From b16652a41baff4c18693b6819ef26c6eedf7a2f4 Mon Sep 17 00:00:00 2001
From: Parth Patidar <parth11.patidar@gmail.com>
Date: Mon, 11 May 2026 03:10:29 +0530
Subject: [PATCH 1/6] build analytics dashboard page at /devcard/analytics

---
 .../routes/devcard/analytics/+page.server.ts  |  34 ++
 .../src/routes/devcard/analytics/+page.svelte | 409 ++++++++++++++++++
 2 files changed, 443 insertions(+)
 create mode 100644 apps/web/src/routes/devcard/analytics/+page.server.ts
 create mode 100644 apps/web/src/routes/devcard/analytics/+page.svelte

diff --git a/apps/web/src/routes/devcard/analytics/+page.server.ts b/apps/web/src/routes/devcard/analytics/+page.server.ts
new file mode 100644
index 0000000..6fa597a
--- /dev/null
+++ b/apps/web/src/routes/devcard/analytics/+page.server.ts
@@ -0,0 +1,34 @@
+import type { PageServerLoad } from './$types';
+
+const API_BASE = process.env.BACKEND_URL || 'http://localhost:3000';
+
+export const load: PageServerLoad = async ({ fetch }) => {
+	try {
+		const [overviewRes, viewsRes] = await Promise.all([
+			fetch(`${API_BASE}/api/analytics/overview`),
+			fetch(`${API_BASE}/api/analytics/views`)
+		]);
+
+		if (!overviewRes.ok || !viewsRes.ok) {
+			// If unauthorized, we might return mock data for demonstration purposes 
+			// in this dev phase, but officially we should return error.
+			// Let's return error to follow "nothing that can break in production"
+			return { 
+				overview: null, 
+				views: null, 
+				error: 'Please log in to view analytics' 
+			};
+		}
+
+		const overview = await overviewRes.json();
+		const views = await viewsRes.json();
+
+		return { overview, views, error: null };
+	} catch (err) {
+		return { 
+			overview: null, 
+			views: null, 
+			error: 'Analytics service unavailable' 
+		};
+	}
+};
diff --git a/apps/web/src/routes/devcard/analytics/+page.svelte b/apps/web/src/routes/devcard/analytics/+page.svelte
new file mode 100644
index 0000000..e9a4616
--- /dev/null
+++ b/apps/web/src/routes/devcard/analytics/+page.svelte
@@ -0,0 +1,409 @@
+<script lang="ts">
+	import type { PageData } from './$types';
+
+	let { data }: { data: PageData } = $props();
+
+	const { overview, views, error } = data;
+
+	function formatDate(dateStr: string) {
+		return new Date(dateStr).toLocaleDateString('en-US', {
+			month: 'short',
+			day: 'numeric',
+			hour: '2-digit',
+			minute: '2-digit'
+		});
+	}
+</script>
+
+<svelte:head>
+	<title>Analytics Dashboard — DevCard</title>
+</svelte:head>
+
+<main class="analytics-container">
+	<header class="dashboard-header">
+		<div class="header-content">
+			<h1>Analytics Dashboard</h1>
+			<p class="subtitle">Track your DevCard performance and reach.</p>
+		</div>
+		<div class="header-actions">
+			<a href="/" class="btn-back">← Back to Home</a>
+		</div>
+	</header>
+
+	{#if error}
+		<div class="error-state">
+			<div class="error-icon">🔒</div>
+			<h2>{error}</h2>
+			<p>Accessing the dashboard requires an active session.</p>
+			<a href="/" class="btn-primary">Return Home</a>
+		</div>
+	{:else if overview}
+		<!-- KPI Overview -->
+		<section class="stats-grid">
+			<div class="stat-card">
+				<span class="stat-label">Total Views</span>
+				<div class="stat-value">{overview.totalViews}</div>
+				<div class="stat-footer">Lifetime views</div>
+			</div>
+			<div class="stat-card accent">
+				<span class="stat-label">Views Today</span>
+				<div class="stat-value">{overview.viewsToday}</div>
+				<div class="stat-footer">Last 24 hours</div>
+			</div>
+			<div class="stat-card">
+				<span class="stat-label">Unique Viewers</span>
+				<div class="stat-value">{overview.uniqueViewers}</div>
+				<div class="stat-footer">By IP & Account</div>
+			</div>
+			<div class="stat-card">
+				<span class="stat-label">Total Follows</span>
+				<div class="stat-value">{overview.totalFollows}</div>
+				<div class="stat-footer">Success via engine</div>
+			</div>
+		</section>
+
+		<div class="dashboard-grid">
+			<!-- Recent Views -->
+			<section class="content-block">
+				<h3>Recent Activity</h3>
+				<div class="activity-list">
+					{#each overview.recentViews as view}
+						<div class="activity-item">
+							<div class="activity-avatar">
+								{#if view.viewer?.avatarUrl}
+									<img src={view.viewer.avatarUrl} alt="" />
+								{:else}
+									<div class="avatar-placeholder">{view.viewer?.displayName?.charAt(0) || '?'}</div>
+								{/if}
+							</div>
+							<div class="activity-info">
+								<span class="viewer-name">{view.viewer?.displayName || 'Anonymous User'}</span>
+								<span class="view-source">viewed via {view.source}</span>
+							</div>
+							<div class="activity-time">{formatDate(view.createdAt)}</div>
+						</div>
+					{/each}
+					{#if overview.recentViews.length === 0}
+						<p class="empty-text">No recent activity found.</p>
+					{/if}
+				</div>
+			</section>
+
+			<!-- Detailed Views Table -->
+			<section class="content-block table-block">
+				<div class="block-header">
+					<h3>Detailed View Logs</h3>
+					<span class="badge">{views?.meta?.total || 0} Total</span>
+				</div>
+				<div class="table-container">
+					<table>
+						<thead>
+							<tr>
+								<th>Viewer</th>
+								<th>Card</th>
+								<th>Source</th>
+								<th>IP Address</th>
+								<th>Date</th>
+							</tr>
+						</thead>
+						<tbody>
+							{#each views?.data || [] as view}
+								<tr>
+									<td>
+										<div class="user-cell">
+											<span class="name">{view.viewer?.displayName || 'Guest'}</span>
+											{#if view.viewer?.username}
+												<span class="username">@{view.viewer.username}</span>
+											{/if}
+										</div>
+									</td>
+									<td>{view.card?.title || 'Profile'}</td>
+									<td><span class="source-tag">{view.source}</span></td>
+									<td><code>{view.viewerIp || '—'}</code></td>
+									<td>{formatDate(view.createdAt)}</td>
+								</tr>
+							{/each}
+						</tbody>
+					</table>
+					{#if !views?.data?.length}
+						<div class="empty-table">No detailed logs available yet.</div>
+					{/if}
+				</div>
+			</section>
+		</div>
+	{/if}
+</main>
+
+<style>
+	.analytics-container {
+		max-width: 1200px;
+		margin: 0 auto;
+		padding: 2rem;
+		min-height: 100vh;
+	}
+
+	.dashboard-header {
+		display: flex;
+		justify-content: space-between;
+		align-items: flex-end;
+		margin-bottom: 3rem;
+		padding-bottom: 1.5rem;
+		border-bottom: 1px solid var(--border);
+	}
+
+	h1 {
+		font-size: 2.5rem;
+		font-weight: 800;
+		letter-spacing: -1px;
+		margin-bottom: 0.5rem;
+	}
+
+	.subtitle {
+		color: var(--text-secondary);
+		font-size: 1.1rem;
+	}
+
+	.btn-back {
+		color: var(--text-muted);
+		font-weight: 600;
+		font-size: 0.9rem;
+		padding: 0.5rem 1rem;
+		border-radius: var(--radius);
+		transition: all 0.2s;
+	}
+
+	.btn-back:hover {
+		color: var(--primary);
+		background: var(--bg-secondary);
+	}
+
+	/* Stats Grid */
+	.stats-grid {
+		display: grid;
+		grid-template-columns: repeat(auto-fit, minmax(240px, 1fr));
+		gap: 1.5rem;
+		margin-bottom: 3rem;
+	}
+
+	.stat-card {
+		background: var(--bg-card);
+		border: 1px solid var(--border);
+		border-radius: var(--radius-lg);
+		padding: 1.5rem;
+		display: flex;
+		flex-direction: column;
+		gap: 0.5rem;
+		transition: transform 0.2s, border-color 0.2s;
+	}
+
+	.stat-card:hover {
+		transform: translateY(-4px);
+		border-color: var(--primary-light);
+	}
+
+	.stat-card.accent {
+		border-color: var(--primary);
+		background: linear-gradient(to bottom right, var(--bg-card), var(--bg-secondary));
+	}
+
+	.stat-label {
+		font-size: 0.85rem;
+		font-weight: 700;
+		color: var(--text-muted);
+		text-transform: uppercase;
+		letter-spacing: 0.5px;
+	}
+
+	.stat-value {
+		font-size: 2.5rem;
+		font-weight: 800;
+		color: var(--text-primary);
+	}
+
+	.stat-footer {
+		font-size: 0.8rem;
+		color: var(--text-secondary);
+	}
+
+	/* Dashboard Layout */
+	.dashboard-grid {
+		display: grid;
+		grid-template-columns: 350px 1fr;
+		gap: 2rem;
+	}
+
+	.content-block {
+		background: var(--bg-card);
+		border: 1px solid var(--border);
+		border-radius: var(--radius-lg);
+		padding: 1.5rem;
+	}
+
+	.content-block h3 {
+		font-size: 1.2rem;
+		font-weight: 700;
+		margin-bottom: 1.5rem;
+	}
+
+	/* Activity List */
+	.activity-list {
+		display: flex;
+		flex-direction: column;
+		gap: 1rem;
+	}
+
+	.activity-item {
+		display: flex;
+		align-items: center;
+		gap: 1rem;
+		padding: 0.75rem;
+		border-radius: var(--radius);
+		background: var(--bg-secondary);
+	}
+
+	.activity-avatar img, .avatar-placeholder {
+		width: 40px;
+		height: 40px;
+		border-radius: 50%;
+		background: var(--bg-elevated);
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		font-weight: 700;
+	}
+
+	.activity-info {
+		flex: 1;
+		display: flex;
+		flex-direction: column;
+	}
+
+	.viewer-name {
+		font-size: 0.9rem;
+		font-weight: 600;
+	}
+
+	.view-source {
+		font-size: 0.75rem;
+		color: var(--text-muted);
+	}
+
+	.activity-time {
+		font-size: 0.75rem;
+		color: var(--text-muted);
+	}
+
+	/* Table */
+	.table-block {
+		overflow: hidden;
+	}
+
+	.block-header {
+		display: flex;
+		justify-content: space-between;
+		align-items: center;
+		margin-bottom: 1.5rem;
+	}
+
+	.badge {
+		background: var(--primary);
+		color: white;
+		font-size: 0.75rem;
+		font-weight: 700;
+		padding: 0.25rem 0.75rem;
+		border-radius: 20px;
+	}
+
+	.table-container {
+		width: 100%;
+		overflow-x: auto;
+	}
+
+	table {
+		width: 100%;
+		border-collapse: collapse;
+		font-size: 0.9rem;
+	}
+
+	th {
+		text-align: left;
+		padding: 1rem;
+		border-bottom: 1px solid var(--border);
+		color: var(--text-muted);
+		font-weight: 600;
+		background: var(--bg-secondary);
+	}
+
+	td {
+		padding: 1rem;
+		border-bottom: 1px solid var(--border);
+	}
+
+	.user-cell {
+		display: flex;
+		flex-direction: column;
+	}
+
+	.user-cell .name { font-weight: 600; }
+	.user-cell .username { font-size: 0.8rem; color: var(--text-muted); }
+
+	.source-tag {
+		background: var(--bg-elevated);
+		padding: 0.2rem 0.5rem;
+		border-radius: 4px;
+		font-size: 0.75rem;
+		font-weight: 600;
+		text-transform: capitalize;
+	}
+
+	code {
+		font-family: monospace;
+		color: var(--text-secondary);
+		background: var(--bg-secondary);
+		padding: 0.1rem 0.3rem;
+		border-radius: 4px;
+	}
+
+	.empty-text, .empty-table {
+		text-align: center;
+		color: var(--text-muted);
+		padding: 2rem;
+		font-style: italic;
+	}
+
+	/* Error State */
+	.error-state {
+		text-align: center;
+		padding: 5rem 2rem;
+		background: var(--bg-card);
+		border: 1px solid var(--border);
+		border-radius: var(--radius-xl);
+		max-width: 500px;
+		margin: 4rem auto;
+	}
+
+	.error-icon { font-size: 4rem; margin-bottom: 1.5rem; }
+	.error-state h2 { margin-bottom: 1rem; }
+	.error-state p { color: var(--text-secondary); margin-bottom: 2rem; }
+
+	.btn-primary {
+		background: var(--primary);
+		color: white;
+		padding: 0.75rem 2rem;
+		border-radius: var(--radius);
+		font-weight: 700;
+		box-shadow: 0 4px 12px rgba(99, 102, 241, 0.3);
+	}
+
+	@media (max-width: 1024px) {
+		.dashboard-grid {
+			grid-template-columns: 1fr;
+		}
+	}
+
+	@media (max-width: 768px) {
+		.analytics-container { padding: 1rem; }
+		.dashboard-header { flex-direction: column; align-items: flex-start; gap: 1rem; }
+		h1 { font-size: 2rem; }
+	}
+</style>

From 8b6fb19ff61c2952192c7e87ff300cb14c494f01 Mon Sep 17 00:00:00 2001
From: Parth Patidar <parth11.patidar@gmail.com>
Date: Sun, 17 May 2026 16:31:14 +0530
Subject: [PATCH 2/6] Fix database connection and add dev login bypass for
 analytics

---
 apps/backend/src/app.ts                       |  3 +++
 apps/backend/src/routes/auth.ts               | 22 +++++++++++++++++++
 apps/web/postcss.config.js                    |  3 +++
 .../routes/devcard/analytics/+page.server.ts  |  8 ++++---
 4 files changed, 33 insertions(+), 3 deletions(-)
 create mode 100644 apps/web/postcss.config.js

diff --git a/apps/backend/src/app.ts b/apps/backend/src/app.ts
index dc023a2..a414244 100644
--- a/apps/backend/src/app.ts
+++ b/apps/backend/src/app.ts
@@ -60,6 +60,9 @@ export async function buildApp() {
   // ─── Auth Decorator ───
   app.decorate('authenticate', async function (request: any, reply: any) {
     try {
+      if (!request.headers.authorization && request.cookies && request.cookies.token) {
+        request.headers.authorization = `Bearer ${request.cookies.token}`;
+      }
       await request.jwtVerify();
     } catch (err) {
       reply.status(401).send({ error: 'Unauthorized' });
diff --git a/apps/backend/src/routes/auth.ts b/apps/backend/src/routes/auth.ts
index e12f10a..cd2a897 100644
--- a/apps/backend/src/routes/auth.ts
+++ b/apps/backend/src/routes/auth.ts
@@ -284,6 +284,28 @@ export async function authRoutes(app: FastifyInstance) {
     reply.clearCookie('token', { path: '/' });
     return { message: 'Logged out' };
   });
+
+  // ─── Dev Login Bypass ───
+  app.get('/dev-login', async (request: FastifyRequest, reply: FastifyReply) => {
+    const user = await app.prisma.user.findUnique({
+      where: { username: 'devcard-demo' },
+    });
+    if (!user) {
+      return reply.status(404).send({ error: 'Demo user not found' });
+    }
+    const token = app.jwt.sign(
+      { id: user.id, username: user.username },
+      { expiresIn: '30d' }
+    );
+    reply.setCookie('token', token, {
+      httpOnly: true,
+      secure: false,
+      sameSite: 'lax',
+      path: '/',
+      maxAge: 30 * 24 * 60 * 60,
+    });
+    return reply.redirect(`${process.env.PUBLIC_APP_URL || 'http://localhost:5173'}/devcard/analytics`);
+  });
 }
 
 function generateState(): string {
diff --git a/apps/web/postcss.config.js b/apps/web/postcss.config.js
new file mode 100644
index 0000000..5bacb78
--- /dev/null
+++ b/apps/web/postcss.config.js
@@ -0,0 +1,3 @@
+export default {
+  plugins: {}
+};
diff --git a/apps/web/src/routes/devcard/analytics/+page.server.ts b/apps/web/src/routes/devcard/analytics/+page.server.ts
index 6fa597a..4f2dbc4 100644
--- a/apps/web/src/routes/devcard/analytics/+page.server.ts
+++ b/apps/web/src/routes/devcard/analytics/+page.server.ts
@@ -2,11 +2,13 @@ import type { PageServerLoad } from './$types';
 
 const API_BASE = process.env.BACKEND_URL || 'http://localhost:3000';
 
-export const load: PageServerLoad = async ({ fetch }) => {
+export const load: PageServerLoad = async ({ fetch, request }) => {
 	try {
+		const cookie = request.headers.get('cookie') || '';
+		const headers = { cookie };
 		const [overviewRes, viewsRes] = await Promise.all([
-			fetch(`${API_BASE}/api/analytics/overview`),
-			fetch(`${API_BASE}/api/analytics/views`)
+			fetch(`${API_BASE}/api/analytics/overview`, { headers }),
+			fetch(`${API_BASE}/api/analytics/views`, { headers })
 		]);
 
 		if (!overviewRes.ok || !viewsRes.ok) {

From ceb2c7746f4e53644c6eeb451b8ac7d31720ec0c Mon Sep 17 00:00:00 2001
From: Parth Patidar <parth11.patidar@gmail.com>
Date: Sun, 17 May 2026 16:35:32 +0530
Subject: [PATCH 3/6] Add dev login bypass button to frontend analytics lock
 screen

---
 apps/web/src/routes/devcard/analytics/+page.svelte | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/web/src/routes/devcard/analytics/+page.svelte b/apps/web/src/routes/devcard/analytics/+page.svelte
index e9a4616..ce736ff 100644
--- a/apps/web/src/routes/devcard/analytics/+page.svelte
+++ b/apps/web/src/routes/devcard/analytics/+page.svelte
@@ -35,7 +35,10 @@
 			<div class="error-icon">🔒</div>
 			<h2>{error}</h2>
 			<p>Accessing the dashboard requires an active session.</p>
-			<a href="/" class="btn-primary">Return Home</a>
+			<div style="display: flex; gap: 1rem; justify-content: center; margin-top: 1.5rem;">
+				<a href="/" class="btn-secondary" style="border: 1px solid var(--border); padding: 0.75rem 1.5rem; border-radius: var(--radius); text-decoration: none; color: var(--text-secondary);">Return Home</a>
+				<a href="http://localhost:3000/auth/dev-login" class="btn-primary" style="background: var(--primary); color: white; padding: 0.75rem 1.5rem; border-radius: var(--radius); text-decoration: none; font-weight: 600; box-shadow: 0 4px 16px rgba(99, 102, 241, 0.4);">Dev Login Bypass</a>
+			</div>
 		</div>
 	{:else if overview}
 		<!-- KPI Overview -->

From 9a8b89b92f3253df756f2345ddca75f7c43b0964 Mon Sep 17 00:00:00 2001
From: Parth Patidar <parth11.patidar@gmail.com>
Date: Sun, 17 May 2026 16:46:52 +0530
Subject: [PATCH 4/6] fix backend typescript compilation and logging errors

---
 apps/backend/src/app.ts            | 7 +++++++
 apps/backend/src/routes/auth.ts    | 4 ++--
 apps/backend/src/routes/connect.ts | 7 ++++---
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/apps/backend/src/app.ts b/apps/backend/src/app.ts
index a414244..65f38d3 100644
--- a/apps/backend/src/app.ts
+++ b/apps/backend/src/app.ts
@@ -8,6 +8,13 @@ import fastifyStatic from '@fastify/static';
 import path from 'path';
 import { fileURLToPath } from 'url';
 
+declare module 'fastify' {
+  interface FastifyInstance {
+    authenticate: any;
+  }
+}
+
+
 import { prismaPlugin } from './plugins/prisma.js';
 import { redisPlugin } from './plugins/redis.js';
 import { authRoutes } from './routes/auth.js';
diff --git a/apps/backend/src/routes/auth.ts b/apps/backend/src/routes/auth.ts
index cd2a897..7d8eb1e 100644
--- a/apps/backend/src/routes/auth.ts
+++ b/apps/backend/src/routes/auth.ts
@@ -134,7 +134,7 @@ export async function authRoutes(app: FastifyInstance) {
 
       return reply.redirect(`${process.env.PUBLIC_APP_URL}/dashboard`);
     } catch (err) {
-      app.log.error('GitHub auth error:', err);
+      app.log.error(err as any, 'GitHub auth error');
       return reply.status(500).send({ error: 'Authentication failed' });
     }
   });
@@ -235,7 +235,7 @@ export async function authRoutes(app: FastifyInstance) {
 
       return reply.redirect(`${process.env.PUBLIC_APP_URL}/dashboard`);
     } catch (err) {
-      app.log.error('Google auth error:', err);
+      app.log.error(err as any, 'Google auth error');
       return reply.status(500).send({ error: 'Authentication failed' });
     }
   });
diff --git a/apps/backend/src/routes/connect.ts b/apps/backend/src/routes/connect.ts
index 88db14c..268f282 100644
--- a/apps/backend/src/routes/connect.ts
+++ b/apps/backend/src/routes/connect.ts
@@ -1,4 +1,5 @@
 import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import { encrypt } from '../utils/encryption.js';
 
 const GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize';
 const GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token';
@@ -81,12 +82,12 @@ export async function connectRoutes(app: FastifyInstance) {
       const tokenData = (await tokenRes.json()) as any;
 
       if (tokenData.error) {
-        app.log.error('GitHub connect token error:', tokenData);
+        app.log.error(tokenData, 'GitHub connect token error');
         return reply.redirect(`${process.env.PUBLIC_APP_URL}/settings?error=connect_failed`);
       }
 
       // Encrypt and store the token
-      const encryptedToken = app.encryption.encrypt(tokenData.access_token);
+      const encryptedToken = encrypt(tokenData.access_token);
       
       await app.prisma.oAuthToken.upsert({
         where: {
@@ -116,7 +117,7 @@ export async function connectRoutes(app: FastifyInstance) {
       return reply.redirect(`${process.env.PUBLIC_APP_URL}/settings?connected=github`);
       
     } catch (err) {
-      app.log.error('GitHub connect error:', err);
+      app.log.error(err as any, 'GitHub connect error');
       return reply.redirect(`${process.env.PUBLIC_APP_URL}/settings?error=server_error`);
     }
   });

From e043b581f9383577ce630496d79aa20b39e73342 Mon Sep 17 00:00:00 2001
From: Parth Patidar <parth11.patidar@gmail.com>
Date: Sun, 17 May 2026 16:55:25 +0530
Subject: [PATCH 5/6] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Parth Patidar <parth11.patidar@gmail.com>
---
 apps/web/postcss.config.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/web/postcss.config.js b/apps/web/postcss.config.js
index 5bacb78..8c589bb 100644
--- a/apps/web/postcss.config.js
+++ b/apps/web/postcss.config.js
@@ -1,3 +1,5 @@
 export default {
-  plugins: {}
+  plugins: {
+    autoprefixer: {}
+  }
 };

From 299119cb5c7a424382710580ac5c746cd379b099 Mon Sep 17 00:00:00 2001
From: Parth Patidar <parth11.patidar@gmail.com>
Date: Sun, 17 May 2026 16:58:46 +0530
Subject: [PATCH 6/6] Implement daily views interactive charts and secure dev
 login analytics backend

---
 apps/backend/src/routes/auth.ts               |  40 +-
 apps/web/postcss.config.js                    |   6 +-
 .../routes/devcard/analytics/+page.server.ts  |  85 ++++-
 .../src/routes/devcard/analytics/+page.svelte | 347 +++++++++++++++++-
 4 files changed, 435 insertions(+), 43 deletions(-)

diff --git a/apps/backend/src/routes/auth.ts b/apps/backend/src/routes/auth.ts
index 7d8eb1e..da47fcb 100644
--- a/apps/backend/src/routes/auth.ts
+++ b/apps/backend/src/routes/auth.ts
@@ -286,26 +286,28 @@ export async function authRoutes(app: FastifyInstance) {
   });
 
   // ─── Dev Login Bypass ───
-  app.get('/dev-login', async (request: FastifyRequest, reply: FastifyReply) => {
-    const user = await app.prisma.user.findUnique({
-      where: { username: 'devcard-demo' },
-    });
-    if (!user) {
-      return reply.status(404).send({ error: 'Demo user not found' });
-    }
-    const token = app.jwt.sign(
-      { id: user.id, username: user.username },
-      { expiresIn: '30d' }
-    );
-    reply.setCookie('token', token, {
-      httpOnly: true,
-      secure: false,
-      sameSite: 'lax',
-      path: '/',
-      maxAge: 30 * 24 * 60 * 60,
+  if (process.env.NODE_ENV !== 'production') {
+    app.get('/dev-login', async (request: FastifyRequest, reply: FastifyReply) => {
+      const user = await app.prisma.user.findUnique({
+        where: { username: 'devcard-demo' },
+      });
+      if (!user) {
+        return reply.status(404).send({ error: 'Demo user not found' });
+      }
+      const token = app.jwt.sign(
+        { id: user.id, username: user.username },
+        { expiresIn: '30d' }
+      );
+      reply.setCookie('token', token, {
+        httpOnly: true,
+        secure: false,
+        sameSite: 'lax',
+        path: '/',
+        maxAge: 30 * 24 * 60 * 60,
+      });
+      return reply.redirect(`${process.env.PUBLIC_APP_URL || 'http://localhost:5173'}/devcard/analytics`);
     });
-    return reply.redirect(`${process.env.PUBLIC_APP_URL || 'http://localhost:5173'}/devcard/analytics`);
-  });
+  }
 }
 
 function generateState(): string {
diff --git a/apps/web/postcss.config.js b/apps/web/postcss.config.js
index 8c589bb..8c0f51b 100644
--- a/apps/web/postcss.config.js
+++ b/apps/web/postcss.config.js
@@ -1,5 +1,5 @@
 export default {
-  plugins: {
-    autoprefixer: {}
-  }
+	plugins: {
+		autoprefixer: {}
+	}
 };
diff --git a/apps/web/src/routes/devcard/analytics/+page.server.ts b/apps/web/src/routes/devcard/analytics/+page.server.ts
index 4f2dbc4..8898e1b 100644
--- a/apps/web/src/routes/devcard/analytics/+page.server.ts
+++ b/apps/web/src/routes/devcard/analytics/+page.server.ts
@@ -1,36 +1,89 @@
 import type { PageServerLoad } from './$types';
+import { redirect } from '@sveltejs/kit';
+import { dev } from '$app/environment';
 
 const API_BASE = process.env.BACKEND_URL || 'http://localhost:3000';
 
-export const load: PageServerLoad = async ({ fetch, request }) => {
+export interface AnalyticsOverview {
+	totalViews: number;
+	viewsToday: number;
+	uniqueViewers: number;
+	totalFollows: number;
+	recentViews: Array<{
+		createdAt: string;
+		source: string;
+		viewer?: {
+			avatarUrl?: string;
+			displayName?: string;
+		};
+	}>;
+}
+
+export interface AnalyticsViews {
+	meta: {
+		total: number;
+	};
+	data: Array<{
+		createdAt: string;
+		source: string;
+		viewerIp?: string;
+		viewer?: {
+			displayName?: string;
+			username?: string;
+		};
+		card?: {
+			title?: string;
+		};
+	}>;
+}
+
+export const load: PageServerLoad = async ({ fetch, cookies }) => {
+	const token = cookies.get('token');
+
+	if (!token) {
+		if (!dev) {
+			throw redirect(302, '/');
+		}
+		return {
+			overview: null,
+			views: null,
+			error: 'Please log in to view analytics'
+		};
+	}
+
 	try {
-		const cookie = request.headers.get('cookie') || '';
-		const headers = { cookie };
+		const headers = { Authorization: `Bearer ${token}` };
 		const [overviewRes, viewsRes] = await Promise.all([
 			fetch(`${API_BASE}/api/analytics/overview`, { headers }),
 			fetch(`${API_BASE}/api/analytics/views`, { headers })
 		]);
 
 		if (!overviewRes.ok || !viewsRes.ok) {
-			// If unauthorized, we might return mock data for demonstration purposes 
-			// in this dev phase, but officially we should return error.
-			// Let's return error to follow "nothing that can break in production"
-			return { 
-				overview: null, 
-				views: null, 
-				error: 'Please log in to view analytics' 
+			if (overviewRes.status === 401 || viewsRes.status === 401) {
+				if (!dev) {
+					throw redirect(302, '/');
+				}
+			}
+			return {
+				overview: null,
+				views: null,
+				error: 'Please log in to view analytics'
 			};
 		}
 
-		const overview = await overviewRes.json();
-		const views = await viewsRes.json();
+		const overview = (await overviewRes.json()) as AnalyticsOverview;
+		const views = (await viewsRes.json()) as AnalyticsViews;
 
 		return { overview, views, error: null };
 	} catch (err) {
-		return { 
-			overview: null, 
-			views: null, 
-			error: 'Analytics service unavailable' 
+		// If it's a redirect thrown by SvelteKit, let it bubble up
+		if (err && typeof err === 'object' && 'status' in err && 'location' in err) {
+			throw err;
+		}
+		return {
+			overview: null,
+			views: null,
+			error: 'Analytics service unavailable'
 		};
 	}
 };
diff --git a/apps/web/src/routes/devcard/analytics/+page.svelte b/apps/web/src/routes/devcard/analytics/+page.svelte
index ce736ff..f530845 100644
--- a/apps/web/src/routes/devcard/analytics/+page.svelte
+++ b/apps/web/src/routes/devcard/analytics/+page.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
 	import type { PageData } from './$types';
+	import { dev } from '$app/environment';
 
 	let { data }: { data: PageData } = $props();
 
@@ -13,6 +14,92 @@
 			minute: '2-digit'
 		});
 	}
+
+	function isValidAvatar(url: string | null | undefined): boolean {
+		if (!url) return false;
+		try {
+			const lowerUrl = url.toLowerCase().trim();
+			if (lowerUrl.startsWith('javascript:')) return false;
+			return lowerUrl.startsWith('http://') || lowerUrl.startsWith('https://') || lowerUrl.startsWith('/') || lowerUrl.startsWith('data:image/');
+		} catch {
+			return false;
+		}
+	}
+
+	const dailyViewsData = (() => {
+		if (!views?.data) return [];
+		const days = Array.from({ length: 7 }, (_, i) => {
+			const d = new Date();
+			d.setDate(d.getDate() - i);
+			return d.toISOString().split('T')[0];
+		}).reverse();
+
+		const counts = days.reduce((acc, day) => {
+			acc[day] = 0;
+			return acc;
+		}, {} as Record<string, number>);
+
+		views.data.forEach(v => {
+			if (!v.createdAt) return;
+			const day = v.createdAt.split('T')[0];
+			if (day in counts) {
+				counts[day]++;
+			}
+		});
+
+		return days.map(day => ({
+			label: new Date(day).toLocaleDateString('en-US', { weekday: 'short' }),
+			count: counts[day]
+		}));
+	})();
+
+	const maxViews = Math.max(...dailyViewsData.map(d => d.count), 5);
+
+	const chartPoints = dailyViewsData.map((d, i) => {
+		const x = (i / 6) * 440 + 30;
+		const y = 170 - (d.count / maxViews) * 120;
+		return { x, y, ...d };
+	});
+
+	const linePath = chartPoints.map((p, i) => `${i === 0 ? 'M' : 'L'} ${p.x} ${p.y}`).join(' ');
+	const areaPath = chartPoints.length ? `${linePath} L ${chartPoints[chartPoints.length - 1].x} 170 L ${chartPoints[0].x} 170 Z` : '';
+
+	const platformClicks = (() => {
+		if (!views?.data) return [];
+		const counts = {} as Record<string, number>;
+		views.data.forEach(v => {
+			const src = v.source || 'Direct';
+			counts[src] = (counts[src] || 0) + 1;
+		});
+		return Object.entries(counts)
+			.map(([platform, count]) => ({ platform, count }))
+			.sort((a, b) => b.count - a.count);
+	})();
+
+	function downloadCSV() {
+		if (!views?.data) return;
+		const headers = ['Viewer Name', 'Username', 'Card Title', 'Source', 'IP Address', 'Date'];
+		const rows = views.data.map(v => [
+			v.viewer?.displayName || 'Guest',
+			v.viewer?.username ? `@${v.viewer.username}` : '',
+			v.card?.title || 'Profile',
+			v.source,
+			v.viewerIp || '',
+			v.createdAt
+		]);
+		const csvContent = [headers, ...rows]
+			.map(row => row.map(val => `"${String(val).replace(/"/g, '""')}"`).join(','))
+			.join('\n');
+
+		const blob = new Blob([csvContent], { type: 'text/csv;charset=utf-8;' });
+		const url = URL.createObjectURL(blob);
+		const link = document.createElement('a');
+		link.href = url;
+		link.setAttribute('download', `devcard_analytics_${new Date().toISOString().split('T')[0]}.csv`);
+		document.body.appendChild(link);
+		link.click();
+		document.body.removeChild(link);
+	}
 </script>
 
 <svelte:head>
@@ -37,7 +124,9 @@
 			<p>Accessing the dashboard requires an active session.</p>
 			<div style="display: flex; gap: 1rem; justify-content: center; margin-top: 1.5rem;">
 				<a href="/" class="btn-secondary" style="border: 1px solid var(--border); padding: 0.75rem 1.5rem; border-radius: var(--radius); text-decoration: none; color: var(--text-secondary);">Return Home</a>
-				<a href="http://localhost:3000/auth/dev-login" class="btn-primary" style="background: var(--primary); color: white; padding: 0.75rem 1.5rem; border-radius: var(--radius); text-decoration: none; font-weight: 600; box-shadow: 0 4px 16px rgba(99, 102, 241, 0.4);">Dev Login Bypass</a>
+				{#if dev}
+					<a href="http://localhost:3000/auth/dev-login" class="btn-primary" style="background: var(--primary); color: white; padding: 0.75rem 1.5rem; border-radius: var(--radius); text-decoration: none; font-weight: 600; box-shadow: 0 4px 16px rgba(99, 102, 241, 0.4);">Dev Login Bypass</a>
+				{/if}
 			</div>
 		</div>
 	{:else if overview}
@@ -65,6 +154,87 @@
 			</div>
 		</section>
 
+		<!-- Visual Insights: Daily Chart & Platform Clicks -->
+		<div class="insights-grid">
+			<section class="content-block chart-block">
+				<div class="block-header">
+					<h3>Daily Views (Last 7 Days)</h3>
+					<span class="badge secondary">Interactive</span>
+				</div>
+				<div class="chart-container">
+					{#if dailyViewsData.length > 0}
+						<svg viewBox="0 0 500 200" class="chart-svg">
+							<defs>
+								<linearGradient id="chart-grad" x1="0" y1="0" x2="0" y2="1">
+									<stop offset="0%" stop-color="var(--primary)" stop-opacity="0.25"/>
+									<stop offset="100%" stop-color="var(--primary)" stop-opacity="0.0"/>
+								</linearGradient>
+							</defs>
+							<!-- Grid horizontal lines -->
+							<line x1="20" y1="40" x2="480" y2="40" stroke="var(--border)" stroke-width="1" stroke-dasharray="3 3" />
+							<line x1="20" y1="90" x2="480" y2="90" stroke="var(--border)" stroke-width="1" stroke-dasharray="3 3" />
+							<line x1="20" y1="140" x2="480" y2="140" stroke="var(--border)" stroke-width="1" stroke-dasharray="3 3" />
+							<line x1="20" y1="170" x2="480" y2="170" stroke="var(--border)" stroke-width="1" />
+
+							<!-- Polyline Area (Fill) -->
+							{#if areaPath}
+								<path d={areaPath} fill="url(#chart-grad)" />
+							{/if}
+
+							<!-- Polyline Path (Line) -->
+							{#if linePath}
+								<path d={linePath} fill="none" stroke="var(--primary)" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" />
+							{/if}
+
+							<!-- Interactive Data points -->
+							{#each chartPoints as pt}
+								<g class="chart-point-group">
+									<circle cx={pt.x} cy={pt.y} r="5" fill="var(--bg-card)" stroke="var(--primary)" stroke-width="3" class="chart-point" />
+									<text x={pt.x} y={pt.y - 12} text-anchor="middle" class="chart-value" font-size="10" font-weight="700" fill="var(--text-primary)">
+										{pt.count}
+									</text>
+								</g>
+							{/each}
+
+							<!-- X-Axis Labels -->
+							{#each chartPoints as pt}
+								<text x={pt.x} y="190" text-anchor="middle" font-size="10" font-weight="600" fill="var(--text-muted)">
+									{pt.label}
+								</text>
+							{/each}
+						</svg>
+					{:else}
+						<div class="empty-text">No view statistics available yet.</div>
+					{/if}
+				</div>
+			</section>
+
+			<section class="content-block platform-block">
+				<div class="block-header">
+					<h3>Platform Click Rankings</h3>
+					<span class="badge secondary">Real-time</span>
+				</div>
+				<div class="platform-list">
+					{#each platformClicks as item, index}
+						<div class="platform-row">
+							<div class="platform-meta">
+								<span class="platform-name">
+									<span class="rank">#{index + 1}</span> {item.platform}
+								</span>
+								<span class="platform-count">{item.count} clicks</span>
+							</div>
+							<div class="progress-bar-container">
+								<div class="progress-bar-fill" style="width: {(item.count / Math.max(...platformClicks.map(p => p.count), 1)) * 100}%; background: linear-gradient(to right, var(--primary), var(--primary-light));"></div>
+							</div>
+						</div>
+					{/each}
+					{#if platformClicks.length === 0}
+						<p class="empty-text">No platform click details available yet.</p>
+					{/if}
+				</div>
+			</section>
+		</div>
+
 		<div class="dashboard-grid">
 			<!-- Recent Views -->
 			<section class="content-block">
@@ -73,7 +243,7 @@
 					{#each overview.recentViews as view}
 						<div class="activity-item">
 							<div class="activity-avatar">
-								{#if view.viewer?.avatarUrl}
+								{#if isValidAvatar(view.viewer?.avatarUrl)}
 									<img src={view.viewer.avatarUrl} alt="" />
 								{:else}
 									<div class="avatar-placeholder">{view.viewer?.displayName?.charAt(0) || '?'}</div>
@@ -94,9 +264,17 @@
 
 			<!-- Detailed Views Table -->
 			<section class="content-block table-block">
-				<div class="block-header">
-					<h3>Detailed View Logs</h3>
-					<span class="badge">{views?.meta?.total || 0} Total</span>
+				<div class="block-header table-header">
+					<div class="title-meta">
+						<h3>Detailed View Logs</h3>
+						<span class="badge">{views?.meta?.total || 0} Total</span>
+					</div>
+					<button onclick={downloadCSV} class="btn-csv-download" title="Export current logs as CSV">
+						<svg class="csv-icon" viewBox="0 0 24 24" width="16" height="16">
+							<path fill="currentColor" d="M14 2H6c-1.1 0-1.99.9-1.99 2L4 20c0 1.1.89 2 1.99 2H18c1.1 0 2-.9 2-2V8l-6-6zm2 16H8v-2h8v2zm0-4H8v-2h8v2zm-3-5V3.5L18.5 9H13z"/>
+						</svg>
+						Export CSV
+					</button>
 				</div>
 				<div class="table-container">
 					<table>
@@ -398,7 +576,166 @@
 		box-shadow: 0 4px 12px rgba(99, 102, 241, 0.3);
 	}
 
+	/* Insights Row Grid */
+	.insights-grid {
+		display: grid;
+		grid-template-columns: 1fr 1fr;
+		gap: 2rem;
+		margin-bottom: 3rem;
+	}
+
+	.chart-block, .platform-block {
+		background: var(--bg-card);
+		border: 1px solid var(--border);
+		border-radius: var(--radius-lg);
+		padding: 1.5rem;
+		transition: border-color 0.2s;
+	}
+
+	.chart-block:hover, .platform-block:hover {
+		border-color: var(--primary-light);
+	}
+
+	.chart-container {
+		width: 100%;
+		padding-top: 1rem;
+	}
+
+	.chart-svg {
+		width: 100%;
+		height: auto;
+		overflow: visible;
+	}
+
+	.chart-point {
+		transition: r 0.2s ease, stroke-width 0.2s ease;
+		cursor: pointer;
+	}
+
+	.chart-point-group:hover .chart-point {
+		r: 7;
+		stroke-width: 4px;
+	}
+
+	.chart-value {
+		opacity: 0;
+		transition: opacity 0.2s ease, transform 0.2s ease;
+		pointer-events: none;
+	}
+
+	.chart-point-group:hover .chart-value {
+		opacity: 1;
+	}
+
+	/* Platform Progress Clicks */
+	.platform-list {
+		display: flex;
+		flex-direction: column;
+		gap: 1.25rem;
+		margin-top: 0.5rem;
+	}
+
+	.platform-row {
+		display: flex;
+		flex-direction: column;
+		gap: 0.5rem;
+	}
+
+	.platform-meta {
+		display: flex;
+		justify-content: space-between;
+		font-size: 0.9rem;
+		align-items: center;
+	}
+
+	.platform-name {
+		font-weight: 700;
+		color: var(--text-primary);
+		display: flex;
+		align-items: center;
+		gap: 0.5rem;
+	}
+
+	.rank {
+		color: var(--primary);
+		font-size: 0.75rem;
+		font-weight: 800;
+		background: rgba(99, 102, 241, 0.1);
+		padding: 0.15rem 0.4rem;
+		border-radius: 4px;
+	}
+
+	.platform-count {
+		font-weight: 600;
+		color: var(--text-muted);
+	}
+
+	.progress-bar-container {
+		width: 100%;
+		height: 8px;
+		background: var(--bg-secondary);
+		border-radius: 4px;
+		overflow: hidden;
+	}
+
+	.progress-bar-fill {
+		height: 100%;
+		border-radius: 4px;
+		transition: width 1s cubic-bezier(0.4, 0, 0.2, 1);
+	}
+
+	/* CSV Export Button */
+	.btn-csv-download {
+		display: inline-flex;
+		align-items: center;
+		gap: 0.5rem;
+		background: var(--bg-secondary);
+		color: var(--text-primary);
+		border: 1px solid var(--border);
+		padding: 0.5rem 1rem;
+		border-radius: var(--radius);
+		font-size: 0.85rem;
+		font-weight: 600;
+		cursor: pointer;
+		transition: all 0.2s;
+	}
+
+	.btn-csv-download:hover {
+		background: var(--primary);
+		color: white;
+		border-color: var(--primary);
+		box-shadow: 0 4px 12px rgba(99, 102, 241, 0.2);
+	}
+
+	.csv-icon {
+		transition: transform 0.2s;
+	}
+
+	.btn-csv-download:hover .csv-icon {
+		transform: translateY(1px);
+	}
+
+	.badge.secondary {
+		background: rgba(99, 102, 241, 0.1);
+		color: var(--primary);
+		border: 1px solid rgba(99, 102, 241, 0.2);
+	}
+
+	.title-meta {
+		display: flex;
+		align-items: center;
+		gap: 1rem;
+	}
+
+	.table-header {
+		margin-bottom: 1.5rem;
+	}
+
 	@media (max-width: 1024px) {
+		.insights-grid {
+			grid-template-columns: 1fr;
+			gap: 1.5rem;
+		}
 		.dashboard-grid {
 			grid-template-columns: 1fr;
 		}