Resolution Center Modernization, Permissions Alignment & April Backend Sync (QA)

This QA release rolls up 19 commits that align the DSM web app with a major April 2026 backend overhaul. The Resolution Center now renders its columns and status tabs dynamically from the backend, gains per-row "Update Status" and "Mark as Completed" actions, the admin permission set is re-synced with the backend security model, and a redundant data-mapping layer is removed so screens display the latest backend fields automatically.

The backend shipped a sweeping update: a permissions overhaul that renamed/merged/removed roughly 30 permission strings and guarded ~30 previously open endpoints, removal of client-supplied user_id from mail-delete operations (the server now derives identity from the login token), and regenerated API contracts. The frontend had to be brought in line or admin screens, mail deletes, and resolution views would break or silently drop new data. Separately, the Resolution Center used hardcoded columns and a fixed status list that no longer matched what the backend returns, leaving fields like Assigned To, Client, and Mail Number blank.

• Resolution Center grids (Mail and Document) now show the correct, complete set of columns and status tabs as configured on the backend, fixing previously empty Assigned To / Client / Mail Number columns.
• Staff can now update a resolution's status or mark it completed directly from a single row (not just in bulk), gated by their permissions.
• Admin "Create Permission" inside the Create Role dialog no longer reloads the page or errors out, and pressing Enter no longer accidentally submits the whole role form.
• Mail and bulk-mail deletion work without depending on a client-supplied user id, matching the hardened backend.
• Admins now get a clear warning toast when a user/tenant delete succeeds in DSM but needs manual IAM cleanup, instead of a misleading "success".
• Grid detail drawers now show readable names for tag/document-type lists instead of "[object Object]".

Frontend-only (apps mail and admin). Notable changes, with originating feature PRs:

• Permissions sync (#939): updated constants/Permissions.ts; renamed references e.g. EDIT_RESOLUTION_MAIL_DOCUMENT → EDIT_ASSIGNED_RESOLUTIONS, plus new guarded-endpoint constants.
• Resolution Center refactor (#936, #935, #938): new shared resolutionCenter/columns.tsx (+353) driving columns from the API columns array; status tabs now fetched via useGetMailStatus and sorted by display_order; ~260 lines of hardcoded column/tab code removed from each resolution tab; status params widened from enum to string.
• Row-level actions: drawer-actions/resolution-actions.ts adds "Update Status" (gated by manage_resolution) and "Mark as Completed" (gated by mark_as_completed) to per-row dropdown and drawer.
• DTO layer retirement (#933): deleted 5 hand-written DTO mappers (modules, permissions, file conventions, document types, resolution); services now return response.data directly; real resolution domain logic preserved in new services/resolution.normalize.ts.
• Backend integration (#934, #932): removed user_id from mail delete / bulk-delete calls and stale client-side guards; regenerated OpenAPI model types; expanded module fields (module_key, description, module_family, aliases, is_enabled) and added MODULE_KEYS; IAM-reconciliation warning toasts on user/tenant delete; fixed nested-<form> and Enter-key bubbling in CreatePermissionForm; drawer now extracts name/title/label from object arrays.

Moderate. The permission-constant renames touch authorization gating, so a mismatch with the backend could over- or under-restrict access to resolution actions and newly guarded screens. Removing the DTO mapping layer means screens now trust raw API shapes, so a backend field rename could surface as a blank or malformed cell. The Resolution Center grid was substantially rewritten. Mitigation: this is a QA (not Production) release intended for full regression; the PR notes lint passing on @dsm/mail and @dsm/admin and smoke checks of Roles, Users, Templates, Organizations, and resolution grids. Changes are additive/parallel to existing backend behavior (the backend already ignores client user_id).

• Resolution Center (Mail and Document): confirm all expected columns render with data (especially Assigned To, Client, Mail Number), status tabs match backend config and order, and column filters work.
• Per-row actions: verify "Update Status" and "Mark as Completed" appear only for users with the right permissions and apply correctly from both the row menu and the drawer.
• Admin Roles: open Create Role → Add Permission; confirm no page reload, success state shows, and pressing Enter in the inputs does not submit the role form.
• Mail delete and bulk delete (inbox and batch views) succeed without a "User ID not found" error.
• Delete a user/tenant and confirm an IAM-reconciliation warning toast appears when applicable.
• Detail drawers: tags and document types show readable names, not "[object Object]".
• Spot-check that newly guarded endpoints respect permissions and disabled modules are hidden from the dashboard.