TCM1 EMS Dashboard

Fixed public dashboard clock hydration drift by rendering live clock content only after the client mounts.
Fixed public dashboard live duration hydration drift by rendering a server-computed duration label through hydration before live client updates begin.
Kept the phone portrait unit-card experience while tightening compact dashboard spacing to avoid horizontal overflow.

Added shared CSV export handling that quotes values and neutralizes spreadsheet formula-leading cells.
Restricted Manager user-management actions to Hospital Admin and Report User accounts.
Added SESSION_SECRET strength validation for missing, placeholder, short, whitespace-padded, and low-variety values.
Added optional APP_PUBLIC_ORIGIN support for auth and admin redirects.
Aligned expired-session cookie cleanup with the configured secure-cookie policy.

Added Data Source poll-run retention controls to Database Maintenance without a Prisma schema change.
Made queued system-worker job claiming conditional on QUEUED status for safer future multi-worker operation.
Updated the production OSRM healthcheck so routing data must exist and osrm-routed must respond before OSRM is healthy.
Kept public feed-status labels generic while preserving configured source names and raw errors for admin diagnostics.

Added automated Playwright coverage for admin alerts, public alert display, reports export, Routing / ETA rendering, changelog filtering, Data Sources diagnostics, Email Intake, Email Delivery, and Manager user boundaries.
Configured browser acceptance tests to run with one worker so DB-mutating workflow checks do not race each other.
Added a baseline snapshot and screenshots for the 2026-05-24 refactor session.

Documented that local refactor and local operator acceptance are complete.
Kept production readiness open pending Portainer deployment, reverse-proxy, HTTPS secure-cookie, security-header, backup/restore, rollback, OSRM refresh, and deployed operator acceptance checks.

Changelog