Gmail-Style Select-All Across Pages, Plus Vendor Portal and Login Fixes (QA)

A batch promotion to QA that delivers Gmail-style "select all records" across paginated mail, batch, and document grids, so users can act on an entire filtered set in one step instead of page by page. It also bundles several vendor portal and login fixes: a branded 404 page, working filename search on the Files tab, field-level login validation, and a backend API endpoint migration.

Previously, bulk actions only applied to rows visible on the current page, forcing users to repeat operations across many pages for large mailboxes or batches. On the vendor side, the Files tab ignored the search box (filenames never filtered), unknown URLs showed an unbranded "page not found" with no way back, and the login form gave only a single combined error for empty fields. The backend base URL also needed to move off the legacy onrender.com host onto the current dev-api.dsm-cortex.com domain.

• Users can select every record matching the current filters and run bulk actions (delete, assign user, assign/move folders, update status, share internally/externally, mark read/unread, bulk download, update client/subclient) in one operation across mail, batches, and documents.
• A selection banner shows an approximate count (~N) and lets users individually exclude rows; large or unsupported-filter selections trigger clear warning prompts before proceeding.
• Vendor users get a branded 404 page that links back to Upload Centers, and the Files tab now filters correctly when searching by filename.
• The login form shows per-field "required" messages with inline highlighting for faster correction.

Batch PR #794 (dev -> QA) consolidating feature/fix PRs #782, #791, #792, #793.

• Select-all engine: new useSelectAllSelection hook and SelectionState model (explicit vs selectAll modes, filters, excludedIds); new bulk-operations types, services, queries, and mutations calling backend /v1/bulk-operations/preview, /get-filtered-ids, and /supported-modules.
• Grid integration: DataGrid extended with selection state, a select-all-banner, and large-selection-warning / post-filter-warning dialogs; wired through Inbox, Mail, Batch, and Document grids plus their bulk action toolbars and modals (status, assign/move folders, share, client/subclient).
• Bulk download: routed through a server-side streaming zip endpoint for select-all mode.
• Vendor: added apps/vendor/src/app/not-found.tsx; Files-tab search now maps the generic search param to the API's filename filter; inline-filter refactor (extracted constants, DRY'd handlers) and a search-input URL-sync race-condition fix.
• Login: field-level empty-field validation replacing the combined error and HTML required attributes.
• Infra/docs: default backend base URL migrated from dsm-backend-dev.onrender.com to dev-api.dsm-cortex.com across next.config.ts, HTTP clients, and docs; responsive CSS for the selection popup; large internal implementation doc added.

Medium. The change touches core grid selection and bulk-operation flows across many screens, so mishandled selection state, exclusions, or filter mapping could cause incorrect counts or unintended bulk actions (delete/status/assignment). Mitigations: select-all displays approximate counts with explicit exclusion, shows warning dialogs for large or unsupported-filter selections, and routes destructive actions through backend preview/get-ids endpoints. The API base URL migration is config-level; an incorrect default would surface immediately as failed requests. This reached QA only, not production.

• In mail, batch, and document grids: select all matching the current filters, verify the banner count is sensible, exclude individual rows, and confirm each bulk action (delete, assign user, assign/move folders, update status, share internal/external, mark read/unread, bulk download, update client/subclient) affects exactly the intended set.
• Change filters while a select-all is active and confirm the selection clears or warns appropriately.
• Trigger a large selection and confirm the warning dialog appears before the action runs.
• Vendor: navigate to an unknown URL and confirm the branded 404 with the "Back to Upload Centers" link; search by filename on the Files tab and confirm results filter.
• Login: submit with empty username and/or password and confirm per-field required messages and inline highlighting.
• Confirm API calls hit dev-api.dsm-cortex.com and core flows still load across Chrome, Safari, Edge, and Firefox.