feat(platform): residential module + admin UI + reliability fixes

Residential platform
- New schema: residentialClients, residentialInterests (separate from
  marina/yacht clients) with migration 0010
- Service layer with CRUD + audit + sockets + per-port portal toggle
- v1 + public API routes (/api/v1/residential/*, /api/public/residential-inquiries)
- List + detail pages with inline editing for clients and interests
- Per-user residentialAccess toggle on userPortRoles (migration 0011)
- Permission keys: residential_clients, residential_interests
- Sidebar nav + role form integration
- Smoke spec covering page loads, UI create flow, public endpoint

Admin & shared UI
- Admin → Forms (form templates CRUD) with validators + service
- Notification preferences page (in-app + email per type)
- Email composition + accounts list + threads view
- Branded auth shell shared across CRM + portal auth surfaces
- Inline editing extended to yacht/company/interest detail pages
- InlineTagEditor + per-entity tags endpoints (yachts, companies)
- Notes service polymorphic across clients/interests/yachts/companies
- Client list columns: yachtCount + companyCount badges
- Reservation file-download via presigned URL (replaces stale <a href>)

Route handler refactor
- Extracted yachts/companies/berths reservation handlers to sibling
  handlers.ts files (Next.js 15 route.ts only allows specific exports)

Reliability fixes
- apiFetch double-stringify bug fixed across 13 components
  (apiFetch already JSON.stringifies its body; passing a stringified
  body produced double-encoded JSON which failed zod validation)
- SocketProvider gated behind useSyncExternalStore-based mount check
  to avoid useSession() SSR crashes under React 19 + Next 15
- apiFetch falls back to URL-pathname → port-id resolution when the
  Zustand store hasn't hydrated yet (fresh contexts, e2e tests)
- CRM invite flow (schema, service, route, email, dev script)
- Dashboard route → [portSlug]/dashboard/page.tsx + redirect
- Document the dev-server restart-after-migration gotcha in CLAUDE.md

Tests
- 5-case residential smoke spec
- Integration test updates for new service signatures

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

scripts/dev-create-crm-user.ts

@@ -0,0 +1,102 @@
+/**
+ * Dev-only helper: create (or upsert) a CRM better-auth user and mark them
+ * super_admin. Idempotent — re-running with the same email will reset the
+ * password.
+ *
+ * Run: pnpm tsx scripts/dev-create-crm-user.ts <email> <password> [displayName]
+ */
+
+import 'dotenv/config';
+
+import postgres from 'postgres';
+
+import { auth } from '@/lib/auth';
+import { db } from '@/lib/db';
+import { userProfiles } from '@/lib/db/schema/users';
+import { env } from '@/lib/env';
+import { eq } from 'drizzle-orm';
+
+async function main() {
+  const [email, password, displayNameArg] = process.argv.slice(2);
+  if (!email || !password) {
+    console.error(
+      'Usage: pnpm tsx scripts/dev-create-crm-user.ts <email> <password> [displayName]',
+    );
+    process.exit(1);
+  }
+
+  const displayName = displayNameArg ?? email.split('@')[0] ?? 'User';
+  const sql = postgres(env.DATABASE_URL);
+
+  try {
+    // 1. Check if better-auth user already exists.
+    const existing = await sql<{ id: string }[]>`
+      SELECT id FROM "user" WHERE email = ${email} LIMIT 1
+    `;
+
+    let userId: string;
+
+    if (existing.length > 0) {
+      const row = existing[0];
+      if (!row) throw new Error('unreachable');
+      userId = row.id;
+      console.log(`User ${email} exists (id=${userId}); resetting password.`);
+      // Use better-auth's internal context to hash and update the credential.
+      const ctx = await auth.$context;
+      const hash = await ctx.password.hash(password);
+      await sql`
+        UPDATE account
+        SET password = ${hash}, updated_at = NOW()
+        WHERE user_id = ${userId} AND provider_id = 'credential'
+      `;
+    } else {
+      console.log(`Creating better-auth user ${email}…`);
+      const result = await auth.api.signUpEmail({
+        body: { email, password, name: displayName },
+      });
+      userId = result.user.id;
+      console.log(`Created user_id=${userId}`);
+    }
+
+    // 2. Upsert user_profiles entry as super admin.
+    const profile = await db
+      .select()
+      .from(userProfiles)
+      .where(eq(userProfiles.userId, userId))
+      .limit(1);
+
+    if (profile.length === 0) {
+      await db.insert(userProfiles).values({
+        id: crypto.randomUUID(),
+        userId,
+        displayName,
+        avatarUrl: null,
+        phone: null,
+        isSuperAdmin: true,
+        isActive: true,
+        lastLoginAt: null,
+        preferences: {},
+      });
+      console.log(`Created super_admin profile for ${userId}`);
+    } else {
+      await db
+        .update(userProfiles)
+        .set({ displayName, isSuperAdmin: true, isActive: true })
+        .where(eq(userProfiles.userId, userId));
+      console.log(`Updated profile for ${userId} (super_admin=true)`);
+    }
+
+    console.log('');
+    console.log(`✓ Done. Sign in at http://localhost:3000/login with`);
+    console.log(`  email:    ${email}`);
+    console.log(`  password: ${password}`);
+  } finally {
+    await sql.end();
+    process.exit(0);
+  }
+}
+
+main().catch((e) => {
+  console.error(e);
+  process.exit(1);
+});

scripts/dev-list-users.ts

@@ -0,0 +1,25 @@
+import 'dotenv/config';
+
+import postgres from 'postgres';
+import { env } from '@/lib/env';
+
+async function main() {
+  const sql = postgres(env.DATABASE_URL);
+  const users =
+    await sql`SELECT id, email, name, email_verified, created_at FROM "user" ORDER BY created_at DESC LIMIT 20`;
+  console.log('--- user ---');
+  console.log(JSON.stringify(users, null, 2));
+  const profiles =
+    await sql`SELECT user_id, display_name, is_super_admin, is_active FROM user_profiles ORDER BY created_at DESC LIMIT 20`;
+  console.log('--- user_profiles ---');
+  console.log(JSON.stringify(profiles, null, 2));
+  const accounts =
+    await sql`SELECT user_id, provider_id, account_id FROM account ORDER BY created_at DESC LIMIT 20`;
+  console.log('--- account ---');
+  console.log(JSON.stringify(accounts, null, 2));
+  await sql.end();
+}
+main().catch((e) => {
+  console.error(e);
+  process.exit(1);
+});

scripts/dev-trigger-crm-invite.ts

@@ -0,0 +1,36 @@
+/**
+ * Dev-only helper: issue a CRM admin invite and send the activation email.
+ * The email gets routed via EMAIL_REDIRECT_TO if that's set, so it always
+ * lands in the dev inbox.
+ *
+ * Run: pnpm tsx scripts/dev-trigger-crm-invite.ts <email> [name] [--super]
+ */
+
+import 'dotenv/config';
+
+import { createCrmInvite } from '@/lib/services/crm-invite.service';
+
+async function main() {
+  const args = process.argv.slice(2);
+  const email = args[0];
+  if (!email) {
+    console.error('Usage: pnpm tsx scripts/dev-trigger-crm-invite.ts <email> [name] [--super]');
+    process.exit(1);
+  }
+  const isSuperAdmin = args.includes('--super');
+  const name = args.find((a, i) => i > 0 && !a.startsWith('--'));
+
+  const { inviteId, link } = await createCrmInvite({ email, name, isSuperAdmin });
+  console.log(`✓ Invite created (id=${inviteId})`);
+  console.log(`  email: ${email}`);
+  console.log(`  super_admin: ${isSuperAdmin}`);
+  console.log(`  activation link: ${link}`);
+  console.log('');
+  console.log('Email sent (subject permitting via EMAIL_REDIRECT_TO).');
+  process.exit(0);
+}
+
+main().catch((e) => {
+  console.error(e);
+  process.exit(1);
+});