Vendor portal failed-upload recovery and admin portal pre-production polish

A pre-production hardening release that reached QA, bundling vendor-portal and admin-portal improvements. Vendors can now see and retry failed file uploads directly from the View Files modal, admin data tables gain consistent server-side pagination and search, and numerous list/permission/role management screens were cleaned up so only meaningful actions are shown. Error notifications were also made less noisy so transient failures no longer alarm users.

As the platform moved toward a production release, several rough edges remained: vendors had no way to recover individual uploads that failed during processing, large admin lists (permissions, users, entities, folders) lacked scalable pagination and fast search, and many tables showed non-functional selection checkboxes or Edit/Delete actions on system-managed records that could never be changed. Users also saw error toasts even when an automatic retry immediately succeeded, and a build setting needed for live WebSocket updates was missing from the production image.

• Vendors can expand a Failed Uploads section in the View Files modal and retry or re-upload individual files without restarting the whole batch; refresh buttons now spin while data loads, and a horizontal scrollbar makes wide file tables fully readable.
• Admin users get faster, paginated browsing across roles, permissions, users, entities, folders and other lists, with type-ahead search and bulk activate/deactivate/delete that report clear success, partial-success and skipped-item messages.
• Clutter is removed: checkboxes and Edit/Delete options no longer appear where they do no work or on protected system folders/document types.
• Error pop-ups now appear only after retries are exhausted, reducing false alarms during brief network blips.

Frontend (Next.js monorepo) changes spanning the vendor, admin and mail apps:

• Vendor: new FailedUploadsSection component (collapsible, retry/re-upload buttons); VendorUploadFailure type expanded with backend fields (is_retryable, max_retries, etc.); reuploadMailFile service + route added and retryFailedUploads typed; WebSocket VendorFilesListMessage now carries a failures array; upload-task list gains server-side pagination and 300 ms debounced search; .visible-scrollbar CSS utility; case-insensitive status matching in View Files.
• Admin: data-table.tsx adds floating pagination (page buttons with ellipsis, go-to-page input, rows-per-page) enabled on ~12 pages; debounced search; new useDebounce hook; permissions page rewritten on DataTable with useInfinitePermissions load-more; role form drops unused role_code, switches from auto-save to explicit submit, and chains create-role then assign-permissions; bulk deactivate/delete handlers and query invalidation added for users, entities and folders; folder/document-type system records hide Edit/Delete instead of disabling; bulk-folder toasts parse a typed BulkFolderResponse; settings version/environment now read from env vars instead of hardcoded values.
• Cross-app: error toasts moved from HTTP interceptors to React Query QueryCache/MutationCache onError (401 kept in interceptor for auth redirect); NEXT_PUBLIC_SOCKET_URL added to the Dockerfile and ECR build workflow; AppSwitcher theming/width fixes.

Moderate, broad-surface UI/state change touching three apps and shared data-table/error-handling code. Main risks: the relocated React Query error handlers could suppress a toast that users previously relied on, and the new pagination/search wiring could regress list rendering. Retry/re-upload depends on backend endpoints behaving as typed. Mitigation: changes are additive and were staged to QA before any production promotion; 401-driven auth redirects were deliberately left in the interceptor; bulk operations surface partial-success/skipped states rather than failing silently.

• In the vendor View Files modal, trigger a failed upload and confirm the Failed Uploads section appears with working Retry and Re-upload actions; verify the failures list updates via live WebSocket refresh.
• Confirm refresh buttons spin while loading and the horizontal scrollbar is visible/usable on wide tables.
• Across admin lists (permissions, users, entities, folders, document types, etc.) test floating pagination, go-to-page, rows-per-page, and debounced search; verify lists refresh after create/edit/delete and bulk actions.
• Verify bulk folder activate/deactivate/delete show correct success, partial-success and skipped toasts.
• Confirm Edit/Delete are hidden (not just disabled) for system folders and system document types, and that removed checkboxes/actions left tables functional.
• Verify role creation works with explicit submit and that permissions assign correctly; confirm error toasts appear only after retries fail, not on transient errors that auto-recover.
• Confirm WebSocket-driven features work in the deployed image (NEXT_PUBLIC_SOCKET_URL present) and the Settings page shows env-derived version/environment.