feat: add error pages, harden DB layer and compliance module

- Add HTTP error pages (400, 401, 403, 408, 429, 500, 502, 503)
- Add maintenance, offline, and system status pages
- Harden db/core.ts, db/apiKeys.ts, db/cliToolState.ts, db/backup.ts
- Strengthen compliance/index.ts audit logging
- Improve container.ts DI registrations
- Fix dataPaths.ts and tokenHealthCheck.ts

Author: diegosouzapw

src/app/.well-known/agent.json/route.ts

@@ -0,0 +1,105 @@
+/**
+ * Agent Card Endpoint — /.well-known/agent.json
+ *
+ * Serves the OmniRoute A2A Agent Card for discovery by other agents.
+ * Conforms to A2A Protocol v0.3.
+ *
+ * The Agent Card is dynamically generated to include the current version
+ * from package.json and skills based on available combos.
+ */
+
+import { NextResponse } from "next/server";
+
+const PACKAGE_VERSION = process.env.npm_package_version || "1.8.1";
+const BASE_URL = process.env.OMNIROUTE_BASE_URL || "http://localhost:20128";
+
+/**
+ * GET /.well-known/agent.json
+ *
+ * Returns the OmniRoute Agent Card that describes this gateway's
+ * capabilities as an A2A agent.
+ */
+export async function GET() {
+  const agentCard = {
+    name: "OmniRoute AI Gateway",
+    description:
+      "Intelligent AI routing gateway with 36+ providers, smart fallback, " +
+      "quota tracking, format translation, and auto-managed combos. " +
+      "Routes AI requests to the optimal provider based on cost, latency, " +
+      "quota availability, and task requirements.",
+    url: `${BASE_URL}/a2a`,
+    version: PACKAGE_VERSION,
+    capabilities: {
+      streaming: true,
+      pushNotifications: false,
+    },
+    skills: [
+      {
+        id: "smart-routing",
+        name: "Smart Request Routing",
+        description:
+          "Routes AI requests to the optimal provider based on quota, cost, " +
+          "latency, and reliability. Supports combo-based routing with " +
+          "multiple strategies: priority, weighted, round-robin, cost-optimized.",
+        tags: ["routing", "llm", "optimization", "fallback"],
+        examples: [
+          "Route this coding task to the fastest available model",
+          "Send this review to an analytical model under $0.50 budget",
+          "Find the cheapest provider with available quota",
+        ],
+      },
+      {
+        id: "quota-management",
+        name: "Quota & Cost Management",
+        description:
+          "Tracks and manages API quotas across 36+ providers with " +
+          "auto-fallback when quotas are exhausted. Provides real-time " +
+          "cost tracking and budget enforcement.",
+        tags: ["quota", "cost", "monitoring", "budget"],
+        examples: [
+          "Check remaining quota for all providers",
+          "Which provider has the most available quota?",
+          "Generate a cost report for today",
+        ],
+      },
+      {
+        id: "auto-combo",
+        name: "Auto-Managed Model Combos",
+        description:
+          "Self-healing model chains that dynamically adapt to provider " +
+          "health and quota availability. Uses a scoring function based on " +
+          "quota, health, cost, latency, task fitness, and stability.",
+        tags: ["combo", "auto", "self-healing", "adaptive"],
+        examples: [
+          "Create an auto-managed combo for coding tasks",
+          "Switch to cost-saver mode",
+          "Show the Auto-Combo scoring breakdown",
+        ],
+      },
+      {
+        id: "format-translation",
+        name: "Format Translation",
+        description:
+          "Transparently translates between OpenAI, Claude (Anthropic), " +
+          "Gemini (Google), and Responses API formats. Supports streaming " +
+          "translation for all format pairs.",
+        tags: ["translation", "openai", "claude", "gemini", "responses"],
+        examples: [
+          "Send an OpenAI-format request to Claude",
+          "Translate this Gemini response to OpenAI format",
+        ],
+      },
+    ],
+    authentication: {
+      schemes: ["api-key"],
+      apiKeyHeader: "Authorization",
+    },
+  };
+
+  return NextResponse.json(agentCard, {
+    headers: {
+      "Cache-Control": "public, max-age=3600",
+      "Content-Type": "application/json",
+    },
+  });
+}

src/app/400/page.tsx

@@ -0,0 +1,19 @@
+import ErrorPageScaffold from "@/shared/components/ErrorPageScaffold";
+
+export default function BadRequestPage() {
+  return (
+    <ErrorPageScaffold
+      code="400"
+      icon="rule"
+      title="Bad Request"
+      description="The request payload is invalid or incomplete."
+      suggestions={[
+        "Review required fields and payload format before retrying.",
+        "If you are using the API, validate the JSON schema locally.",
+        "If this keeps happening, open the request in Translator Playground to inspect the payload.",
+      ]}
+      primaryAction={{ href: "/docs", label: "Open Documentation" }}
+      secondaryAction={{ href: "/dashboard/translator", label: "Open Translator" }}
+    />
+  );
+}

src/app/401/page.tsx

@@ -0,0 +1,19 @@
+import ErrorPageScaffold from "@/shared/components/ErrorPageScaffold";
+
+export default function UnauthorizedPage() {
+  return (
+    <ErrorPageScaffold
+      code="401"
+      icon="lock"
+      title="Unauthorized"
+      description="Authentication is required to access this resource."
+      suggestions={[
+        "Sign in again and retry the operation.",
+        "For API calls, confirm the Bearer token is present and valid.",
+        "If the token was recently rotated, update your client credentials.",
+      ]}
+      primaryAction={{ href: "/login", label: "Go to Login" }}
+      secondaryAction={{ href: "/dashboard/api-manager", label: "Manage API Keys" }}
+    />
+  );
+}

src/app/403/page.tsx

@@ -0,0 +1,22 @@
+import ErrorPageScaffold from "@/shared/components/ErrorPageScaffold";
+
+export default function ForbiddenStatusPage() {
+  return (
+    <ErrorPageScaffold
+      code="403"
+      icon="gpp_bad"
+      title="Forbidden"
+      description="Your request was understood, but access is denied by policy."
+      suggestions={[
+        "Check IP allowlist/blocklist rules in settings.",
+        "Verify model and budget policies assigned to your API key.",
+        "Ask an administrator to grant the required permission scope.",
+      ]}
+      primaryAction={{ href: "/forbidden", label: "Open Access Help" }}
+      secondaryAction={{
+        href: "/dashboard/settings?tab=security",
+        label: "Open Security Settings",
+      }}
+    />
+  );
+}

src/app/408/page.tsx

@@ -0,0 +1,19 @@
+import ErrorPageScaffold from "@/shared/components/ErrorPageScaffold";
+
+export default function RequestTimeoutPage() {
+  return (
+    <ErrorPageScaffold
+      code="408"
+      icon="timer_off"
+      title="Request Timeout"
+      description="The server did not receive a complete request in time."
+      suggestions={[
+        "Retry the request with a smaller payload.",
+        "Check your network stability and VPN/proxy latency.",
+        "For long operations, enable streaming or split the request.",
+      ]}
+      primaryAction={{ href: "/dashboard/endpoint", label: "Open Endpoint Guide" }}
+      secondaryAction={{ href: "/status", label: "Check Network Status" }}
+    />
+  );
+}

src/app/429/page.tsx

@@ -0,0 +1,22 @@
+import ErrorPageScaffold from "@/shared/components/ErrorPageScaffold";
+
+export default function TooManyRequestsPage() {
+  return (
+    <ErrorPageScaffold
+      code="429"
+      icon="hourglass_top"
+      title="Too Many Requests"
+      description="Rate limits were exceeded for this client, key, or provider."
+      suggestions={[
+        "Wait for cooldown and retry after the suggested interval.",
+        "Switch to a combo with fallback providers.",
+        "Tune provider resilience/rate-limit profiles in settings.",
+      ]}
+      primaryAction={{
+        href: "/dashboard/settings?tab=resilience",
+        label: "Open Resilience Settings",
+      }}
+      secondaryAction={{ href: "/dashboard/combos", label: "Open Combos" }}
+    />
+  );
+}

src/app/500/page.tsx

@@ -0,0 +1,19 @@
+import ErrorPageScaffold from "@/shared/components/ErrorPageScaffold";
+
+export default function InternalServerErrorPage() {
+  return (
+    <ErrorPageScaffold
+      code="500"
+      icon="warning"
+      title="Internal Server Error"
+      description="An unexpected server-side error occurred while processing your request."
+      suggestions={[
+        "Retry once in a few seconds.",
+        "Check health telemetry and server logs for correlated request IDs.",
+        "If persistent, report the issue with timestamp and request context.",
+      ]}
+      primaryAction={{ href: "/dashboard/health", label: "Open Health Dashboard" }}
+      secondaryAction={{ href: "/dashboard/logs", label: "Open Logs" }}
+    />
+  );
+}

src/app/502/page.tsx

@@ -0,0 +1,19 @@
+import ErrorPageScaffold from "@/shared/components/ErrorPageScaffold";
+
+export default function BadGatewayPage() {
+  return (
+    <ErrorPageScaffold
+      code="502"
+      icon="hub"
+      title="Bad Gateway"
+      description="Upstream provider or gateway integration returned an invalid response."
+      suggestions={[
+        "Retry with another provider or active combo route.",
+        "Check provider credentials and model availability.",
+        "Inspect translator output if format conversion is involved.",
+      ]}
+      primaryAction={{ href: "/dashboard/providers", label: "Open Providers" }}
+      secondaryAction={{ href: "/dashboard/translator", label: "Open Translator" }}
+    />
+  );
+}

src/app/503/page.tsx

@@ -0,0 +1,19 @@
+import ErrorPageScaffold from "@/shared/components/ErrorPageScaffold";
+
+export default function ServiceUnavailablePage() {
+  return (
+    <ErrorPageScaffold
+      code="503"
+      icon="build_circle"
+      title="Service Unavailable"
+      description="The service is temporarily unavailable due to maintenance or degraded dependencies."
+      suggestions={[
+        "Wait a moment and retry.",
+        "Check maintenance notices and system status.",
+        "Use fallback providers if your workflow is latency-sensitive.",
+      ]}
+      primaryAction={{ href: "/maintenance", label: "Maintenance Details" }}
+      secondaryAction={{ href: "/status", label: "System Status" }}
+    />
+  );
+}

src/app/maintenance/page.tsx

@@ -0,0 +1,54 @@
+import Link from "next/link";
+
+export default function MaintenancePage() {
+  return (
+    <main className="min-h-screen bg-bg text-text-main flex items-center justify-center p-6">
+      <section className="w-full max-w-xl rounded-2xl border border-border bg-surface p-8 shadow-soft text-center">
+        <span className="material-symbols-outlined text-5xl text-primary mb-3" aria-hidden="true">
+          construction
+        </span>
+        <h1 className="text-2xl font-semibold">Scheduled Maintenance</h1>
+        <p className="mt-3 text-text-muted leading-relaxed">
+          Some services are temporarily unavailable while maintenance is in progress. Core routing
+          usually remains online, but management features may be degraded.
+        </p>
+
+        <ul className="mt-6 text-sm text-text-muted text-left rounded-xl border border-border bg-bg-alt p-4 space-y-2">
+          <li className="flex items-start gap-2">
+            <span
+              className="material-symbols-outlined text-base text-primary mt-0.5"
+              aria-hidden="true"
+            >
+              info
+            </span>
+            Retry after a few minutes.
+          </li>
+          <li className="flex items-start gap-2">
+            <span
+              className="material-symbols-outlined text-base text-primary mt-0.5"
+              aria-hidden="true"
+            >
+              info
+            </span>
+            Check current health indicators and provider status before retrying.
+          </li>
+        </ul>
+
+        <div className="mt-8 flex flex-col sm:flex-row gap-3">
+          <Link
+            href="/status"
+            className="inline-flex items-center justify-center px-6 py-3 rounded-lg text-white text-sm font-semibold bg-gradient-to-br from-primary to-primary-hover hover:shadow-elevated transition-all duration-200 motion-reduce:transition-none"
+          >
+            View System Status
+          </Link>
+          <Link
+            href="/dashboard/health"
+            className="inline-flex items-center justify-center px-6 py-3 rounded-lg text-sm font-semibold border border-border hover:bg-bg-alt transition-colors duration-200 motion-reduce:transition-none"
+          >
+            Open Health Dashboard
+          </Link>
+        </div>
+      </section>
+    </main>
+  );
+}