chore(autonomous-session): consolidate uncommitted work from prior session

Bundles the prior autonomous-session output that was sitting unstaged: - Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances) - country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk after the per-subpath dynamic-import approach silently failed in webpack) - Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index, redirects (ocr to ai, reports to dashboard, invitations to users), docs/admin-ia-proposal.md - Per-template email tester (registry + endpoint + UI on Email admin page) - Cancel-document mode picker (delete-from-Documenso vs keep-for-audit) - Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers - Customize-widgets per-region sortables at xl+ (charts/rails/feed); single flat sortable below xl when the layout stacks; per-viewport saved orders - Audit doc updates capturing each shipped item - Lint fixes: react-compiler immutability in DonutChart (reduce instead of let-reassign), set-state-in-effect disables in CountryFlag and UploadForSigning preview-bytes effect, unused 'confirm' destructures in interest contract + reservation tabs, unescaped apostrophe in test-template card copy
2026-05-23 00:52:59 +02:00
parent 43719b49e9
commit 221ae5784e
749 changed files with 7440 additions and 3118 deletions
--- a/src/app/(auth)/login/page.tsx
+++ b/src/app/(auth)/login/page.tsx
@@ -17,7 +17,7 @@ import { useAuthBranding } from '@/components/shared/auth-branding-provider';
 // `identifier` accepts either an email address or a username (3–30 lowercase
 // letters / digits / dot / underscore / hyphen). The server endpoint
 // /api/auth/sign-in-by-identifier resolves the username server-side and
-// forwards to better-auth in one round-trip — the canonical email is never
+// forwards to better-auth in one round-trip - the canonical email is never
 // returned to the browser, which closes the username-enumeration vector.
 const loginSchema = z.object({
  identifier: z.string().min(1, 'Email or username is required'),
@@ -61,7 +61,7 @@ export default function LoginPage() {
        if (payload.data?.needsBootstrap) router.replace('/setup');
      })
      .catch(() => {
-        /* silent — login UX must still work even if status check fails */
+        /* silent - login UX must still work even if status check fails */
      });
    return () => {
      cancelled = true;
--- a/src/app/(auth)/reset-password/page.tsx
+++ b/src/app/(auth)/reset-password/page.tsx
@@ -59,7 +59,7 @@ export default function ResetPasswordPage() {
      });

      // Treat 400 "user not found" as success so we don't leak whether the
-      // account exists — the success copy says "if an account exists…".
+      // account exists - the success copy says "if an account exists…".
      // Anything else (5xx, network) surfaces as a real error.
      if (!response.ok && response.status !== 400) {
        toast.error('Something went wrong. Please try again.');
--- a/src/app/(auth)/set-password/page.tsx
+++ b/src/app/(auth)/set-password/page.tsx
@@ -31,7 +31,7 @@ type SetPasswordFormData = z.infer<typeof passwordSchema>;
 * H-03: tokens travel in the URL fragment (`#token=…`) so they never land
 * in HTTP access logs or HTTP-Referer headers. Pre-fragment links still
 * carry `?token=…` and stay functional until every outstanding invite
- * expires — drop the `?token=` fallback after that grace period.
+ * expires - drop the `?token=` fallback after that grace period.
 */
 function readTokenFromUrl(): string {
  if (typeof window === 'undefined') return '';
--- a/src/app/(auth)/setup/page.tsx
+++ b/src/app/(auth)/setup/page.tsx
@@ -31,7 +31,7 @@ interface StatusResp {
 /**
 * First-run setup. On a fresh DB the very first visitor can claim the
 * super-admin account here. Once anyone claims it, future visits to
- * /setup redirect back to /login — the precondition is verified both
+ * /setup redirect back to /login - the precondition is verified both
 * server-side (`/api/v1/bootstrap/status` + `/api/v1/bootstrap/super-admin`'s
 * internal recheck) and client-side here.
 */
@@ -58,13 +58,13 @@ export default function SetupPage() {
        const res = await apiFetch<StatusResp>('/api/v1/bootstrap/status');
        if (cancelled) return;
        if (!res.data.needsBootstrap) {
-          // Already initialized — bounce to login. Replace, not push,
+          // Already initialized - bounce to login. Replace, not push,
          // so back-button doesn't trap the user here.
          router.replace('/login');
          return;
        }
      } catch {
-        // Status endpoint failed — let the user try anyway; the POST
+        // Status endpoint failed - let the user try anyway; the POST
        // does its own check and will surface a 409 if the window closed.
      } finally {
        if (!cancelled) setChecking(false);