LABEL: Record<RentalCategory, string> = {
+  SLEEP: "💤 Couchage",
+  NAVIGATION: "🛶 Navigation",
+  FISHING: "🎣 Pêche",
+  COOKING: "🍳 Cuisine",
+  SAFETY: "🦺 Sécurité",
+};
+
+export const RENTAL_CATEGORIES: RentalCategory[] = [
+  RentalCategory.SLEEP,
+  RentalCategory.NAVIGATION,
+  RentalCategory.FISHING,
+  RentalCategory.COOKING,
+  RentalCategory.SAFETY,
+];
+
+export function isRentalCategory(v: string): v is RentalCategory {
+  return (RENTAL_CATEGORIES as string[]).includes(v);
+}

From f31fb8a32cc41da6d06d94da0ac4f01280217d53 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 07:49:43 +0000
Subject: [PATCH 30/47] =?UTF-8?q?feat(rental):=20Sprint=20B=20=E2=80=94=20?=
 =?UTF-8?q?catalogue=20public=20/materiel=20+=20d=C3=A9tail=20item=20+=20d?=
 =?UTF-8?q?ispo=20+=20nav?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../rentals/items/[id]/availability/route.ts  |  31 +++
 .../_components/AvailabilityPreview.tsx       |  56 ++++++
 src/app/materiel/[itemId]/page.tsx            | 159 +++++++++++++++
 .../materiel/_components/rental-filters.tsx   | 100 ++++++++++
 .../materiel/_components/rental-item-card.tsx |  76 ++++++++
 src/app/materiel/page.tsx                     | 121 ++++++++++++
 src/components/SiteHeader.tsx                 |   4 +-
 src/lib/rentals-public.ts                     | 181 ++++++++++++++++++
 8 files changed, 726 insertions(+), 2 deletions(-)
 create mode 100644 src/app/api/rentals/items/[id]/availability/route.ts
 create mode 100644 src/app/materiel/[itemId]/_components/AvailabilityPreview.tsx
 create mode 100644 src/app/materiel/[itemId]/page.tsx
 create mode 100644 src/app/materiel/_components/rental-filters.tsx
 create mode 100644 src/app/materiel/_components/rental-item-card.tsx
 create mode 100644 src/app/materiel/page.tsx
 create mode 100644 src/lib/rentals-public.ts

diff --git a/src/app/api/rentals/items/[id]/availability/route.ts b/src/app/api/rentals/items/[id]/availability/route.ts
new file mode 100644
index 0000000..dc3b8b2
--- /dev/null
+++ b/src/app/api/rentals/items/[id]/availability/route.ts
@@ -0,0 +1,31 @@
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+
+import { getItemAvailability } from "@/lib/rentals-public";
+import { parseIsoDate, normalizeUtcDayStart } from "@/lib/booking";
+
+export const runtime = "nodejs";
+
+export async function GET(req: NextRequest, ctx: { params: Promise<{ id: string }> }) {
+  const { id } = await ctx.params;
+  const from = parseIsoDate(req.nextUrl.searchParams.get("from"));
+  const to = parseIsoDate(req.nextUrl.searchParams.get("to"));
+  if (!from || !to) {
+    return NextResponse.json(
+      { error: "Paramètres from et to (YYYY-MM-DD) requis." },
+      { status: 400 },
+    );
+  }
+  const start = normalizeUtcDayStart(from);
+  const end = normalizeUtcDayStart(to);
+  if (end <= start) {
+    return NextResponse.json({ error: "to doit être > from." }, { status: 400 });
+  }
+  const calendar = await getItemAvailability(id, start, end);
+  return NextResponse.json({
+    itemId: id,
+    from: start.toISOString(),
+    to: end.toISOString(),
+    calendar,
+  });
+}
diff --git a/src/app/materiel/[itemId]/_components/AvailabilityPreview.tsx b/src/app/materiel/[itemId]/_components/AvailabilityPreview.tsx
new file mode 100644
index 0000000..4cdf5d9
--- /dev/null
+++ b/src/app/materiel/[itemId]/_components/AvailabilityPreview.tsx
@@ -0,0 +1,56 @@
+"use client";
+
+import { useEffect, useState } from "react";
+
+type Day = {
+  date: string;
+  availableQty: number;
+  bookedQty: number;
+  totalQty: number;
+};
+
+export function AvailabilityPreview({ itemId }: { itemId: string }) {
+  const [calendar, setCalendar] = useState<Day[] | null>(null);
+
+  useEffect(() => {
+    const today = new Date();
+    today.setUTCHours(0, 0, 0, 0);
+    const to = new Date(today.getTime() + 30 * 86_400_000);
+    const fromStr = today.toISOString().slice(0, 10);
+    const toStr = to.toISOString().slice(0, 10);
+    fetch(`/api/rentals/items/${itemId}/availability?from=${fromStr}&to=${toStr}`)
+      .then((r) => (r.ok ? r.json() : null))
+      .then((j) => {
+        if (j?.calendar) setCalendar(j.calendar);
+      })
+      .catch(() => {});
+  }, [itemId]);
+
+  if (!calendar) {
+    return <div className="h-16 w-full animate-pulse rounded-md bg-zinc-100" />;
+  }
+
+  return (
+    <div>
+      <p className="text-xs text-zinc-500 mb-2">
+        Disponibilité sur les 30 prochains jours (vert = stock dispo, gris = épuisé) :
+      </p>
+      <div className="grid grid-cols-15 gap-0.5 sm:grid-cols-30" style={{ gridTemplateColumns: `repeat(${calendar.length}, minmax(0, 1fr))` }}>
+        {calendar.map((d) => {
+          const ratio = d.availableQty / Math.max(1, d.totalQty);
+          const tone =
+            d.availableQty === 0 ? "bg-zinc-300" :
+            ratio < 0.3 ? "bg-amber-300" :
+            "bg-emerald-400";
+          return (
+            <div
+              key={d.date}
+              className={`h-4 rounded-sm ${tone}`}
+              title={`${d.date} : ${d.availableQty}/${d.totalQty} dispo`}
+            />
+          );
+        })}
+      </div>
+    </div>
+  );
+}
diff --git a/src/app/materiel/[itemId]/page.tsx b/src/app/materiel/[itemId]/page.tsx
new file mode 100644
index 0000000..b6f6aa1
--- /dev/null
+++ b/src/app/materiel/[itemId]/page.tsx
@@ -0,0 +1,159 @@
+import type { Metadata } from "next";
+import Link from "next/link";
+import { notFound } from "next/navigation";
+
+import { getPublicRentalItem } from "@/lib/rentals-public";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+
+import { AvailabilityPreview } from "./_components/AvailabilityPreview";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = { params: Promise<{ itemId: string }> };
+
+export async function generateMetadata({ params }: PageProps): Promise<Metadata> {
+  const { itemId } = await params;
+  const item = await getPublicRentalItem(itemId);
+  if (!item) return { title: "Item introuvable", robots: { index: false } };
+  return {
+    title: `${item.name} — Location matériel`,
+    description: item.description ?? `Location de ${item.name} via ${item.provider.name}.`,
+  };
+}
+
+export default async function RentalItemDetailPage({ params }: PageProps) {
+  const { itemId } = await params;
+  const item = await getPublicRentalItem(itemId);
+  if (!item) notFound();
+
+  const categoryEmoji =
+    item.category === "SLEEP" ? "💤" :
+    item.category === "NAVIGATION" ? "🛶" :
+    item.category === "FISHING" ? "🎣" :
+    item.category === "COOKING" ? "🍳" : "🦺";
+
+  return (
+    <main className="mx-auto max-w-5xl px-6 py-8">
+      <Link href="/materiel" className="text-sm text-zinc-600 hover:text-zinc-900">
+        ← Tout le matériel
+      </Link>
+
+      <div className="mt-3 grid gap-8 lg:grid-cols-3">
+        <div className="lg:col-span-2">
+          <header>
+            <p className="text-xs uppercase tracking-wider text-zinc-500">
+              {RENTAL_CATEGORY_LABEL[item.category]}
+            </p>
+            <h1 className="mt-1 text-3xl font-semibold text-zinc-900">{item.name}</h1>
+            <p className="mt-1 text-sm text-zinc-600">
+              Loué par <strong>{item.provider.name}</strong>
+              {item.provider.isSystemD ? (
+                <span className="ml-2 rounded-full bg-emerald-600 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-white">
+                  Fournisseur Karbé
+                </span>
+              ) : null}
+            </p>
+          </header>
+
+          <div className="mt-5 overflow-hidden rounded-lg bg-zinc-100">
+            {item.imageUrl ? (
+              // eslint-disable-next-line @next/next/no-img-element
+              <img
+                src={item.imageUrl}
+                alt={item.name}
+                className="aspect-[4/3] w-full object-cover"
+              />
+            ) : (
+              <div className="flex aspect-[4/3] w-full items-center justify-center text-7xl text-zinc-300">
+                {categoryEmoji}
+              </div>
+            )}
+          </div>
+
+          {item.description ? (
+            <section className="mt-6">
+              <h2 className="text-xl font-semibold text-zinc-900">Description</h2>
+              <p className="mt-2 whitespace-pre-line text-sm text-zinc-700">{item.description}</p>
+            </section>
+          ) : null}
+
+          <section className="mt-6">
+            <h2 className="text-xl font-semibold text-zinc-900">Caractéristiques</h2>
+            <ul className="mt-3 grid grid-cols-2 gap-2 text-sm sm:grid-cols-3">
+              <li className="rounded-md border border-zinc-200 bg-white px-3 py-2">
+                <div className="text-[10px] uppercase tracking-wider text-zinc-500">Stock disponible</div>
+                <div className="font-mono font-semibold text-zinc-900">{item.totalQty} unités</div>
+              </li>
+              {Number(item.deposit) > 0 ? (
+                <li className="rounded-md border border-zinc-200 bg-white px-3 py-2">
+                  <div className="text-[10px] uppercase tracking-wider text-zinc-500">Caution</div>
+                  <div className="font-mono font-semibold text-zinc-900">{Number(item.deposit).toFixed(0)} €</div>
+                </li>
+              ) : null}
+              {item.withMotor ? (
+                <li className="rounded-md border border-zinc-200 bg-white px-3 py-2">⚙️ Avec moteur</li>
+              ) : null}
+              {item.fuelIncluded ? (
+                <li className="rounded-md border border-emerald-200 bg-emerald-50 px-3 py-2 text-emerald-900">⛽ Essence incluse</li>
+              ) : null}
+              {item.requiresLicense ? (
+                <li className="rounded-md border border-amber-200 bg-amber-50 px-3 py-2 text-amber-900">🪪 Permis bateau requis</li>
+              ) : null}
+            </ul>
+          </section>
+
+          <section className="mt-6">
+            <h2 className="text-xl font-semibold text-zinc-900">Disponibilité</h2>
+            <div className="mt-3 rounded-lg border border-zinc-200 bg-white p-4">
+              <AvailabilityPreview itemId={item.id} />
+            </div>
+          </section>
+        </div>
+
+        <aside className="space-y-4 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+          <div>
+            <div className="flex items-baseline justify-between">
+              <span>
+                <span className="text-3xl font-semibold text-zinc-900">
+                  {Number(item.pricePerDay).toFixed(0)} €
+                </span>
+                <span className="ml-1 text-sm text-zinc-500">/ jour</span>
+              </span>
+            </div>
+            {item.pricePerWeek ? (
+              <p className="mt-1 text-xs text-zinc-500">
+                Forfait semaine : {Number(item.pricePerWeek).toFixed(0)} € (≥ 7 jours)
+              </p>
+            ) : null}
+          </div>
+
+          <div className="rounded-md bg-emerald-50 px-3 py-2 text-xs text-emerald-900">
+            🛒 La fonction « Ajouter au panier » arrive avec le Sprint D.
+            Pour réserver maintenant, contactez directement le prestataire.
+          </div>
+
+          <div className="border-t border-zinc-100 pt-3">
+            <h3 className="text-sm font-semibold text-zinc-900">{item.provider.name}</h3>
+            {item.provider.isSystemD ? (
+              <p className="mt-1 text-xs text-emerald-700">Fournisseur officiel Karbé (0% commission).</p>
+            ) : null}
+            {item.provider.description ? (
+              <p className="mt-2 text-xs text-zinc-600">{item.provider.description}</p>
+            ) : null}
+            <div className="mt-2 space-y-1 text-xs text-zinc-700">
+              {item.provider.contactEmail ? (
+                <p>📧 <a href={`mailto:${item.provider.contactEmail}`} className="underline">{item.provider.contactEmail}</a></p>
+              ) : null}
+              {item.provider.contactPhone ? (
+                <p>📞 {item.provider.contactPhone}</p>
+              ) : null}
+              <p className="text-zinc-500">
+                Fleuves desservis : {item.provider.rivers.join(", ") || "—"}
+              </p>
+            </div>
+          </div>
+        </aside>
+      </div>
+    </main>
+  );
+}
diff --git a/src/app/materiel/_components/rental-filters.tsx b/src/app/materiel/_components/rental-filters.tsx
new file mode 100644
index 0000000..90dc76e
--- /dev/null
+++ b/src/app/materiel/_components/rental-filters.tsx
@@ -0,0 +1,100 @@
+import Link from "next/link";
+
+import { RentalCategory } from "@/generated/prisma/enums";
+import { RENTAL_CATEGORIES, RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+
+type Props = {
+  filters: {
+    q?: string;
+    category?: RentalCategory;
+    providerId?: string;
+    river?: string;
+  };
+  rivers: string[];
+  providers: { id: string; name: string; isSystemD: boolean }[];
+};
+
+export function RentalFilters({ filters, rivers, providers }: Props) {
+  return (
+    <form method="get" action="/materiel" className="space-y-3 rounded-lg border border-zinc-200 bg-white p-4">
+      <div className="grid grid-cols-1 gap-3 sm:grid-cols-3">
+        <label className="flex flex-col gap-1 text-sm">
+          <span className="font-medium text-zinc-700">Recherche</span>
+          <input
+            type="text"
+            name="q"
+            defaultValue={filters.q ?? ""}
+            placeholder="nom, description…"
+            className="rounded-md border border-zinc-300 px-3 py-2 text-sm focus:border-emerald-500 focus:outline-none"
+          />
+        </label>
+        <label className="flex flex-col gap-1 text-sm">
+          <span className="font-medium text-zinc-700">Fleuve</span>
+          <select
+            name="river"
+            defaultValue={filters.river ?? ""}
+            className="rounded-md border border-zinc-300 bg-white px-3 py-2 text-sm focus:border-emerald-500 focus:outline-none"
+          >
+            <option value="">Tous fleuves</option>
+            {rivers.map((r) => (
+              <option key={r} value={r}>{r}</option>
+            ))}
+          </select>
+        </label>
+        <label className="flex flex-col gap-1 text-sm">
+          <span className="font-medium text-zinc-700">Prestataire</span>
+          <select
+            name="providerId"
+            defaultValue={filters.providerId ?? ""}
+            className="rounded-md border border-zinc-300 bg-white px-3 py-2 text-sm focus:border-emerald-500 focus:outline-none"
+          >
+            <option value="">Tous prestataires</option>
+            {providers.map((p) => (
+              <option key={p.id} value={p.id}>
+                {p.name}{p.isSystemD ? " (Karbé)" : ""}
+              </option>
+            ))}
+          </select>
+        </label>
+      </div>
+
+      <fieldset>
+        <legend className="text-xs uppercase tracking-wider text-zinc-500">Catégorie</legend>
+        <div className="mt-1 flex flex-wrap gap-1.5">
+          {RENTAL_CATEGORIES.map((c) => {
+            const checked = filters.category === c;
+            return (
+              <label
+                key={c}
+                className={
+                  "flex cursor-pointer items-center gap-1 rounded-full border px-3 py-1 text-sm transition " +
+                  (checked
+                    ? "border-emerald-600 bg-emerald-50 text-emerald-900"
+                    : "border-zinc-300 bg-white text-zinc-700 hover:border-zinc-400")
+                }
+              >
+                <input
+                  type="radio"
+                  name="category"
+                  value={c}
+                  defaultChecked={checked}
+                  className="sr-only"
+                />
+                {RENTAL_CATEGORY_LABEL[c]}
+              </label>
+            );
+          })}
+        </div>
+      </fieldset>
+
+      <div className="flex items-center gap-2">
+        <button type="submit" className="rounded-md bg-emerald-600 px-4 py-2 text-sm font-semibold text-white hover:bg-emerald-700">
+          Filtrer
+        </button>
+        <Link href="/materiel" className="text-sm text-zinc-500 hover:text-zinc-900">
+          Réinit.
+        </Link>
+      </div>
+    </form>
+  );
+}
diff --git a/src/app/materiel/_components/rental-item-card.tsx b/src/app/materiel/_components/rental-item-card.tsx
new file mode 100644
index 0000000..179750b
--- /dev/null
+++ b/src/app/materiel/_components/rental-item-card.tsx
@@ -0,0 +1,76 @@
+import Link from "next/link";
+
+import type { PublicRentalItem } from "@/lib/rentals-public";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+
+export function RentalItemCard({ item }: { item: PublicRentalItem }) {
+  return (
+    <Link
+      href={`/materiel/${item.id}`}
+      className="group flex flex-col overflow-hidden rounded-lg border border-zinc-200 bg-white shadow-sm transition hover:border-emerald-300 hover:shadow-md"
+    >
+      <div className="relative aspect-[4/3] bg-zinc-100">
+        {item.imageUrl ? (
+          // eslint-disable-next-line @next/next/no-img-element
+          <img
+            src={item.imageUrl}
+            alt={item.name}
+            loading="lazy"
+            className="h-full w-full object-cover transition group-hover:scale-[1.02]"
+          />
+        ) : (
+          <div className="flex h-full items-center justify-center text-4xl text-zinc-300">
+            {item.category === "SLEEP" ? "💤" :
+             item.category === "NAVIGATION" ? "🛶" :
+             item.category === "FISHING" ? "🎣" :
+             item.category === "COOKING" ? "🍳" : "🦺"}
+          </div>
+        )}
+        <span className="absolute left-2 top-2 rounded-full bg-white/90 px-2 py-0.5 text-[10px] font-semibold text-zinc-800 ring-1 ring-zinc-200">
+          {RENTAL_CATEGORY_LABEL[item.category]}
+        </span>
+        {item.provider.isSystemD ? (
+          <span className="absolute right-2 top-2 rounded-full bg-emerald-600 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-white">
+            Karbé
+          </span>
+        ) : null}
+      </div>
+      <div className="flex flex-1 flex-col p-3">
+        <h3 className="text-base font-semibold text-zinc-900 group-hover:text-emerald-700">
+          {item.name}
+        </h3>
+        <p className="mt-0.5 text-xs text-zinc-500">{item.provider.name}</p>
+        <p className="mt-1 line-clamp-2 text-xs text-zinc-600">{item.description ?? ""}</p>
+        <div className="mt-2 flex flex-wrap items-center gap-1.5 text-[10px]">
+          {item.withMotor ? (
+            <span className="rounded-full bg-zinc-100 px-1.5 py-0.5 text-zinc-700">⚙️ moteur</span>
+          ) : null}
+          {item.requiresLicense ? (
+            <span className="rounded-full bg-amber-50 px-1.5 py-0.5 text-amber-800">🪪 permis</span>
+          ) : null}
+          {item.fuelIncluded ? (
+            <span className="rounded-full bg-emerald-50 px-1.5 py-0.5 text-emerald-800">⛽ essence</span>
+          ) : null}
+          {Number(item.deposit) > 0 ? (
+            <span className="rounded-full bg-zinc-100 px-1.5 py-0.5 text-zinc-700">
+              Caution {Number(item.deposit).toFixed(0)} €
+            </span>
+          ) : null}
+        </div>
+        <div className="mt-3 flex items-baseline justify-between border-t border-zinc-100 pt-2">
+          <span>
+            <span className="text-lg font-semibold text-zinc-900">
+              {Number(item.pricePerDay).toFixed(0)} €
+            </span>
+            <span className="ml-1 text-xs text-zinc-500">/ jour</span>
+          </span>
+          {item.pricePerWeek ? (
+            <span className="text-[10px] text-zinc-500">
+              {Number(item.pricePerWeek).toFixed(0)} € / semaine
+            </span>
+          ) : null}
+        </div>
+      </div>
+    </Link>
+  );
+}
diff --git a/src/app/materiel/page.tsx b/src/app/materiel/page.tsx
new file mode 100644
index 0000000..f18f2ac
--- /dev/null
+++ b/src/app/materiel/page.tsx
@@ -0,0 +1,121 @@
+import type { Metadata } from "next";
+
+import { RentalCategory } from "@/generated/prisma/enums";
+import { isRentalCategory } from "@/lib/rental-category-labels";
+import {
+  listPublicProviders,
+  listPublicRentalItems,
+  listPublicRivers,
+} from "@/lib/rentals-public";
+
+import { RentalFilters } from "./_components/rental-filters";
+import { RentalItemCard } from "./_components/rental-item-card";
+
+export const dynamic = "force-dynamic";
+
+export const metadata: Metadata = {
+  title: "Louer du matériel",
+  description:
+    "Hamac, moustiquaire, pirogue, kayak, barque, gilet, réchaud… Toutes les locations de matériel pour réussir votre séjour en carbet guyanais, fournies par l'association System D et des prestataires locaux validés.",
+};
+
+type PageProps = {
+  searchParams: Promise<{
+    q?: string;
+    category?: string;
+    providerId?: string;
+    river?: string;
+  }>;
+};
+
+export default async function MaterialPage({ searchParams }: PageProps) {
+  const sp = await searchParams;
+  const filters = {
+    q: sp.q?.trim() || undefined,
+    category: sp.category && isRentalCategory(sp.category) ? (sp.category as RentalCategory) : undefined,
+    providerId: sp.providerId || undefined,
+    river: sp.river || undefined,
+  };
+  const [items, providers, rivers] = await Promise.all([
+    listPublicRentalItems(filters),
+    listPublicProviders(),
+    listPublicRivers(),
+  ]);
+
+  return (
+    <main className="mx-auto max-w-7xl px-6 py-10">
+      <header className="mb-6">
+        <h1 className="text-3xl font-semibold text-zinc-900 sm:text-4xl">
+          Matériel à louer
+        </h1>
+        <p className="mt-2 max-w-2xl text-sm text-zinc-600">
+          Hamac, moustiquaire, pirogue, kayak, barque, réchaud, gilet de sauvetage…
+          Tout le matériel pour réussir votre séjour, mis à disposition par
+          l&apos;<strong>association System D</strong> ou par des prestataires
+          locaux validés.
+        </p>
+      </header>
+
+      <RentalFilters filters={filters} rivers={rivers} providers={providers} />
+
+      <section className="mt-6" aria-live="polite">
+        <p className="mb-3 text-sm text-zinc-600">
+          {items.length} item{items.length > 1 ? "s" : ""} disponible
+          {items.length > 1 ? "s" : ""}
+        </p>
+        {items.length === 0 ? (
+          <div className="rounded-md border border-dashed border-zinc-300 px-6 py-12 text-center text-sm text-zinc-500">
+            Aucun item ne correspond à votre recherche. Essayez d&apos;élargir
+            les filtres.
+          </div>
+        ) : (
+          <ul className="grid gap-4 sm:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4">
+            {items.map((item) => (
+              <li key={item.id}>
+                <RentalItemCard item={item} />
+              </li>
+            ))}
+          </ul>
+        )}
+      </section>
+
+      {providers.length > 0 ? (
+        <section className="mt-12 border-t border-zinc-200 pt-8">
+          <h2 className="text-xl font-semibold text-zinc-900">
+            Nos prestataires partenaires
+          </h2>
+          <p className="mt-1 text-sm text-zinc-600">
+            {providers.length} prestataire{providers.length > 1 ? "s" : ""} valid
+            {providers.length > 1 ? "és" : "é"} sur Karbé.
+          </p>
+          <ul className="mt-4 grid gap-3 sm:grid-cols-2 lg:grid-cols-3">
+            {providers.map((p) => (
+              <li
+                key={p.id}
+                className="rounded-lg border border-zinc-200 bg-white p-4 shadow-sm"
+              >
+                <div className="flex items-baseline justify-between gap-2">
+                  <h3 className="text-base font-semibold text-zinc-900">{p.name}</h3>
+                  {p.isSystemD ? (
+                    <span className="rounded-full bg-emerald-600 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-white">
+                      Karbé
+                    </span>
+                  ) : null}
+                </div>
+                <p className="mt-1 text-xs text-zinc-500">
+                  Fleuves : {p.rivers.join(", ") || "—"} · {p.itemsCount} item
+                  {p.itemsCount > 1 ? "s" : ""}
+                </p>
+                {p.description ? (
+                  <p className="mt-2 line-clamp-3 text-xs text-zinc-600">
+                    {p.description}
+                  </p>
+                ) : null}
+              </li>
+            ))}
+          </ul>
+        </section>
+      ) : null}
+    </main>
+  );
+}
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
index 08ffe77..564c466 100644
--- a/src/components/SiteHeader.tsx
+++ b/src/components/SiteHeader.tsx
@@ -33,8 +33,8 @@ export async function SiteHeader() {
           <Link href="/carbets" className="hover:text-zinc-900">
             Catalogue
           </Link>
-          <Link href="/comment-ca-marche" className="hover:text-zinc-900">
-            Comment ça marche
+          <Link href="/materiel" className="hover:text-zinc-900">
+            Matériel
           </Link>
         </nav>
 
diff --git a/src/lib/rentals-public.ts b/src/lib/rentals-public.ts
new file mode 100644
index 0000000..af08f4a
--- /dev/null
+++ b/src/lib/rentals-public.ts
@@ -0,0 +1,181 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { RentalCategory } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export type PublicRentalFilters = {
+  q?: string;
+  category?: RentalCategory;
+  providerId?: string;
+  river?: string;
+};
+
+export type PublicRentalItem = {
+  id: string;
+  name: string;
+  description: string | null;
+  category: RentalCategory;
+  imageUrl: string | null;
+  pricePerDay: string;
+  pricePerWeek: string | null;
+  deposit: string;
+  totalQty: number;
+  withMotor: boolean;
+  fuelIncluded: boolean;
+  requiresLicense: boolean;
+  provider: {
+    id: string;
+    name: string;
+    isSystemD: boolean;
+    rivers: string[];
+  };
+};
+
+export async function listPublicRentalItems(
+  filters: PublicRentalFilters = {},
+): Promise<PublicRentalItem[]> {
+  const where: Prisma.RentalItemWhereInput = {
+    active: true,
+    provider: { active: true, approved: true },
+  };
+  if (filters.q) {
+    where.OR = [
+      { name: { contains: filters.q, mode: "insensitive" } },
+      { description: { contains: filters.q, mode: "insensitive" } },
+    ];
+  }
+  if (filters.category) where.category = filters.category;
+  if (filters.providerId) where.providerId = filters.providerId;
+  if (filters.river) {
+    where.provider = { active: true, approved: true, rivers: { has: filters.river } };
+  }
+
+  const rows = await prisma.rentalItem.findMany({
+    where,
+    orderBy: [{ category: "asc" }, { name: "asc" }],
+    take: 200,
+    include: {
+      provider: { select: { id: true, name: true, isSystemD: true, rivers: true } },
+    },
+  });
+  return rows.map((r) => ({
+    id: r.id,
+    name: r.name,
+    description: r.description,
+    category: r.category,
+    imageUrl: r.imageUrl,
+    pricePerDay: r.pricePerDay.toString(),
+    pricePerWeek: r.pricePerWeek?.toString() ?? null,
+    deposit: r.deposit.toString(),
+    totalQty: r.totalQty,
+    withMotor: r.withMotor,
+    fuelIncluded: r.fuelIncluded,
+    requiresLicense: r.requiresLicense,
+    provider: r.provider,
+  }));
+}
+
+export async function getPublicRentalItem(id: string) {
+  return prisma.rentalItem.findFirst({
+    where: { id, active: true, provider: { active: true, approved: true } },
+    include: {
+      provider: {
+        select: {
+          id: true,
+          name: true,
+          isSystemD: true,
+          rivers: true,
+          description: true,
+          contactEmail: true,
+          contactPhone: true,
+        },
+      },
+    },
+  });
+}
+
+export type PublicProvider = {
+  id: string;
+  name: string;
+  isSystemD: boolean;
+  rivers: string[];
+  itemsCount: number;
+  description: string | null;
+};
+
+export async function listPublicProviders(): Promise<PublicProvider[]> {
+  const rows = await prisma.rentalProvider.findMany({
+    where: { active: true, approved: true },
+    orderBy: [{ isSystemD: "desc" }, { name: "asc" }],
+    select: {
+      id: true,
+      name: true,
+      isSystemD: true,
+      rivers: true,
+      description: true,
+      _count: { select: { items: { where: { active: true } } } },
+    },
+  });
+  return rows.map((r) => ({
+    id: r.id,
+    name: r.name,
+    isSystemD: r.isSystemD,
+    rivers: r.rivers,
+    description: r.description,
+    itemsCount: r._count.items,
+  }));
+}
+
+export async function listPublicRivers(): Promise<string[]> {
+  const rows = await prisma.rentalProvider.findMany({
+    where: { active: true, approved: true },
+    select: { rivers: true },
+  });
+  const set = new Set<string>();
+  for (const r of rows) for (const x of r.rivers) set.add(x);
+  return Array.from(set).sort();
+}
+
+/**
+ * Calcule la disponibilité d'un item sur une plage : pour chaque jour, qty
+ * réservée (somme des RentalItemAvailability qui couvrent ce jour) vs
+ * totalQty. Renvoie la qty disponible jour par jour.
+ */
+export async function getItemAvailability(
+  itemId: string,
+  from: Date,
+  to: Date,
+): Promise<{ date: string; availableQty: number; bookedQty: number; totalQty: number }[]> {
+  const item = await prisma.rentalItem.findUnique({
+    where: { id: itemId },
+    select: { totalQty: true },
+  });
+  if (!item) return [];
+
+  const blocks = await prisma.rentalItemAvailability.findMany({
+    where: {
+      itemId,
+      startDate: { lt: to },
+      endDate: { gt: from },
+    },
+    select: { startDate: true, endDate: true, qty: true },
+  });
+
+  const days: { date: string; availableQty: number; bookedQty: number; totalQty: number }[] = [];
+  const DAY_MS = 86_400_000;
+  for (let t = from.getTime(); t < to.getTime(); t += DAY_MS) {
+    const dayStart = new Date(t);
+    const dayEnd = new Date(t + DAY_MS);
+    const booked = blocks
+      .filter((b) => b.startDate < dayEnd && b.endDate > dayStart)
+      .reduce((acc, b) => acc + b.qty, 0);
+    days.push({
+      date: dayStart.toISOString().slice(0, 10),
+      bookedQty: booked,
+      availableQty: Math.max(0, item.totalQty - booked),
+      totalQty: item.totalQty,
+    });
+  }
+  return days;
+}

From 59786e536565009a4bc412ddb8faa26770ca90e7 Mon Sep 17 00:00:00 2001
From: Claude Integration <claude@systemd.cosmolan.fr>
Date: Tue, 2 Jun 2026 08:01:42 +0000
Subject: [PATCH 31/47] =?UTF-8?q?feat(rental):=20Sprint=20C=20=E2=80=94=20?=
 =?UTF-8?q?espace=20prestataire=20(signup+dashboard+items+calendrier+r?=
 =?UTF-8?q?=C3=A9sa)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/api/signup/route.ts                   |  39 ++-
 src/app/espace-prestataire/actions.ts         | 237 ++++++++++++++++++
 .../_components/ItemBlocksManager.tsx         | 151 +++++++++++
 .../[itemId]/_components/ItemInlineDelete.tsx |  71 ++++++
 .../items/[itemId]/page.tsx                   | 107 ++++++++
 .../items/_components/ItemForm.tsx            | 133 ++++++++++
 src/app/espace-prestataire/items/new/page.tsx |  23 ++
 src/app/espace-prestataire/items/page.tsx     |  93 +++++++
 src/app/espace-prestataire/page.tsx           | 153 +++++++++++
 .../_components/BookingDecision.tsx           |  96 +++++++
 .../espace-prestataire/reservations/page.tsx  | 137 ++++++++++
 .../inscription/_components/SignupForm.tsx    |  77 +++++-
 src/components/SiteHeader.tsx                 |   6 +
 src/lib/email.ts                              |  21 ++
 src/lib/rental-access.ts                      |  54 ++++
 src/lib/rental-host.ts                        | 120 +++++++++
 16 files changed, 1509 insertions(+), 9 deletions(-)
 create mode 100644 src/app/espace-prestataire/actions.ts
 create mode 100644 src/app/espace-prestataire/items/[itemId]/_components/ItemBlocksManager.tsx
 create mode 100644 src/app/espace-prestataire/items/[itemId]/_components/ItemInlineDelete.tsx
 create mode 100644 src/app/espace-prestataire/items/[itemId]/page.tsx
 create mode 100644 src/app/espace-prestataire/items/_components/ItemForm.tsx
 create mode 100644 src/app/espace-prestataire/items/new/page.tsx
 create mode 100644 src/app/espace-prestataire/items/page.tsx
 create mode 100644 src/app/espace-prestataire/page.tsx
 create mode 100644 src/app/espace-prestataire/reservations/_components/BookingDecision.tsx
 create mode 100644 src/app/espace-prestataire/reservations/page.tsx
 create mode 100644 src/lib/rental-access.ts
 create mode 100644 src/lib/rental-host.ts

diff --git a/src/app/api/signup/route.ts b/src/app/api/signup/route.ts
index 1ded993..8953cf7 100644
--- a/src/app/api/signup/route.ts
+++ b/src/app/api/signup/route.ts
@@ -5,7 +5,7 @@ import { UserRole } from "@/generated/prisma/enums";
 import { hashPassword } from "@/lib/password";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
-import { sendSignupWelcome } from "@/lib/email";
+import { sendNewRentalProviderRequest, sendSignupWelcome } from "@/lib/email";
 import { rateLimitRequest } from "@/lib/rate-limit";
 
 export const runtime = "nodejs";
@@ -16,11 +16,14 @@ const schema = z.object({
   firstName: z.string().trim().min(1).max(100),
   lastName: z.string().trim().min(1).max(100),
   phone: z.string().trim().max(40).optional().nullable(),
-  role: z.enum([UserRole.TOURIST, UserRole.OWNER]).default(UserRole.TOURIST),
+  role: z
+    .enum([UserRole.TOURIST, UserRole.OWNER, UserRole.RENTAL_PROVIDER])
+    .default(UserRole.TOURIST),
+  providerName: z.string().trim().min(2).max(200).optional(),
+  providerRivers: z.array(z.string().trim().min(1).max(80)).max(20).optional(),
 });
 
 export async function POST(req: Request) {
-  // 5 inscriptions max par IP par heure.
   const rl = rateLimitRequest(req, "signup", 60 * 60 * 1000, 5);
   if (!rl.ok) {
     return NextResponse.json(
@@ -43,6 +46,10 @@ export async function POST(req: Request) {
   }
   const data = parsed.data;
 
+  if (data.role === UserRole.RENTAL_PROVIDER && (!data.providerName || data.providerName.trim().length < 2)) {
+    return NextResponse.json({ error: "Nom de votre activité requis." }, { status: 400 });
+  }
+
   const existing = await prisma.user.findUnique({ where: { email: data.email }, select: { id: true } });
   if (existing) {
     return NextResponse.json({ error: "Un compte existe déjà avec cet email." }, { status: 409 });
@@ -62,16 +69,36 @@ export async function POST(req: Request) {
     select: { id: true, email: true, role: true },
   });
 
+  // Pour un RENTAL_PROVIDER : crée le RentalProvider associé en attente d'approbation.
+  let createdProviderId: string | null = null;
+  if (user.role === UserRole.RENTAL_PROVIDER && data.providerName) {
+    const provider = await prisma.rentalProvider.create({
+      data: {
+        name: data.providerName,
+        isSystemD: false,
+        managedByUserId: user.id,
+        contactEmail: user.email,
+        contactPhone: data.phone?.trim() || null,
+        rivers: data.providerRivers ?? [],
+        commissionPct: 10, // valeur par défaut, ajustable par admin
+        active: true,
+        approved: false,
+      },
+      select: { id: true, name: true },
+    });
+    createdProviderId = provider.id;
+    sendNewRentalProviderRequest(provider.name, user.email).catch(() => {});
+  }
+
   await recordAudit({
     scope: "public.signup",
     event: "user.create",
     target: user.id,
     actorEmail: user.email,
-    details: { role: user.role },
+    details: { role: user.role, rentalProviderId: createdProviderId },
   });
 
-  // Best-effort welcome email.
   sendSignupWelcome(user.email, data.firstName).catch(() => {});
 
-  return NextResponse.json({ ok: true, userId: user.id });
+  return NextResponse.json({ ok: true, userId: user.id, providerId: createdProviderId });
 }
diff --git a/src/app/espace-prestataire/actions.ts b/src/app/espace-prestataire/actions.ts
new file mode 100644
index 0000000..2474e91
--- /dev/null
+++ b/src/app/espace-prestataire/actions.ts
@@ -0,0 +1,237 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+import { redirect } from "next/navigation";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { RentalBookingStatus, RentalCategory, UserRole } from "@/generated/prisma/enums";
+import { canManageRentalProvider, getCurrentRentalProvider } from "@/lib/rental-access";
+import { recordAudit } from "@/lib/admin/audit";
+import { prisma } from "@/lib/prisma";
+
+const itemSchema = z.object({
+  category: z.enum([
+    RentalCategory.SLEEP,
+    RentalCategory.NAVIGATION,
+    RentalCategory.FISHING,
+    RentalCategory.COOKING,
+    RentalCategory.SAFETY,
+  ]),
+  name: z.string().trim().min(2).max(200),
+  description: z.string().trim().max(5000).nullable().optional(),
+  imageUrl: z.string().trim().url().max(500).nullable().optional(),
+  pricePerDay: z.coerce.number().min(0).max(10000),
+  pricePerWeek: z.coerce.number().min(0).max(50000).nullable().optional(),
+  deposit: z.coerce.number().min(0).max(10000),
+  totalQty: z.coerce.number().int().min(1).max(1000),
+  withMotor: z.boolean(),
+  fuelIncluded: z.boolean(),
+  requiresLicense: z.boolean(),
+  active: z.boolean(),
+});
+
+async function requireOwnedProvider(): Promise<{ providerId: string; actorEmail: string | null }> {
+  const session = await auth();
+  if (!session?.user?.id) throw new Error("Non authentifié");
+  const provider = await getCurrentRentalProvider();
+  if (!provider) throw new Error("Aucun provider associé");
+  return { providerId: provider.id, actorEmail: session.user.email ?? null };
+}
+
+function parseItemFD(fd: FormData) {
+  const get = (k: string) => {
+    const v = (fd.get(k) as string | null) ?? "";
+    return v.trim() === "" ? null : v.trim();
+  };
+  return {
+    category: ((fd.get("category") as string | null) ?? "").trim(),
+    name: ((fd.get("name") as string | null) ?? "").trim(),
+    description: get("description"),
+    imageUrl: get("imageUrl"),
+    pricePerDay: fd.get("pricePerDay"),
+    pricePerWeek: get("pricePerWeek"),
+    deposit: fd.get("deposit") ?? "0",
+    totalQty: fd.get("totalQty") ?? "1",
+    withMotor: fd.get("withMotor") === "on",
+    fuelIncluded: fd.get("fuelIncluded") === "on",
+    requiresLicense: fd.get("requiresLicense") === "on",
+    active: fd.get("active") === "on",
+  };
+}
+
+export async function createHostItemAction(fd: FormData) {
+  const { providerId, actorEmail } = await requireOwnedProvider();
+  const parsed = itemSchema.safeParse(parseItemFD(fd));
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  const created = await prisma.rentalItem.create({ data: { ...parsed.data, providerId } });
+  await recordAudit({
+    scope: "host.rental-items",
+    event: "create",
+    target: created.id,
+    actorEmail,
+    details: { name: created.name, providerId },
+  });
+  revalidatePath("/espace-prestataire/items");
+  redirect(`/espace-prestataire/items/${created.id}`);
+}
+
+export async function updateHostItemAction(itemId: string, fd: FormData) {
+  const { providerId, actorEmail } = await requireOwnedProvider();
+  const session = await auth();
+  if (!(await canManageRentalProvider(session!.user.id, session?.user?.role, providerId))) {
+    return { ok: false as const, error: "Accès refusé" };
+  }
+  const existing = await prisma.rentalItem.findUnique({ where: { id: itemId }, select: { providerId: true } });
+  if (!existing || existing.providerId !== providerId) {
+    return { ok: false as const, error: "Item introuvable." };
+  }
+  const parsed = itemSchema.safeParse(parseItemFD(fd));
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  await prisma.rentalItem.update({ where: { id: itemId }, data: parsed.data });
+  await recordAudit({
+    scope: "host.rental-items",
+    event: "update",
+    target: itemId,
+    actorEmail,
+    details: { name: parsed.data.name },
+  });
+  revalidatePath("/espace-prestataire/items");
+  revalidatePath(`/espace-prestataire/items/${itemId}`);
+  return { ok: true as const };
+}
+
+export async function deleteHostItemAction(itemId: string) {
+  const { providerId, actorEmail } = await requireOwnedProvider();
+  const existing = await prisma.rentalItem.findUnique({
+    where: { id: itemId },
+    select: { providerId: true, _count: { select: { lines: true } } },
+  });
+  if (!existing || existing.providerId !== providerId) {
+    return { ok: false as const, error: "Item introuvable." };
+  }
+  if (existing._count.lines > 0) {
+    return { ok: false as const, error: "Impossible : item référencé par des locations." };
+  }
+  await prisma.rentalItem.delete({ where: { id: itemId } });
+  await recordAudit({
+    scope: "host.rental-items",
+    event: "delete",
+    target: itemId,
+    actorEmail,
+    details: {},
+  });
+  revalidatePath("/espace-prestataire/items");
+  redirect("/espace-prestataire/items");
+}
+
+const blockSchema = z.object({
+  startDate: z.string().regex(/^\d{4}-\d{2}-\d{2}$/),
+  endDate: z.string().regex(/^\d{4}-\d{2}-\d{2}$/),
+  qty: z.coerce.number().int().min(1).max(1000),
+  reason: z.enum(["MAINTENANCE", "MANUAL_BLOCK"]),
+});
+
+export async function addItemBlockAction(itemId: string, fd: FormData) {
+  const { providerId, actorEmail } = await requireOwnedProvider();
+  const existing = await prisma.rentalItem.findUnique({ where: { id: itemId }, select: { providerId: true } });
+  if (!existing || existing.providerId !== providerId) {
+    return { ok: false as const, error: "Item introuvable." };
+  }
+  const parsed = blockSchema.safeParse({
+    startDate: fd.get("startDate"),
+    endDate: fd.get("endDate"),
+    qty: fd.get("qty"),
+    reason: fd.get("reason"),
+  });
+  if (!parsed.success) {
+    return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
+  }
+  const start = new Date(`${parsed.data.startDate}T00:00:00.000Z`);
+  const end = new Date(`${parsed.data.endDate}T00:00:00.000Z`);
+  if (end <= start) return { ok: false as const, error: "Date de fin doit être après début." };
+
+  await prisma.rentalItemAvailability.create({
+    data: {
+      itemId,
+      startDate: start,
+      endDate: end,
+      qty: parsed.data.qty,
+      reason: parsed.data.reason,
+    },
+  });
+  await recordAudit({
+    scope: "host.rental-items",
+    event: "block.add",
+    target: itemId,
+    actorEmail,
+    details: { ...parsed.data },
+  });
+  revalidatePath(`/espace-prestataire/items/${itemId}`);
+  return { ok: true as const };
+}
+
+export async function removeItemBlockAction(blockId: string) {
+  const { providerId, actorEmail } = await requireOwnedProvider();
+  const block = await prisma.rentalItemAvailability.findUnique({
+    where: { id: blockId },
+    select: { itemId: true, rentalBookingId: true, item: { select: { providerId: true } } },
+  });
+  if (!block || block.item.providerId !== providerId) {
+    return { ok: false as const, error: "Blocage introuvable." };
+  }
+  if (block.rentalBookingId) {
+    return { ok: false as const, error: "Blocage lié à une réservation : annulez la réservation à la place." };
+  }
+  await prisma.rentalItemAvailability.delete({ where: { id: blockId } });
+  await recordAudit({
+    scope: "host.rental-items",
+    event: "block.remove",
+    target: blockId,
+    actorEmail,
+    details: { itemId: block.itemId },
+  });
+  revalidatePath(`/espace-prestataire/items/${block.itemId}`);
+  return { ok: true as const };
+}
+
+const statusSchema = z.enum([
+  RentalBookingStatus.PENDING,
+  RentalBookingStatus.CONFIRMED,
+  RentalBookingStatus.HANDED_OVER,
+  RentalBookingStatus.RETURNED,
+  RentalBookingStatus.CANCELLED,
+]);
+
+export async function updateBookingStatusAction(bookingId: string, status: string) {
+  const { providerId, actorEmail } = await requireOwnedProvider();
+  const session = await auth();
+  const role = session?.user?.role;
+  const parsed = statusSchema.safeParse(status);
+  if (!parsed.success) return { ok: false as const, error: "Statut invalide." };
+
+  const existing = await prisma.rentalBooking.findUnique({
+    where: { id: bookingId },
+    select: { providerId: true },
+  });
+  if (!existing || (existing.providerId !== providerId && role !== UserRole.ADMIN)) {
+    return { ok: false as const, error: "Réservation introuvable." };
+  }
+  await prisma.rentalBooking.update({
+    where: { id: bookingId },
+    data: { status: parsed.data },
+  });
+  await recordAudit({
+    scope: "host.rental-bookings",
+    event: "status.update",
+    target: bookingId,
+    actorEmail,
+    details: { status: parsed.data },
+  });
+  revalidatePath("/espace-prestataire/reservations");
+  return { ok: true as const };
+}
diff --git a/src/app/espace-prestataire/items/[itemId]/_components/ItemBlocksManager.tsx b/src/app/espace-prestataire/items/[itemId]/_components/ItemBlocksManager.tsx
new file mode 100644
index 0000000..e83e53b
--- /dev/null
+++ b/src/app/espace-prestataire/items/[itemId]/_components/ItemBlocksManager.tsx
@@ -0,0 +1,151 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+type Block = {
+  id: string;
+  startDate: string;
+  endDate: string;
+  qty: number;
+  reason: string;
+  isBooking: boolean;
+};
+
+type Props = {
+  blocks: Block[];
+  totalQty: number;
+  addAction: (fd: FormData) => Promise<{ ok: false; error: string } | { ok: true } | undefined>;
+  removeAction: (blockId: string) => Promise<{ ok: false; error: string } | { ok: true } | undefined>;
+};
+
+const REASON_LABEL: Record<string, string> = {
+  MAINTENANCE: "🔧 Maintenance",
+  MANUAL_BLOCK: "⛔ Blocage personnel",
+  RENTAL_BOOKING: "🛒 Réservation",
+};
+
+export function ItemBlocksManager({ blocks, totalQty, addAction, removeAction }: Props) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+
+  function onAdd(fd: FormData) {
+    setError(null);
+    startTransition(async () => {
+      const res = await addAction(fd);
+      if (res && res.ok === false) setError(res.error);
+      router.refresh();
+    });
+  }
+
+  function onRemove(blockId: string) {
+    setError(null);
+    startTransition(async () => {
+      const res = await removeAction(blockId);
+      if (res && res.ok === false) setError(res.error);
+      router.refresh();
+    });
+  }
+
+  return (
+    <div className="space-y-4">
+      <form action={onAdd} className="grid grid-cols-1 gap-2 rounded-md border border-zinc-200 bg-zinc-50 p-3 sm:grid-cols-5">
+        <fieldset disabled={pending} className="contents">
+          <label className="block text-xs">
+            <span className="text-zinc-600">Du</span>
+            <input
+              name="startDate"
+              type="date"
+              required
+              className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5 text-sm"
+            />
+          </label>
+          <label className="block text-xs">
+            <span className="text-zinc-600">Au</span>
+            <input
+              name="endDate"
+              type="date"
+              required
+              className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5 text-sm"
+            />
+          </label>
+          <label className="block text-xs">
+            <span className="text-zinc-600">Quantité</span>
+            <input
+              name="qty"
+              type="number"
+              min={1}
+              max={totalQty}
+              defaultValue={totalQty}
+              required
+              className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5 text-sm"
+            />
+          </label>
+          <label className="block text-xs">
+            <span className="text-zinc-600">Raison</span>
+            <select
+              name="reason"
+              defaultValue="MAINTENANCE"
+              className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5 text-sm"
+            >
+              <option value="MAINTENANCE">Maintenance</option>
+              <option value="MANUAL_BLOCK">Blocage perso</option>
+            </select>
+          </label>
+          <div className="flex items-end">
+            <button
+              type="submit"
+              className="w-full rounded-md bg-emerald-600 px-3 py-1.5 text-xs font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+            >
+              {pending ? "…" : "Ajouter blocage"}
+            </button>
+          </div>
+        </fieldset>
+      </form>
+
+      {error ? (
+        <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+      ) : null}
+
+      {blocks.length === 0 ? (
+        <p className="rounded border border-dashed border-zinc-200 px-3 py-6 text-center text-xs text-zinc-500">
+          Aucun blocage manuel. Toutes les dates sont disponibles.
+        </p>
+      ) : (
+        <ul className="space-y-1.5">
+          {blocks.map((b) => (
+            <li
+              key={b.id}
+              className={
+                "flex items-center justify-between gap-3 rounded-md border px-3 py-1.5 text-sm " +
+                (b.isBooking ? "border-sky-200 bg-sky-50" : "border-amber-200 bg-amber-50")
+              }
+            >
+              <div>
+                <span className="font-medium text-zinc-900">
+                  {b.startDate} → {b.endDate}
+                </span>
+                <span className="ml-2 text-xs text-zinc-600">
+                  {b.qty} unité{b.qty > 1 ? "s" : ""} · {REASON_LABEL[b.reason] ?? b.reason}
+                </span>
+              </div>
+              {!b.isBooking ? (
+                <button
+                  type="button"
+                  onClick={() => onRemove(b.id)}
+                  disabled={pending}
+                  className="text-xs font-semibold text-rose-700 hover:text-rose-900 disabled:opacity-50"
+                >
+                  Supprimer
+                </button>
+              ) : (
+                <span className="text-[10px] uppercase tracking-wider text-sky-700">Auto</span>
+              )}
+            </li>
+          ))}
+        </ul>
+      )}
+    </div>
+  );
+}
diff --git a/src/app/espace-prestataire/items/[itemId]/_components/ItemInlineDelete.tsx b/src/app/espace-prestataire/items/[itemId]/_components/ItemInlineDelete.tsx
new file mode 100644
index 0000000..bc81c8b
--- /dev/null
+++ b/src/app/espace-prestataire/items/[itemId]/_components/ItemInlineDelete.tsx
@@ -0,0 +1,71 @@
+"use client";
+
+import { useState, useTransition } from "react";
+
+type Props = {
+  canDelete: boolean;
+  deleteAction: () => Promise<{ ok: true } | { ok: false; error: string } | undefined | void>;
+};
+
+export function ItemInlineDelete({ canDelete, deleteAction }: Props) {
+  const [pending, startTransition] = useTransition();
+  const [confirm, setConfirm] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  function run() {
+    setError(null);
+    startTransition(async () => {
+      const res = await deleteAction();
+      if (res && (res as { ok?: boolean }).ok === false) {
+        setError((res as { error: string }).error);
+        setConfirm(false);
+      }
+    });
+  }
+
+  if (!canDelete) {
+    return (
+      <span className="rounded border border-zinc-200 bg-zinc-50 px-2 py-1 text-[11px] text-zinc-500">
+        Suppression impossible — item référencé par des locations
+      </span>
+    );
+  }
+
+  return (
+    <div className="flex flex-col items-end gap-1">
+      {confirm ? (
+        <div className="flex items-center gap-2 rounded border border-rose-300 bg-rose-50 px-2 py-1">
+          <span className="text-xs text-rose-900">Supprimer ?</span>
+          <button
+            type="button"
+            onClick={run}
+            disabled={pending}
+            className="rounded bg-rose-700 px-2 py-1 text-[11px] font-semibold text-white hover:bg-rose-800 disabled:opacity-50"
+          >
+            Oui
+          </button>
+          <button
+            type="button"
+            onClick={() => setConfirm(false)}
+            disabled={pending}
+            className="text-[11px] text-zinc-500 hover:text-zinc-900"
+          >
+            Annuler
+          </button>
+        </div>
+      ) : (
+        <button
+          type="button"
+          onClick={() => setConfirm(true)}
+          disabled={pending}
+          className="rounded-md border border-rose-300 bg-rose-50 px-3 py-1.5 text-xs font-semibold text-rose-700 hover:bg-rose-100 disabled:opacity-50"
+        >
+          Supprimer l&apos;item
+        </button>
+      )}
+      {error ? (
+        <div className="rounded border border-rose-200 bg-rose-50 px-2 py-1 text-xs text-rose-700">{error}</div>
+      ) : null}
+    </div>
+  );
+}
diff --git a/src/app/espace-prestataire/items/[itemId]/page.tsx b/src/app/espace-prestataire/items/[itemId]/page.tsx
new file mode 100644
index 0000000..699a8b0
--- /dev/null
+++ b/src/app/espace-prestataire/items/[itemId]/page.tsx
@@ -0,0 +1,107 @@
+import Link from "next/link";
+import { notFound, redirect } from "next/navigation";
+
+import { requireRentalProviderSession, getCurrentRentalProvider } from "@/lib/rental-access";
+import { getHostItem } from "@/lib/rental-host";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+
+import { HostItemForm } from "../_components/ItemForm";
+import { ItemBlocksManager } from "./_components/ItemBlocksManager";
+import { ItemInlineDelete } from "./_components/ItemInlineDelete";
+import {
+  addItemBlockAction,
+  deleteHostItemAction,
+  removeItemBlockAction,
+  updateHostItemAction,
+} from "../../actions";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = { params: Promise<{ itemId: string }> };
+
+export default async function EditHostItemPage({ params }: PageProps) {
+  await requireRentalProviderSession();
+  const provider = await getCurrentRentalProvider();
+  if (!provider) redirect("/admin/rental-providers");
+  const { itemId } = await params;
+  const item = await getHostItem(provider.id, itemId);
+  if (!item) notFound();
+
+  const updateThis = async (fd: FormData) => {
+    "use server";
+    return await updateHostItemAction(itemId, fd);
+  };
+  const deleteThis = async () => {
+    "use server";
+    return await deleteHostItemAction(itemId);
+  };
+  const addBlockThis = async (fd: FormData) => {
+    "use server";
+    return await addItemBlockAction(itemId, fd);
+  };
+  const removeBlockThis = async (blockId: string) => {
+    "use server";
+    return await removeItemBlockAction(blockId);
+  };
+
+  return (
+    <main className="mx-auto max-w-4xl px-6 py-10 space-y-6">
+      <header className="flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <Link href="/espace-prestataire/items" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Mes items
+          </Link>
+          <h1 className="mt-1 text-2xl font-semibold text-zinc-900">{item.name}</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            {RENTAL_CATEGORY_LABEL[item.category]} · Stock : {item.totalQty} · {item._count.lines} location(s) historique
+          </p>
+        </div>
+        <ItemInlineDelete deleteAction={deleteThis} canDelete={item._count.lines === 0} />
+      </header>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <HostItemForm
+          action={updateThis}
+          submitLabel="Enregistrer les modifications"
+          initial={{
+            category: item.category,
+            name: item.name,
+            description: item.description,
+            imageUrl: item.imageUrl,
+            pricePerDay: item.pricePerDay.toString(),
+            pricePerWeek: item.pricePerWeek?.toString() ?? null,
+            deposit: item.deposit.toString(),
+            totalQty: item.totalQty,
+            withMotor: item.withMotor,
+            fuelIncluded: item.fuelIncluded,
+            requiresLicense: item.requiresLicense,
+            active: item.active,
+          }}
+        />
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Calendrier de disponibilité
+        </h2>
+        <p className="mb-3 text-xs text-zinc-600">
+          Bloquez ici des dates pour maintenance, indisponibilité personnelle, etc. Les réservations
+          confirmées sont gérées automatiquement.
+        </p>
+        <ItemBlocksManager
+          blocks={item.availabilities.map((a) => ({
+            id: a.id,
+            startDate: a.startDate.toISOString().slice(0, 10),
+            endDate: a.endDate.toISOString().slice(0, 10),
+            qty: a.qty,
+            reason: a.reason,
+            isBooking: Boolean(a.rentalBookingId),
+          }))}
+          addAction={addBlockThis}
+          removeAction={removeBlockThis}
+          totalQty={item.totalQty}
+        />
+      </section>
+    </main>
+  );
+}
diff --git a/src/app/espace-prestataire/items/_components/ItemForm.tsx b/src/app/espace-prestataire/items/_components/ItemForm.tsx
new file mode 100644
index 0000000..c0033ad
--- /dev/null
+++ b/src/app/espace-prestataire/items/_components/ItemForm.tsx
@@ -0,0 +1,133 @@
+"use client";
+
+import { useState, useTransition } from "react";
+
+import { RENTAL_CATEGORY_LABEL, RENTAL_CATEGORIES } from "@/lib/rental-category-labels";
+
+const inputCls =
+  "mt-0.5 w-full rounded-md border border-zinc-300 px-3 py-2 text-sm focus:border-emerald-500 focus:outline-none";
+const labelCls = "block text-sm font-medium text-zinc-800";
+
+type Props = {
+  initial?: {
+    category?: string;
+    name?: string;
+    description?: string | null;
+    imageUrl?: string | null;
+    pricePerDay?: string | number;
+    pricePerWeek?: string | number | null;
+    deposit?: string | number;
+    totalQty?: number;
+    withMotor?: boolean;
+    fuelIncluded?: boolean;
+    requiresLicense?: boolean;
+    active?: boolean;
+  };
+  action: (fd: FormData) => Promise<{ ok: false; error: string } | { ok: true } | undefined>;
+  submitLabel?: string;
+};
+
+export function HostItemForm({ initial = {}, action, submitLabel = "Enregistrer" }: Props) {
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [success, setSuccess] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    setSuccess(null);
+    startTransition(async () => {
+      const res = await action(fd);
+      if (res && res.ok === false) setError(res.error);
+      else if (res && res.ok === true) setSuccess("Enregistré.");
+    });
+  }
+
+  return (
+    <form action={onSubmit} className="space-y-4">
+      <fieldset disabled={pending} className="space-y-4">
+        <div className="grid grid-cols-1 gap-3 sm:grid-cols-2">
+          <label className="block">
+            <span className={labelCls}>Catégorie</span>
+            <select name="category" defaultValue={initial.category ?? ""} required className={inputCls}>
+              <option value="" disabled>— sélectionner —</option>
+              {RENTAL_CATEGORIES.map((c) => (
+                <option key={c} value={c}>{RENTAL_CATEGORY_LABEL[c]}</option>
+              ))}
+            </select>
+          </label>
+          <label className="block">
+            <span className={labelCls}>Statut</span>
+            <label className="flex items-center gap-2 px-1 py-2 text-sm">
+              <input type="checkbox" name="active" defaultChecked={initial.active ?? true} className="h-4 w-4 rounded border-zinc-300" />
+              Actif (visible au catalogue)
+            </label>
+          </label>
+          <label className="block sm:col-span-2">
+            <span className={labelCls}>Nom de l&apos;item</span>
+            <input name="name" required maxLength={200} defaultValue={initial.name ?? ""} className={inputCls} placeholder="ex. Hamac coton large" />
+          </label>
+          <label className="block sm:col-span-2">
+            <span className={labelCls}>Description</span>
+            <textarea name="description" rows={3} maxLength={5000} defaultValue={initial.description ?? ""} className={inputCls} />
+          </label>
+          <label className="block">
+            <span className={labelCls}>URL image</span>
+            <input name="imageUrl" type="url" maxLength={500} defaultValue={initial.imageUrl ?? ""} className={inputCls} />
+          </label>
+          <label className="block">
+            <span className={labelCls}>Stock total (qté)</span>
+            <input name="totalQty" type="number" min={1} max={1000} defaultValue={initial.totalQty?.toString() ?? "1"} required className={inputCls} />
+          </label>
+          <label className="block">
+            <span className={labelCls}>Prix / jour (€)</span>
+            <input name="pricePerDay" type="number" min={0} step="0.5" defaultValue={initial.pricePerDay?.toString() ?? ""} required className={inputCls} />
+          </label>
+          <label className="block">
+            <span className={labelCls}>Prix / semaine (€)</span>
+            <input name="pricePerWeek" type="number" min={0} step="0.5" defaultValue={initial.pricePerWeek?.toString() ?? ""} className={inputCls} />
+          </label>
+          <label className="block">
+            <span className={labelCls}>Caution (€)</span>
+            <input name="deposit" type="number" min={0} step="1" defaultValue={initial.deposit?.toString() ?? "0"} className={inputCls} />
+          </label>
+        </div>
+
+        <fieldset className="rounded-lg border border-zinc-200 bg-zinc-50 p-3">
+          <legend className="px-1 text-xs font-semibold uppercase tracking-wider text-zinc-500">
+            Spécifications
+          </legend>
+          <div className="flex flex-wrap gap-4 pt-1 text-sm">
+            <label className="flex items-center gap-2">
+              <input type="checkbox" name="withMotor" defaultChecked={initial.withMotor ?? false} className="h-4 w-4 rounded border-zinc-300" />
+              Avec moteur
+            </label>
+            <label className="flex items-center gap-2">
+              <input type="checkbox" name="fuelIncluded" defaultChecked={initial.fuelIncluded ?? false} className="h-4 w-4 rounded border-zinc-300" />
+              Essence incluse
+            </label>
+            <label className="flex items-center gap-2">
+              <input type="checkbox" name="requiresLicense" defaultChecked={initial.requiresLicense ?? false} className="h-4 w-4 rounded border-zinc-300" />
+              Permis bateau requis
+            </label>
+          </div>
+        </fieldset>
+
+        {error ? (
+          <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
+        ) : null}
+        {success ? (
+          <div className="rounded border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">{success}</div>
+        ) : null}
+
+        <div className="flex items-center justify-end">
+          <button
+            type="submit"
+            className="rounded-md bg-emerald-600 px-5 py-2 text-sm font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+          >
+            {pending ? "Enregistrement…" : submitLabel}
+          </button>
+        </div>
+      </fieldset>
+    </form>
+  );
+}
diff --git a/src/app/espace-prestataire/items/new/page.tsx b/src/app/espace-prestataire/items/new/page.tsx
new file mode 100644
index 0000000..5431bdf
--- /dev/null
+++ b/src/app/espace-prestataire/items/new/page.tsx
@@ -0,0 +1,23 @@
+import Link from "next/link";
+
+import { requireRentalProviderSession } from "@/lib/rental-access";
+
+import { HostItemForm } from "../_components/ItemForm";
+import { createHostItemAction } from "../../actions";
+
+export const dynamic = "force-dynamic";
+
+export default async function NewHostItemPage() {
+  await requireRentalProviderSession();
+  return (
+    <main className="mx-auto max-w-3xl px-6 py-10">
+      <Link href="/espace-prestataire/items" className="text-xs text-zinc-500 hover:text-zinc-900">
+        ← Mes items
+      </Link>
+      <h1 className="mt-1 text-2xl font-semibold text-zinc-900">Nouvel item</h1>
+      <section className="mt-5 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <HostItemForm action={createHostItemAction} submitLabel="Créer l'item" initial={{ active: true, totalQty: 1 }} />
+      </section>
+    </main>
+  );
+}
diff --git a/src/app/espace-prestataire/items/page.tsx b/src/app/espace-prestataire/items/page.tsx
new file mode 100644
index 0000000..355a5ae
--- /dev/null
+++ b/src/app/espace-prestataire/items/page.tsx
@@ -0,0 +1,93 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { requireRentalProviderSession, getCurrentRentalProvider } from "@/lib/rental-access";
+import { listHostItems } from "@/lib/rental-host";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+
+export const dynamic = "force-dynamic";
+
+export default async function HostItemsPage() {
+  await requireRentalProviderSession();
+  const provider = await getCurrentRentalProvider();
+  if (!provider) redirect("/admin/rental-providers");
+
+  const items = await listHostItems(provider.id);
+
+  return (
+    <main className="mx-auto max-w-6xl px-6 py-10">
+      <header className="mb-5 flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <Link href="/espace-prestataire" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Dashboard
+          </Link>
+          <h1 className="mt-1 text-2xl font-semibold text-zinc-900">Mes items locables</h1>
+          <p className="mt-1 text-sm text-zinc-500">{items.length} item{items.length > 1 ? "s" : ""}</p>
+        </div>
+        <Link
+          href="/espace-prestataire/items/new"
+          className="rounded-md bg-emerald-600 px-3 py-1.5 text-sm font-semibold text-white hover:bg-emerald-700"
+        >
+          + Nouvel item
+        </Link>
+      </header>
+
+      {items.length === 0 ? (
+        <div className="rounded-lg border border-dashed border-zinc-300 px-6 py-12 text-center text-sm text-zinc-500">
+          Pas encore d&apos;item.{" "}
+          <Link href="/espace-prestataire/items/new" className="text-emerald-700 underline">
+            Créer mon premier item
+          </Link>
+        </div>
+      ) : (
+        <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+          <table className="w-full text-sm">
+            <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+              <tr>
+                <th className="px-4 py-2 text-left font-semibold">Nom</th>
+                <th className="px-4 py-2 text-left font-semibold">Catégorie</th>
+                <th className="px-4 py-2 text-right font-semibold">€/j</th>
+                <th className="px-4 py-2 text-right font-semibold">Stock</th>
+                <th className="px-4 py-2 text-right font-semibold">Caution</th>
+                <th className="px-4 py-2 text-right font-semibold">Résa</th>
+                <th className="px-4 py-2 text-left font-semibold">État</th>
+              </tr>
+            </thead>
+            <tbody className="divide-y divide-zinc-100">
+              {items.map((i) => (
+                <tr key={i.id} className="hover:bg-zinc-50">
+                  <td className="px-4 py-2">
+                    <Link href={`/espace-prestataire/items/${i.id}`} className="font-medium text-zinc-900 hover:underline">
+                      {i.name}
+                    </Link>
+                    <div className="text-[11px] text-zinc-500">
+                      {i.withMotor ? "⚙️ moteur · " : ""}
+                      {i.requiresLicense ? "🪪 permis · " : ""}
+                      {i.fuelIncluded ? "⛽ essence " : ""}
+                    </div>
+                  </td>
+                  <td className="px-4 py-2 text-zinc-700">{RENTAL_CATEGORY_LABEL[i.category]}</td>
+                  <td className="px-4 py-2 text-right font-mono text-zinc-700">{Number(i.pricePerDay).toFixed(0)}</td>
+                  <td className="px-4 py-2 text-right font-mono text-zinc-700">{i.totalQty}</td>
+                  <td className="px-4 py-2 text-right font-mono text-zinc-700">{Number(i.deposit).toFixed(0)}</td>
+                  <td className="px-4 py-2 text-right font-mono text-zinc-700">{i._count.lines}</td>
+                  <td className="px-4 py-2">
+                    {i.active ? (
+                      <span className="rounded-full bg-emerald-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                        Actif
+                      </span>
+                    ) : (
+                      <span className="rounded-full bg-zinc-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-zinc-500 ring-1 ring-inset ring-zinc-300">
+                        Inactif
+                      </span>
+                    )}
+                  </td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        </div>
+      )}
+    </main>
+  );
+}
diff --git a/src/app/espace-prestataire/page.tsx b/src/app/espace-prestataire/page.tsx
new file mode 100644
index 0000000..620aa63
--- /dev/null
+++ b/src/app/espace-prestataire/page.tsx
@@ -0,0 +1,153 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { requireRentalProviderSession, getCurrentRentalProvider } from "@/lib/rental-access";
+import { getHostRentalKpis } from "@/lib/rental-host";
+
+export const dynamic = "force-dynamic";
+
+function fmtEur(amount: string | number): string {
+  const n = Number(amount);
+  return n.toLocaleString("fr-FR", { style: "currency", currency: "EUR" });
+}
+
+const dateFmt = new Intl.DateTimeFormat("fr-FR", {
+  day: "2-digit",
+  month: "long",
+  year: "numeric",
+});
+
+export default async function ProviderDashboardPage() {
+  await requireRentalProviderSession();
+  const provider = await getCurrentRentalProvider();
+  if (!provider) {
+    // Admin sans providerId ciblé : redirect vers liste admin
+    redirect("/admin/rental-providers");
+  }
+
+  const kpis = await getHostRentalKpis(provider.id);
+
+  return (
+    <main className="mx-auto max-w-6xl px-6 py-10">
+      <header className="mb-6 flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <h1 className="text-3xl font-semibold text-zinc-900">Espace prestataire</h1>
+          <p className="mt-1 text-sm text-zinc-600">
+            {provider.name}
+            {provider.isSystemD ? " · Fournisseur officiel Karbé" : ""}
+          </p>
+        </div>
+        <div className="flex gap-2">
+          <Link
+            href="/espace-prestataire/items/new"
+            className="rounded-md bg-emerald-600 px-3 py-1.5 text-sm font-semibold text-white hover:bg-emerald-700"
+          >
+            + Nouvel item
+          </Link>
+          <Link
+            href="/espace-prestataire/items"
+            className="rounded-md border border-zinc-300 bg-white px-3 py-1.5 text-sm text-zinc-700 hover:bg-zinc-50"
+          >
+            Mes items
+          </Link>
+          <Link
+            href="/espace-prestataire/reservations"
+            className="rounded-md border border-zinc-300 bg-white px-3 py-1.5 text-sm text-zinc-700 hover:bg-zinc-50"
+          >
+            Réservations
+          </Link>
+        </div>
+      </header>
+
+      {!provider.approved ? (
+        <div className="mb-6 rounded-lg border border-amber-300 bg-amber-50 p-4">
+          <div className="text-xs uppercase tracking-wider text-amber-900">Compte en attente de validation</div>
+          <p className="mt-1 text-sm text-amber-900">
+            Vos items ne sont <strong>pas encore visibles</strong> sur le catalogue public.
+            L&apos;équipe Karbé contactera bientôt {provider.contactEmail ?? "votre email"} pour finaliser
+            votre adhésion. Vous pouvez toutefois préparer vos items dès maintenant.
+          </p>
+        </div>
+      ) : null}
+
+      <section className="mb-6 grid grid-cols-2 gap-3 sm:grid-cols-3 lg:grid-cols-6">
+        <Kpi label="CA total" value={fmtEur(kpis.revenueTotal)} />
+        <Kpi label="CA 30 j" value={fmtEur(kpis.revenue30d)} />
+        <Kpi
+          label="À confirmer"
+          value={String(kpis.bookingsPending)}
+          tone={kpis.bookingsPending > 0 ? "warn" : "neutral"}
+        />
+        <Kpi label="Confirmées à venir" value={String(kpis.bookingsConfirmed)} />
+        <Kpi label="Items au catalogue" value={String(kpis.itemsActive)} />
+        <Kpi label="Items total" value={String(kpis.itemsTotal)} />
+      </section>
+
+      {kpis.nextHandover ? (
+        <section className="mb-6 rounded-lg border border-emerald-300 bg-emerald-50 p-4">
+          <div className="text-xs uppercase tracking-wider text-emerald-700">Prochaine remise</div>
+          <div className="mt-1 text-base font-semibold text-emerald-900">
+            {kpis.nextHandover.tenantName} · {kpis.nextHandover.lineCount} ligne(s)
+          </div>
+          <div className="text-sm text-emerald-800">
+            {dateFmt.format(kpis.nextHandover.startDate)}
+          </div>
+          <Link
+            href={`/espace-prestataire/reservations`}
+            className="mt-2 inline-block text-xs font-semibold text-emerald-900 underline"
+          >
+            Voir le détail →
+          </Link>
+        </section>
+      ) : null}
+
+      <section>
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">Mon activité</h2>
+        <ul className="space-y-2 text-sm">
+          <li className="rounded border border-zinc-200 bg-white px-3 py-2">
+            <span className="text-zinc-500">Fleuves desservis :</span>{" "}
+            <strong className="text-zinc-900">{provider.rivers.join(", ") || "—"}</strong>
+          </li>
+          <li className="rounded border border-zinc-200 bg-white px-3 py-2">
+            <span className="text-zinc-500">Commission Karbé :</span>{" "}
+            <strong className="text-zinc-900">{Number(provider.commissionPct).toFixed(1)}%</strong>
+          </li>
+          <li className="rounded border border-zinc-200 bg-white px-3 py-2">
+            <span className="text-zinc-500">Statut :</span>{" "}
+            <strong className="text-zinc-900">{provider.active ? "Actif" : "Inactif"}</strong>
+            {" · "}
+            <strong className="text-zinc-900">{provider.approved ? "Approuvé" : "En attente"}</strong>
+          </li>
+        </ul>
+      </section>
+    </main>
+  );
+}
+
+function Kpi({
+  label,
+  value,
+  tone = "neutral",
+}: {
+  label: string;
+  value: string;
+  tone?: "neutral" | "warn";
+}) {
+  return (
+    <div
+      className={
+        "rounded-lg border bg-white p-3 shadow-sm " +
+        (tone === "warn" ? "border-amber-300" : "border-zinc-200")
+      }
+    >
+      <div className="text-[11px] uppercase tracking-wider text-zinc-500">{label}</div>
+      <div
+        className={
+          "mt-1 text-xl font-semibold " + (tone === "warn" ? "text-amber-700" : "text-zinc-900")
+        }
+      >
+        {value}
+      </div>
+    </div>
+  );
+}
diff --git a/src/app/espace-prestataire/reservations/_components/BookingDecision.tsx b/src/app/espace-prestataire/reservations/_components/BookingDecision.tsx
new file mode 100644
index 0000000..2d6fa77
--- /dev/null
+++ b/src/app/espace-prestataire/reservations/_components/BookingDecision.tsx
@@ -0,0 +1,96 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+import { RentalBookingStatus } from "@/generated/prisma/enums";
+
+import { updateBookingStatusAction } from "../../actions";
+
+const btnBase =
+  "rounded-md px-3 py-1.5 text-xs font-semibold transition disabled:opacity-50";
+
+export function BookingDecision({ bookingId, status }: { bookingId: string; status: string }) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [confirmCancel, setConfirmCancel] = useState(false);
+
+  function set(next: string) {
+    setError(null);
+    startTransition(async () => {
+      const res = await updateBookingStatusAction(bookingId, next);
+      if (res && res.ok === false) setError(res.error);
+      setConfirmCancel(false);
+      router.refresh();
+    });
+  }
+
+  return (
+    <div className="flex flex-wrap items-center gap-2">
+      {status === RentalBookingStatus.PENDING ? (
+        <button
+          type="button"
+          onClick={() => set(RentalBookingStatus.CONFIRMED)}
+          disabled={pending}
+          className={`${btnBase} bg-emerald-600 text-white hover:bg-emerald-700`}
+        >
+          Confirmer
+        </button>
+      ) : null}
+      {status === RentalBookingStatus.CONFIRMED ? (
+        <button
+          type="button"
+          onClick={() => set(RentalBookingStatus.HANDED_OVER)}
+          disabled={pending}
+          className={`${btnBase} bg-emerald-600 text-white hover:bg-emerald-700`}
+        >
+          Marquer remis client
+        </button>
+      ) : null}
+      {status === RentalBookingStatus.HANDED_OVER ? (
+        <button
+          type="button"
+          onClick={() => set(RentalBookingStatus.RETURNED)}
+          disabled={pending}
+          className={`${btnBase} bg-emerald-600 text-white hover:bg-emerald-700`}
+        >
+          Marquer retourné
+        </button>
+      ) : null}
+      {status !== RentalBookingStatus.CANCELLED && status !== RentalBookingStatus.RETURNED ? (
+        confirmCancel ? (
+          <div className="flex items-center gap-1.5 rounded border border-rose-300 bg-rose-50 px-2 py-1">
+            <span className="text-xs text-rose-900">Annuler ?</span>
+            <button
+              type="button"
+              onClick={() => set(RentalBookingStatus.CANCELLED)}
+              disabled={pending}
+              className="rounded bg-rose-700 px-2 py-1 text-[11px] font-semibold text-white hover:bg-rose-800 disabled:opacity-50"
+            >
+              Oui
+            </button>
+            <button
+              type="button"
+              onClick={() => setConfirmCancel(false)}
+              disabled={pending}
+              className="text-[11px] text-zinc-500 hover:text-zinc-900"
+            >
+              Non
+            </button>
+          </div>
+        ) : (
+          <button
+            type="button"
+            onClick={() => setConfirmCancel(true)}
+            disabled={pending}
+            className={`${btnBase} border border-rose-300 bg-white text-rose-700 hover:bg-rose-50`}
+          >
+            Annuler
+          </button>
+        )
+      ) : null}
+      {error ? <span className="text-xs text-rose-700">{error}</span> : null}
+    </div>
+  );
+}
diff --git a/src/app/espace-prestataire/reservations/page.tsx b/src/app/espace-prestataire/reservations/page.tsx
new file mode 100644
index 0000000..b66f063
--- /dev/null
+++ b/src/app/espace-prestataire/reservations/page.tsx
@@ -0,0 +1,137 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { RentalBookingStatus } from "@/generated/prisma/enums";
+import { requireRentalProviderSession, getCurrentRentalProvider } from "@/lib/rental-access";
+import { listHostBookings } from "@/lib/rental-host";
+import { RENTAL_STATUS_LABEL } from "@/lib/admin/rental-bookings";
+
+import { BookingDecision } from "./_components/BookingDecision";
+
+export const dynamic = "force-dynamic";
+
+const STATUS_VALUES = new Set<string>([
+  RentalBookingStatus.PENDING,
+  RentalBookingStatus.CONFIRMED,
+  RentalBookingStatus.HANDED_OVER,
+  RentalBookingStatus.RETURNED,
+  RentalBookingStatus.CANCELLED,
+]);
+
+type PageProps = {
+  searchParams: Promise<{ status?: string }>;
+};
+
+const dateFmt = new Intl.DateTimeFormat("fr-FR", {
+  day: "2-digit",
+  month: "short",
+  year: "2-digit",
+});
+
+export default async function HostReservationsPage({ searchParams }: PageProps) {
+  await requireRentalProviderSession();
+  const provider = await getCurrentRentalProvider();
+  if (!provider) redirect("/admin/rental-providers");
+  const sp = await searchParams;
+  const status = STATUS_VALUES.has(sp.status ?? "")
+    ? (sp.status as RentalBookingStatus)
+    : undefined;
+
+  const bookings = await listHostBookings(provider.id, { status });
+
+  return (
+    <main className="mx-auto max-w-6xl px-6 py-10">
+      <header className="mb-5 flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <Link href="/espace-prestataire" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Dashboard
+          </Link>
+          <h1 className="mt-1 text-2xl font-semibold text-zinc-900">Réservations</h1>
+          <p className="mt-1 text-sm text-zinc-500">{bookings.length} résultat{bookings.length > 1 ? "s" : ""}</p>
+        </div>
+        <form method="get" className="flex items-center gap-2 text-sm">
+          <select
+            name="status"
+            defaultValue={status ?? ""}
+            className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-emerald-500 focus:outline-none"
+          >
+            <option value="">Tous statuts</option>
+            {Object.values(RentalBookingStatus).map((s) => (
+              <option key={s} value={s}>{RENTAL_STATUS_LABEL[s]}</option>
+            ))}
+          </select>
+          <button type="submit" className="rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-zinc-800">
+            Filtrer
+          </button>
+        </form>
+      </header>
+
+      {bookings.length === 0 ? (
+        <div className="rounded-lg border border-dashed border-zinc-300 px-6 py-12 text-center text-sm text-zinc-500">
+          Aucune réservation matériel.
+        </div>
+      ) : (
+        <ul className="space-y-3">
+          {bookings.map((b) => (
+            <li key={b.id} className="rounded-lg border border-zinc-200 bg-white p-4 shadow-sm">
+              <div className="flex flex-wrap items-baseline justify-between gap-2">
+                <div>
+                  <h2 className="text-base font-semibold text-zinc-900">
+                    {b.tenant.firstName} {b.tenant.lastName}
+                  </h2>
+                  <p className="text-xs text-zinc-500">
+                    {b.tenant.email}
+                    {b.tenant.phone ? ` · ${b.tenant.phone}` : ""}
+                  </p>
+                  {b.booking ? (
+                    <p className="mt-0.5 text-xs text-emerald-700">
+                      🏠 Lié à la résa carbet :{" "}
+                      <Link href={`/reservations/${b.booking.id}`} className="underline">
+                        {b.booking.carbet.title}
+                      </Link>
+                    </p>
+                  ) : (
+                    <p className="mt-0.5 text-xs text-zinc-500">Location standalone (sans carbet)</p>
+                  )}
+                </div>
+                <div className="text-right">
+                  <div className="text-xs text-zinc-500">
+                    {dateFmt.format(b.startDate)} → {dateFmt.format(b.endDate)}
+                  </div>
+                  <div className="font-mono text-base font-semibold text-zinc-900">
+                    {Number(b.amount).toFixed(2)} {b.currency}
+                  </div>
+                </div>
+              </div>
+
+              <ul className="mt-2 space-y-1 border-t border-zinc-100 pt-2 text-sm text-zinc-700">
+                {b.lines.map((l) => (
+                  <li key={l.id} className="flex items-center justify-between">
+                    <span>
+                      {l.qty}× <strong>{l.item.name}</strong>
+                    </span>
+                    <span className="font-mono text-xs text-zinc-600">
+                      {Number(l.lineTotal).toFixed(2)} €
+                    </span>
+                  </li>
+                ))}
+              </ul>
+
+              <div className="mt-3 flex flex-wrap items-center justify-between gap-2 border-t border-zinc-100 pt-2">
+                <div className="flex flex-wrap items-center gap-2 text-xs">
+                  <span className="rounded-full bg-zinc-100 px-2 py-0.5 font-semibold uppercase tracking-wider text-zinc-700 ring-1 ring-inset ring-zinc-300">
+                    {RENTAL_STATUS_LABEL[b.status]}
+                  </span>
+                  <span className="rounded-full bg-zinc-100 px-2 py-0.5 font-semibold uppercase tracking-wider text-zinc-700 ring-1 ring-inset ring-zinc-300">
+                    {b.paymentStatus}
+                  </span>
+                </div>
+                <BookingDecision bookingId={b.id} status={b.status} />
+              </div>
+            </li>
+          ))}
+        </ul>
+      )}
+    </main>
+  );
+}
diff --git a/src/app/inscription/_components/SignupForm.tsx b/src/app/inscription/_components/SignupForm.tsx
index 2ffd914..6f8f7bd 100644
--- a/src/app/inscription/_components/SignupForm.tsx
+++ b/src/app/inscription/_components/SignupForm.tsx
@@ -10,7 +10,9 @@ export function SignupForm({ next }: Props) {
   const router = useRouter();
   const [pending, startTransition] = useTransition();
   const [error, setError] = useState<string | null>(null);
-  const [role, setRole] = useState<"TOURIST" | "OWNER">("TOURIST");
+  const [role, setRole] = useState<"TOURIST" | "OWNER" | "RENTAL_PROVIDER">("TOURIST");
+  const [providerName, setProviderName] = useState("");
+  const [providerRivers, setProviderRivers] = useState("");
 
   function onSubmit(formData: FormData) {
     setError(null);
@@ -24,12 +26,31 @@ export function SignupForm({ next }: Props) {
       setError("Le mot de passe doit faire au moins 8 caractères.");
       return;
     }
+    if (role === "RENTAL_PROVIDER" && providerName.trim().length < 2) {
+      setError("Le nom de votre activité de loueur est requis.");
+      return;
+    }
 
     startTransition(async () => {
+      const body: Record<string, unknown> = {
+        email,
+        password,
+        firstName,
+        lastName,
+        phone: phone || null,
+        role,
+      };
+      if (role === "RENTAL_PROVIDER") {
+        body.providerName = providerName.trim();
+        body.providerRivers = providerRivers
+          .split(/[,;\n]/)
+          .map((s) => s.trim())
+          .filter((s) => s.length > 0);
+      }
       const res = await fetch("/api/signup", {
         method: "POST",
         headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ email, password, firstName, lastName, phone: phone || null, role }),
+        body: JSON.stringify(body),
       });
       const json = await res.json().catch(() => ({}));
       if (!res.ok) {
@@ -91,7 +112,7 @@ export function SignupForm({ next }: Props) {
 
         <fieldset className="space-y-1">
           <legend className="text-xs text-zinc-600">Type de compte</legend>
-          <div className="grid grid-cols-2 gap-2 pt-1">
+          <div className="grid grid-cols-1 gap-2 pt-1 sm:grid-cols-3">
             <label
               className={
                 "flex cursor-pointer flex-col items-start rounded-md border px-3 py-2 text-sm " +
@@ -130,9 +151,59 @@ export function SignupForm({ next }: Props) {
               <span className="font-semibold text-zinc-900">Hôte</span>
               <span className="text-[11px] text-zinc-500">Publier un carbet.</span>
             </label>
+            <label
+              className={
+                "flex cursor-pointer flex-col items-start rounded-md border px-3 py-2 text-sm " +
+                (role === "RENTAL_PROVIDER"
+                  ? "border-zinc-900 bg-zinc-50 ring-1 ring-zinc-900"
+                  : "border-zinc-300 hover:bg-zinc-50")
+              }
+            >
+              <input
+                type="radio"
+                name="role"
+                value="RENTAL_PROVIDER"
+                checked={role === "RENTAL_PROVIDER"}
+                onChange={() => setRole("RENTAL_PROVIDER")}
+                className="sr-only"
+              />
+              <span className="font-semibold text-zinc-900">Loueur matériel</span>
+              <span className="text-[11px] text-zinc-500">Hamac, pirogue, kayak…</span>
+            </label>
           </div>
         </fieldset>
 
+        {role === "RENTAL_PROVIDER" ? (
+          <div className="space-y-2 rounded-md border border-emerald-200 bg-emerald-50/30 p-3">
+            <p className="text-[11px] text-emerald-900">
+              Votre compte sera créé en <strong>attente de validation</strong>. Un admin Karbé
+              vous contactera pour confirmer votre activité avant publication de vos items.
+            </p>
+            <label className="block">
+              <span className="text-xs text-zinc-600">Nom de votre activité</span>
+              <input
+                type="text"
+                value={providerName}
+                onChange={(e) => setProviderName(e.target.value)}
+                placeholder="ex. Pirogues du Bas-Oyapock"
+                maxLength={200}
+                className={inputCls + " mt-0.5"}
+              />
+            </label>
+            <label className="block">
+              <span className="text-xs text-zinc-600">Fleuves desservis (séparés par virgule)</span>
+              <input
+                type="text"
+                value={providerRivers}
+                onChange={(e) => setProviderRivers(e.target.value)}
+                placeholder="Maroni, Oyapock"
+                maxLength={300}
+                className={inputCls + " mt-0.5"}
+              />
+            </label>
+          </div>
+        ) : null}
+
         {error ? (
           <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-sm text-rose-700">{error}</div>
         ) : null}
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
index 564c466..f823a9e 100644
--- a/src/components/SiteHeader.tsx
+++ b/src/components/SiteHeader.tsx
@@ -15,6 +15,7 @@ export async function SiteHeader() {
   const u = session?.user;
   const isAdmin = u?.role === UserRole.ADMIN;
   const isOwner = u?.role === UserRole.OWNER || isAdmin;
+  const isRentalProvider = u?.role === UserRole.RENTAL_PROVIDER || isAdmin;
 
   return (
     <header className="sticky top-0 z-30 border-b border-zinc-200 bg-white/85 backdrop-blur supports-[backdrop-filter]:bg-white/70">
@@ -55,6 +56,11 @@ export async function SiteHeader() {
                   Espace hôte
                 </Link>
               ) : null}
+              {isRentalProvider ? (
+                <Link href="/espace-prestataire" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
+                  Espace prestataire
+                </Link>
+              ) : null}
               {isAdmin ? (
                 <Link href="/admin" className="hidden rounded-md bg-zinc-900 px-2.5 py-1 text-xs font-semibold text-white hover:bg-zinc-800 sm:inline-block">
                   Admin
diff --git a/src/lib/email.ts b/src/lib/email.ts
index 4652796..a2dc4e6 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -186,6 +186,27 @@ export async function sendBookingConfirmed(
   });
 }
 
+export async function sendNewRentalProviderRequest(
+  providerName: string,
+  userEmail: string,
+): Promise<void> {
+  const adminEmail = process.env.ADMIN_NOTIFICATION_EMAIL ?? "contact@karbe.cosmolan.fr";
+  await sendEmail({
+    to: adminEmail,
+    subject: `Nouvelle demande prestataire matériel — ${providerName}`,
+    html: wrap(
+      "Demande de prestataire à valider",
+      `<p>Une demande d'inscription en tant que prestataire de location matériel vient d'arriver.</p>
+       <ul>
+         <li>Nom : <strong>${providerName}</strong></li>
+         <li>Email contact : ${userEmail}</li>
+       </ul>
+       <p><a href="${SITE_URL}/admin/rental-providers" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Valider sur l'admin Karbé</a></p>
+       <p style="font-size:12px;color:#71717a;">Le prestataire reste en attente jusqu'à validation. Ses items ne sont pas publiés tant que <code>approved=false</code>.</p>`,
+    ),
+  });
+}
+
 export async function sendPasswordReset(
   to: string,
   resetUrl: string,
diff --git a/src/lib/rental-access.ts b/src/lib/rental-access.ts
new file mode 100644
index 0000000..95ec6e6
--- /dev/null
+++ b/src/lib/rental-access.ts
@@ -0,0 +1,54 @@
+import "server-only";
+
+import { redirect } from "next/navigation";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export async function requireRentalProviderSession() {
+  const session = await auth();
+  if (!session?.user?.id) {
+    redirect("/connexion?next=/espace-prestataire");
+  }
+  const role = session.user.role;
+  if (role !== UserRole.RENTAL_PROVIDER && role !== UserRole.ADMIN) {
+    redirect("/");
+  }
+  return session;
+}
+
+/**
+ * Récupère le RentalProvider géré par l'utilisateur.
+ * Si ADMIN, on retourne soit le provider explicitement ciblé (param `providerId`),
+ * soit null pour forcer le choix.
+ */
+export async function getCurrentRentalProvider(opts: { providerId?: string } = {}) {
+  const session = await auth();
+  if (!session?.user?.id) return null;
+  const role = session.user.role;
+
+  if (role === UserRole.ADMIN && opts.providerId) {
+    return prisma.rentalProvider.findUnique({ where: { id: opts.providerId } });
+  }
+  if (role === UserRole.ADMIN && !opts.providerId) {
+    return null;
+  }
+  // RENTAL_PROVIDER : retourne le provider lié
+  return prisma.rentalProvider.findFirst({
+    where: { managedByUserId: session.user.id },
+  });
+}
+
+export async function canManageRentalProvider(
+  userId: string,
+  role: string | undefined,
+  providerId: string,
+): Promise<boolean> {
+  if (role === UserRole.ADMIN) return true;
+  const provider = await prisma.rentalProvider.findUnique({
+    where: { id: providerId },
+    select: { managedByUserId: true },
+  });
+  return provider?.managedByUserId === userId;
+}
diff --git a/src/lib/rental-host.ts b/src/lib/rental-host.ts
new file mode 100644
index 0000000..ba6f543
--- /dev/null
+++ b/src/lib/rental-host.ts
@@ -0,0 +1,120 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { RentalBookingStatus } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+export type HostRentalKpis = {
+  itemsTotal: number;
+  itemsActive: number;
+  bookingsPending: number;
+  bookingsConfirmed: number;
+  revenueTotal: string;
+  revenue30d: string;
+  nextHandover: {
+    id: string;
+    startDate: Date;
+    tenantName: string;
+    lineCount: number;
+  } | null;
+};
+
+export async function getHostRentalKpis(providerId: string): Promise<HostRentalKpis> {
+  const now = new Date();
+  const last30 = new Date(now.getTime() - 30 * 86_400_000);
+
+  const [itemsTotal, itemsActive, bookingsPending, bookingsConfirmed, revenueAll, revenue30, next] =
+    await Promise.all([
+      prisma.rentalItem.count({ where: { providerId } }),
+      prisma.rentalItem.count({ where: { providerId, active: true } }),
+      prisma.rentalBooking.count({
+        where: { providerId, status: RentalBookingStatus.PENDING },
+      }),
+      prisma.rentalBooking.count({
+        where: {
+          providerId,
+          status: { in: [RentalBookingStatus.CONFIRMED, RentalBookingStatus.HANDED_OVER] },
+          startDate: { gte: now },
+        },
+      }),
+      prisma.rentalBooking.aggregate({
+        where: {
+          providerId,
+          status: { in: [RentalBookingStatus.CONFIRMED, RentalBookingStatus.HANDED_OVER, RentalBookingStatus.RETURNED] },
+        },
+        _sum: { amount: true },
+      }),
+      prisma.rentalBooking.aggregate({
+        where: {
+          providerId,
+          status: { in: [RentalBookingStatus.CONFIRMED, RentalBookingStatus.HANDED_OVER, RentalBookingStatus.RETURNED] },
+          createdAt: { gte: last30 },
+        },
+        _sum: { amount: true },
+      }),
+      prisma.rentalBooking.findFirst({
+        where: {
+          providerId,
+          status: RentalBookingStatus.CONFIRMED,
+          startDate: { gte: now },
+        },
+        orderBy: { startDate: "asc" },
+        select: {
+          id: true,
+          startDate: true,
+          tenant: { select: { firstName: true, lastName: true } },
+          _count: { select: { lines: true } },
+        },
+      }),
+    ]);
+
+  return {
+    itemsTotal,
+    itemsActive,
+    bookingsPending,
+    bookingsConfirmed,
+    revenueTotal: (revenueAll._sum.amount ?? 0).toString(),
+    revenue30d: (revenue30._sum.amount ?? 0).toString(),
+    nextHandover: next
+      ? {
+          id: next.id,
+          startDate: next.startDate,
+          tenantName: `${next.tenant.firstName} ${next.tenant.lastName}`.trim(),
+          lineCount: next._count.lines,
+        }
+      : null,
+  };
+}
+
+export async function listHostItems(providerId: string) {
+  return prisma.rentalItem.findMany({
+    where: { providerId },
+    orderBy: [{ category: "asc" }, { name: "asc" }],
+    include: { _count: { select: { lines: true } } },
+  });
+}
+
+export async function listHostBookings(providerId: string, filters: { status?: RentalBookingStatus } = {}) {
+  const where: Prisma.RentalBookingWhereInput = { providerId };
+  if (filters.status) where.status = filters.status;
+  return prisma.rentalBooking.findMany({
+    where,
+    orderBy: [{ status: "asc" }, { startDate: "asc" }],
+    take: 200,
+    include: {
+      tenant: { select: { id: true, firstName: true, lastName: true, email: true, phone: true } },
+      lines: { include: { item: { select: { id: true, name: true, category: true } } } },
+      booking: { select: { id: true, carbet: { select: { title: true, slug: true } } } },
+    },
+  });
+}
+
+export async function getHostItem(providerId: string, itemId: string) {
+  return prisma.rentalItem.findFirst({
+    where: { id: itemId, providerId },
+    include: {
+      availabilities: { orderBy: { startDate: "asc" } },
+      _count: { select: { lines: true } },
+    },
+  });
+}

From 91b4d918ea255c9bd84633a34d511fd2b88fe615 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Tue, 2 Jun 2026 08:41:53 +0000
Subject: [PATCH 32/47] =?UTF-8?q?feat(rental):=20Sprint=20D=20=E2=80=94=20?=
 =?UTF-8?q?panier=20+=20checkout=20+=20int=C3=A9gration=20carbet?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cart lib + cookie persistence (karbe-rental-cart, 30j) avec context React
useCart(). Provider wrappé dans layout pour hydratation server→client.

Page /panier :
- Récap regroupé par prestataire (sous-totaux, caution)
- Édition lignes (dates, qté), suppression, vider panier
- Bouton « Valider et payer » → POST /api/rentals/checkout
- Badge 🛒 dans SiteHeader avec total items

Composant <AddToCart /> sur /materiel/[itemId] avec date picker + qté.

API POST /api/rentals/checkout :
- Validation auth + items actifs + provider approved + qté/dates
- Transaction Prisma : recheck stock par fenêtre + crée 1 RentalBooking
  par prestataire + RentalLines (snapshot prix) + RentalItemAvailability
  (blocage des dispos)
- Calcul commissionAmount selon provider.commissionPct
- Si Stripe activé : Checkout Session unique avec 1 line_item par
  RentalBooking, metadata {type:"rental-bundle", rentalBookingIds:[]}
- Sinon : crée en PENDING, retourne rentalBookingIds
- Vide le cookie panier après création
- Audit log rental.checkout.created

Webhook Stripe étendu :
- checkout.session.completed type=rental-bundle → CONFIRMED+SUCCEEDED
  sur toutes les RentalBookings du bundle
- payment_intent.payment_failed metadata.rentalBookingIds → CANCELLED
  + supprime les RentalItemAvailability (libère le stock)

Intégration carbet :
- /carbets/[slug] : panneau « Compléter votre séjour » avec items des
  prestataires de la même rivière + System D (recommandation contextuelle)
- /reservations/[id] : section « Matériel associé » listant les
  RentalBookings liées
- /mes-locations : page récap toutes les locations (System D + tiers,
  liées carbet ou standalone)
- Lien « Mes locations » dans SiteHeader

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/api/rentals/checkout/route.ts         | 313 ++++++++++++++++++
 src/app/api/stripe/webhook/route.ts           |  37 +++
 .../[slug]/_components/CompleteYourStay.tsx   | 103 ++++++
 src/app/carbets/[slug]/page.tsx               |   3 +
 src/app/layout.tsx                            |  11 +-
 .../[itemId]/_components/AddToCart.tsx        | 119 +++++++
 src/app/materiel/[itemId]/page.tsx            |  11 +-
 src/app/mes-locations/page.tsx                | 141 ++++++++
 src/app/panier/_components/CartReview.tsx     | 249 ++++++++++++++
 src/app/panier/page.tsx                       |  81 +++++
 src/app/reservations/[id]/page.tsx            |  38 +++
 src/components/CartBadge.tsx                  |  22 ++
 src/components/RentalCartProvider.tsx         | 109 ++++++
 src/components/SiteHeader.tsx                 |   5 +
 src/lib/rental-cart-server.ts                 |  24 ++
 src/lib/rental-cart.ts                        |  50 +++
 16 files changed, 1309 insertions(+), 7 deletions(-)
 create mode 100644 src/app/api/rentals/checkout/route.ts
 create mode 100644 src/app/carbets/[slug]/_components/CompleteYourStay.tsx
 create mode 100644 src/app/materiel/[itemId]/_components/AddToCart.tsx
 create mode 100644 src/app/mes-locations/page.tsx
 create mode 100644 src/app/panier/_components/CartReview.tsx
 create mode 100644 src/app/panier/page.tsx
 create mode 100644 src/components/CartBadge.tsx
 create mode 100644 src/components/RentalCartProvider.tsx
 create mode 100644 src/lib/rental-cart-server.ts
 create mode 100644 src/lib/rental-cart.ts

diff --git a/src/app/api/rentals/checkout/route.ts b/src/app/api/rentals/checkout/route.ts
new file mode 100644
index 0000000..faaeb8e
--- /dev/null
+++ b/src/app/api/rentals/checkout/route.ts
@@ -0,0 +1,313 @@
+import { cookies } from "next/headers";
+import { NextResponse } from "next/server";
+
+import { auth } from "@/auth";
+import { PaymentStatus, RentalBookingStatus } from "@/generated/prisma/enums";
+import { Prisma } from "@/generated/prisma/client";
+import { recordAudit } from "@/lib/admin/audit";
+import { prisma } from "@/lib/prisma";
+import { CART_COOKIE, EMPTY_CART, diffDays, parseCart } from "@/lib/rental-cart";
+import {
+  getStripeClient,
+  isStripeConfigured,
+  toStripeAmountCents,
+} from "@/lib/stripe";
+
+export const runtime = "nodejs";
+
+type LineInput = {
+  itemId: string;
+  qty: number;
+  startDate: Date;
+  endDate: Date;
+  nights: number;
+};
+
+function parseDateOnly(s: string): Date {
+  return new Date(s + "T00:00:00Z");
+}
+
+export async function POST() {
+  const session = await auth();
+  if (!session?.user?.id || !session.user.email) {
+    return NextResponse.json({ error: "Connectez-vous pour finaliser." }, { status: 401 });
+  }
+
+  const jar = await cookies();
+  const cart = parseCart(jar.get(CART_COOKIE)?.value);
+  if (cart.items.length === 0) {
+    return NextResponse.json({ error: "Panier vide." }, { status: 400 });
+  }
+
+  // Charge tous les items du panier
+  const itemIds = Array.from(new Set(cart.items.map((e) => e.itemId)));
+  const items = await prisma.rentalItem.findMany({
+    where: { id: { in: itemIds }, active: true },
+    include: {
+      provider: {
+        select: {
+          id: true,
+          name: true,
+          active: true,
+          approved: true,
+          commissionPct: true,
+          isSystemD: true,
+        },
+      },
+    },
+  });
+  const itemById = new Map(items.map((i) => [i.id, i]));
+
+  // Validations préliminaires : items valides + provider actif/approved
+  for (const entry of cart.items) {
+    const it = itemById.get(entry.itemId);
+    if (!it) {
+      return NextResponse.json(
+        { error: `Item ${entry.itemId} introuvable ou désactivé.` },
+        { status: 409 },
+      );
+    }
+    if (!it.provider.active || !it.provider.approved) {
+      return NextResponse.json(
+        { error: `Prestataire ${it.provider.name} indisponible.` },
+        { status: 409 },
+      );
+    }
+    if (entry.qty < 1 || entry.qty > it.totalQty) {
+      return NextResponse.json(
+        { error: `Quantité invalide pour « ${it.name} ».` },
+        { status: 400 },
+      );
+    }
+    const start = parseDateOnly(entry.startDate);
+    const end = parseDateOnly(entry.endDate);
+    if (Number.isNaN(start.getTime()) || Number.isNaN(end.getTime()) || end <= start) {
+      return NextResponse.json(
+        { error: `Dates invalides pour « ${it.name} ».` },
+        { status: 400 },
+      );
+    }
+  }
+
+  // Groupe par provider
+  type Group = {
+    providerId: string;
+    providerName: string;
+    commissionPct: number;
+    lines: LineInput[];
+    itemsTotal: Prisma.Decimal;
+    depositTotal: Prisma.Decimal;
+    startDate: Date;
+    endDate: Date;
+  };
+
+  const groups = new Map<string, Group>();
+  for (const entry of cart.items) {
+    const it = itemById.get(entry.itemId)!;
+    const start = parseDateOnly(entry.startDate);
+    const end = parseDateOnly(entry.endDate);
+    const nights = Math.max(1, diffDays(entry.startDate, entry.endDate));
+    const lineSub = new Prisma.Decimal(it.pricePerDay).mul(entry.qty).mul(nights);
+    const lineDeposit = new Prisma.Decimal(it.deposit).mul(entry.qty);
+
+    let g = groups.get(it.provider.id);
+    if (!g) {
+      g = {
+        providerId: it.provider.id,
+        providerName: it.provider.name,
+        commissionPct: Number(it.provider.commissionPct),
+        lines: [],
+        itemsTotal: new Prisma.Decimal(0),
+        depositTotal: new Prisma.Decimal(0),
+        startDate: start,
+        endDate: end,
+      };
+      groups.set(it.provider.id, g);
+    }
+    g.lines.push({ itemId: it.id, qty: entry.qty, startDate: start, endDate: end, nights });
+    g.itemsTotal = g.itemsTotal.add(lineSub);
+    g.depositTotal = g.depositTotal.add(lineDeposit);
+    if (start < g.startDate) g.startDate = start;
+    if (end > g.endDate) g.endDate = end;
+  }
+
+  // Transaction : recheck stock + crée RentalBookings + Lines + Availabilities
+  let grandTotal = new Prisma.Decimal(0);
+  let grandDeposit = new Prisma.Decimal(0);
+  let rentalBookingIds: string[] = [];
+
+  try {
+    rentalBookingIds = await prisma.$transaction(async (tx) => {
+      const created: string[] = [];
+
+      for (const g of groups.values()) {
+        // Recheck stock disponible pour chaque ligne
+        for (const line of g.lines) {
+          const blocked = await tx.rentalItemAvailability.aggregate({
+            where: {
+              itemId: line.itemId,
+              startDate: { lt: line.endDate },
+              endDate: { gt: line.startDate },
+            },
+            _sum: { qty: true },
+          });
+          const item = itemById.get(line.itemId)!;
+          const used = Number(blocked._sum.qty ?? 0);
+          const free = item.totalQty - used;
+          if (line.qty > free) {
+            throw new Error(`Stock insuffisant pour « ${item.name} » sur les dates demandées (libre: ${free}).`);
+          }
+        }
+
+        const commissionAmount = g.itemsTotal
+          .mul(g.commissionPct)
+          .div(100)
+          .toDecimalPlaces(2);
+        const amount = g.itemsTotal.add(g.depositTotal).toDecimalPlaces(2);
+
+        const rb = await tx.rentalBooking.create({
+          data: {
+            tenantId: session.user!.id!,
+            providerId: g.providerId,
+            startDate: g.startDate,
+            endDate: g.endDate,
+            status: RentalBookingStatus.PENDING,
+            paymentStatus: PaymentStatus.PENDING,
+            itemsTotal: g.itemsTotal.toDecimalPlaces(2),
+            depositTotal: g.depositTotal.toDecimalPlaces(2),
+            commissionAmount,
+            amount,
+            currency: "EUR",
+            lines: {
+              create: g.lines.map((line) => {
+                const item = itemById.get(line.itemId)!;
+                const lineTotal = new Prisma.Decimal(item.pricePerDay)
+                  .mul(line.qty)
+                  .mul(line.nights)
+                  .toDecimalPlaces(2);
+                return {
+                  itemId: line.itemId,
+                  qty: line.qty,
+                  pricePerDay: new Prisma.Decimal(item.pricePerDay),
+                  deposit: new Prisma.Decimal(item.deposit),
+                  lineTotal,
+                };
+              }),
+            },
+          },
+          select: { id: true },
+        });
+
+        // Bloque les dispos
+        for (const line of g.lines) {
+          await tx.rentalItemAvailability.create({
+            data: {
+              itemId: line.itemId,
+              startDate: line.startDate,
+              endDate: line.endDate,
+              qty: line.qty,
+              reason: "RENTAL_BOOKING",
+              rentalBookingId: rb.id,
+            },
+          });
+        }
+
+        created.push(rb.id);
+        grandTotal = grandTotal.add(g.itemsTotal);
+        grandDeposit = grandDeposit.add(g.depositTotal);
+      }
+
+      return created;
+    });
+  } catch (e) {
+    return NextResponse.json(
+      { error: e instanceof Error ? e.message : "Erreur lors de la création." },
+      { status: 409 },
+    );
+  }
+
+  const totalAmount = grandTotal.add(grandDeposit).toDecimalPlaces(2);
+
+  await recordAudit({
+    scope: "rental",
+    event: "rental.checkout.created",
+    target: rentalBookingIds.join(","),
+    actorEmail: session.user.email,
+    details: {
+      rentalBookingIds,
+      amount: totalAmount.toNumber(),
+      depositTotal: grandDeposit.toNumber(),
+      providers: Array.from(groups.keys()),
+    },
+  });
+
+  // Vide le panier
+  jar.set(CART_COOKIE, JSON.stringify(EMPTY_CART), {
+    httpOnly: false,
+    sameSite: "lax",
+    path: "/",
+    maxAge: 0,
+  });
+
+  // Stripe ou paiement différé
+  if (!isStripeConfigured()) {
+    return NextResponse.json(
+      { rentalBookingIds, totalAmount: totalAmount.toNumber() },
+      { status: 201 },
+    );
+  }
+
+  const appUrl = process.env.APP_URL;
+  if (!appUrl) {
+    return NextResponse.json({ error: "APP_URL manquante." }, { status: 500 });
+  }
+
+  // Une session Stripe avec une ligne par RentalBooking (agrégée)
+  const stripe = getStripeClient();
+  const bookingDetails = await prisma.rentalBooking.findMany({
+    where: { id: { in: rentalBookingIds } },
+    include: {
+      provider: { select: { name: true } },
+      lines: { select: { qty: true, item: { select: { name: true } } } },
+    },
+  });
+
+  const line_items = bookingDetails.map((rb) => ({
+    quantity: 1,
+    price_data: {
+      currency: "eur",
+      unit_amount: toStripeAmountCents(Number(rb.amount)),
+      product_data: {
+        name: `Matériel — ${rb.provider.name}`,
+        description: rb.lines.map((l) => `${l.qty}× ${l.item.name}`).join(", ").slice(0, 500),
+      },
+    },
+  }));
+
+  const checkoutSession = await stripe.checkout.sessions.create({
+    mode: "payment",
+    success_url: `${appUrl}/mes-locations?payment=success&ids=${rentalBookingIds.join(",")}`,
+    cancel_url: `${appUrl}/panier?payment=cancel`,
+    customer_email: session.user.email,
+    line_items,
+    metadata: {
+      type: "rental-bundle",
+      rentalBookingIds: rentalBookingIds.join(","),
+    },
+  });
+
+  await prisma.rentalBooking.updateMany({
+    where: { id: { in: rentalBookingIds } },
+    data: { stripeSessionId: checkoutSession.id },
+  });
+
+  return NextResponse.json(
+    {
+      rentalBookingIds,
+      totalAmount: totalAmount.toNumber(),
+      checkoutSessionId: checkoutSession.id,
+      checkoutUrl: checkoutSession.url,
+    },
+    { status: 201 },
+  );
+}
diff --git a/src/app/api/stripe/webhook/route.ts b/src/app/api/stripe/webhook/route.ts
index 1e4296f..a6b9b99 100644
--- a/src/app/api/stripe/webhook/route.ts
+++ b/src/app/api/stripe/webhook/route.ts
@@ -4,6 +4,7 @@ import Stripe from "stripe";
 import {
   BookingStatus,
   PaymentStatus,
+  RentalBookingStatus,
   SubscriptionStatus,
 } from "@/generated/prisma/enums";
 import { refreshCarbetLastBookedAt } from "@/lib/carbet-last-booked";
@@ -51,6 +52,21 @@ async function handleCheckoutCompleted(session: Stripe.Checkout.Session) {
     return;
   }
 
+  if (type === "rental-bundle") {
+    const idsRaw = session.metadata?.rentalBookingIds;
+    if (!idsRaw) return;
+    const ids = idsRaw.split(",").map((s) => s.trim()).filter(Boolean);
+    if (ids.length === 0) return;
+    await prisma.rentalBooking.updateMany({
+      where: { id: { in: ids } },
+      data: {
+        paymentStatus: PaymentStatus.SUCCEEDED,
+        status: RentalBookingStatus.CONFIRMED,
+      },
+    });
+    return;
+  }
+
   if (type === "owner_subscription") {
     const ownerId = session.metadata?.ownerId;
     const carbetId = session.metadata?.carbetId;
@@ -79,6 +95,27 @@ async function handleCheckoutCompleted(session: Stripe.Checkout.Session) {
 
 async function handlePaymentIntentFailed(paymentIntent: Stripe.PaymentIntent) {
   const bookingId = paymentIntent.metadata?.bookingId;
+  const rentalIdsRaw = paymentIntent.metadata?.rentalBookingIds;
+
+  if (rentalIdsRaw) {
+    const ids = rentalIdsRaw.split(",").map((s) => s.trim()).filter(Boolean);
+    if (ids.length > 0) {
+      // Marque les paiements échoués + libère les blocages de dispo
+      await prisma.$transaction([
+        prisma.rentalBooking.updateMany({
+          where: { id: { in: ids } },
+          data: {
+            paymentStatus: PaymentStatus.FAILED,
+            status: RentalBookingStatus.CANCELLED,
+          },
+        }),
+        prisma.rentalItemAvailability.deleteMany({
+          where: { rentalBookingId: { in: ids } },
+        }),
+      ]);
+    }
+  }
+
   if (!bookingId) {
     return;
   }
diff --git a/src/app/carbets/[slug]/_components/CompleteYourStay.tsx b/src/app/carbets/[slug]/_components/CompleteYourStay.tsx
new file mode 100644
index 0000000..3e87eae
--- /dev/null
+++ b/src/app/carbets/[slug]/_components/CompleteYourStay.tsx
@@ -0,0 +1,103 @@
+import Link from "next/link";
+
+import { prisma } from "@/lib/prisma";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+
+type Props = {
+  river: string;
+  capacity: number;
+};
+
+const EMOJI: Record<string, string> = {
+  SLEEP: "💤",
+  NAVIGATION: "🛶",
+  FISHING: "🎣",
+  COOKING: "🍳",
+  SAFETY: "🦺",
+};
+
+export async function CompleteYourStay({ river, capacity }: Props) {
+  const providers = await prisma.rentalProvider.findMany({
+    where: {
+      active: true,
+      approved: true,
+      OR: [
+        { isSystemD: true },
+        { rivers: { has: river } },
+      ],
+    },
+    select: {
+      id: true,
+      items: {
+        where: { active: true },
+        orderBy: [{ category: "asc" }, { pricePerDay: "asc" }],
+        take: 24,
+        select: {
+          id: true,
+          name: true,
+          category: true,
+          imageUrl: true,
+          pricePerDay: true,
+          provider: { select: { name: true, isSystemD: true } },
+        },
+      },
+    },
+  });
+
+  const items = providers.flatMap((p) => p.items).slice(0, 9);
+  if (items.length === 0) return null;
+
+  return (
+    <section className="my-8 rounded-lg border border-emerald-200 bg-emerald-50/40 p-5">
+      <header className="flex items-baseline justify-between gap-3">
+        <div>
+          <h2 className="text-lg font-semibold text-emerald-900">
+            Compléter votre séjour
+          </h2>
+          <p className="text-xs text-emerald-800">
+            Pour {capacity} voyageur{capacity > 1 ? "s" : ""} sur le {river},
+            pensez à louer hamacs, moustiquaires, pirogue ou kayak auprès des
+            prestataires locaux.
+          </p>
+        </div>
+        <Link href="/materiel" className="text-xs font-semibold text-emerald-800 hover:underline">
+          Voir tout →
+        </Link>
+      </header>
+
+      <ul className="mt-3 grid grid-cols-2 gap-2 sm:grid-cols-3">
+        {items.map((it) => (
+          <li
+            key={it.id}
+            className="overflow-hidden rounded-md border border-emerald-100 bg-white shadow-sm"
+          >
+            <Link href={`/materiel/${it.id}`} className="block">
+              <div className="flex aspect-video items-center justify-center bg-emerald-50 text-3xl">
+                {it.imageUrl ? (
+                  // eslint-disable-next-line @next/next/no-img-element
+                  <img src={it.imageUrl} alt={it.name} className="h-full w-full object-cover" />
+                ) : (
+                  <span>{EMOJI[it.category] ?? "🎒"}</span>
+                )}
+              </div>
+              <div className="px-2.5 py-1.5">
+                <p className="truncate text-xs font-semibold text-zinc-900">{it.name}</p>
+                <div className="flex items-center justify-between text-[10px] text-zinc-500">
+                  <span>{RENTAL_CATEGORY_LABEL[it.category]}</span>
+                  <span className="font-mono font-semibold text-emerald-700">
+                    {Number(it.pricePerDay).toFixed(0)} €/j
+                  </span>
+                </div>
+                {it.provider.isSystemD ? (
+                  <span className="mt-1 inline-block rounded-full bg-emerald-600 px-1.5 py-0.5 text-[9px] font-semibold uppercase tracking-wider text-white">
+                    Karbé
+                  </span>
+                ) : null}
+              </div>
+            </Link>
+          </li>
+        ))}
+      </ul>
+    </section>
+  );
+}
diff --git a/src/app/carbets/[slug]/page.tsx b/src/app/carbets/[slug]/page.tsx
index ae53374..640d7c6 100644
--- a/src/app/carbets/[slug]/page.tsx
+++ b/src/app/carbets/[slug]/page.tsx
@@ -15,6 +15,7 @@ import { formatAverageRating } from "@/lib/reviews";
 import { isStripeConfigured } from "@/lib/stripe";
 
 import { BookingForm } from "../_components/booking-form";
+import { CompleteYourStay } from "./_components/CompleteYourStay";
 import { CarbetGallery } from "../_components/carbet-gallery";
 import { CarbetMap } from "../_components/carbet-map";
 import { ReviewsSection } from "../_components/reviews-section";
@@ -277,6 +278,8 @@ export default async function PublicCarbetPage({ params }: PageProps) {
         </aside>
       </div>
 
+      <CompleteYourStay river={carbet.river} capacity={carbet.capacity} />
+
       <ReviewsSection
         stats={carbet.reviewStats}
         reviews={carbet.reviews}
diff --git a/src/app/layout.tsx b/src/app/layout.tsx
index 1e1dc82..ffcc89e 100644
--- a/src/app/layout.tsx
+++ b/src/app/layout.tsx
@@ -5,6 +5,8 @@ import { PluginProvider } from "@/lib/plugins/client";
 import { getEnabledPluginKeys, syncPluginsFromRegistry } from "@/lib/plugins/server";
 import { SeasonBanner } from "@/components/SeasonBanner";
 import { SiteHeaderGuard } from "@/components/SiteHeaderGuard";
+import { RentalCartProvider } from "@/components/RentalCartProvider";
+import { readCartFromCookies } from "@/lib/rental-cart-server";
 import { LocaleProvider } from "@/lib/i18n/client";
 import { dict, getLocale } from "@/lib/i18n/server";
 
@@ -112,6 +114,7 @@ export default async function RootLayout({
 
   const locale = await getLocale();
   const messages = await dict(locale);
+  const initialCart = await readCartFromCookies();
 
   return (
     <html
@@ -124,9 +127,11 @@ export default async function RootLayout({
       >
         <PluginProvider enabledKeys={enabledKeys}>
           <LocaleProvider locale={locale} messages={messages}>
-            <SeasonBanner />
-            <SiteHeaderGuard />
-            {children}
+            <RentalCartProvider initial={initialCart}>
+              <SeasonBanner />
+              <SiteHeaderGuard />
+              {children}
+            </RentalCartProvider>
           </LocaleProvider>
         </PluginProvider>
       </body>
diff --git a/src/app/materiel/[itemId]/_components/AddToCart.tsx b/src/app/materiel/[itemId]/_components/AddToCart.tsx
new file mode 100644
index 0000000..0ee7e36
--- /dev/null
+++ b/src/app/materiel/[itemId]/_components/AddToCart.tsx
@@ -0,0 +1,119 @@
+"use client";
+
+import { useState } from "react";
+import Link from "next/link";
+
+import { useCart } from "@/components/RentalCartProvider";
+import { diffDays } from "@/lib/rental-cart";
+
+type Props = {
+  itemId: string;
+  pricePerDay: number;
+  deposit: number;
+  maxQty: number;
+};
+
+function todayPlus(n: number): string {
+  const d = new Date();
+  d.setHours(0, 0, 0, 0);
+  d.setDate(d.getDate() + n);
+  return d.toISOString().slice(0, 10);
+}
+
+export function AddToCart({ itemId, pricePerDay, deposit, maxQty }: Props) {
+  const { addEntry, cart } = useCart();
+  const [start, setStart] = useState(todayPlus(7));
+  const [end, setEnd] = useState(todayPlus(9));
+  const [qty, setQty] = useState(1);
+  const [added, setAdded] = useState(false);
+
+  const nights = Math.max(1, diffDays(start, end));
+  const subtotal = nights * qty * pricePerDay;
+  const depositTotal = qty * deposit;
+
+  const alreadyInCart = cart.items.some(
+    (e) => e.itemId === itemId && e.startDate === start && e.endDate === end,
+  );
+
+  function onAdd() {
+    addEntry({ itemId, qty, startDate: start, endDate: end });
+    setAdded(true);
+  }
+
+  return (
+    <div className="space-y-3">
+      <div className="grid grid-cols-2 gap-2 text-sm">
+        <label className="block">
+          <span className="text-xs text-zinc-500">Du</span>
+          <input
+            type="date"
+            value={start}
+            min={todayPlus(0)}
+            onChange={(e) => setStart(e.target.value)}
+            className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5"
+          />
+        </label>
+        <label className="block">
+          <span className="text-xs text-zinc-500">Au</span>
+          <input
+            type="date"
+            value={end}
+            min={start || todayPlus(1)}
+            onChange={(e) => setEnd(e.target.value)}
+            className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5"
+          />
+        </label>
+      </div>
+
+      <label className="block text-sm">
+        <span className="text-xs text-zinc-500">Quantité</span>
+        <input
+          type="number"
+          value={qty}
+          min={1}
+          max={maxQty}
+          onChange={(e) => setQty(Math.max(1, Math.min(maxQty, Number(e.target.value) || 1)))}
+          className="mt-0.5 w-full rounded-md border border-zinc-300 px-2 py-1.5"
+        />
+      </label>
+
+      <div className="border-t border-zinc-100 pt-2 text-sm text-zinc-700">
+        <div className="flex justify-between">
+          <span>
+            {pricePerDay.toFixed(0)} € × {nights} jour{nights > 1 ? "s" : ""} × {qty}
+          </span>
+          <span className="font-mono">{subtotal.toFixed(2)} €</span>
+        </div>
+        {depositTotal > 0 ? (
+          <div className="flex justify-between text-xs text-zinc-500">
+            <span>+ Caution (récupérable)</span>
+            <span className="font-mono">{depositTotal.toFixed(2)} €</span>
+          </div>
+        ) : null}
+      </div>
+
+      {!added ? (
+        <button
+          type="button"
+          onClick={onAdd}
+          disabled={alreadyInCart || nights === 0}
+          className="w-full rounded-md bg-emerald-600 px-4 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+        >
+          {alreadyInCart ? "Déjà dans le panier" : "Ajouter au panier"}
+        </button>
+      ) : (
+        <div className="space-y-2">
+          <div className="rounded-md border border-emerald-200 bg-emerald-50 px-3 py-2 text-sm text-emerald-800">
+            ✓ Ajouté au panier
+          </div>
+          <Link
+            href="/panier"
+            className="block w-full rounded-md bg-emerald-600 px-4 py-2.5 text-center text-sm font-semibold text-white hover:bg-emerald-700"
+          >
+            Voir mon panier
+          </Link>
+        </div>
+      )}
+    </div>
+  );
+}
diff --git a/src/app/materiel/[itemId]/page.tsx b/src/app/materiel/[itemId]/page.tsx
index b6f6aa1..00e8348 100644
--- a/src/app/materiel/[itemId]/page.tsx
+++ b/src/app/materiel/[itemId]/page.tsx
@@ -5,6 +5,7 @@ import { notFound } from "next/navigation";
 import { getPublicRentalItem } from "@/lib/rentals-public";
 import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
 
+import { AddToCart } from "./_components/AddToCart";
 import { AvailabilityPreview } from "./_components/AvailabilityPreview";
 
 export const dynamic = "force-dynamic";
@@ -127,10 +128,12 @@ export default async function RentalItemDetailPage({ params }: PageProps) {
             ) : null}
           </div>
 
-          <div className="rounded-md bg-emerald-50 px-3 py-2 text-xs text-emerald-900">
-            🛒 La fonction « Ajouter au panier » arrive avec le Sprint D.
-            Pour réserver maintenant, contactez directement le prestataire.
-          </div>
+          <AddToCart
+            itemId={item.id}
+            pricePerDay={Number(item.pricePerDay)}
+            deposit={Number(item.deposit)}
+            maxQty={item.totalQty}
+          />
 
           <div className="border-t border-zinc-100 pt-3">
             <h3 className="text-sm font-semibold text-zinc-900">{item.provider.name}</h3>
diff --git a/src/app/mes-locations/page.tsx b/src/app/mes-locations/page.tsx
new file mode 100644
index 0000000..606ae92
--- /dev/null
+++ b/src/app/mes-locations/page.tsx
@@ -0,0 +1,141 @@
+import Link from "next/link";
+
+import { requireAuth } from "@/lib/authorization";
+import { prisma } from "@/lib/prisma";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+
+export const dynamic = "force-dynamic";
+
+export const metadata = { title: "Mes locations matériel" };
+
+const STATUS_LABEL: Record<string, string> = {
+  PENDING: "En attente",
+  CONFIRMED: "Confirmée",
+  HANDED_OVER: "Remis",
+  RETURNED: "Retourné",
+  CANCELLED: "Annulée",
+};
+
+const PAYMENT_LABEL: Record<string, string> = {
+  PENDING: "Paiement en attente",
+  AUTHORIZED: "Paiement autorisé",
+  SUCCEEDED: "Paiement reçu",
+  FAILED: "Paiement échoué",
+  REFUNDED: "Remboursé",
+};
+
+type SearchParams = Promise<{ payment?: string; ids?: string; ok?: string }>;
+
+export default async function MyRentalsPage({ searchParams }: { searchParams: SearchParams }) {
+  const session = await requireAuth();
+  const sp = await searchParams;
+
+  const rentals = await prisma.rentalBooking.findMany({
+    where: { tenantId: session.user.id },
+    orderBy: [{ startDate: "desc" }],
+    include: {
+      provider: { select: { id: true, name: true, isSystemD: true, contactPhone: true, contactEmail: true } },
+      lines: { include: { item: { select: { id: true, name: true, category: true, imageUrl: true } } } },
+      booking: { select: { id: true, carbet: { select: { slug: true, title: true } } } },
+    },
+  });
+
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" });
+
+  const showSuccess = sp.payment === "success" || sp.ok;
+
+  return (
+    <main className="mx-auto w-full max-w-3xl flex-1 px-6 py-10">
+      <header>
+        <h1 className="text-3xl font-semibold text-zinc-900">Mes locations matériel</h1>
+        <p className="mt-2 text-sm text-zinc-600">
+          Récap des hamacs, kayaks, pirogues et autres équipements loués pour vos séjours.
+        </p>
+      </header>
+
+      {showSuccess ? (
+        <div className="mt-4 rounded-md border border-emerald-200 bg-emerald-50 px-4 py-3 text-sm text-emerald-900">
+          ✓ Votre commande de matériel a bien été enregistrée. Vous recevrez un email de confirmation.
+        </div>
+      ) : null}
+
+      {rentals.length === 0 ? (
+        <p className="mt-10 rounded-md border border-dashed border-zinc-300 bg-zinc-50 p-6 text-center text-sm text-zinc-600">
+          Vous n&apos;avez pas encore loué de matériel.{" "}
+          <Link href="/materiel" className="text-emerald-700 hover:underline">
+            Découvrir le matériel disponible
+          </Link>
+          .
+        </p>
+      ) : (
+        <ul className="mt-8 space-y-5">
+          {rentals.map((rb) => (
+            <li key={rb.id} className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+              <div className="flex flex-wrap items-baseline justify-between gap-2">
+                <div>
+                  <h2 className="text-lg font-semibold text-zinc-900">{rb.provider.name}</h2>
+                  {rb.booking?.carbet ? (
+                    <p className="text-xs text-zinc-500">
+                      Pour le séjour{" "}
+                      <Link href={`/carbets/${rb.booking.carbet.slug}`} className="hover:underline">
+                        {rb.booking.carbet.title}
+                      </Link>
+                    </p>
+                  ) : (
+                    <p className="text-xs text-zinc-500">Location indépendante</p>
+                  )}
+                </div>
+                <div className="flex flex-col items-end gap-1 text-xs">
+                  <span className="rounded-full bg-sky-100 px-2 py-0.5 font-semibold uppercase tracking-wider text-sky-800 ring-1 ring-inset ring-sky-300">
+                    {STATUS_LABEL[rb.status] ?? rb.status}
+                  </span>
+                  <span className="rounded-full bg-zinc-100 px-2 py-0.5 font-semibold uppercase tracking-wider text-zinc-700 ring-1 ring-inset ring-zinc-300">
+                    {PAYMENT_LABEL[rb.paymentStatus] ?? rb.paymentStatus}
+                  </span>
+                </div>
+              </div>
+
+              <p className="mt-2 text-sm text-zinc-700">
+                Du {dateFmt.format(rb.startDate)} au {dateFmt.format(rb.endDate)}
+              </p>
+
+              <ul className="mt-3 divide-y divide-zinc-100 text-sm">
+                {rb.lines.map((line) => (
+                  <li key={line.id} className="flex items-center justify-between py-2">
+                    <span>
+                      <span className="font-medium text-zinc-900">{line.qty}×</span>{" "}
+                      <Link href={`/materiel/${line.item.id}`} className="hover:underline">
+                        {line.item.name}
+                      </Link>
+                      <span className="ml-2 text-xs text-zinc-500">
+                        {RENTAL_CATEGORY_LABEL[line.item.category]}
+                      </span>
+                    </span>
+                    <span className="font-mono text-xs text-zinc-700">
+                      {Number(line.lineTotal).toFixed(2)} €
+                    </span>
+                  </li>
+                ))}
+              </ul>
+
+              <div className="mt-3 flex items-baseline justify-between border-t border-zinc-100 pt-2 text-sm">
+                <span className="text-zinc-600">Total</span>
+                <span className="font-mono font-semibold text-zinc-900">
+                  {Number(rb.amount).toFixed(2)} {rb.currency}
+                </span>
+              </div>
+
+              {(rb.provider.contactPhone || rb.provider.contactEmail) && rb.status !== "CANCELLED" ? (
+                <p className="mt-2 text-xs text-zinc-500">
+                  Contact prestataire :{" "}
+                  {rb.provider.contactPhone ? <span>📞 {rb.provider.contactPhone} </span> : null}
+                  {rb.provider.contactEmail ? <span>✉ {rb.provider.contactEmail}</span> : null}
+                </p>
+              ) : null}
+            </li>
+          ))}
+        </ul>
+      )}
+    </main>
+  );
+}
diff --git a/src/app/panier/_components/CartReview.tsx b/src/app/panier/_components/CartReview.tsx
new file mode 100644
index 0000000..e890656
--- /dev/null
+++ b/src/app/panier/_components/CartReview.tsx
@@ -0,0 +1,249 @@
+"use client";
+
+import { useMemo, useState, useTransition } from "react";
+import Link from "next/link";
+import { useRouter } from "next/navigation";
+
+import { useCart } from "@/components/RentalCartProvider";
+import { diffDays } from "@/lib/rental-cart";
+
+type ItemSnapshot = {
+  id: string;
+  name: string;
+  category: string;
+  imageUrl: string | null;
+  pricePerDay: string;
+  deposit: string;
+  totalQty: number;
+  provider: { id: string; name: string; isSystemD: boolean };
+};
+
+type Line = {
+  idx: number;
+  entry: { itemId: string; qty: number; startDate: string; endDate: string };
+  item: ItemSnapshot;
+};
+
+export function CartReview({ lines }: { lines: Line[] }) {
+  const router = useRouter();
+  const { removeEntry, updateEntry, clear } = useCart();
+  const [busy, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+
+  // Groupe par prestataire
+  const groups = useMemo(() => {
+    const map = new Map<string, { providerName: string; isSystemD: boolean; lines: Line[]; subtotal: number; deposit: number }>();
+    for (const l of lines) {
+      const nights = Math.max(1, diffDays(l.entry.startDate, l.entry.endDate));
+      const lineSub = nights * l.entry.qty * Number(l.item.pricePerDay);
+      const lineDeposit = l.entry.qty * Number(l.item.deposit);
+      const existing = map.get(l.item.provider.id);
+      if (existing) {
+        existing.lines.push(l);
+        existing.subtotal += lineSub;
+        existing.deposit += lineDeposit;
+      } else {
+        map.set(l.item.provider.id, {
+          providerName: l.item.provider.name,
+          isSystemD: l.item.provider.isSystemD,
+          lines: [l],
+          subtotal: lineSub,
+          deposit: lineDeposit,
+        });
+      }
+    }
+    return Array.from(map.values());
+  }, [lines]);
+
+  const grandTotal = groups.reduce((acc, g) => acc + g.subtotal, 0);
+  const grandDeposit = groups.reduce((acc, g) => acc + g.deposit, 0);
+
+  function checkout() {
+    setError(null);
+    startTransition(async () => {
+      const res = await fetch("/api/rentals/checkout", { method: "POST" });
+      const json = await res.json().catch(() => ({}));
+      if (!res.ok) {
+        setError(json?.error || `Erreur ${res.status}`);
+        return;
+      }
+      if (json.checkoutUrl) {
+        window.location.assign(json.checkoutUrl);
+        return;
+      }
+      if (json.rentalBookingIds?.length) {
+        clear();
+        router.push(`/mes-locations?ok=${json.rentalBookingIds[0]}`);
+        return;
+      }
+      router.push("/mes-locations");
+    });
+  }
+
+  return (
+    <div className="space-y-6">
+      {groups.map((g) => (
+        <section key={g.providerName} className="rounded-lg border border-zinc-200 bg-white shadow-sm">
+          <header className="border-b border-zinc-100 px-4 py-3">
+            <h2 className="text-base font-semibold text-zinc-900">
+              {g.providerName}
+              {g.isSystemD ? (
+                <span className="ml-2 rounded-full bg-emerald-600 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-white">
+                  Karbé
+                </span>
+              ) : null}
+            </h2>
+          </header>
+          <ul className="divide-y divide-zinc-100">
+            {g.lines.map((l) => (
+              <CartLineItem
+                key={l.idx}
+                line={l}
+                onRemove={() => removeEntry(l.idx)}
+                onChangeQty={(qty) => updateEntry(l.idx, { qty })}
+                onChangeDates={(startDate, endDate) => updateEntry(l.idx, { startDate, endDate })}
+                disabled={busy}
+              />
+            ))}
+          </ul>
+          <footer className="flex items-center justify-between border-t border-zinc-100 bg-zinc-50 px-4 py-2 text-sm">
+            <span className="text-zinc-600">Sous-total prestataire</span>
+            <span className="font-mono font-semibold text-zinc-900">{g.subtotal.toFixed(2)} €</span>
+          </footer>
+        </section>
+      ))}
+
+      <aside className="sticky bottom-3 z-10 rounded-lg border border-zinc-200 bg-white p-4 shadow-md">
+        <dl className="space-y-1 text-sm">
+          <div className="flex justify-between">
+            <dt>Total location</dt>
+            <dd className="font-mono font-semibold">{grandTotal.toFixed(2)} €</dd>
+          </div>
+          {grandDeposit > 0 ? (
+            <div className="flex justify-between text-xs text-zinc-500">
+              <dt>+ Caution récupérable</dt>
+              <dd className="font-mono">{grandDeposit.toFixed(2)} €</dd>
+            </div>
+          ) : null}
+          <div className="flex justify-between border-t border-zinc-100 pt-2 text-base font-semibold text-zinc-900">
+            <dt>À régler</dt>
+            <dd className="font-mono">{(grandTotal + grandDeposit).toFixed(2)} €</dd>
+          </div>
+        </dl>
+
+        {error ? (
+          <div className="mt-2 rounded border border-rose-200 bg-rose-50 px-3 py-1.5 text-xs text-rose-700">
+            {error}
+          </div>
+        ) : null}
+
+        <div className="mt-3 flex flex-wrap items-center justify-between gap-2">
+          <button
+            type="button"
+            onClick={clear}
+            disabled={busy}
+            className="text-xs text-zinc-500 hover:text-zinc-900"
+          >
+            Vider le panier
+          </button>
+          <button
+            type="button"
+            onClick={checkout}
+            disabled={busy || lines.length === 0}
+            className="rounded-md bg-emerald-600 px-5 py-2 text-sm font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+          >
+            {busy ? "Envoi…" : "Valider et payer"}
+          </button>
+        </div>
+        <p className="mt-2 text-center text-[11px] text-zinc-500">
+          Vous devez être <Link href="/connexion?next=/panier" className="underline">connecté</Link> pour finaliser.
+        </p>
+      </aside>
+    </div>
+  );
+}
+
+function CartLineItem({
+  line,
+  onRemove,
+  onChangeQty,
+  onChangeDates,
+  disabled,
+}: {
+  line: Line;
+  onRemove: () => void;
+  onChangeQty: (qty: number) => void;
+  onChangeDates: (start: string, end: string) => void;
+  disabled?: boolean;
+}) {
+  const nights = Math.max(1, diffDays(line.entry.startDate, line.entry.endDate));
+  const lineTotal = nights * line.entry.qty * Number(line.item.pricePerDay);
+  return (
+    <li className="flex flex-wrap items-center gap-3 px-4 py-3">
+      <div className="hidden h-14 w-20 shrink-0 overflow-hidden rounded bg-zinc-100 sm:block">
+        {line.item.imageUrl ? (
+          // eslint-disable-next-line @next/next/no-img-element
+          <img src={line.item.imageUrl} alt={line.item.name} className="h-full w-full object-cover" />
+        ) : (
+          <div className="flex h-full items-center justify-center text-2xl text-zinc-300">
+            {line.item.category === "SLEEP" ? "💤" :
+             line.item.category === "NAVIGATION" ? "🛶" :
+             line.item.category === "FISHING" ? "🎣" :
+             line.item.category === "COOKING" ? "🍳" : "🦺"}
+          </div>
+        )}
+      </div>
+      <div className="flex-1 min-w-0">
+        <Link href={`/materiel/${line.item.id}`} className="font-medium text-zinc-900 hover:underline">
+          {line.item.name}
+        </Link>
+        <div className="mt-1 grid grid-cols-2 gap-1 text-xs sm:grid-cols-4">
+          <label className="block">
+            <span className="text-zinc-500">Du</span>
+            <input
+              type="date"
+              value={line.entry.startDate}
+              onChange={(e) => onChangeDates(e.target.value, line.entry.endDate)}
+              disabled={disabled}
+              className="block w-full rounded border border-zinc-200 px-1.5 py-0.5"
+            />
+          </label>
+          <label className="block">
+            <span className="text-zinc-500">Au</span>
+            <input
+              type="date"
+              value={line.entry.endDate}
+              onChange={(e) => onChangeDates(line.entry.startDate, e.target.value)}
+              disabled={disabled}
+              className="block w-full rounded border border-zinc-200 px-1.5 py-0.5"
+            />
+          </label>
+          <label className="block">
+            <span className="text-zinc-500">Qté</span>
+            <input
+              type="number"
+              min={1}
+              max={line.item.totalQty}
+              value={line.entry.qty}
+              onChange={(e) => onChangeQty(Math.max(1, Math.min(line.item.totalQty, Number(e.target.value) || 1)))}
+              disabled={disabled}
+              className="block w-full rounded border border-zinc-200 px-1.5 py-0.5"
+            />
+          </label>
+          <div className="flex flex-col text-right">
+            <span className="text-zinc-500">{nights} j × {Number(line.item.pricePerDay).toFixed(0)} €</span>
+            <span className="font-mono font-semibold text-zinc-900">{lineTotal.toFixed(2)} €</span>
+          </div>
+        </div>
+      </div>
+      <button
+        type="button"
+        onClick={onRemove}
+        disabled={disabled}
+        className="text-xs text-rose-700 hover:text-rose-900 disabled:opacity-50"
+      >
+        Retirer
+      </button>
+    </li>
+  );
+}
diff --git a/src/app/panier/page.tsx b/src/app/panier/page.tsx
new file mode 100644
index 0000000..a547512
--- /dev/null
+++ b/src/app/panier/page.tsx
@@ -0,0 +1,81 @@
+import Link from "next/link";
+
+import { prisma } from "@/lib/prisma";
+import { readCartFromCookies } from "@/lib/rental-cart-server";
+
+import { CartReview } from "./_components/CartReview";
+
+export const dynamic = "force-dynamic";
+
+export const metadata = { title: "Mon panier matériel" };
+
+export default async function CartPage() {
+  const cart = await readCartFromCookies();
+
+  // Charge les items du panier en bulk pour rendu
+  const ids = Array.from(new Set(cart.items.map((e) => e.itemId)));
+  const items = ids.length
+    ? await prisma.rentalItem.findMany({
+        where: { id: { in: ids } },
+        include: {
+          provider: { select: { id: true, name: true, isSystemD: true, commissionPct: true } },
+        },
+      })
+    : [];
+
+  const itemById = new Map(items.map((i) => [i.id, i]));
+  const lines = cart.items
+    .map((entry, idx) => {
+      const item = itemById.get(entry.itemId);
+      if (!item) return null;
+      return {
+        idx,
+        entry,
+        item: {
+          id: item.id,
+          name: item.name,
+          category: item.category,
+          imageUrl: item.imageUrl,
+          pricePerDay: item.pricePerDay.toString(),
+          deposit: item.deposit.toString(),
+          totalQty: item.totalQty,
+          provider: {
+            id: item.provider.id,
+            name: item.provider.name,
+            isSystemD: item.provider.isSystemD,
+          },
+        },
+      };
+    })
+    .filter((l): l is NonNullable<typeof l> => l !== null);
+
+  return (
+    <main className="mx-auto max-w-4xl px-6 py-10">
+      <header className="mb-6">
+        <Link href="/materiel" className="text-xs text-zinc-500 hover:text-zinc-900">
+          ← Continuer mes achats
+        </Link>
+        <h1 className="mt-1 text-3xl font-semibold text-zinc-900">Mon panier matériel</h1>
+        <p className="mt-1 text-sm text-zinc-600">
+          {lines.length === 0
+            ? "Votre panier est vide."
+            : `${lines.length} ligne${lines.length > 1 ? "s" : ""} de location.`}
+        </p>
+      </header>
+
+      {lines.length === 0 ? (
+        <div className="rounded-lg border border-dashed border-zinc-300 px-6 py-12 text-center">
+          <p className="text-sm text-zinc-600">Pas encore d&apos;item dans votre panier.</p>
+          <Link
+            href="/materiel"
+            className="mt-3 inline-block rounded-md bg-emerald-600 px-4 py-2 text-sm font-semibold text-white hover:bg-emerald-700"
+          >
+            Découvrir le matériel
+          </Link>
+        </div>
+      ) : (
+        <CartReview lines={lines} />
+      )}
+    </main>
+  );
+}
diff --git a/src/app/reservations/[id]/page.tsx b/src/app/reservations/[id]/page.tsx
index 857bf1d..69e1607 100644
--- a/src/app/reservations/[id]/page.tsx
+++ b/src/app/reservations/[id]/page.tsx
@@ -34,6 +34,16 @@ export default async function ReservationPage({ params }: PageProps) {
     include: {
       carbet: { select: { title: true, slug: true, river: true } },
       tenant: { select: { id: true, email: true } },
+      rentalBookings: {
+        select: {
+          id: true,
+          status: true,
+          amount: true,
+          currency: true,
+          provider: { select: { name: true } },
+          lines: { select: { qty: true, item: { select: { id: true, name: true } } } },
+        },
+      },
     },
   });
   if (!booking) notFound();
@@ -97,6 +107,34 @@ export default async function ReservationPage({ params }: PageProps) {
         </div>
       </section>
 
+      {booking.rentalBookings.length > 0 ? (
+        <section className="mt-6 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+          <h2 className="text-lg font-semibold text-zinc-900">Matériel associé</h2>
+          <ul className="mt-3 space-y-3 text-sm">
+            {booking.rentalBookings.map((rb) => (
+              <li key={rb.id} className="rounded-md border border-zinc-100 bg-zinc-50/60 p-3">
+                <div className="flex justify-between">
+                  <span className="font-medium text-zinc-900">{rb.provider.name}</span>
+                  <span className="font-mono text-xs text-zinc-700">
+                    {Number(rb.amount).toFixed(2)} {rb.currency}
+                  </span>
+                </div>
+                <ul className="mt-1 text-xs text-zinc-600">
+                  {rb.lines.map((l, i) => (
+                    <li key={i}>
+                      {l.qty}× <Link href={`/materiel/${l.item.id}`} className="hover:underline">{l.item.name}</Link>
+                    </li>
+                  ))}
+                </ul>
+              </li>
+            ))}
+          </ul>
+          <Link href="/mes-locations" className="mt-3 inline-block text-xs text-emerald-700 hover:underline">
+            Voir toutes mes locations →
+          </Link>
+        </section>
+      ) : null}
+
       <div className="mt-6 flex items-center justify-between text-sm">
         <Link href={`/carbets/${booking.carbet.slug}`} className="text-zinc-700 hover:text-zinc-900 hover:underline">
           ← Retour au carbet
diff --git a/src/components/CartBadge.tsx b/src/components/CartBadge.tsx
new file mode 100644
index 0000000..e904b8d
--- /dev/null
+++ b/src/components/CartBadge.tsx
@@ -0,0 +1,22 @@
+"use client";
+
+import Link from "next/link";
+
+import { useCart } from "./RentalCartProvider";
+
+export function CartBadge() {
+  const { totalItems } = useCart();
+  if (totalItems === 0) return null;
+  return (
+    <Link
+      href="/panier"
+      className="relative hidden text-zinc-700 hover:text-zinc-900 sm:inline"
+      aria-label={`Panier (${totalItems} item)`}
+    >
+      🛒
+      <span className="absolute -right-2 -top-2 inline-flex h-4 min-w-[1rem] items-center justify-center rounded-full bg-emerald-600 px-1 text-[10px] font-semibold text-white">
+        {totalItems}
+      </span>
+    </Link>
+  );
+}
diff --git a/src/components/RentalCartProvider.tsx b/src/components/RentalCartProvider.tsx
new file mode 100644
index 0000000..9f7c7db
--- /dev/null
+++ b/src/components/RentalCartProvider.tsx
@@ -0,0 +1,109 @@
+"use client";
+
+import {
+  createContext,
+  useCallback,
+  useContext,
+  useEffect,
+  useMemo,
+  useState,
+  type ReactNode,
+} from "react";
+
+import {
+  CART_COOKIE,
+  EMPTY_CART,
+  parseCart,
+  serializeCart,
+  type Cart,
+  type CartEntry,
+} from "@/lib/rental-cart";
+
+type CartContextValue = {
+  cart: Cart;
+  addEntry: (entry: CartEntry) => void;
+  removeEntry: (index: number) => void;
+  updateEntry: (index: number, patch: Partial<CartEntry>) => void;
+  clear: () => void;
+  totalItems: number;
+};
+
+const Ctx = createContext<CartContextValue | null>(null);
+
+function readCookieClient(): Cart {
+  if (typeof document === "undefined") return EMPTY_CART;
+  const match = document.cookie.split(/;\s*/).find((c) => c.startsWith(`${CART_COOKIE}=`));
+  if (!match) return EMPTY_CART;
+  const value = decodeURIComponent(match.slice(CART_COOKIE.length + 1));
+  return parseCart(value);
+}
+
+function writeCookieClient(cart: Cart): void {
+  if (typeof document === "undefined") return;
+  document.cookie = `${CART_COOKIE}=${encodeURIComponent(serializeCart(cart))}; path=/; max-age=${60 * 60 * 24 * 30}; SameSite=Lax`;
+}
+
+export function RentalCartProvider({ children, initial }: { children: ReactNode; initial?: Cart }) {
+  const [cart, setCart] = useState<Cart>(initial ?? EMPTY_CART);
+
+  // Hydrate depuis cookie au mount (au cas où le panier a changé dans un autre onglet)
+  useEffect(() => {
+    setCart(readCookieClient());
+  }, []);
+
+  const persist = useCallback((next: Cart) => {
+    setCart(next);
+    writeCookieClient(next);
+  }, []);
+
+  const addEntry = useCallback(
+    (entry: CartEntry) => {
+      const next = { ...cart, items: [...cart.items, entry] };
+      persist(next);
+    },
+    [cart, persist],
+  );
+
+  const removeEntry = useCallback(
+    (index: number) => {
+      const next = { ...cart, items: cart.items.filter((_, i) => i !== index) };
+      persist(next);
+    },
+    [cart, persist],
+  );
+
+  const updateEntry = useCallback(
+    (index: number, patch: Partial<CartEntry>) => {
+      const next = {
+        ...cart,
+        items: cart.items.map((e, i) => (i === index ? { ...e, ...patch } : e)),
+      };
+      persist(next);
+    },
+    [cart, persist],
+  );
+
+  const clear = useCallback(() => {
+    persist({ v: 1, items: [] });
+  }, [persist]);
+
+  const value = useMemo<CartContextValue>(
+    () => ({
+      cart,
+      addEntry,
+      removeEntry,
+      updateEntry,
+      clear,
+      totalItems: cart.items.reduce((acc, e) => acc + e.qty, 0),
+    }),
+    [cart, addEntry, removeEntry, updateEntry, clear],
+  );
+
+  return <Ctx.Provider value={value}>{children}</Ctx.Provider>;
+}
+
+export function useCart(): CartContextValue {
+  const ctx = useContext(Ctx);
+  if (!ctx) throw new Error("useCart must be used inside <RentalCartProvider>");
+  return ctx;
+}
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
index f823a9e..b58c423 100644
--- a/src/components/SiteHeader.tsx
+++ b/src/components/SiteHeader.tsx
@@ -8,6 +8,7 @@ import Link from "next/link";
 import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
 
+import { CartBadge } from "./CartBadge";
 import { SignOutButton } from "./SignOutButton";
 
 export async function SiteHeader() {
@@ -40,6 +41,7 @@ export async function SiteHeader() {
         </nav>
 
         <div className="flex items-center gap-3 text-sm">
+          <CartBadge />
           {u ? (
             <>
               <Link href="/mes-favoris" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
@@ -48,6 +50,9 @@ export async function SiteHeader() {
               <Link href="/mes-reservations" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                 Mes réservations
               </Link>
+              <Link href="/mes-locations" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
+                Mes locations
+              </Link>
               <Link href="/mon-compte" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                 Mon compte
               </Link>
diff --git a/src/lib/rental-cart-server.ts b/src/lib/rental-cart-server.ts
new file mode 100644
index 0000000..4d8989b
--- /dev/null
+++ b/src/lib/rental-cart-server.ts
@@ -0,0 +1,24 @@
+import "server-only";
+
+import { cookies } from "next/headers";
+
+import { CART_COOKIE, EMPTY_CART, parseCart, type Cart } from "./rental-cart";
+
+export async function readCartFromCookies(): Promise<Cart> {
+  const c = await cookies();
+  return parseCart(c.get(CART_COOKIE)?.value);
+}
+
+export async function writeCartToCookies(cart: Cart): Promise<void> {
+  const c = await cookies();
+  c.set(CART_COOKIE, JSON.stringify(cart), {
+    path: "/",
+    sameSite: "lax",
+    maxAge: 60 * 60 * 24 * 30, // 30 jours
+  });
+}
+
+export async function clearCartCookie(): Promise<void> {
+  const c = await cookies();
+  c.set(CART_COOKIE, JSON.stringify(EMPTY_CART), { path: "/", maxAge: 0 });
+}
diff --git a/src/lib/rental-cart.ts b/src/lib/rental-cart.ts
new file mode 100644
index 0000000..c34b31e
--- /dev/null
+++ b/src/lib/rental-cart.ts
@@ -0,0 +1,50 @@
+/**
+ * Panier de location de matériel.
+ *
+ * Stockage : cookie HTTP `karbe-rental-cart` (JSON encoded).
+ * Manipulation : client React via context useCart() (composant <CartProvider />).
+ * Lecture serveur via `readCartFromCookies()`.
+ */
+
+import { z } from "zod";
+
+export const CART_COOKIE = "karbe-rental-cart";
+
+export const cartEntrySchema = z.object({
+  itemId: z.string().min(1).max(200),
+  qty: z.coerce.number().int().min(1).max(50),
+  startDate: z.string().regex(/^\d{4}-\d{2}-\d{2}$/),
+  endDate: z.string().regex(/^\d{4}-\d{2}-\d{2}$/),
+});
+
+export const cartSchema = z.object({
+  v: z.literal(1),
+  items: z.array(cartEntrySchema).max(50),
+  updatedAt: z.string().datetime().optional(),
+});
+
+export type CartEntry = z.infer<typeof cartEntrySchema>;
+export type Cart = z.infer<typeof cartSchema>;
+
+export const EMPTY_CART: Cart = { v: 1, items: [] };
+
+export function parseCart(value: string | undefined | null): Cart {
+  if (!value) return EMPTY_CART;
+  try {
+    const json = JSON.parse(value);
+    const parsed = cartSchema.safeParse(json);
+    return parsed.success ? parsed.data : EMPTY_CART;
+  } catch {
+    return EMPTY_CART;
+  }
+}
+
+export function serializeCart(cart: Cart): string {
+  return JSON.stringify({ ...cart, updatedAt: new Date().toISOString() });
+}
+
+export function diffDays(start: string, end: string): number {
+  const s = new Date(start + "T00:00:00Z").getTime();
+  const e = new Date(end + "T00:00:00Z").getTime();
+  return Math.max(0, Math.round((e - s) / 86_400_000));
+}

From 5607a51980c8d91a1ca9cb827885b695fe3a993a Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Tue, 2 Jun 2026 08:49:39 +0000
Subject: [PATCH 33/47] =?UTF-8?q?feat(rental):=20Sprint=20E=20=E2=80=94=20?=
 =?UTF-8?q?emails=20+=20plugin=20toggle=20+=20tests?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

3 nouveaux templates email (best-effort, dry-run sans Resend) :
- sendRentalRequestedTenant : récap de demande au locataire (par RB)
- sendRentalRequestedProvider : nouvelle demande au prestataire
- sendRentalConfirmed : confirmation paiement reçu

Branchements :
- POST /api/rentals/checkout : envoie tenant + provider après création
  des RentalBooking (PENDING), catch global pour ne pas bloquer
- Webhook Stripe rental-bundle : envoie sendRentalConfirmed à chaque
  locataire après update CONFIRMED+SUCCEEDED

Plugin gear-rental :
- Ajout au registry (catégorie business)
- layout.tsx /materiel + /espace-prestataire avec requirePluginOr404
- requirePluginOr404 dans /panier et /mes-locations
- isPluginEnabled guard dans POST /api/rentals/checkout (404 si off)
- SiteHeader masque liens Matériel / Mes locations / Espace prestataire
  + CartBadge si plugin désactivé
- CompleteYourStay renvoie null si plugin désactivé
Décision admin → activable depuis /admin/plugins comme tous les autres.

Tests vitest (tests/lib/rentals.test.ts, 16 tests) :
- diffDays (mêmes dates, 1 nuit, 7 jours, négatif)
- parseCart (null/garbage/schéma invalide/valide/format date)
- serializeCart (updatedAt, roundtrip)
- commission formula (0%, 15%, arrondi centime)
- availability arithmetic (totalQty libre, soustractions, plancher 0)

53 tests pass total. Build OK.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/api/rentals/checkout/route.ts         |  48 ++++++++
 src/app/api/stripe/webhook/route.ts           |  23 ++++
 .../[slug]/_components/CompleteYourStay.tsx   |   2 +
 src/app/espace-prestataire/layout.tsx         |   6 +
 src/app/materiel/[itemId]/page.tsx            |   2 +
 src/app/materiel/layout.tsx                   |   6 +
 src/app/materiel/page.tsx                     |   2 +
 src/app/mes-locations/page.tsx                |   2 +
 src/app/panier/page.tsx                       |   2 +
 src/components/SiteHeader.tsx                 |  22 ++--
 src/lib/email.ts                              |  93 ++++++++++++++++
 src/lib/plugins/registry.ts                   |   8 ++
 tests/lib/rentals.test.ts                     | 105 ++++++++++++++++++
 13 files changed, 313 insertions(+), 8 deletions(-)
 create mode 100644 src/app/espace-prestataire/layout.tsx
 create mode 100644 src/app/materiel/layout.tsx
 create mode 100644 tests/lib/rentals.test.ts

diff --git a/src/app/api/rentals/checkout/route.ts b/src/app/api/rentals/checkout/route.ts
index faaeb8e..06fccb6 100644
--- a/src/app/api/rentals/checkout/route.ts
+++ b/src/app/api/rentals/checkout/route.ts
@@ -5,6 +5,11 @@ import { auth } from "@/auth";
 import { PaymentStatus, RentalBookingStatus } from "@/generated/prisma/enums";
 import { Prisma } from "@/generated/prisma/client";
 import { recordAudit } from "@/lib/admin/audit";
+import {
+  sendRentalRequestedProvider,
+  sendRentalRequestedTenant,
+} from "@/lib/email";
+import { isPluginEnabled } from "@/lib/plugins/server";
 import { prisma } from "@/lib/prisma";
 import { CART_COOKIE, EMPTY_CART, diffDays, parseCart } from "@/lib/rental-cart";
 import {
@@ -28,6 +33,9 @@ function parseDateOnly(s: string): Date {
 }
 
 export async function POST() {
+  if (!(await isPluginEnabled("gear-rental"))) {
+    return NextResponse.json({ error: "Service de location indisponible." }, { status: 404 });
+  }
   const session = await auth();
   if (!session?.user?.id || !session.user.email) {
     return NextResponse.json({ error: "Connectez-vous pour finaliser." }, { status: 401 });
@@ -241,6 +249,46 @@ export async function POST() {
     },
   });
 
+  // Emails best-effort : 1 mail au locataire (récap par prestataire) + 1 mail
+  // à chaque prestataire (sa demande). En cas d'échec d'envoi, on ne bloque pas.
+  try {
+    const fullBookings = await prisma.rentalBooking.findMany({
+      where: { id: { in: rentalBookingIds } },
+      include: {
+        provider: { select: { name: true, contactEmail: true } },
+        lines: { include: { item: { select: { name: true } } } },
+      },
+    });
+    const tenantName = session.user.name ?? session.user.email!;
+    for (const rb of fullBookings) {
+      const lineSummary = rb.lines.map((l) => ({ qty: l.qty, itemName: l.item.name }));
+      await sendRentalRequestedTenant(
+        session.user.email!,
+        tenantName,
+        rb.id,
+        rb.provider.name,
+        rb.startDate,
+        rb.endDate,
+        rb.amount.toString(),
+        rb.currency,
+        lineSummary,
+      );
+      if (rb.provider.contactEmail) {
+        await sendRentalRequestedProvider(
+          rb.provider.contactEmail,
+          rb.provider.name,
+          rb.id,
+          tenantName,
+          rb.startDate,
+          rb.endDate,
+          lineSummary,
+        );
+      }
+    }
+  } catch (e) {
+    console.error("[rental.checkout] email send failed:", e instanceof Error ? e.message : e);
+  }
+
   // Vide le panier
   jar.set(CART_COOKIE, JSON.stringify(EMPTY_CART), {
     httpOnly: false,
diff --git a/src/app/api/stripe/webhook/route.ts b/src/app/api/stripe/webhook/route.ts
index a6b9b99..6a896ec 100644
--- a/src/app/api/stripe/webhook/route.ts
+++ b/src/app/api/stripe/webhook/route.ts
@@ -8,6 +8,7 @@ import {
   SubscriptionStatus,
 } from "@/generated/prisma/enums";
 import { refreshCarbetLastBookedAt } from "@/lib/carbet-last-booked";
+import { sendRentalConfirmed } from "@/lib/email";
 import { prisma } from "@/lib/prisma";
 import { fromStripeTimestamp, getStripeClient } from "@/lib/stripe";
 
@@ -64,6 +65,28 @@ async function handleCheckoutCompleted(session: Stripe.Checkout.Session) {
         status: RentalBookingStatus.CONFIRMED,
       },
     });
+    try {
+      const rentals = await prisma.rentalBooking.findMany({
+        where: { id: { in: ids } },
+        include: {
+          provider: { select: { name: true } },
+          tenant: { select: { email: true, firstName: true } },
+        },
+      });
+      for (const rb of rentals) {
+        if (!rb.tenant.email) continue;
+        await sendRentalConfirmed(
+          rb.tenant.email,
+          rb.tenant.firstName ?? rb.tenant.email,
+          rb.id,
+          rb.provider.name,
+          rb.startDate,
+          rb.endDate,
+        );
+      }
+    } catch (e) {
+      console.error("[webhook.rental] email send failed:", e instanceof Error ? e.message : e);
+    }
     return;
   }
 
diff --git a/src/app/carbets/[slug]/_components/CompleteYourStay.tsx b/src/app/carbets/[slug]/_components/CompleteYourStay.tsx
index 3e87eae..a1b8b42 100644
--- a/src/app/carbets/[slug]/_components/CompleteYourStay.tsx
+++ b/src/app/carbets/[slug]/_components/CompleteYourStay.tsx
@@ -1,5 +1,6 @@
 import Link from "next/link";
 
+import { isPluginEnabled } from "@/lib/plugins/server";
 import { prisma } from "@/lib/prisma";
 import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
 
@@ -17,6 +18,7 @@ const EMOJI: Record<string, string> = {
 };
 
 export async function CompleteYourStay({ river, capacity }: Props) {
+  if (!(await isPluginEnabled("gear-rental"))) return null;
   const providers = await prisma.rentalProvider.findMany({
     where: {
       active: true,
diff --git a/src/app/espace-prestataire/layout.tsx b/src/app/espace-prestataire/layout.tsx
new file mode 100644
index 0000000..fb8b7d1
--- /dev/null
+++ b/src/app/espace-prestataire/layout.tsx
@@ -0,0 +1,6 @@
+import { requirePluginOr404 } from "@/lib/plugins/guard";
+
+export default async function ProviderLayout({ children }: { children: React.ReactNode }) {
+  await requirePluginOr404("gear-rental");
+  return <>{children}</>;
+}
diff --git a/src/app/materiel/[itemId]/page.tsx b/src/app/materiel/[itemId]/page.tsx
index 00e8348..e073f9b 100644
--- a/src/app/materiel/[itemId]/page.tsx
+++ b/src/app/materiel/[itemId]/page.tsx
@@ -2,6 +2,7 @@ import type { Metadata } from "next";
 import Link from "next/link";
 import { notFound } from "next/navigation";
 
+import { requirePluginOr404 } from "@/lib/plugins/guard";
 import { getPublicRentalItem } from "@/lib/rentals-public";
 import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
 
@@ -23,6 +24,7 @@ export async function generateMetadata({ params }: PageProps): Promise<Metadata>
 }
 
 export default async function RentalItemDetailPage({ params }: PageProps) {
+  await requirePluginOr404("gear-rental");
   const { itemId } = await params;
   const item = await getPublicRentalItem(itemId);
   if (!item) notFound();
diff --git a/src/app/materiel/layout.tsx b/src/app/materiel/layout.tsx
new file mode 100644
index 0000000..d6cebd2
--- /dev/null
+++ b/src/app/materiel/layout.tsx
@@ -0,0 +1,6 @@
+import { requirePluginOr404 } from "@/lib/plugins/guard";
+
+export default async function MaterielLayout({ children }: { children: React.ReactNode }) {
+  await requirePluginOr404("gear-rental");
+  return <>{children}</>;
+}
diff --git a/src/app/materiel/page.tsx b/src/app/materiel/page.tsx
index f18f2ac..31fcd77 100644
--- a/src/app/materiel/page.tsx
+++ b/src/app/materiel/page.tsx
@@ -1,6 +1,7 @@
 import type { Metadata } from "next";
 
 import { RentalCategory } from "@/generated/prisma/enums";
+import { requirePluginOr404 } from "@/lib/plugins/guard";
 import { isRentalCategory } from "@/lib/rental-category-labels";
 import {
   listPublicProviders,
@@ -29,6 +30,7 @@ type PageProps = {
 };
 
 export default async function MaterialPage({ searchParams }: PageProps) {
+  await requirePluginOr404("gear-rental");
   const sp = await searchParams;
   const filters = {
     q: sp.q?.trim() || undefined,
diff --git a/src/app/mes-locations/page.tsx b/src/app/mes-locations/page.tsx
index 606ae92..5e3d737 100644
--- a/src/app/mes-locations/page.tsx
+++ b/src/app/mes-locations/page.tsx
@@ -1,6 +1,7 @@
 import Link from "next/link";
 
 import { requireAuth } from "@/lib/authorization";
+import { requirePluginOr404 } from "@/lib/plugins/guard";
 import { prisma } from "@/lib/prisma";
 import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
 
@@ -27,6 +28,7 @@ const PAYMENT_LABEL: Record<string, string> = {
 type SearchParams = Promise<{ payment?: string; ids?: string; ok?: string }>;
 
 export default async function MyRentalsPage({ searchParams }: { searchParams: SearchParams }) {
+  await requirePluginOr404("gear-rental");
   const session = await requireAuth();
   const sp = await searchParams;
 
diff --git a/src/app/panier/page.tsx b/src/app/panier/page.tsx
index a547512..04f13c6 100644
--- a/src/app/panier/page.tsx
+++ b/src/app/panier/page.tsx
@@ -1,5 +1,6 @@
 import Link from "next/link";
 
+import { requirePluginOr404 } from "@/lib/plugins/guard";
 import { prisma } from "@/lib/prisma";
 import { readCartFromCookies } from "@/lib/rental-cart-server";
 
@@ -10,6 +11,7 @@ export const dynamic = "force-dynamic";
 export const metadata = { title: "Mon panier matériel" };
 
 export default async function CartPage() {
+  await requirePluginOr404("gear-rental");
   const cart = await readCartFromCookies();
 
   // Charge les items du panier en bulk pour rendu
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
index b58c423..3d3f8f0 100644
--- a/src/components/SiteHeader.tsx
+++ b/src/components/SiteHeader.tsx
@@ -7,6 +7,7 @@ import Link from "next/link";
 
 import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
+import { isPluginEnabled } from "@/lib/plugins/server";
 
 import { CartBadge } from "./CartBadge";
 import { SignOutButton } from "./SignOutButton";
@@ -17,6 +18,7 @@ export async function SiteHeader() {
   const isAdmin = u?.role === UserRole.ADMIN;
   const isOwner = u?.role === UserRole.OWNER || isAdmin;
   const isRentalProvider = u?.role === UserRole.RENTAL_PROVIDER || isAdmin;
+  const rentalEnabled = await isPluginEnabled("gear-rental");
 
   return (
     <header className="sticky top-0 z-30 border-b border-zinc-200 bg-white/85 backdrop-blur supports-[backdrop-filter]:bg-white/70">
@@ -35,13 +37,15 @@ export async function SiteHeader() {
           <Link href="/carbets" className="hover:text-zinc-900">
             Catalogue
           </Link>
-          <Link href="/materiel" className="hover:text-zinc-900">
-            Matériel
-          </Link>
+          {rentalEnabled ? (
+            <Link href="/materiel" className="hover:text-zinc-900">
+              Matériel
+            </Link>
+          ) : null}
         </nav>
 
         <div className="flex items-center gap-3 text-sm">
-          <CartBadge />
+          {rentalEnabled ? <CartBadge /> : null}
           {u ? (
             <>
               <Link href="/mes-favoris" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
@@ -50,9 +54,11 @@ export async function SiteHeader() {
               <Link href="/mes-reservations" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                 Mes réservations
               </Link>
-              <Link href="/mes-locations" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
-                Mes locations
-              </Link>
+              {rentalEnabled ? (
+                <Link href="/mes-locations" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
+                  Mes locations
+                </Link>
+              ) : null}
               <Link href="/mon-compte" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                 Mon compte
               </Link>
@@ -61,7 +67,7 @@ export async function SiteHeader() {
                   Espace hôte
                 </Link>
               ) : null}
-              {isRentalProvider ? (
+              {isRentalProvider && rentalEnabled ? (
                 <Link href="/espace-prestataire" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                   Espace prestataire
                 </Link>
diff --git a/src/lib/email.ts b/src/lib/email.ts
index a2dc4e6..2e9f79a 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -224,6 +224,99 @@ export async function sendPasswordReset(
   });
 }
 
+type RentalLineSummary = { qty: number; itemName: string };
+
+function renderLines(lines: RentalLineSummary[]): string {
+  return lines.map((l) => `<li>${l.qty}× ${l.itemName}</li>`).join("");
+}
+
+export async function sendRentalRequestedTenant(
+  to: string,
+  firstName: string,
+  rentalBookingId: string,
+  providerName: string,
+  startDate: Date,
+  endDate: Date,
+  amount: string,
+  currency: string,
+  lines: RentalLineSummary[],
+): Promise<void> {
+  const fmt = (d: Date) =>
+    new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" }).format(d);
+  await sendEmail({
+    to,
+    subject: `Demande de location matériel — ${providerName}`,
+    html: wrap(
+      "Votre demande de location est enregistrée",
+      `<p>Bonjour ${firstName},</p>
+       <p>Votre demande de location auprès de <strong>${providerName}</strong> est bien enregistrée :</p>
+       <ul>
+         <li>Du ${fmt(startDate)} au ${fmt(endDate)}</li>
+         <li>Montant : ${Number(amount).toFixed(2)} ${currency}</li>
+       </ul>
+       <p><strong>Matériel demandé :</strong></p>
+       <ul>${renderLines(lines)}</ul>
+       <p>Vous recevrez un nouvel email dès que le paiement sera validé et le prestataire confirmera la préparation du matériel.</p>
+       <p><a href="${SITE_URL}/mes-locations" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Mes locations</a></p>
+       <p style="font-size:11px;color:#71717a;">Référence : ${rentalBookingId}</p>`,
+    ),
+  });
+}
+
+export async function sendRentalRequestedProvider(
+  to: string,
+  providerName: string,
+  rentalBookingId: string,
+  tenantName: string,
+  startDate: Date,
+  endDate: Date,
+  lines: RentalLineSummary[],
+): Promise<void> {
+  const fmt = (d: Date) =>
+    new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" }).format(d);
+  await sendEmail({
+    to,
+    subject: `Nouvelle demande de location — ${tenantName}`,
+    html: wrap(
+      "Nouvelle demande à préparer",
+      `<p>Bonjour ${providerName},</p>
+       <p><strong>${tenantName}</strong> vient de réserver du matériel :</p>
+       <ul>
+         <li>Du ${fmt(startDate)} au ${fmt(endDate)}</li>
+       </ul>
+       <p><strong>Matériel :</strong></p>
+       <ul>${renderLines(lines)}</ul>
+       <p>Préparez le matériel pour la remise. Vous recevrez une confirmation paiement une fois le règlement validé.</p>
+       <p><a href="${SITE_URL}/espace-prestataire/reservations" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Mes réservations</a></p>
+       <p style="font-size:11px;color:#71717a;">Référence : ${rentalBookingId}</p>`,
+    ),
+  });
+}
+
+export async function sendRentalConfirmed(
+  to: string,
+  firstName: string,
+  rentalBookingId: string,
+  providerName: string,
+  startDate: Date,
+  endDate: Date,
+): Promise<void> {
+  const fmt = (d: Date) =>
+    new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "long", year: "numeric" }).format(d);
+  await sendEmail({
+    to,
+    subject: `Location confirmée — ${providerName}`,
+    html: wrap(
+      "Votre location est confirmée",
+      `<p>Bonjour ${firstName},</p>
+       <p>Le paiement de votre location auprès de <strong>${providerName}</strong> du ${fmt(startDate)} au ${fmt(endDate)} est validé.</p>
+       <p>Le prestataire vous contactera pour organiser la remise du matériel sur place.</p>
+       <p><a href="${SITE_URL}/mes-locations" style="display:inline-block;background:#16a34a;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Voir ma location</a></p>
+       <p style="font-size:11px;color:#71717a;">Référence : ${rentalBookingId}</p>`,
+    ),
+  });
+}
+
 export async function sendBookingRefunded(
   to: string,
   firstName: string,
diff --git a/src/lib/plugins/registry.ts b/src/lib/plugins/registry.ts
index d5ee90b..3294a20 100644
--- a/src/lib/plugins/registry.ts
+++ b/src/lib/plugins/registry.ts
@@ -109,6 +109,14 @@ export const PLUGINS: PluginDescriptor[] = [
     category: "business",
     version: "0.1.0",
   },
+  {
+    key: "gear-rental",
+    name: "Location matériel (sous-marketplace)",
+    description:
+      "Catalogue matériel (hamac, moustiquaire, pirogue, kayak…) loué par System D et prestataires tiers. Inclut panier, checkout Stripe, espace prestataire, recommandations carbet. Si désactivé : /materiel, /espace-prestataire et /mes-locations renvoient 404; liens header masqués.",
+    category: "business",
+    version: "0.1.0",
+  },
 
   // Contenus / i18n
   {
diff --git a/tests/lib/rentals.test.ts b/tests/lib/rentals.test.ts
new file mode 100644
index 0000000..121ee06
--- /dev/null
+++ b/tests/lib/rentals.test.ts
@@ -0,0 +1,105 @@
+import { describe, it, expect } from "vitest";
+
+import { diffDays, parseCart, serializeCart, EMPTY_CART } from "@/lib/rental-cart";
+
+describe("diffDays", () => {
+  it("renvoie 0 pour mêmes dates", () => {
+    expect(diffDays("2026-06-01", "2026-06-01")).toBe(0);
+  });
+  it("compte 1 nuit entre J et J+1", () => {
+    expect(diffDays("2026-06-01", "2026-06-02")).toBe(1);
+  });
+  it("compte 7 jours sur une semaine", () => {
+    expect(diffDays("2026-06-01", "2026-06-08")).toBe(7);
+  });
+  it("ne renvoie pas de valeur négative si end < start", () => {
+    expect(diffDays("2026-06-08", "2026-06-01")).toBe(0);
+  });
+});
+
+describe("parseCart", () => {
+  it("retourne EMPTY_CART pour null/undefined/garbage", () => {
+    expect(parseCart(null)).toEqual(EMPTY_CART);
+    expect(parseCart(undefined)).toEqual(EMPTY_CART);
+    expect(parseCart("")).toEqual(EMPTY_CART);
+    expect(parseCart("not json")).toEqual(EMPTY_CART);
+  });
+  it("retourne EMPTY_CART quand le schéma est invalide", () => {
+    expect(parseCart(JSON.stringify({ v: 99, items: [] }))).toEqual(EMPTY_CART);
+    expect(parseCart(JSON.stringify({ v: 1, items: "nope" }))).toEqual(EMPTY_CART);
+  });
+  it("accepte un panier valide", () => {
+    const valid = {
+      v: 1,
+      items: [
+        { itemId: "abc", qty: 2, startDate: "2026-06-01", endDate: "2026-06-03" },
+      ],
+    };
+    const out = parseCart(JSON.stringify(valid));
+    expect(out.items).toHaveLength(1);
+    expect(out.items[0].qty).toBe(2);
+  });
+  it("rejette une date au mauvais format", () => {
+    const bad = {
+      v: 1,
+      items: [{ itemId: "abc", qty: 1, startDate: "1/6/2026", endDate: "2026-06-03" }],
+    };
+    expect(parseCart(JSON.stringify(bad))).toEqual(EMPTY_CART);
+  });
+});
+
+describe("serializeCart", () => {
+  it("ajoute un updatedAt ISO", () => {
+    const s = serializeCart({ v: 1, items: [] });
+    const parsed = JSON.parse(s);
+    expect(parsed.v).toBe(1);
+    expect(parsed.updatedAt).toMatch(/^\d{4}-\d{2}-\d{2}T/);
+  });
+  it("roundtrip parse(serialize(x)) === x sur les items", () => {
+    const cart = {
+      v: 1 as const,
+      items: [
+        { itemId: "k1", qty: 3, startDate: "2026-07-01", endDate: "2026-07-08" },
+      ],
+    };
+    const round = parseCart(serializeCart(cart));
+    expect(round.items).toEqual(cart.items);
+  });
+});
+
+// Calcul de commission (snapshot de la logique métier dans l'API checkout).
+// Ce test sert de garde-fou : si la formule change, faire évoluer aussi
+// `/api/rentals/checkout` (cf. commissionAmount = itemsTotal * pct / 100).
+describe("rental commission formula", () => {
+  function commission(itemsTotal: number, pct: number): number {
+    return Math.round((itemsTotal * pct) / 100 * 100) / 100;
+  }
+
+  it("0% commission System D", () => {
+    expect(commission(120, 0)).toBe(0);
+  });
+  it("15% sur 200€ = 30€", () => {
+    expect(commission(200, 15)).toBe(30);
+  });
+  it("arrondit au centime", () => {
+    expect(commission(33.33, 15)).toBe(5);
+  });
+});
+
+// Disponibilité : la quantité libre = totalQty - somme des qty bloquées
+// chevauchant la fenêtre. Snapshot de la logique de `getItemAvailability`.
+describe("rental availability arithmetic", () => {
+  function availableQty(totalQty: number, blockedQtys: number[]): number {
+    const used = blockedQtys.reduce((a, b) => a + b, 0);
+    return Math.max(0, totalQty - used);
+  }
+  it("totalQty quand rien n'est bloqué", () => {
+    expect(availableQty(5, [])).toBe(5);
+  });
+  it("soustrait les blocages", () => {
+    expect(availableQty(5, [2, 1])).toBe(2);
+  });
+  it("ne renvoie jamais de valeur négative", () => {
+    expect(availableQty(3, [5])).toBe(0);
+  });
+});

From 15f41a7e2a72103c4c03e787eb3a646b855b0be4 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Tue, 2 Jun 2026 08:54:39 +0000
Subject: [PATCH 34/47] fix(rental): no setState in effect for cart hydration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ESLint react-hooks/set-state-in-effect bloque le CI. On déplace la
re-hydratation depuis le cookie dans le lazy initializer de useState
(qui ne court qu'une fois côté client). Conserve la cohérence si un
autre onglet a modifié le panier entre le render serveur et l'hydration,
sans déclencher de re-render en cascade.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/components/RentalCartProvider.tsx | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/components/RentalCartProvider.tsx b/src/components/RentalCartProvider.tsx
index 9f7c7db..2dd8738 100644
--- a/src/components/RentalCartProvider.tsx
+++ b/src/components/RentalCartProvider.tsx
@@ -4,7 +4,6 @@ import {
   createContext,
   useCallback,
   useContext,
-  useEffect,
   useMemo,
   useState,
   type ReactNode,
@@ -44,12 +43,14 @@ function writeCookieClient(cart: Cart): void {
 }
 
 export function RentalCartProvider({ children, initial }: { children: ReactNode; initial?: Cart }) {
-  const [cart, setCart] = useState<Cart>(initial ?? EMPTY_CART);
-
-  // Hydrate depuis cookie au mount (au cas où le panier a changé dans un autre onglet)
-  useEffect(() => {
-    setCart(readCookieClient());
-  }, []);
+  // Initial vient du serveur (cookie lu côté serveur). Sur le client on relit le
+  // cookie une seule fois via lazy initializer pour rester cohérent si un autre
+  // onglet a modifié le panier entre le render serveur et l'hydration.
+  const [cart, setCart] = useState<Cart>(() => {
+    if (typeof document === "undefined") return initial ?? EMPTY_CART;
+    const fromCookie = readCookieClient();
+    return fromCookie.items.length > 0 ? fromCookie : initial ?? EMPTY_CART;
+  });
 
   const persist = useCallback((next: Cart) => {
     setCart(next);

From 9da58288dc812490a964b8245c052711bd94b9bc Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Tue, 2 Jun 2026 09:34:09 +0000
Subject: [PATCH 35/47] =?UTF-8?q?feat(rental):=20Sprint=20F=20=E2=80=94=20?=
 =?UTF-8?q?photos=20&=20vid=C3=A9os=20items=20rental?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Nouveau modèle `RentalItemMedia` parallèle de `Media` (carbet) :
- s3Key / s3Url / sortOrder / type (PHOTO|VIDEO), cascade sur RentalItem
- Migration `20260603100000_rental_item_media` appliquée

Endpoints upload dédiés (mêmes conventions que carbet) :
- POST /api/uploads/rental-presign + POST /api/uploads/rental-finalize
  → auth par canManageRentalProvider (admin OR provider manager)
  → s3Key préfixé `rental-items/<itemId>/`
  → finalize hydrate `RentalItem.imageUrl` avec la première PHOTO
  → générateur de variantes (320/800/1600 via sharp) en best-effort
- DELETE /api/rental-media/[id] + POST /api/rental-media/reorder
  → reorder rafraîchit imageUrl (cover = sortOrder 0)

`MediaUploader` rendu générique :
- Nouveau prop `scope: {kind: "carbet" | "rental-item", id}` ; conserve
  rétro-compat `carbetId` (deprecated)
- Endpoints + payload key (`carbetId` ↔ `itemId`) calculés via
  `endpointsFor()`. Aucun changement de comportement côté carbet.

UI branchée :
- /admin/rental-items/[id] : section « Photos & vidéos » au-dessus du
  form, alimentée par `item.media` chargé par `getRentalItemForAdmin`
- /espace-prestataire/items/[itemId] : idem, charge via `getHostItem`
- /materiel/[itemId] : nouveau `<ItemGallery />` (thumbs cliquables +
  support vidéo). Fallback : ancien `item.imageUrl` si pas de média
  dédié (compat seed).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../migration.sql                             |  22 ++++
 prisma/schema.prisma                          |  15 +++
 src/app/admin/rental-items/[id]/page.tsx      |   9 ++
 src/app/api/rental-media/[id]/route.ts        |  38 +++++++
 src/app/api/rental-media/reorder/route.ts     |  74 +++++++++++++
 src/app/api/uploads/rental-finalize/route.ts  | 104 ++++++++++++++++++
 src/app/api/uploads/rental-presign/route.ts   |  62 +++++++++++
 .../items/[itemId]/page.tsx                   |  11 ++
 .../[itemId]/_components/ItemGallery.tsx      |  74 +++++++++++++
 src/app/materiel/[itemId]/page.tsx            |  26 ++---
 src/components/MediaUploader.tsx              |  74 +++++++++++--
 src/lib/admin/rental-items.ts                 |   4 +
 src/lib/rental-host.ts                        |   4 +
 src/lib/rentals-public.ts                     |   4 +
 src/lib/uploads.ts                            |  25 +++++
 15 files changed, 521 insertions(+), 25 deletions(-)
 create mode 100644 prisma/migrations/20260603100000_rental_item_media/migration.sql
 create mode 100644 src/app/api/rental-media/[id]/route.ts
 create mode 100644 src/app/api/rental-media/reorder/route.ts
 create mode 100644 src/app/api/uploads/rental-finalize/route.ts
 create mode 100644 src/app/api/uploads/rental-presign/route.ts
 create mode 100644 src/app/materiel/[itemId]/_components/ItemGallery.tsx

diff --git a/prisma/migrations/20260603100000_rental_item_media/migration.sql b/prisma/migrations/20260603100000_rental_item_media/migration.sql
new file mode 100644
index 0000000..67a2d76
--- /dev/null
+++ b/prisma/migrations/20260603100000_rental_item_media/migration.sql
@@ -0,0 +1,22 @@
+-- Sprint F : RentalItemMedia (photos & vidéos pour items rental).
+-- Mêmes conventions que Media (carbet) : MediaType enum existant, s3Key/s3Url,
+-- sortOrder pour cover (0). Cascade sur RentalItem.
+
+CREATE TABLE "RentalItemMedia" (
+  "id"        TEXT NOT NULL,
+  "itemId"    TEXT NOT NULL,
+  "type"      "MediaType" NOT NULL,
+  "s3Key"     TEXT NOT NULL,
+  "s3Url"     TEXT NOT NULL,
+  "sortOrder" INTEGER NOT NULL DEFAULT 0,
+  "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "RentalItemMedia_pkey" PRIMARY KEY ("id")
+);
+
+CREATE INDEX "RentalItemMedia_itemId_sortOrder_idx"
+  ON "RentalItemMedia"("itemId", "sortOrder");
+
+ALTER TABLE "RentalItemMedia"
+  ADD CONSTRAINT "RentalItemMedia_itemId_fkey"
+  FOREIGN KEY ("itemId") REFERENCES "RentalItem"("id")
+  ON DELETE CASCADE ON UPDATE CASCADE;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 7580413..b2772d7 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -466,11 +466,26 @@ model RentalItem {
   provider       RentalProvider           @relation(fields: [providerId], references: [id], onDelete: Cascade)
   availabilities RentalItemAvailability[]
   lines          RentalLine[]
+  media          RentalItemMedia[]
 
   @@index([providerId])
   @@index([category, active])
 }
 
+model RentalItemMedia {
+  id        String    @id @default(cuid())
+  itemId    String
+  type      MediaType
+  s3Key     String
+  s3Url     String
+  sortOrder Int       @default(0)
+  createdAt DateTime  @default(now())
+
+  item RentalItem @relation(fields: [itemId], references: [id], onDelete: Cascade)
+
+  @@index([itemId, sortOrder])
+}
+
 model RentalItemAvailability {
   id              String   @id @default(cuid())
   itemId          String
diff --git a/src/app/admin/rental-items/[id]/page.tsx b/src/app/admin/rental-items/[id]/page.tsx
index 8f4dd4a..59295d2 100644
--- a/src/app/admin/rental-items/[id]/page.tsx
+++ b/src/app/admin/rental-items/[id]/page.tsx
@@ -2,6 +2,7 @@ import { notFound } from "next/navigation";
 import Link from "next/link";
 
 import { StatusBadge } from "@/components/admin/StatusBadge";
+import { MediaUploader } from "@/components/MediaUploader";
 import { getRentalItemForAdmin, listProvidersForSelect, RENTAL_CATEGORY_LABEL } from "@/lib/admin/rental-items";
 
 import { ItemForm } from "../_components/ItemForm";
@@ -56,6 +57,14 @@ export default async function EditRentalItemPage({ params }: PageProps) {
         />
       </header>
 
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-base font-semibold text-zinc-900">Photos & vidéos</h2>
+        <MediaUploader
+          scope={{ kind: "rental-item", itemId: item.id }}
+          initialMedia={item.media}
+        />
+      </section>
+
       <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
         <ItemForm
           providers={providers}
diff --git a/src/app/api/rental-media/[id]/route.ts b/src/app/api/rental-media/[id]/route.ts
new file mode 100644
index 0000000..3c6bd93
--- /dev/null
+++ b/src/app/api/rental-media/[id]/route.ts
@@ -0,0 +1,38 @@
+import { NextResponse } from "next/server";
+
+import { auth } from "@/auth";
+import { recordAudit } from "@/lib/admin/audit";
+import { prisma } from "@/lib/prisma";
+import { canManageRentalProvider } from "@/lib/rental-access";
+
+export const runtime = "nodejs";
+
+export async function DELETE(_req: Request, ctx: { params: Promise<{ id: string }> }) {
+  const { id } = await ctx.params;
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+  const media = await prisma.rentalItemMedia.findUnique({
+    where: { id },
+    select: { id: true, itemId: true, item: { select: { providerId: true } } },
+  });
+  if (!media) return NextResponse.json({ error: "Média introuvable" }, { status: 404 });
+
+  const allowed = await canManageRentalProvider(
+    session.user.id,
+    session.user.role,
+    media.item.providerId,
+  );
+  if (!allowed) return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+
+  await prisma.rentalItemMedia.delete({ where: { id } });
+  await recordAudit({
+    scope: "uploads",
+    event: "rental.media.delete",
+    target: id,
+    actorEmail: session.user.email ?? null,
+    details: { itemId: media.itemId },
+  });
+  return NextResponse.json({ ok: true });
+}
diff --git a/src/app/api/rental-media/reorder/route.ts b/src/app/api/rental-media/reorder/route.ts
new file mode 100644
index 0000000..a8cc26a
--- /dev/null
+++ b/src/app/api/rental-media/reorder/route.ts
@@ -0,0 +1,74 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { recordAudit } from "@/lib/admin/audit";
+import { prisma } from "@/lib/prisma";
+import { canManageRentalProvider } from "@/lib/rental-access";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  itemId: z.string().min(1),
+  orderedIds: z.array(z.string()).min(1).max(50),
+});
+
+export async function POST(req: Request) {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+  const parsed = schema.safeParse(await req.json().catch(() => ({})));
+  if (!parsed.success) {
+    return NextResponse.json({ error: "Payload invalide" }, { status: 400 });
+  }
+  const { itemId, orderedIds } = parsed.data;
+
+  const item = await prisma.rentalItem.findUnique({
+    where: { id: itemId },
+    select: { providerId: true },
+  });
+  if (!item) return NextResponse.json({ error: "Item introuvable" }, { status: 404 });
+
+  const allowed = await canManageRentalProvider(
+    session.user.id,
+    session.user.role,
+    item.providerId,
+  );
+  if (!allowed) return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+
+  const existing = await prisma.rentalItemMedia.findMany({
+    where: { itemId, id: { in: orderedIds } },
+    select: { id: true },
+  });
+  if (existing.length !== orderedIds.length) {
+    return NextResponse.json({ error: "Certains médias n'appartiennent pas à l'item." }, { status: 400 });
+  }
+  await prisma.$transaction(
+    orderedIds.map((id, idx) =>
+      prisma.rentalItemMedia.update({ where: { id }, data: { sortOrder: idx } }),
+    ),
+  );
+
+  // Cover = sortOrder 0 → hydrate imageUrl pour rétro-compat listings
+  const firstId = orderedIds[0];
+  const firstMedia = await prisma.rentalItemMedia.findUnique({
+    where: { id: firstId },
+    select: { s3Url: true, type: true },
+  });
+  if (firstMedia && firstMedia.type === "PHOTO") {
+    await prisma.rentalItem.update({
+      where: { id: itemId },
+      data: { imageUrl: firstMedia.s3Url },
+    });
+  }
+
+  await recordAudit({
+    scope: "uploads",
+    event: "rental.media.reorder",
+    target: itemId,
+    actorEmail: session.user.email ?? null,
+    details: { count: orderedIds.length },
+  });
+  return NextResponse.json({ ok: true });
+}
diff --git a/src/app/api/uploads/rental-finalize/route.ts b/src/app/api/uploads/rental-finalize/route.ts
new file mode 100644
index 0000000..4f1f9b9
--- /dev/null
+++ b/src/app/api/uploads/rental-finalize/route.ts
@@ -0,0 +1,104 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { MediaType } from "@/generated/prisma/enums";
+import { recordAudit } from "@/lib/admin/audit";
+import { prisma } from "@/lib/prisma";
+import { canManageRentalProvider } from "@/lib/rental-access";
+import { classifyMime } from "@/lib/uploads";
+import { generateImageVariants } from "@/lib/variants-server";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  itemId: z.string().min(1),
+  s3Key: z.string().min(5).max(500),
+  s3Url: z.string().url(),
+  mime: z.string().min(3).max(100),
+});
+
+export async function POST(req: Request) {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+  const parsed = schema.safeParse(await req.json().catch(() => ({})));
+  if (!parsed.success) {
+    return NextResponse.json(
+      { error: parsed.error.issues[0]?.message ?? "Payload invalide" },
+      { status: 400 },
+    );
+  }
+  const kind = classifyMime(parsed.data.mime);
+  if (!kind) return NextResponse.json({ error: "Type non supporté" }, { status: 400 });
+
+  const item = await prisma.rentalItem.findUnique({
+    where: { id: parsed.data.itemId },
+    select: { id: true, providerId: true },
+  });
+  if (!item) return NextResponse.json({ error: "Item introuvable" }, { status: 404 });
+
+  const allowed = await canManageRentalProvider(
+    session.user.id,
+    session.user.role,
+    item.providerId,
+  );
+  if (!allowed) {
+    return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+  }
+
+  if (!parsed.data.s3Key.startsWith(`rental-items/${item.id}/`)) {
+    return NextResponse.json({ error: "s3Key invalide pour cet item" }, { status: 400 });
+  }
+
+  const existingCount = await prisma.rentalItemMedia.count({ where: { itemId: item.id } });
+  const media = await prisma.rentalItemMedia.create({
+    data: {
+      itemId: item.id,
+      type: kind === "photo" ? MediaType.PHOTO : MediaType.VIDEO,
+      s3Key: parsed.data.s3Key,
+      s3Url: parsed.data.s3Url,
+      sortOrder: existingCount,
+    },
+    select: { id: true, type: true, s3Url: true, s3Key: true, sortOrder: true },
+  });
+
+  // Si c'est la première photo de l'item, hydrate imageUrl pour rétro-compat
+  // avec les listings (RentalItemCard, /carbets/[slug] panel).
+  if (existingCount === 0 && kind === "photo") {
+    await prisma.rentalItem.update({
+      where: { id: item.id },
+      data: { imageUrl: parsed.data.s3Url },
+    });
+  }
+
+  await recordAudit({
+    scope: "uploads",
+    event: "rental.media.finalize",
+    target: media.id,
+    actorEmail: session.user.email ?? null,
+    details: { itemId: item.id, kind },
+  });
+
+  try {
+    const variants = await generateImageVariants({
+      originalS3Key: parsed.data.s3Key,
+      mime: parsed.data.mime,
+    });
+    if (!variants.skipped) {
+      const okCount = variants.results.filter((r) => r.ok).length;
+      await recordAudit({
+        scope: "uploads",
+        event: "rental.media.variants",
+        target: media.id,
+        actorEmail: session.user.email ?? null,
+        details: { generated: okCount, total: variants.results.length },
+      });
+    }
+  } catch (e) {
+    console.error("[rental-uploads] variants generation error:", e);
+  }
+
+  return NextResponse.json({ media });
+}
diff --git a/src/app/api/uploads/rental-presign/route.ts b/src/app/api/uploads/rental-presign/route.ts
new file mode 100644
index 0000000..f3b26e2
--- /dev/null
+++ b/src/app/api/uploads/rental-presign/route.ts
@@ -0,0 +1,62 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+
+import { auth } from "@/auth";
+import { prisma } from "@/lib/prisma";
+import { canManageRentalProvider } from "@/lib/rental-access";
+import { rateLimitRequest } from "@/lib/rate-limit";
+import { presignRentalItemUpload } from "@/lib/uploads";
+
+export const runtime = "nodejs";
+
+const schema = z.object({
+  itemId: z.string().min(1),
+  mime: z.string().min(3).max(100),
+  sizeBytes: z.coerce.number().int().min(1).max(500 * 1024 * 1024),
+});
+
+export async function POST(req: Request) {
+  const rl = rateLimitRequest(req, "rental-presign", 60_000, 60);
+  if (!rl.ok) {
+    return NextResponse.json(
+      { error: `Trop de demandes. Réessayez dans ${rl.retryAfter}s.` },
+      { status: 429 },
+    );
+  }
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié" }, { status: 401 });
+  }
+  const parsed = schema.safeParse(await req.json().catch(() => ({})));
+  if (!parsed.success) {
+    return NextResponse.json(
+      { error: parsed.error.issues[0]?.message ?? "Payload invalide" },
+      { status: 400 },
+    );
+  }
+
+  const item = await prisma.rentalItem.findUnique({
+    where: { id: parsed.data.itemId },
+    select: { id: true, providerId: true },
+  });
+  if (!item) return NextResponse.json({ error: "Item introuvable" }, { status: 404 });
+
+  const allowed = await canManageRentalProvider(
+    session.user.id,
+    session.user.role,
+    item.providerId,
+  );
+  if (!allowed) {
+    return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
+  }
+
+  const result = await presignRentalItemUpload({
+    itemId: item.id,
+    mime: parsed.data.mime,
+    sizeBytes: parsed.data.sizeBytes,
+  });
+  if ("error" in result) {
+    return NextResponse.json({ error: result.error }, { status: 400 });
+  }
+  return NextResponse.json(result);
+}
diff --git a/src/app/espace-prestataire/items/[itemId]/page.tsx b/src/app/espace-prestataire/items/[itemId]/page.tsx
index 699a8b0..ee46102 100644
--- a/src/app/espace-prestataire/items/[itemId]/page.tsx
+++ b/src/app/espace-prestataire/items/[itemId]/page.tsx
@@ -1,6 +1,7 @@
 import Link from "next/link";
 import { notFound, redirect } from "next/navigation";
 
+import { MediaUploader } from "@/components/MediaUploader";
 import { requireRentalProviderSession, getCurrentRentalProvider } from "@/lib/rental-access";
 import { getHostItem } from "@/lib/rental-host";
 import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
@@ -59,6 +60,16 @@ export default async function EditHostItemPage({ params }: PageProps) {
         <ItemInlineDelete deleteAction={deleteThis} canDelete={item._count.lines === 0} />
       </header>
 
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Photos & vidéos
+        </h2>
+        <MediaUploader
+          scope={{ kind: "rental-item", itemId: item.id }}
+          initialMedia={item.media}
+        />
+      </section>
+
       <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
         <HostItemForm
           action={updateThis}
diff --git a/src/app/materiel/[itemId]/_components/ItemGallery.tsx b/src/app/materiel/[itemId]/_components/ItemGallery.tsx
new file mode 100644
index 0000000..7d6ba55
--- /dev/null
+++ b/src/app/materiel/[itemId]/_components/ItemGallery.tsx
@@ -0,0 +1,74 @@
+"use client";
+
+import { useState } from "react";
+
+type Media = { id: string; type: "PHOTO" | "VIDEO"; s3Url: string };
+
+export function ItemGallery({
+  media,
+  fallbackEmoji,
+  alt,
+}: {
+  media: Media[];
+  fallbackEmoji: string;
+  alt: string;
+}) {
+  const [idx, setIdx] = useState(0);
+
+  if (media.length === 0) {
+    return (
+      <div className="flex aspect-[4/3] w-full items-center justify-center rounded-lg bg-zinc-100 text-7xl text-zinc-300">
+        {fallbackEmoji}
+      </div>
+    );
+  }
+
+  const current = media[idx];
+
+  return (
+    <div className="space-y-2">
+      <div className="overflow-hidden rounded-lg bg-zinc-100">
+        {current.type === "VIDEO" ? (
+          <video
+            src={current.s3Url}
+            controls
+            playsInline
+            className="aspect-[4/3] w-full object-cover"
+          />
+        ) : (
+          // eslint-disable-next-line @next/next/no-img-element
+          <img
+            src={current.s3Url}
+            alt={alt}
+            className="aspect-[4/3] w-full object-cover"
+          />
+        )}
+      </div>
+      {media.length > 1 ? (
+        <div className="grid grid-cols-5 gap-1">
+          {media.map((m, i) => (
+            <button
+              key={m.id}
+              type="button"
+              onClick={() => setIdx(i)}
+              className={
+                "aspect-square overflow-hidden rounded-md border transition " +
+                (i === idx
+                  ? "border-emerald-500 ring-2 ring-emerald-200"
+                  : "border-zinc-200 hover:border-zinc-400 opacity-70 hover:opacity-100")
+              }
+              aria-label={`Photo ${i + 1}`}
+            >
+              {m.type === "VIDEO" ? (
+                <div className="flex h-full w-full items-center justify-center bg-zinc-900 text-white">▶</div>
+              ) : (
+                // eslint-disable-next-line @next/next/no-img-element
+                <img src={m.s3Url} alt="" className="h-full w-full object-cover" />
+              )}
+            </button>
+          ))}
+        </div>
+      ) : null}
+    </div>
+  );
+}
diff --git a/src/app/materiel/[itemId]/page.tsx b/src/app/materiel/[itemId]/page.tsx
index e073f9b..d9a56b5 100644
--- a/src/app/materiel/[itemId]/page.tsx
+++ b/src/app/materiel/[itemId]/page.tsx
@@ -8,6 +8,7 @@ import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
 
 import { AddToCart } from "./_components/AddToCart";
 import { AvailabilityPreview } from "./_components/AvailabilityPreview";
+import { ItemGallery } from "./_components/ItemGallery";
 
 export const dynamic = "force-dynamic";
 
@@ -58,19 +59,18 @@ export default async function RentalItemDetailPage({ params }: PageProps) {
             </p>
           </header>
 
-          <div className="mt-5 overflow-hidden rounded-lg bg-zinc-100">
-            {item.imageUrl ? (
-              // eslint-disable-next-line @next/next/no-img-element
-              <img
-                src={item.imageUrl}
-                alt={item.name}
-                className="aspect-[4/3] w-full object-cover"
-              />
-            ) : (
-              <div className="flex aspect-[4/3] w-full items-center justify-center text-7xl text-zinc-300">
-                {categoryEmoji}
-              </div>
-            )}
+          <div className="mt-5">
+            <ItemGallery
+              media={
+                item.media.length > 0
+                  ? item.media
+                  : item.imageUrl
+                    ? [{ id: "legacy", type: "PHOTO", s3Url: item.imageUrl }]
+                    : []
+              }
+              alt={item.name}
+              fallbackEmoji={categoryEmoji}
+            />
           </div>
 
           {item.description ? (
diff --git a/src/components/MediaUploader.tsx b/src/components/MediaUploader.tsx
index 815d991..1eb1cdd 100644
--- a/src/components/MediaUploader.tsx
+++ b/src/components/MediaUploader.tsx
@@ -28,11 +28,53 @@ export type MediaItem = {
   sortOrder: number;
 };
 
+/**
+ * Le composant gère deux périmètres : carbet (par défaut) et item de location.
+ * Les endpoints sont alors `/api/uploads/{rental-}{presign,finalize}`,
+ * `/api/{rental-}media/{id}` et `/api/{rental-}media/reorder` ; la clé de
+ * scope dans les payloads passe de `carbetId` à `itemId`.
+ */
+export type UploaderScope =
+  | { kind: "carbet"; carbetId: string }
+  | { kind: "rental-item"; itemId: string };
+
 type Props = {
-  carbetId: string;
+  scope?: UploaderScope;
+  /** @deprecated — passer `scope={{kind:"carbet", carbetId}}` à la place. */
+  carbetId?: string;
   initialMedia: MediaItem[];
 };
 
+type Endpoints = {
+  presign: string;
+  finalize: string;
+  reorder: string;
+  remove: (mediaId: string) => string;
+  idKey: "carbetId" | "itemId";
+  idValue: string;
+};
+
+function endpointsFor(scope: UploaderScope): Endpoints {
+  if (scope.kind === "carbet") {
+    return {
+      presign: "/api/uploads/presign",
+      finalize: "/api/uploads/finalize",
+      reorder: "/api/media/reorder",
+      remove: (id) => `/api/media/${id}`,
+      idKey: "carbetId",
+      idValue: scope.carbetId,
+    };
+  }
+  return {
+    presign: "/api/uploads/rental-presign",
+    finalize: "/api/uploads/rental-finalize",
+    reorder: "/api/rental-media/reorder",
+    remove: (id) => `/api/rental-media/${id}`,
+    idKey: "itemId",
+    idValue: scope.itemId,
+  };
+}
+
 type UploadEntry = {
   tempId: string;
   name: string;
@@ -45,7 +87,11 @@ type UploadEntry = {
 
 const MAX_PARALLEL = 3;
 
-export function MediaUploader({ carbetId, initialMedia }: Props) {
+export function MediaUploader({ scope, carbetId, initialMedia }: Props) {
+  const endpoints = useMemo(
+    () => endpointsFor(scope ?? { kind: "carbet", carbetId: carbetId ?? "" }),
+    [scope, carbetId],
+  );
   const [items, setItems] = useState<MediaItem[]>(
     [...initialMedia].sort((a, b) => a.sortOrder - b.sortOrder),
   );
@@ -66,13 +112,13 @@ export function MediaUploader({ carbetId, initialMedia }: Props) {
 
   const reorderOnServer = useCallback(
     async (orderedIds: string[]) => {
-      await fetch("/api/media/reorder", {
+      await fetch(endpoints.reorder, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ carbetId, orderedIds }),
+        body: JSON.stringify({ [endpoints.idKey]: endpoints.idValue, orderedIds }),
       }).catch(() => {});
     },
-    [carbetId],
+    [endpoints],
   );
 
   function onDragEnd(e: DragEndEvent) {
@@ -103,9 +149,9 @@ export function MediaUploader({ carbetId, initialMedia }: Props) {
 
   const removeItem = useCallback(async (id: string) => {
     if (!confirm("Supprimer ce média ?")) return;
-    const res = await fetch(`/api/media/${id}`, { method: "DELETE" });
+    const res = await fetch(endpoints.remove(id), { method: "DELETE" });
     if (res.ok) setItems((prev) => prev.filter((p) => p.id !== id));
-  }, []);
+  }, [endpoints]);
 
   const processFile = useCallback(async function processFile(file: File): Promise<void> {
     const tempId = crypto.randomUUID();
@@ -114,10 +160,14 @@ export function MediaUploader({ carbetId, initialMedia }: Props) {
       { tempId, name: file.name, sizeBytes: file.size, mime: file.type, progress: 0, done: false },
     ]);
     try {
-      const presignRes = await fetch("/api/uploads/presign", {
+      const presignRes = await fetch(endpoints.presign, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ carbetId, mime: file.type, sizeBytes: file.size }),
+        body: JSON.stringify({
+          [endpoints.idKey]: endpoints.idValue,
+          mime: file.type,
+          sizeBytes: file.size,
+        }),
       });
       const presign = await presignRes.json();
       if (!presignRes.ok) throw new Error(presign?.error || "presign refusé");
@@ -138,11 +188,11 @@ export function MediaUploader({ carbetId, initialMedia }: Props) {
         xhr.send(file);
       });
 
-      const finalizeRes = await fetch("/api/uploads/finalize", {
+      const finalizeRes = await fetch(endpoints.finalize, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
-          carbetId,
+          [endpoints.idKey]: endpoints.idValue,
           s3Key: presign.s3Key,
           s3Url: presign.publicUrl,
           mime: file.type,
@@ -160,7 +210,7 @@ export function MediaUploader({ carbetId, initialMedia }: Props) {
       const msg = e instanceof Error ? e.message : String(e);
       setUploads((u) => u.map((x) => (x.tempId === tempId ? { ...x, error: msg } : x)));
     }
-  }, [carbetId]);
+  }, [endpoints]);
 
   const popQueueRef = useRef<() => void>(() => {});
   const popQueue = useCallback(() => {
diff --git a/src/lib/admin/rental-items.ts b/src/lib/admin/rental-items.ts
index 01dd655..114c6d4 100644
--- a/src/lib/admin/rental-items.ts
+++ b/src/lib/admin/rental-items.ts
@@ -80,6 +80,10 @@ export async function getRentalItemForAdmin(id: string) {
     where: { id },
     include: {
       provider: { select: { id: true, name: true, isSystemD: true } },
+      media: {
+        orderBy: { sortOrder: "asc" },
+        select: { id: true, type: true, s3Url: true, s3Key: true, sortOrder: true },
+      },
     },
   });
 }
diff --git a/src/lib/rental-host.ts b/src/lib/rental-host.ts
index ba6f543..8959b76 100644
--- a/src/lib/rental-host.ts
+++ b/src/lib/rental-host.ts
@@ -115,6 +115,10 @@ export async function getHostItem(providerId: string, itemId: string) {
     include: {
       availabilities: { orderBy: { startDate: "asc" } },
       _count: { select: { lines: true } },
+      media: {
+        orderBy: { sortOrder: "asc" },
+        select: { id: true, type: true, s3Url: true, s3Key: true, sortOrder: true },
+      },
     },
   });
 }
diff --git a/src/lib/rentals-public.ts b/src/lib/rentals-public.ts
index af08f4a..1ffea63 100644
--- a/src/lib/rentals-public.ts
+++ b/src/lib/rentals-public.ts
@@ -91,6 +91,10 @@ export async function getPublicRentalItem(id: string) {
           contactPhone: true,
         },
       },
+      media: {
+        orderBy: { sortOrder: "asc" },
+        select: { id: true, type: true, s3Url: true, sortOrder: true },
+      },
     },
   });
 }
diff --git a/src/lib/uploads.ts b/src/lib/uploads.ts
index 708504a..484775f 100644
--- a/src/lib/uploads.ts
+++ b/src/lib/uploads.ts
@@ -100,5 +100,30 @@ export async function presignCarbetUpload(opts: {
   return { s3Key, uploadUrl, publicUrl, expiresIn: 600 };
 }
 
+export async function presignRentalItemUpload(opts: {
+  itemId: string;
+  mime: string;
+  sizeBytes: number;
+}): Promise<PresignResult | { error: string }> {
+  const kind = classifyMime(opts.mime);
+  if (!kind) return { error: `Type non supporté : ${opts.mime}` };
+  const max = maxBytesFor(kind);
+  if (opts.sizeBytes > max) {
+    return { error: `Fichier trop volumineux (${Math.round(opts.sizeBytes / 1_000_000)} Mo, max ${Math.round(max / 1_000_000)} Mo).` };
+  }
+  const id = crypto.randomBytes(12).toString("hex");
+  const ext = extensionFor(opts.mime);
+  const s3Key = `rental-items/${opts.itemId}/${Date.now()}-${id}.${ext}`;
+
+  const cmd = new PutObjectCommand({
+    Bucket: BUCKET,
+    Key: s3Key,
+    ContentType: opts.mime,
+  });
+  const uploadUrl = await getSignedUrl(s3Presign, cmd, { expiresIn: 600 });
+  const publicUrl = `${PUBLIC_BASE_EXTERNAL.replace(/\/$/, "")}/${s3Key}`;
+  return { s3Key, uploadUrl, publicUrl, expiresIn: 600 };
+}
+
 export { s3Internal };
 export { BUCKET as UPLOAD_BUCKET };

From 946dd8d5d2384d34dabf6fb1d273bf7c54f70584 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Tue, 2 Jun 2026 22:55:54 +0000
Subject: [PATCH 36/47] =?UTF-8?q?feat(ce):=20Sprint=20G=20=E2=80=94=20data?=
 =?UTF-8?q?=20model=20+=20admin=20validation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Schema:
- Organization gagne le workflow d'approbation (approved + approvedAt +
  approvedBy + contactEmail). Backfill : toutes les orgs existantes
  (CMCK) → approved=true via migration.
- Nouveau OrganizationCarbetMembership (manyToMany Org↔Carbet) pour la
  co-gestion CE : un Carbet a un ownerId (créateur initial) + 0..n
  memberships ; chaque CE_MANAGER d'une org liée peut gérer le carbet
  en plus de l'owner. Pour un hôte individuel = pas de membership.
- RentalProvider.organizationId (nullable, SetNull on delete) : un CE
  peut posséder son provider ; les CE_MANAGERs membres de l'org y ont
  accès en plus du manager nominal.

Plugin ce-management ajouté au registry (catégorie business, off par
défaut). Quand off : signup CE caché + dashboard /espace-ce 404.

Admin organizations :
- Tab statut (Toutes / À valider [count] / Validées) avec compteur des
  organisations pending dans l'en-tête.
- Badge statut sur la liste et la page détail.
- Bouton « Valider l'organisation » sur le détail (action
  approveOrganizationAction → flip approved=true + approvedAt + audit
  log organization.approve). Idempotent : un re-appel sur une org déjà
  validée ne re-loggue pas.
- Détail montre les compteurs carbetMemberships + rentalProviders.

Migration appliquée à la DB prod (CMCK backfill validé).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../migration.sql                             | 54 ++++++++++++++++
 prisma/schema.prisma                          | 44 ++++++++++---
 .../[id]/_components/ApproveOrgButton.tsx     | 36 +++++++++++
 src/app/admin/organizations/[id]/page.tsx     | 34 +++++++++--
 src/app/admin/organizations/actions.ts        | 15 +++++
 src/app/admin/organizations/page.tsx          | 61 +++++++++++++++++--
 src/lib/admin/organizations.ts                | 37 ++++++++++-
 src/lib/plugins/registry.ts                   |  8 +++
 8 files changed, 271 insertions(+), 18 deletions(-)
 create mode 100644 prisma/migrations/20260603200000_ce_management/migration.sql
 create mode 100644 src/app/admin/organizations/[id]/_components/ApproveOrgButton.tsx

diff --git a/prisma/migrations/20260603200000_ce_management/migration.sql b/prisma/migrations/20260603200000_ce_management/migration.sql
new file mode 100644
index 0000000..eb2cc87
--- /dev/null
+++ b/prisma/migrations/20260603200000_ce_management/migration.sql
@@ -0,0 +1,54 @@
+-- Sprint G : CE management.
+--   * Organization gagne le workflow d'approbation (approved + approvedAt + approvedBy)
+--     + un contactEmail dédié pour les notifications admin.
+--   * Nouveau modèle OrganizationCarbetMembership : co-gestion des carbets par les
+--     CE_MANAGERs d'une org liée. Pas de unique sur carbet → un Carbet pourrait être
+--     co-publié par plusieurs orgs (cas rare mais autorisé).
+--   * RentalProvider gagne organizationId (nullable) : un CE peut posséder son provider.
+
+ALTER TABLE "Organization"
+  ADD COLUMN "contactEmail" TEXT,
+  ADD COLUMN "approved"     BOOLEAN NOT NULL DEFAULT FALSE,
+  ADD COLUMN "approvedAt"   TIMESTAMP(3),
+  ADD COLUMN "approvedBy"   TEXT;
+
+CREATE INDEX "Organization_approved_idx" ON "Organization"("approved");
+
+-- Backfill : toutes les orgs existantes sont considérées validées.
+-- (Aujourd'hui : CMCK uniquement. Les futures orgs créées via signup arriveront
+--  en approved=false par défaut.)
+UPDATE "Organization"
+   SET "approved"   = TRUE,
+       "approvedAt" = NOW()
+ WHERE "approved" = FALSE;
+
+CREATE TABLE "OrganizationCarbetMembership" (
+  "organizationId" TEXT NOT NULL,
+  "carbetId"       TEXT NOT NULL,
+  "addedByUserId"  TEXT,
+  "addedAt"        TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "OrganizationCarbetMembership_pkey" PRIMARY KEY ("organizationId", "carbetId")
+);
+
+CREATE INDEX "OrganizationCarbetMembership_carbetId_idx"
+  ON "OrganizationCarbetMembership"("carbetId");
+
+ALTER TABLE "OrganizationCarbetMembership"
+  ADD CONSTRAINT "OrganizationCarbetMembership_organizationId_fkey"
+  FOREIGN KEY ("organizationId") REFERENCES "Organization"("id")
+  ON DELETE CASCADE ON UPDATE CASCADE;
+
+ALTER TABLE "OrganizationCarbetMembership"
+  ADD CONSTRAINT "OrganizationCarbetMembership_carbetId_fkey"
+  FOREIGN KEY ("carbetId") REFERENCES "Carbet"("id")
+  ON DELETE CASCADE ON UPDATE CASCADE;
+
+ALTER TABLE "RentalProvider"
+  ADD COLUMN "organizationId" TEXT;
+
+CREATE INDEX "RentalProvider_organizationId_idx" ON "RentalProvider"("organizationId");
+
+ALTER TABLE "RentalProvider"
+  ADD CONSTRAINT "RentalProvider_organizationId_fkey"
+  FOREIGN KEY ("organizationId") REFERENCES "Organization"("id")
+  ON DELETE SET NULL ON UPDATE CASCADE;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index b2772d7..49f703a 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -72,16 +72,40 @@ enum TransportMode {
 }
 
 model Organization {
-  id          String   @id @default(cuid())
-  name        String
-  slug        String   @unique
-  description String?
-  createdAt   DateTime @default(now())
-  updatedAt   DateTime @updatedAt
+  id           String    @id @default(cuid())
+  name         String
+  slug         String    @unique
+  description  String?
+  contactEmail String?
+  approved     Boolean   @default(false)
+  approvedAt   DateTime?
+  approvedBy   String?
+  createdAt    DateTime  @default(now())
+  updatedAt    DateTime  @updatedAt
 
-  members User[]
+  members          User[]
+  carbetMemberships OrganizationCarbetMembership[]
+  rentalProviders  RentalProvider[]
 
   @@index([name])
+  @@index([approved])
+}
+
+/// Co-gestion des carbets côté CE. Un Carbet a toujours un ownerId (créateur initial),
+/// et zéro ou plusieurs orgs liées : un CE_MANAGER d'une org liée peut gérer le carbet
+/// en plus de l'owner. Pour un hôte individuel : aucune membership ; pour un carbet CE :
+/// 1 membership pour l'org du créateur. Plusieurs orgs possibles si co-publication.
+model OrganizationCarbetMembership {
+  organizationId String
+  carbetId       String
+  addedByUserId  String?
+  addedAt        DateTime @default(now())
+
+  organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+  carbet       Carbet       @relation(fields: [carbetId], references: [id], onDelete: Cascade)
+
+  @@id([organizationId, carbetId])
+  @@index([carbetId])
 }
 
 model User {
@@ -157,6 +181,7 @@ model Carbet {
   bookings         Booking[]
   reviews          Review[]
   subscriptions  Subscription[]
+  organizations  OrganizationCarbetMembership[]
 
   @@index([ownerId])
   @@index([status])
@@ -425,6 +450,9 @@ model RentalProvider {
   name            String
   isSystemD       Boolean  @default(false)
   managedByUserId String?
+  /// Si renseigné, le provider appartient à une organisation (CE) ; tout CE_MANAGER
+  /// membre de l'org peut gérer items et réservations en plus du manager nominal.
+  organizationId  String?
   contactEmail    String?
   contactPhone    String?
   rivers          String[] @default([])
@@ -438,11 +466,13 @@ model RentalProvider {
   updatedAt       DateTime @updatedAt
 
   manager        User?           @relation(fields: [managedByUserId], references: [id], onDelete: SetNull)
+  organization   Organization?   @relation(fields: [organizationId], references: [id], onDelete: SetNull)
   items          RentalItem[]
   rentalBookings RentalBooking[]
 
   @@index([active, approved])
   @@index([managedByUserId])
+  @@index([organizationId])
 }
 
 model RentalItem {
diff --git a/src/app/admin/organizations/[id]/_components/ApproveOrgButton.tsx b/src/app/admin/organizations/[id]/_components/ApproveOrgButton.tsx
new file mode 100644
index 0000000..d53a21c
--- /dev/null
+++ b/src/app/admin/organizations/[id]/_components/ApproveOrgButton.tsx
@@ -0,0 +1,36 @@
+"use client";
+
+import { useState, useTransition } from "react";
+
+type Props = {
+  action: () => Promise<{ ok: false; error: string } | { ok: true } | undefined | void>;
+};
+
+export function ApproveOrgButton({ action }: Props) {
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+
+  function run() {
+    setError(null);
+    startTransition(async () => {
+      const res = await action();
+      if (res && (res as { ok?: boolean }).ok === false) {
+        setError((res as { error: string }).error);
+      }
+    });
+  }
+
+  return (
+    <div className="flex flex-col items-end gap-1">
+      <button
+        type="button"
+        onClick={run}
+        disabled={pending}
+        className="rounded-md bg-emerald-600 px-3 py-1.5 text-sm font-semibold text-white hover:bg-emerald-700 disabled:opacity-60"
+      >
+        {pending ? "Validation…" : "Valider l'organisation"}
+      </button>
+      {error ? <span className="text-xs text-rose-700">{error}</span> : null}
+    </div>
+  );
+}
diff --git a/src/app/admin/organizations/[id]/page.tsx b/src/app/admin/organizations/[id]/page.tsx
index 90c91b6..810ba23 100644
--- a/src/app/admin/organizations/[id]/page.tsx
+++ b/src/app/admin/organizations/[id]/page.tsx
@@ -3,7 +3,8 @@ import Link from "next/link";
 import { getOrganizationForAdmin } from "@/lib/admin/organizations";
 import { OrgForm } from "../_components/OrgForm";
 import { StatusBadge } from "@/components/admin/StatusBadge";
-import { deleteOrganizationAction, updateOrganizationAction } from "../actions";
+import { approveOrganizationAction, deleteOrganizationAction, updateOrganizationAction } from "../actions";
+import { ApproveOrgButton } from "./_components/ApproveOrgButton";
 import { DeleteOrgButton } from "./_components/DeleteOrgButton";
 
 export const dynamic = "force-dynamic";
@@ -31,6 +32,10 @@ export default async function EditOrgPage({ params }: PageProps) {
     "use server";
     return await deleteOrganizationAction(id);
   };
+  const approveThis = async () => {
+    "use server";
+    return await approveOrganizationAction(id);
+  };
 
   return (
     <div className="mx-auto max-w-5xl space-y-6">
@@ -39,12 +44,33 @@ export default async function EditOrgPage({ params }: PageProps) {
           <Link href="/admin/organizations" className="text-xs text-zinc-500 hover:text-zinc-900">
             ← Toutes les organisations
           </Link>
-          <h1 className="mt-1 text-2xl font-semibold text-zinc-900">{org.name}</h1>
+          <h1 className="mt-1 flex items-center gap-3 text-2xl font-semibold text-zinc-900">
+            {org.name}
+            {org.approved ? (
+              <span className="rounded-full bg-emerald-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                Validée
+              </span>
+            ) : (
+              <span className="rounded-full bg-amber-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-amber-800 ring-1 ring-inset ring-amber-300">
+                À valider
+              </span>
+            )}
+          </h1>
           <p className="mt-1 text-sm text-zinc-500">
-            <code>/{org.slug}</code> · {org.members.length} membre{org.members.length > 1 ? "s" : ""}
+            <code>/{org.slug}</code> · {org.members.length} membre{org.members.length > 1 ? "s" : ""} ·{" "}
+            {org._count.carbetMemberships} carbet{org._count.carbetMemberships > 1 ? "s" : ""} co-géré
+            {org._count.carbetMemberships > 1 ? "s" : ""} · {org._count.rentalProviders} provider rental
           </p>
+          {org.contactEmail ? (
+            <p className="text-xs text-zinc-500">
+              Contact : <a href={`mailto:${org.contactEmail}`} className="underline">{org.contactEmail}</a>
+            </p>
+          ) : null}
+        </div>
+        <div className="flex items-center gap-2">
+          {!org.approved ? <ApproveOrgButton action={approveThis} /> : null}
+          <DeleteOrgButton action={deleteThis} memberCount={org.members.length} />
         </div>
-        <DeleteOrgButton action={deleteThis} memberCount={org.members.length} />
       </header>
 
       <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
diff --git a/src/app/admin/organizations/actions.ts b/src/app/admin/organizations/actions.ts
index 5f8bcf6..6b852a8 100644
--- a/src/app/admin/organizations/actions.ts
+++ b/src/app/admin/organizations/actions.ts
@@ -5,6 +5,7 @@ import { redirect } from "next/navigation";
 import { z } from "zod";
 import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
+import { approveOrganization as approveOrganizationLib } from "@/lib/admin/organizations";
 import { requireRole } from "@/lib/authorization";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
@@ -75,6 +76,20 @@ export async function updateOrganizationAction(id: string, fd: FormData) {
   return { ok: true as const };
 }
 
+export async function approveOrganizationAction(id: string) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  const actor = session?.user?.email ?? null;
+  const res = await approveOrganizationLib(id, actor ?? "admin");
+  if (!res.ok) return res;
+  if (!res.alreadyApproved) {
+    await audit("organization.approve", id, actor, {});
+  }
+  revalidatePath("/admin/organizations");
+  revalidatePath(`/admin/organizations/${id}`);
+  return { ok: true as const };
+}
+
 export async function deleteOrganizationAction(id: string) {
   await requireRole([UserRole.ADMIN]);
   const session = await auth();
diff --git a/src/app/admin/organizations/page.tsx b/src/app/admin/organizations/page.tsx
index 0d394ba..b6a5e95 100644
--- a/src/app/admin/organizations/page.tsx
+++ b/src/app/admin/organizations/page.tsx
@@ -1,16 +1,27 @@
 import Link from "next/link";
-import { listOrganizationsAdmin } from "@/lib/admin/organizations";
+import { countPendingOrganizations, listOrganizationsAdmin } from "@/lib/admin/organizations";
 
 export const dynamic = "force-dynamic";
 
 type PageProps = {
-  searchParams: Promise<{ q?: string }>;
+  searchParams: Promise<{ q?: string; status?: string }>;
 };
 
+const STATUS_VALUES = ["all", "pending", "approved"] as const;
+type StatusFilter = (typeof STATUS_VALUES)[number];
+
+function isStatusFilter(s: string | undefined): s is StatusFilter {
+  return STATUS_VALUES.includes(s as StatusFilter);
+}
+
 export default async function OrgsAdminPage({ searchParams }: PageProps) {
   const sp = await searchParams;
-  const filters = { q: sp.q?.trim() || undefined };
-  const orgs = await listOrganizationsAdmin(filters);
+  const approved = isStatusFilter(sp.status) ? sp.status : "all";
+  const filters = { q: sp.q?.trim() || undefined, approved };
+  const [orgs, pendingCount] = await Promise.all([
+    listOrganizationsAdmin(filters),
+    countPendingOrganizations(),
+  ]);
   const dateFmt = new Intl.DateTimeFormat("fr-FR", { day: "2-digit", month: "short", year: "2-digit" });
 
   return (
@@ -30,7 +41,35 @@ export default async function OrgsAdminPage({ searchParams }: PageProps) {
         </Link>
       </header>
 
+      <nav className="mb-3 flex flex-wrap gap-2 text-sm">
+        {(
+          [
+            { key: "all", label: "Toutes" },
+            { key: "pending", label: pendingCount > 0 ? `À valider (${pendingCount})` : "À valider" },
+            { key: "approved", label: "Validées" },
+          ] as { key: StatusFilter; label: string }[]
+        ).map((t) => {
+          const href = `/admin/organizations?status=${t.key}${filters.q ? `&q=${encodeURIComponent(filters.q)}` : ""}`;
+          const active = approved === t.key;
+          return (
+            <Link
+              key={t.key}
+              href={href}
+              className={
+                "rounded-md px-3 py-1 font-medium " +
+                (active ? "bg-zinc-900 text-white" : "bg-zinc-100 text-zinc-700 hover:bg-zinc-200")
+              }
+            >
+              {t.label}
+            </Link>
+          );
+        })}
+      </nav>
+
       <form className="mb-4 flex flex-wrap items-center gap-2 rounded-lg border border-zinc-200 bg-white p-3" method="get">
+        {approved !== "all" ? (
+          <input type="hidden" name="status" value={approved} />
+        ) : null}
         <input
           type="text"
           name="q"
@@ -53,6 +92,7 @@ export default async function OrgsAdminPage({ searchParams }: PageProps) {
           <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
             <tr>
               <th className="px-4 py-2 text-left font-semibold">Nom</th>
+              <th className="px-4 py-2 text-left font-semibold">Statut</th>
               <th className="px-4 py-2 text-left font-semibold">Slug</th>
               <th className="px-4 py-2 text-right font-semibold">Membres</th>
               <th className="px-4 py-2 text-right font-semibold">Créée</th>
@@ -61,7 +101,7 @@ export default async function OrgsAdminPage({ searchParams }: PageProps) {
           <tbody className="divide-y divide-zinc-100">
             {orgs.length === 0 ? (
               <tr>
-                <td colSpan={4} className="px-4 py-8 text-center text-sm text-zinc-500">
+                <td colSpan={5} className="px-4 py-8 text-center text-sm text-zinc-500">
                   Aucune organisation.
                 </td>
               </tr>
@@ -76,6 +116,17 @@ export default async function OrgsAdminPage({ searchParams }: PageProps) {
                     <div className="text-[11px] text-zinc-500">{o.description.slice(0, 80)}{o.description.length > 80 ? "…" : ""}</div>
                   ) : null}
                 </td>
+                <td className="px-4 py-2">
+                  {o.approved ? (
+                    <span className="rounded-full bg-emerald-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                      Validée
+                    </span>
+                  ) : (
+                    <span className="rounded-full bg-amber-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-amber-800 ring-1 ring-inset ring-amber-300">
+                      À valider
+                    </span>
+                  )}
+                </td>
                 <td className="px-4 py-2 text-zinc-700"><code>/{o.slug}</code></td>
                 <td className="px-4 py-2 text-right font-mono text-zinc-700">{o.membersCount}</td>
                 <td className="px-4 py-2 text-right text-[11px] text-zinc-500">{dateFmt.format(o.createdAt)}</td>
diff --git a/src/lib/admin/organizations.ts b/src/lib/admin/organizations.ts
index e333006..b2bc680 100644
--- a/src/lib/admin/organizations.ts
+++ b/src/lib/admin/organizations.ts
@@ -3,13 +3,16 @@ import "server-only";
 import { Prisma } from "@/generated/prisma/client";
 import { prisma } from "@/lib/prisma";
 
-export type AdminOrgFilters = { q?: string };
+export type AdminOrgFilters = { q?: string; approved?: "all" | "pending" | "approved" };
 
 export type AdminOrgListItem = {
   id: string;
   name: string;
   slug: string;
   description: string | null;
+  contactEmail: string | null;
+  approved: boolean;
+  approvedAt: Date | null;
   createdAt: Date;
   membersCount: number;
 };
@@ -23,16 +26,21 @@ export async function listOrganizationsAdmin(filters: AdminOrgFilters = {}): Pro
       { description: { contains: filters.q, mode: "insensitive" } },
     ];
   }
+  if (filters.approved === "pending") where.approved = false;
+  else if (filters.approved === "approved") where.approved = true;
 
   const rows = await prisma.organization.findMany({
     where,
-    orderBy: [{ name: "asc" }],
+    orderBy: [{ approved: "asc" }, { name: "asc" }],
     take: 200,
     select: {
       id: true,
       name: true,
       slug: true,
       description: true,
+      contactEmail: true,
+      approved: true,
+      approvedAt: true,
       createdAt: true,
       _count: { select: { members: true } },
     },
@@ -42,11 +50,18 @@ export async function listOrganizationsAdmin(filters: AdminOrgFilters = {}): Pro
     name: o.name,
     slug: o.slug,
     description: o.description,
+    contactEmail: o.contactEmail,
+    approved: o.approved,
+    approvedAt: o.approvedAt,
     createdAt: o.createdAt,
     membersCount: o._count.members,
   }));
 }
 
+export async function countPendingOrganizations(): Promise<number> {
+  return prisma.organization.count({ where: { approved: false } });
+}
+
 export async function getOrganizationForAdmin(id: string) {
   return prisma.organization.findUnique({
     where: { id },
@@ -55,6 +70,24 @@ export async function getOrganizationForAdmin(id: string) {
         orderBy: [{ role: "asc" }, { lastName: "asc" }],
         select: { id: true, firstName: true, lastName: true, email: true, role: true, isActive: true },
       },
+      _count: { select: { carbetMemberships: true, rentalProviders: true } },
     },
   });
 }
+
+export async function approveOrganization(
+  id: string,
+  adminEmail: string,
+): Promise<{ ok: true; alreadyApproved: boolean } | { ok: false; error: string }> {
+  const org = await prisma.organization.findUnique({
+    where: { id },
+    select: { id: true, approved: true },
+  });
+  if (!org) return { ok: false, error: "Organisation introuvable" };
+  if (org.approved) return { ok: true, alreadyApproved: true };
+  await prisma.organization.update({
+    where: { id },
+    data: { approved: true, approvedAt: new Date(), approvedBy: adminEmail },
+  });
+  return { ok: true, alreadyApproved: false };
+}
diff --git a/src/lib/plugins/registry.ts b/src/lib/plugins/registry.ts
index 3294a20..854b48c 100644
--- a/src/lib/plugins/registry.ts
+++ b/src/lib/plugins/registry.ts
@@ -117,6 +117,14 @@ export const PLUGINS: PluginDescriptor[] = [
     category: "business",
     version: "0.1.0",
   },
+  {
+    key: "ce-management",
+    name: "Gestion des Comités d'Entreprise",
+    description:
+      "Permet à un CE de s'inscrire (validation admin), publier ses carbets en co-gestion (OrganizationCarbetMembership), et activer un RentalProvider org-scoped pour louer son matériel. Dashboard /espace-ce avec KPIs agrégés par organisation. Si désactivé : /espace-ce et le choix « Comité d'Entreprise » sur /inscription disparaissent.",
+    category: "business",
+    version: "0.1.0",
+  },
 
   // Contenus / i18n
   {

From 63a29d9ade283139eea58a2ab60afd873c34e713 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Tue, 2 Jun 2026 23:12:46 +0000
Subject: [PATCH 37/47] =?UTF-8?q?feat(ce):=20Sprint=20H=20=E2=80=94=20sign?=
 =?UTF-8?q?up=20CE=20public=20+=20/espace-ce=20shell?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

src/lib/ce-access.ts (NEW) :
- requireCeManagerSession (redirect connexion ou / si rôle insuffisant)
- getCurrentCeOrganization (CE_MANAGER → son org via organizationId,
  ADMIN → org ciblée par paramètre ou null)
- canManageCarbetForCe (owner direct OU membre d'une org liée)
- requireApprovedOrg (redirect /espace-ce?pending=1 si non validée)

Emails best-effort :
- sendNewCeRequest → admin (contact@karbe) avec lien filtré
  /admin/organizations?status=pending
- sendCeApproved → CE_MANAGERs actifs de l'org après validation
- Branchement dans approveOrganizationAction : envoie le mail à tous
  les CE_MANAGERs actifs de l'org en best-effort.

Signup CE public :
- SignupForm 4e tuile « Comité d'Entreprise » avec champ orgName.
  Layout grid 4 colonnes sur lg, 2 sur sm.
- /api/signup étendu :
  - zod accepte CE_MANAGER + orgName
  - transaction $tx atomique : Organization (approved=false, slug
    auto-unique via slugify + suffix) + User (role=CE_MANAGER,
    organizationId lié)
  - sendNewCeRequest best-effort
  - réponse étendue avec organizationId
- Pattern slug : retry avec suffix -2, -3… jusqu'à libre

Dashboard /espace-ce :
- layout.tsx : requirePluginOr404("ce-management") +
  requireCeManagerSession
- page.tsx : 4 KPIs (carbets co-gérés, items rental, bookings 30j,
  revenu 30j), bannière « En attente de validation » si pending,
  2 ActionCards (Mes carbets, Matériel rental) marquées « Bientôt »
  jusqu'aux sprints I et J
- ce-dashboard.ts : getCeOrgKpis (agrège bookings carbets via
  membership + rentalBookings via provider.organizationId) +
  listCeCarbets pour Sprint I

SiteHeader : lien « Espace CE » conditionné par role + plugin
(mirror du lien Espace prestataire).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/admin/organizations/actions.ts        |  19 +++
 src/app/api/signup/route.ts                   | 125 +++++++++++----
 src/app/espace-ce/layout.tsx                  |   8 +
 src/app/espace-ce/page.tsx                    | 145 ++++++++++++++++++
 .../inscription/_components/SignupForm.tsx    |  52 ++++++-
 src/components/SiteHeader.tsx                 |  11 +-
 src/lib/ce-access.ts                          |  92 +++++++++++
 src/lib/ce-dashboard.ts                       |  90 +++++++++++
 src/lib/email.ts                              |  38 +++++
 9 files changed, 544 insertions(+), 36 deletions(-)
 create mode 100644 src/app/espace-ce/layout.tsx
 create mode 100644 src/app/espace-ce/page.tsx
 create mode 100644 src/lib/ce-access.ts
 create mode 100644 src/lib/ce-dashboard.ts

diff --git a/src/app/admin/organizations/actions.ts b/src/app/admin/organizations/actions.ts
index 6b852a8..6a0ae6f 100644
--- a/src/app/admin/organizations/actions.ts
+++ b/src/app/admin/organizations/actions.ts
@@ -7,6 +7,7 @@ import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
 import { approveOrganization as approveOrganizationLib } from "@/lib/admin/organizations";
 import { requireRole } from "@/lib/authorization";
+import { sendCeApproved } from "@/lib/email";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
 
@@ -84,6 +85,24 @@ export async function approveOrganizationAction(id: string) {
   if (!res.ok) return res;
   if (!res.alreadyApproved) {
     await audit("organization.approve", id, actor, {});
+    // Notifier les CE_MANAGERs de l'org : leur compte vient d'être débloqué.
+    try {
+      const data = await prisma.organization.findUnique({
+        where: { id },
+        select: {
+          name: true,
+          members: {
+            where: { role: UserRole.CE_MANAGER, isActive: true },
+            select: { email: true, firstName: true },
+          },
+        },
+      });
+      for (const m of data?.members ?? []) {
+        await sendCeApproved(m.email, m.firstName, data?.name ?? "");
+      }
+    } catch (e) {
+      console.error("[admin.org.approve] email send failed:", e instanceof Error ? e.message : e);
+    }
   }
   revalidatePath("/admin/organizations");
   revalidatePath(`/admin/organizations/${id}`);
diff --git a/src/app/api/signup/route.ts b/src/app/api/signup/route.ts
index 8953cf7..e056d9b 100644
--- a/src/app/api/signup/route.ts
+++ b/src/app/api/signup/route.ts
@@ -5,8 +5,9 @@ import { UserRole } from "@/generated/prisma/enums";
 import { hashPassword } from "@/lib/password";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
-import { sendNewRentalProviderRequest, sendSignupWelcome } from "@/lib/email";
+import { sendNewCeRequest, sendNewRentalProviderRequest, sendSignupWelcome } from "@/lib/email";
 import { rateLimitRequest } from "@/lib/rate-limit";
+import { slugify } from "@/lib/slug";
 
 export const runtime = "nodejs";
 
@@ -17,10 +18,11 @@ const schema = z.object({
   lastName: z.string().trim().min(1).max(100),
   phone: z.string().trim().max(40).optional().nullable(),
   role: z
-    .enum([UserRole.TOURIST, UserRole.OWNER, UserRole.RENTAL_PROVIDER])
+    .enum([UserRole.TOURIST, UserRole.OWNER, UserRole.RENTAL_PROVIDER, UserRole.CE_MANAGER])
     .default(UserRole.TOURIST),
   providerName: z.string().trim().min(2).max(200).optional(),
   providerRivers: z.array(z.string().trim().min(1).max(80)).max(20).optional(),
+  orgName: z.string().trim().min(2).max(200).optional(),
 });
 
 export async function POST(req: Request) {
@@ -49,6 +51,9 @@ export async function POST(req: Request) {
   if (data.role === UserRole.RENTAL_PROVIDER && (!data.providerName || data.providerName.trim().length < 2)) {
     return NextResponse.json({ error: "Nom de votre activité requis." }, { status: 400 });
   }
+  if (data.role === UserRole.CE_MANAGER && (!data.orgName || data.orgName.trim().length < 2)) {
+    return NextResponse.json({ error: "Nom de votre Comité d'Entreprise requis." }, { status: 400 });
+  }
 
   const existing = await prisma.user.findUnique({ where: { email: data.email }, select: { id: true } });
   if (existing) {
@@ -56,38 +61,87 @@ export async function POST(req: Request) {
   }
 
   const passwordHash = await hashPassword(data.password);
-  const user = await prisma.user.create({
-    data: {
-      email: data.email,
-      passwordHash,
-      firstName: data.firstName,
-      lastName: data.lastName,
-      phone: data.phone?.trim() || null,
-      role: data.role,
-      isActive: true,
-    },
-    select: { id: true, email: true, role: true },
-  });
 
-  // Pour un RENTAL_PROVIDER : crée le RentalProvider associé en attente d'approbation.
+  // CE_MANAGER : transaction atomique User + Organization. Le slug est unique
+  // sur Organization → on retente avec un suffixe en cas de collision.
   let createdProviderId: string | null = null;
-  if (user.role === UserRole.RENTAL_PROVIDER && data.providerName) {
-    const provider = await prisma.rentalProvider.create({
-      data: {
-        name: data.providerName,
-        isSystemD: false,
-        managedByUserId: user.id,
-        contactEmail: user.email,
-        contactPhone: data.phone?.trim() || null,
-        rivers: data.providerRivers ?? [],
-        commissionPct: 10, // valeur par défaut, ajustable par admin
-        active: true,
-        approved: false,
-      },
-      select: { id: true, name: true },
+  let createdOrgId: string | null = null;
+  let user: { id: string; email: string; role: UserRole };
+
+  if (data.role === UserRole.CE_MANAGER) {
+    const orgName = data.orgName!.trim();
+    const baseSlug = slugify(orgName);
+    const result = await prisma.$transaction(async (tx) => {
+      // Trouve un slug libre
+      let candidate = baseSlug || "ce";
+      let suffix = 1;
+      for (;;) {
+        const exists = await tx.organization.findUnique({ where: { slug: candidate }, select: { id: true } });
+        if (!exists) break;
+        suffix += 1;
+        candidate = `${baseSlug}-${suffix}`;
+      }
+      // candidate now holds a free slug
+      const org = await tx.organization.create({
+        data: {
+          name: orgName,
+          slug: candidate,
+          contactEmail: data.email,
+          approved: false,
+        },
+        select: { id: true },
+      });
+      const u = await tx.user.create({
+        data: {
+          email: data.email,
+          passwordHash,
+          firstName: data.firstName,
+          lastName: data.lastName,
+          phone: data.phone?.trim() || null,
+          role: UserRole.CE_MANAGER,
+          organizationId: org.id,
+          isActive: true,
+        },
+        select: { id: true, email: true, role: true },
+      });
+      return { user: u, orgId: org.id };
     });
-    createdProviderId = provider.id;
-    sendNewRentalProviderRequest(provider.name, user.email).catch(() => {});
+    user = result.user;
+    createdOrgId = result.orgId;
+    sendNewCeRequest(orgName, user.email).catch(() => {});
+  } else {
+    user = await prisma.user.create({
+      data: {
+        email: data.email,
+        passwordHash,
+        firstName: data.firstName,
+        lastName: data.lastName,
+        phone: data.phone?.trim() || null,
+        role: data.role,
+        isActive: true,
+      },
+      select: { id: true, email: true, role: true },
+    });
+
+    // Pour un RENTAL_PROVIDER : crée le RentalProvider associé en attente d'approbation.
+    if (user.role === UserRole.RENTAL_PROVIDER && data.providerName) {
+      const provider = await prisma.rentalProvider.create({
+        data: {
+          name: data.providerName,
+          isSystemD: false,
+          managedByUserId: user.id,
+          contactEmail: user.email,
+          contactPhone: data.phone?.trim() || null,
+          rivers: data.providerRivers ?? [],
+          commissionPct: 10, // valeur par défaut, ajustable par admin
+          active: true,
+          approved: false,
+        },
+        select: { id: true, name: true },
+      });
+      createdProviderId = provider.id;
+      sendNewRentalProviderRequest(provider.name, user.email).catch(() => {});
+    }
   }
 
   await recordAudit({
@@ -95,10 +149,15 @@ export async function POST(req: Request) {
     event: "user.create",
     target: user.id,
     actorEmail: user.email,
-    details: { role: user.role, rentalProviderId: createdProviderId },
+    details: { role: user.role, rentalProviderId: createdProviderId, organizationId: createdOrgId },
   });
 
   sendSignupWelcome(user.email, data.firstName).catch(() => {});
 
-  return NextResponse.json({ ok: true, userId: user.id, providerId: createdProviderId });
+  return NextResponse.json({
+    ok: true,
+    userId: user.id,
+    providerId: createdProviderId,
+    organizationId: createdOrgId,
+  });
 }
diff --git a/src/app/espace-ce/layout.tsx b/src/app/espace-ce/layout.tsx
new file mode 100644
index 0000000..75cdc1c
--- /dev/null
+++ b/src/app/espace-ce/layout.tsx
@@ -0,0 +1,8 @@
+import { requirePluginOr404 } from "@/lib/plugins/guard";
+import { requireCeManagerSession } from "@/lib/ce-access";
+
+export default async function CeLayout({ children }: { children: React.ReactNode }) {
+  await requirePluginOr404("ce-management");
+  await requireCeManagerSession();
+  return <>{children}</>;
+}
diff --git a/src/app/espace-ce/page.tsx b/src/app/espace-ce/page.tsx
new file mode 100644
index 0000000..fd64787
--- /dev/null
+++ b/src/app/espace-ce/page.tsx
@@ -0,0 +1,145 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { getCurrentCeOrganization } from "@/lib/ce-access";
+import { getCeOrgKpis } from "@/lib/ce-dashboard";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Espace CE — Karbé" };
+
+function fmtEur(n: number): string {
+  return n.toLocaleString("fr-FR", { style: "currency", currency: "EUR" });
+}
+
+export default async function CeDashboardPage() {
+  const org = await getCurrentCeOrganization();
+  if (!org) {
+    // ADMIN sans organizationId ciblé : pour l'instant, renvoyer vers la liste admin.
+    redirect("/admin/organizations");
+  }
+
+  const kpis = await getCeOrgKpis(org.id);
+
+  return (
+    <main className="mx-auto max-w-5xl px-6 py-10 space-y-6">
+      <header>
+        <h1 className="text-3xl font-semibold text-zinc-900">
+          Espace CE — {org.name}
+        </h1>
+        <p className="mt-1 text-sm text-zinc-500">
+          Dashboard de votre comité d&apos;entreprise. Co-gérez vos carbets et activez la location
+          de matériel pour vos membres et le public touriste.
+        </p>
+      </header>
+
+      {!org.approved ? (
+        <section className="rounded-lg border border-amber-200 bg-amber-50/60 px-5 py-4">
+          <h2 className="text-base font-semibold text-amber-900">
+            🕒 Votre organisation est en attente de validation
+          </h2>
+          <p className="mt-1 text-sm text-amber-900">
+            L&apos;équipe Karbé vérifie votre demande. Vous pouvez préparer vos carbets et items
+            en brouillon, mais rien ne sera publié tant que votre organisation n&apos;est pas
+            validée. Cela prend généralement moins de 48h. Si vous n&apos;avez pas de retour
+            sous 72h, contactez{" "}
+            <a href="mailto:contact@karbe.cosmolan.fr" className="underline">
+              contact@karbe.cosmolan.fr
+            </a>
+            .
+          </p>
+        </section>
+      ) : null}
+
+      <section className="grid grid-cols-2 gap-3 sm:grid-cols-4">
+        <KpiCard label="Carbets co-gérés" value={kpis.carbetsCount} />
+        <KpiCard label="Items matériel" value={kpis.rentalItemsCount} />
+        <KpiCard label="Réservations 30j" value={kpis.bookings30dCount + kpis.rentalBookings30dCount} />
+        <KpiCard label="Revenu 30j" value={fmtEur(kpis.revenue30d)} />
+      </section>
+
+      <section className="grid gap-3 sm:grid-cols-2">
+        <ActionCard
+          href={org.approved ? "/espace-ce/carbets" : "/espace-ce"}
+          title="Mes carbets"
+          description={
+            kpis.carbetsCount > 0
+              ? `${kpis.carbetsCount} carbet${kpis.carbetsCount > 1 ? "s" : ""} co-géré${kpis.carbetsCount > 1 ? "s" : ""} par votre CE.`
+              : org.approved
+                ? "Ajoutez votre premier carbet et ouvrez-le à vos membres + au public."
+                : "Disponible après validation de votre organisation."
+          }
+          disabled={!org.approved}
+          comingSoon
+        />
+        <ActionCard
+          href={org.approved ? "/espace-ce/materiel" : "/espace-ce"}
+          title="Matériel rental"
+          description={
+            kpis.rentalItemsCount > 0
+              ? `${kpis.rentalItemsCount} item${kpis.rentalItemsCount > 1 ? "s" : ""} en location.`
+              : org.approved
+                ? "Proposez hamacs, kayaks, pirogue… à vos membres et au public."
+                : "Disponible après validation de votre organisation."
+          }
+          disabled={!org.approved}
+          comingSoon
+        />
+      </section>
+
+      <p className="text-xs text-zinc-500">
+        Les liens « Mes carbets » et « Matériel rental » seront actifs au Sprint I et J du plan
+        CE management.
+      </p>
+    </main>
+  );
+}
+
+function KpiCard({ label, value }: { label: string; value: string | number }) {
+  return (
+    <div className="rounded-lg border border-zinc-200 bg-white px-4 py-3 shadow-sm">
+      <div className="text-[10px] uppercase tracking-wider text-zinc-500">{label}</div>
+      <div className="mt-1 text-2xl font-semibold text-zinc-900 font-mono">{value}</div>
+    </div>
+  );
+}
+
+function ActionCard({
+  href,
+  title,
+  description,
+  disabled,
+  comingSoon,
+}: {
+  href: string;
+  title: string;
+  description: string;
+  disabled?: boolean;
+  comingSoon?: boolean;
+}) {
+  const baseCls =
+    "rounded-lg border bg-white px-5 py-4 shadow-sm transition " +
+    (disabled
+      ? "border-zinc-200 opacity-60"
+      : "border-zinc-200 hover:border-zinc-400 hover:shadow");
+  const inner = (
+    <>
+      <h3 className="text-base font-semibold text-zinc-900">
+        {title}
+        {comingSoon ? (
+          <span className="ml-2 rounded bg-zinc-100 px-1.5 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-zinc-600">
+            Bientôt
+          </span>
+        ) : null}
+      </h3>
+      <p className="mt-1 text-sm text-zinc-600">{description}</p>
+    </>
+  );
+  if (disabled || comingSoon) {
+    return <div className={baseCls}>{inner}</div>;
+  }
+  return (
+    <Link href={href} className={baseCls}>
+      {inner}
+    </Link>
+  );
+}
diff --git a/src/app/inscription/_components/SignupForm.tsx b/src/app/inscription/_components/SignupForm.tsx
index 6f8f7bd..3ac9fc5 100644
--- a/src/app/inscription/_components/SignupForm.tsx
+++ b/src/app/inscription/_components/SignupForm.tsx
@@ -10,9 +10,10 @@ export function SignupForm({ next }: Props) {
   const router = useRouter();
   const [pending, startTransition] = useTransition();
   const [error, setError] = useState<string | null>(null);
-  const [role, setRole] = useState<"TOURIST" | "OWNER" | "RENTAL_PROVIDER">("TOURIST");
+  const [role, setRole] = useState<"TOURIST" | "OWNER" | "RENTAL_PROVIDER" | "CE_MANAGER">("TOURIST");
   const [providerName, setProviderName] = useState("");
   const [providerRivers, setProviderRivers] = useState("");
+  const [orgName, setOrgName] = useState("");
 
   function onSubmit(formData: FormData) {
     setError(null);
@@ -30,6 +31,10 @@ export function SignupForm({ next }: Props) {
       setError("Le nom de votre activité de loueur est requis.");
       return;
     }
+    if (role === "CE_MANAGER" && orgName.trim().length < 2) {
+      setError("Le nom de votre Comité d'Entreprise est requis.");
+      return;
+    }
 
     startTransition(async () => {
       const body: Record<string, unknown> = {
@@ -47,6 +52,9 @@ export function SignupForm({ next }: Props) {
           .map((s) => s.trim())
           .filter((s) => s.length > 0);
       }
+      if (role === "CE_MANAGER") {
+        body.orgName = orgName.trim();
+      }
       const res = await fetch("/api/signup", {
         method: "POST",
         headers: { "Content-Type": "application/json" },
@@ -112,7 +120,7 @@ export function SignupForm({ next }: Props) {
 
         <fieldset className="space-y-1">
           <legend className="text-xs text-zinc-600">Type de compte</legend>
-          <div className="grid grid-cols-1 gap-2 pt-1 sm:grid-cols-3">
+          <div className="grid grid-cols-1 gap-2 pt-1 sm:grid-cols-2 lg:grid-cols-4">
             <label
               className={
                 "flex cursor-pointer flex-col items-start rounded-md border px-3 py-2 text-sm " +
@@ -170,9 +178,49 @@ export function SignupForm({ next }: Props) {
               <span className="font-semibold text-zinc-900">Loueur matériel</span>
               <span className="text-[11px] text-zinc-500">Hamac, pirogue, kayak…</span>
             </label>
+            <label
+              className={
+                "flex cursor-pointer flex-col items-start rounded-md border px-3 py-2 text-sm " +
+                (role === "CE_MANAGER"
+                  ? "border-zinc-900 bg-zinc-50 ring-1 ring-zinc-900"
+                  : "border-zinc-300 hover:bg-zinc-50")
+              }
+            >
+              <input
+                type="radio"
+                name="role"
+                value="CE_MANAGER"
+                checked={role === "CE_MANAGER"}
+                onChange={() => setRole("CE_MANAGER")}
+                className="sr-only"
+              />
+              <span className="font-semibold text-zinc-900">Comité d&apos;Entreprise</span>
+              <span className="text-[11px] text-zinc-500">Gérer les carbets et matériel d&apos;un CE.</span>
+            </label>
           </div>
         </fieldset>
 
+        {role === "CE_MANAGER" ? (
+          <div className="space-y-2 rounded-md border border-amber-200 bg-amber-50/40 p-3">
+            <p className="text-[11px] text-amber-900">
+              Votre Comité d&apos;Entreprise sera créé en <strong>attente de validation</strong>.
+              Vous pouvez vous connecter à votre espace CE dès la création mais ne publierez
+              vos carbets et matériel qu&apos;après validation par l&apos;équipe Karbé.
+            </p>
+            <label className="block">
+              <span className="text-xs text-zinc-600">Nom de votre Comité d&apos;Entreprise</span>
+              <input
+                type="text"
+                value={orgName}
+                onChange={(e) => setOrgName(e.target.value)}
+                placeholder="ex. CE Spatiale de Kourou"
+                maxLength={200}
+                className={inputCls + " mt-0.5"}
+              />
+            </label>
+          </div>
+        ) : null}
+
         {role === "RENTAL_PROVIDER" ? (
           <div className="space-y-2 rounded-md border border-emerald-200 bg-emerald-50/30 p-3">
             <p className="text-[11px] text-emerald-900">
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
index 3d3f8f0..dd5b682 100644
--- a/src/components/SiteHeader.tsx
+++ b/src/components/SiteHeader.tsx
@@ -18,7 +18,11 @@ export async function SiteHeader() {
   const isAdmin = u?.role === UserRole.ADMIN;
   const isOwner = u?.role === UserRole.OWNER || isAdmin;
   const isRentalProvider = u?.role === UserRole.RENTAL_PROVIDER || isAdmin;
-  const rentalEnabled = await isPluginEnabled("gear-rental");
+  const isCeManager = u?.role === UserRole.CE_MANAGER || isAdmin;
+  const [rentalEnabled, ceEnabled] = await Promise.all([
+    isPluginEnabled("gear-rental"),
+    isPluginEnabled("ce-management"),
+  ]);
 
   return (
     <header className="sticky top-0 z-30 border-b border-zinc-200 bg-white/85 backdrop-blur supports-[backdrop-filter]:bg-white/70">
@@ -72,6 +76,11 @@ export async function SiteHeader() {
                   Espace prestataire
                 </Link>
               ) : null}
+              {isCeManager && ceEnabled ? (
+                <Link href="/espace-ce" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
+                  Espace CE
+                </Link>
+              ) : null}
               {isAdmin ? (
                 <Link href="/admin" className="hidden rounded-md bg-zinc-900 px-2.5 py-1 text-xs font-semibold text-white hover:bg-zinc-800 sm:inline-block">
                   Admin
diff --git a/src/lib/ce-access.ts b/src/lib/ce-access.ts
new file mode 100644
index 0000000..c525d04
--- /dev/null
+++ b/src/lib/ce-access.ts
@@ -0,0 +1,92 @@
+import "server-only";
+
+import { redirect } from "next/navigation";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+/**
+ * Garde-fou commun pour /espace-ce/* : redirige vers /connexion si pas de session,
+ * vers / si le rôle n'est pas CE_MANAGER ni ADMIN.
+ */
+export async function requireCeManagerSession() {
+  const session = await auth();
+  if (!session?.user?.id) {
+    redirect("/connexion?next=/espace-ce");
+  }
+  const role = session.user.role;
+  if (role !== UserRole.CE_MANAGER && role !== UserRole.ADMIN) {
+    redirect("/");
+  }
+  return session;
+}
+
+/**
+ * Récupère l'Organization de l'utilisateur connecté (via User.organizationId).
+ * - CE_MANAGER → son org (toujours rattaché)
+ * - ADMIN → soit l'org ciblée par `organizationId`, soit null pour forcer le choix
+ */
+export async function getCurrentCeOrganization(opts: { organizationId?: string } = {}) {
+  const session = await auth();
+  if (!session?.user?.id) return null;
+  const role = session.user.role;
+
+  if (role === UserRole.ADMIN && opts.organizationId) {
+    return prisma.organization.findUnique({ where: { id: opts.organizationId } });
+  }
+  if (role === UserRole.ADMIN && !opts.organizationId) {
+    return null;
+  }
+  // CE_MANAGER : retourne son org via User.organizationId
+  const user = await prisma.user.findUnique({
+    where: { id: session.user.id },
+    select: { organization: true },
+  });
+  return user?.organization ?? null;
+}
+
+/**
+ * Un CE_MANAGER peut-il gérer ce carbet ?
+ * - vrai s'il en est l'owner direct (`Carbet.ownerId == userId`)
+ * - OU s'il est membre d'une org liée au carbet via OrganizationCarbetMembership
+ * - ADMIN passe toujours.
+ */
+export async function canManageCarbetForCe(
+  userId: string,
+  role: string | undefined,
+  carbetId: string,
+): Promise<boolean> {
+  if (role === UserRole.ADMIN) return true;
+  if (role !== UserRole.CE_MANAGER) return false;
+
+  const [carbet, user] = await Promise.all([
+    prisma.carbet.findUnique({
+      where: { id: carbetId },
+      select: {
+        ownerId: true,
+        organizations: { select: { organizationId: true } },
+      },
+    }),
+    prisma.user.findUnique({
+      where: { id: userId },
+      select: { organizationId: true },
+    }),
+  ]);
+  if (!carbet || !user?.organizationId) return false;
+  if (carbet.ownerId === userId) return true;
+  return carbet.organizations.some((m) => m.organizationId === user.organizationId);
+}
+
+/**
+ * Garantit que l'org du user est `approved=true`. Sinon redirige vers le dashboard
+ * /espace-ce qui affiche une bannière « En attente de validation ».
+ * Utiliser sur les pages qui doivent publier du contenu (créer carbet/item).
+ */
+export async function requireApprovedOrg() {
+  const org = await getCurrentCeOrganization();
+  if (!org || !org.approved) {
+    redirect("/espace-ce?pending=1");
+  }
+  return org;
+}
diff --git a/src/lib/ce-dashboard.ts b/src/lib/ce-dashboard.ts
new file mode 100644
index 0000000..c5edb40
--- /dev/null
+++ b/src/lib/ce-dashboard.ts
@@ -0,0 +1,90 @@
+import "server-only";
+
+import {
+  BookingStatus,
+  RentalBookingStatus,
+} from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+/**
+ * KPIs agrégés à l'échelle d'une organisation CE.
+ * - carbets : nombre de carbets co-gérés via OrganizationCarbetMembership
+ * - rentalItems : items des providers liés à l'org
+ * - bookings30d : bookings confirmées sur les carbets de l'org (30 derniers jours)
+ * - rentalBookings30d : RentalBooking confirmées sur les providers de l'org
+ * - revenue30d : somme des amounts (booking + rental) sur 30j
+ */
+export async function getCeOrgKpis(organizationId: string) {
+  const since = new Date(Date.now() - 30 * 86_400_000);
+
+  const [carbetsCount, providers, bookings30d, rentalBookings30d] = await Promise.all([
+    prisma.organizationCarbetMembership.count({ where: { organizationId } }),
+    prisma.rentalProvider.findMany({
+      where: { organizationId },
+      select: {
+        id: true,
+        approved: true,
+        active: true,
+        _count: { select: { items: true } },
+      },
+    }),
+    prisma.booking.findMany({
+      where: {
+        status: BookingStatus.CONFIRMED,
+        createdAt: { gte: since },
+        carbet: { organizations: { some: { organizationId } } },
+      },
+      select: { amount: true, currency: true },
+    }),
+    prisma.rentalBooking.findMany({
+      where: {
+        status: RentalBookingStatus.CONFIRMED,
+        createdAt: { gte: since },
+        provider: { organizationId },
+      },
+      select: { amount: true, currency: true },
+    }),
+  ]);
+
+  const itemsCount = providers.reduce((s, p) => s + p._count.items, 0);
+  const revenue30d = [
+    ...bookings30d.map((b) => Number(b.amount)),
+    ...rentalBookings30d.map((r) => Number(r.amount)),
+  ].reduce((s, n) => s + n, 0);
+
+  return {
+    carbetsCount,
+    providersCount: providers.length,
+    rentalItemsCount: itemsCount,
+    rentalProviderApproved: providers.every((p) => p.approved),
+    bookings30dCount: bookings30d.length,
+    rentalBookings30dCount: rentalBookings30d.length,
+    revenue30d,
+  };
+}
+
+/**
+ * Liste les carbets co-gérés par une org (joinés via membership).
+ */
+export async function listCeCarbets(organizationId: string) {
+  const memberships = await prisma.organizationCarbetMembership.findMany({
+    where: { organizationId },
+    orderBy: { addedAt: "desc" },
+    select: {
+      carbet: {
+        select: {
+          id: true,
+          slug: true,
+          title: true,
+          river: true,
+          status: true,
+          capacity: true,
+          nightlyPrice: true,
+          ownerId: true,
+          owner: { select: { firstName: true, lastName: true } },
+        },
+      },
+    },
+  });
+  return memberships.map((m) => m.carbet);
+}
diff --git a/src/lib/email.ts b/src/lib/email.ts
index 2e9f79a..070370f 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -186,6 +186,44 @@ export async function sendBookingConfirmed(
   });
 }
 
+export async function sendNewCeRequest(
+  orgName: string,
+  managerEmail: string,
+): Promise<void> {
+  const adminEmail = process.env.ADMIN_NOTIFICATION_EMAIL ?? "contact@karbe.cosmolan.fr";
+  await sendEmail({
+    to: adminEmail,
+    subject: `Nouvelle demande CE — ${orgName}`,
+    html: wrap(
+      "Demande de Comité d'Entreprise à valider",
+      `<p>Une organisation vient de s'inscrire en tant que Comité d'Entreprise.</p>
+       <ul>
+         <li>Nom : <strong>${orgName}</strong></li>
+         <li>Email du manager : ${managerEmail}</li>
+       </ul>
+       <p><a href="${SITE_URL}/admin/organizations?status=pending" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Valider sur l'admin Karbé</a></p>
+       <p style="font-size:12px;color:#71717a;">Le CE_MANAGER peut accéder à son dashboard mais ne peut rien publier tant que <code>Organization.approved=false</code>.</p>`,
+    ),
+  });
+}
+
+export async function sendCeApproved(
+  to: string,
+  firstName: string,
+  orgName: string,
+): Promise<void> {
+  await sendEmail({
+    to,
+    subject: `Votre CE « ${orgName} » est validé sur Karbé`,
+    html: wrap(
+      "Organisation validée",
+      `<p>Bonjour ${firstName},</p>
+       <p>Votre Comité d'Entreprise <strong>${orgName}</strong> vient d'être validé. Vous pouvez désormais publier vos carbets et activer la location de matériel pour vos membres et le public touriste.</p>
+       <p><a href="${SITE_URL}/espace-ce" style="display:inline-block;background:#16a34a;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Accéder à mon espace CE</a></p>`,
+    ),
+  });
+}
+
 export async function sendNewRentalProviderRequest(
   providerName: string,
   userEmail: string,

From 74ea280f280a56560092eb43a9cdb07dce53bee6 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Tue, 2 Jun 2026 23:34:17 +0000
Subject: [PATCH 38/47] =?UTF-8?q?feat(ce):=20Sprint=20I=20=E2=80=94=20CRUD?=
 =?UTF-8?q?=20carbets=20c=C3=B4t=C3=A9=20CE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Session étendue :
- Ajout session.user.organizationId (typedef + auth callbacks JWT
  & session). Permet à canManageCarbet de check membership sans
  refetch DB.

src/lib/carbet-access.ts :
- MANAGER_ROLES inclut désormais CE_MANAGER → /espace-hote ET /espace-ce
  sont gardés par requireOwnerSession (CE_MANAGER passe, OWNER passe,
  ADMIN passe).
- canManageCarbet(session, carbetOwnerId, linkedOrgIds=[]) :
  - ADMIN → toujours vrai
  - OWNER + session.user.id === carbetOwnerId → vrai
  - CE_MANAGER + session.user.organizationId ∈ linkedOrgIds → vrai
  - sinon faux.
- Callers historiques (qui ne passent pas linkedOrgIds) restent sûrs :
  CE_MANAGER ne peut rien gérer par défaut.

createCarbet étendu : si role=CE_MANAGER + organizationId présent,
crée OrganizationCarbetMembership dans la même transaction. Redirige
ensuite vers /espace-ce/carbets/[id] au lieu de /espace-hote/.

Sweep des callers canManageCarbet (8 sites) : chargent désormais
`Carbet.organizations` + passent linkedOrgIds. Includes :
- updateCarbet, setCarbetStatus, deleteCarbet, reorderMedia, deleteMedia
  dans espace-hote/carbets/actions.ts
- espace-hote/carbets/[carbetId]/page.tsx
- API POST /api/carbets/[carbetId]/media

Pages /espace-ce/carbets/* :
- page.tsx : liste les carbets co-gérés via OrganizationCarbetMembership,
  forms Publier/Dépublier/Supprimer pointent vers les actions
  existantes de /espace-hote (réutilisation totale)
- nouveau/page.tsx : requireApprovedOrg (redirect dashboard si pending),
  CarbetForm + createCarbet (même action que /espace-hote — détecte
  CE_MANAGER et crée membership)
- [carbetId]/page.tsx : vérif que le carbet est lié à l'org du user
  + MediaUploader + CarbetForm (updateCarbet partagé)

Dashboard /espace-ce/page.tsx : ActionCard « Mes carbets » devient
active (le lien marche même en pending — l'org peut préparer des
brouillons, c'est juste la publication qui est bloquée).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/api/carbets/[carbetId]/media/route.ts |  13 +-
 src/app/espace-ce/carbets/[carbetId]/page.tsx | 126 ++++++++++++++
 src/app/espace-ce/carbets/nouveau/page.tsx    |  42 +++++
 src/app/espace-ce/carbets/page.tsx            | 163 ++++++++++++++++++
 src/app/espace-ce/page.tsx                    |  11 +-
 .../espace-hote/carbets/[carbetId]/page.tsx   |   6 +-
 src/app/espace-hote/carbets/actions.ts        |  83 +++++++--
 src/auth.ts                                   |   6 +
 src/lib/carbet-access.ts                      |  37 +++-
 src/types/next-auth.d.ts                      |   3 +
 10 files changed, 462 insertions(+), 28 deletions(-)
 create mode 100644 src/app/espace-ce/carbets/[carbetId]/page.tsx
 create mode 100644 src/app/espace-ce/carbets/nouveau/page.tsx
 create mode 100644 src/app/espace-ce/carbets/page.tsx

diff --git a/src/app/api/carbets/[carbetId]/media/route.ts b/src/app/api/carbets/[carbetId]/media/route.ts
index 9661048..1519158 100644
--- a/src/app/api/carbets/[carbetId]/media/route.ts
+++ b/src/app/api/carbets/[carbetId]/media/route.ts
@@ -26,7 +26,11 @@ export async function POST(
   if (!session?.user?.id) {
     return NextResponse.json({ error: "Non authentifié." }, { status: 401 });
   }
-  if (session.user.role !== UserRole.OWNER && session.user.role !== UserRole.ADMIN) {
+  if (
+    session.user.role !== UserRole.OWNER &&
+    session.user.role !== UserRole.ADMIN &&
+    session.user.role !== UserRole.CE_MANAGER
+  ) {
     return NextResponse.json({ error: "Accès refusé." }, { status: 403 });
   }
 
@@ -34,12 +38,15 @@ export async function POST(
 
   const carbet = await prisma.carbet.findUnique({
     where: { id: carbetId },
-    select: { ownerId: true },
+    select: {
+      ownerId: true,
+      organizations: { select: { organizationId: true } },
+    },
   });
   if (!carbet) {
     return NextResponse.json({ error: "Carbet introuvable." }, { status: 404 });
   }
-  if (!canManageCarbet(session, carbet.ownerId)) {
+  if (!canManageCarbet(session, carbet.ownerId, carbet.organizations.map((o) => o.organizationId))) {
     return NextResponse.json({ error: "Accès refusé." }, { status: 403 });
   }
 
diff --git a/src/app/espace-ce/carbets/[carbetId]/page.tsx b/src/app/espace-ce/carbets/[carbetId]/page.tsx
new file mode 100644
index 0000000..08c8c21
--- /dev/null
+++ b/src/app/espace-ce/carbets/[carbetId]/page.tsx
@@ -0,0 +1,126 @@
+import Link from "next/link";
+import { notFound, redirect } from "next/navigation";
+
+import { MediaUploader } from "@/components/MediaUploader";
+import { canManageCarbet, requireOwnerSession } from "@/lib/carbet-access";
+import { getCurrentCeOrganization } from "@/lib/ce-access";
+import { prisma } from "@/lib/prisma";
+
+import { updateCarbet } from "../../../espace-hote/carbets/actions";
+import { CarbetForm } from "../../../espace-hote/carbets/_components/carbet-form";
+
+export const dynamic = "force-dynamic";
+
+export default async function EditCeCarbetPage({
+  params,
+  searchParams,
+}: {
+  params: Promise<{ carbetId: string }>;
+  searchParams: Promise<{ [key: string]: string | string[] | undefined }>;
+}) {
+  const session = await requireOwnerSession();
+  const org = await getCurrentCeOrganization();
+  if (!org) redirect("/admin/organizations");
+  const { carbetId } = await params;
+  const { publishError } = await searchParams;
+
+  const carbet = await prisma.carbet.findUnique({
+    where: { id: carbetId },
+    select: {
+      id: true,
+      ownerId: true,
+      title: true,
+      description: true,
+      river: true,
+      latitude: true,
+      longitude: true,
+      embarkPoint: true,
+      pirogueDurationMin: true,
+      capacity: true,
+      roadAccess: true,
+      electricity: true,
+      gsmAtCarbet: true,
+      gsmExitDistanceKm: true,
+      status: true,
+      media: {
+        orderBy: { sortOrder: "asc" },
+        select: { id: true, type: true, s3Url: true, s3Key: true, sortOrder: true },
+      },
+      amenities: { select: { amenity: { select: { key: true } } } },
+      organizations: { select: { organizationId: true } },
+    },
+  });
+
+  if (
+    !carbet ||
+    !canManageCarbet(session, carbet.ownerId, carbet.organizations.map((o) => o.organizationId))
+  ) {
+    notFound();
+  }
+
+  // Sécurité supplémentaire : assure que le carbet est bien lié à l'org du user.
+  // (Un ADMIN peut éditer n'importe quel carbet via /admin, pas via /espace-ce.)
+  const isLinked = carbet.organizations.some((o) => o.organizationId === org.id);
+  if (!isLinked && session.user.role !== "ADMIN") {
+    notFound();
+  }
+
+  const defaults = {
+    title: carbet.title,
+    description: carbet.description,
+    river: carbet.river,
+    latitude: carbet.latitude.toString(),
+    longitude: carbet.longitude.toString(),
+    embarkPoint: carbet.embarkPoint,
+    pirogueDurationMin: String(carbet.pirogueDurationMin),
+    capacity: String(carbet.capacity),
+    roadAccess: carbet.roadAccess ?? "",
+    electricity: carbet.electricity ?? "",
+    gsmAtCarbet: carbet.gsmAtCarbet,
+    gsmExitDistanceKm: carbet.gsmExitDistanceKm !== null ? carbet.gsmExitDistanceKm.toString() : "",
+    status: carbet.status,
+    amenityKeys: carbet.amenities.map((entry) => entry.amenity.key),
+  };
+
+  return (
+    <main className="mx-auto max-w-3xl px-6 py-12">
+      <Link
+        href="/espace-ce/carbets"
+        className="text-sm text-zinc-600 hover:text-zinc-900"
+      >
+        ← Carbets de {org.name}
+      </Link>
+      <h1 className="mt-2 text-3xl font-semibold text-zinc-900">
+        {carbet.title}
+      </h1>
+      <p className="mt-1 text-xs text-zinc-500">
+        Co-géré par <strong>{org.name}</strong>
+      </p>
+
+      {publishError ? (
+        <p className="mt-4 rounded-md bg-amber-50 px-4 py-3 text-sm text-amber-800">
+          Ajoutez au moins un média avant de publier ce carbet.
+        </p>
+      ) : null}
+
+      <section className="mt-8">
+        <h2 className="text-lg font-semibold text-zinc-900">Médias</h2>
+        <p className="mb-4 mt-1 text-sm text-zinc-600">
+          Déposez photos et vidéos courtes, réorganisez par glisser-déposer.
+          Le premier média sert de cover sur le catalogue.
+        </p>
+        <MediaUploader carbetId={carbet.id} initialMedia={carbet.media} />
+      </section>
+
+      <section className="mt-10 border-t border-zinc-200 pt-8">
+        <CarbetForm
+          action={updateCarbet}
+          mode="edit"
+          carbetId={carbet.id}
+          defaults={defaults}
+          submitLabel="Enregistrer les modifications"
+        />
+      </section>
+    </main>
+  );
+}
diff --git a/src/app/espace-ce/carbets/nouveau/page.tsx b/src/app/espace-ce/carbets/nouveau/page.tsx
new file mode 100644
index 0000000..c168cd3
--- /dev/null
+++ b/src/app/espace-ce/carbets/nouveau/page.tsx
@@ -0,0 +1,42 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { requireApprovedOrg } from "@/lib/ce-access";
+
+import { createCarbet } from "../../../espace-hote/carbets/actions";
+import { CarbetForm } from "../../../espace-hote/carbets/_components/carbet-form";
+
+export const dynamic = "force-dynamic";
+
+export default async function NewCeCarbetPage() {
+  // Bloque la création si l'org n'est pas validée — redirect vers dashboard
+  // avec bannière « En attente de validation ».
+  const org = await requireApprovedOrg();
+  if (!org) redirect("/espace-ce");
+
+  return (
+    <main className="mx-auto max-w-3xl px-6 py-12">
+      <Link
+        href="/espace-ce/carbets"
+        className="text-sm text-zinc-600 hover:text-zinc-900"
+      >
+        ← Carbets de {org.name}
+      </Link>
+      <h1 className="mt-2 text-3xl font-semibold text-zinc-900">
+        Nouveau carbet CE
+      </h1>
+      <p className="mt-1 text-sm text-zinc-600">
+        Ce carbet sera automatiquement lié à <strong>{org.name}</strong> et co-géré
+        par tous ses CE_MANAGERs. Vous ajouterez les médias après la création.
+      </p>
+
+      <div className="mt-8">
+        <CarbetForm
+          action={createCarbet}
+          mode="create"
+          submitLabel="Créer le carbet"
+        />
+      </div>
+    </main>
+  );
+}
diff --git a/src/app/espace-ce/carbets/page.tsx b/src/app/espace-ce/carbets/page.tsx
new file mode 100644
index 0000000..d4d9f6d
--- /dev/null
+++ b/src/app/espace-ce/carbets/page.tsx
@@ -0,0 +1,163 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { CarbetStatus } from "@/generated/prisma/enums";
+import { getCurrentCeOrganization } from "@/lib/ce-access";
+import { prisma } from "@/lib/prisma";
+
+import {
+  deleteCarbet,
+  setCarbetStatus,
+} from "../../espace-hote/carbets/actions";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Mes carbets CE — Karbé" };
+
+const STATUS_LABELS: Record<CarbetStatus, string> = {
+  [CarbetStatus.DRAFT]: "Brouillon",
+  [CarbetStatus.PUBLISHED]: "Publié",
+  [CarbetStatus.ARCHIVED]: "Archivé",
+};
+
+const STATUS_STYLES: Record<CarbetStatus, string> = {
+  [CarbetStatus.DRAFT]: "bg-zinc-100 text-zinc-700",
+  [CarbetStatus.PUBLISHED]: "bg-emerald-100 text-emerald-800",
+  [CarbetStatus.ARCHIVED]: "bg-amber-100 text-amber-800",
+};
+
+export default async function CeCarbetsListPage() {
+  const org = await getCurrentCeOrganization();
+  if (!org) redirect("/admin/organizations");
+
+  const memberships = await prisma.organizationCarbetMembership.findMany({
+    where: { organizationId: org.id },
+    orderBy: { addedAt: "desc" },
+    select: {
+      carbet: {
+        select: {
+          id: true,
+          title: true,
+          river: true,
+          status: true,
+          updatedAt: true,
+          ownerId: true,
+          owner: { select: { firstName: true, lastName: true } },
+          _count: { select: { media: true } },
+        },
+      },
+    },
+  });
+  const carbets = memberships.map((m) => m.carbet);
+
+  return (
+    <main className="mx-auto max-w-4xl px-6 py-12">
+      <div className="flex items-center justify-between gap-3">
+        <div>
+          <Link href="/espace-ce" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Tableau de bord CE
+          </Link>
+          <h1 className="mt-1 text-3xl font-semibold text-zinc-900">
+            Carbets co-gérés par {org.name}
+          </h1>
+          <p className="mt-1 text-sm text-zinc-600">
+            Les carbets visibles ici peuvent être édités par tous les CE_MANAGERs de votre
+            organisation. La propriété nominale reste sur leur créateur initial.
+          </p>
+        </div>
+        {org.approved ? (
+          <Link
+            href="/espace-ce/carbets/nouveau"
+            className="rounded-md bg-emerald-600 px-4 py-2 text-sm font-semibold text-white hover:bg-emerald-700"
+          >
+            Nouveau carbet
+          </Link>
+        ) : (
+          <span className="rounded-md bg-zinc-100 px-3 py-2 text-xs text-zinc-500">
+            Publication bloquée : organisation en attente de validation
+          </span>
+        )}
+      </div>
+
+      {carbets.length === 0 ? (
+        <p className="mt-10 rounded-md border border-dashed border-zinc-300 px-6 py-12 text-center text-sm text-zinc-500">
+          Votre CE n&apos;a pas encore de carbet.{" "}
+          {org.approved ? "Créez votre premier carbet pour démarrer." : "Vous pourrez en publier dès que votre organisation sera validée."}
+        </p>
+      ) : (
+        <ul className="mt-8 space-y-4">
+          {carbets.map((carbet) => (
+            <li
+              key={carbet.id}
+              className="flex flex-col gap-4 rounded-lg border border-zinc-200 bg-white p-5 sm:flex-row sm:items-center sm:justify-between"
+            >
+              <div className="min-w-0">
+                <div className="flex items-center gap-3">
+                  <Link
+                    href={`/espace-ce/carbets/${carbet.id}`}
+                    className="truncate text-lg font-medium text-zinc-900 hover:text-emerald-700"
+                  >
+                    {carbet.title}
+                  </Link>
+                  <span
+                    className={`rounded-full px-2.5 py-0.5 text-xs font-medium ${STATUS_STYLES[carbet.status]}`}
+                  >
+                    {STATUS_LABELS[carbet.status]}
+                  </span>
+                </div>
+                <p className="mt-1 text-sm text-zinc-500">
+                  {carbet.river} · {carbet._count.media} média{carbet._count.media > 1 ? "s" : ""}
+                  {" · "}créé par {carbet.owner.firstName} {carbet.owner.lastName}
+                </p>
+              </div>
+
+              <div className="flex flex-shrink-0 items-center gap-2">
+                <Link
+                  href={`/espace-ce/carbets/${carbet.id}`}
+                  className="rounded-md border border-zinc-300 px-3 py-1.5 text-sm text-zinc-700 hover:bg-zinc-50"
+                >
+                  Éditer
+                </Link>
+
+                {org.approved && carbet.status !== CarbetStatus.PUBLISHED ? (
+                  <form action={setCarbetStatus}>
+                    <input type="hidden" name="carbetId" value={carbet.id} />
+                    <input type="hidden" name="status" value={CarbetStatus.PUBLISHED} />
+                    <button
+                      type="submit"
+                      className="rounded-md bg-emerald-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-emerald-700"
+                    >
+                      Publier
+                    </button>
+                  </form>
+                ) : null}
+
+                {carbet.status === CarbetStatus.PUBLISHED ? (
+                  <form action={setCarbetStatus}>
+                    <input type="hidden" name="carbetId" value={carbet.id} />
+                    <input type="hidden" name="status" value={CarbetStatus.DRAFT} />
+                    <button
+                      type="submit"
+                      className="rounded-md border border-zinc-300 px-3 py-1.5 text-sm text-zinc-700 hover:bg-zinc-50"
+                    >
+                      Dépublier
+                    </button>
+                  </form>
+                ) : null}
+
+                <form action={deleteCarbet}>
+                  <input type="hidden" name="carbetId" value={carbet.id} />
+                  <button
+                    type="submit"
+                    className="rounded-md border border-red-200 px-3 py-1.5 text-sm text-red-600 hover:bg-red-50"
+                  >
+                    Supprimer
+                  </button>
+                </form>
+              </div>
+            </li>
+          ))}
+        </ul>
+      )}
+    </main>
+  );
+}
diff --git a/src/app/espace-ce/page.tsx b/src/app/espace-ce/page.tsx
index fd64787..e6eaee6 100644
--- a/src/app/espace-ce/page.tsx
+++ b/src/app/espace-ce/page.tsx
@@ -59,20 +59,18 @@ export default async function CeDashboardPage() {
 
       <section className="grid gap-3 sm:grid-cols-2">
         <ActionCard
-          href={org.approved ? "/espace-ce/carbets" : "/espace-ce"}
+          href="/espace-ce/carbets"
           title="Mes carbets"
           description={
             kpis.carbetsCount > 0
               ? `${kpis.carbetsCount} carbet${kpis.carbetsCount > 1 ? "s" : ""} co-géré${kpis.carbetsCount > 1 ? "s" : ""} par votre CE.`
               : org.approved
                 ? "Ajoutez votre premier carbet et ouvrez-le à vos membres + au public."
-                : "Disponible après validation de votre organisation."
+                : "Vous pouvez préparer vos carbets en brouillon, ils seront publiables après validation."
           }
-          disabled={!org.approved}
-          comingSoon
         />
         <ActionCard
-          href={org.approved ? "/espace-ce/materiel" : "/espace-ce"}
+          href="/espace-ce/materiel"
           title="Matériel rental"
           description={
             kpis.rentalItemsCount > 0
@@ -87,8 +85,7 @@ export default async function CeDashboardPage() {
       </section>
 
       <p className="text-xs text-zinc-500">
-        Les liens « Mes carbets » et « Matériel rental » seront actifs au Sprint I et J du plan
-        CE management.
+        Le bouton « Matériel rental » sera actif au Sprint J du plan CE management.
       </p>
     </main>
   );
diff --git a/src/app/espace-hote/carbets/[carbetId]/page.tsx b/src/app/espace-hote/carbets/[carbetId]/page.tsx
index 39ae0f9..8ecdaaa 100644
--- a/src/app/espace-hote/carbets/[carbetId]/page.tsx
+++ b/src/app/espace-hote/carbets/[carbetId]/page.tsx
@@ -42,10 +42,14 @@ export default async function EditCarbetPage({
         select: { id: true, type: true, s3Url: true, s3Key: true, sortOrder: true },
       },
       amenities: { select: { amenity: { select: { key: true } } } },
+      organizations: { select: { organizationId: true } },
     },
   });
 
-  if (!carbet || !canManageCarbet(session, carbet.ownerId)) {
+  if (
+    !carbet ||
+    !canManageCarbet(session, carbet.ownerId, carbet.organizations.map((o) => o.organizationId))
+  ) {
     notFound();
   }
 
diff --git a/src/app/espace-hote/carbets/actions.ts b/src/app/espace-hote/carbets/actions.ts
index ba29ac4..470d1ad 100644
--- a/src/app/espace-hote/carbets/actions.ts
+++ b/src/app/espace-hote/carbets/actions.ts
@@ -9,7 +9,7 @@ import { prisma } from "@/lib/prisma";
 import { ensureUniqueCarbetSlug } from "@/lib/slug";
 import { deleteObject } from "@/lib/storage";
 import { Prisma } from "@/generated/prisma/client";
-import { CarbetStatus, Electricity, RoadAccess } from "@/generated/prisma/enums";
+import { CarbetStatus, Electricity, RoadAccess, UserRole } from "@/generated/prisma/enums";
 
 import type { CarbetFormState } from "./form-types";
 
@@ -213,6 +213,10 @@ export async function createCarbet(
 
   const slug = await ensureUniqueCarbetSlug(data.title);
 
+  // Si CE_MANAGER : on lie automatiquement le carbet à son org via OrganizationCarbetMembership.
+  const isCeCreator =
+    session.user.role === UserRole.CE_MANAGER && Boolean(session.user.organizationId);
+
   const carbet = await prisma.$transaction(async (tx) => {
     const created = await tx.carbet.create({
       data: {
@@ -235,9 +239,22 @@ export async function createCarbet(
       select: { id: true },
     });
     await syncAmenities(tx, created.id, data.amenities);
+    if (isCeCreator) {
+      await tx.organizationCarbetMembership.create({
+        data: {
+          organizationId: session.user.organizationId!,
+          carbetId: created.id,
+          addedByUserId: session.user.id,
+        },
+      });
+    }
     return created;
   });
 
+  if (isCeCreator) {
+    revalidatePath("/espace-ce/carbets");
+    redirect(`/espace-ce/carbets/${carbet.id}`);
+  }
   revalidatePath("/espace-hote/carbets");
   redirect(`/espace-hote/carbets/${carbet.id}`);
 }
@@ -251,10 +268,17 @@ export async function updateCarbet(
 
   const existing = await prisma.carbet.findUnique({
     where: { id: carbetId },
-    select: { ownerId: true, _count: { select: { media: true } } },
+    select: {
+      ownerId: true,
+      organizations: { select: { organizationId: true } },
+      _count: { select: { media: true } },
+    },
   });
 
-  if (!existing || !canManageCarbet(session, existing.ownerId)) {
+  if (
+    !existing ||
+    !canManageCarbet(session, existing.ownerId, existing.organizations.map((o) => o.organizationId))
+  ) {
     return {
       ok: false,
       errors: { _global: "Carbet introuvable ou accès refusé." },
@@ -313,10 +337,17 @@ export async function setCarbetStatus(formData: FormData): Promise<void> {
 
   const carbet = await prisma.carbet.findUnique({
     where: { id: carbetId },
-    select: { ownerId: true, _count: { select: { media: true } } },
+    select: {
+      ownerId: true,
+      organizations: { select: { organizationId: true } },
+      _count: { select: { media: true } },
+    },
   });
 
-  if (!carbet || !canManageCarbet(session, carbet.ownerId)) {
+  if (
+    !carbet ||
+    !canManageCarbet(session, carbet.ownerId, carbet.organizations.map((o) => o.organizationId))
+  ) {
     notFound();
   }
 
@@ -340,10 +371,17 @@ export async function deleteCarbet(formData: FormData): Promise<void> {
 
   const carbet = await prisma.carbet.findUnique({
     where: { id: carbetId },
-    select: { ownerId: true, media: { select: { s3Key: true } } },
+    select: {
+      ownerId: true,
+      organizations: { select: { organizationId: true } },
+      media: { select: { s3Key: true } },
+    },
   });
 
-  if (!carbet || !canManageCarbet(session, carbet.ownerId)) {
+  if (
+    !carbet ||
+    !canManageCarbet(session, carbet.ownerId, carbet.organizations.map((o) => o.organizationId))
+  ) {
     notFound();
   }
 
@@ -366,10 +404,17 @@ export async function reorderMedia(
 
   const carbet = await prisma.carbet.findUnique({
     where: { id: carbetId },
-    select: { ownerId: true, media: { select: { id: true } } },
+    select: {
+      ownerId: true,
+      organizations: { select: { organizationId: true } },
+      media: { select: { id: true } },
+    },
   });
 
-  if (!carbet || !canManageCarbet(session, carbet.ownerId)) {
+  if (
+    !carbet ||
+    !canManageCarbet(session, carbet.ownerId, carbet.organizations.map((o) => o.organizationId))
+  ) {
     return { ok: false };
   }
 
@@ -396,10 +441,26 @@ export async function deleteMedia(
 
   const media = await prisma.media.findUnique({
     where: { id: mediaId },
-    select: { s3Key: true, carbetId: true, carbet: { select: { ownerId: true } } },
+    select: {
+      s3Key: true,
+      carbetId: true,
+      carbet: {
+        select: {
+          ownerId: true,
+          organizations: { select: { organizationId: true } },
+        },
+      },
+    },
   });
 
-  if (!media || !canManageCarbet(session, media.carbet.ownerId)) {
+  if (
+    !media ||
+    !canManageCarbet(
+      session,
+      media.carbet.ownerId,
+      media.carbet.organizations.map((o) => o.organizationId),
+    )
+  ) {
     return { ok: false };
   }
 
diff --git a/src/auth.ts b/src/auth.ts
index 4071c3d..edbd27d 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -31,6 +31,7 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
             firstName: true,
             lastName: true,
             role: true,
+            organizationId: true,
             isActive: true,
             passwordHash: true,
           },
@@ -50,6 +51,7 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
           email: user.email,
           name: `${user.firstName} ${user.lastName}`.trim(),
           role: user.role,
+          organizationId: user.organizationId,
         };
       },
     }),
@@ -59,12 +61,16 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
       if (user?.role) {
         token.role = user.role;
       }
+      if (user && "organizationId" in user) {
+        token.organizationId = (user as { organizationId?: string | null }).organizationId ?? null;
+      }
       return token;
     },
     async session({ session, token }) {
       if (session.user) {
         session.user.id = token.sub ?? "";
         session.user.role = token.role;
+        session.user.organizationId = token.organizationId ?? null;
       }
       return session;
     },
diff --git a/src/lib/carbet-access.ts b/src/lib/carbet-access.ts
index 420cd49..9822b24 100644
--- a/src/lib/carbet-access.ts
+++ b/src/lib/carbet-access.ts
@@ -3,19 +3,44 @@ import type { Session } from "next-auth";
 import { requireRole } from "@/lib/authorization";
 import { UserRole } from "@/generated/prisma/enums";
 
-const MANAGER_ROLES: UserRole[] = [UserRole.OWNER, UserRole.ADMIN];
+/**
+ * Espace hôte ET espace CE (les deux dashboards) : accessible à OWNER, CE_MANAGER, ADMIN.
+ * Chacun ne voit que ses propres carbets (own ou via membership). La page liste filtre
+ * par session.user.id / session.user.organizationId.
+ */
+const MANAGER_ROLES: UserRole[] = [
+  UserRole.OWNER,
+  UserRole.CE_MANAGER,
+  UserRole.ADMIN,
+];
 
-// Owner area (espace hôte) — accessible to carbet owners and admins.
 export async function requireOwnerSession(): Promise<Session> {
   return requireRole(MANAGER_ROLES);
 }
 
-// A user can manage a given carbet if they own it, or if they are an admin.
+/**
+ * Vrai si :
+ * - ADMIN
+ * - OWNER + session.user.id === carbetOwnerId
+ * - CE_MANAGER + son organizationId est dans `linkedOrgIds`
+ *
+ * Les callers DOIVENT charger `Carbet.organizations.map(m => m.organizationId)` quand le rôle
+ * peut être CE_MANAGER. Pour un caller historique qui n'a que l'ownerId, le CE_MANAGER ne
+ * pourra pas gérer le carbet — comportement sûr par défaut.
+ */
 export function canManageCarbet(
   session: Session,
   carbetOwnerId: string,
+  linkedOrgIds: string[] = [],
 ): boolean {
-  return (
-    session.user.role === UserRole.ADMIN || session.user.id === carbetOwnerId
-  );
+  if (session.user.role === UserRole.ADMIN) return true;
+  if (session.user.id === carbetOwnerId) return true;
+  if (
+    session.user.role === UserRole.CE_MANAGER &&
+    session.user.organizationId &&
+    linkedOrgIds.includes(session.user.organizationId)
+  ) {
+    return true;
+  }
+  return false;
 }
diff --git a/src/types/next-auth.d.ts b/src/types/next-auth.d.ts
index d470fff..e9771ae 100644
--- a/src/types/next-auth.d.ts
+++ b/src/types/next-auth.d.ts
@@ -8,16 +8,19 @@ declare module "next-auth" {
     user: {
       id: string;
       role?: UserRole;
+      organizationId?: string | null;
     } & DefaultSession["user"];
   }
 
   interface User {
     role?: UserRole;
+    organizationId?: string | null;
   }
 }
 
 declare module "next-auth/jwt" {
   interface JWT extends DefaultJWT {
     role?: UserRole;
+    organizationId?: string | null;
   }
 }

From caa3d5214ff26f99e30b02d4337a761c36ffcd8c Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Tue, 2 Jun 2026 23:47:57 +0000
Subject: [PATCH 39/47] =?UTF-8?q?feat(ce):=20Sprint=20J=20=E2=80=94=20mat?=
 =?UTF-8?q?=C3=A9riel=20rental=20c=C3=B4t=C3=A9=20CE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

src/lib/rental-access.ts CE-aware :
- requireRentalProviderSession accepte CE_MANAGER (en plus de
  RENTAL_PROVIDER et ADMIN).
- getCurrentRentalProvider : CE_MANAGER → findFirst par
  organizationId ; RENTAL_PROVIDER → par managedByUserId.
- getCurrentRentalProviderForCe(organizationId) helper explicite.
- canManageRentalProvider gagne un userOrgId? optionnel : vrai si
  manager nominal OU CE_MANAGER + provider.organizationId === userOrgId.
- Callers existants (5 sites : actions.ts + 4 routes API rental)
  passent désormais session.user.organizationId.

Actions /espace-prestataire/actions.ts role-aware :
- requireOwnedProvider() dérive basePath selon le rôle :
  CE_MANAGER → /espace-ce/materiel ; sinon → /espace-prestataire.
- Tous les redirect/revalidatePath utilisent basePath, donc
  createHostItemAction, updateHostItemAction, deleteHostItemAction,
  addItemBlockAction, removeItemBlockAction, updateBookingStatusAction
  emmènent le user vers son espace contextuel après chaque opération.

/espace-ce/materiel/page.tsx — onboarding :
- Plugin gear-rental disabled → message d'info.
- Pas de provider activé → CTA « Activer la location matériel pour
  <org> » (bouton bloqué si org pending, message bannière).
- Provider existant → dashboard avec KPIs (items actifs, résa pending,
  confirmées à venir, revenu 30j) + 2 ActionCards Items + Réservations.

actions.ts (CE) :
- activateRentalProviderForCeAction → crée RentalProvider(organizationId,
  name="Matériel <org>", managedByUserId=session.user.id, approved=true)
  + audit + redirect /espace-ce/materiel.

Pages CE clonées (réutilisent les composants, actions, helpers
existants — zéro duplication de logique métier) :
- /espace-ce/materiel/items/page.tsx (liste)
- /espace-ce/materiel/items/new/page.tsx (HostItemForm)
- /espace-ce/materiel/items/[itemId]/page.tsx (MediaUploader +
  HostItemForm + ItemBlocksManager + ItemInlineDelete)
- /espace-ce/materiel/reservations/page.tsx (BookingDecision)

Tous importent depuis /espace-prestataire/{actions, items, reservations}
pour rester DRY. Les breadcrumbs et links sont adaptés au contexte CE.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/api/rental-media/[id]/route.ts        |   1 +
 src/app/api/rental-media/reorder/route.ts     |   1 +
 src/app/api/uploads/rental-finalize/route.ts  |   1 +
 src/app/api/uploads/rental-presign/route.ts   |   1 +
 src/app/espace-ce/materiel/actions.ts         |  66 ++++++++
 .../materiel/items/[itemId]/page.tsx          | 122 ++++++++++++++
 src/app/espace-ce/materiel/items/new/page.tsx |  27 ++++
 src/app/espace-ce/materiel/items/page.tsx     | 109 +++++++++++++
 src/app/espace-ce/materiel/page.tsx           | 152 ++++++++++++++++++
 .../espace-ce/materiel/reservations/page.tsx  | 150 +++++++++++++++++
 src/app/espace-prestataire/actions.ts         |  49 +++---
 src/lib/rental-access.ts                      |  60 ++++++-
 12 files changed, 714 insertions(+), 25 deletions(-)
 create mode 100644 src/app/espace-ce/materiel/actions.ts
 create mode 100644 src/app/espace-ce/materiel/items/[itemId]/page.tsx
 create mode 100644 src/app/espace-ce/materiel/items/new/page.tsx
 create mode 100644 src/app/espace-ce/materiel/items/page.tsx
 create mode 100644 src/app/espace-ce/materiel/page.tsx
 create mode 100644 src/app/espace-ce/materiel/reservations/page.tsx

diff --git a/src/app/api/rental-media/[id]/route.ts b/src/app/api/rental-media/[id]/route.ts
index 3c6bd93..8420d8c 100644
--- a/src/app/api/rental-media/[id]/route.ts
+++ b/src/app/api/rental-media/[id]/route.ts
@@ -23,6 +23,7 @@ export async function DELETE(_req: Request, ctx: { params: Promise<{ id: string
     session.user.id,
     session.user.role,
     media.item.providerId,
+    session.user.organizationId,
   );
   if (!allowed) return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
 
diff --git a/src/app/api/rental-media/reorder/route.ts b/src/app/api/rental-media/reorder/route.ts
index a8cc26a..d375aa0 100644
--- a/src/app/api/rental-media/reorder/route.ts
+++ b/src/app/api/rental-media/reorder/route.ts
@@ -34,6 +34,7 @@ export async function POST(req: Request) {
     session.user.id,
     session.user.role,
     item.providerId,
+    session.user.organizationId,
   );
   if (!allowed) return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
 
diff --git a/src/app/api/uploads/rental-finalize/route.ts b/src/app/api/uploads/rental-finalize/route.ts
index 4f1f9b9..befc16f 100644
--- a/src/app/api/uploads/rental-finalize/route.ts
+++ b/src/app/api/uploads/rental-finalize/route.ts
@@ -43,6 +43,7 @@ export async function POST(req: Request) {
     session.user.id,
     session.user.role,
     item.providerId,
+    session.user.organizationId,
   );
   if (!allowed) {
     return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
diff --git a/src/app/api/uploads/rental-presign/route.ts b/src/app/api/uploads/rental-presign/route.ts
index f3b26e2..73244e0 100644
--- a/src/app/api/uploads/rental-presign/route.ts
+++ b/src/app/api/uploads/rental-presign/route.ts
@@ -45,6 +45,7 @@ export async function POST(req: Request) {
     session.user.id,
     session.user.role,
     item.providerId,
+    session.user.organizationId,
   );
   if (!allowed) {
     return NextResponse.json({ error: "Accès refusé" }, { status: 403 });
diff --git a/src/app/espace-ce/materiel/actions.ts b/src/app/espace-ce/materiel/actions.ts
new file mode 100644
index 0000000..959d9f3
--- /dev/null
+++ b/src/app/espace-ce/materiel/actions.ts
@@ -0,0 +1,66 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+import { redirect } from "next/navigation";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { recordAudit } from "@/lib/admin/audit";
+import { getCurrentCeOrganization } from "@/lib/ce-access";
+import { prisma } from "@/lib/prisma";
+
+/**
+ * Active la location matériel pour un CE : crée le RentalProvider lié à son
+ * organizationId. Approuvé automatiquement si l'org elle-même est approuvée.
+ * - Si un provider existe déjà pour cette org : redirige sans rien créer.
+ * - Bloque si l'org n'est pas validée (la création doit attendre l'approval).
+ */
+export async function activateRentalProviderForCeAction(): Promise<void> {
+  const session = await auth();
+  if (!session?.user?.id) redirect("/connexion?next=/espace-ce/materiel");
+  if (session.user.role !== UserRole.CE_MANAGER && session.user.role !== UserRole.ADMIN) {
+    redirect("/");
+  }
+  const org = await getCurrentCeOrganization();
+  if (!org) redirect("/espace-ce");
+  if (!org.approved) {
+    // L'org doit être validée avant activation. La page affichera la bannière.
+    redirect("/espace-ce/materiel?activateError=pending");
+  }
+
+  const existing = await prisma.rentalProvider.findFirst({
+    where: { organizationId: org.id },
+    select: { id: true },
+  });
+  if (existing) {
+    redirect("/espace-ce/materiel");
+  }
+
+  const created = await prisma.rentalProvider.create({
+    data: {
+      name: `Matériel — ${org.name}`,
+      isSystemD: false,
+      managedByUserId: session.user.id,
+      organizationId: org.id,
+      contactEmail: org.contactEmail,
+      rivers: [],
+      commissionPct: 10,
+      active: true,
+      approved: true,
+      approvedAt: new Date(),
+      approvedBy: session.user.email ?? "system",
+    },
+    select: { id: true, name: true },
+  });
+
+  await recordAudit({
+    scope: "ce",
+    event: "ce.rental_provider.activate",
+    target: created.id,
+    actorEmail: session.user.email ?? null,
+    details: { organizationId: org.id, name: created.name },
+  });
+
+  revalidatePath("/espace-ce/materiel");
+  redirect("/espace-ce/materiel");
+}
diff --git a/src/app/espace-ce/materiel/items/[itemId]/page.tsx b/src/app/espace-ce/materiel/items/[itemId]/page.tsx
new file mode 100644
index 0000000..2d406a9
--- /dev/null
+++ b/src/app/espace-ce/materiel/items/[itemId]/page.tsx
@@ -0,0 +1,122 @@
+import Link from "next/link";
+import { notFound, redirect } from "next/navigation";
+
+import { MediaUploader } from "@/components/MediaUploader";
+import {
+  getCurrentRentalProvider,
+  requireRentalProviderSession,
+} from "@/lib/rental-access";
+import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+import { getHostItem } from "@/lib/rental-host";
+
+import {
+  addItemBlockAction,
+  deleteHostItemAction,
+  removeItemBlockAction,
+  updateHostItemAction,
+} from "../../../../espace-prestataire/actions";
+import { HostItemForm } from "../../../../espace-prestataire/items/_components/ItemForm";
+import { ItemBlocksManager } from "../../../../espace-prestataire/items/[itemId]/_components/ItemBlocksManager";
+import { ItemInlineDelete } from "../../../../espace-prestataire/items/[itemId]/_components/ItemInlineDelete";
+
+export const dynamic = "force-dynamic";
+
+type PageProps = { params: Promise<{ itemId: string }> };
+
+export default async function EditCeItemPage({ params }: PageProps) {
+  await requireRentalProviderSession();
+  const provider = await getCurrentRentalProvider();
+  if (!provider) redirect("/espace-ce/materiel");
+  const { itemId } = await params;
+  const item = await getHostItem(provider.id, itemId);
+  if (!item) notFound();
+
+  const updateThis = async (fd: FormData) => {
+    "use server";
+    return await updateHostItemAction(itemId, fd);
+  };
+  const deleteThis = async () => {
+    "use server";
+    return await deleteHostItemAction(itemId);
+  };
+  const addBlockThis = async (fd: FormData) => {
+    "use server";
+    return await addItemBlockAction(itemId, fd);
+  };
+  const removeBlockThis = async (blockId: string) => {
+    "use server";
+    return await removeItemBlockAction(blockId);
+  };
+
+  return (
+    <main className="mx-auto max-w-4xl px-6 py-10 space-y-6">
+      <header className="flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <Link href="/espace-ce/materiel/items" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Mes items
+          </Link>
+          <h1 className="mt-1 text-2xl font-semibold text-zinc-900">{item.name}</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            {RENTAL_CATEGORY_LABEL[item.category]} · Stock : {item.totalQty} · {item._count.lines}{" "}
+            location(s) historique
+          </p>
+        </div>
+        <ItemInlineDelete deleteAction={deleteThis} canDelete={item._count.lines === 0} />
+      </header>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Photos & vidéos
+        </h2>
+        <MediaUploader
+          scope={{ kind: "rental-item", itemId: item.id }}
+          initialMedia={item.media}
+        />
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <HostItemForm
+          action={updateThis}
+          submitLabel="Enregistrer les modifications"
+          initial={{
+            category: item.category,
+            name: item.name,
+            description: item.description,
+            imageUrl: item.imageUrl,
+            pricePerDay: item.pricePerDay.toString(),
+            pricePerWeek: item.pricePerWeek?.toString() ?? null,
+            deposit: item.deposit.toString(),
+            totalQty: item.totalQty,
+            withMotor: item.withMotor,
+            fuelIncluded: item.fuelIncluded,
+            requiresLicense: item.requiresLicense,
+            active: item.active,
+          }}
+        />
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Calendrier de disponibilité
+        </h2>
+        <p className="mb-3 text-xs text-zinc-600">
+          Bloquez ici des dates pour maintenance, indisponibilité personnelle, etc. Les réservations
+          confirmées sont gérées automatiquement.
+        </p>
+        <ItemBlocksManager
+          blocks={item.availabilities.map((a) => ({
+            id: a.id,
+            startDate: a.startDate.toISOString().slice(0, 10),
+            endDate: a.endDate.toISOString().slice(0, 10),
+            qty: a.qty,
+            reason: a.reason,
+            isBooking: Boolean(a.rentalBookingId),
+          }))}
+          addAction={addBlockThis}
+          removeAction={removeBlockThis}
+          totalQty={item.totalQty}
+        />
+      </section>
+    </main>
+  );
+}
diff --git a/src/app/espace-ce/materiel/items/new/page.tsx b/src/app/espace-ce/materiel/items/new/page.tsx
new file mode 100644
index 0000000..8a6d468
--- /dev/null
+++ b/src/app/espace-ce/materiel/items/new/page.tsx
@@ -0,0 +1,27 @@
+import Link from "next/link";
+
+import { requireRentalProviderSession } from "@/lib/rental-access";
+
+import { createHostItemAction } from "../../../../espace-prestataire/actions";
+import { HostItemForm } from "../../../../espace-prestataire/items/_components/ItemForm";
+
+export const dynamic = "force-dynamic";
+
+export default async function NewCeItemPage() {
+  await requireRentalProviderSession();
+  return (
+    <main className="mx-auto max-w-3xl px-6 py-10">
+      <Link href="/espace-ce/materiel/items" className="text-xs text-zinc-500 hover:text-zinc-900">
+        ← Mes items
+      </Link>
+      <h1 className="mt-1 text-2xl font-semibold text-zinc-900">Nouvel item</h1>
+      <section className="mt-5 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <HostItemForm
+          action={createHostItemAction}
+          submitLabel="Créer l'item"
+          initial={{ active: true, totalQty: 1 }}
+        />
+      </section>
+    </main>
+  );
+}
diff --git a/src/app/espace-ce/materiel/items/page.tsx b/src/app/espace-ce/materiel/items/page.tsx
new file mode 100644
index 0000000..68be691
--- /dev/null
+++ b/src/app/espace-ce/materiel/items/page.tsx
@@ -0,0 +1,109 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { RENTAL_CATEGORY_LABEL } from "@/lib/rental-category-labels";
+import {
+  getCurrentRentalProvider,
+  requireRentalProviderSession,
+} from "@/lib/rental-access";
+import { listHostItems } from "@/lib/rental-host";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Items rental CE — Karbé" };
+
+export default async function CeMaterielItemsPage() {
+  await requireRentalProviderSession();
+  const provider = await getCurrentRentalProvider();
+  // Sans provider activé → renvoie sur l'onboarding /espace-ce/materiel
+  if (!provider) redirect("/espace-ce/materiel");
+
+  const items = await listHostItems(provider.id);
+
+  return (
+    <main className="mx-auto max-w-6xl px-6 py-10">
+      <header className="mb-5 flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <Link href="/espace-ce/materiel" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Dashboard matériel CE
+          </Link>
+          <h1 className="mt-1 text-2xl font-semibold text-zinc-900">
+            Items locables — {provider.name}
+          </h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            {items.length} item{items.length > 1 ? "s" : ""}
+          </p>
+        </div>
+        <Link
+          href="/espace-ce/materiel/items/new"
+          className="rounded-md bg-emerald-600 px-3 py-1.5 text-sm font-semibold text-white hover:bg-emerald-700"
+        >
+          + Nouvel item
+        </Link>
+      </header>
+
+      {items.length === 0 ? (
+        <div className="rounded-lg border border-dashed border-zinc-300 px-6 py-12 text-center text-sm text-zinc-500">
+          Pas encore d&apos;item.{" "}
+          <Link href="/espace-ce/materiel/items/new" className="text-emerald-700 underline">
+            Créer mon premier item
+          </Link>
+        </div>
+      ) : (
+        <div className="overflow-hidden rounded-lg border border-zinc-200 bg-white">
+          <table className="w-full text-sm">
+            <thead className="border-b border-zinc-200 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+              <tr>
+                <th className="px-4 py-2 text-left font-semibold">Nom</th>
+                <th className="px-4 py-2 text-left font-semibold">Catégorie</th>
+                <th className="px-4 py-2 text-right font-semibold">€/j</th>
+                <th className="px-4 py-2 text-right font-semibold">Stock</th>
+                <th className="px-4 py-2 text-right font-semibold">Caution</th>
+                <th className="px-4 py-2 text-right font-semibold">Résa</th>
+                <th className="px-4 py-2 text-left font-semibold">État</th>
+              </tr>
+            </thead>
+            <tbody className="divide-y divide-zinc-100">
+              {items.map((i) => (
+                <tr key={i.id} className="hover:bg-zinc-50">
+                  <td className="px-4 py-2">
+                    <Link
+                      href={`/espace-ce/materiel/items/${i.id}`}
+                      className="font-medium text-zinc-900 hover:underline"
+                    >
+                      {i.name}
+                    </Link>
+                    <div className="text-[11px] text-zinc-500">
+                      {i.withMotor ? "⚙️ moteur · " : ""}
+                      {i.requiresLicense ? "🪪 permis · " : ""}
+                      {i.fuelIncluded ? "⛽ essence " : ""}
+                    </div>
+                  </td>
+                  <td className="px-4 py-2 text-zinc-700">{RENTAL_CATEGORY_LABEL[i.category]}</td>
+                  <td className="px-4 py-2 text-right font-mono text-zinc-700">
+                    {Number(i.pricePerDay).toFixed(0)}
+                  </td>
+                  <td className="px-4 py-2 text-right font-mono text-zinc-700">{i.totalQty}</td>
+                  <td className="px-4 py-2 text-right font-mono text-zinc-700">
+                    {Number(i.deposit).toFixed(0)}
+                  </td>
+                  <td className="px-4 py-2 text-right font-mono text-zinc-700">{i._count.lines}</td>
+                  <td className="px-4 py-2">
+                    {i.active ? (
+                      <span className="rounded-full bg-emerald-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+                        Actif
+                      </span>
+                    ) : (
+                      <span className="rounded-full bg-zinc-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-zinc-500 ring-1 ring-inset ring-zinc-300">
+                        Inactif
+                      </span>
+                    )}
+                  </td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        </div>
+      )}
+    </main>
+  );
+}
diff --git a/src/app/espace-ce/materiel/page.tsx b/src/app/espace-ce/materiel/page.tsx
new file mode 100644
index 0000000..2c13ead
--- /dev/null
+++ b/src/app/espace-ce/materiel/page.tsx
@@ -0,0 +1,152 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { getCurrentCeOrganization } from "@/lib/ce-access";
+import { isPluginEnabled } from "@/lib/plugins/server";
+import {
+  getCurrentRentalProviderForCe,
+} from "@/lib/rental-access";
+import { getHostRentalKpis } from "@/lib/rental-host";
+
+import { activateRentalProviderForCeAction } from "./actions";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Matériel CE — Karbé" };
+
+function fmtEur(amount: string | number): string {
+  return Number(amount).toLocaleString("fr-FR", { style: "currency", currency: "EUR" });
+}
+
+export default async function CeMaterielPage() {
+  // Soft dependency : si le plugin gear-rental est off, on masque /espace-ce/materiel
+  // (le bouton du dashboard a déjà été désactivé côté UX).
+  if (!(await isPluginEnabled("gear-rental"))) {
+    return (
+      <main className="mx-auto max-w-3xl px-6 py-12">
+        <h1 className="text-3xl font-semibold text-zinc-900">Matériel rental</h1>
+        <p className="mt-4 rounded-md border border-zinc-200 bg-zinc-50 px-4 py-3 text-sm text-zinc-700">
+          La marketplace location matériel n&apos;est pas activée. Activez le plugin
+          <code className="ml-1 rounded bg-zinc-200 px-1.5 py-0.5 text-xs">gear-rental</code>{" "}
+          dans <Link href="/admin/plugins" className="underline">/admin/plugins</Link>.
+        </p>
+      </main>
+    );
+  }
+
+  const org = await getCurrentCeOrganization();
+  if (!org) redirect("/admin/organizations");
+
+  const provider = await getCurrentRentalProviderForCe(org.id);
+
+  // Onboarding : pas encore de provider activé
+  if (!provider) {
+    return (
+      <main className="mx-auto max-w-3xl px-6 py-12">
+        <Link href="/espace-ce" className="text-xs text-zinc-500 hover:text-zinc-900">
+          ← Tableau de bord CE
+        </Link>
+        <h1 className="mt-1 text-3xl font-semibold text-zinc-900">Matériel rental</h1>
+        <p className="mt-2 text-sm text-zinc-600">
+          Activez la location matériel pour proposer hamacs, kayaks, pirogues, etc. à vos
+          membres et au public touriste. Le provider sera créé au nom de votre CE.
+        </p>
+
+        {!org.approved ? (
+          <p className="mt-6 rounded-md border border-amber-200 bg-amber-50/60 px-4 py-3 text-sm text-amber-900">
+            🕒 Votre organisation est en attente de validation. La location matériel sera
+            activable dès qu&apos;un admin Karbé aura validé votre CE.
+          </p>
+        ) : (
+          <form action={activateRentalProviderForCeAction} className="mt-8">
+            <button
+              type="submit"
+              className="rounded-md bg-emerald-600 px-5 py-2.5 text-sm font-semibold text-white hover:bg-emerald-700"
+            >
+              Activer la location matériel pour {org.name}
+            </button>
+            <p className="mt-2 text-xs text-zinc-500">
+              Vous pourrez ensuite ajouter vos items (hamac, pirogue, kayak…). Commission
+              par défaut : 10 % (ajustable par un admin Karbé).
+            </p>
+          </form>
+        )}
+      </main>
+    );
+  }
+
+  // Provider existant : dashboard + KPIs
+  const kpis = await getHostRentalKpis(provider.id);
+
+  return (
+    <main className="mx-auto max-w-5xl px-6 py-10 space-y-6">
+      <header>
+        <Link href="/espace-ce" className="text-xs text-zinc-500 hover:text-zinc-900">
+          ← Tableau de bord CE
+        </Link>
+        <h1 className="mt-1 text-3xl font-semibold text-zinc-900">
+          Matériel rental — {provider.name}
+        </h1>
+        <p className="mt-1 text-sm text-zinc-500">
+          Commission Karbé : {Number(provider.commissionPct).toFixed(1)} % · Géré par {org.name}
+        </p>
+      </header>
+
+      <section className="grid grid-cols-2 gap-3 sm:grid-cols-4">
+        <KpiCard label="Items actifs" value={kpis.itemsActive} />
+        <KpiCard label="Réservations en attente" value={kpis.bookingsPending} />
+        <KpiCard label="Confirmées à venir" value={kpis.bookingsConfirmed} />
+        <KpiCard label="Revenu 30j" value={fmtEur(kpis.revenue30d)} />
+      </section>
+
+      <section className="grid gap-3 sm:grid-cols-2">
+        <ActionCard
+          href="/espace-ce/materiel/items"
+          title="Mes items"
+          description={
+            kpis.itemsActive > 0
+              ? `${kpis.itemsActive} item${kpis.itemsActive > 1 ? "s" : ""} en location.`
+              : "Ajoutez votre premier item (hamac, kayak, pirogue…)."
+          }
+        />
+        <ActionCard
+          href="/espace-ce/materiel/reservations"
+          title="Réservations"
+          description={
+            kpis.bookingsPending > 0
+              ? `${kpis.bookingsPending} demande${kpis.bookingsPending > 1 ? "s" : ""} à préparer.`
+              : "Suivez vos réservations en cours, à préparer et terminées."
+          }
+        />
+      </section>
+    </main>
+  );
+}
+
+function KpiCard({ label, value }: { label: string; value: string | number }) {
+  return (
+    <div className="rounded-lg border border-zinc-200 bg-white px-4 py-3 shadow-sm">
+      <div className="text-[10px] uppercase tracking-wider text-zinc-500">{label}</div>
+      <div className="mt-1 text-2xl font-semibold text-zinc-900 font-mono">{value}</div>
+    </div>
+  );
+}
+
+function ActionCard({
+  href,
+  title,
+  description,
+}: {
+  href: string;
+  title: string;
+  description: string;
+}) {
+  return (
+    <Link
+      href={href}
+      className="rounded-lg border border-zinc-200 bg-white px-5 py-4 shadow-sm transition hover:border-zinc-400 hover:shadow"
+    >
+      <h3 className="text-base font-semibold text-zinc-900">{title}</h3>
+      <p className="mt-1 text-sm text-zinc-600">{description}</p>
+    </Link>
+  );
+}
diff --git a/src/app/espace-ce/materiel/reservations/page.tsx b/src/app/espace-ce/materiel/reservations/page.tsx
new file mode 100644
index 0000000..6a1bfdc
--- /dev/null
+++ b/src/app/espace-ce/materiel/reservations/page.tsx
@@ -0,0 +1,150 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { RentalBookingStatus } from "@/generated/prisma/enums";
+import { RENTAL_STATUS_LABEL } from "@/lib/admin/rental-bookings";
+import {
+  getCurrentRentalProvider,
+  requireRentalProviderSession,
+} from "@/lib/rental-access";
+import { listHostBookings } from "@/lib/rental-host";
+
+import { BookingDecision } from "../../../espace-prestataire/reservations/_components/BookingDecision";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Réservations matériel CE — Karbé" };
+
+const STATUS_VALUES = new Set<string>([
+  RentalBookingStatus.PENDING,
+  RentalBookingStatus.CONFIRMED,
+  RentalBookingStatus.HANDED_OVER,
+  RentalBookingStatus.RETURNED,
+  RentalBookingStatus.CANCELLED,
+]);
+
+type PageProps = {
+  searchParams: Promise<{ status?: string }>;
+};
+
+const dateFmt = new Intl.DateTimeFormat("fr-FR", {
+  day: "2-digit",
+  month: "short",
+  year: "2-digit",
+});
+
+export default async function CeReservationsPage({ searchParams }: PageProps) {
+  await requireRentalProviderSession();
+  const provider = await getCurrentRentalProvider();
+  if (!provider) redirect("/espace-ce/materiel");
+  const sp = await searchParams;
+  const status = STATUS_VALUES.has(sp.status ?? "")
+    ? (sp.status as RentalBookingStatus)
+    : undefined;
+
+  const bookings = await listHostBookings(provider.id, { status });
+
+  return (
+    <main className="mx-auto max-w-6xl px-6 py-10">
+      <header className="mb-5 flex flex-wrap items-end justify-between gap-3">
+        <div>
+          <Link href="/espace-ce/materiel" className="text-xs text-zinc-500 hover:text-zinc-900">
+            ← Dashboard matériel CE
+          </Link>
+          <h1 className="mt-1 text-2xl font-semibold text-zinc-900">Réservations</h1>
+          <p className="mt-1 text-sm text-zinc-500">
+            {bookings.length} résultat{bookings.length > 1 ? "s" : ""}
+          </p>
+        </div>
+        <form method="get" className="flex items-center gap-2 text-sm">
+          <select
+            name="status"
+            defaultValue={status ?? ""}
+            className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-emerald-500 focus:outline-none"
+          >
+            <option value="">Tous statuts</option>
+            {Object.values(RentalBookingStatus).map((s) => (
+              <option key={s} value={s}>
+                {RENTAL_STATUS_LABEL[s]}
+              </option>
+            ))}
+          </select>
+          <button
+            type="submit"
+            className="rounded-md bg-zinc-900 px-3 py-1.5 text-sm font-medium text-white hover:bg-zinc-800"
+          >
+            Filtrer
+          </button>
+        </form>
+      </header>
+
+      {bookings.length === 0 ? (
+        <div className="rounded-lg border border-dashed border-zinc-300 px-6 py-12 text-center text-sm text-zinc-500">
+          Aucune réservation matériel.
+        </div>
+      ) : (
+        <ul className="space-y-3">
+          {bookings.map((b) => (
+            <li key={b.id} className="rounded-lg border border-zinc-200 bg-white p-4 shadow-sm">
+              <div className="flex flex-wrap items-baseline justify-between gap-2">
+                <div>
+                  <h2 className="text-base font-semibold text-zinc-900">
+                    {b.tenant.firstName} {b.tenant.lastName}
+                  </h2>
+                  <p className="text-xs text-zinc-500">
+                    {b.tenant.email}
+                    {b.tenant.phone ? ` · ${b.tenant.phone}` : ""}
+                  </p>
+                  {b.booking ? (
+                    <p className="mt-0.5 text-xs text-emerald-700">
+                      🏠 Lié à la résa carbet :{" "}
+                      <Link href={`/reservations/${b.booking.id}`} className="underline">
+                        {b.booking.carbet.title}
+                      </Link>
+                    </p>
+                  ) : (
+                    <p className="mt-0.5 text-xs text-zinc-500">
+                      Location standalone (sans carbet)
+                    </p>
+                  )}
+                </div>
+                <div className="text-right">
+                  <div className="text-xs text-zinc-500">
+                    {dateFmt.format(b.startDate)} → {dateFmt.format(b.endDate)}
+                  </div>
+                  <div className="font-mono text-base font-semibold text-zinc-900">
+                    {Number(b.amount).toFixed(2)} {b.currency}
+                  </div>
+                </div>
+              </div>
+
+              <ul className="mt-2 space-y-1 border-t border-zinc-100 pt-2 text-sm text-zinc-700">
+                {b.lines.map((l) => (
+                  <li key={l.id} className="flex items-center justify-between">
+                    <span>
+                      {l.qty}× <strong>{l.item.name}</strong>
+                    </span>
+                    <span className="font-mono text-xs text-zinc-600">
+                      {Number(l.lineTotal).toFixed(2)} €
+                    </span>
+                  </li>
+                ))}
+              </ul>
+
+              <div className="mt-3 flex flex-wrap items-center justify-between gap-2 border-t border-zinc-100 pt-2">
+                <div className="flex flex-wrap items-center gap-2 text-xs">
+                  <span className="rounded-full bg-zinc-100 px-2 py-0.5 font-semibold uppercase tracking-wider text-zinc-700 ring-1 ring-inset ring-zinc-300">
+                    {RENTAL_STATUS_LABEL[b.status]}
+                  </span>
+                  <span className="rounded-full bg-zinc-100 px-2 py-0.5 font-semibold uppercase tracking-wider text-zinc-700 ring-1 ring-inset ring-zinc-300">
+                    {b.paymentStatus}
+                  </span>
+                </div>
+                <BookingDecision bookingId={b.id} status={b.status} />
+              </div>
+            </li>
+          ))}
+        </ul>
+      )}
+    </main>
+  );
+}
diff --git a/src/app/espace-prestataire/actions.ts b/src/app/espace-prestataire/actions.ts
index 2474e91..0d790a5 100644
--- a/src/app/espace-prestataire/actions.ts
+++ b/src/app/espace-prestataire/actions.ts
@@ -31,12 +31,25 @@ const itemSchema = z.object({
   active: z.boolean(),
 });
 
-async function requireOwnedProvider(): Promise<{ providerId: string; actorEmail: string | null }> {
+async function requireOwnedProvider(): Promise<{
+  providerId: string;
+  actorEmail: string | null;
+  basePath: string;
+}> {
   const session = await auth();
   if (!session?.user?.id) throw new Error("Non authentifié");
   const provider = await getCurrentRentalProvider();
   if (!provider) throw new Error("Aucun provider associé");
-  return { providerId: provider.id, actorEmail: session.user.email ?? null };
+  // Un CE_MANAGER reste sous /espace-ce/materiel ; un RENTAL_PROVIDER/ADMIN
+  // reste sous /espace-prestataire. Les actions sont mutualisées et redirigent
+  // vers l'espace contextuel du user.
+  const basePath =
+    session.user.role === UserRole.CE_MANAGER ? "/espace-ce/materiel" : "/espace-prestataire";
+  return {
+    providerId: provider.id,
+    actorEmail: session.user.email ?? null,
+    basePath,
+  };
 }
 
 function parseItemFD(fd: FormData) {
@@ -61,7 +74,7 @@ function parseItemFD(fd: FormData) {
 }
 
 export async function createHostItemAction(fd: FormData) {
-  const { providerId, actorEmail } = await requireOwnedProvider();
+  const { providerId, actorEmail, basePath } = await requireOwnedProvider();
   const parsed = itemSchema.safeParse(parseItemFD(fd));
   if (!parsed.success) {
     return { ok: false as const, error: parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(" · ") };
@@ -74,14 +87,14 @@ export async function createHostItemAction(fd: FormData) {
     actorEmail,
     details: { name: created.name, providerId },
   });
-  revalidatePath("/espace-prestataire/items");
-  redirect(`/espace-prestataire/items/${created.id}`);
+  revalidatePath(`${basePath}/items`);
+  redirect(`${basePath}/items/${created.id}`);
 }
 
 export async function updateHostItemAction(itemId: string, fd: FormData) {
-  const { providerId, actorEmail } = await requireOwnedProvider();
+  const { providerId, actorEmail, basePath } = await requireOwnedProvider();
   const session = await auth();
-  if (!(await canManageRentalProvider(session!.user.id, session?.user?.role, providerId))) {
+  if (!(await canManageRentalProvider(session!.user.id, session?.user?.role, providerId, session?.user?.organizationId))) {
     return { ok: false as const, error: "Accès refusé" };
   }
   const existing = await prisma.rentalItem.findUnique({ where: { id: itemId }, select: { providerId: true } });
@@ -100,13 +113,13 @@ export async function updateHostItemAction(itemId: string, fd: FormData) {
     actorEmail,
     details: { name: parsed.data.name },
   });
-  revalidatePath("/espace-prestataire/items");
-  revalidatePath(`/espace-prestataire/items/${itemId}`);
+  revalidatePath(`${basePath}/items`);
+  revalidatePath(`${basePath}/items/${itemId}`);
   return { ok: true as const };
 }
 
 export async function deleteHostItemAction(itemId: string) {
-  const { providerId, actorEmail } = await requireOwnedProvider();
+  const { providerId, actorEmail, basePath } = await requireOwnedProvider();
   const existing = await prisma.rentalItem.findUnique({
     where: { id: itemId },
     select: { providerId: true, _count: { select: { lines: true } } },
@@ -125,8 +138,8 @@ export async function deleteHostItemAction(itemId: string) {
     actorEmail,
     details: {},
   });
-  revalidatePath("/espace-prestataire/items");
-  redirect("/espace-prestataire/items");
+  revalidatePath(`${basePath}/items`);
+  redirect(`${basePath}/items`);
 }
 
 const blockSchema = z.object({
@@ -137,7 +150,7 @@ const blockSchema = z.object({
 });
 
 export async function addItemBlockAction(itemId: string, fd: FormData) {
-  const { providerId, actorEmail } = await requireOwnedProvider();
+  const { providerId, actorEmail, basePath } = await requireOwnedProvider();
   const existing = await prisma.rentalItem.findUnique({ where: { id: itemId }, select: { providerId: true } });
   if (!existing || existing.providerId !== providerId) {
     return { ok: false as const, error: "Item introuvable." };
@@ -171,12 +184,12 @@ export async function addItemBlockAction(itemId: string, fd: FormData) {
     actorEmail,
     details: { ...parsed.data },
   });
-  revalidatePath(`/espace-prestataire/items/${itemId}`);
+  revalidatePath(`${basePath}/items/${itemId}`);
   return { ok: true as const };
 }
 
 export async function removeItemBlockAction(blockId: string) {
-  const { providerId, actorEmail } = await requireOwnedProvider();
+  const { providerId, actorEmail, basePath } = await requireOwnedProvider();
   const block = await prisma.rentalItemAvailability.findUnique({
     where: { id: blockId },
     select: { itemId: true, rentalBookingId: true, item: { select: { providerId: true } } },
@@ -195,7 +208,7 @@ export async function removeItemBlockAction(blockId: string) {
     actorEmail,
     details: { itemId: block.itemId },
   });
-  revalidatePath(`/espace-prestataire/items/${block.itemId}`);
+  revalidatePath(`${basePath}/items/${block.itemId}`);
   return { ok: true as const };
 }
 
@@ -208,7 +221,7 @@ const statusSchema = z.enum([
 ]);
 
 export async function updateBookingStatusAction(bookingId: string, status: string) {
-  const { providerId, actorEmail } = await requireOwnedProvider();
+  const { providerId, actorEmail, basePath } = await requireOwnedProvider();
   const session = await auth();
   const role = session?.user?.role;
   const parsed = statusSchema.safeParse(status);
@@ -232,6 +245,6 @@ export async function updateBookingStatusAction(bookingId: string, status: strin
     actorEmail,
     details: { status: parsed.data },
   });
-  revalidatePath("/espace-prestataire/reservations");
+  revalidatePath(`${basePath}/reservations`);
   return { ok: true as const };
 }
diff --git a/src/lib/rental-access.ts b/src/lib/rental-access.ts
index 95ec6e6..8f5c9dc 100644
--- a/src/lib/rental-access.ts
+++ b/src/lib/rental-access.ts
@@ -6,22 +6,36 @@ import { auth } from "@/auth";
 import { UserRole } from "@/generated/prisma/enums";
 import { prisma } from "@/lib/prisma";
 
+/**
+ * Garde-fou pour /espace-prestataire ET /espace-ce/materiel : accepte RENTAL_PROVIDER,
+ * CE_MANAGER, ADMIN. Chacun voit ensuite SON provider :
+ * - RENTAL_PROVIDER → via managedByUserId
+ * - CE_MANAGER → via organizationId
+ * - ADMIN → null si pas de providerId fourni (force le choix)
+ */
 export async function requireRentalProviderSession() {
   const session = await auth();
   if (!session?.user?.id) {
     redirect("/connexion?next=/espace-prestataire");
   }
   const role = session.user.role;
-  if (role !== UserRole.RENTAL_PROVIDER && role !== UserRole.ADMIN) {
+  if (
+    role !== UserRole.RENTAL_PROVIDER &&
+    role !== UserRole.CE_MANAGER &&
+    role !== UserRole.ADMIN
+  ) {
     redirect("/");
   }
   return session;
 }
 
 /**
- * Récupère le RentalProvider géré par l'utilisateur.
- * Si ADMIN, on retourne soit le provider explicitement ciblé (param `providerId`),
- * soit null pour forcer le choix.
+ * Récupère le RentalProvider courant selon le rôle.
+ *
+ * - ADMIN avec `providerId` : retourne ce provider.
+ * - ADMIN sans `providerId` : retourne null (force le choix admin).
+ * - RENTAL_PROVIDER : retourne `findFirst({ managedByUserId })`.
+ * - CE_MANAGER : retourne `findFirst({ organizationId: session.user.organizationId })`.
  */
 export async function getCurrentRentalProvider(opts: { providerId?: string } = {}) {
   const session = await auth();
@@ -34,21 +48,53 @@ export async function getCurrentRentalProvider(opts: { providerId?: string } = {
   if (role === UserRole.ADMIN && !opts.providerId) {
     return null;
   }
-  // RENTAL_PROVIDER : retourne le provider lié
+  if (role === UserRole.CE_MANAGER && session.user.organizationId) {
+    return prisma.rentalProvider.findFirst({
+      where: { organizationId: session.user.organizationId },
+    });
+  }
+  // RENTAL_PROVIDER
   return prisma.rentalProvider.findFirst({
     where: { managedByUserId: session.user.id },
   });
 }
 
+/**
+ * Variante explicite pour le contexte CE : retourne le provider lié à `organizationId`
+ * (ou null s'il n'a pas encore été activé). Utile dans /espace-ce/materiel pour
+ * détecter l'onboarding nécessaire.
+ */
+export async function getCurrentRentalProviderForCe(organizationId: string) {
+  return prisma.rentalProvider.findFirst({
+    where: { organizationId },
+  });
+}
+
+/**
+ * Vrai si :
+ * - ADMIN
+ * - le user est le manager nominal du provider (RENTAL_PROVIDER)
+ * - le user est CE_MANAGER ET son organizationId == provider.organizationId
+ */
 export async function canManageRentalProvider(
   userId: string,
   role: string | undefined,
   providerId: string,
+  userOrgId?: string | null,
 ): Promise<boolean> {
   if (role === UserRole.ADMIN) return true;
   const provider = await prisma.rentalProvider.findUnique({
     where: { id: providerId },
-    select: { managedByUserId: true },
+    select: { managedByUserId: true, organizationId: true },
   });
-  return provider?.managedByUserId === userId;
+  if (!provider) return false;
+  if (provider.managedByUserId === userId) return true;
+  if (
+    role === UserRole.CE_MANAGER &&
+    userOrgId &&
+    provider.organizationId === userOrgId
+  ) {
+    return true;
+  }
+  return false;
 }

From ea0e606735eacc623fb2ea84ed5ecbc1a8a3ac84 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Wed, 3 Jun 2026 00:03:03 +0000
Subject: [PATCH 40/47] =?UTF-8?q?feat(ce):=20Sprint=20K=20=E2=80=94=20publ?=
 =?UTF-8?q?ic=20badge=20+=20invites=20CE=5FMEMBER=20+=20tests?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Public badge sur fiche carbet :
- carbet-public.ts charge les OrganizationCarbetMembership (org
  approuvée uniquement) + expose `organizations: {id,name,slug}[]`.
- /carbets/[slug] affiche « Géré par le CE <name> » sous le header
  si au moins 1 org liée.

Invites CE_MEMBER :
- Migration 20260603300000_org_invite_token : OrgInviteToken
  (tokenHash, organizationId, email?, createdByUserId, expiresAt,
  usedAt). Cascade sur Organization. Index expiresAt + organizationId.
- src/lib/ce-invites.ts : createOrgInviteToken (TTL 14j),
  listOrgInviteTokens, getOrgInviteByToken (validité + expiry),
  markOrgInviteConsumed, revokeOrgInviteToken. Token = 24 bytes
  base64url, hash sha256.
- /espace-ce/membres : liste membres (CE_MANAGER + CE_MEMBER actifs)
  + form de génération de lien (email optionnel = lock email côté
  signup) + liste des invitations avec statut actif/consommé/expiré +
  bouton révoquer.
- /espace-ce/membres/actions.ts : createInviteAction +
  revokeInviteAction. Audit log scope=ce.invite.
- API /api/signup étendue : zod accepte inviteToken, branche dédiée
  qui crée User CE_MEMBER + organizationId du token + marquage
  usedAt. Vérif email match si email fourni dans le token.
- /inscription?invite=TOKEN : récupère l'invite, pré-affiche org name,
  lock email si fourni, masque les fieldsets type de compte (forcé
  CE_MEMBER).

CTA marketing :
- /pour-comites-entreprise : section CTA « Créer mon espace CE » sous
  le rendu content-pages, conditionnée par plugin ce-management.

Tests vitest (tests/lib/ce-access.test.ts) :
- canManageCarbet : admin always, owner direct, CE_MANAGER via org
  match, refus si autre org / pas d'org / TOURIST / pas de membership.
- 9 tests, mocks next-auth + @/auth + @/lib/authorization pour éviter
  next/server (incompatible vitest sans setup).
- Total tests projet : 62/62 ✓.

Dashboard /espace-ce : lien vers /espace-ce/membres en bas.

Migration prod appliquée.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../migration.sql                             |  22 +++
 prisma/schema.prisma                          |  19 ++
 src/app/api/signup/route.ts                   |  38 +++-
 src/app/carbets/[slug]/page.tsx               |  11 ++
 .../membres/_components/InviteForm.tsx        |  84 +++++++++
 src/app/espace-ce/membres/actions.ts          |  70 +++++++
 src/app/espace-ce/membres/page.tsx            | 173 ++++++++++++++++++
 src/app/espace-ce/page.tsx                    |   6 +-
 .../inscription/_components/SignupForm.tsx    |  35 +++-
 src/app/inscription/page.tsx                  |  23 ++-
 src/app/pour-comites-entreprise/page.tsx      |  29 ++-
 src/lib/carbet-public.ts                      |  13 ++
 src/lib/ce-invites.ts                         |  68 +++++++
 tests/lib/ce-access.test.ts                   | 111 +++++++++++
 14 files changed, 691 insertions(+), 11 deletions(-)
 create mode 100644 prisma/migrations/20260603300000_org_invite_token/migration.sql
 create mode 100644 src/app/espace-ce/membres/_components/InviteForm.tsx
 create mode 100644 src/app/espace-ce/membres/actions.ts
 create mode 100644 src/app/espace-ce/membres/page.tsx
 create mode 100644 src/lib/ce-invites.ts
 create mode 100644 tests/lib/ce-access.test.ts

diff --git a/prisma/migrations/20260603300000_org_invite_token/migration.sql b/prisma/migrations/20260603300000_org_invite_token/migration.sql
new file mode 100644
index 0000000..7ce99e5
--- /dev/null
+++ b/prisma/migrations/20260603300000_org_invite_token/migration.sql
@@ -0,0 +1,22 @@
+-- Sprint K : tokens d'invitation CE_MEMBER.
+-- Le CE_MANAGER génère un lien /inscription?invite=TOKEN, le destinataire s'inscrit
+-- automatiquement comme CE_MEMBER de l'organisation. usedAt à la consommation.
+
+CREATE TABLE "OrgInviteToken" (
+  "tokenHash"       TEXT NOT NULL,
+  "organizationId"  TEXT NOT NULL,
+  "email"           TEXT,
+  "createdByUserId" TEXT,
+  "expiresAt"       TIMESTAMP(3) NOT NULL,
+  "usedAt"          TIMESTAMP(3),
+  "createdAt"       TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "OrgInviteToken_pkey" PRIMARY KEY ("tokenHash")
+);
+
+CREATE INDEX "OrgInviteToken_organizationId_idx" ON "OrgInviteToken"("organizationId");
+CREATE INDEX "OrgInviteToken_expiresAt_idx" ON "OrgInviteToken"("expiresAt");
+
+ALTER TABLE "OrgInviteToken"
+  ADD CONSTRAINT "OrgInviteToken_organizationId_fkey"
+  FOREIGN KEY ("organizationId") REFERENCES "Organization"("id")
+  ON DELETE CASCADE ON UPDATE CASCADE;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 49f703a..4294008 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -86,11 +86,30 @@ model Organization {
   members          User[]
   carbetMemberships OrganizationCarbetMembership[]
   rentalProviders  RentalProvider[]
+  invites          OrgInviteToken[]
 
   @@index([name])
   @@index([approved])
 }
 
+/// Token d'invitation pour rejoindre une organisation comme CE_MEMBER.
+/// Le CE_MANAGER génère un lien, le destinataire s'inscrit via /inscription?invite=TOKEN.
+/// Pas de unique sur email pour permettre plusieurs invites pendants par destinataire.
+model OrgInviteToken {
+  tokenHash      String   @id
+  organizationId String
+  email          String?
+  createdByUserId String?
+  expiresAt      DateTime
+  usedAt         DateTime?
+  createdAt      DateTime @default(now())
+
+  organization Organization @relation(fields: [organizationId], references: [id], onDelete: Cascade)
+
+  @@index([organizationId])
+  @@index([expiresAt])
+}
+
 /// Co-gestion des carbets côté CE. Un Carbet a toujours un ownerId (créateur initial),
 /// et zéro ou plusieurs orgs liées : un CE_MANAGER d'une org liée peut gérer le carbet
 /// en plus de l'owner. Pour un hôte individuel : aucune membership ; pour un carbet CE :
diff --git a/src/app/api/signup/route.ts b/src/app/api/signup/route.ts
index e056d9b..739bf1b 100644
--- a/src/app/api/signup/route.ts
+++ b/src/app/api/signup/route.ts
@@ -2,6 +2,7 @@ import { NextResponse } from "next/server";
 import { z } from "zod";
 
 import { UserRole } from "@/generated/prisma/enums";
+import { getOrgInviteByToken, markOrgInviteConsumed } from "@/lib/ce-invites";
 import { hashPassword } from "@/lib/password";
 import { prisma } from "@/lib/prisma";
 import { recordAudit } from "@/lib/admin/audit";
@@ -23,6 +24,7 @@ const schema = z.object({
   providerName: z.string().trim().min(2).max(200).optional(),
   providerRivers: z.array(z.string().trim().min(1).max(80)).max(20).optional(),
   orgName: z.string().trim().min(2).max(200).optional(),
+  inviteToken: z.string().trim().min(8).max(200).optional(),
 });
 
 export async function POST(req: Request) {
@@ -55,6 +57,23 @@ export async function POST(req: Request) {
     return NextResponse.json({ error: "Nom de votre Comité d'Entreprise requis." }, { status: 400 });
   }
 
+  // Invitation CE_MEMBER : si un inviteToken est fourni, on force le rôle CE_MEMBER
+  // et on rattache à l'org du token (org déjà validée — pas de bannière pending).
+  let inviteOrgId: string | null = null;
+  if (data.inviteToken) {
+    const invite = await getOrgInviteByToken(data.inviteToken);
+    if (!invite) {
+      return NextResponse.json({ error: "Lien d'invitation invalide ou expiré." }, { status: 400 });
+    }
+    if (invite.email && invite.email.toLowerCase() !== data.email) {
+      return NextResponse.json(
+        { error: "Ce lien d'invitation est réservé à un autre email." },
+        { status: 400 },
+      );
+    }
+    inviteOrgId = invite.organizationId;
+  }
+
   const existing = await prisma.user.findUnique({ where: { email: data.email }, select: { id: true } });
   if (existing) {
     return NextResponse.json({ error: "Un compte existe déjà avec cet email." }, { status: 409 });
@@ -68,7 +87,24 @@ export async function POST(req: Request) {
   let createdOrgId: string | null = null;
   let user: { id: string; email: string; role: UserRole };
 
-  if (data.role === UserRole.CE_MANAGER) {
+  if (inviteOrgId) {
+    // Branche invite CE_MEMBER : rattache le user à l'org du token, ignore data.role.
+    user = await prisma.user.create({
+      data: {
+        email: data.email,
+        passwordHash,
+        firstName: data.firstName,
+        lastName: data.lastName,
+        phone: data.phone?.trim() || null,
+        role: UserRole.CE_MEMBER,
+        organizationId: inviteOrgId,
+        isActive: true,
+      },
+      select: { id: true, email: true, role: true },
+    });
+    createdOrgId = inviteOrgId;
+    await markOrgInviteConsumed(data.inviteToken!).catch(() => {});
+  } else if (data.role === UserRole.CE_MANAGER) {
     const orgName = data.orgName!.trim();
     const baseSlug = slugify(orgName);
     const result = await prisma.$transaction(async (tx) => {
diff --git a/src/app/carbets/[slug]/page.tsx b/src/app/carbets/[slug]/page.tsx
index 640d7c6..dbaeeaf 100644
--- a/src/app/carbets/[slug]/page.tsx
+++ b/src/app/carbets/[slug]/page.tsx
@@ -115,6 +115,17 @@ export default async function PublicCarbetPage({ params }: PageProps) {
               ? ` · Route + ${formatPirogueDuration(carbet.pirogueDurationMin)} pirogue depuis ${carbet.embarkPoint}`
               : ` · Route directe (embarquement ${carbet.embarkPoint})`}
         </p>
+        {carbet.organizations.length > 0 ? (
+          <p className="mt-1 text-xs text-zinc-500">
+            Géré par le CE{" "}
+            {carbet.organizations.map((o, i) => (
+              <span key={o.id}>
+                <strong className="text-zinc-700">{o.name}</strong>
+                {i < carbet.organizations.length - 1 ? ", " : ""}
+              </span>
+            ))}
+          </p>
+        ) : null}
         {carbet.reviewStats.count > 0 &&
         carbet.reviewStats.averageRating !== null ? (
           <p className="mt-2 flex items-center gap-2 text-sm text-zinc-700">
diff --git a/src/app/espace-ce/membres/_components/InviteForm.tsx b/src/app/espace-ce/membres/_components/InviteForm.tsx
new file mode 100644
index 0000000..8fb63e3
--- /dev/null
+++ b/src/app/espace-ce/membres/_components/InviteForm.tsx
@@ -0,0 +1,84 @@
+"use client";
+
+import { useState, useTransition } from "react";
+
+import type { CreateInviteResult } from "../actions";
+
+export function InviteForm({
+  action,
+  siteUrl,
+}: {
+  action: (fd: FormData) => Promise<CreateInviteResult>;
+  siteUrl: string;
+}) {
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [link, setLink] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    setLink(null);
+    startTransition(async () => {
+      const res = await action(fd);
+      if (!res.ok) {
+        setError(res.error);
+        return;
+      }
+      setLink(`${siteUrl}/inscription?invite=${res.token}`);
+    });
+  }
+
+  return (
+    <div className="space-y-3">
+      <form action={onSubmit} className="flex flex-wrap items-end gap-2">
+        <label className="block grow">
+          <span className="text-xs text-zinc-600">Email du futur CE_MEMBER (optionnel)</span>
+          <input
+            type="email"
+            name="email"
+            placeholder="prenom.nom@entreprise.gf"
+            maxLength={200}
+            className="mt-0.5 block w-full rounded-md border border-zinc-300 px-3 py-2 text-sm focus:border-zinc-900 focus:outline-none"
+          />
+        </label>
+        <button
+          type="submit"
+          disabled={pending}
+          className="rounded-md bg-emerald-600 px-4 py-2 text-sm font-semibold text-white hover:bg-emerald-700 disabled:opacity-60"
+        >
+          {pending ? "Génération…" : "Générer un lien"}
+        </button>
+      </form>
+      {error ? (
+        <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-xs text-rose-700">
+          {error}
+        </div>
+      ) : null}
+      {link ? (
+        <div className="rounded-md border border-emerald-200 bg-emerald-50/60 p-3 text-sm">
+          <p className="text-xs font-semibold uppercase tracking-wider text-emerald-800">
+            ✓ Lien d&apos;invitation généré (valable 14 jours)
+          </p>
+          <code className="mt-1 block break-all rounded bg-white px-2 py-1.5 font-mono text-xs text-zinc-700">
+            {link}
+          </code>
+          <button
+            type="button"
+            onClick={() => {
+              if (typeof navigator !== "undefined" && navigator.clipboard) {
+                navigator.clipboard.writeText(link).catch(() => {});
+              }
+            }}
+            className="mt-2 rounded border border-emerald-300 bg-white px-2 py-1 text-[11px] text-emerald-800 hover:bg-emerald-100"
+          >
+            Copier
+          </button>
+        </div>
+      ) : null}
+      <p className="text-[11px] text-zinc-500">
+        Si vous indiquez un email, le lien sera bloqué pour tout autre adresse à la connexion.
+        Sinon, n&apos;importe qui ayant le lien peut rejoindre votre CE.
+      </p>
+    </div>
+  );
+}
diff --git a/src/app/espace-ce/membres/actions.ts b/src/app/espace-ce/membres/actions.ts
new file mode 100644
index 0000000..e1e6fa3
--- /dev/null
+++ b/src/app/espace-ce/membres/actions.ts
@@ -0,0 +1,70 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { recordAudit } from "@/lib/admin/audit";
+import {
+  createOrgInviteToken,
+  revokeOrgInviteToken,
+} from "@/lib/ce-invites";
+import { getCurrentCeOrganization } from "@/lib/ce-access";
+import { prisma } from "@/lib/prisma";
+
+export type CreateInviteResult =
+  | { ok: true; token: string }
+  | { ok: false; error: string };
+
+export async function createInviteAction(fd: FormData): Promise<CreateInviteResult> {
+  const session = await auth();
+  if (!session?.user?.id) return { ok: false, error: "Non authentifié." };
+  if (session.user.role !== UserRole.CE_MANAGER && session.user.role !== UserRole.ADMIN) {
+    return { ok: false, error: "Réservé aux CE_MANAGER." };
+  }
+  const org = await getCurrentCeOrganization();
+  if (!org) return { ok: false, error: "Aucune organisation détectée." };
+  if (!org.approved) return { ok: false, error: "Votre organisation doit être validée." };
+
+  const email = ((fd.get("email") as string | null) ?? "").trim().toLowerCase() || null;
+  if (email && !/^[^@\s]+@[^@\s.]+\.[^@\s]+$/.test(email)) {
+    return { ok: false, error: "Email invalide." };
+  }
+
+  const token = await createOrgInviteToken({
+    organizationId: org.id,
+    createdByUserId: session.user.id,
+    email,
+  });
+  await recordAudit({
+    scope: "ce.invite",
+    event: "invite.create",
+    target: org.id,
+    actorEmail: session.user.email ?? null,
+    details: { email },
+  });
+  revalidatePath("/espace-ce/membres");
+  return { ok: true, token };
+}
+
+export async function revokeInviteAction(tokenHash: string): Promise<void> {
+  const session = await auth();
+  if (!session?.user?.id) return;
+  if (session.user.role !== UserRole.CE_MANAGER && session.user.role !== UserRole.ADMIN) return;
+  const org = await getCurrentCeOrganization();
+  if (!org) return;
+  const invite = await prisma.orgInviteToken.findUnique({
+    where: { tokenHash },
+    select: { organizationId: true },
+  });
+  if (!invite || invite.organizationId !== org.id) return;
+  await revokeOrgInviteToken(tokenHash);
+  await recordAudit({
+    scope: "ce.invite",
+    event: "invite.revoke",
+    target: org.id,
+    actorEmail: session.user.email ?? null,
+    details: {},
+  });
+  revalidatePath("/espace-ce/membres");
+}
diff --git a/src/app/espace-ce/membres/page.tsx b/src/app/espace-ce/membres/page.tsx
new file mode 100644
index 0000000..e77ed19
--- /dev/null
+++ b/src/app/espace-ce/membres/page.tsx
@@ -0,0 +1,173 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { UserRole } from "@/generated/prisma/enums";
+import { getCurrentCeOrganization } from "@/lib/ce-access";
+import { listOrgInviteTokens } from "@/lib/ce-invites";
+import { prisma } from "@/lib/prisma";
+
+import { createInviteAction, revokeInviteAction } from "./actions";
+import { InviteForm } from "./_components/InviteForm";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Membres CE — Karbé" };
+
+const ROLE_LABEL: Record<string, string> = {
+  CE_MANAGER: "Manager",
+  CE_MEMBER: "Membre",
+};
+
+export default async function CeMembresPage() {
+  const org = await getCurrentCeOrganization();
+  if (!org) redirect("/admin/organizations");
+
+  const [members, invites] = await Promise.all([
+    prisma.user.findMany({
+      where: {
+        organizationId: org.id,
+        role: { in: [UserRole.CE_MANAGER, UserRole.CE_MEMBER] },
+        isActive: true,
+      },
+      orderBy: [{ role: "asc" }, { lastName: "asc" }],
+      select: {
+        id: true,
+        email: true,
+        firstName: true,
+        lastName: true,
+        role: true,
+        createdAt: true,
+      },
+    }),
+    listOrgInviteTokens(org.id),
+  ]);
+
+  const siteUrl = process.env.NEXT_PUBLIC_SITE_URL ?? "https://karbe.cosmolan.fr";
+
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", {
+    day: "2-digit",
+    month: "short",
+    year: "2-digit",
+  });
+
+  return (
+    <main className="mx-auto max-w-4xl px-6 py-10 space-y-6">
+      <header>
+        <Link href="/espace-ce" className="text-xs text-zinc-500 hover:text-zinc-900">
+          ← Tableau de bord CE
+        </Link>
+        <h1 className="mt-1 text-3xl font-semibold text-zinc-900">
+          Membres — {org.name}
+        </h1>
+        <p className="mt-1 text-sm text-zinc-600">
+          {members.length} membre{members.length > 1 ? "s" : ""} actif{members.length > 1 ? "s" : ""}.
+          Générez un lien d&apos;invitation pour qu&apos;un nouveau CE_MEMBER s&apos;inscrive et
+          rejoigne automatiquement votre organisation.
+        </p>
+      </header>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Inviter un membre
+        </h2>
+        {!org.approved ? (
+          <p className="mt-3 text-sm text-amber-900">
+            🕒 La génération d&apos;invitations est bloquée tant que votre organisation n&apos;est
+            pas validée.
+          </p>
+        ) : (
+          <div className="mt-3">
+            <InviteForm action={createInviteAction} siteUrl={siteUrl} />
+          </div>
+        )}
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Membres ({members.length})
+        </h2>
+        {members.length === 0 ? (
+          <p className="text-sm text-zinc-500">Aucun membre actif pour l&apos;instant.</p>
+        ) : (
+          <ul className="divide-y divide-zinc-100">
+            {members.map((m) => (
+              <li key={m.id} className="flex items-center justify-between gap-3 py-2 text-sm">
+                <div>
+                  <div className="font-medium text-zinc-900">
+                    {m.firstName} {m.lastName}
+                  </div>
+                  <div className="text-xs text-zinc-500">{m.email}</div>
+                </div>
+                <span
+                  className={
+                    "rounded-full px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider " +
+                    (m.role === "CE_MANAGER"
+                      ? "bg-emerald-100 text-emerald-800 ring-1 ring-inset ring-emerald-300"
+                      : "bg-zinc-100 text-zinc-700 ring-1 ring-inset ring-zinc-300")
+                  }
+                >
+                  {ROLE_LABEL[m.role] ?? m.role}
+                </span>
+              </li>
+            ))}
+          </ul>
+        )}
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Invitations en cours ({invites.filter((i) => !i.usedAt && i.expiresAt > new Date()).length})
+        </h2>
+        {invites.length === 0 ? (
+          <p className="text-sm text-zinc-500">Aucune invitation envoyée pour l&apos;instant.</p>
+        ) : (
+          <ul className="divide-y divide-zinc-100">
+            {invites.map((inv) => {
+              const expired = inv.expiresAt < new Date();
+              const used = inv.usedAt !== null;
+              const status = used ? "consommé" : expired ? "expiré" : "actif";
+              return (
+                <li
+                  key={inv.tokenHash}
+                  className="flex items-center justify-between gap-3 py-2 text-sm"
+                >
+                  <div>
+                    <div className="font-mono text-xs text-zinc-700">
+                      {inv.email ?? "(lien partagé)"}
+                    </div>
+                    <div className="text-[11px] text-zinc-500">
+                      Créé {dateFmt.format(inv.createdAt)} · Expire {dateFmt.format(inv.expiresAt)}
+                    </div>
+                  </div>
+                  <div className="flex items-center gap-2">
+                    <span
+                      className={
+                        "rounded-full px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider " +
+                        (status === "actif"
+                          ? "bg-emerald-100 text-emerald-800 ring-1 ring-inset ring-emerald-300"
+                          : status === "consommé"
+                            ? "bg-zinc-100 text-zinc-600 ring-1 ring-inset ring-zinc-300"
+                            : "bg-amber-100 text-amber-800 ring-1 ring-inset ring-amber-300")
+                      }
+                    >
+                      {status}
+                    </span>
+                    {!used && !expired ? (
+                      <form action={revokeInviteAction.bind(null, inv.tokenHash)}>
+                        <button
+                          type="submit"
+                          className="rounded border border-rose-200 bg-white px-2 py-0.5 text-[11px] text-rose-700 hover:bg-rose-50"
+                        >
+                          Révoquer
+                        </button>
+                      </form>
+                    ) : null}
+                  </div>
+                </li>
+              );
+            })}
+          </ul>
+        )}
+      </section>
+    </main>
+  );
+}
diff --git a/src/app/espace-ce/page.tsx b/src/app/espace-ce/page.tsx
index e6eaee6..0a5251d 100644
--- a/src/app/espace-ce/page.tsx
+++ b/src/app/espace-ce/page.tsx
@@ -85,7 +85,11 @@ export default async function CeDashboardPage() {
       </section>
 
       <p className="text-xs text-zinc-500">
-        Le bouton « Matériel rental » sera actif au Sprint J du plan CE management.
+        Gérez aussi vos{" "}
+        <Link href="/espace-ce/membres" className="text-zinc-700 underline hover:text-zinc-900">
+          membres et invitations CE
+        </Link>
+        .
       </p>
     </main>
   );
diff --git a/src/app/inscription/_components/SignupForm.tsx b/src/app/inscription/_components/SignupForm.tsx
index 3ac9fc5..3bb3cd3 100644
--- a/src/app/inscription/_components/SignupForm.tsx
+++ b/src/app/inscription/_components/SignupForm.tsx
@@ -4,9 +4,11 @@ import { useState, useTransition } from "react";
 import { useRouter } from "next/navigation";
 import { signIn } from "next-auth/react";
 
-type Props = { next: string };
+type InviteContext = { token: string; orgName: string; emailLock?: string | null };
 
-export function SignupForm({ next }: Props) {
+type Props = { next: string; invite?: InviteContext | null };
+
+export function SignupForm({ next, invite }: Props) {
   const router = useRouter();
   const [pending, startTransition] = useTransition();
   const [error, setError] = useState<string | null>(null);
@@ -14,6 +16,7 @@ export function SignupForm({ next }: Props) {
   const [providerName, setProviderName] = useState("");
   const [providerRivers, setProviderRivers] = useState("");
   const [orgName, setOrgName] = useState("");
+  const isInvite = Boolean(invite);
 
   function onSubmit(formData: FormData) {
     setError(null);
@@ -55,6 +58,13 @@ export function SignupForm({ next }: Props) {
       if (role === "CE_MANAGER") {
         body.orgName = orgName.trim();
       }
+      if (isInvite && invite) {
+        body.inviteToken = invite.token;
+        // L'API force le rôle CE_MEMBER quand inviteToken est valide ;
+        // on retire les champs inutiles pour ne pas créer de confusion.
+        delete (body as { providerName?: unknown }).providerName;
+        delete (body as { orgName?: unknown }).orgName;
+      }
       const res = await fetch("/api/signup", {
         method: "POST",
         headers: { "Content-Type": "application/json" },
@@ -98,7 +108,17 @@ export function SignupForm({ next }: Props) {
 
         <label className="block">
           <span className="text-xs text-zinc-600">Email</span>
-          <input name="email" type="email" required maxLength={200} className={inputCls + " mt-0.5"} />
+          <input
+            name="email"
+            type="email"
+            required
+            maxLength={200}
+            defaultValue={invite?.emailLock ?? undefined}
+            readOnly={Boolean(invite?.emailLock)}
+            className={
+              inputCls + " mt-0.5" + (invite?.emailLock ? " bg-zinc-50 text-zinc-700" : "")
+            }
+          />
         </label>
 
         <label className="block">
@@ -118,7 +138,14 @@ export function SignupForm({ next }: Props) {
           <input name="phone" type="tel" maxLength={40} className={inputCls + " mt-0.5"} />
         </label>
 
-        <fieldset className="space-y-1">
+        {isInvite ? (
+          <p className="rounded-md border border-emerald-200 bg-emerald-50/60 px-3 py-2 text-xs text-emerald-900">
+            Vous rejoignez <strong>{invite!.orgName}</strong> comme membre CE — les autres
+            types de compte sont masqués.
+          </p>
+        ) : null}
+
+        <fieldset className="space-y-1" hidden={isInvite}>
           <legend className="text-xs text-zinc-600">Type de compte</legend>
           <div className="grid grid-cols-1 gap-2 pt-1 sm:grid-cols-2 lg:grid-cols-4">
             <label
diff --git a/src/app/inscription/page.tsx b/src/app/inscription/page.tsx
index 35e871e..0ff3940 100644
--- a/src/app/inscription/page.tsx
+++ b/src/app/inscription/page.tsx
@@ -2,12 +2,14 @@ import { redirect } from "next/navigation";
 import Link from "next/link";
 
 import { auth } from "@/auth";
+import { getOrgInviteByToken } from "@/lib/ce-invites";
+
 import { SignupForm } from "./_components/SignupForm";
 
 export const dynamic = "force-dynamic";
 
 type PageProps = {
-  searchParams: Promise<{ next?: string }>;
+  searchParams: Promise<{ next?: string; invite?: string }>;
 };
 
 export default async function SignupPage({ searchParams }: PageProps) {
@@ -16,17 +18,32 @@ export default async function SignupPage({ searchParams }: PageProps) {
   const next = sp.next && sp.next.startsWith("/") ? sp.next : "/";
   if (session?.user?.id) redirect(next);
 
+  // Si un token d'invitation valide est présent, on pré-remplit le contexte CE_MEMBER.
+  let invite: { token: string; orgName: string; emailLock?: string | null } | null = null;
+  if (sp.invite) {
+    const found = await getOrgInviteByToken(sp.invite);
+    if (found) {
+      invite = {
+        token: sp.invite,
+        orgName: found.organization.name,
+        emailLock: found.email,
+      };
+    }
+  }
+
   return (
     <main className="mx-auto flex min-h-[70vh] max-w-md items-center px-6 py-12">
       <div className="w-full space-y-4 rounded-xl border border-zinc-200 bg-white p-6 shadow-sm">
         <header>
           <h1 className="text-2xl font-semibold text-zinc-900">Créer un compte</h1>
           <p className="mt-1 text-sm text-zinc-500">
-            Un compte vous permet de réserver un séjour ou, en tant qu&apos;hôte, de publier votre carbet.
+            {invite
+              ? `Vous avez été invité à rejoindre « ${invite.orgName} » comme membre CE.`
+              : "Un compte vous permet de réserver un séjour ou, en tant qu'hôte, de publier votre carbet."}
           </p>
         </header>
 
-        <SignupForm next={next} />
+        <SignupForm next={next} invite={invite} />
 
         <p className="border-t border-zinc-100 pt-3 text-center text-sm text-zinc-500">
           Déjà un compte ?{" "}
diff --git a/src/app/pour-comites-entreprise/page.tsx b/src/app/pour-comites-entreprise/page.tsx
index f0125bd..fa83f77 100644
--- a/src/app/pour-comites-entreprise/page.tsx
+++ b/src/app/pour-comites-entreprise/page.tsx
@@ -1,8 +1,10 @@
+import Link from "next/link";
 import { notFound } from "next/navigation";
+
+import { ContentPageRenderer } from "@/components/ContentPageRenderer";
 import { getContentPage } from "@/lib/content-pages";
 import { getLocale } from "@/lib/i18n/server";
 import { isPluginEnabled } from "@/lib/plugins/server";
-import { ContentPageRenderer } from "@/components/ContentPageRenderer";
 
 export const dynamic = "force-dynamic";
 
@@ -15,5 +17,28 @@ export default async function CEPage() {
   if (!(await isPluginEnabled("content-pages"))) notFound();
   const page = await getContentPage("pour-comites-entreprise", await getLocale());
   if (!page) notFound();
-  return <ContentPageRenderer page={page} />;
+  const ceEnabled = await isPluginEnabled("ce-management");
+
+  return (
+    <>
+      <ContentPageRenderer page={page} />
+      {ceEnabled ? (
+        <section className="mx-auto my-8 max-w-3xl rounded-lg border border-emerald-200 bg-emerald-50/60 px-6 py-6 text-center">
+          <h2 className="text-lg font-semibold text-emerald-900">
+            Vous êtes un Comité d&apos;Entreprise ?
+          </h2>
+          <p className="mt-1 text-sm text-emerald-900">
+            Créez votre espace CE sur Karbé pour proposer vos carbets à vos membres et au public
+            touriste, et activer la location de matériel.
+          </p>
+          <Link
+            href="/inscription"
+            className="mt-3 inline-block rounded-md bg-emerald-600 px-5 py-2 text-sm font-semibold text-white hover:bg-emerald-700"
+          >
+            Créer mon espace CE
+          </Link>
+        </section>
+      ) : null}
+    </>
+  );
 }
diff --git a/src/lib/carbet-public.ts b/src/lib/carbet-public.ts
index c09b2fb..3a947f8 100644
--- a/src/lib/carbet-public.ts
+++ b/src/lib/carbet-public.ts
@@ -42,6 +42,8 @@ export type PublicCarbetDetail = {
   longitude: string;
   ownerId: string;
   ownerFirstName: string;
+  /** Comités d'Entreprise qui co-gèrent ce carbet (vide si hôte individuel). */
+  organizations: { id: string; name: string; slug: string }[];
   media: PublicCarbetMedia[];
   amenities: { key: string; label: string }[];
   reviewStats: CarbetReviewStats;
@@ -99,6 +101,12 @@ export const getPublicCarbet = cache(
         amenities: {
           select: { amenity: { select: { key: true, label: true } } },
         },
+        organizations: {
+          where: { organization: { approved: true } },
+          select: {
+            organization: { select: { id: true, name: true, slug: true } },
+          },
+        },
       },
     });
 
@@ -146,6 +154,11 @@ export const getPublicCarbet = cache(
       longitude: carbet.longitude.toString(),
       ownerId: carbet.ownerId,
       ownerFirstName: carbet.owner.firstName,
+      organizations: carbet.organizations.map((m) => ({
+        id: m.organization.id,
+        name: m.organization.name,
+        slug: m.organization.slug,
+      })),
       media: carbet.media.map((m) => ({
         id: m.id,
         type: m.type,
diff --git a/src/lib/ce-invites.ts b/src/lib/ce-invites.ts
new file mode 100644
index 0000000..d288971
--- /dev/null
+++ b/src/lib/ce-invites.ts
@@ -0,0 +1,68 @@
+import "server-only";
+
+import crypto from "node:crypto";
+
+import { prisma } from "@/lib/prisma";
+
+const INVITE_TTL_MS = 14 * 24 * 60 * 60 * 1000; // 14 jours
+
+function hashToken(token: string): string {
+  return crypto.createHash("sha256").update(token).digest("hex");
+}
+
+export async function createOrgInviteToken(opts: {
+  organizationId: string;
+  createdByUserId: string;
+  email?: string | null;
+  ttlMs?: number;
+}): Promise<string> {
+  const token = crypto.randomBytes(24).toString("base64url");
+  const tokenHash = hashToken(token);
+  const expiresAt = new Date(Date.now() + (opts.ttlMs ?? INVITE_TTL_MS));
+  await prisma.orgInviteToken.create({
+    data: {
+      tokenHash,
+      organizationId: opts.organizationId,
+      createdByUserId: opts.createdByUserId,
+      email: opts.email ?? null,
+      expiresAt,
+    },
+  });
+  return token;
+}
+
+export async function listOrgInviteTokens(organizationId: string) {
+  return prisma.orgInviteToken.findMany({
+    where: { organizationId },
+    orderBy: { createdAt: "desc" },
+    take: 50,
+  });
+}
+
+/** Renvoie l'invitation si elle existe, non expirée et non consommée. */
+export async function getOrgInviteByToken(plainToken: string) {
+  const tokenHash = hashToken(plainToken);
+  const row = await prisma.orgInviteToken.findUnique({
+    where: { tokenHash },
+    include: {
+      organization: { select: { id: true, name: true, slug: true, approved: true } },
+    },
+  });
+  if (!row) return null;
+  if (row.usedAt) return null;
+  if (row.expiresAt < new Date()) return null;
+  return row;
+}
+
+/** Marque l'invitation comme consommée. À appeler dans la transaction de signup. */
+export async function markOrgInviteConsumed(plainToken: string): Promise<void> {
+  const tokenHash = hashToken(plainToken);
+  await prisma.orgInviteToken.update({
+    where: { tokenHash },
+    data: { usedAt: new Date() },
+  });
+}
+
+export async function revokeOrgInviteToken(tokenHash: string): Promise<void> {
+  await prisma.orgInviteToken.delete({ where: { tokenHash } }).catch(() => {});
+}
diff --git a/tests/lib/ce-access.test.ts b/tests/lib/ce-access.test.ts
new file mode 100644
index 0000000..ecb89ad
--- /dev/null
+++ b/tests/lib/ce-access.test.ts
@@ -0,0 +1,111 @@
+import { describe, it, expect, vi } from "vitest";
+
+// L'enum est aussi un type ; on l'importe de manière statique pour TS.
+import { UserRole } from "@/generated/prisma/enums";
+
+// next-auth tire next/server qui n'est pas résolu dans le tunnel vitest.
+// On stubbe les modules nécessaires avant d'importer carbet-access (qui
+// importe Session de next-auth uniquement en type-only, mais authorization.ts
+// dépend de auth() — d'où le mock).
+vi.mock("next-auth", () => ({ default: () => ({}) }));
+vi.mock("@/auth", () => ({ auth: () => Promise.resolve(null) }));
+vi.mock("@/lib/authorization", () => ({
+  requireRole: () => Promise.resolve({}),
+}));
+
+const { canManageCarbet } = await import("@/lib/carbet-access");
+
+// Pure-data shape qui satisfait la signature de canManageCarbet sans tirer
+// next-auth/server (incompatible vitest sans setup).
+type MinimalSession = {
+  user: {
+    id: string;
+    role: UserRole;
+    organizationId?: string | null;
+    email?: string | null;
+  };
+};
+
+function makeSession(opts: {
+  userId: string;
+  role: UserRole;
+  organizationId?: string | null;
+}): MinimalSession {
+  return {
+    user: {
+      id: opts.userId,
+      role: opts.role,
+      organizationId: opts.organizationId ?? null,
+      email: "test@example.com",
+    },
+  };
+}
+
+describe("canManageCarbet", () => {
+  it("admin can always manage", () => {
+    const session = makeSession({ userId: "u-admin", role: UserRole.ADMIN });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u-other", [])).toBe(true);
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u-other", ["org-x"])).toBe(true);
+  });
+
+  it("owner can manage their own carbet", () => {
+    const session = makeSession({ userId: "u1", role: UserRole.OWNER });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u1", [])).toBe(true);
+  });
+
+  it("owner cannot manage someone else's carbet", () => {
+    const session = makeSession({ userId: "u1", role: UserRole.OWNER });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u2", [])).toBe(false);
+  });
+
+  it("CE_MANAGER can manage carbet linked to their org via membership", () => {
+    const session = makeSession({
+      userId: "u-ce",
+      role: UserRole.CE_MANAGER,
+      organizationId: "org-1",
+    });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u-creator", ["org-1"])).toBe(true);
+  });
+
+  it("CE_MANAGER cannot manage carbet of another org", () => {
+    const session = makeSession({
+      userId: "u-ce",
+      role: UserRole.CE_MANAGER,
+      organizationId: "org-1",
+    });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u-creator", ["org-2"])).toBe(false);
+  });
+
+  it("CE_MANAGER cannot manage when carbet has no memberships", () => {
+    const session = makeSession({
+      userId: "u-ce",
+      role: UserRole.CE_MANAGER,
+      organizationId: "org-1",
+    });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u-creator", [])).toBe(false);
+  });
+
+  it("CE_MANAGER without organizationId cannot manage anything via membership", () => {
+    const session = makeSession({
+      userId: "u-ce",
+      role: UserRole.CE_MANAGER,
+      organizationId: null,
+    });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u-creator", ["org-1"])).toBe(false);
+  });
+
+  it("TOURIST cannot manage", () => {
+    const session = makeSession({ userId: "u1", role: UserRole.TOURIST });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u-other", ["org-1"])).toBe(false);
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u1", ["org-1"])).toBe(true); // matches as owner
+  });
+
+  it("CE_MANAGER can also manage as direct owner (rare but possible)", () => {
+    const session = makeSession({
+      userId: "u-ce",
+      role: UserRole.CE_MANAGER,
+      organizationId: "org-1",
+    });
+    expect(canManageCarbet(session as unknown as Parameters<typeof canManageCarbet>[0], "u-ce", [])).toBe(true);
+  });
+});

From 3a557b6de548651ba9589215fcb970feb10e2a58 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Wed, 3 Jun 2026 01:59:18 +0000
Subject: [PATCH 41/47] =?UTF-8?q?feat(ce):=20Sprint=20L=20=E2=80=94=20emai?=
 =?UTF-8?q?l=20auto=20invites=20+=20admin=20memberships=20UI?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Email automatique pour les invites CE_MEMBER :
- sendCeInviteEmail(to, orgName, inviteUrl, inviterName?) : template
  best-effort (dry-run sans Resend), bouton CTA + lien direct en plain
  text. Mentionne TTL 14j + warning si pas le destinataire attendu.
- createInviteAction branche l'envoi automatique quand un email est
  renseigné dans le formulaire. Audit log gagne emailedAutomatically.
- InviteForm UI : affiche « lien généré · email envoyé » quand un
  email était fourni. Texte d'aide mis à jour.
- Sans email → comportement inchangé : lien à copier manuellement.

Admin /admin/carbets/[id] gagne section memberships :
- src/lib/admin/carbets.ts : getCarbetForEdit inclut organizations +
  listOrganizationsForLink helper (toutes orgs triées approved desc).
- 2 actions admin : linkCarbetToOrganizationAction (idempotent) +
  unlinkCarbetFromOrganizationAction. Audit scope=admin.carbets,
  events carbet.org.link / carbet.org.unlink.
- CarbetMemberships client component : liste les orgs liées (badge
  pending si org non approuvée) + select des orgs disponibles + boutons
  Lier/Délier. Désactive le select quand toutes les orgs sont déjà
  liées.

Le link admin permet de :
- Lier rétroactivement un carbet existant à un CE (cas où l'orga
  intègre un carbet d'un hôte individuel).
- Délier un carbet quand un CE part ou que le carbet repasse en
  gestion individuelle.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../[id]/_components/CarbetMemberships.tsx    | 125 ++++++++++++++++++
 src/app/admin/carbets/[id]/page.tsx           |  44 +++++-
 src/app/admin/carbets/actions.ts              |  36 +++++
 .../membres/_components/InviteForm.tsx        |  10 +-
 src/app/espace-ce/membres/actions.ts          |  14 +-
 src/lib/admin/carbets.ts                      |  14 ++
 src/lib/email.ts                              |  24 ++++
 7 files changed, 260 insertions(+), 7 deletions(-)
 create mode 100644 src/app/admin/carbets/[id]/_components/CarbetMemberships.tsx

diff --git a/src/app/admin/carbets/[id]/_components/CarbetMemberships.tsx b/src/app/admin/carbets/[id]/_components/CarbetMemberships.tsx
new file mode 100644
index 0000000..95bfc88
--- /dev/null
+++ b/src/app/admin/carbets/[id]/_components/CarbetMemberships.tsx
@@ -0,0 +1,125 @@
+"use client";
+
+import { useState, useTransition } from "react";
+
+type Org = { id: string; name: string; slug: string; approved: boolean };
+type LinkedOrg = Org & { addedAt: Date };
+
+type Props = {
+  carbetId: string;
+  linked: LinkedOrg[];
+  available: Org[];
+  linkAction: (carbetId: string, orgId: string) => Promise<{ ok: true; alreadyLinked: boolean } | { ok: false; error?: string }>;
+  unlinkAction: (carbetId: string, orgId: string) => Promise<{ ok: true } | { ok: false; error?: string }>;
+};
+
+export function CarbetMemberships({
+  carbetId,
+  linked,
+  available,
+  linkAction,
+  unlinkAction,
+}: Props) {
+  const [pending, startTransition] = useTransition();
+  const [selectedOrgId, setSelectedOrgId] = useState("");
+  const [error, setError] = useState<string | null>(null);
+
+  // Filtre les orgs non encore liées
+  const linkedIds = new Set(linked.map((l) => l.id));
+  const options = available.filter((o) => !linkedIds.has(o.id));
+
+  function link() {
+    if (!selectedOrgId) return;
+    setError(null);
+    startTransition(async () => {
+      const res = await linkAction(carbetId, selectedOrgId);
+      if (!res.ok) setError(res.error || "Échec de la liaison");
+      else setSelectedOrgId("");
+    });
+  }
+
+  function unlink(orgId: string) {
+    setError(null);
+    startTransition(async () => {
+      const res = await unlinkAction(carbetId, orgId);
+      if (!res.ok) setError(res.error || "Échec");
+    });
+  }
+
+  return (
+    <div className="space-y-3">
+      {linked.length === 0 ? (
+        <p className="text-sm text-zinc-500">
+          Aucune organisation liée. Le carbet est géré uniquement par son propriétaire individuel.
+        </p>
+      ) : (
+        <ul className="divide-y divide-zinc-100 rounded-md border border-zinc-200 bg-white">
+          {linked.map((o) => (
+            <li
+              key={o.id}
+              className="flex items-center justify-between gap-3 px-3 py-2 text-sm"
+            >
+              <div>
+                <span className="font-medium text-zinc-900">{o.name}</span>
+                <span className="ml-2 text-[11px] text-zinc-500">/{o.slug}</span>
+                {!o.approved ? (
+                  <span className="ml-2 rounded-full bg-amber-100 px-1.5 py-0.5 text-[9px] font-semibold uppercase tracking-wider text-amber-800 ring-1 ring-inset ring-amber-300">
+                    Pending
+                  </span>
+                ) : null}
+              </div>
+              <button
+                type="button"
+                disabled={pending}
+                onClick={() => unlink(o.id)}
+                className="rounded border border-rose-200 bg-white px-2 py-1 text-[11px] text-rose-700 hover:bg-rose-50 disabled:opacity-60"
+              >
+                Délier
+              </button>
+            </li>
+          ))}
+        </ul>
+      )}
+
+      {options.length > 0 ? (
+        <div className="flex flex-wrap items-center gap-2">
+          <select
+            value={selectedOrgId}
+            onChange={(e) => setSelectedOrgId(e.target.value)}
+            className="rounded-md border border-zinc-300 bg-white px-2 py-1.5 text-sm focus:border-zinc-900 focus:outline-none"
+          >
+            <option value="">— Choisir une organisation à lier —</option>
+            {options.map((o) => (
+              <option key={o.id} value={o.id}>
+                {o.name} {o.approved ? "" : "(pending)"}
+              </option>
+            ))}
+          </select>
+          <button
+            type="button"
+            disabled={pending || !selectedOrgId}
+            onClick={link}
+            className="rounded-md bg-emerald-600 px-3 py-1.5 text-sm font-semibold text-white hover:bg-emerald-700 disabled:opacity-50"
+          >
+            {pending ? "…" : "Lier"}
+          </button>
+        </div>
+      ) : (
+        <p className="text-[11px] text-zinc-500">
+          Toutes les organisations existantes sont déjà liées à ce carbet.
+        </p>
+      )}
+
+      {error ? (
+        <div className="rounded border border-rose-200 bg-rose-50 px-3 py-2 text-xs text-rose-700">
+          {error}
+        </div>
+      ) : null}
+
+      <p className="text-[11px] text-zinc-500">
+        Une organisation liée signifie que ses CE_MANAGERs peuvent éditer ce carbet en plus du
+        propriétaire nominal.
+      </p>
+    </div>
+  );
+}
diff --git a/src/app/admin/carbets/[id]/page.tsx b/src/app/admin/carbets/[id]/page.tsx
index bf7a972..6a69e2e 100644
--- a/src/app/admin/carbets/[id]/page.tsx
+++ b/src/app/admin/carbets/[id]/page.tsx
@@ -1,15 +1,23 @@
 import { notFound } from "next/navigation";
 import Link from "next/link";
+
+import { MediaUploader } from "@/components/MediaUploader";
+import { StatusBadge } from "@/components/admin/StatusBadge";
 import {
   getCarbetForEdit,
+  listOrganizationsForLink,
   listOwners,
   listPirogueProviders,
 } from "@/lib/admin/carbets";
+
 import { CarbetForm } from "../_components/CarbetForm";
-import { StatusBadge } from "@/components/admin/StatusBadge";
-import { MediaUploader } from "@/components/MediaUploader";
+import {
+  linkCarbetToOrganizationAction,
+  unlinkCarbetFromOrganizationAction,
+  updateCarbetAction,
+} from "../actions";
+import { CarbetMemberships } from "./_components/CarbetMemberships";
 import { StatusActions } from "./_components/StatusActions";
-import { updateCarbetAction } from "../actions";
 
 export const dynamic = "force-dynamic";
 
@@ -17,10 +25,11 @@ type PageProps = { params: Promise<{ id: string }> };
 
 export default async function EditCarbetPage({ params }: PageProps) {
   const { id } = await params;
-  const [carbet, owners, providers] = await Promise.all([
+  const [carbet, owners, providers, organizations] = await Promise.all([
     getCarbetForEdit(id),
     listOwners(),
     listPirogueProviders(),
+    listOrganizationsForLink(),
   ]);
   if (!carbet) notFound();
 
@@ -28,6 +37,14 @@ export default async function EditCarbetPage({ params }: PageProps) {
     "use server";
     return await updateCarbetAction(id, fd);
   };
+  const linkThis = async (carbetId: string, orgId: string) => {
+    "use server";
+    return await linkCarbetToOrganizationAction(carbetId, orgId);
+  };
+  const unlinkThis = async (carbetId: string, orgId: string) => {
+    "use server";
+    return await unlinkCarbetFromOrganizationAction(carbetId, orgId);
+  };
 
   return (
     <div className="mx-auto max-w-5xl space-y-6">
@@ -61,6 +78,25 @@ export default async function EditCarbetPage({ params }: PageProps) {
         </div>
       </header>
 
+      <section className="mb-6 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Organisations co-gestionnaires (CE)
+        </h2>
+        <CarbetMemberships
+          carbetId={carbet.id}
+          linked={carbet.organizations.map((m) => ({
+            id: m.organization.id,
+            name: m.organization.name,
+            slug: m.organization.slug,
+            approved: m.organization.approved,
+            addedAt: m.addedAt,
+          }))}
+          available={organizations}
+          linkAction={linkThis}
+          unlinkAction={unlinkThis}
+        />
+      </section>
+
       <section className="mb-6 rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
         <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
           Médias
diff --git a/src/app/admin/carbets/actions.ts b/src/app/admin/carbets/actions.ts
index 2004bd8..f85950a 100644
--- a/src/app/admin/carbets/actions.ts
+++ b/src/app/admin/carbets/actions.ts
@@ -213,6 +213,42 @@ export async function reorderMediaAction(carbetId: string, mediaId: string, dire
   return { ok: true as const };
 }
 
+export async function linkCarbetToOrganizationAction(carbetId: string, organizationId: string) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  const actorEmail = session?.user?.email ?? null;
+  // findFirst pour idempotence : si déjà lié, on ne touche pas + on ne crash pas.
+  const existing = await prisma.organizationCarbetMembership.findUnique({
+    where: { organizationId_carbetId: { organizationId, carbetId } },
+    select: { organizationId: true },
+  });
+  if (existing) {
+    return { ok: true as const, alreadyLinked: true };
+  }
+  await prisma.organizationCarbetMembership.create({
+    data: {
+      organizationId,
+      carbetId,
+      addedByUserId: session?.user?.id ?? null,
+    },
+  });
+  await audit("carbet.org.link", carbetId, actorEmail, { organizationId });
+  revalidatePath(`/admin/carbets/${carbetId}`);
+  return { ok: true as const, alreadyLinked: false };
+}
+
+export async function unlinkCarbetFromOrganizationAction(carbetId: string, organizationId: string) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  const actorEmail = session?.user?.email ?? null;
+  await prisma.organizationCarbetMembership
+    .delete({ where: { organizationId_carbetId: { organizationId, carbetId } } })
+    .catch(() => {});
+  await audit("carbet.org.unlink", carbetId, actorEmail, { organizationId });
+  revalidatePath(`/admin/carbets/${carbetId}`);
+  return { ok: true as const };
+}
+
 async function audit(
   event: string,
   entityId: string,
diff --git a/src/app/espace-ce/membres/_components/InviteForm.tsx b/src/app/espace-ce/membres/_components/InviteForm.tsx
index 8fb63e3..4a8fd96 100644
--- a/src/app/espace-ce/membres/_components/InviteForm.tsx
+++ b/src/app/espace-ce/membres/_components/InviteForm.tsx
@@ -14,10 +14,13 @@ export function InviteForm({
   const [pending, startTransition] = useTransition();
   const [error, setError] = useState<string | null>(null);
   const [link, setLink] = useState<string | null>(null);
+  const [emailSent, setEmailSent] = useState(false);
 
   function onSubmit(fd: FormData) {
     setError(null);
     setLink(null);
+    setEmailSent(false);
+    const emailValue = ((fd.get("email") as string | null) ?? "").trim();
     startTransition(async () => {
       const res = await action(fd);
       if (!res.ok) {
@@ -25,6 +28,7 @@ export function InviteForm({
         return;
       }
       setLink(`${siteUrl}/inscription?invite=${res.token}`);
+      setEmailSent(Boolean(emailValue));
     });
   }
 
@@ -58,6 +62,7 @@ export function InviteForm({
         <div className="rounded-md border border-emerald-200 bg-emerald-50/60 p-3 text-sm">
           <p className="text-xs font-semibold uppercase tracking-wider text-emerald-800">
             ✓ Lien d&apos;invitation généré (valable 14 jours)
+            {emailSent ? " · email envoyé" : ""}
           </p>
           <code className="mt-1 block break-all rounded bg-white px-2 py-1.5 font-mono text-xs text-zinc-700">
             {link}
@@ -76,8 +81,9 @@ export function InviteForm({
         </div>
       ) : null}
       <p className="text-[11px] text-zinc-500">
-        Si vous indiquez un email, le lien sera bloqué pour tout autre adresse à la connexion.
-        Sinon, n&apos;importe qui ayant le lien peut rejoindre votre CE.
+        Si vous indiquez un email, l&apos;invitation sera envoyée automatiquement et le lien
+        sera bloqué pour toute autre adresse à la connexion. Sans email, n&apos;importe qui
+        ayant le lien peut rejoindre votre CE.
       </p>
     </div>
   );
diff --git a/src/app/espace-ce/membres/actions.ts b/src/app/espace-ce/membres/actions.ts
index e1e6fa3..b042c00 100644
--- a/src/app/espace-ce/membres/actions.ts
+++ b/src/app/espace-ce/membres/actions.ts
@@ -10,8 +10,11 @@ import {
   revokeOrgInviteToken,
 } from "@/lib/ce-invites";
 import { getCurrentCeOrganization } from "@/lib/ce-access";
+import { sendCeInviteEmail } from "@/lib/email";
 import { prisma } from "@/lib/prisma";
 
+const SITE_URL = process.env.NEXT_PUBLIC_SITE_URL ?? "https://karbe.cosmolan.fr";
+
 export type CreateInviteResult =
   | { ok: true; token: string }
   | { ok: false; error: string };
@@ -41,8 +44,17 @@ export async function createInviteAction(fd: FormData): Promise<CreateInviteResu
     event: "invite.create",
     target: org.id,
     actorEmail: session.user.email ?? null,
-    details: { email },
+    details: { email, emailedAutomatically: Boolean(email) },
   });
+  // Envoi automatique si email destinataire fourni (best-effort, dry-run sans Resend).
+  if (email) {
+    const inviteUrl = `${SITE_URL}/inscription?invite=${token}`;
+    try {
+      await sendCeInviteEmail(email, org.name, inviteUrl, session.user.name);
+    } catch (e) {
+      console.error("[ce.invite] email send failed:", e instanceof Error ? e.message : e);
+    }
+  }
   revalidatePath("/espace-ce/membres");
   return { ok: true, token };
 }
diff --git a/src/lib/admin/carbets.ts b/src/lib/admin/carbets.ts
index bf773e2..d9e7d36 100644
--- a/src/lib/admin/carbets.ts
+++ b/src/lib/admin/carbets.ts
@@ -111,10 +111,24 @@ export async function getCarbetForEdit(id: string) {
       owner: { select: { id: true, firstName: true, lastName: true, email: true } },
       pirogueProvider: { select: { id: true, name: true } },
       media: { orderBy: { sortOrder: "asc" } },
+      organizations: {
+        orderBy: { addedAt: "asc" },
+        include: {
+          organization: { select: { id: true, name: true, slug: true, approved: true } },
+        },
+      },
       _count: { select: { bookings: true, reviews: true } },
     },
   });
 }
 
+/** Liste les orgs disponibles pour link sur un carbet — toutes orgs (approuvées et pending). */
+export async function listOrganizationsForLink() {
+  return prisma.organization.findMany({
+    orderBy: [{ approved: "desc" }, { name: "asc" }],
+    select: { id: true, name: true, slug: true, approved: true },
+  });
+}
+
 // Options enum déplacées dans `./carbet-options.ts` pour être importables
 // depuis les composants client (ce fichier-ci est server-only).
diff --git a/src/lib/email.ts b/src/lib/email.ts
index 070370f..4305922 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -207,6 +207,30 @@ export async function sendNewCeRequest(
   });
 }
 
+export async function sendCeInviteEmail(
+  to: string,
+  orgName: string,
+  inviteUrl: string,
+  inviterName?: string | null,
+): Promise<void> {
+  const intro = inviterName
+    ? `<strong>${inviterName}</strong> vous invite à rejoindre`
+    : "Vous êtes invité à rejoindre";
+  await sendEmail({
+    to,
+    subject: `Invitation à rejoindre « ${orgName} » sur Karbé`,
+    html: wrap(
+      `Invitation Karbé — ${orgName}`,
+      `<p>${intro} le Comité d'Entreprise <strong>${orgName}</strong> sur Karbé.</p>
+       <p>Cliquez sur le bouton ci-dessous pour créer votre compte CE_MEMBER et accéder aux carbets et matériel de votre CE :</p>
+       <p><a href="${inviteUrl}" style="display:inline-block;background:#16a34a;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Rejoindre ${orgName}</a></p>
+       <p style="font-size:12px;color:#71717a;">Lien valable 14 jours. Si vous n'êtes pas le destinataire attendu, ignorez cet email.</p>
+       <p style="font-size:11px;color:#a1a1aa;word-break:break-all;">Lien direct : ${inviteUrl}</p>`,
+    ),
+    text: `${intro.replace(/<[^>]+>/g, "")} le CE ${orgName} sur Karbé : ${inviteUrl}`,
+  });
+}
+
 export async function sendCeApproved(
   to: string,
   firstName: string,

From c564028ca996422470732391cbb7dc55e6642ce0 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Wed, 3 Jun 2026 02:17:58 +0000
Subject: [PATCH 42/47] =?UTF-8?q?feat(rental):=20Sprint=20M=20=E2=80=94=20?=
 =?UTF-8?q?refonds=20+=20annulations=20Stripe?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Politique de remboursement v1 :
- > 7 jours du début → FULL (location + caution)
- 1 à 7 jours → PARTIAL_50 (50% location + caution intégrale)
- < 24h ou passé → DEPOSIT_ONLY (caution seulement, pas de remboursement
  sur la location)

src/lib/rental-refund.ts (NEW) : computeRentalRefund({startDate,
itemsTotal, depositTotal}) → { itemsRefund, depositRefund, totalRefund,
policy, policyLabel }. Arrondi au centime, support de Decimal.

POST /api/rentals/[id]/cancel :
- Auth multi-rôle : tenant de la booking, RENTAL_PROVIDER nominal ou
  CE_MANAGER de l'org du provider, ADMIN. Détecte `cancelledBy` pour
  adapter l'email.
- Refuse si status ∉ {PENDING, CONFIRMED} (HANDED_OVER → non
  annulable, contacter Karbé).
- Calcule le refund selon la politique.
- Stripe refund best-effort si paymentStatus=SUCCEEDED + stripeSessionId
  existante + isStripeConfigured + totalRefund > 0. Retrieve session →
  payment_intent → refunds.create. Échec Stripe = audit-logged mais
  le flip status continue (l'asso pourra rembourser manuellement).
- Transaction : update RentalBooking (CANCELLED + paymentStatus
  REFUNDED si SUCCEEDED sinon FAILED) + delete RentalItemAvailability
  (libère stock).
- Audit log rental.cancel avec montants, policy, cancelledBy,
  stripeRefundId, stripeRefundError.
- Email best-effort : sendRentalCancelled à tenant + provider (sauf si
  provider est le canceller).

src/components/CancelRentalButton.tsx : composant client confirm dialog
inline avec textarea motif (max 500 chars). Branché sur :
- /mes-locations : « Annuler ma location » sur résa PENDING/CONFIRMED
- BookingDecision (utilisé par /espace-prestataire/reservations ET
  /espace-ce/materiel/reservations) : remplace l'ancienne mini-confirm
  qui flippait juste le status, désormais via la vraie API refund

sendRentalCancelled email : adapté selon cancelledBy ("Vous avez annulé"
/ "<Provider> a annulé" / "L'équipe Karbé a annulé").

tests/lib/rental-refund.test.ts : 8 cas (FULL @ 10+ et 7j, PARTIAL_50,
DEPOSIT_ONLY < 24h et passé, arrondi centime, zéro caution, policyLabel).
Total projet : 70/70 ✓.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/api/rentals/[id]/cancel/route.ts      | 193 ++++++++++++++++++
 .../_components/BookingDecision.tsx           |  37 +---
 src/app/mes-locations/page.tsx                |   7 +
 src/components/CancelRentalButton.tsx         | 100 +++++++++
 src/lib/email.ts                              |  32 +++
 src/lib/rental-refund.ts                      |  73 +++++++
 tests/lib/rental-refund.test.ts               |  95 +++++++++
 7 files changed, 503 insertions(+), 34 deletions(-)
 create mode 100644 src/app/api/rentals/[id]/cancel/route.ts
 create mode 100644 src/components/CancelRentalButton.tsx
 create mode 100644 src/lib/rental-refund.ts
 create mode 100644 tests/lib/rental-refund.test.ts

diff --git a/src/app/api/rentals/[id]/cancel/route.ts b/src/app/api/rentals/[id]/cancel/route.ts
new file mode 100644
index 0000000..49aa9ec
--- /dev/null
+++ b/src/app/api/rentals/[id]/cancel/route.ts
@@ -0,0 +1,193 @@
+import { NextResponse } from "next/server";
+
+import { auth } from "@/auth";
+import {
+  PaymentStatus,
+  RentalBookingStatus,
+  UserRole,
+} from "@/generated/prisma/enums";
+import { recordAudit } from "@/lib/admin/audit";
+import { canManageRentalProvider } from "@/lib/rental-access";
+import { sendRentalCancelled } from "@/lib/email";
+import { isStripeConfigured, getStripeClient } from "@/lib/stripe";
+import { prisma } from "@/lib/prisma";
+import { computeRentalRefund } from "@/lib/rental-refund";
+
+export const runtime = "nodejs";
+
+const CANCELLABLE_STATUSES: RentalBookingStatus[] = [
+  RentalBookingStatus.PENDING,
+  RentalBookingStatus.CONFIRMED,
+];
+
+type Body = { reason?: string };
+
+export async function POST(
+  req: Request,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  const session = await auth();
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: "Non authentifié." }, { status: 401 });
+  }
+  const { id } = await params;
+  const body: Body = await req.json().catch(() => ({}));
+  const reason = body.reason?.toString().trim().slice(0, 500) ?? null;
+
+  const rb = await prisma.rentalBooking.findUnique({
+    where: { id },
+    include: {
+      provider: { select: { id: true, name: true, contactEmail: true, organizationId: true } },
+      tenant: { select: { id: true, email: true, firstName: true } },
+      lines: { select: { qty: true, item: { select: { name: true } } } },
+    },
+  });
+  if (!rb) {
+    return NextResponse.json({ error: "Réservation introuvable." }, { status: 404 });
+  }
+
+  // Détecte qui annule pour l'auth + l'email :
+  // - tenant de la booking
+  // - provider's manager (RENTAL_PROVIDER nominal ou CE_MANAGER de l'org du provider)
+  // - admin
+  const role = session.user.role;
+  const isTenant = rb.tenantId === session.user.id;
+  const isAdmin = role === UserRole.ADMIN;
+  const canManage = await canManageRentalProvider(
+    session.user.id,
+    role,
+    rb.providerId,
+    session.user.organizationId,
+  );
+  const cancelledBy: "tenant" | "provider" | "admin" = isAdmin
+    ? "admin"
+    : canManage
+      ? "provider"
+      : "tenant";
+
+  if (!isAdmin && !canManage && !isTenant) {
+    return NextResponse.json({ error: "Accès refusé." }, { status: 403 });
+  }
+
+  if (!CANCELLABLE_STATUSES.includes(rb.status)) {
+    return NextResponse.json(
+      { error: `Impossible d'annuler une réservation en statut ${rb.status}.` },
+      { status: 409 },
+    );
+  }
+
+  // Calcule le remboursement selon la politique
+  const refund = computeRentalRefund({
+    startDate: rb.startDate,
+    itemsTotal: rb.itemsTotal,
+    depositTotal: rb.depositTotal,
+  });
+
+  // Stripe refund best-effort si paiement déjà SUCCEEDED + session Stripe existante
+  let stripeRefundId: string | null = null;
+  let stripeRefundError: string | null = null;
+  if (
+    rb.paymentStatus === PaymentStatus.SUCCEEDED &&
+    rb.stripeSessionId &&
+    isStripeConfigured() &&
+    refund.totalRefund.gt(0)
+  ) {
+    try {
+      const stripe = getStripeClient();
+      const sess = await stripe.checkout.sessions.retrieve(rb.stripeSessionId, {
+        expand: ["payment_intent"],
+      });
+      const piId =
+        typeof sess.payment_intent === "string"
+          ? sess.payment_intent
+          : sess.payment_intent?.id;
+      if (piId) {
+        const stripeRefund = await stripe.refunds.create({
+          payment_intent: piId,
+          amount: Math.round(Number(refund.totalRefund) * 100),
+          reason: "requested_by_customer",
+        });
+        stripeRefundId = stripeRefund.id;
+      }
+    } catch (e) {
+      stripeRefundError = e instanceof Error ? e.message : String(e);
+      console.error("[rental.cancel] Stripe refund failed:", stripeRefundError);
+    }
+  }
+
+  // Transaction : update booking + delete availability blocks
+  await prisma.$transaction([
+    prisma.rentalBooking.update({
+      where: { id },
+      data: {
+        status: RentalBookingStatus.CANCELLED,
+        paymentStatus:
+          rb.paymentStatus === PaymentStatus.SUCCEEDED
+            ? PaymentStatus.REFUNDED
+            : PaymentStatus.FAILED,
+      },
+    }),
+    prisma.rentalItemAvailability.deleteMany({
+      where: { rentalBookingId: id },
+    }),
+  ]);
+
+  await recordAudit({
+    scope: "rental",
+    event: "rental.cancel",
+    target: id,
+    actorEmail: session.user.email ?? null,
+    details: {
+      cancelledBy,
+      reason,
+      policy: refund.policy,
+      itemsRefund: refund.itemsRefund.toString(),
+      depositRefund: refund.depositRefund.toString(),
+      totalRefund: refund.totalRefund.toString(),
+      stripeRefundId,
+      stripeRefundError,
+    },
+  });
+
+  // Email best-effort : tenant + provider
+  try {
+    await sendRentalCancelled(
+      rb.tenant.email,
+      rb.tenant.firstName,
+      rb.id,
+      rb.provider.name,
+      refund.totalRefund.toString(),
+      rb.currency,
+      refund.policyLabel,
+      cancelledBy,
+    );
+    if (rb.provider.contactEmail && cancelledBy !== "provider") {
+      await sendRentalCancelled(
+        rb.provider.contactEmail,
+        rb.provider.name,
+        rb.id,
+        rb.provider.name,
+        refund.totalRefund.toString(),
+        rb.currency,
+        refund.policyLabel,
+        cancelledBy,
+      );
+    }
+  } catch (e) {
+    console.error("[rental.cancel] email send failed:", e instanceof Error ? e.message : e);
+  }
+
+  return NextResponse.json({
+    ok: true,
+    rentalBookingId: id,
+    refund: {
+      itemsRefund: refund.itemsRefund.toNumber(),
+      depositRefund: refund.depositRefund.toNumber(),
+      totalRefund: refund.totalRefund.toNumber(),
+      policy: refund.policy,
+      policyLabel: refund.policyLabel,
+    },
+    stripeRefundId,
+    stripeRefundError,
+  });
+}
diff --git a/src/app/espace-prestataire/reservations/_components/BookingDecision.tsx b/src/app/espace-prestataire/reservations/_components/BookingDecision.tsx
index 2d6fa77..b38622f 100644
--- a/src/app/espace-prestataire/reservations/_components/BookingDecision.tsx
+++ b/src/app/espace-prestataire/reservations/_components/BookingDecision.tsx
@@ -3,6 +3,7 @@
 import { useState, useTransition } from "react";
 import { useRouter } from "next/navigation";
 
+import { CancelRentalButton } from "@/components/CancelRentalButton";
 import { RentalBookingStatus } from "@/generated/prisma/enums";
 
 import { updateBookingStatusAction } from "../../actions";
@@ -14,14 +15,11 @@ export function BookingDecision({ bookingId, status }: { bookingId: string; stat
   const router = useRouter();
   const [pending, startTransition] = useTransition();
   const [error, setError] = useState<string | null>(null);
-  const [confirmCancel, setConfirmCancel] = useState(false);
-
   function set(next: string) {
     setError(null);
     startTransition(async () => {
       const res = await updateBookingStatusAction(bookingId, next);
       if (res && res.ok === false) setError(res.error);
-      setConfirmCancel(false);
       router.refresh();
     });
   }
@@ -58,37 +56,8 @@ export function BookingDecision({ bookingId, status }: { bookingId: string; stat
           Marquer retourné
         </button>
       ) : null}
-      {status !== RentalBookingStatus.CANCELLED && status !== RentalBookingStatus.RETURNED ? (
-        confirmCancel ? (
-          <div className="flex items-center gap-1.5 rounded border border-rose-300 bg-rose-50 px-2 py-1">
-            <span className="text-xs text-rose-900">Annuler ?</span>
-            <button
-              type="button"
-              onClick={() => set(RentalBookingStatus.CANCELLED)}
-              disabled={pending}
-              className="rounded bg-rose-700 px-2 py-1 text-[11px] font-semibold text-white hover:bg-rose-800 disabled:opacity-50"
-            >
-              Oui
-            </button>
-            <button
-              type="button"
-              onClick={() => setConfirmCancel(false)}
-              disabled={pending}
-              className="text-[11px] text-zinc-500 hover:text-zinc-900"
-            >
-              Non
-            </button>
-          </div>
-        ) : (
-          <button
-            type="button"
-            onClick={() => setConfirmCancel(true)}
-            disabled={pending}
-            className={`${btnBase} border border-rose-300 bg-white text-rose-700 hover:bg-rose-50`}
-          >
-            Annuler
-          </button>
-        )
+      {status === RentalBookingStatus.PENDING || status === RentalBookingStatus.CONFIRMED ? (
+        <CancelRentalButton rentalBookingId={bookingId} label="Annuler" />
       ) : null}
       {error ? <span className="text-xs text-rose-700">{error}</span> : null}
     </div>
diff --git a/src/app/mes-locations/page.tsx b/src/app/mes-locations/page.tsx
index 5e3d737..53f7eb6 100644
--- a/src/app/mes-locations/page.tsx
+++ b/src/app/mes-locations/page.tsx
@@ -1,5 +1,6 @@
 import Link from "next/link";
 
+import { CancelRentalButton } from "@/components/CancelRentalButton";
 import { requireAuth } from "@/lib/authorization";
 import { requirePluginOr404 } from "@/lib/plugins/guard";
 import { prisma } from "@/lib/prisma";
@@ -134,6 +135,12 @@ export default async function MyRentalsPage({ searchParams }: { searchParams: Se
                   {rb.provider.contactEmail ? <span>✉ {rb.provider.contactEmail}</span> : null}
                 </p>
               ) : null}
+
+              {(rb.status === "PENDING" || rb.status === "CONFIRMED") ? (
+                <div className="mt-3 flex justify-end">
+                  <CancelRentalButton rentalBookingId={rb.id} label="Annuler ma location" />
+                </div>
+              ) : null}
             </li>
           ))}
         </ul>
diff --git a/src/components/CancelRentalButton.tsx b/src/components/CancelRentalButton.tsx
new file mode 100644
index 0000000..963f9d8
--- /dev/null
+++ b/src/components/CancelRentalButton.tsx
@@ -0,0 +1,100 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+type Props = {
+  rentalBookingId: string;
+  /** Label adapté au contexte d'appel : « Annuler ma location » côté tenant, etc. */
+  label?: string;
+  /** Affichage compact dans une grille d'actions (pas de margin auto). */
+  compact?: boolean;
+};
+
+export function CancelRentalButton({
+  rentalBookingId,
+  label = "Annuler",
+  compact = false,
+}: Props) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [error, setError] = useState<string | null>(null);
+  const [confirmOpen, setConfirmOpen] = useState(false);
+  const [reason, setReason] = useState("");
+
+  function submit() {
+    setError(null);
+    startTransition(async () => {
+      const res = await fetch(`/api/rentals/${rentalBookingId}/cancel`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ reason }),
+      });
+      const json = await res.json().catch(() => ({}));
+      if (!res.ok) {
+        setError(json?.error || `Erreur ${res.status}`);
+        return;
+      }
+      setConfirmOpen(false);
+      router.refresh();
+    });
+  }
+
+  if (!confirmOpen) {
+    return (
+      <button
+        type="button"
+        onClick={() => setConfirmOpen(true)}
+        className={
+          "rounded-md border border-rose-200 px-3 py-1.5 text-sm text-rose-700 hover:bg-rose-50 " +
+          (compact ? "" : "")
+        }
+      >
+        {label}
+      </button>
+    );
+  }
+
+  return (
+    <div className="rounded-md border border-rose-200 bg-rose-50/50 p-3 text-sm">
+      <p className="font-semibold text-rose-900">Confirmer l&apos;annulation</p>
+      <p className="mt-1 text-xs text-rose-800">
+        Le remboursement est calculé selon la politique : 100 % si annulation à plus de 7 jours,
+        50 % entre 1 et 7 jours, caution seulement à moins de 24h.
+      </p>
+      <label className="mt-2 block">
+        <span className="text-xs text-rose-900">Motif (optionnel)</span>
+        <textarea
+          value={reason}
+          onChange={(e) => setReason(e.target.value)}
+          maxLength={500}
+          rows={2}
+          className="mt-1 w-full rounded border border-rose-200 bg-white px-2 py-1 text-xs"
+          placeholder="Ex. changement de date, indisponibilité…"
+        />
+      </label>
+      {error ? <p className="mt-2 text-xs text-rose-700">{error}</p> : null}
+      <div className="mt-2 flex justify-end gap-2">
+        <button
+          type="button"
+          onClick={() => {
+            setConfirmOpen(false);
+            setError(null);
+          }}
+          disabled={pending}
+          className="rounded-md border border-zinc-300 bg-white px-3 py-1 text-xs text-zinc-700 hover:bg-zinc-50"
+        >
+          Garder la résa
+        </button>
+        <button
+          type="button"
+          onClick={submit}
+          disabled={pending}
+          className="rounded-md bg-rose-600 px-3 py-1 text-xs font-semibold text-white hover:bg-rose-700 disabled:opacity-60"
+        >
+          {pending ? "Annulation…" : "Confirmer"}
+        </button>
+      </div>
+    </div>
+  );
+}
diff --git a/src/lib/email.ts b/src/lib/email.ts
index 4305922..894bf1a 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -355,6 +355,38 @@ export async function sendRentalRequestedProvider(
   });
 }
 
+export async function sendRentalCancelled(
+  to: string,
+  firstName: string,
+  rentalBookingId: string,
+  providerName: string,
+  refundAmount: string,
+  currency: string,
+  policyLabel: string,
+  cancelledBy: "tenant" | "provider" | "admin",
+): Promise<void> {
+  const actor =
+    cancelledBy === "tenant"
+      ? "Vous avez annulé"
+      : cancelledBy === "provider"
+        ? `${providerName} a annulé`
+        : "L'équipe Karbé a annulé";
+  await sendEmail({
+    to,
+    subject: `Location annulée — ${providerName}`,
+    html: wrap(
+      "Location annulée",
+      `<p>Bonjour ${firstName},</p>
+       <p>${actor} votre location auprès de <strong>${providerName}</strong>.</p>
+       <p><strong>Politique appliquée :</strong> ${policyLabel}</p>
+       <p><strong>Remboursement :</strong> ${Number(refundAmount).toFixed(2)} ${currency}</p>
+       <p>Si un paiement avait été reçu, le remboursement est traité par Stripe sous 3-5 jours ouvrés.</p>
+       <p><a href="${SITE_URL}/mes-locations" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Mes locations</a></p>
+       <p style="font-size:11px;color:#71717a;">Référence : ${rentalBookingId}</p>`,
+    ),
+  });
+}
+
 export async function sendRentalConfirmed(
   to: string,
   firstName: string,
diff --git a/src/lib/rental-refund.ts b/src/lib/rental-refund.ts
new file mode 100644
index 0000000..4fd77d3
--- /dev/null
+++ b/src/lib/rental-refund.ts
@@ -0,0 +1,73 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+
+const DAY_MS = 24 * 60 * 60 * 1000;
+
+export type RefundPolicy = "FULL" | "PARTIAL_50" | "DEPOSIT_ONLY";
+
+export type RefundCalculation = {
+  /** Montant remboursé sur la location (hors caution). */
+  itemsRefund: Prisma.Decimal;
+  /** Montant remboursé sur la caution (rendue intégralement tant que pas HANDED_OVER). */
+  depositRefund: Prisma.Decimal;
+  /** Total remboursé (itemsRefund + depositRefund). */
+  totalRefund: Prisma.Decimal;
+  policy: RefundPolicy;
+  /** Description lisible de la politique appliquée, à inclure dans l'email. */
+  policyLabel: string;
+};
+
+/**
+ * Politique de remboursement v1 (simple, paramétrable plus tard) :
+ * - Annulation > 7 jours avant le début → remboursement intégral (FULL)
+ * - Annulation entre 1 et 7 jours avant le début → remboursement 50% items + caution intégrale (PARTIAL_50)
+ * - Annulation < 24h avant le début → seulement la caution est rendue (DEPOSIT_ONLY)
+ *
+ * La caution est TOUJOURS rendue tant que le matériel n'a pas été remis
+ * (`HANDED_OVER`), puisqu'elle ne couvre que les dégâts pendant l'usage.
+ */
+export function computeRentalRefund(opts: {
+  startDate: Date;
+  itemsTotal: string | number | Prisma.Decimal;
+  depositTotal: string | number | Prisma.Decimal;
+  now?: Date;
+}): RefundCalculation {
+  const now = opts.now ?? new Date();
+  const msUntilStart = opts.startDate.getTime() - now.getTime();
+  const daysUntilStart = msUntilStart / DAY_MS;
+
+  const itemsDecimal = new Prisma.Decimal(opts.itemsTotal.toString());
+  const depositDecimal = new Prisma.Decimal(opts.depositTotal.toString());
+
+  let policy: RefundPolicy;
+  let itemsRefund: Prisma.Decimal;
+  let policyLabel: string;
+
+  if (daysUntilStart >= 7) {
+    policy = "FULL";
+    itemsRefund = itemsDecimal;
+    policyLabel = "Annulation > 7 jours : remboursement intégral";
+  } else if (daysUntilStart >= 1) {
+    policy = "PARTIAL_50";
+    itemsRefund = itemsDecimal.mul("0.5").toDecimalPlaces(2);
+    policyLabel = "Annulation entre 1 et 7 jours : 50 % du montant location";
+  } else {
+    policy = "DEPOSIT_ONLY";
+    itemsRefund = new Prisma.Decimal(0);
+    policyLabel = "Annulation tardive : caution rendue, location non remboursée";
+  }
+
+  // La caution est toujours rendue tant que pas HANDED_OVER (vérifié côté action
+  // avant d'appeler ce helper).
+  const depositRefund = depositDecimal;
+  const totalRefund = itemsRefund.add(depositRefund).toDecimalPlaces(2);
+
+  return {
+    itemsRefund: itemsRefund.toDecimalPlaces(2),
+    depositRefund: depositRefund.toDecimalPlaces(2),
+    totalRefund,
+    policy,
+    policyLabel,
+  };
+}
diff --git a/tests/lib/rental-refund.test.ts b/tests/lib/rental-refund.test.ts
new file mode 100644
index 0000000..05260a6
--- /dev/null
+++ b/tests/lib/rental-refund.test.ts
@@ -0,0 +1,95 @@
+import { describe, it, expect, vi } from "vitest";
+
+// `server-only` n'est pas résolu sous vitest — stub minimal.
+vi.mock("server-only", () => ({}));
+
+const { computeRentalRefund } = await import("@/lib/rental-refund");
+
+function daysFromNow(d: number): Date {
+  return new Date(Date.now() + d * 24 * 60 * 60 * 1000);
+}
+
+describe("computeRentalRefund", () => {
+  it("FULL refund quand annulation à 10+ jours du début", () => {
+    const r = computeRentalRefund({
+      startDate: daysFromNow(10),
+      itemsTotal: 100,
+      depositTotal: 50,
+    });
+    expect(r.policy).toBe("FULL");
+    expect(r.itemsRefund.toNumber()).toBe(100);
+    expect(r.depositRefund.toNumber()).toBe(50);
+    expect(r.totalRefund.toNumber()).toBe(150);
+  });
+
+  it("FULL refund pile à 7 jours du début", () => {
+    const r = computeRentalRefund({
+      startDate: daysFromNow(7),
+      itemsTotal: 200,
+      depositTotal: 100,
+    });
+    expect(r.policy).toBe("FULL");
+    expect(r.totalRefund.toNumber()).toBe(300);
+  });
+
+  it("PARTIAL_50 quand annulation entre 1 et 7 jours", () => {
+    const r = computeRentalRefund({
+      startDate: daysFromNow(3),
+      itemsTotal: 200,
+      depositTotal: 100,
+    });
+    expect(r.policy).toBe("PARTIAL_50");
+    expect(r.itemsRefund.toNumber()).toBe(100);
+    expect(r.depositRefund.toNumber()).toBe(100);
+    expect(r.totalRefund.toNumber()).toBe(200);
+  });
+
+  it("DEPOSIT_ONLY quand annulation < 24h", () => {
+    const r = computeRentalRefund({
+      startDate: daysFromNow(0.5),
+      itemsTotal: 200,
+      depositTotal: 100,
+    });
+    expect(r.policy).toBe("DEPOSIT_ONLY");
+    expect(r.itemsRefund.toNumber()).toBe(0);
+    expect(r.depositRefund.toNumber()).toBe(100);
+    expect(r.totalRefund.toNumber()).toBe(100);
+  });
+
+  it("DEPOSIT_ONLY quand startDate déjà passée", () => {
+    const r = computeRentalRefund({
+      startDate: daysFromNow(-1),
+      itemsTotal: 200,
+      depositTotal: 100,
+    });
+    expect(r.policy).toBe("DEPOSIT_ONLY");
+    expect(r.itemsRefund.toNumber()).toBe(0);
+    expect(r.depositRefund.toNumber()).toBe(100);
+  });
+
+  it("arrondit au centime pour PARTIAL_50", () => {
+    const r = computeRentalRefund({
+      startDate: daysFromNow(3),
+      itemsTotal: 33.33,
+      depositTotal: 0,
+    });
+    expect(r.itemsRefund.toNumber()).toBe(16.67); // 33.33 / 2 = 16.665 → arrondi 16.67
+    expect(r.totalRefund.toNumber()).toBe(16.67);
+  });
+
+  it("Zéro caution → totalRefund = itemsRefund", () => {
+    const r = computeRentalRefund({
+      startDate: daysFromNow(10),
+      itemsTotal: 50,
+      depositTotal: 0,
+    });
+    expect(r.depositRefund.toNumber()).toBe(0);
+    expect(r.totalRefund.toNumber()).toBe(50);
+  });
+
+  it("policyLabel contient un texte lisible pour chaque branche", () => {
+    expect(computeRentalRefund({ startDate: daysFromNow(10), itemsTotal: 100, depositTotal: 0 }).policyLabel).toContain("intégral");
+    expect(computeRentalRefund({ startDate: daysFromNow(3), itemsTotal: 100, depositTotal: 0 }).policyLabel).toContain("50");
+    expect(computeRentalRefund({ startDate: daysFromNow(0), itemsTotal: 100, depositTotal: 0 }).policyLabel).toContain("tardive");
+  });
+});

From 0dc560385ddef4d7137290e65bac779624087eed Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Wed, 3 Jun 2026 02:46:01 +0000
Subject: [PATCH 43/47] =?UTF-8?q?feat(analytics):=20Sprint=20N=20=E2=80=94?=
 =?UTF-8?q?=20dashboards=20CE=20+=20admin?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

src/lib/analytics.ts (NEW) — 3 queries server-only :
- getMonthlyRevenueSeries({organizationId?, monthsBack=12}) → 12
  buckets « YYYY-MM » avec carbetRevenue + rentalRevenue + total.
  Scope optionnel par org via memberships (Booking) et
  provider.organizationId (RentalBooking).
- getCarbetsOccupancy({organizationId?, monthsBack=3}) → liste triée
  par occupancyPct avec bookedNights/totalNights pour chaque carbet
  PUBLISHED (filtré par memberships si org).
- getAdminGlobalKpis() → users (total + breakdown par rôle),
  carbetsPublished, bookings/rentals 30j, revenue 30j, top 5 carbets
  + top 5 providers par CA 30j.

src/components/analytics/MonthlyRevenueChart.tsx (NEW) — bar chart
SVG simple (pas de lib externe), stack carbet + rental, grid Y, tooltips
via <title>, légende couleurs. Responsive overflow-x-auto.

/espace-ce/analytics/page.tsx (NEW) :
- 3 KPIs (CA 12 mois total / Carbet / Matériel)
- MonthlyRevenueChart scopé par org
- Liste taux d'occupation carbets 3 derniers mois (barres horizontales)
- Lien ajouté depuis le dashboard /espace-ce

/admin/analytics/page.tsx (NEW) :
- 4 KPIs (utilisateurs, carbets publiés, bookings 30j, CA 30j)
- Breakdown users par rôle (barres horizontales + pourcentages)
- Carte « Activité 30j » avec bookings carbet + locations matériel
- MonthlyRevenueChart global
- Top 5 carbets (CA 30j) + Top 5 prestataires rental (CA 30j)
- Sidebar admin gagne entrée « Analytics » sous « Vue d'ensemble »

Pas de nouvelle dépendance npm — graphiques en SVG natif.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/admin/analytics/page.tsx              | 169 ++++++++++++++
 src/app/espace-ce/analytics/page.tsx          |  95 ++++++++
 src/app/espace-ce/page.tsx                    |   6 +-
 src/components/admin/Sidebar.tsx              |   5 +-
 .../analytics/MonthlyRevenueChart.tsx         | 113 +++++++++
 src/lib/analytics.ts                          | 218 ++++++++++++++++++
 6 files changed, 604 insertions(+), 2 deletions(-)
 create mode 100644 src/app/admin/analytics/page.tsx
 create mode 100644 src/app/espace-ce/analytics/page.tsx
 create mode 100644 src/components/analytics/MonthlyRevenueChart.tsx
 create mode 100644 src/lib/analytics.ts

diff --git a/src/app/admin/analytics/page.tsx b/src/app/admin/analytics/page.tsx
new file mode 100644
index 0000000..0ec2427
--- /dev/null
+++ b/src/app/admin/analytics/page.tsx
@@ -0,0 +1,169 @@
+import Link from "next/link";
+
+import { MonthlyRevenueChart } from "@/components/analytics/MonthlyRevenueChart";
+import { getAdminGlobalKpis, getMonthlyRevenueSeries } from "@/lib/analytics";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Analytics globaux — Karbé admin" };
+
+const ROLE_LABEL: Record<string, string> = {
+  ADMIN: "Admin",
+  OWNER: "Hôte",
+  RENTAL_PROVIDER: "Loueur matériel",
+  CE_MANAGER: "CE Manager",
+  CE_MEMBER: "CE Membre",
+  TOURIST: "Voyageur",
+};
+
+function fmtEur(n: number): string {
+  return n.toLocaleString("fr-FR", { style: "currency", currency: "EUR", maximumFractionDigits: 0 });
+}
+
+export default async function AdminAnalyticsPage() {
+  const [kpis, series] = await Promise.all([
+    getAdminGlobalKpis(),
+    getMonthlyRevenueSeries({ monthsBack: 12 }),
+  ]);
+
+  return (
+    <div className="mx-auto max-w-6xl space-y-6">
+      <header className="mt-2">
+        <h1 className="text-2xl font-semibold text-zinc-900">Analytics globaux</h1>
+        <p className="mt-1 text-sm text-zinc-500">
+          Vue d&apos;ensemble plateforme : utilisateurs, activité 30 derniers jours, top performers.
+        </p>
+      </header>
+
+      <section className="grid grid-cols-2 gap-3 sm:grid-cols-4">
+        <KpiCard label="Utilisateurs" value={kpis.usersTotal} />
+        <KpiCard label="Carbets publiés" value={kpis.carbetsPublished} />
+        <KpiCard label="Bookings 30j" value={kpis.bookings30d} />
+        <KpiCard label="CA 30j" value={fmtEur(kpis.revenue30d)} />
+      </section>
+
+      <section className="grid gap-4 lg:grid-cols-2">
+        <div className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+          <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+            Utilisateurs par rôle
+          </h2>
+          {kpis.usersTotal === 0 ? (
+            <p className="text-sm text-zinc-500">Aucun utilisateur.</p>
+          ) : (
+            <ul className="space-y-1.5 text-sm">
+              {Object.entries(kpis.usersByRole)
+                .sort((a, b) => b[1] - a[1])
+                .map(([role, count]) => {
+                  const pct = Math.round((count / kpis.usersTotal) * 100);
+                  return (
+                    <li key={role}>
+                      <div className="flex items-baseline justify-between">
+                        <span className="text-zinc-700">{ROLE_LABEL[role] ?? role}</span>
+                        <span className="font-mono text-xs text-zinc-700">
+                          {count} ({pct}%)
+                        </span>
+                      </div>
+                      <div className="mt-0.5 h-1.5 overflow-hidden rounded-full bg-zinc-100">
+                        <div
+                          className="h-full bg-emerald-500"
+                          style={{ width: `${pct}%` }}
+                        />
+                      </div>
+                    </li>
+                  );
+                })}
+            </ul>
+          )}
+        </div>
+
+        <div className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+          <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+            Activité 30 derniers jours
+          </h2>
+          <ul className="space-y-2 text-sm">
+            <li className="flex items-baseline justify-between">
+              <span className="text-zinc-700">Bookings carbet</span>
+              <span className="font-mono font-semibold text-zinc-900">{kpis.bookings30d}</span>
+            </li>
+            <li className="flex items-baseline justify-between">
+              <span className="text-zinc-700">Locations matériel</span>
+              <span className="font-mono font-semibold text-zinc-900">{kpis.rentals30d}</span>
+            </li>
+            <li className="flex items-baseline justify-between border-t border-zinc-100 pt-2">
+              <span className="font-semibold text-zinc-900">Total CA 30j</span>
+              <span className="font-mono font-semibold text-emerald-700">
+                {fmtEur(kpis.revenue30d)}
+              </span>
+            </li>
+          </ul>
+        </div>
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Chiffre d&apos;affaires mensuel
+        </h2>
+        <MonthlyRevenueChart data={series} />
+      </section>
+
+      <section className="grid gap-4 lg:grid-cols-2">
+        <div className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+          <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+            Top carbets (30j)
+          </h2>
+          {kpis.topCarbets.length === 0 ? (
+            <p className="text-sm text-zinc-500">Aucune réservation sur les 30 derniers jours.</p>
+          ) : (
+            <ul className="space-y-2 text-sm">
+              {kpis.topCarbets.map((c, i) => (
+                <li key={c.carbetId} className="flex items-baseline justify-between">
+                  <span>
+                    <span className="mr-2 text-xs text-zinc-500">#{i + 1}</span>
+                    <Link href={`/admin/carbets/${c.carbetId}`} className="text-zinc-900 hover:underline">
+                      {c.title}
+                    </Link>
+                  </span>
+                  <span className="font-mono text-zinc-700">{fmtEur(c.revenue)}</span>
+                </li>
+              ))}
+            </ul>
+          )}
+        </div>
+
+        <div className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+          <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+            Top prestataires rental (30j)
+          </h2>
+          {kpis.topProviders.length === 0 ? (
+            <p className="text-sm text-zinc-500">Aucune location sur les 30 derniers jours.</p>
+          ) : (
+            <ul className="space-y-2 text-sm">
+              {kpis.topProviders.map((p, i) => (
+                <li key={p.providerId} className="flex items-baseline justify-between">
+                  <span>
+                    <span className="mr-2 text-xs text-zinc-500">#{i + 1}</span>
+                    <Link
+                      href={`/admin/rental-providers/${p.providerId}`}
+                      className="text-zinc-900 hover:underline"
+                    >
+                      {p.name}
+                    </Link>
+                  </span>
+                  <span className="font-mono text-zinc-700">{fmtEur(p.revenue)}</span>
+                </li>
+              ))}
+            </ul>
+          )}
+        </div>
+      </section>
+    </div>
+  );
+}
+
+function KpiCard({ label, value }: { label: string; value: string | number }) {
+  return (
+    <div className="rounded-lg border border-zinc-200 bg-white px-4 py-3 shadow-sm">
+      <div className="text-[10px] uppercase tracking-wider text-zinc-500">{label}</div>
+      <div className="mt-1 text-2xl font-semibold text-zinc-900 font-mono">{value}</div>
+    </div>
+  );
+}
diff --git a/src/app/espace-ce/analytics/page.tsx b/src/app/espace-ce/analytics/page.tsx
new file mode 100644
index 0000000..c9fc2be
--- /dev/null
+++ b/src/app/espace-ce/analytics/page.tsx
@@ -0,0 +1,95 @@
+import Link from "next/link";
+import { redirect } from "next/navigation";
+
+import { MonthlyRevenueChart } from "@/components/analytics/MonthlyRevenueChart";
+import { getCarbetsOccupancy, getMonthlyRevenueSeries } from "@/lib/analytics";
+import { getCurrentCeOrganization } from "@/lib/ce-access";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Analytics CE — Karbé" };
+
+function fmtEur(n: number): string {
+  return n.toLocaleString("fr-FR", { style: "currency", currency: "EUR", maximumFractionDigits: 0 });
+}
+
+export default async function CeAnalyticsPage() {
+  const org = await getCurrentCeOrganization();
+  if (!org) redirect("/admin/organizations");
+
+  const [series, occupancy] = await Promise.all([
+    getMonthlyRevenueSeries({ organizationId: org.id, monthsBack: 12 }),
+    getCarbetsOccupancy({ organizationId: org.id, monthsBack: 3 }),
+  ]);
+
+  const total12m = series.reduce((s, p) => s + p.total, 0);
+  const totalCarbet12m = series.reduce((s, p) => s + p.carbetRevenue, 0);
+  const totalRental12m = series.reduce((s, p) => s + p.rentalRevenue, 0);
+
+  return (
+    <main className="mx-auto max-w-5xl px-6 py-10 space-y-6">
+      <header>
+        <Link href="/espace-ce" className="text-xs text-zinc-500 hover:text-zinc-900">
+          ← Tableau de bord CE
+        </Link>
+        <h1 className="mt-1 text-3xl font-semibold text-zinc-900">
+          Analytics — {org.name}
+        </h1>
+        <p className="mt-1 text-sm text-zinc-600">
+          Chiffre d&apos;affaires des 12 derniers mois et taux d&apos;occupation des carbets co-gérés.
+        </p>
+      </header>
+
+      <section className="grid grid-cols-2 gap-3 sm:grid-cols-3">
+        <KpiCard label="CA 12 mois" value={fmtEur(total12m)} />
+        <KpiCard label="dont Carbet" value={fmtEur(totalCarbet12m)} />
+        <KpiCard label="dont Matériel" value={fmtEur(totalRental12m)} />
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Chiffre d&apos;affaires mensuel
+        </h2>
+        <MonthlyRevenueChart data={series} />
+      </section>
+
+      <section className="rounded-lg border border-zinc-200 bg-white p-5 shadow-sm">
+        <h2 className="mb-3 text-sm font-semibold uppercase tracking-wider text-zinc-500">
+          Taux d&apos;occupation des carbets (3 derniers mois)
+        </h2>
+        {occupancy.length === 0 ? (
+          <p className="text-sm text-zinc-500">Pas encore de carbet publié.</p>
+        ) : (
+          <ul className="space-y-2">
+            {occupancy.map((c) => (
+              <li key={c.carbetId}>
+                <div className="flex items-baseline justify-between text-sm">
+                  <Link href={`/carbets/${c.slug}`} className="font-medium text-zinc-900 hover:underline">
+                    {c.title}
+                  </Link>
+                  <span className="font-mono text-zinc-700">
+                    {c.occupancyPct} % ({c.bookedNights}/{c.totalNights} nuits)
+                  </span>
+                </div>
+                <div className="mt-1 h-2 overflow-hidden rounded-full bg-zinc-100">
+                  <div
+                    className="h-full bg-emerald-500"
+                    style={{ width: `${Math.min(100, c.occupancyPct)}%` }}
+                  />
+                </div>
+              </li>
+            ))}
+          </ul>
+        )}
+      </section>
+    </main>
+  );
+}
+
+function KpiCard({ label, value }: { label: string; value: string }) {
+  return (
+    <div className="rounded-lg border border-zinc-200 bg-white px-4 py-3 shadow-sm">
+      <div className="text-[10px] uppercase tracking-wider text-zinc-500">{label}</div>
+      <div className="mt-1 text-xl font-semibold text-zinc-900 font-mono">{value}</div>
+    </div>
+  );
+}
diff --git a/src/app/espace-ce/page.tsx b/src/app/espace-ce/page.tsx
index 0a5251d..a730184 100644
--- a/src/app/espace-ce/page.tsx
+++ b/src/app/espace-ce/page.tsx
@@ -85,7 +85,11 @@ export default async function CeDashboardPage() {
       </section>
 
       <p className="text-xs text-zinc-500">
-        Gérez aussi vos{" "}
+        Voir aussi vos{" "}
+        <Link href="/espace-ce/analytics" className="text-zinc-700 underline hover:text-zinc-900">
+          analytics CA & occupation
+        </Link>{" "}
+        et gérez vos{" "}
         <Link href="/espace-ce/membres" className="text-zinc-700 underline hover:text-zinc-900">
           membres et invitations CE
         </Link>
diff --git a/src/components/admin/Sidebar.tsx b/src/components/admin/Sidebar.tsx
index ad30de2..ddd52ad 100644
--- a/src/components/admin/Sidebar.tsx
+++ b/src/components/admin/Sidebar.tsx
@@ -108,7 +108,10 @@ const ICONS = {
 const GROUPS: NavGroup[] = [
   {
     label: "Vue d'ensemble",
-    items: [{ href: "/admin", label: "Dashboard", icon: ICONS.dashboard }],
+    items: [
+      { href: "/admin", label: "Dashboard", icon: ICONS.dashboard },
+      { href: "/admin/analytics", label: "Analytics", icon: ICONS.dashboard },
+    ],
   },
   {
     label: "Catalogue",
diff --git a/src/components/analytics/MonthlyRevenueChart.tsx b/src/components/analytics/MonthlyRevenueChart.tsx
new file mode 100644
index 0000000..b65f6b9
--- /dev/null
+++ b/src/components/analytics/MonthlyRevenueChart.tsx
@@ -0,0 +1,113 @@
+/**
+ * Bar chart SVG simple — pas de lib externe. Stack carbetRevenue + rentalRevenue.
+ * Affiche les 12 derniers mois en barres verticales.
+ */
+type Point = {
+  month: string;
+  carbetRevenue: number;
+  rentalRevenue: number;
+  total: number;
+};
+
+const MONTH_LABEL = ["jan", "fév", "mar", "avr", "mai", "jun", "jul", "aoû", "sep", "oct", "nov", "déc"];
+
+function shortMonth(ym: string): string {
+  const [, m] = ym.split("-");
+  return MONTH_LABEL[parseInt(m, 10) - 1] ?? ym;
+}
+
+function fmtEur(n: number): string {
+  return n.toLocaleString("fr-FR", { style: "currency", currency: "EUR", maximumFractionDigits: 0 });
+}
+
+export function MonthlyRevenueChart({ data }: { data: Point[] }) {
+  const max = Math.max(1, ...data.map((d) => d.total));
+  const width = Math.max(360, data.length * 40);
+  const height = 180;
+  const padBottom = 24;
+  const padTop = 8;
+  const barWidth = width / data.length - 8;
+  const usableHeight = height - padTop - padBottom;
+
+  return (
+    <div className="overflow-x-auto">
+      <svg
+        viewBox={`0 0 ${width} ${height}`}
+        className="w-full max-w-full"
+        role="img"
+        aria-label="Chiffre d'affaires mensuel"
+      >
+        {/* Y-axis grid */}
+        {[0, 0.25, 0.5, 0.75, 1].map((p) => {
+          const y = padTop + usableHeight * (1 - p);
+          return (
+            <g key={p}>
+              <line x1={36} x2={width} y1={y} y2={y} stroke="#e4e4e7" strokeWidth={1} strokeDasharray="2 4" />
+              <text x={4} y={y + 3} fontSize={9} fill="#71717a">
+                {fmtEur(max * p)}
+              </text>
+            </g>
+          );
+        })}
+
+        {data.map((d, i) => {
+          const x = 40 + i * (width / data.length) + 4;
+          const carbetH = (d.carbetRevenue / max) * usableHeight;
+          const rentalH = (d.rentalRevenue / max) * usableHeight;
+          const baseY = padTop + usableHeight;
+          return (
+            <g key={d.month}>
+              {/* Carbet revenue (bas) */}
+              {carbetH > 0 ? (
+                <rect
+                  x={x}
+                  y={baseY - carbetH}
+                  width={barWidth}
+                  height={carbetH}
+                  fill="#059669"
+                  rx={2}
+                >
+                  <title>
+                    Carbet {d.month} : {fmtEur(d.carbetRevenue)}
+                  </title>
+                </rect>
+              ) : null}
+              {/* Rental revenue (top de la stack) */}
+              {rentalH > 0 ? (
+                <rect
+                  x={x}
+                  y={baseY - carbetH - rentalH}
+                  width={barWidth}
+                  height={rentalH}
+                  fill="#f59e0b"
+                  rx={2}
+                >
+                  <title>
+                    Matériel {d.month} : {fmtEur(d.rentalRevenue)}
+                  </title>
+                </rect>
+              ) : null}
+              <text
+                x={x + barWidth / 2}
+                y={height - 6}
+                fontSize={10}
+                textAnchor="middle"
+                fill="#71717a"
+              >
+                {shortMonth(d.month)}
+              </text>
+            </g>
+          );
+        })}
+      </svg>
+      <div className="mt-2 flex flex-wrap items-center gap-3 text-[11px] text-zinc-600">
+        <span className="flex items-center gap-1">
+          <span className="inline-block h-2.5 w-2.5 rounded-sm bg-emerald-600" /> Carbet
+        </span>
+        <span className="flex items-center gap-1">
+          <span className="inline-block h-2.5 w-2.5 rounded-sm bg-amber-500" /> Matériel rental
+        </span>
+      </div>
+    </div>
+  );
+}
diff --git a/src/lib/analytics.ts b/src/lib/analytics.ts
new file mode 100644
index 0000000..697e5d9
--- /dev/null
+++ b/src/lib/analytics.ts
@@ -0,0 +1,218 @@
+import "server-only";
+
+import {
+  BookingStatus,
+  RentalBookingStatus,
+} from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+const MONTH_MS = 30 * 24 * 60 * 60 * 1000;
+
+export type MonthlyRevenuePoint = {
+  /** "YYYY-MM" */
+  month: string;
+  carbetRevenue: number;
+  rentalRevenue: number;
+  total: number;
+};
+
+/**
+ * CA mensuel sur les 12 derniers mois calendaires.
+ * Scope optionnel par organisation CE — filtre via Carbet.organizations (memberships)
+ * et RentalProvider.organizationId.
+ */
+export async function getMonthlyRevenueSeries(opts: {
+  organizationId?: string;
+  monthsBack?: number;
+} = {}): Promise<MonthlyRevenuePoint[]> {
+  const monthsBack = opts.monthsBack ?? 12;
+  const since = new Date();
+  since.setMonth(since.getMonth() - monthsBack);
+  since.setDate(1);
+  since.setHours(0, 0, 0, 0);
+
+  const carbetWhere = {
+    status: BookingStatus.CONFIRMED,
+    createdAt: { gte: since },
+    ...(opts.organizationId
+      ? { carbet: { organizations: { some: { organizationId: opts.organizationId } } } }
+      : {}),
+  };
+  const rentalWhere = {
+    status: { in: [RentalBookingStatus.CONFIRMED, RentalBookingStatus.HANDED_OVER, RentalBookingStatus.RETURNED] },
+    createdAt: { gte: since },
+    ...(opts.organizationId ? { provider: { organizationId: opts.organizationId } } : {}),
+  };
+
+  const [bookings, rentals] = await Promise.all([
+    prisma.booking.findMany({
+      where: carbetWhere,
+      select: { amount: true, createdAt: true },
+    }),
+    prisma.rentalBooking.findMany({
+      where: rentalWhere,
+      select: { amount: true, createdAt: true },
+    }),
+  ]);
+
+  const map = new Map<string, MonthlyRevenuePoint>();
+  for (let i = 0; i < monthsBack; i++) {
+    const d = new Date();
+    d.setMonth(d.getMonth() - (monthsBack - 1 - i));
+    const key = `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}`;
+    map.set(key, { month: key, carbetRevenue: 0, rentalRevenue: 0, total: 0 });
+  }
+  for (const b of bookings) {
+    const key = `${b.createdAt.getFullYear()}-${String(b.createdAt.getMonth() + 1).padStart(2, "0")}`;
+    const p = map.get(key);
+    if (p) p.carbetRevenue += Number(b.amount);
+  }
+  for (const r of rentals) {
+    const key = `${r.createdAt.getFullYear()}-${String(r.createdAt.getMonth() + 1).padStart(2, "0")}`;
+    const p = map.get(key);
+    if (p) p.rentalRevenue += Number(r.amount);
+  }
+  for (const p of map.values()) p.total = p.carbetRevenue + p.rentalRevenue;
+  return Array.from(map.values());
+}
+
+export type CarbetOccupancy = {
+  carbetId: string;
+  title: string;
+  slug: string;
+  totalNights: number;
+  bookedNights: number;
+  occupancyPct: number;
+};
+
+/**
+ * Taux d'occupation des carbets sur la fenêtre `monthsBack` (par défaut 3).
+ * Calcule (nuits réservées CONFIRMED ∩ fenêtre) / (totalNights de la fenêtre) en %.
+ */
+export async function getCarbetsOccupancy(opts: {
+  organizationId?: string;
+  monthsBack?: number;
+} = {}): Promise<CarbetOccupancy[]> {
+  const monthsBack = opts.monthsBack ?? 3;
+  const since = new Date(Date.now() - monthsBack * MONTH_MS);
+  const now = new Date();
+  const totalNights = Math.max(1, Math.floor((now.getTime() - since.getTime()) / 86_400_000));
+
+  const carbets = await prisma.carbet.findMany({
+    where: {
+      status: "PUBLISHED",
+      ...(opts.organizationId
+        ? { organizations: { some: { organizationId: opts.organizationId } } }
+        : {}),
+    },
+    select: {
+      id: true,
+      title: true,
+      slug: true,
+      bookings: {
+        where: {
+          status: BookingStatus.CONFIRMED,
+          startDate: { lt: now },
+          endDate: { gt: since },
+        },
+        select: { startDate: true, endDate: true },
+      },
+    },
+  });
+
+  return carbets
+    .map((c) => {
+      const booked = c.bookings.reduce((sum, b) => {
+        const start = Math.max(b.startDate.getTime(), since.getTime());
+        const end = Math.min(b.endDate.getTime(), now.getTime());
+        return sum + Math.max(0, Math.floor((end - start) / 86_400_000));
+      }, 0);
+      const occupancyPct = Math.round((booked / totalNights) * 1000) / 10;
+      return {
+        carbetId: c.id,
+        title: c.title,
+        slug: c.slug,
+        totalNights,
+        bookedNights: booked,
+        occupancyPct,
+      };
+    })
+    .sort((a, b) => b.occupancyPct - a.occupancyPct);
+}
+
+export type AdminGlobalKpis = {
+  usersTotal: number;
+  usersByRole: Record<string, number>;
+  carbetsPublished: number;
+  bookings30d: number;
+  rentals30d: number;
+  revenue30d: number;
+  topCarbets: { carbetId: string; title: string; slug: string; revenue: number }[];
+  topProviders: { providerId: string; name: string; revenue: number }[];
+};
+
+export async function getAdminGlobalKpis(): Promise<AdminGlobalKpis> {
+  const since = new Date(Date.now() - 30 * 86_400_000);
+
+  const [usersByRoleRows, carbetsPublished, bookings30d, rentals30d] = await Promise.all([
+    prisma.user.groupBy({
+      by: ["role"],
+      _count: { _all: true },
+    }),
+    prisma.carbet.count({ where: { status: "PUBLISHED" } }),
+    prisma.booking.findMany({
+      where: { status: BookingStatus.CONFIRMED, createdAt: { gte: since } },
+      select: { amount: true, carbetId: true, carbet: { select: { title: true, slug: true } } },
+    }),
+    prisma.rentalBooking.findMany({
+      where: {
+        status: { in: [RentalBookingStatus.CONFIRMED, RentalBookingStatus.HANDED_OVER, RentalBookingStatus.RETURNED] },
+        createdAt: { gte: since },
+      },
+      select: { amount: true, providerId: true, provider: { select: { name: true } } },
+    }),
+  ]);
+
+  const usersByRole: Record<string, number> = {};
+  let usersTotal = 0;
+  for (const row of usersByRoleRows) {
+    usersByRole[row.role] = row._count._all;
+    usersTotal += row._count._all;
+  }
+
+  const carbetAgg = new Map<string, { title: string; slug: string; revenue: number }>();
+  for (const b of bookings30d) {
+    const v = carbetAgg.get(b.carbetId) ?? { title: b.carbet.title, slug: b.carbet.slug, revenue: 0 };
+    v.revenue += Number(b.amount);
+    carbetAgg.set(b.carbetId, v);
+  }
+  const topCarbets = Array.from(carbetAgg.entries())
+    .map(([carbetId, v]) => ({ carbetId, ...v }))
+    .sort((a, b) => b.revenue - a.revenue)
+    .slice(0, 5);
+
+  const providerAgg = new Map<string, { name: string; revenue: number }>();
+  for (const r of rentals30d) {
+    const v = providerAgg.get(r.providerId) ?? { name: r.provider.name, revenue: 0 };
+    v.revenue += Number(r.amount);
+    providerAgg.set(r.providerId, v);
+  }
+  const topProviders = Array.from(providerAgg.entries())
+    .map(([providerId, v]) => ({ providerId, ...v }))
+    .sort((a, b) => b.revenue - a.revenue)
+    .slice(0, 5);
+
+  const bookingsRevenue = bookings30d.reduce((s, b) => s + Number(b.amount), 0);
+  const rentalsRevenue = rentals30d.reduce((s, r) => s + Number(r.amount), 0);
+
+  return {
+    usersTotal,
+    usersByRole,
+    carbetsPublished,
+    bookings30d: bookings30d.length,
+    rentals30d: rentals30d.length,
+    revenue30d: bookingsRevenue + rentalsRevenue,
+    topCarbets,
+    topProviders,
+  };
+}

From 5be62f012fce5cebe5271d56f243c28f67c63974 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Wed, 3 Jun 2026 02:59:16 +0000
Subject: [PATCH 44/47] =?UTF-8?q?feat(rental):=20Sprint=20O=20=E2=80=94=20?=
 =?UTF-8?q?reversements=20prestataires=20(payouts)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Marketplace encaisse centralisé sur System D → besoin de tracer les
virements mensuels aux prestataires tiers. Migration appliquée prod.

Schema :
- Modèle RentalPayoutMark { id, providerId, periodMonth, amount,
  reference, paidAt, paidByEmail }. Unique (providerId, periodMonth)
  → 1 mark = 1 mois = 1 virement par provider.

Lib src/lib/payouts.ts :
- monthKey(d) → 1er du mois minuit UTC (clé de période).
- listProviderPayouts({monthsBack=6}) → grid provider × mois avec
  bookingsCount + grossAmount (itemsTotal) + commission + netAmount
  (gross-commission) + statut paid via RentalPayoutMark. Exclut
  System D (commission 0%, géré par l'asso). Statut « payé » lu
  depuis les marks. Tri : mois desc puis providerName.
- createPayoutMark (idempotent via findUnique avant insert) +
  deletePayoutMark.

Politique : net dû = itemsTotal - commissionAmount (depositTotal
hors flux, collecté par le provider auprès du client). Politique
documentée dans le commentaire en tête de payouts.ts.

/admin/payouts/page.tsx :
- 3 KPIs (À payer / Déjà payé / Mois affichés).
- Une section par mois (6 derniers), tableau provider × CA brut +
  commission + net dû + statut.
- MarkPaidForm : bouton « Marquer payé » → form inline (amount
  pré-rempli avec net dû, reference optionnelle) → action
  markPayoutPaidAction. Statut payé montre amount + ref + bouton
  « Annuler marquage ».

Server actions :
- markPayoutPaidAction (admin only, idempotent, audit
  admin.payouts/payout.mark + payout.already_marked) → envoie
  sendPayoutSent au contactEmail du provider (best-effort).
- unmarkPayoutPaidAction → delete + audit payout.unmark.

Email sendPayoutSent : notification au provider quand un virement est
marqué payé. Inclut amount + reference + lien dashboard.

Sidebar admin gagne entrée « Reversements » sous Activité.

Tests vitest tests/lib/payouts.test.ts (4 cas) : monthKey
normalisation UTC + idempotence + janvier sans bug, formatMonth fr-FR.
Total : 74/74 ✓.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../migration.sql                             |  28 +++
 prisma/schema.prisma                          |  23 ++
 .../payouts/_components/MarkPaidForm.tsx      | 126 ++++++++++
 src/app/admin/payouts/actions.ts              |  96 ++++++++
 src/app/admin/payouts/page.tsx                | 155 +++++++++++++
 src/components/admin/Sidebar.tsx              |   1 +
 src/lib/email.ts                              |  29 +++
 src/lib/payouts.ts                            | 218 ++++++++++++++++++
 tests/lib/payouts.test.ts                     |  37 +++
 9 files changed, 713 insertions(+)
 create mode 100644 prisma/migrations/20260603400000_rental_payout_mark/migration.sql
 create mode 100644 src/app/admin/payouts/_components/MarkPaidForm.tsx
 create mode 100644 src/app/admin/payouts/actions.ts
 create mode 100644 src/app/admin/payouts/page.tsx
 create mode 100644 src/lib/payouts.ts
 create mode 100644 tests/lib/payouts.test.ts

diff --git a/prisma/migrations/20260603400000_rental_payout_mark/migration.sql b/prisma/migrations/20260603400000_rental_payout_mark/migration.sql
new file mode 100644
index 0000000..cff28de
--- /dev/null
+++ b/prisma/migrations/20260603400000_rental_payout_mark/migration.sql
@@ -0,0 +1,28 @@
+-- Sprint O : reversements prestataires.
+-- RentalPayoutMark trace les virements bancaires manuels effectués par System D
+-- vers les RentalProvider tiers (le marketplace encaisse centralisé, redistribue
+-- hors plateforme une fois par mois). Unique (provider, mois) pour empêcher
+-- les marquages en doublon.
+
+CREATE TABLE "RentalPayoutMark" (
+  "id"          TEXT NOT NULL,
+  "providerId"  TEXT NOT NULL,
+  "periodMonth" TIMESTAMP(3) NOT NULL,
+  "amount"      DECIMAL(10, 2) NOT NULL,
+  "reference"   TEXT,
+  "paidAt"      TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  "paidByEmail" TEXT,
+  "createdAt"   TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  CONSTRAINT "RentalPayoutMark_pkey" PRIMARY KEY ("id")
+);
+
+CREATE UNIQUE INDEX "RentalPayoutMark_providerId_periodMonth_key"
+  ON "RentalPayoutMark"("providerId", "periodMonth");
+
+CREATE INDEX "RentalPayoutMark_periodMonth_idx"
+  ON "RentalPayoutMark"("periodMonth");
+
+ALTER TABLE "RentalPayoutMark"
+  ADD CONSTRAINT "RentalPayoutMark_providerId_fkey"
+  FOREIGN KEY ("providerId") REFERENCES "RentalProvider"("id")
+  ON DELETE CASCADE ON UPDATE CASCADE;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
index 4294008..6ae7e3f 100644
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -488,12 +488,35 @@ model RentalProvider {
   organization   Organization?   @relation(fields: [organizationId], references: [id], onDelete: SetNull)
   items          RentalItem[]
   rentalBookings RentalBooking[]
+  payoutMarks    RentalPayoutMark[]
 
   @@index([active, approved])
   @@index([managedByUserId])
   @@index([organizationId])
 }
 
+/// Trace les reversements bancaires manuels (System D paie le provider hors plateforme).
+/// La période est représentée par le mois (1er du mois minuit UTC) ; unique par
+/// (provider, période) pour empêcher de marquer 2 fois le même mois.
+model RentalPayoutMark {
+  id          String    @id @default(cuid())
+  providerId  String
+  /// 1er du mois minuit UTC — sert de clé de période.
+  periodMonth DateTime
+  /// Montant effectivement viré au provider, en euros.
+  amount      Decimal   @db.Decimal(10, 2)
+  /// Référence de virement (optionnelle, à coller depuis la banque).
+  reference   String?
+  paidAt      DateTime  @default(now())
+  paidByEmail String?
+  createdAt   DateTime  @default(now())
+
+  provider RentalProvider @relation(fields: [providerId], references: [id], onDelete: Cascade)
+
+  @@unique([providerId, periodMonth])
+  @@index([periodMonth])
+}
+
 model RentalItem {
   id              String         @id @default(cuid())
   providerId      String
diff --git a/src/app/admin/payouts/_components/MarkPaidForm.tsx b/src/app/admin/payouts/_components/MarkPaidForm.tsx
new file mode 100644
index 0000000..b2129d1
--- /dev/null
+++ b/src/app/admin/payouts/_components/MarkPaidForm.tsx
@@ -0,0 +1,126 @@
+"use client";
+
+import { useState, useTransition } from "react";
+import { useRouter } from "next/navigation";
+
+import type { ProviderPayout } from "@/lib/payouts";
+
+type Props = {
+  payout: ProviderPayout;
+  markAction: (
+    providerId: string,
+    periodMonthISO: string,
+    fd: FormData,
+  ) => Promise<{ ok: false; error: string } | { ok: true; alreadyExists: boolean }>;
+  unmarkAction: (providerId: string, periodMonthISO: string) => Promise<void>;
+};
+
+function fmtEur(n: number): string {
+  return n.toLocaleString("fr-FR", { style: "currency", currency: "EUR" });
+}
+
+export function MarkPaidForm({ payout, markAction, unmarkAction }: Props) {
+  const router = useRouter();
+  const [pending, startTransition] = useTransition();
+  const [opened, setOpened] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+
+  function onSubmit(fd: FormData) {
+    setError(null);
+    startTransition(async () => {
+      const res = await markAction(payout.providerId, payout.periodMonth.toISOString(), fd);
+      if (!res.ok) {
+        setError(res.error);
+        return;
+      }
+      setOpened(false);
+      router.refresh();
+    });
+  }
+
+  function onUnmark() {
+    startTransition(async () => {
+      await unmarkAction(payout.providerId, payout.periodMonth.toISOString());
+      router.refresh();
+    });
+  }
+
+  if (payout.paid) {
+    return (
+      <div className="flex flex-col items-end gap-1 text-right">
+        <span className="rounded-full bg-emerald-100 px-2 py-0.5 text-[10px] font-semibold uppercase tracking-wider text-emerald-800 ring-1 ring-inset ring-emerald-300">
+          Payé {fmtEur(payout.paid.amount)}
+        </span>
+        {payout.paid.reference ? (
+          <span className="font-mono text-[10px] text-zinc-500">Ref : {payout.paid.reference}</span>
+        ) : null}
+        <button
+          type="button"
+          onClick={onUnmark}
+          disabled={pending}
+          className="text-[10px] text-zinc-500 hover:text-rose-700"
+        >
+          Annuler marquage
+        </button>
+      </div>
+    );
+  }
+
+  if (payout.netAmount <= 0) {
+    return <span className="text-[11px] text-zinc-400">—</span>;
+  }
+
+  if (!opened) {
+    return (
+      <button
+        type="button"
+        onClick={() => setOpened(true)}
+        className="rounded-md bg-emerald-600 px-2.5 py-1 text-[11px] font-semibold text-white hover:bg-emerald-700"
+      >
+        Marquer payé
+      </button>
+    );
+  }
+
+  return (
+    <form action={onSubmit} className="flex flex-col items-end gap-1 rounded-md border border-emerald-200 bg-emerald-50/50 p-2">
+      <input
+        type="number"
+        name="amount"
+        step="0.01"
+        min={0}
+        defaultValue={payout.netAmount.toFixed(2)}
+        className="w-24 rounded border border-zinc-300 px-1.5 py-0.5 text-[11px]"
+        required
+      />
+      <input
+        type="text"
+        name="reference"
+        placeholder="Réf. virement"
+        maxLength={100}
+        className="w-32 rounded border border-zinc-300 px-1.5 py-0.5 text-[11px]"
+      />
+      {error ? <span className="text-[10px] text-rose-700">{error}</span> : null}
+      <div className="flex gap-1">
+        <button
+          type="button"
+          onClick={() => {
+            setOpened(false);
+            setError(null);
+          }}
+          disabled={pending}
+          className="text-[10px] text-zinc-500 hover:text-zinc-900"
+        >
+          Annuler
+        </button>
+        <button
+          type="submit"
+          disabled={pending}
+          className="rounded bg-emerald-600 px-2 py-0.5 text-[10px] font-semibold text-white hover:bg-emerald-700"
+        >
+          {pending ? "…" : "Confirmer"}
+        </button>
+      </div>
+    </form>
+  );
+}
diff --git a/src/app/admin/payouts/actions.ts b/src/app/admin/payouts/actions.ts
new file mode 100644
index 0000000..ac92fd2
--- /dev/null
+++ b/src/app/admin/payouts/actions.ts
@@ -0,0 +1,96 @@
+"use server";
+
+import { revalidatePath } from "next/cache";
+
+import { auth } from "@/auth";
+import { UserRole } from "@/generated/prisma/enums";
+import { recordAudit } from "@/lib/admin/audit";
+import { requireRole } from "@/lib/authorization";
+import {
+  createPayoutMark,
+  deletePayoutMark,
+} from "@/lib/payouts";
+import { prisma } from "@/lib/prisma";
+import { sendPayoutSent } from "@/lib/email";
+
+export async function markPayoutPaidAction(
+  providerId: string,
+  periodMonthISO: string,
+  fd: FormData,
+): Promise<{ ok: false; error: string } | { ok: true; alreadyExists: boolean }> {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  const actor = session?.user?.email ?? null;
+  const amount = Number(fd.get("amount") ?? 0);
+  const reference = ((fd.get("reference") as string | null) ?? "").trim() || null;
+
+  if (!Number.isFinite(amount) || amount < 0) {
+    return { ok: false, error: "Montant invalide." };
+  }
+  const periodMonth = new Date(periodMonthISO);
+  if (Number.isNaN(periodMonth.getTime())) {
+    return { ok: false, error: "Période invalide." };
+  }
+
+  const res = await createPayoutMark({
+    providerId,
+    periodMonth,
+    amount,
+    reference,
+    paidByEmail: actor,
+  });
+  if (!res.ok) return res;
+
+  await recordAudit({
+    scope: "admin.payouts",
+    event: res.alreadyExists ? "payout.already_marked" : "payout.mark",
+    target: providerId,
+    actorEmail: actor,
+    details: {
+      periodMonth: periodMonth.toISOString().slice(0, 7),
+      amount,
+      reference,
+    },
+  });
+
+  // Notif provider best-effort (n'envoie que si on a un contactEmail)
+  if (!res.alreadyExists) {
+    try {
+      const provider = await prisma.rentalProvider.findUnique({
+        where: { id: providerId },
+        select: { name: true, contactEmail: true },
+      });
+      if (provider?.contactEmail) {
+        await sendPayoutSent(
+          provider.contactEmail,
+          provider.name,
+          periodMonth,
+          amount.toFixed(2),
+          reference,
+        );
+      }
+    } catch (e) {
+      console.error("[payouts] email send failed:", e instanceof Error ? e.message : e);
+    }
+  }
+
+  revalidatePath("/admin/payouts");
+  return { ok: true, alreadyExists: res.alreadyExists };
+}
+
+export async function unmarkPayoutPaidAction(providerId: string, periodMonthISO: string) {
+  await requireRole([UserRole.ADMIN]);
+  const session = await auth();
+  const actor = session?.user?.email ?? null;
+  const periodMonth = new Date(periodMonthISO);
+  if (Number.isNaN(periodMonth.getTime())) return;
+  await deletePayoutMark(providerId, periodMonth);
+  await recordAudit({
+    scope: "admin.payouts",
+    event: "payout.unmark",
+    target: providerId,
+    actorEmail: actor,
+    details: { periodMonth: periodMonth.toISOString().slice(0, 7) },
+  });
+  revalidatePath("/admin/payouts");
+}
diff --git a/src/app/admin/payouts/page.tsx b/src/app/admin/payouts/page.tsx
new file mode 100644
index 0000000..0c40c19
--- /dev/null
+++ b/src/app/admin/payouts/page.tsx
@@ -0,0 +1,155 @@
+import Link from "next/link";
+
+import { formatMonth, listProviderPayouts } from "@/lib/payouts";
+
+import { markPayoutPaidAction, unmarkPayoutPaidAction } from "./actions";
+import { MarkPaidForm } from "./_components/MarkPaidForm";
+
+export const dynamic = "force-dynamic";
+export const metadata = { title: "Reversements prestataires — Karbé admin" };
+
+function fmtEur(n: number): string {
+  return n.toLocaleString("fr-FR", { style: "currency", currency: "EUR" });
+}
+
+export default async function PayoutsAdminPage() {
+  const payouts = await listProviderPayouts({ monthsBack: 6 });
+
+  // Group by month
+  const byMonth = new Map<number, typeof payouts>();
+  for (const p of payouts) {
+    const k = p.periodMonth.getTime();
+    if (!byMonth.has(k)) byMonth.set(k, []);
+    byMonth.get(k)!.push(p);
+  }
+
+  // Globals
+  const totalDue = payouts
+    .filter((p) => !p.paid && p.netAmount > 0)
+    .reduce((s, p) => s + p.netAmount, 0);
+  const totalPaid = payouts
+    .filter((p) => p.paid)
+    .reduce((s, p) => s + (p.paid!.amount), 0);
+
+  return (
+    <div className="mx-auto max-w-6xl space-y-6">
+      <header className="mt-2">
+        <h1 className="text-2xl font-semibold text-zinc-900">Reversements prestataires</h1>
+        <p className="mt-1 text-sm text-zinc-500">
+          Le marketplace encaisse centralisé sur System D ; voici les montants à reverser à chaque
+          prestataire pour les locations matériel des 6 derniers mois. System D n&apos;apparaît pas
+          dans la liste (commission 0 %).
+        </p>
+      </header>
+
+      <section className="grid grid-cols-2 gap-3 sm:grid-cols-3">
+        <KpiCard label="À payer" value={fmtEur(totalDue)} highlight />
+        <KpiCard label="Déjà payé" value={fmtEur(totalPaid)} />
+        <KpiCard label="Mois affichés" value={`${byMonth.size}`} />
+      </section>
+
+      {Array.from(byMonth.entries())
+        .sort((a, b) => b[0] - a[0])
+        .map(([periodTs, rows]) => {
+          const period = new Date(periodTs);
+          const monthDue = rows
+            .filter((r) => !r.paid && r.netAmount > 0)
+            .reduce((s, r) => s + r.netAmount, 0);
+          return (
+            <section
+              key={periodTs}
+              className="overflow-hidden rounded-lg border border-zinc-200 bg-white shadow-sm"
+            >
+              <header className="flex items-baseline justify-between border-b border-zinc-100 px-4 py-2">
+                <h2 className="text-sm font-semibold uppercase tracking-wider text-zinc-700">
+                  {formatMonth(period)}
+                </h2>
+                <span className="text-xs text-zinc-500">
+                  Reste à payer ce mois :{" "}
+                  <span className="font-mono font-semibold text-zinc-900">{fmtEur(monthDue)}</span>
+                </span>
+              </header>
+              <table className="w-full text-sm">
+                <thead className="border-b border-zinc-100 bg-zinc-50 text-xs uppercase tracking-wider text-zinc-500">
+                  <tr>
+                    <th className="px-3 py-1.5 text-left font-semibold">Prestataire</th>
+                    <th className="px-3 py-1.5 text-right font-semibold">Résa</th>
+                    <th className="px-3 py-1.5 text-right font-semibold">CA brut</th>
+                    <th className="px-3 py-1.5 text-right font-semibold">Commission</th>
+                    <th className="px-3 py-1.5 text-right font-semibold">Net dû</th>
+                    <th className="px-3 py-1.5 text-right font-semibold">Statut</th>
+                  </tr>
+                </thead>
+                <tbody className="divide-y divide-zinc-100">
+                  {rows
+                    .sort((a, b) => b.netAmount - a.netAmount)
+                    .map((p) => (
+                      <tr key={`${p.providerId}-${periodTs}`} className="hover:bg-zinc-50">
+                        <td className="px-3 py-1.5">
+                          <Link
+                            href={`/admin/rental-providers/${p.providerId}`}
+                            className="text-zinc-900 hover:underline"
+                          >
+                            {p.providerName}
+                          </Link>
+                        </td>
+                        <td className="px-3 py-1.5 text-right font-mono text-zinc-700">
+                          {p.bookingsCount}
+                        </td>
+                        <td className="px-3 py-1.5 text-right font-mono text-zinc-700">
+                          {fmtEur(p.grossAmount)}
+                        </td>
+                        <td className="px-3 py-1.5 text-right font-mono text-zinc-700">
+                          {fmtEur(p.commission)}
+                        </td>
+                        <td className="px-3 py-1.5 text-right font-mono font-semibold text-zinc-900">
+                          {fmtEur(p.netAmount)}
+                        </td>
+                        <td className="px-3 py-1.5">
+                          <div className="flex justify-end">
+                            <MarkPaidForm
+                              payout={p}
+                              markAction={markPayoutPaidAction}
+                              unmarkAction={unmarkPayoutPaidAction}
+                            />
+                          </div>
+                        </td>
+                      </tr>
+                    ))}
+                </tbody>
+              </table>
+            </section>
+          );
+        })}
+    </div>
+  );
+}
+
+function KpiCard({
+  label,
+  value,
+  highlight,
+}: {
+  label: string;
+  value: string;
+  highlight?: boolean;
+}) {
+  return (
+    <div
+      className={
+        "rounded-lg border bg-white px-4 py-3 shadow-sm " +
+        (highlight ? "border-emerald-300 bg-emerald-50/40" : "border-zinc-200")
+      }
+    >
+      <div className="text-[10px] uppercase tracking-wider text-zinc-500">{label}</div>
+      <div
+        className={
+          "mt-1 text-2xl font-semibold font-mono " +
+          (highlight ? "text-emerald-700" : "text-zinc-900")
+        }
+      >
+        {value}
+      </div>
+    </div>
+  );
+}
diff --git a/src/components/admin/Sidebar.tsx b/src/components/admin/Sidebar.tsx
index ddd52ad..6eae7d0 100644
--- a/src/components/admin/Sidebar.tsx
+++ b/src/components/admin/Sidebar.tsx
@@ -128,6 +128,7 @@ const GROUPS: NavGroup[] = [
     items: [
       { href: "/admin/bookings", label: "Réservations", icon: ICONS.bookings },
       { href: "/admin/rentals", label: "Locations matériel", icon: ICONS.bookings },
+      { href: "/admin/payouts", label: "Reversements", icon: ICONS.bookings },
       { href: "/admin/reviews", label: "Avis & modération", icon: ICONS.reviews },
     ],
   },
diff --git a/src/lib/email.ts b/src/lib/email.ts
index 894bf1a..7bb7779 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -411,6 +411,35 @@ export async function sendRentalConfirmed(
   });
 }
 
+export async function sendPayoutSent(
+  to: string,
+  providerName: string,
+  periodMonth: Date,
+  amount: string,
+  reference: string | null,
+): Promise<void> {
+  const monthLabel = periodMonth.toLocaleDateString("fr-FR", {
+    timeZone: "UTC",
+    year: "numeric",
+    month: "long",
+  });
+  await sendEmail({
+    to,
+    subject: `Reversement Karbé — ${monthLabel}`,
+    html: wrap(
+      `Reversement ${monthLabel}`,
+      `<p>Bonjour ${providerName},</p>
+       <p>Le reversement de vos locations matériel pour <strong>${monthLabel}</strong> a été effectué :</p>
+       <ul>
+         <li>Montant : <strong>${Number(amount).toFixed(2)} EUR</strong></li>
+         ${reference ? `<li>Référence virement : <code>${reference}</code></li>` : ""}
+       </ul>
+       <p>Vérifiez votre compte bancaire dans les 1 à 3 jours ouvrés. En cas de question, répondez à cet email.</p>
+       <p><a href="${SITE_URL}/espace-prestataire/reservations" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Voir mes réservations</a></p>`,
+    ),
+  });
+}
+
 export async function sendBookingRefunded(
   to: string,
   firstName: string,
diff --git a/src/lib/payouts.ts b/src/lib/payouts.ts
new file mode 100644
index 0000000..7e63e0a
--- /dev/null
+++ b/src/lib/payouts.ts
@@ -0,0 +1,218 @@
+import "server-only";
+
+import { Prisma } from "@/generated/prisma/client";
+import { RentalBookingStatus } from "@/generated/prisma/enums";
+import { prisma } from "@/lib/prisma";
+
+/**
+ * Politique de reversement v1 :
+ * Pour chaque RentalBooking CONFIRMED/HANDED_OVER/RETURNED créée pendant le mois M,
+ * le provider reçoit (itemsTotal + depositTotal - commissionAmount).
+ * Le marketplace garde la commission (commissionAmount) et la caution est restituée
+ * via le provider qui la collecte au remise (hors flux Stripe).
+ *
+ * En pratique : net du au provider = itemsTotal - commissionAmount.
+ * La caution n'est PAS comptée dans le reversement (le provider la collecte
+ * directement auprès du client).
+ */
+
+const COUNTED_STATUSES: RentalBookingStatus[] = [
+  RentalBookingStatus.CONFIRMED,
+  RentalBookingStatus.HANDED_OVER,
+  RentalBookingStatus.RETURNED,
+];
+
+export type ProviderPayout = {
+  providerId: string;
+  providerName: string;
+  isSystemD: boolean;
+  /** 1er du mois minuit UTC. */
+  periodMonth: Date;
+  bookingsCount: number;
+  /** Sum itemsTotal pour le provider × mois. */
+  grossAmount: number;
+  /** Sum commissionAmount. */
+  commission: number;
+  /** Net dû au provider = gross - commission. */
+  netAmount: number;
+  /** Mark déjà enregistrée si payé. */
+  paid: {
+    paidAt: Date;
+    amount: number;
+    reference: string | null;
+    paidByEmail: string | null;
+  } | null;
+};
+
+/**
+ * 1er jour du mois en UTC pour normalisation.
+ */
+export function monthKey(d: Date): Date {
+  return new Date(Date.UTC(d.getUTCFullYear(), d.getUTCMonth(), 1));
+}
+
+export function formatMonth(d: Date): string {
+  return d.toLocaleDateString("fr-FR", {
+    timeZone: "UTC",
+    year: "numeric",
+    month: "long",
+  });
+}
+
+/**
+ * Calcule les reversements à effectuer sur les `monthsBack` derniers mois.
+ * - Exclut System D (commission 0 % et c'est l'asso qui gère).
+ * - Renvoie tous les providers actifs, même ceux à 0 € (pour visibilité).
+ * - Inclut le statut payé/non payé depuis RentalPayoutMark.
+ */
+export async function listProviderPayouts(opts: {
+  monthsBack?: number;
+} = {}): Promise<ProviderPayout[]> {
+  const monthsBack = opts.monthsBack ?? 6;
+  const now = new Date();
+  const earliest = monthKey(
+    new Date(Date.UTC(now.getUTCFullYear(), now.getUTCMonth() - (monthsBack - 1), 1)),
+  );
+
+  const [providers, bookings, marks] = await Promise.all([
+    prisma.rentalProvider.findMany({
+      where: { isSystemD: false },
+      select: { id: true, name: true, isSystemD: true },
+    }),
+    prisma.rentalBooking.findMany({
+      where: {
+        status: { in: COUNTED_STATUSES },
+        createdAt: { gte: earliest },
+        provider: { isSystemD: false },
+      },
+      select: {
+        providerId: true,
+        createdAt: true,
+        itemsTotal: true,
+        commissionAmount: true,
+      },
+    }),
+    prisma.rentalPayoutMark.findMany({
+      where: { periodMonth: { gte: earliest } },
+    }),
+  ]);
+
+  const result: ProviderPayout[] = [];
+  const monthsList: Date[] = [];
+  for (let i = 0; i < monthsBack; i++) {
+    monthsList.push(
+      monthKey(new Date(Date.UTC(now.getUTCFullYear(), now.getUTCMonth() - i, 1))),
+    );
+  }
+
+  // Init grid provider × month avec zéros
+  type Cell = {
+    bookingsCount: number;
+    grossAmount: Prisma.Decimal;
+    commission: Prisma.Decimal;
+  };
+  const grid = new Map<string, Cell>();
+  const cellKey = (providerId: string, periodTs: number) => `${providerId}:${periodTs}`;
+
+  for (const p of providers) {
+    for (const m of monthsList) {
+      grid.set(cellKey(p.id, m.getTime()), {
+        bookingsCount: 0,
+        grossAmount: new Prisma.Decimal(0),
+        commission: new Prisma.Decimal(0),
+      });
+    }
+  }
+
+  // Aggrège les bookings
+  for (const b of bookings) {
+    const period = monthKey(b.createdAt);
+    const k = cellKey(b.providerId, period.getTime());
+    const cell = grid.get(k);
+    if (!cell) continue;
+    cell.bookingsCount++;
+    cell.grossAmount = cell.grossAmount.add(b.itemsTotal);
+    cell.commission = cell.commission.add(b.commissionAmount);
+  }
+
+  // Index des marks
+  const markIndex = new Map<string, (typeof marks)[number]>();
+  for (const m of marks) {
+    markIndex.set(cellKey(m.providerId, m.periodMonth.getTime()), m);
+  }
+
+  // Produit le résultat
+  for (const p of providers) {
+    for (const m of monthsList) {
+      const k = cellKey(p.id, m.getTime());
+      const cell = grid.get(k)!;
+      const net = cell.grossAmount.sub(cell.commission);
+      const mark = markIndex.get(k);
+      result.push({
+        providerId: p.id,
+        providerName: p.name,
+        isSystemD: p.isSystemD,
+        periodMonth: m,
+        bookingsCount: cell.bookingsCount,
+        grossAmount: cell.grossAmount.toDecimalPlaces(2).toNumber(),
+        commission: cell.commission.toDecimalPlaces(2).toNumber(),
+        netAmount: net.toDecimalPlaces(2).toNumber(),
+        paid: mark
+          ? {
+              paidAt: mark.paidAt,
+              amount: Number(mark.amount),
+              reference: mark.reference,
+              paidByEmail: mark.paidByEmail,
+            }
+          : null,
+      });
+    }
+  }
+
+  // Tri : mois décroissant puis provider
+  return result.sort(
+    (a, b) =>
+      b.periodMonth.getTime() - a.periodMonth.getTime() ||
+      a.providerName.localeCompare(b.providerName, "fr"),
+  );
+}
+
+/**
+ * Crée un RentalPayoutMark (idempotent via unique constraint provider+period).
+ */
+export async function createPayoutMark(opts: {
+  providerId: string;
+  periodMonth: Date;
+  amount: number;
+  reference?: string | null;
+  paidByEmail: string | null;
+}): Promise<{ ok: true; alreadyExists: boolean } | { ok: false; error: string }> {
+  const period = monthKey(opts.periodMonth);
+  const existing = await prisma.rentalPayoutMark.findUnique({
+    where: { providerId_periodMonth: { providerId: opts.providerId, periodMonth: period } },
+    select: { id: true },
+  });
+  if (existing) return { ok: true, alreadyExists: true };
+  await prisma.rentalPayoutMark.create({
+    data: {
+      providerId: opts.providerId,
+      periodMonth: period,
+      amount: new Prisma.Decimal(opts.amount),
+      reference: opts.reference ?? null,
+      paidByEmail: opts.paidByEmail,
+    },
+  });
+  return { ok: true, alreadyExists: false };
+}
+
+export async function deletePayoutMark(
+  providerId: string,
+  periodMonth: Date,
+): Promise<void> {
+  const period = monthKey(periodMonth);
+  await prisma.rentalPayoutMark
+    .delete({
+      where: { providerId_periodMonth: { providerId, periodMonth: period } },
+    })
+    .catch(() => {});
+}
diff --git a/tests/lib/payouts.test.ts b/tests/lib/payouts.test.ts
new file mode 100644
index 0000000..dfc0cb9
--- /dev/null
+++ b/tests/lib/payouts.test.ts
@@ -0,0 +1,37 @@
+import { describe, it, expect, vi } from "vitest";
+
+vi.mock("server-only", () => ({}));
+// payouts.ts importe prisma qui jette si DATABASE_URL absent — mock le module entier.
+vi.mock("@/lib/prisma", () => ({ prisma: {} }));
+
+const { monthKey, formatMonth } = await import("@/lib/payouts");
+
+describe("monthKey", () => {
+  it("normalise à minuit UTC du 1er du mois", () => {
+    const k = monthKey(new Date("2026-03-15T14:30:00Z"));
+    expect(k.getUTCFullYear()).toBe(2026);
+    expect(k.getUTCMonth()).toBe(2); // mars = 2 (0-indexed)
+    expect(k.getUTCDate()).toBe(1);
+    expect(k.getUTCHours()).toBe(0);
+    expect(k.getUTCMinutes()).toBe(0);
+  });
+
+  it("idempotent (mêmes inputs → même sortie)", () => {
+    const a = monthKey(new Date("2026-06-30T23:59:59Z"));
+    const b = monthKey(new Date("2026-06-01T00:00:00Z"));
+    expect(a.getTime()).toBe(b.getTime());
+  });
+
+  it("traverse janvier sans bug", () => {
+    const k = monthKey(new Date("2026-01-15T10:00:00Z"));
+    expect(k.toISOString().slice(0, 10)).toBe("2026-01-01");
+  });
+});
+
+describe("formatMonth", () => {
+  it("rend un libellé fr-FR lisible", () => {
+    const label = formatMonth(new Date(Date.UTC(2026, 5, 1)));
+    expect(label).toContain("juin");
+    expect(label).toContain("2026");
+  });
+});

From 18d19538d3269113675e78cf49566113e3b75451 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Wed, 3 Jun 2026 03:13:14 +0000
Subject: [PATCH 45/47] =?UTF-8?q?feat(ce):=20Sprint=20P=20=E2=80=94=20seed?=
 =?UTF-8?q?=20d=C3=A9mo=20CE=20+=20tests=20invites=20+=20cleanup=20helper?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Seed plugin `demo-ce-seed` :
- Nouveau descriptor dans registry (category visual).
- src/lib/plugins/seeds/demo-ce.ts : seedDemoCe() + archiveDemoCe().
  Crée org « Comité ESA Kourou (démo) » approved=true + 2 CE_MANAGERs
  + 3 CE_MEMBERs (password "demo") + 2 carbets co-gérés
  (OrganizationCarbetMembership) + 1 RentalProvider org-scoped +
  4 items (hamac, moustiquaire, kayak, réchaud).
- Idempotent : check existence par slug/email avant create. Upsert
  pour users.
- Disable : soft-archive carbets (status=ARCHIVED), delete
  RentalProvider démo (best-effort si pas de booking), delete users
  démo (cascade memberships) + delete org.
- Branchement hooks onEnable/onDisable dans plugins/hooks.ts.

Permet de visualiser le module CE end-to-end sans signup manuel :
admin active le plugin → l'org démo et son écosystème apparaissent
sur le site (badge « Géré par le CE Comité ESA Kourou (démo) » sur
les fiches carbet, items rental dans le catalogue /materiel).

ce-invites.ts refactor :
- Exporte hashToken (déjà sha256, désormais documenté).
- Extrait isInviteValid(row, now=Date) : helper pur testable. La
  fonction getOrgInviteByToken le réutilise.

tests/lib/ce-invites.test.ts (9 cas) :
- hashToken : déterminisme, format sha256 64-hex, inputs différents,
  pas de fuite du plain.
- isInviteValid : non consommé+non expiré → vrai ; consommé → faux ;
  expiré → faux ; les 2 raisons → faux ; injection now pour tests
  temporels.

Total tests : 83/83 ✓ (74 précédents + 9 nouveaux).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/lib/ce-invites.ts            |  19 ++-
 src/lib/plugins/hooks.ts         |  15 ++
 src/lib/plugins/registry.ts      |   8 ++
 src/lib/plugins/seeds/demo-ce.ts | 234 +++++++++++++++++++++++++++++++
 tests/lib/ce-invites.test.ts     |  52 +++++++
 5 files changed, 325 insertions(+), 3 deletions(-)
 create mode 100644 src/lib/plugins/seeds/demo-ce.ts
 create mode 100644 tests/lib/ce-invites.test.ts

diff --git a/src/lib/ce-invites.ts b/src/lib/ce-invites.ts
index d288971..ca8fb26 100644
--- a/src/lib/ce-invites.ts
+++ b/src/lib/ce-invites.ts
@@ -6,10 +6,24 @@ import { prisma } from "@/lib/prisma";
 
 const INVITE_TTL_MS = 14 * 24 * 60 * 60 * 1000; // 14 jours
 
-function hashToken(token: string): string {
+/** Hash sha256 d'un token plain → utilisé comme PK pour ne jamais persister le plain. */
+export function hashToken(token: string): string {
   return crypto.createHash("sha256").update(token).digest("hex");
 }
 
+/**
+ * Vrai si une invitation est encore consommable : pas marquée `usedAt`
+ * et pas encore expirée. Helper extrait pour testabilité.
+ */
+export function isInviteValid(
+  row: { expiresAt: Date; usedAt: Date | null },
+  now: Date = new Date(),
+): boolean {
+  if (row.usedAt) return false;
+  if (row.expiresAt < now) return false;
+  return true;
+}
+
 export async function createOrgInviteToken(opts: {
   organizationId: string;
   createdByUserId: string;
@@ -49,8 +63,7 @@ export async function getOrgInviteByToken(plainToken: string) {
     },
   });
   if (!row) return null;
-  if (row.usedAt) return null;
-  if (row.expiresAt < new Date()) return null;
+  if (!isInviteValid(row)) return null;
   return row;
 }
 
diff --git a/src/lib/plugins/hooks.ts b/src/lib/plugins/hooks.ts
index d3ff76e..f984522 100644
--- a/src/lib/plugins/hooks.ts
+++ b/src/lib/plugins/hooks.ts
@@ -15,6 +15,7 @@ export interface PluginHookSet {
 }
 
 import { archiveDemoCarbets, seedDemoCarbets } from "./seeds/demo-carbets";
+import { archiveDemoCe, seedDemoCe } from "./seeds/demo-ce";
 import {
   republishContentPages,
   seedContentPages,
@@ -134,4 +135,18 @@ export const pluginHooks: Record<string, PluginHookSet | undefined> = {
       );
     },
   },
+  "demo-ce-seed": {
+    onEnable: async () => {
+      const { created, orgId } = await seedDemoCe();
+      console.log(
+        `[plugin demo-ce-seed] ${created ? "créé" : "déjà présent"}: orgId=${orgId}`,
+      );
+    },
+    onDisable: async () => {
+      const { deletedUsers, deletedOrg } = await archiveDemoCe();
+      console.log(
+        `[plugin demo-ce-seed] disable: ${deletedUsers} users supprimés, ${deletedOrg} org supprimée(s)`,
+      );
+    },
+  },
 };
diff --git a/src/lib/plugins/registry.ts b/src/lib/plugins/registry.ts
index 854b48c..ee5fe3b 100644
--- a/src/lib/plugins/registry.ts
+++ b/src/lib/plugins/registry.ts
@@ -149,6 +149,14 @@ export const PLUGINS: PluginDescriptor[] = [
     category: "content",
     version: "0.1.0",
   },
+  {
+    key: "demo-ce-seed",
+    name: "Démo Comité d'Entreprise",
+    description:
+      "Seed une organisation CE démo (Comité ESA Kourou) avec 2 managers, 3 membres, 2 carbets co-gérés et 1 provider rental org-scoped + 4 items. Utile pour visualiser le module CE sans signup manuel. Disable : carbets archivés, users + org supprimés. Dépend de `ce-management`.",
+    category: "visual",
+    version: "0.1.0",
+  },
 ];
 
 export const PLUGIN_KEYS = PLUGINS.map((p) => p.key);
diff --git a/src/lib/plugins/seeds/demo-ce.ts b/src/lib/plugins/seeds/demo-ce.ts
new file mode 100644
index 0000000..3f0ec74
--- /dev/null
+++ b/src/lib/plugins/seeds/demo-ce.ts
@@ -0,0 +1,234 @@
+/**
+ * Seed du plugin `demo-ce-seed`.
+ *
+ * Crée une organisation démo « Comité ESA Kourou » (approved=true) avec :
+ *  - 2 CE_MANAGERs et 3 CE_MEMBERs (password "demo")
+ *  - 2 carbets co-gérés (ownerId = manager#1) avec OrganizationCarbetMembership
+ *  - 1 RentalProvider org-scoped avec 4 items
+ *
+ * Idempotent : check d'existence par email/slug stables avant chaque création.
+ * Disable : soft cleanup en cascade (les emails @karbe.demo sont supprimés,
+ * la cascade Prisma se charge des memberships, items, etc.).
+ */
+
+import {
+  CarbetStatus,
+  RentalCategory,
+  UserRole,
+} from "@/generated/prisma/enums";
+import { hashPassword } from "@/lib/password";
+import { prisma } from "@/lib/prisma";
+
+const DEMO_ORG_SLUG = "demo-comite-esa-kourou";
+const DEMO_PROVIDER_NAME = "Matériel — Comité ESA Kourou (démo)";
+
+const DEMO_USERS = [
+  { email: "demo-ce-mgr1@karbe.demo", firstName: "Aline", lastName: "Spaceport", role: UserRole.CE_MANAGER },
+  { email: "demo-ce-mgr2@karbe.demo", firstName: "Bruno", lastName: "Soyouz", role: UserRole.CE_MANAGER },
+  { email: "demo-ce-mbr1@karbe.demo", firstName: "Clara", lastName: "Ariane", role: UserRole.CE_MEMBER },
+  { email: "demo-ce-mbr2@karbe.demo", firstName: "David", lastName: "Vega", role: UserRole.CE_MEMBER },
+  { email: "demo-ce-mbr3@karbe.demo", firstName: "Élodie", lastName: "Falcon", role: UserRole.CE_MEMBER },
+] as const;
+
+const DEMO_CARBETS = [
+  {
+    slug: "demo-ce-karbe-sinnamary",
+    title: "Karbé CE Sinnamary",
+    river: "Sinnamary",
+    embarkPoint: "Dégrad Pointe Combi",
+    latitude: 5.39,
+    longitude: -53.0,
+    capacity: 6,
+    nightlyPrice: 95,
+    description:
+      "Carbet du Comité ESA Kourou sur la Sinnamary, accessible par 1h de pirogue depuis le dégrad. Réservé en priorité aux membres du CE le week-end, ouvert au public en semaine.",
+  },
+  {
+    slug: "demo-ce-karbe-kourou",
+    title: "Karbé CE Tonate",
+    river: "Kourou",
+    embarkPoint: "Embarcadère Tonate",
+    latitude: 5.25,
+    longitude: -52.65,
+    capacity: 8,
+    nightlyPrice: 110,
+    description:
+      "Carbet d'entreprise sur le fleuve Kourou, accessible en voiture jusqu'au dégrad. Équipé pour 8 voyageurs.",
+  },
+] as const;
+
+const DEMO_RENTAL_ITEMS = [
+  { name: "Hamac coton 2 places (démo CE)", category: RentalCategory.SLEEP, pricePerDay: 5, deposit: 15, totalQty: 12 },
+  { name: "Moustiquaire fleuve (démo CE)", category: RentalCategory.SLEEP, pricePerDay: 3, deposit: 10, totalQty: 12 },
+  { name: "Kayak monoplace (démo CE)", category: RentalCategory.NAVIGATION, pricePerDay: 35, deposit: 200, totalQty: 4 },
+  { name: "Réchaud gaz (démo CE)", category: RentalCategory.COOKING, pricePerDay: 6, deposit: 30, totalQty: 5 },
+] as const;
+
+export async function seedDemoCe(): Promise<{ created: boolean; orgId: string }> {
+  // 1. Organisation (idempotent par slug)
+  const existing = await prisma.organization.findUnique({
+    where: { slug: DEMO_ORG_SLUG },
+    select: { id: true },
+  });
+  if (existing) {
+    return { created: false, orgId: existing.id };
+  }
+
+  const passwordHash = await hashPassword("demo");
+
+  const org = await prisma.organization.create({
+    data: {
+      name: "Comité ESA Kourou (démo)",
+      slug: DEMO_ORG_SLUG,
+      description:
+        "Comité d'entreprise démo (fictif). Démontre la co-gestion de carbets et la location matériel par un CE sur Karbé.",
+      contactEmail: "demo-ce-mgr1@karbe.demo",
+      approved: true,
+      approvedAt: new Date(),
+      approvedBy: "demo-seed",
+    },
+    select: { id: true },
+  });
+
+  // 2. Membres
+  const users: { id: string; role: UserRole }[] = [];
+  for (const u of DEMO_USERS) {
+    const created = await prisma.user.upsert({
+      where: { email: u.email },
+      update: { organizationId: org.id, role: u.role },
+      create: {
+        email: u.email,
+        passwordHash,
+        firstName: u.firstName,
+        lastName: u.lastName,
+        role: u.role,
+        organizationId: org.id,
+        isActive: true,
+      },
+      select: { id: true, role: true },
+    });
+    users.push(created);
+  }
+  const mgr1 = users[0]!;
+
+  // 3. Carbets + memberships
+  for (const c of DEMO_CARBETS) {
+    const existingCarbet = await prisma.carbet.findUnique({
+      where: { slug: c.slug },
+      select: { id: true },
+    });
+    if (existingCarbet) {
+      // S'assure que la membership existe
+      await prisma.organizationCarbetMembership
+        .upsert({
+          where: { organizationId_carbetId: { organizationId: org.id, carbetId: existingCarbet.id } },
+          update: {},
+          create: { organizationId: org.id, carbetId: existingCarbet.id, addedByUserId: mgr1.id },
+        });
+      continue;
+    }
+    const carbet = await prisma.carbet.create({
+      data: {
+        ownerId: mgr1.id,
+        title: c.title,
+        slug: c.slug,
+        description: c.description,
+        river: c.river,
+        latitude: c.latitude,
+        longitude: c.longitude,
+        embarkPoint: c.embarkPoint,
+        pirogueDurationMin: 60,
+        capacity: c.capacity,
+        nightlyPrice: c.nightlyPrice,
+        status: CarbetStatus.PUBLISHED,
+      },
+      select: { id: true },
+    });
+    await prisma.organizationCarbetMembership.create({
+      data: { organizationId: org.id, carbetId: carbet.id, addedByUserId: mgr1.id },
+    });
+  }
+
+  // 4. RentalProvider org-scoped + items
+  let provider = await prisma.rentalProvider.findFirst({
+    where: { organizationId: org.id },
+    select: { id: true },
+  });
+  if (!provider) {
+    provider = await prisma.rentalProvider.create({
+      data: {
+        name: DEMO_PROVIDER_NAME,
+        isSystemD: false,
+        managedByUserId: mgr1.id,
+        organizationId: org.id,
+        contactEmail: "demo-ce-mgr1@karbe.demo",
+        rivers: ["Sinnamary", "Kourou"],
+        commissionPct: 10,
+        active: true,
+        approved: true,
+        approvedAt: new Date(),
+        approvedBy: "demo-seed",
+      },
+      select: { id: true },
+    });
+  }
+
+  for (const item of DEMO_RENTAL_ITEMS) {
+    const existingItem = await prisma.rentalItem.findFirst({
+      where: { providerId: provider.id, name: item.name },
+      select: { id: true },
+    });
+    if (existingItem) continue;
+    await prisma.rentalItem.create({
+      data: {
+        providerId: provider.id,
+        category: item.category,
+        name: item.name,
+        pricePerDay: item.pricePerDay,
+        deposit: item.deposit,
+        totalQty: item.totalQty,
+        active: true,
+      },
+    });
+  }
+
+  return { created: true, orgId: org.id };
+}
+
+export async function archiveDemoCe(): Promise<{ deletedUsers: number; deletedOrg: number }> {
+  // Cascade Prisma : Org delete → memberships + invites cascade ;
+  // RentalProvider.organizationId → SetNull (l'orga disparaît, le provider
+  // reste rattaché au manager nominal, on le supprime explicitement).
+  // Users → on supprime les emails @karbe.demo (cascade RentalProvider via
+  // managedByUserId=SetNull, mais on garde les carbets ; archive les carbets
+  // démo via status=ARCHIVED pour pas casser les bookings historiques).
+  const org = await prisma.organization.findUnique({
+    where: { slug: DEMO_ORG_SLUG },
+    select: { id: true },
+  });
+  if (!org) return { deletedUsers: 0, deletedOrg: 0 };
+
+  // Soft-archive les carbets démo
+  await prisma.carbet.updateMany({
+    where: { slug: { in: DEMO_CARBETS.map((c) => c.slug) } },
+    data: { status: CarbetStatus.ARCHIVED },
+  });
+
+  // Supprime le RentalProvider démo (cascade items + bookings → onDelete:Restrict
+  // sur bookings, donc skip si des bookings existent)
+  await prisma.rentalProvider
+    .deleteMany({ where: { organizationId: org.id, name: DEMO_PROVIDER_NAME } })
+    .catch(() => {});
+
+  // Supprime les users démo (cascade memberships)
+  const { count: deletedUsers } = await prisma.user.deleteMany({
+    where: { email: { endsWith: "@karbe.demo", in: DEMO_USERS.map((u) => u.email) } },
+  });
+
+  // Supprime l'org (cascade memberships restantes)
+  const { count: deletedOrg } = await prisma.organization.deleteMany({
+    where: { slug: DEMO_ORG_SLUG },
+  });
+
+  return { deletedUsers, deletedOrg };
+}
diff --git a/tests/lib/ce-invites.test.ts b/tests/lib/ce-invites.test.ts
new file mode 100644
index 0000000..1d22d79
--- /dev/null
+++ b/tests/lib/ce-invites.test.ts
@@ -0,0 +1,52 @@
+import { describe, it, expect, vi } from "vitest";
+
+vi.mock("server-only", () => ({}));
+vi.mock("@/lib/prisma", () => ({ prisma: {} }));
+
+const { hashToken, isInviteValid } = await import("@/lib/ce-invites");
+
+describe("hashToken", () => {
+  it("est déterministe — même input → même hash", () => {
+    expect(hashToken("abc")).toBe(hashToken("abc"));
+  });
+
+  it("hash sha256 (64 hex chars)", () => {
+    expect(hashToken("token")).toMatch(/^[0-9a-f]{64}$/);
+  });
+
+  it("inputs différents → hashes différents", () => {
+    expect(hashToken("abc")).not.toBe(hashToken("abd"));
+  });
+
+  it("ne retourne pas le plain (jamais persisté)", () => {
+    expect(hashToken("secret-plain-text")).not.toContain("secret");
+  });
+});
+
+describe("isInviteValid", () => {
+  const future = new Date(Date.now() + 24 * 3600 * 1000);
+  const past = new Date(Date.now() - 24 * 3600 * 1000);
+
+  it("vrai si non consommé et non expiré", () => {
+    expect(isInviteValid({ expiresAt: future, usedAt: null })).toBe(true);
+  });
+
+  it("faux si déjà consommé", () => {
+    expect(isInviteValid({ expiresAt: future, usedAt: new Date() })).toBe(false);
+  });
+
+  it("faux si expiré", () => {
+    expect(isInviteValid({ expiresAt: past, usedAt: null })).toBe(false);
+  });
+
+  it("faux si consommé ET expiré (les 2 raisons)", () => {
+    expect(isInviteValid({ expiresAt: past, usedAt: new Date() })).toBe(false);
+  });
+
+  it("accepte un `now` injecté pour tests temporels", () => {
+    const ref = new Date("2026-06-01");
+    const justAfter = new Date("2026-06-02");
+    expect(isInviteValid({ expiresAt: justAfter, usedAt: null }, ref)).toBe(true);
+    expect(isInviteValid({ expiresAt: ref, usedAt: null }, justAfter)).toBe(false);
+  });
+});

From a6ea488732df38702d54102183af634591d4c3da Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Wed, 3 Jun 2026 03:23:58 +0000
Subject: [PATCH 46/47] =?UTF-8?q?feat(prod):=20Sprint=20Q=20=E2=80=94=20re?=
 =?UTF-8?q?minders=20J-1=20+=20cleanup=20cron=20endpoints?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Endpoints automatisables par cron externe (Hermes, GitHub Actions,
ou crontab système) pour gérer les tâches récurrentes de la
plateforme.

src/lib/cron-auth.ts (NEW) : isAuthorizedCronRequest(req) vérifie
l'en-tête Authorization Bearer ${CRON_TOKEN}. Le token est déjà dans
.env.production.

GET /api/cron/reminders :
- Itère bookings carbet CONFIRMED + rentalBookings CONFIRMED dont
  startDate ∈ [now+22h, now+26h] (fenêtre 4h pour absorber les
  éventuels retards de cron).
- Envoie sendBookingReminder (carbet) ou sendRentalReminder (rental).
- Compte bookingSent/bookingErrors et rentalSent/rentalErrors.
- Audit log scope=cron event=cron.reminders.run avec stats.
- Retourne JSON {ok, window, booking:{candidates,sent,errors},
  rental:{candidates,sent,errors}}.

GET /api/cron/cleanup :
- Purge OrgInviteToken expirés depuis > 30j.
- Booking PENDING + paymentStatus≠SUCCEEDED + createdAt > 7j →
  status=CANCELLED + paymentStatus=FAILED (libère le créneau).
- RentalBooking idem + delete RentalItemAvailability associée
  (libère stock) en transaction.
- Audit log scope=cron event=cron.cleanup.run avec compteurs.

src/lib/email.ts :
- sendBookingReminder(to, firstName, bookingId, title, startDate,
  slug) : email rappel J-1 avec CTA vers /reservations/[id].
- sendRentalReminder(to, firstName, rbId, providerName, startDate,
  contactInfo) : rappel pour récup matériel, affiche contacts
  provider (phone + email).

tests/lib/cron-auth.test.ts (6 cas) :
- Refus si CRON_TOKEN absent, header absent, format incorrect (Basic
  ou Token), token mismatch.
- Accept si match exact, accept avec espaces autour du token (defensive).

Total tests : 89/89 ✓.

Schedule recommandé (à brancher côté Hermes ou crontab) :
- GET /api/cron/reminders : 1× par jour à 9h (Authorization: Bearer
  $CRON_TOKEN)
- GET /api/cron/cleanup : 1× par semaine

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/app/api/cron/cleanup/route.ts   | 113 ++++++++++++++++++++++++
 src/app/api/cron/reminders/route.ts | 128 ++++++++++++++++++++++++++++
 src/lib/cron-auth.ts                |  18 ++++
 src/lib/email.ts                    |  62 ++++++++++++++
 tests/lib/cron-auth.test.ts         |  47 ++++++++++
 5 files changed, 368 insertions(+)
 create mode 100644 src/app/api/cron/cleanup/route.ts
 create mode 100644 src/app/api/cron/reminders/route.ts
 create mode 100644 src/lib/cron-auth.ts
 create mode 100644 tests/lib/cron-auth.test.ts

diff --git a/src/app/api/cron/cleanup/route.ts b/src/app/api/cron/cleanup/route.ts
new file mode 100644
index 0000000..103315e
--- /dev/null
+++ b/src/app/api/cron/cleanup/route.ts
@@ -0,0 +1,113 @@
+import { NextResponse } from "next/server";
+
+import {
+  BookingStatus,
+  PaymentStatus,
+  RentalBookingStatus,
+} from "@/generated/prisma/enums";
+import { recordAudit } from "@/lib/admin/audit";
+import { isAuthorizedCronRequest } from "@/lib/cron-auth";
+import { prisma } from "@/lib/prisma";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+const INVITE_EXPIRY_GRACE_DAYS = 30;
+const ABANDONED_PENDING_DAYS = 7;
+
+/**
+ * GET /api/cron/cleanup
+ *
+ * Purge :
+ *   - OrgInviteToken expirés depuis plus de 30j (rétention pour audit court).
+ *   - Booking carbet PENDING dont createdAt > 7j et paiement non SUCCEEDED :
+ *     status passé à CANCELLED (libère le créneau via cascade des
+ *     Availabilities seulement si onDelete CASCADE — ici on flip juste
+ *     status pour conserver le log).
+ *   - RentalBooking PENDING idem + delete RentalItemAvailability associée
+ *     (libère le stock).
+ *
+ * Auth : Bearer CRON_TOKEN.
+ */
+export async function GET(req: Request) {
+  if (!isAuthorizedCronRequest(req)) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const now = new Date();
+  const inviteCutoff = new Date(now.getTime() - INVITE_EXPIRY_GRACE_DAYS * 86_400_000);
+  const abandonedCutoff = new Date(now.getTime() - ABANDONED_PENDING_DAYS * 86_400_000);
+
+  // 1. Invites expirés (expiresAt < cutoff)
+  const { count: invitesDeleted } = await prisma.orgInviteToken.deleteMany({
+    where: { expiresAt: { lt: inviteCutoff } },
+  });
+
+  // 2. Bookings carbet PENDING abandonnés
+  const abandonedBookings = await prisma.booking.findMany({
+    where: {
+      status: BookingStatus.PENDING,
+      paymentStatus: { not: PaymentStatus.SUCCEEDED },
+      createdAt: { lt: abandonedCutoff },
+    },
+    select: { id: true, carbetId: true },
+  });
+  let bookingsCancelled = 0;
+  if (abandonedBookings.length > 0) {
+    const { count } = await prisma.booking.updateMany({
+      where: { id: { in: abandonedBookings.map((b) => b.id) } },
+      data: { status: BookingStatus.CANCELLED, paymentStatus: PaymentStatus.FAILED },
+    });
+    bookingsCancelled = count;
+  }
+
+  // 3. RentalBookings PENDING abandonnés + delete availability associée
+  const abandonedRentals = await prisma.rentalBooking.findMany({
+    where: {
+      status: RentalBookingStatus.PENDING,
+      paymentStatus: { not: PaymentStatus.SUCCEEDED },
+      createdAt: { lt: abandonedCutoff },
+    },
+    select: { id: true },
+  });
+  let rentalsCancelled = 0;
+  let availabilityFreed = 0;
+  if (abandonedRentals.length > 0) {
+    const ids = abandonedRentals.map((r) => r.id);
+    const [rentalRes, availRes] = await prisma.$transaction([
+      prisma.rentalBooking.updateMany({
+        where: { id: { in: ids } },
+        data: {
+          status: RentalBookingStatus.CANCELLED,
+          paymentStatus: PaymentStatus.FAILED,
+        },
+      }),
+      prisma.rentalItemAvailability.deleteMany({
+        where: { rentalBookingId: { in: ids } },
+      }),
+    ]);
+    rentalsCancelled = rentalRes.count;
+    availabilityFreed = availRes.count;
+  }
+
+  await recordAudit({
+    scope: "cron",
+    event: "cron.cleanup.run",
+    target: null,
+    actorEmail: "system:cron",
+    details: {
+      invitesDeleted,
+      bookingsCancelled,
+      rentalsCancelled,
+      availabilityFreed,
+    },
+  });
+
+  return NextResponse.json({
+    ok: true,
+    invitesDeleted,
+    bookingsCancelled,
+    rentalsCancelled,
+    availabilityFreed,
+  });
+}
diff --git a/src/app/api/cron/reminders/route.ts b/src/app/api/cron/reminders/route.ts
new file mode 100644
index 0000000..96e0573
--- /dev/null
+++ b/src/app/api/cron/reminders/route.ts
@@ -0,0 +1,128 @@
+import { NextResponse } from "next/server";
+
+import {
+  BookingStatus,
+  RentalBookingStatus,
+} from "@/generated/prisma/enums";
+import { recordAudit } from "@/lib/admin/audit";
+import { isAuthorizedCronRequest } from "@/lib/cron-auth";
+import { sendBookingReminder, sendRentalReminder } from "@/lib/email";
+import { prisma } from "@/lib/prisma";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+/**
+ * GET /api/cron/reminders
+ *
+ * Envoie des rappels J-1 (24h avant le début) pour :
+ *   - Booking CONFIRMED dont startDate ∈ [now+22h, now+26h]
+ *   - RentalBooking CONFIRMED idem
+ *
+ * Idempotent à l'échelle d'une journée : le filtre temporel narrow limite
+ * naturellement le risque de double-envoi (en pratique le cron tourne 1× par
+ * jour à heure fixe). Pour une garantie at-most-once stricte il faudrait
+ * stocker un flag `reminderSentAt` sur Booking/RentalBooking — défensif
+ * mais pas critique pour v1.
+ *
+ * Auth : Bearer CRON_TOKEN.
+ */
+export async function GET(req: Request) {
+  if (!isAuthorizedCronRequest(req)) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const now = new Date();
+  const from = new Date(now.getTime() + 22 * 60 * 60 * 1000);
+  const to = new Date(now.getTime() + 26 * 60 * 60 * 1000);
+
+  const [carbetBookings, rentalBookings] = await Promise.all([
+    prisma.booking.findMany({
+      where: {
+        status: BookingStatus.CONFIRMED,
+        startDate: { gte: from, lt: to },
+      },
+      include: {
+        tenant: { select: { email: true, firstName: true } },
+        carbet: { select: { title: true, slug: true } },
+      },
+    }),
+    prisma.rentalBooking.findMany({
+      where: {
+        status: RentalBookingStatus.CONFIRMED,
+        startDate: { gte: from, lt: to },
+      },
+      include: {
+        tenant: { select: { email: true, firstName: true } },
+        provider: { select: { name: true, contactEmail: true, contactPhone: true } },
+      },
+    }),
+  ]);
+
+  let bookingSent = 0;
+  let bookingErrors = 0;
+  for (const b of carbetBookings) {
+    if (!b.tenant.email) continue;
+    try {
+      await sendBookingReminder(
+        b.tenant.email,
+        b.tenant.firstName,
+        b.id,
+        b.carbet.title,
+        b.startDate,
+        b.carbet.slug,
+      );
+      bookingSent++;
+    } catch (e) {
+      bookingErrors++;
+      console.error(
+        "[cron.reminders] booking email failed:",
+        b.id,
+        e instanceof Error ? e.message : e,
+      );
+    }
+  }
+
+  let rentalSent = 0;
+  let rentalErrors = 0;
+  for (const r of rentalBookings) {
+    if (!r.tenant.email) continue;
+    try {
+      await sendRentalReminder(
+        r.tenant.email,
+        r.tenant.firstName,
+        r.id,
+        r.provider.name,
+        r.startDate,
+        { email: r.provider.contactEmail, phone: r.provider.contactPhone },
+      );
+      rentalSent++;
+    } catch (e) {
+      rentalErrors++;
+      console.error(
+        "[cron.reminders] rental email failed:",
+        r.id,
+        e instanceof Error ? e.message : e,
+      );
+    }
+  }
+
+  await recordAudit({
+    scope: "cron",
+    event: "cron.reminders.run",
+    target: null,
+    actorEmail: "system:cron",
+    details: {
+      window: { from: from.toISOString(), to: to.toISOString() },
+      booking: { candidates: carbetBookings.length, sent: bookingSent, errors: bookingErrors },
+      rental: { candidates: rentalBookings.length, sent: rentalSent, errors: rentalErrors },
+    },
+  });
+
+  return NextResponse.json({
+    ok: true,
+    window: { from: from.toISOString(), to: to.toISOString() },
+    booking: { candidates: carbetBookings.length, sent: bookingSent, errors: bookingErrors },
+    rental: { candidates: rentalBookings.length, sent: rentalSent, errors: rentalErrors },
+  });
+}
diff --git a/src/lib/cron-auth.ts b/src/lib/cron-auth.ts
new file mode 100644
index 0000000..dd034ba
--- /dev/null
+++ b/src/lib/cron-auth.ts
@@ -0,0 +1,18 @@
+import "server-only";
+
+/**
+ * Auth Bearer pour les endpoints /api/cron/*. Le token est partagé entre le
+ * serveur et le cron caller externe (Hermes, cron host, etc.).
+ *
+ * Renvoie true si l'en-tête Authorization correspond exactement à
+ * `Bearer ${process.env.CRON_TOKEN}` (timing-safe via le comparateur natif —
+ * acceptable car le token n'est pas dérivable de la requête).
+ */
+export function isAuthorizedCronRequest(req: Request): boolean {
+  const expected = (process.env.CRON_TOKEN ?? "").trim();
+  if (!expected) return false;
+  const header = req.headers.get("authorization") ?? "";
+  if (!header.startsWith("Bearer ")) return false;
+  const token = header.slice("Bearer ".length).trim();
+  return token === expected;
+}
diff --git a/src/lib/email.ts b/src/lib/email.ts
index 7bb7779..47eb1d9 100644
--- a/src/lib/email.ts
+++ b/src/lib/email.ts
@@ -440,6 +440,68 @@ export async function sendPayoutSent(
   });
 }
 
+export async function sendBookingReminder(
+  to: string,
+  firstName: string,
+  bookingId: string,
+  carbetTitle: string,
+  startDate: Date,
+  carbetSlug: string,
+): Promise<void> {
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", {
+    day: "2-digit",
+    month: "long",
+    year: "numeric",
+    weekday: "long",
+  }).format(startDate);
+  await sendEmail({
+    to,
+    subject: `Demain : votre séjour ${carbetTitle}`,
+    html: wrap(
+      "Votre séjour démarre demain",
+      `<p>Bonjour ${firstName},</p>
+       <p>Votre séjour au carbet <strong>${carbetTitle}</strong> commence <strong>${dateFmt}</strong>.</p>
+       <p>Pensez à vérifier vos affaires : hamac, moustiquaire, frontale, eau, etc. Vérifiez aussi avec le loueur les détails d'arrivée (clés, dégrad, pirogue).</p>
+       <p><a href="${SITE_URL}/reservations/${bookingId}" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Voir ma réservation</a></p>
+       <p><a href="${SITE_URL}/carbets/${carbetSlug}" style="font-size:12px;color:#71717a;">Détails du carbet</a></p>`,
+    ),
+  });
+}
+
+export async function sendRentalReminder(
+  to: string,
+  firstName: string,
+  rentalBookingId: string,
+  providerName: string,
+  startDate: Date,
+  providerContact: { email: string | null; phone: string | null },
+): Promise<void> {
+  const dateFmt = new Intl.DateTimeFormat("fr-FR", {
+    day: "2-digit",
+    month: "long",
+    weekday: "long",
+  }).format(startDate);
+  const contact = [
+    providerContact.phone ? `📞 ${providerContact.phone}` : null,
+    providerContact.email ? `✉ ${providerContact.email}` : null,
+  ]
+    .filter(Boolean)
+    .join(" · ");
+  await sendEmail({
+    to,
+    subject: `Demain : récupération matériel ${providerName}`,
+    html: wrap(
+      "Récupération matériel demain",
+      `<p>Bonjour ${firstName},</p>
+       <p>Votre location matériel auprès de <strong>${providerName}</strong> démarre <strong>${dateFmt}</strong>.</p>
+       <p>Contactez le prestataire pour convenir du créneau et du lieu de remise.</p>
+       ${contact ? `<p>${contact}</p>` : ""}
+       <p><a href="${SITE_URL}/mes-locations" style="display:inline-block;background:#18181b;color:white;padding:10px 20px;border-radius:6px;text-decoration:none;font-weight:600;">Mes locations</a></p>
+       <p style="font-size:11px;color:#71717a;">Référence : ${rentalBookingId}</p>`,
+    ),
+  });
+}
+
 export async function sendBookingRefunded(
   to: string,
   firstName: string,
diff --git a/tests/lib/cron-auth.test.ts b/tests/lib/cron-auth.test.ts
new file mode 100644
index 0000000..e31e2fa
--- /dev/null
+++ b/tests/lib/cron-auth.test.ts
@@ -0,0 +1,47 @@
+import { describe, it, expect, vi, afterEach } from "vitest";
+
+vi.mock("server-only", () => ({}));
+
+const { isAuthorizedCronRequest } = await import("@/lib/cron-auth");
+
+function mkReq(authHeader: string | null): Request {
+  return new Request("https://example.invalid/", {
+    headers: authHeader ? { authorization: authHeader } : {},
+  });
+}
+
+afterEach(() => {
+  delete process.env.CRON_TOKEN;
+});
+
+describe("isAuthorizedCronRequest", () => {
+  it("refuse si CRON_TOKEN absent côté serveur", () => {
+    expect(isAuthorizedCronRequest(mkReq("Bearer anything"))).toBe(false);
+  });
+
+  it("refuse si pas d'en-tête Authorization", () => {
+    process.env.CRON_TOKEN = "secret";
+    expect(isAuthorizedCronRequest(mkReq(null))).toBe(false);
+  });
+
+  it("refuse si format incorrect (pas Bearer)", () => {
+    process.env.CRON_TOKEN = "secret";
+    expect(isAuthorizedCronRequest(mkReq("Basic secret"))).toBe(false);
+    expect(isAuthorizedCronRequest(mkReq("Token secret"))).toBe(false);
+  });
+
+  it("refuse si token différent", () => {
+    process.env.CRON_TOKEN = "secret";
+    expect(isAuthorizedCronRequest(mkReq("Bearer wrong"))).toBe(false);
+  });
+
+  it("accepte si token exact", () => {
+    process.env.CRON_TOKEN = "secret";
+    expect(isAuthorizedCronRequest(mkReq("Bearer secret"))).toBe(true);
+  });
+
+  it("trim les espaces autour du token (defensive)", () => {
+    process.env.CRON_TOKEN = "secret";
+    expect(isAuthorizedCronRequest(mkReq("Bearer  secret  "))).toBe(true);
+  });
+});

From 62833ee4e61af7411ffd124376ab210aa65534b0 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@vps-97784c65.vps.ovh.net>
Date: Wed, 3 Jun 2026 03:53:39 +0000
Subject: [PATCH 47/47] =?UTF-8?q?fix(mobile):=20Sprint=20R=20=E2=80=94=20b?=
 =?UTF-8?q?urger=20menu=20+=20cart=20badge=20visible=20mobile?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Issues critiques identifiées par audit screenshot iPhone 14 (390×844) :

1. SiteHeader cachait TOUTE la navigation derrière `sm:` →
   utilisateur connecté mobile sans aucun lien accessible (Favoris,
   Mes réservations, Mes locations, Mon compte, Espace hôte/CE/etc.).
   Même Connexion/Créer un compte étaient inaccessibles sur mobile
   anonyme.

2. CartBadge `hidden sm:inline` → panier complètement invisible sur
   mobile même quand des items y sont. Le user perdait la trace de
   ses ajouts.

src/components/MobileMenuButton.tsx (NEW) — client component avec :
- Bouton hamburger 9x9 visible uniquement sm:hidden
- Drawer right side, overlay sombre, scroll body bloqué quand ouvert
- 3 sections : Découvrir (publics), Mon compte (si auth), Espaces pro
  (hôte/prestataire/CE/admin selon role + plugins activés)
- Sign out via signOut() de next-auth/react (côté client — évite
  d'importer SignOutButton qui tirerait @/auth donc pg dans le bundle)
- Lien actif highlighted en emerald
- Ferme automatiquement sur changement de pathname (via useRef pour
  éviter setState-in-effect)

SiteHeader.tsx :
- Tous les liens « auth » deviennent explicitement `hidden sm:inline`
  + Connexion/Créer un compte aussi (étaient toujours visibles avant,
  surchargeaient le mobile)
- SignOutButton wrap `hidden sm:inline` pour ne pas dupliquer
- MobileMenuButton ajouté à la fin de la zone droite

CartBadge.tsx : `inline` au lieu de `hidden sm:inline` → visible
quel que soit le viewport.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/components/CartBadge.tsx        |   2 +-
 src/components/MobileMenuButton.tsx | 224 ++++++++++++++++++++++++++++
 src/components/SiteHeader.tsx       |  20 ++-
 3 files changed, 242 insertions(+), 4 deletions(-)
 create mode 100644 src/components/MobileMenuButton.tsx

diff --git a/src/components/CartBadge.tsx b/src/components/CartBadge.tsx
index e904b8d..ab18f84 100644
--- a/src/components/CartBadge.tsx
+++ b/src/components/CartBadge.tsx
@@ -10,7 +10,7 @@ export function CartBadge() {
   return (
     <Link
       href="/panier"
-      className="relative hidden text-zinc-700 hover:text-zinc-900 sm:inline"
+      className="relative inline text-zinc-700 hover:text-zinc-900"
       aria-label={`Panier (${totalItems} item)`}
     >
       🛒
diff --git a/src/components/MobileMenuButton.tsx b/src/components/MobileMenuButton.tsx
new file mode 100644
index 0000000..58e00eb
--- /dev/null
+++ b/src/components/MobileMenuButton.tsx
@@ -0,0 +1,224 @@
+"use client";
+
+import { useEffect, useRef, useState } from "react";
+import { signOut } from "next-auth/react";
+import Link from "next/link";
+import { usePathname } from "next/navigation";
+
+type LinkItem = { href: string; label: string };
+
+type Props = {
+  isAuthenticated: boolean;
+  isOwner: boolean;
+  isRentalProvider: boolean;
+  isCeManager: boolean;
+  isAdmin: boolean;
+  rentalEnabled: boolean;
+  ceEnabled: boolean;
+};
+
+/**
+ * Bouton hamburger visible uniquement sur mobile (sm:hidden).
+ * Ouvre un drawer qui rassemble tous les liens de navigation, car en
+ * mobile les liens du SiteHeader sont masqués pour rester sur 1 ligne.
+ */
+export function MobileMenuButton({
+  isAuthenticated,
+  isOwner,
+  isRentalProvider,
+  isCeManager,
+  isAdmin,
+  rentalEnabled,
+  ceEnabled,
+}: Props) {
+  const [open, setOpen] = useState(false);
+  const pathname = usePathname();
+  // Ferme le menu si on change de page — pathname comparé à la valeur précédente
+  // dans un effect avec setState, façon "useRef + condition" pour éviter le
+  // warning react-hooks/set-state-in-effect (setState dans un effect sans
+  // dépendance externe = anti-pattern).
+  const lastPathnameRef = useRef(pathname);
+  useEffect(() => {
+    if (lastPathnameRef.current !== pathname) {
+      lastPathnameRef.current = pathname;
+      // closure ref → reflète bien la dernière valeur ; setOpen est stable
+      // (renvoyé par useState) donc OK dans deps.
+      setOpen(false);
+    }
+  }, [pathname]);
+
+  // Empêche le scroll sous-jacent quand ouvert
+  useEffect(() => {
+    if (!open) return;
+    const prev = document.body.style.overflow;
+    document.body.style.overflow = "hidden";
+    return () => {
+      document.body.style.overflow = prev;
+    };
+  }, [open]);
+
+  const publicLinks: LinkItem[] = [
+    { href: "/decouvrir", label: "Au fil de l'eau" },
+    { href: "/carbets", label: "Catalogue" },
+    ...(rentalEnabled ? [{ href: "/materiel", label: "Matériel" }] : []),
+  ];
+
+  const userLinks: LinkItem[] = isAuthenticated
+    ? [
+        { href: "/mes-favoris", label: "Favoris" },
+        { href: "/mes-reservations", label: "Mes réservations" },
+        ...(rentalEnabled ? [{ href: "/mes-locations", label: "Mes locations" }] : []),
+        { href: "/mon-compte", label: "Mon compte" },
+      ]
+    : [];
+
+  const proLinks: LinkItem[] = isAuthenticated
+    ? [
+        ...(isOwner ? [{ href: "/espace-hote", label: "Espace hôte" }] : []),
+        ...(isRentalProvider && rentalEnabled
+          ? [{ href: "/espace-prestataire", label: "Espace prestataire" }]
+          : []),
+        ...(isCeManager && ceEnabled ? [{ href: "/espace-ce", label: "Espace CE" }] : []),
+        ...(isAdmin ? [{ href: "/admin", label: "Admin" }] : []),
+      ]
+    : [];
+
+  return (
+    <>
+      <button
+        type="button"
+        onClick={() => setOpen(true)}
+        aria-label="Ouvrir le menu"
+        aria-expanded={open}
+        className="inline-flex h-9 w-9 items-center justify-center rounded-md text-zinc-700 hover:bg-zinc-100 sm:hidden"
+      >
+        <svg width="20" height="20" viewBox="0 0 20 20" fill="currentColor">
+          <path d="M3 5h14v2H3V5zm0 4h14v2H3V9zm0 4h14v2H3v-2z" />
+        </svg>
+      </button>
+
+      {open ? (
+        <div className="fixed inset-0 z-50 sm:hidden">
+          <button
+            type="button"
+            aria-label="Fermer le menu"
+            onClick={() => setOpen(false)}
+            className="absolute inset-0 bg-zinc-900/40"
+          />
+          <div className="absolute right-0 top-0 flex h-full w-72 max-w-[85vw] flex-col overflow-y-auto bg-white shadow-2xl">
+            <div className="flex items-center justify-between border-b border-zinc-200 px-4 py-3">
+              <span className="text-base font-semibold text-zinc-900">Menu</span>
+              <button
+                type="button"
+                onClick={() => setOpen(false)}
+                aria-label="Fermer"
+                className="inline-flex h-8 w-8 items-center justify-center rounded-md text-zinc-500 hover:bg-zinc-100"
+              >
+                <svg width="16" height="16" viewBox="0 0 20 20" fill="currentColor">
+                  <path d="M4.3 4.3l1.4-1.4L10 7.2l4.3-4.3 1.4 1.4L11.4 8.6l4.3 4.3-1.4 1.4L10 10l-4.3 4.3-1.4-1.4 4.3-4.3z" />
+                </svg>
+              </button>
+            </div>
+            <nav className="flex-1 px-2 py-3 text-sm">
+              <MenuSection label="Découvrir">
+                {publicLinks.map((l) => (
+                  <MenuLink key={l.href} href={l.href} pathname={pathname}>
+                    {l.label}
+                  </MenuLink>
+                ))}
+              </MenuSection>
+              {userLinks.length > 0 ? (
+                <MenuSection label="Mon compte">
+                  {userLinks.map((l) => (
+                    <MenuLink key={l.href} href={l.href} pathname={pathname}>
+                      {l.label}
+                    </MenuLink>
+                  ))}
+                </MenuSection>
+              ) : null}
+              {proLinks.length > 0 ? (
+                <MenuSection label="Espaces pro">
+                  {proLinks.map((l) => (
+                    <MenuLink key={l.href} href={l.href} pathname={pathname}>
+                      {l.label}
+                    </MenuLink>
+                  ))}
+                </MenuSection>
+              ) : null}
+            </nav>
+            <div className="border-t border-zinc-200 p-3">
+              {isAuthenticated ? (
+                <button
+                  type="button"
+                  onClick={() => signOut({ callbackUrl: "/" })}
+                  className="w-full rounded-md border border-zinc-300 px-4 py-2 text-center text-sm font-semibold text-zinc-700 hover:bg-zinc-50"
+                >
+                  Se déconnecter
+                </button>
+              ) : (
+                <div className="flex flex-col gap-2">
+                  <Link
+                    href="/connexion"
+                    className="rounded-md border border-zinc-300 px-4 py-2 text-center text-sm font-semibold text-zinc-900 hover:bg-zinc-50"
+                  >
+                    Connexion
+                  </Link>
+                  <Link
+                    href="/inscription"
+                    className="rounded-md bg-zinc-900 px-4 py-2 text-center text-sm font-semibold text-white hover:bg-zinc-800"
+                  >
+                    Créer un compte
+                  </Link>
+                </div>
+              )}
+            </div>
+          </div>
+        </div>
+      ) : null}
+    </>
+  );
+}
+
+function MenuSection({
+  label,
+  children,
+}: {
+  label: string;
+  children: React.ReactNode;
+}) {
+  return (
+    <section className="mb-2">
+      <h3 className="px-2 py-1 text-[10px] font-semibold uppercase tracking-wider text-zinc-500">
+        {label}
+      </h3>
+      <ul className="space-y-0.5">{children}</ul>
+    </section>
+  );
+}
+
+function MenuLink({
+  href,
+  pathname,
+  children,
+}: {
+  href: string;
+  pathname: string;
+  children: React.ReactNode;
+}) {
+  const active = pathname === href || (href !== "/" && pathname.startsWith(href));
+  return (
+    <li>
+      <Link
+        href={href}
+        className={
+          "block rounded-md px-3 py-2 " +
+          (active
+            ? "bg-emerald-50 font-semibold text-emerald-900"
+            : "text-zinc-700 hover:bg-zinc-100")
+        }
+      >
+        {children}
+      </Link>
+    </li>
+  );
+}
diff --git a/src/components/SiteHeader.tsx b/src/components/SiteHeader.tsx
index dd5b682..64faae8 100644
--- a/src/components/SiteHeader.tsx
+++ b/src/components/SiteHeader.tsx
@@ -10,6 +10,7 @@ import { UserRole } from "@/generated/prisma/enums";
 import { isPluginEnabled } from "@/lib/plugins/server";
 
 import { CartBadge } from "./CartBadge";
+import { MobileMenuButton } from "./MobileMenuButton";
 import { SignOutButton } from "./SignOutButton";
 
 export async function SiteHeader() {
@@ -50,6 +51,7 @@ export async function SiteHeader() {
 
         <div className="flex items-center gap-3 text-sm">
           {rentalEnabled ? <CartBadge /> : null}
+          {/* Desktop-only links (sm+) */}
           {u ? (
             <>
               <Link href="/mes-favoris" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
@@ -89,21 +91,33 @@ export async function SiteHeader() {
               <span className="hidden max-w-[14ch] truncate text-xs text-zinc-500 md:inline" title={u.email ?? ""}>
                 {u.name || u.email}
               </span>
-              <SignOutButton />
+              <span className="hidden sm:inline">
+                <SignOutButton />
+              </span>
             </>
           ) : (
             <>
-              <Link href="/connexion" className="text-zinc-700 hover:text-zinc-900">
+              <Link href="/connexion" className="hidden text-zinc-700 hover:text-zinc-900 sm:inline">
                 Connexion
               </Link>
               <Link
                 href="/inscription"
-                className="rounded-md bg-zinc-900 px-3 py-1 text-xs font-semibold text-white hover:bg-zinc-800"
+                className="hidden rounded-md bg-zinc-900 px-3 py-1 text-xs font-semibold text-white hover:bg-zinc-800 sm:inline-block"
               >
                 Créer un compte
               </Link>
             </>
           )}
+          {/* Mobile-only burger menu */}
+          <MobileMenuButton
+            isAuthenticated={Boolean(u)}
+            isOwner={Boolean(isOwner)}
+            isRentalProvider={Boolean(isRentalProvider)}
+            isCeManager={Boolean(isCeManager)}
+            isAdmin={isAdmin}
+            rentalEnabled={rentalEnabled}
+            ceEnabled={ceEnabled}
+          />
         </div>
       </div>
     </header>