refactor: migrate to ES modules

package.json type=module, tsconfig module/moduleResolution=NodeNext,
target es2022, explicit .js on all relative imports. Center: jsonwebtoken
& bcryptjs switched to default imports (ESM/CJS interop). Verified:
builds, boots, full auth + plugin round-trip work under ESM.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/auth/auth.controller.ts

@@ -1,9 +1,9 @@
 import { Body, Controller, Get, Headers, Param, Patch, Post, UnauthorizedException } from '@nestjs/common';
-import { AuthService } from './auth.service';
-import { LoginDto } from './dto.login.dto';
-import { RefreshDto } from './dto.refresh.dto';
-import { LogoutDto } from './dto.logout.dto';
-import { UpdateMeDto } from './dto.update-me.dto';
+import { AuthService } from './auth.service.js';
+import { LoginDto } from './dto.login.dto.js';
+import { RefreshDto } from './dto.refresh.dto.js';
+import { LogoutDto } from './dto.logout.dto.js';
+import { UpdateMeDto } from './dto.update-me.dto.js';
 
 function bearer(authorization?: string): string {
   return authorization?.startsWith('Bearer ') ? authorization.slice(7) : '';

src/auth/auth.module.ts

@@ -1,11 +1,11 @@
 import { Module } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';
-import { AuthController } from './auth.controller';
-import { AuthService } from './auth.service';
-import { User } from '../entities/user.entity';
-import { GuildNode } from '../entities/guild-node.entity';
-import { GuildUser } from '../entities/guild-user.entity';
-import { UserApiKey } from '../entities/user-api-key.entity';
+import { AuthController } from './auth.controller.js';
+import { AuthService } from './auth.service.js';
+import { User } from '../entities/user.entity.js';
+import { GuildNode } from '../entities/guild-node.entity.js';
+import { GuildUser } from '../entities/guild-user.entity.js';
+import { UserApiKey } from '../entities/user-api-key.entity.js';
 
 @Module({
   imports: [TypeOrmModule.forFeature([User, GuildNode, GuildUser, UserApiKey])],

src/auth/auth.service.ts

@@ -5,17 +5,17 @@ import {
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
-import * as bcrypt from 'bcryptjs';
-import * as jwt from 'jsonwebtoken';
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
 import { randomBytes } from 'crypto';
-import { User } from '../entities/user.entity';
-import { GuildNode } from '../entities/guild-node.entity';
-import { GuildUser } from '../entities/guild-user.entity';
-import { UserApiKey } from '../entities/user-api-key.entity';
-import { RegisterDto } from './dto.register.dto';
-import { LoginDto } from './dto.login.dto';
-import { AuditService } from '../audit/audit.service';
-import { parseDurationToSeconds } from './token.util';
+import { User } from '../entities/user.entity.js';
+import { GuildNode } from '../entities/guild-node.entity.js';
+import { GuildUser } from '../entities/guild-user.entity.js';
+import { UserApiKey } from '../entities/user-api-key.entity.js';
+import { RegisterDto } from './dto.register.dto.js';
+import { LoginDto } from './dto.login.dto.js';
+import { AuditService } from '../audit/audit.service.js';
+import { parseDurationToSeconds } from './token.util.js';
 
 function signAccessToken(userId: string, email: string): string {
   const secret = process.env.FABRIC_BACKEND_CENTER_JWT_ACCESS_SECRET as string;

src/auth/token.util.spec.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it } from 'vitest';
-import { parseDurationToSeconds } from './token.util';
+import { parseDurationToSeconds } from './token.util.js';
 
 describe('parseDurationToSeconds', () => {
   it('parses time units', () => {