feat(web): account data export + sidebar rebrand to "Account"

Step 16 (account / profile) — landed smaller than scoped because turbo-
starter already ships the full /dashboard/settings flow (avatar, name,
email, language, delete-account) and BetterAuth handles security +
sessions out of the box. Reuses that surface; adds the claudemesh-
specific bits only.

- GET /api/my/export — returns a JSON bundle of the user's profile,
  meshes they own, meshes they belong to, invites they've issued, and
  audit events from their OWNED meshes (privacy: don't leak events
  from meshes merely joined). Limited to 5k audit rows.
- ExportData component on /dashboard/settings — button downloads the
  bundle as claudemesh-export-<userId>-<YYYY-MM-DD>.json client-side.
- Sidebar (user group) "settings" label swapped to "account" to match
  the Step 16 naming. Same /dashboard/settings route, same existing
  i18n key ("account" was already in common.json).

No schema changes: user.name (BetterAuth) IS the mesh display name.
meshMember.displayName is the per-join override that lands from the
CLI at registration time.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

packages/api/src/modules/mesh/queries.ts

@@ -10,7 +10,7 @@ import {
   or,
   sql,
 } from "@turbostarter/db";
-import { invite, mesh, meshMember } from "@turbostarter/db/schema";
+import { auditLog, invite, mesh, meshMember } from "@turbostarter/db/schema";
 import { db } from "@turbostarter/db/server";
 
 import type { GetMyMeshesInput } from "../../schema";
@@ -163,6 +163,87 @@ export const getMyMeshById = async ({
   };
 };
 
+export const getMyExport = async ({ userId }: { userId: string }) => {
+  const meshesOwned = await db
+    .select({
+      id: mesh.id,
+      name: mesh.name,
+      slug: mesh.slug,
+      visibility: mesh.visibility,
+      transport: mesh.transport,
+      tier: mesh.tier,
+      createdAt: mesh.createdAt,
+      archivedAt: mesh.archivedAt,
+    })
+    .from(mesh)
+    .where(eq(mesh.ownerUserId, userId));
+
+  const memberships = await db
+    .select({
+      meshId: meshMember.meshId,
+      meshName: mesh.name,
+      meshSlug: mesh.slug,
+      memberId: meshMember.id,
+      displayName: meshMember.displayName,
+      role: meshMember.role,
+      joinedAt: meshMember.joinedAt,
+      revokedAt: meshMember.revokedAt,
+    })
+    .from(meshMember)
+    .leftJoin(mesh, eq(meshMember.meshId, mesh.id))
+    .where(eq(meshMember.userId, userId));
+
+  const invitesSent = await db
+    .select({
+      id: invite.id,
+      meshId: invite.meshId,
+      meshSlug: mesh.slug,
+      role: invite.role,
+      maxUses: invite.maxUses,
+      usedCount: invite.usedCount,
+      expiresAt: invite.expiresAt,
+      createdAt: invite.createdAt,
+      revokedAt: invite.revokedAt,
+    })
+    .from(invite)
+    .leftJoin(mesh, eq(invite.meshId, mesh.id))
+    .where(eq(invite.createdBy, userId));
+
+  // Audit events for the user's owned meshes only (privacy: don't leak
+  // events from meshes the user merely joined)
+  const meshIds = meshesOwned.map((m) => m.id);
+  const auditEvents =
+    meshIds.length > 0
+      ? await db
+          .select({
+            id: auditLog.id,
+            meshId: auditLog.meshId,
+            eventType: auditLog.eventType,
+            actorPeerId: auditLog.actorPeerId,
+            targetPeerId: auditLog.targetPeerId,
+            metadata: sql<Record<string, unknown>>`${auditLog.metadata}`,
+            createdAt: auditLog.createdAt,
+          })
+          .from(auditLog)
+          .where(
+            sql`${auditLog.meshId} = ANY(ARRAY[${sql.join(
+              meshIds.map((id) => sql`${id}`),
+              sql`, `,
+            )}]::text[])`,
+          )
+          .orderBy(desc(auditLog.createdAt))
+          .limit(5000)
+      : [];
+
+  return {
+    exportedAt: new Date().toISOString(),
+    meshesOwned,
+    memberships,
+    invitesSent,
+    auditEvents,
+  };
+};
+
 export const getMyInvitesSent = async ({ userId }: { userId: string }) =>
   db
     .select({

packages/api/src/modules/mesh/router.ts

@@ -16,6 +16,7 @@ import {
   leaveMyMesh,
 } from "./mutations";
 import {
+  getMyExport,
   getMyInvitesSent,
   getMyMeshById,
   getMyMeshes,
@@ -111,4 +112,17 @@ export const myRouter = new Hono<Env>()
   .get("/invites", async (c) => {
     const user = c.var.user;
     return c.json({ sent: await getMyInvitesSent({ userId: user.id }) });
+  })
+  .get("/export", async (c) => {
+    const user = c.var.user;
+    const data = await getMyExport({ userId: user.id });
+    return c.json({
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        createdAt: user.createdAt,
+      },
+      ...data,
+    });
   });