QA Release: Admin Portal Legacy Parity, Upload Task Monitoring, and Mail/Vendor Improvements (Mar 7)

This release promotes the accumulated dev work to the QA environment for verification. The headline change set brings the new Admin portal to feature parity with the legacy admin tool: a brand-new Upload Tasks monitoring page, document-type tag/filter parity, and corrected save behavior across Rules, IdP mappings, notification policies, and folders. The wider promotion also carries mail workspace tenant filtering, WebSocket-based real-time progress, vendor portal fixes, and the IAM auth migration.

The modern Admin portal was missing several capabilities that exist in the legacy admin tool, and a few admin forms were sending payloads that did not match the current backend contract (so toggles and edits silently failed or behaved inconsistently). Operations staff also had no way in the new portal to monitor vendor upload processing, spot failures, or check queue health without dropping back to the old tool. Promoting these fixes to QA lets them be validated against real backend services before reaching production.

Administrators get a dedicated Upload Tasks page showing queue health, live counts (total/completed/processing/failed) and success rate, with search/status/upload-center/time-range filters, paginated listings, a per-task detail view (files, conversions, failures, errors), and the ability to cancel pending tasks. Document Types now show their tags and support Only-Active / Include-Columns filters. Notification policy and folder active/inactive toggles now persist reliably. Non-functional or unsafe actions (users bulk export, bulk deactivate) are hidden or disabled to prevent confusing failures. The broader promotion also improves mail tenant filtering, real-time bulk-job progress, and vendor downloads.

Concrete changes in this merge (admin app + mail folders), plus notable items promoted from dev:

• Admin Upload Tasks (#827): New 816-line upload-tasks/page.tsx with queue-health card, five metric cards, a filter form, DataTable listing, and a task-detail dialog wired to new useUploadTasks/useUploadTask/useUploadMetrics/useCancelUploadTask hooks; progress capped 0–100%.
• Admin Document Types (#827): Added Only Active / Include Columns checkboxes (apply-on-click), tag display via useDocumentTags, detail dialog now fetches full record with useDocumentType and loading state; removed columns field from details modal.
• Admin IdP Role/Tenant Mappings: Removed in-place Edit actions and the mapping prop (create-only contract); align with backend list/create/delete.
• Notification Policies: togglePolicy now sends { id, active } instead of just id.
• Admin Users: Added digest preview/run and meta-backfill utilities; removed bulk export button (#824); bulk deactivate disabled with tooltip.
• Admin Rules visual builder (#823): Large RuleFormDialog rebuild for parity + backend contract alignment.
• Mail Folders (#825): Folder updates enforce an is_active-only contract and preserve explicit folder-association clears in the edit payload.
• Promoted from dev (per PR body): mail workspace tenant filtering v2 (#811), WebSocket infra/5 endpoints (#807), resolution center filters, IAM auth migration (#803), and entity→tenant renames (#805, #813).

Risk is moderate and concentrated in two areas. (1) Several admin forms changed their request payloads (notification policy toggle, folder is_active-only update, IdP create-only flow); if a backend contract differs from what the UI now sends, those actions could fail — mitigated by QA being the verification gate before production. (2) The promotion bundles large cross-cutting work (IAM auth migration, entity→tenant renames, WebSocket endpoints) that touches authentication and real-time flows. Mitigation: this PR targets QA only, the change is additive for the new Upload Tasks page, and disabled/removed actions reduce the surface for broken operations.

• Admin Upload Tasks: confirm queue-health status, metric counts, and success rate render; exercise search/status/upload-center/time-range filters and pagination; open task detail and verify files/conversions/failures/error message; cancel a pending task and confirm list/metrics refresh.
• Document Types: toggle Only Active / Include Columns then Apply; verify tags appear in the detail dialog and the columns field is gone.
• Notification Policies: toggle a policy on and off and confirm state persists after reload.
• Folders (mail): edit a folder's active/inactive status and clear a folder association; confirm both persist.
• IdP Role/Tenant Mappings: confirm Edit is gone and Create still works.
• Users: confirm bulk export is removed and bulk deactivate shows the disabled tooltip; smoke-test digest preview/run and meta-backfill.
• Regression sweep on promoted dev work: mail workspace tenant filtering, bulk-job WebSocket progress, IAM login/logout/forgot-password, and vendor downloads. Cross-browser check (Chrome, Safari, Firefox, Edge).