Full cleanup pass

docs/figma-component-registry.md

@@ -87,7 +87,7 @@ Inventory aligns with [**CR-104**](https://linear.app/community-rule/issue/CR-10
 | Context menu | — | **Not implemented** — removed unused primitives; reintroduce when a shipped surface needs it. |
 | Headers / footers (often under Utility in Figma) | **`ModalHeader/`**, **`ModalFooter/`** | Composed chrome; **canonical code** is under **`modals/`**. |
 
-**Gaps / TBD:** **Modal / Share** — product may use share callbacks elsewhere; no dedicated **`Share/`** modal package yet (**CR-104**).
+| Modal / Share | **`Share/`** | Share modal; icons via `shareIconPath()` in `lib/assetUtils.ts`. |
 
 - **Pattern:** **`container` / `view` / `types`** for **`Alert`**, **`Create`**, **`Dialog`**, **`Login`**, **`Tooltip`**, **`ModalHeader`**, **`ModalFooter`**.
 

docs/guides/backend-linear-tickets.md

@@ -11,7 +11,7 @@ A backend review was merged into **[docs/backend-roadmap.md](backend-roadmap.md)
 ### Audit note (Linear CR-72+ vs repo, 2026-04)
 
 - **Done in Linear and shipped:** **CR-72–CR-76**, **CR-77** (publish from create flow), **CR-78** (template seed), **CR-79**, **CR-88**, **CR-89**. The **CR-72 → CR-83** numbering is the original **sequential plan**, not current blocking order; the **core product vertical** through publish + templates is effectively complete in-repo.
-- **Backlog (still open):** **CR-80** (web vitals — file-based route remains), **CR-81** (public rule detail — no `GET /api/rules/[id]` or marketing detail page yet), **CR-86** (profile + account + draft resume — UI mostly placeholder), **CR-103** (change account email — Ticket 20), **CR-90** / **CR-91**, **CR-93** (template grid facets on marketing). **CR-82** (migrate smoke): **local** `npm run migrate:smoke` + [CONTRIBUTING.md](../../CONTRIBUTING.md) / [docs/testing-guide.md](../testing-guide.md) — in-repo Gitea workflow YAML **removed**; optional future remote job if hosted runners return. **CR-84 Done** — canonical error contract `{ error: { code, message }, details? }` and `x-request-id` propagation shipped via `lib/server/{responses,requestId,apiRoute}.ts`; auth + drafts + rules routes migrated, remaining `app/api/*` are a follow-up pass. **CR-85 Done** — multi-device session policy + lazy expired-row cleanup (per-user prune on every sign-in plus ~5% global sweep, no cron); ADR comment block in [`lib/server/session.ts`](../../lib/server/session.ts).
+- **Backlog (still open):** **CR-80** (web vitals — file-based route remains), **CR-86** (profile + account + draft resume — UI mostly placeholder), **CR-103** (change account email — Ticket 20), **CR-90** / **CR-91**, **CR-93** (template grid facets on marketing). **CR-81 Done** — public rule detail shipped: [`app/(marketing)/rules/[id]/page.tsx`](../../app/(marketing)/rules/[id]/page.tsx), [`app/api/rules/[id]/route.ts`](../../app/api/rules/[id]/route.ts). **CR-82** (migrate smoke): **local** `npm run migrate:smoke` + [CONTRIBUTING.md](../../CONTRIBUTING.md) / [docs/testing-guide.md](../testing-guide.md) — in-repo Gitea workflow YAML **removed**; optional future remote job if hosted runners return. **CR-84 Done** — canonical error contract `{ error: { code, message }, details? }` and `x-request-id` propagation shipped via `lib/server/{responses,requestId,apiRoute}.ts`; auth + drafts + rules routes migrated, remaining `app/api/*` are a follow-up pass. **CR-85 Done** — multi-device session policy + lazy expired-row cleanup (per-user prune on every sign-in plus ~5% global sweep, no cron); ADR comment block in [`lib/server/session.ts`](../../lib/server/session.ts).
 - **CR-83 Done (admin handoff + cutover plan):** [`docs/guides/ops-backend-deploy.md`](ops-backend-deploy.md) shipped. Cloudron admin access on `cloud.medlab.host` granted; doc now covers (a) what's in place, (b) the side-by-side → apex cutover plan, and (c) the two open product questions + registry decision still outstanding. Steady-state operator runbook is split out into a follow-up — see [Ticket 12 / CR-83 follow-ups](#follow-up-tickets-filed-under-cr-83) below. Key new finding: legacy `communityrule.info` is a single Cloudron **LAMP** app (`lamp.cloudronapp.php74@5.1.2`) hosting marketing site + Express/MySQL backend + a broken Flask chatbot all in one container; all three retire together via CR-99 + CR-101.
 - **CR-86** is **no longer blocked** by publish — **CR-77** is **Done**; profile work is gated by **implementation**, not waiting on publish wiring.
 - **Not in this ticket list** but called out in **[docs/backend-roadmap.md](backend-roadmap.md):** shared **rate-limit store** (e.g. Redis) before multi-instance; **`GET /api/create-flow/methods`** exists for facet scoring (Ticket 16 / CR-88) but is not duplicated as a separate doc ticket.
@@ -722,7 +722,7 @@ All six are titled `[Backend] …`, assigned to Vinod, in the **community-rule**
 - **Change your account email** (shown in Figma options): **Ticket 20 / [CR-103](https://linear.app/community-rule/issue/CR-103/backend-change-account-email-verify-new-address-conflict-session)**—not part of this slice until that issue ships. Until then, product may keep **“Coming soon”** or hide the row.
 - **`displayName` / new `User` fields:** not required—use **static** welcome copy, generic greeting, or **email local-part in UI only** until a later schema/product decision.
 
-**Context:** Today `GET /api/rules` is a **public** list of all published rules; there is no authenticated **my rules** endpoint, no owner **DELETE** / **duplicate**, and no **delete user** API. See [docs/backend-roadmap.md](backend-roadmap.md) §1 “profile / account — not implemented yet” and §6.
+**Context:** `GET /api/rules` remains a **public** list; authenticated owner APIs (`GET /api/rules/me`, `DELETE /api/rules/[id]`, `POST …/duplicate`, `DELETE /api/user/me`, stakeholders, email-change) are **shipped** — see [docs/backend-roadmap.md](backend-roadmap.md) §1 profile table and [CONTRIBUTING.md](../../CONTRIBUTING.md). **CR-86** tracks profile **UI** completion.
 
 **Implementation (sketch):**
 

docs/guides/backend-roadmap.md

@@ -34,15 +34,26 @@ Mirrors [CONTRIBUTING.md](../CONTRIBUTING.md) **API routes** table (including `/
 
 **Product sign-in** uses **magic link** (`/api/auth/magic-link/*`).
 
-### HTTP API (profile / account — not implemented yet)
+### HTTP API (profile / account — implemented in repo)
 
-Planned for the signed-in profile/dashboard ([Figma profile frame](https://www.figma.com/design/agv0VBLiBlcnSAaiAORgPR/Community-Rule-System?node-id=22143-900069); [docs/backend-linear-tickets.md](backend-linear-tickets.md) Ticket 15; Linear **[CR-86](https://linear.app/community-rule/issue/CR-86/backend-profile-dashboard-account-figma-profile)**):
+Shipped handlers (profile UI may still be placeholder per **[CR-86](https://linear.app/community-rule/issue/CR-86/backend-profile-dashboard-account-figma-profile)**):
 
-- Authenticated list of **own** `PublishedRule` rows (e.g. `GET /api/rules/me` or a strictly scoped query—**not** the same as public `GET /api/rules`).
-- Owner-only **delete** and **duplicate** (clone) for published rules.
-- **Delete account** (authenticated), with an explicit policy for drafts, sessions, and linked rules.
+| Method | Path | Purpose |
+| --- | --- | --- |
+| GET | `/api/rules/me` | Authenticated list of own published rules |
+| GET / PATCH / DELETE | `/api/rules/[id]` | Public read; owner update/delete |
+| POST | `/api/rules/[id]/duplicate` | Owner clone |
+| GET / POST | `/api/rules/[id]/stakeholders` | List or invite stakeholders |
+| DELETE | `/api/rules/[id]/stakeholders/[stakeholderId]` | Remove stakeholder |
+| POST | `/api/rules/[id]/stakeholders/[stakeholderId]/resend` | Resend invite |
+| GET | `/api/invites/rule-stakeholder/verify` | Accept stakeholder invite |
+| DELETE | `/api/user/me` | Delete account |
+| POST | `/api/user/email-change/request` | Request email change ([CR-103](https://linear.app/community-rule/issue/CR-103/backend-change-account-email-verify-new-address-conflict-session) — **Done**) |
+| GET | `/api/user/email-change/verify` | Verify new email |
+| POST | `/api/organizer-inquiry` | Ask-organizer form |
+| POST | `/api/use-cases/[slug]/duplicate` | Duplicate use-case rule |
 
-**Tracked separately:** **Change email** with verification (e.g. magic link to a new address, conflict handling)—**[CR-103](https://linear.app/community-rule/issue/CR-103/backend-change-account-email-verify-new-address-conflict-session)** / **Ticket 20** in [docs/guides/backend-linear-tickets.md](guides/backend-linear-tickets.md); **out of scope** for the profile milestone above.
+Full table: [CONTRIBUTING.md](../CONTRIBUTING.md) **API routes**.
 
 ---
 
@@ -110,7 +121,7 @@ Match the current API behavior; tighten as product evolves:
 
 - **`GET /api/drafts/me` / `PUT /api/drafts/me`:** Authenticated user only; draft is **scoped to that user** (`userId`).
 - **`POST /api/rules`:** Authenticated user only; rule is stored with **`userId`** (owner).
-- **`GET /api/rules`:** **Public list** of published rules (metadata: id, title, summary, timestamps)—no auth required today. **Not** a private “my rules” feed unless you add a separate route later (see §1 “profile / account — not implemented yet” and Ticket 15).
+- **`GET /api/rules`:** **Public list** of published rules (metadata: id, title, summary, timestamps)—no auth required today. **Authenticated “my rules”** uses **`GET /api/rules/me`** (see §1 profile / account table).
 - **Profile / owner scope (planned):** Authenticated **list own rules**, **delete own rule**, **duplicate own rule**—required for the signed-in dashboard in design; **v1 shipped handlers** may not include these until that work lands.
 - **Delete account (planned):** Authenticated endpoint + UX to remove the user record per policy (cascade vs orphan `PublishedRule`, drafts, sessions)—Ticket 15. **Change email** is **not** part of that milestone; implement via **[CR-103](https://linear.app/community-rule/issue/CR-103/backend-change-account-email-verify-new-address-conflict-session)** (Ticket 20 — verified email updates).
 - **v1 (shipped today):** No **editing** or **deleting** published rules via API in current handlers; no **sharing** or **collaborative ownership**—treat each rule as **owned by one user** until product defines more.

docs/guides/static-assets.md

@@ -10,7 +10,7 @@ public/
   assets/
     icons/              # UI chrome (alert, close, help, pointer)
     logos/              # Brand + social lockups
-      partners/         # Logo wall partner PNGs
+      partners/         # Logo wall partner SVGs (kebab org slug)
     marketing/          # Hero, feature panels, section numbers, avatars, banners, book cover
     case-study/         # CaseStudy card SVG artwork (canonical)
     shapes/             # Decorative ornaments (stats, quotes, unions, content shapes)