fix: address security review findings, implement real cache clearing, and fix lifecycle promises

shared/lib/env.ts

@@ -7,6 +7,7 @@ const envSchema = z.object({
     DATABASE_URL: z.string().min(1, "Database URL is required"),
     PORT: z.coerce.number().default(3000),
     HOST: z.string().default("127.0.0.1"),
+    ADMIN_TOKEN: z.string().min(8, "ADMIN_TOKEN must be at least 8 characters"),
 });
 
 const parsedEnv = envSchema.safeParse(process.env);

shared/modules/dashboard/dashboard.types.ts

@@ -59,6 +59,12 @@ export const ClientStatsSchema = z.object({
 
 export type ClientStats = z.infer<typeof ClientStatsSchema>;
 
+// Action Schemas
+export const MaintenanceModeSchema = z.object({
+    enabled: z.boolean(),
+    reason: z.string().optional(),
+});
+
 // WebSocket Message Schemas
 export const WsMessageSchema = z.discriminatedUnion("type", [
     z.object({ type: z.literal("PING") }),

shared/modules/economy/lootdrop.service.ts

@@ -163,6 +163,11 @@ class LootdropService {
             return { success: false, error: "An error occurred while processing the reward." };
         }
     }
+    public async clearCaches() {
+        this.channelActivity.clear();
+        this.channelCooldowns.clear();
+        console.log("[LootdropService] Caches cleared via administrative action.");
+    }
 }
 
 export const lootdropService = new LootdropService();

shared/modules/trade/trade.service.ts

@@ -196,5 +196,10 @@ export const tradeService = {
         });
 
         tradeService.endSession(threadId);
+    },
+
+    clearSessions: () => {
+        sessions.clear();
+        console.log("[TradeService] All active trade sessions cleared.");
     }
 };