fix(audit-2): integration regressions + data-integrity from second-pass review

Two reviewer agents did a second-pass deep audit of the 21-commit
refactor. Eight findings; four fixed here (one was deferred with a
schema comment, three were 🟡 nice-to-haves left for follow-up).

Integration regressions (🟠 high):
- Outbound webhook `interest.berth_linked` now fires from the new
  junction-add handler. Was emitting a socket-only event, leaving
  external integrations silent post-refactor.
- Two new webhook events `interest.berth_unlinked` and
  `interest.berth_link_updated` added to WEBHOOK_EVENTS +
  INTERNAL_TO_WEBHOOK_MAP. PATCH and DELETE handlers now dispatch them
  alongside the existing socket emits — lifecycle parity restored.
- BerthInterestPulse adds useRealtimeInvalidation for berth-link
  events. The query key was berth-scoped while the linked-berths
  dialog invalidates interest-scoped keys (no prefix match), so the
  pulse went stale. Bridges via the realtime hook now.

Recommender semantic fix (🟠 medium-high):
- aggregates CTE: active_interest_count now filters on
  `ib.is_specific_interest = true`, matching the public-map "Under
  Offer" derivation. EOI-bundle-only links no longer demote a berth
  to Tier C for other reps. Smoke test confirms previously-all-Tier-C
  results now correctly classify as Tier A.
- Same CTE: `total_interest_count` uses COUNT(ib.berth_id) instead of
  COUNT(*) so a berth with no junction rows reports 0 (not 1 from
  the LEFT JOIN's NULL-right-side row). Prevents heat over-counting.

Data integrity (🟠):
- AcroForm tier rejects negative numerics in coerceFieldValue (was
  letting through `length_ft="-50"` which would poison the
  recommender feasibility filter on apply).
- FilesystemBackend.resolveHmacSecret throws in production when
  storage_proxy_hmac_secret_encrypted is null. Dev still derives from
  BETTER_AUTH_SECRET for ergonomics; prod must explicitly configure.
- Documented the circular FK between berths.current_pdf_version_id
  and berth_pdf_versions.id. Drizzle's `.references()` can't express
  the cycle so the schema column is plain text + a comment; the FK
  is authoritatively maintained by migration 0030.

Tests still 1163/1163. tsc clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/components/berths/berth-interest-pulse.tsx

@@ -11,6 +11,7 @@ import { apiFetch } from '@/lib/api/client';
 import { stageBadgeClass, stageLabel } from '@/lib/constants';
 import { computeUrgencyBadges } from '@/components/interests/urgency';
 import type { InterestRow } from '@/components/interests/interest-columns';
+import { useRealtimeInvalidation } from '@/hooks/use-realtime-invalidation';
 import { cn } from '@/lib/utils';
 
 interface InterestsResponse {
@@ -33,8 +34,9 @@ export function BerthInterestPulse({ berthId }: { berthId: string }) {
   const params = useParams<{ portSlug: string }>();
   const portSlug = params?.portSlug ?? '';
 
+  const queryKey = ['interests', { berthId, sort: 'dateLastContact', order: 'desc' }];
   const { data, isLoading } = useQuery<InterestsResponse>({
-    queryKey: ['interests', { berthId, sort: 'dateLastContact', order: 'desc' }],
+    queryKey,
     queryFn: () =>
       apiFetch<InterestsResponse>(
         `/api/v1/interests?berthId=${berthId}&limit=10&sort=dateLastContact&order=desc`,
@@ -42,6 +44,19 @@ export function BerthInterestPulse({ berthId }: { berthId: string }) {
     staleTime: 30_000,
   });
 
+  // Stay in sync with the linked-berths list + add-to-interest dialog.
+  // Each of those flows emits a realtime socket event but does NOT
+  // invalidate this exact query key (it's berth-scoped, theirs are
+  // interest-scoped) — bridge via the invalidation hook.
+  useRealtimeInvalidation({
+    'interest:berthLinked': [queryKey],
+    'interest:berthUnlinked': [queryKey],
+    'interest:berthLinkUpdated': [queryKey],
+    'interest:created': [queryKey],
+    'interest:stageChanged': [queryKey],
+    'interest:archived': [queryKey],
+  });
+
   const all = data?.data ?? [];
   const active = all.filter((i) => !i.archivedAt && !i.outcome);
   const preview = active.slice(0, PREVIEW_LIMIT);