From bb2bbb8ff6e91df85a403b3b8f36d936486824de Mon Sep 17 00:00:00 2001
From: Simon <simon.haas@boha-automation.cz>
Date: Thu, 12 Mar 2026 17:33:37 +0100
Subject: [PATCH] feat: mobilni responsivita, testy, klavesove zkratky, drag &
 drop, univerzalizace

- Mobile responsive CSS (touch targets 44px, iOS anti-zoom, reduced motion)
- Vitest setup s 39 testy (formatters, attendanceHelpers, useTableSort)
- Klavesove zkratky (Shift+? napoveda, Ctrl+S ulozit, navigace)
- Drag & drop pro polozky nabidek (@dnd-kit, SortableRow, useSortableList)
- Univerzalizace: odstraneni BOHA brandingu z UI, emailu, PDF
- Smazany nepotrebne soubory (deploy.sh, AUTH_SYSTEM.md, example_design, .htaccess)
- CORS konfigurovatelny pres env promennou

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .claude/settings.local.json                   |   10 +-
 CLAUDE.md                                     |    1 +
 api/admin/invoices-pdf.php                    |    4 +-
 api/admin/offers-pdf.php                      |    2 +-
 api/admin/totp.php                            |    2 +-
 api/config.php                                |    2 +-
 api/includes/AuditLog.php                     |    2 +-
 api/includes/JWTAuth.php                      |    2 +-
 api/includes/LeaveNotification.php            |    9 +-
 api/includes/Mailer.php                       |    4 +-
 api/includes/constants.php                    |    9 +-
 deploy.sh                                     |   33 -
 docs/AUTH_SYSTEM.md                           | 2621 -----------------
 example_design/boha-spa.html                  | 1519 ----------
 index.html                                    |    4 +-
 package-lock.json                             | 1856 +++++++++++-
 package.json                                  |   15 +-
 public/.htaccess                              |   81 -
 public/site.webmanifest                       |    4 +-
 src/admin/admin.css                           |  197 ++
 src/admin/components/AdminLayout.jsx          |    2 +
 src/admin/components/OfferItemsSection.jsx    |  217 +-
 src/admin/components/ShortcutsHelp.jsx        |   50 +
 src/admin/components/SortableRow.jsx          |   53 +
 .../hooks/__tests__/useTableSort.test.js      |   65 +
 src/admin/hooks/useKeyboardShortcuts.js       |   36 +
 src/admin/hooks/useSortableList.js            |   29 +
 src/admin/invoices.css                        |   15 +
 src/admin/pages/Login.jsx                     |    2 +-
 src/admin/pages/OfferDetail.jsx               |   12 +-
 src/admin/settings.css                        |   10 +
 .../utils/__tests__/attendanceHelpers.test.js |  132 +
 src/admin/utils/__tests__/formatters.test.js  |  102 +
 src/test/setup.js                             |    1 +
 vite.config.js                                |    5 +
 35 files changed, 2716 insertions(+), 4392 deletions(-)
 delete mode 100644 deploy.sh
 delete mode 100644 docs/AUTH_SYSTEM.md
 delete mode 100644 example_design/boha-spa.html
 delete mode 100644 public/.htaccess
 create mode 100644 src/admin/components/ShortcutsHelp.jsx
 create mode 100644 src/admin/components/SortableRow.jsx
 create mode 100644 src/admin/hooks/__tests__/useTableSort.test.js
 create mode 100644 src/admin/hooks/useKeyboardShortcuts.js
 create mode 100644 src/admin/hooks/useSortableList.js
 create mode 100644 src/admin/utils/__tests__/attendanceHelpers.test.js
 create mode 100644 src/admin/utils/__tests__/formatters.test.js
 create mode 100644 src/test/setup.js

diff --git a/.claude/settings.local.json b/.claude/settings.local.json
index 3b2ae90..3fba635 100644
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -21,7 +21,15 @@
       "Read(//tmp/**)",
       "Bash(read f:*)",
       "Bash(find D:\\\\Weby\\\\BOHA Website\\\\New\\\\api:*)",
-      "Bash(find:*)"
+      "Bash(find:*)",
+      "Bash(cd \"D:\\\\Claude\\\\BOHA Website\\\\app\" && npx vite build --mode development 2>&1 | grep -E \"built|error|✓\" | head -10)",
+      "Bash(cd \"D:\\\\Claude\\\\BOHA Website\\\\app\" && for f in api/admin/*.php; do php -l \"$f\" 2>&1; done)",
+      "Bash(cd \"D:\\\\Claude\\\\BOHA Website\\\\app\" && for f in api/admin/handlers/*.php; do php -l \"$f\" 2>&1; done)",
+      "Bash(cd \"D:\\\\Claude\\\\BOHA Website\\\\app\" && \\\\\necho \"=== session \\(no auth\\) ===\" && \\\\\ncurl -s http://localhost:8000/api/admin/session.php 2>&1 && \\\\\necho && echo \"=== refresh \\(no cookie\\) ===\" && \\\\\ncurl -s -X POST http://localhost:8000/api/admin/refresh.php 2>&1 && \\\\\necho && echo \"=== logout \\(no auth\\) ===\" && \\\\\ncurl -s -X POST http://localhost:8000/api/admin/logout.php 2>&1)",
+      "Bash(for f:*)",
+      "Bash(do echo:*)",
+      "Read(//d/Claude/BOHA Website/app/**)",
+      "Bash(done)"
     ]
   }
 }
diff --git a/CLAUDE.md b/CLAUDE.md
index 284cea7..d00d0e9 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -23,6 +23,7 @@ Před začátkem práce si načti relevantní soubory z `memory/`:
 - **Vite proxy:** `/api` -> `http://localhost:8000`
 - **npm:** při instalaci balíčků vždy `--legacy-peer-deps`
 - **Git remote:** https://git.boha-automation.cz/boha_admin/app.git
+- **Git credentials:** uloženy v `~/.git-credentials` (credential.helper=store), push funguje bez zadávání hesla
 
 ---
 
diff --git a/api/admin/invoices-pdf.php b/api/admin/invoices-pdf.php
index 898acff..7fdb56a 100644
--- a/api/admin/invoices-pdf.php
+++ b/api/admin/invoices-pdf.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * BOHA Automation - Invoice PDF Export (Print-ready HTML)
+ * Invoice PDF Export (Print-ready HTML)
  *
  * Generuje HTML fakturu dle vzoru POHODA s QR platebnim kodem (SPAYD).
  * GET /api/admin/invoices-pdf.php?id=X
@@ -361,7 +361,7 @@ try {
     $custDic = $customer ? $esc($customer['vat_id'] ?? '') : '';
 
     // Dodavatel
-    $suppName = $esc($settings['company_name'] ?? 'BOHA Automation s.r.o.');
+    $suppName = $esc($settings['company_name'] ?? '');
     $suppStreet = $esc($settings['street'] ?? '');
     $suppCity = trim(($settings['postal_code'] ?? '') . ' ' . ($settings['city'] ?? ''));
     $suppCountry = $esc($settings['country'] ?? 'Česká republika');
diff --git a/api/admin/offers-pdf.php b/api/admin/offers-pdf.php
index c23769e..38c16a4 100644
--- a/api/admin/offers-pdf.php
+++ b/api/admin/offers-pdf.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * BOHA Automation - Offers PDF Export (Print-ready HTML)
+ * Offers PDF Export (Print-ready HTML)
  *
  * Returns a self-contained HTML page that auto-triggers window.print().
  * The browser's "Save as PDF" produces the final PDF.
diff --git a/api/admin/totp.php b/api/admin/totp.php
index 4c06f7f..8c732d6 100644
--- a/api/admin/totp.php
+++ b/api/admin/totp.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * BOHA Automation - TOTP 2FA API
+ * TOTP 2FA API
  *
  * GET  ?action=status           - 2FA status
  * POST ?action=setup            - generovat secret + QR
diff --git a/api/config.php b/api/config.php
index a3b242f..c7166e3 100644
--- a/api/config.php
+++ b/api/config.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * BOHA Automation - API Configuration Bootstrap
+ * API Configuration Bootstrap
  *
  * Nacte helper funkce, env promenne a konstanty.
  * Toto je jediny soubor, ktery API endpointy musi require_once.
diff --git a/api/includes/AuditLog.php b/api/includes/AuditLog.php
index 44d8fdb..c9b707d 100644
--- a/api/includes/AuditLog.php
+++ b/api/includes/AuditLog.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * BOHA Automation - Audit Logging System
+ * Audit Logging System
  *
  * Comprehensive audit trail for all administrative actions
  */
diff --git a/api/includes/JWTAuth.php b/api/includes/JWTAuth.php
index 6c48dba..790818b 100644
--- a/api/includes/JWTAuth.php
+++ b/api/includes/JWTAuth.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * BOHA Automation - JWT Authentication Handler
+ * JWT Authentication Handler
  *
  * Handles JWT access tokens and refresh tokens for stateless authentication.
  * Access tokens: Short-lived (configurable, default 15 min), stored in memory on client
diff --git a/api/includes/LeaveNotification.php b/api/includes/LeaveNotification.php
index 046395a..763439a 100644
--- a/api/includes/LeaveNotification.php
+++ b/api/includes/LeaveNotification.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * BOHA Automation - Leave Request Email Notifications
+ * Leave Request Email Notifications
  *
  * Sends email notifications when leave requests are created.
  */
@@ -66,16 +66,17 @@ class LeaveNotification
                     <td style='padding: 10px; border-bottom: 1px solid #ddd;'>" . htmlspecialchars($notes) . '</td>
                 </tr>' : '') . "
             </table>
+            " . (env('APP_URL', '') ? "
             <p style='margin-top: 20px;'>
-                <a href='https://www.boha-automation.cz/boha/leave-approval'
+                <a href='" . htmlspecialchars(env('APP_URL', '')) . "/leave-approval'
                    style='background: #de3a3a; color: #fff; padding: 10px 20px;
                           text-decoration: none; border-radius: 5px;'>
                     Přejít ke schvalování
                 </a>
-            </p>
+            </p>" : "") . "
             <hr style='margin: 30px 0; border: none; border-top: 1px solid #ddd;'>
             <p style='font-size: 12px; color: #999;'>
-                Tato zpráva byla automaticky vygenerována systémem BOHA Automation.<br>
+                Tato zpráva byla automaticky vygenerována systémem.<br>
                 Datum: " . date('d.m.Y H:i:s') . '
             </p>
         </body>
diff --git a/api/includes/Mailer.php b/api/includes/Mailer.php
index ca53055..2584d47 100644
--- a/api/includes/Mailer.php
+++ b/api/includes/Mailer.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * BOHA Automation - Email Helper
+ * Email Helper
  *
  * Sends emails via PHP mail() function.
  * Configuration via .env variables.
@@ -23,7 +23,7 @@ class Mailer
     public static function send(string $to, string $subject, string $htmlBody, ?string $replyTo = null): bool
     {
         $fromEmail = env('SMTP_FROM_EMAIL', env('CONTACT_EMAIL_FROM', 'web@boha-automation.cz'));
-        $fromName  = env('SMTP_FROM_NAME', 'BOHA Automation');
+        $fromName  = env('SMTP_FROM_NAME', 'System');
 
         $encodedSubject = '=?UTF-8?B?' . base64_encode($subject) . '?=';
 
diff --git a/api/includes/constants.php b/api/includes/constants.php
index 323541e..8b88867 100644
--- a/api/includes/constants.php
+++ b/api/includes/constants.php
@@ -25,11 +25,10 @@ define('MAX_LOGIN_ATTEMPTS', 5);
 define('LOCKOUT_MINUTES', 15);
 define('BCRYPT_COST', 12);
 
-// CORS - aktualizuj po nasazeni na subdomenu
-define('CORS_ALLOWED_ORIGINS', [
-    'http://www.boha-automation.cz',
-    'https://www.boha-automation.cz',
-]);
+// CORS - konfigurovatelne pres env (comma-separated), fallback na hardcoded hodnoty
+define('CORS_ALLOWED_ORIGINS', env('CORS_ALLOWED_ORIGINS', '')
+    ? array_map('trim', explode(',', (string) env('CORS_ALLOWED_ORIGINS', '')))
+    : ['http://www.boha-automation.cz', 'https://www.boha-automation.cz']);
 
 // Paths
 define('API_ROOT', dirname(__DIR__));
diff --git a/deploy.sh b/deploy.sh
deleted file mode 100644
index 50da356..0000000
--- a/deploy.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-set -e
-
-DIST_DIR="D:/Weby/BOHA Website/New/dist"
-HTDOCS_DIR="/c/Apache24/htdocs"
-
-echo "=== BOHA Automation Deploy ==="
-
-# 1. Build
-echo "[1/4] Building..."
-npm run build
-
-# 2. Verify build
-if [ ! -f "$DIST_DIR/index.html" ] || [ ! -d "$DIST_DIR/api" ]; then
-  echo "ERROR: Build incomplete - missing index.html or api/"
-  exit 1
-fi
-
-echo "[2/4] Build verified OK"
-
-# 3. Deploy
-echo "[3/4] Deploying to Apache..."
-rm -rf "$HTDOCS_DIR"/*
-cp -r "$DIST_DIR"/* "$HTDOCS_DIR"/
-
-# 4. Health check
-echo "[4/4] Health check..."
-HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" http://localhost/ 2>/dev/null || echo "000")
-if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "302" ]; then
-  echo "=== Deploy OK (HTTP $HTTP_CODE) ==="
-else
-  echo "WARNING: Health check returned HTTP $HTTP_CODE (Apache may not be running)"
-fi
diff --git a/docs/AUTH_SYSTEM.md b/docs/AUTH_SYSTEM.md
deleted file mode 100644
index d6f1d81..0000000
--- a/docs/AUTH_SYSTEM.md
+++ /dev/null
@@ -1,2621 +0,0 @@
-# BOHA Automation - Authentication System Documentation
-
-Complete reference documentation for the BOHA authentication system, covering PHP backend and React frontend implementation.
-
----
-
-## Table of Contents
-
-1. [Overview](#1-overview)
-2. [Configuration](#2-configuration)
-3. [Database Tables](#3-database-tables)
-4. [Complete Code Listings](#4-complete-code-listings)
-5. [Security Features](#5-security-features)
-6. [Authentication Flows](#6-authentication-flows)
-7. [API Endpoints](#7-api-endpoints)
-
----
-
-## 1. Overview
-
-The BOHA authentication system is a session-based authentication mechanism with the following architecture:
-
-```
-Frontend (React)                    Backend (PHP)
------------------                   ---------------
-AuthContext.jsx  <-- HTTP -->       Auth.php (Core logic)
-Login.jsx                           login.php (Endpoint)
-AdminLayout.jsx                     logout.php (Endpoint)
-api.js                              session.php (Endpoint)
-                                    csrf.php (Endpoint)
-                                    config.php (Configuration)
-                                    RateLimiter.php (Rate limiting)
-```
-
-### Key Features
-
-- Database-backed sessions stored in `user_sessions` table
-- Secure session configuration (HttpOnly, Secure, SameSite cookies)
-- Session regeneration on login to prevent session fixation
-- Remember me functionality with secure token rotation (selector:token pattern)
-- Brute force protection with account lockout
-- CSRF protection with token rotation on login
-- IP-based rate limiting per endpoint
-- Security headers on all responses
-- Sliding session expiration
-- Automatic cleanup of expired sessions and tokens
-
----
-
-## 2. Configuration
-
-All authentication constants are defined in `api/config.php`:
-
-| Constant | Value | Description |
-|----------|-------|-------------|
-| `SESSION_NAME` | `'BOHA_ADMIN_SESSION'` | PHP session cookie name |
-| `SESSION_LIFETIME_MINUTES` | `60` | Session expires after 60 minutes of inactivity |
-| `REMEMBER_ME_DAYS` | `30` | Remember me token valid for 30 days |
-| `MAX_LOGIN_ATTEMPTS` | `5` | Lock account after 5 failed attempts |
-| `LOCKOUT_MINUTES` | `15` | Account lock duration in minutes |
-| `BCRYPT_COST` | `12` | Bcrypt cost factor for password hashing |
-| `RATE_LIMIT_STORAGE_PATH` | `__DIR__ . '/rate_limits'` | Directory for rate limit files |
-
-### CORS Configuration
-
-```php
-define('CORS_ALLOWED_ORIGINS', [
-    'http://localhost:3000',
-    'http://localhost:3001',
-    'http://127.0.0.1:3000',
-    'http://www.boha-automation.cz',
-    'https://www.boha-automation.cz'
-]);
-```
-
----
-
-## 3. Database Tables
-
-### users
-
-```sql
-CREATE TABLE users (
-    id INT AUTO_INCREMENT PRIMARY KEY,
-    username VARCHAR(50) NOT NULL UNIQUE,
-    email VARCHAR(255) NOT NULL UNIQUE,
-    password_hash VARCHAR(255) NOT NULL,
-    first_name VARCHAR(100),
-    last_name VARCHAR(100),
-    role_id INT NOT NULL,
-    is_active TINYINT(1) DEFAULT 1,
-    failed_login_attempts INT DEFAULT 0,
-    locked_until DATETIME NULL,
-    last_login DATETIME NULL,
-    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-    FOREIGN KEY (role_id) REFERENCES roles(id)
-);
-```
-
-### roles
-
-```sql
-CREATE TABLE roles (
-    id INT AUTO_INCREMENT PRIMARY KEY,
-    name VARCHAR(50) NOT NULL UNIQUE,
-    display_name VARCHAR(100),
-    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-);
-
--- Default roles
-INSERT INTO roles (name, display_name) VALUES
-('admin', 'Administrator'),
-('user', 'User');
-```
-
-### user_sessions
-
-```sql
-CREATE TABLE user_sessions (
-    id VARCHAR(128) PRIMARY KEY,           -- PHP session ID
-    user_id INT NOT NULL,
-    ip_address VARCHAR(45),
-    user_agent VARCHAR(255),
-    expires_at DATETIME NOT NULL,
-    is_active TINYINT(1) DEFAULT 1,
-    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
-);
-
-CREATE INDEX idx_user_sessions_expires ON user_sessions(expires_at);
-CREATE INDEX idx_user_sessions_user ON user_sessions(user_id);
-```
-
-### remember_me_tokens
-
-```sql
-CREATE TABLE remember_me_tokens (
-    id INT AUTO_INCREMENT PRIMARY KEY,
-    user_id INT NOT NULL,
-    selector VARCHAR(32) NOT NULL UNIQUE,  -- Public identifier
-    token_hash VARCHAR(64) NOT NULL,       -- SHA-256 hash of token
-    expires_at DATETIME NOT NULL,
-    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
-);
-
-CREATE INDEX idx_remember_selector ON remember_me_tokens(selector);
-CREATE INDEX idx_remember_expires ON remember_me_tokens(expires_at);
-```
-
----
-
-## 4. Complete Code Listings
-
-### 4.1 api/config.php
-
-```php
-<?php
-/**
- * BOHA Automation - API Configuration
- *
- * Database and application configuration
- */
-
-// Load .env file
-function loadEnv($path) {
-    if (!file_exists($path)) {
-        return false;
-    }
-
-    $lines = file($path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
-    foreach ($lines as $line) {
-        if (strpos(trim($line), '#') === 0) {
-            continue;
-        }
-
-        $parts = explode('=', $line, 2);
-        if (count($parts) !== 2) {
-            continue;
-        }
-
-        $name = trim($parts[0]);
-        $value = trim($parts[1]);
-
-        // Remove quotes if present
-        if ((substr($value, 0, 1) === '"' && substr($value, -1) === '"') ||
-            (substr($value, 0, 1) === "'" && substr($value, -1) === "'")) {
-            $value = substr($value, 1, -1);
-        }
-
-        $_ENV[$name] = $value;
-    }
-
-    return true;
-}
-
-// Load .env from api directory
-loadEnv(__DIR__ . '/.env');
-
-// Helper function to get env value with default
-function env($key, $default = null) {
-    return $_ENV[$key] ?? $default;
-}
-
-// Environment
-define('APP_ENV', env('APP_ENV', 'production'));
-define('DEBUG_MODE', APP_ENV === 'local');
-
-if (DEBUG_MODE) {
-    error_reporting(E_ALL);
-    ini_set('display_errors', 1);
-} else {
-    error_reporting(0);
-    ini_set('display_errors', 0);
-}
-
-// Database configuration
-define('DB_HOST', env('DB_HOST', 'localhost'));
-define('DB_NAME', env('DB_NAME', ''));
-define('DB_USER', env('DB_USER', ''));
-define('DB_PASS', env('DB_PASS', ''));
-define('DB_CHARSET', 'utf8mb4');
-
-// Security configuration
-define('SESSION_NAME', 'BOHA_ADMIN_SESSION');
-define('SESSION_LIFETIME_MINUTES', 60);
-define('REMEMBER_ME_DAYS', 30);
-define('MAX_LOGIN_ATTEMPTS', 5);
-define('LOCKOUT_MINUTES', 15);
-define('BCRYPT_COST', 12);
-
-// CORS configuration for API
-define('CORS_ALLOWED_ORIGINS', [
-    'http://localhost:3000',
-    'http://localhost:3001',
-    'http://127.0.0.1:3000',
-    'http://www.boha-automation.cz',
-    'https://www.boha-automation.cz'
-]);
-
-// Paths
-define('API_ROOT', __DIR__);
-define('INCLUDES_PATH', API_ROOT . '/includes');
-
-// Rate limiting
-define('RATE_LIMIT_STORAGE_PATH', __DIR__ . '/rate_limits');
-
-// reCAPTCHA configuration
-define('RECAPTCHA_SITE_KEY', env('RECAPTCHA_SITE_KEY', ''));
-define('RECAPTCHA_SECRET_KEY', env('RECAPTCHA_SECRET_KEY', ''));
-
-// Email configuration
-define('CONTACT_EMAIL_TO', env('CONTACT_EMAIL_TO', 'info@boha-automation.cz'));
-define('CONTACT_EMAIL_FROM', env('CONTACT_EMAIL_FROM', 'web@boha-automation.cz'));
-
-/**
- * Get PDO database connection (singleton pattern)
- *
- * @return PDO Database connection instance
- * @throws PDOException If connection fails
- */
-function db(): PDO {
-    static $pdo = null;
-
-    if ($pdo === null) {
-        $dsn = sprintf(
-            'mysql:host=%s;dbname=%s;charset=%s',
-            DB_HOST,
-            DB_NAME,
-            DB_CHARSET
-        );
-
-        $options = [
-            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
-            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
-            PDO::ATTR_EMULATE_PREPARES => false,
-            PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES " . DB_CHARSET
-        ];
-
-        try {
-            $pdo = new PDO($dsn, DB_USER, DB_PASS, $options);
-        } catch (PDOException $e) {
-            if (DEBUG_MODE) {
-                throw $e;
-            }
-            error_log("Database connection failed: " . $e->getMessage());
-            throw new PDOException("Database connection failed");
-        }
-    }
-
-    return $pdo;
-}
-
-/**
- * Set CORS headers for API responses
- */
-function setCorsHeaders(): void {
-    $origin = $_SERVER['HTTP_ORIGIN'] ?? '';
-
-    if (in_array($origin, CORS_ALLOWED_ORIGINS)) {
-        header("Access-Control-Allow-Origin: $origin");
-    } else {
-        // Allow localhost for development
-        header("Access-Control-Allow-Origin: http://localhost:3000");
-    }
-
-    header('Access-Control-Allow-Credentials: true');
-    header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
-    header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-    header('Access-Control-Max-Age: 86400');
-
-    // Handle preflight requests
-    if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
-        http_response_code(200);
-        exit();
-    }
-}
-
-/**
- * Send JSON response and exit
- *
- * @param mixed $data Data to send
- * @param int $statusCode HTTP status code
- */
-function jsonResponse($data, int $statusCode = 200): void {
-    http_response_code($statusCode);
-    header('Content-Type: application/json; charset=utf-8');
-    echo json_encode($data, JSON_UNESCAPED_UNICODE);
-    exit();
-}
-
-/**
- * Send error response
- *
- * @param string $message Error message
- * @param int $statusCode HTTP status code
- */
-function errorResponse(string $message, int $statusCode = 400): void {
-    jsonResponse(['success' => false, 'error' => $message], $statusCode);
-}
-
-/**
- * Send success response
- *
- * @param mixed $data Data to include
- * @param string $message Optional message
- */
-function successResponse($data = null, string $message = ''): void {
-    $response = ['success' => true];
-    if ($message) {
-        $response['message'] = $message;
-    }
-    if ($data !== null) {
-        $response['data'] = $data;
-    }
-    jsonResponse($response);
-}
-
-/**
- * Get JSON request body
- *
- * @return array Decoded JSON data
- */
-function getJsonInput(): array {
-    $input = file_get_contents('php://input');
-    $data = json_decode($input, true);
-    return is_array($data) ? $data : [];
-}
-
-/**
- * Sanitize string input
- *
- * @param string $input Input string
- * @return string Sanitized string
- */
-function sanitize(string $input): string {
-    return htmlspecialchars(trim($input), ENT_QUOTES, 'UTF-8');
-}
-
-/**
- * Validate email format
- *
- * @param string $email Email to validate
- * @return bool True if valid
- */
-function isValidEmail(string $email): bool {
-    return filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
-}
-
-/**
- * Generate CSRF token
- *
- * @return string CSRF token
- */
-function generateCsrfToken(): string {
-    if (empty($_SESSION['csrf_token'])) {
-        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
-    }
-    return $_SESSION['csrf_token'];
-}
-
-/**
- * Verify CSRF token
- *
- * @param string $token Token to verify
- * @return bool True if valid
- */
-function verifyCsrfToken(string $token): bool {
-    return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
-}
-
-/**
- * Get client IP address
- *
- * Uses only REMOTE_ADDR which cannot be spoofed (TCP connection IP).
- * If you add a reverse proxy (Cloudflare, Nginx, etc.) in the future,
- * update this function to trust specific proxy headers only from known proxy IPs.
- *
- * @return string IP address
- */
-function getClientIp(): string {
-    return $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
-}
-
-/**
- * Set security headers for API responses
- *
- * Sets standard security headers to protect against common web vulnerabilities:
- * - X-Content-Type-Options: Prevents MIME type sniffing
- * - X-Frame-Options: Prevents clickjacking attacks
- * - X-XSS-Protection: Enables browser XSS filter
- * - Referrer-Policy: Controls referrer information sent with requests
- *
- * Note: Content-Security-Policy is not set here as it may interfere with the React frontend
- */
-function setSecurityHeaders(): void {
-    header('X-Content-Type-Options: nosniff');
-    header('X-Frame-Options: DENY');
-    header('X-XSS-Protection: 1; mode=block');
-    header('Referrer-Policy: strict-origin-when-cross-origin');
-}
-
-/**
- * Set no-cache headers
- *
- * Prevents browser caching for sensitive endpoints
- */
-function setNoCacheHeaders(): void {
-    header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
-    header('Cache-Control: post-check=0, pre-check=0', false);
-    header('Pragma: no-cache');
-}
-```
-
-### 4.2 api/includes/Auth.php
-
-```php
-<?php
-/**
- * BOHA Automation - Authentication System
- *
- * Best practices implemented:
- * - Database-backed sessions (user_sessions table)
- * - Secure session configuration (httponly, secure, samesite)
- * - Session regeneration on login
- * - Max 3 concurrent sessions per user
- * - Remember me with secure token rotation
- * - Proper cleanup of expired sessions
- * - Failed login attempt tracking with lockout
- */
-
-require_once dirname(__DIR__) . '/config.php';
-
-class Auth {
-    private static bool $initialized = false;
-    private static ?array $user = null;
-
-    /**
-     * Initialize session with secure settings
-     */
-    public static function initialize(): void {
-        if (self::$initialized) {
-            return;
-        }
-
-        if (session_status() === PHP_SESSION_NONE) {
-            $secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
-
-            session_name(SESSION_NAME);
-            session_set_cookie_params([
-                'lifetime' => 0,
-                'path' => '/',
-                'domain' => '',
-                'secure' => $secure,
-                'httponly' => true,
-                'samesite' => 'Lax'
-            ]);
-
-            session_start();
-        }
-
-        self::$initialized = true;
-
-        // Cleanup expired sessions occasionally (1% of requests)
-        if (rand(1, 100) === 1) {
-            self::cleanupExpiredSessions();
-        }
-    }
-
-    /**
-     * Attempt user login
-     *
-     * @param string $username Username or email
-     * @param string $password Plain text password
-     * @param bool $remember Create remember me token
-     * @return array Result with success status and error code if failed
-     */
-    public static function login(string $username, string $password, bool $remember = false): array {
-        try {
-            $pdo = db();
-
-            // Find user by username or email
-            $stmt = $pdo->prepare("
-                SELECT u.*, r.name as role_name, r.display_name as role_display_name
-                FROM users u
-                LEFT JOIN roles r ON u.role_id = r.id
-                WHERE u.username = ? OR u.email = ?
-            ");
-            $stmt->execute([$username, $username]);
-            $user = $stmt->fetch();
-
-            if (!$user) {
-                return ['success' => false, 'error' => 'invalid_credentials'];
-            }
-
-            // Check if account is locked
-            if ($user['locked_until'] && strtotime($user['locked_until']) > time()) {
-                $remaining = ceil((strtotime($user['locked_until']) - time()) / 60);
-                return ['success' => false, 'error' => 'account_locked', 'minutes' => $remaining];
-            }
-
-            // Verify password
-            if (!password_verify($password, $user['password_hash'])) {
-                self::incrementFailedAttempts($user['id'], $user['failed_login_attempts']);
-                return ['success' => false, 'error' => 'invalid_credentials'];
-            }
-
-            // Check if account is active
-            if (!$user['is_active']) {
-                return ['success' => false, 'error' => 'account_deactivated'];
-            }
-
-            // Successful login - regenerate session ID
-            session_regenerate_id(true);
-
-            // Force new CSRF token generation post-login
-            // This prevents Login CSRF attacks where an attacker could use a pre-login CSRF token for post-login actions
-            unset($_SESSION['csrf_token']);
-
-            // Create session data
-            self::createUserSession($user);
-
-            // Store session in database (with longer expiry if remember me)
-            self::storeSessionInDatabase($user['id'], $remember);
-
-            // Create remember me token if requested
-            if ($remember) {
-                self::createRememberMeToken($user['id']);
-            }
-
-            // Reset failed attempts and update last login
-            $stmt = $pdo->prepare("
-                UPDATE users
-                SET last_login = NOW(), failed_login_attempts = 0, locked_until = NULL
-                WHERE id = ?
-            ");
-            $stmt->execute([$user['id']]);
-
-            return [
-                'success' => true,
-                'user' => self::getUserData()
-            ];
-
-        } catch (PDOException $e) {
-            error_log("Auth login error: " . $e->getMessage());
-            return ['success' => false, 'error' => 'system_error'];
-        }
-    }
-
-    /**
-     * Increment failed login attempts
-     */
-    private static function incrementFailedAttempts(int $userId, int $currentAttempts): void {
-        try {
-            $pdo = db();
-            $attempts = $currentAttempts + 1;
-            $lockedUntil = null;
-
-            if ($attempts >= MAX_LOGIN_ATTEMPTS) {
-                $lockedUntil = date('Y-m-d H:i:s', time() + (LOCKOUT_MINUTES * 60));
-            }
-
-            $stmt = $pdo->prepare("
-                UPDATE users
-                SET failed_login_attempts = ?, locked_until = ?
-                WHERE id = ?
-            ");
-            $stmt->execute([$attempts, $lockedUntil, $userId]);
-
-        } catch (PDOException $e) {
-            error_log("Auth increment attempts error: " . $e->getMessage());
-        }
-    }
-
-    /**
-     * Create user session data
-     */
-    private static function createUserSession(array $user): void {
-        $_SESSION['auth'] = [
-            'user_id' => $user['id'],
-            'username' => $user['username'],
-            'email' => $user['email'],
-            'full_name' => trim($user['first_name'] . ' ' . $user['last_name']),
-            'role' => $user['role_name'],
-            'role_display' => $user['role_display_name'] ?? $user['role_name'],
-            'login_time' => time(),
-            'last_activity' => time(),
-            'ip' => getClientIp(),
-            'session_token' => bin2hex(random_bytes(16))
-        ];
-
-        self::$user = $user;
-    }
-
-    /**
-     * Store session in database for tracking
-     *
-     * @param int $userId User ID
-     * @param bool $remember If true, session expires in 30 days instead of 1 hour
-     * @param string|null $expiresAt Optional specific expiry datetime
-     */
-    private static function storeSessionInDatabase(int $userId, bool $remember = false, ?string $expiresAt = null): void {
-        try {
-            $pdo = db();
-            $sessionId = session_id();
-
-            // Use provided expiry or calculate based on remember flag
-            if ($expiresAt === null) {
-                $expirySeconds = $remember ? (REMEMBER_ME_DAYS * 86400) : (SESSION_LIFETIME_MINUTES * 60);
-                $expiresAt = date('Y-m-d H:i:s', time() + $expirySeconds);
-            }
-
-            // Delete existing session with same ID
-            $stmt = $pdo->prepare("DELETE FROM user_sessions WHERE id = ?");
-            $stmt->execute([$sessionId]);
-
-            // Insert new session
-            $stmt = $pdo->prepare("
-                INSERT INTO user_sessions (id, user_id, ip_address, user_agent, expires_at, is_active)
-                VALUES (?, ?, ?, ?, ?, 1)
-            ");
-            $stmt->execute([
-                $sessionId,
-                $userId,
-                getClientIp(),
-                substr($_SERVER['HTTP_USER_AGENT'] ?? 'unknown', 0, 255),
-                $expiresAt
-            ]);
-
-        } catch (PDOException $e) {
-            error_log("Auth store session error: " . $e->getMessage());
-        }
-    }
-
-    /**
-     * Create remember me token
-     */
-    private static function createRememberMeToken(int $userId): void {
-        try {
-            $pdo = db();
-
-            $selector = bin2hex(random_bytes(16));
-            $token = bin2hex(random_bytes(32));
-            $tokenHash = hash('sha256', $token);
-            $expiresAt = date('Y-m-d H:i:s', time() + (REMEMBER_ME_DAYS * 86400));
-
-            // Each device gets its own token - expired tokens are cleaned up when used or periodically
-            // Insert new token
-            $stmt = $pdo->prepare("
-                INSERT INTO remember_me_tokens (user_id, selector, token_hash, expires_at)
-                VALUES (?, ?, ?, ?)
-            ");
-            $stmt->execute([$userId, $selector, $tokenHash, $expiresAt]);
-
-            // Set cookie
-            $cookieValue = $selector . ':' . $token;
-            $secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
-
-            setcookie('boha_remember', $cookieValue, [
-                'expires' => time() + (REMEMBER_ME_DAYS * 86400),
-                'path' => '/',
-                'domain' => '',
-                'secure' => $secure,
-                'httponly' => true,
-                'samesite' => 'Lax'
-            ]);
-
-        } catch (PDOException $e) {
-            error_log("Auth remember me token error: " . $e->getMessage());
-        }
-    }
-
-    /**
-     * Check if session is valid
-     *
-     * @return bool True if authenticated
-     */
-    public static function check(): bool {
-        $auth = $_SESSION['auth'] ?? null;
-
-        if ($auth && isset($auth['user_id']) && self::validateDatabaseSession($auth['user_id'])) {
-            self::updateSessionActivity($auth['user_id']);
-            return true;
-        }
-
-        // Session invalid - try to restore from remember me cookie
-        if (isset($_COOKIE['boha_remember']) && self::restoreFromRememberMe()) {
-            return true;
-        }
-
-        // Both session and remember me invalid - clear everything
-        self::clearSessionData();
-
-        return false;
-    }
-
-    /**
-     * Validate session exists in database
-     *
-     * Also verifies that the User-Agent matches what was stored when the session
-     * was created. This prevents session hijacking - if an attacker steals the
-     * session cookie but uses a different browser, the session will be invalid.
-     */
-    private static function validateDatabaseSession(int $userId): bool {
-        try {
-            $pdo = db();
-            $sessionId = session_id();
-
-            $stmt = $pdo->prepare("
-                SELECT id FROM user_sessions
-                WHERE id = ?
-                AND user_id = ?
-                AND user_agent = ?
-                AND is_active = 1
-                AND expires_at > NOW()
-            ");
-            $userAgent = substr($_SERVER['HTTP_USER_AGENT'] ?? 'unknown', 0, 255);
-            $stmt->execute([$sessionId, $userId, $userAgent]);
-
-            return $stmt->fetch() !== false;
-
-        } catch (PDOException $e) {
-            error_log("Auth validate session error: " . $e->getMessage());
-            return false;
-        }
-    }
-
-    /**
-     * Update session activity timestamp
-     */
-    private static function updateSessionActivity(int $userId): void {
-        $_SESSION['auth']['last_activity'] = time();
-
-        // Update expiry (rate limited to once per request)
-        static $updated = false;
-        if ($updated) {
-            return;
-        }
-        $updated = true;
-
-        try {
-            $pdo = db();
-            $hasRememberMe = isset($_COOKIE['boha_remember']);
-
-            if ($hasRememberMe) {
-                // With remember me: only update remember_me_tokens expiry, not user_sessions
-                $parts = explode(':', $_COOKIE['boha_remember']);
-                if (count($parts) === 2) {
-                    $selector = $parts[0];
-                    $tokenExpiresAt = date('Y-m-d H:i:s', time() + (REMEMBER_ME_DAYS * 86400));
-                    $stmt = $pdo->prepare("UPDATE remember_me_tokens SET expires_at = ? WHERE selector = ?");
-                    $stmt->execute([$tokenExpiresAt, $selector]);
-                }
-            } else {
-                // Without remember me: update user_sessions expiry (sliding 1-hour window)
-                $expiresAt = date('Y-m-d H:i:s', time() + (SESSION_LIFETIME_MINUTES * 60));
-                $stmt = $pdo->prepare("
-                    UPDATE user_sessions
-                    SET expires_at = ?
-                    WHERE id = ? AND user_id = ?
-                ");
-                $stmt->execute([$expiresAt, session_id(), $userId]);
-            }
-
-        } catch (PDOException $e) {
-            error_log("Auth update activity error: " . $e->getMessage());
-        }
-    }
-
-    /**
-     * Restore session from remember me cookie
-     */
-    private static function restoreFromRememberMe(): bool {
-        $cookie = $_COOKIE['boha_remember'] ?? '';
-        $parts = explode(':', $cookie);
-
-        if (count($parts) !== 2) {
-            self::deleteRememberMeCookie();
-            return false;
-        }
-
-        [$selector, $token] = $parts;
-
-        try {
-            $pdo = db();
-
-            $stmt = $pdo->prepare("
-                SELECT rt.*, u.*, r.name as role_name, r.display_name as role_display_name
-                FROM remember_me_tokens rt
-                JOIN users u ON rt.user_id = u.id
-                LEFT JOIN roles r ON u.role_id = r.id
-                WHERE rt.selector = ? AND rt.expires_at > NOW()
-            ");
-            $stmt->execute([$selector]);
-            $data = $stmt->fetch();
-
-            if (!$data) {
-                // Delete the expired token from database if it exists
-                $stmt = $pdo->prepare("DELETE FROM remember_me_tokens WHERE selector = ?");
-                $stmt->execute([$selector]);
-                self::deleteRememberMeCookie();
-                return false;
-            }
-
-            // Verify token hash
-            $tokenHash = hash('sha256', $token);
-            if (!hash_equals($data['token_hash'], $tokenHash)) {
-                // Token mismatch - possible theft, delete all tokens for user
-                $stmt = $pdo->prepare("DELETE FROM remember_me_tokens WHERE user_id = ?");
-                $stmt->execute([$data['user_id']]);
-                self::deleteRememberMeCookie();
-                return false;
-            }
-
-            // Check if user is still active
-            if (!$data['is_active']) {
-                self::deleteRememberMeCookie();
-                return false;
-            }
-
-            // Token rotation: Delete the old token
-            $stmt = $pdo->prepare("DELETE FROM remember_me_tokens WHERE selector = ?");
-            $stmt->execute([$selector]);
-
-            // Create a new token for security (single-use tokens)
-            self::createRememberMeToken($data['user_id']);
-
-            // Update the expired session with new expiry from remember me token
-            $sessionId = session_id();
-            $stmt = $pdo->prepare("UPDATE user_sessions SET expires_at = ? WHERE id = ? AND user_id = ?");
-            $stmt->execute([$data['expires_at'], $sessionId, $data['user_id']]);
-
-            // Recreate session data
-            self::createUserSession($data);
-
-            return true;
-
-        } catch (PDOException $e) {
-            error_log("Auth restore remember me error: " . $e->getMessage());
-            return false;
-        }
-    }
-
-    /**
-     * Logout user
-     */
-    public static function logout(): void {
-        $auth = $_SESSION['auth'] ?? null;
-        $sessionId = session_id();
-
-        if ($auth && isset($auth['user_id'])) {
-            try {
-                $pdo = db();
-
-                // Delete session from database
-                $stmt = $pdo->prepare("DELETE FROM user_sessions WHERE id = ?");
-                $stmt->execute([$sessionId]);
-
-                // Delete remember me token if exists
-                if (isset($_COOKIE['boha_remember'])) {
-                    $parts = explode(':', $_COOKIE['boha_remember']);
-                    if (count($parts) === 2) {
-                        $stmt = $pdo->prepare("DELETE FROM remember_me_tokens WHERE selector = ?");
-                        $stmt->execute([$parts[0]]);
-                    }
-                }
-
-            } catch (PDOException $e) {
-                error_log("Auth logout error: " . $e->getMessage());
-            }
-        }
-
-        // Delete remember me cookie
-        self::deleteRememberMeCookie();
-
-        // Clear session
-        $_SESSION = [];
-
-        // Delete session cookie
-        if (isset($_COOKIE[session_name()])) {
-            setcookie(session_name(), '', [
-                'expires' => time() - 3600,
-                'path' => '/',
-                'secure' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
-                'httponly' => true,
-                'samesite' => 'Lax'
-            ]);
-        }
-
-        session_destroy();
-
-        // Cleanup expired sessions
-        self::cleanupExpiredSessions();
-    }
-
-    /**
-     * Clear session data and remember me token
-     */
-    private static function clearSessionData(): void {
-        $sessionId = session_id();
-
-        try {
-            $pdo = db();
-            $stmt = $pdo->prepare("DELETE FROM user_sessions WHERE id = ?");
-            $stmt->execute([$sessionId]);
-
-            // Also delete remember me token if exists
-            if (isset($_COOKIE['boha_remember'])) {
-                $parts = explode(':', $_COOKIE['boha_remember']);
-                if (count($parts) === 2) {
-                    $stmt = $pdo->prepare("DELETE FROM remember_me_tokens WHERE selector = ?");
-                    $stmt->execute([$parts[0]]);
-                }
-            }
-        } catch (PDOException $e) {
-            // Ignore cleanup errors
-        }
-
-        // Delete remember me cookie
-        self::deleteRememberMeCookie();
-
-        unset($_SESSION['auth']);
-        self::$user = null;
-    }
-
-    /**
-     * Delete remember me cookie
-     */
-    private static function deleteRememberMeCookie(): void {
-        if (isset($_COOKIE['boha_remember'])) {
-            setcookie('boha_remember', '', [
-                'expires' => time() - 3600,
-                'path' => '/',
-                'domain' => '',
-                'secure' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
-                'httponly' => true,
-                'samesite' => 'Lax'
-            ]);
-            unset($_COOKIE['boha_remember']);
-        }
-    }
-
-    /**
-     * Cleanup expired sessions and tokens
-     */
-    public static function cleanupExpiredSessions(): void {
-        try {
-            $pdo = db();
-
-            $pdo->exec("DELETE FROM user_sessions WHERE expires_at < NOW()");
-            $pdo->exec("DELETE FROM remember_me_tokens WHERE expires_at < NOW()");
-
-        } catch (PDOException $e) {
-            error_log("Auth cleanup error: " . $e->getMessage());
-        }
-    }
-
-    /**
-     * Check if user is logged in
-     */
-    public static function isLoggedIn(): bool {
-        return isset($_SESSION['auth']['user_id']) && $_SESSION['auth']['user_id'] > 0;
-    }
-
-    /**
-     * Get current user ID
-     */
-    public static function getUserId(): int {
-        return $_SESSION['auth']['user_id'] ?? 0;
-    }
-
-    /**
-     * Get current username
-     */
-    public static function getUsername(): string {
-        return $_SESSION['auth']['username'] ?? '';
-    }
-
-    /**
-     * Get current user's full name
-     */
-    public static function getFullName(): string {
-        return $_SESSION['auth']['full_name'] ?? '';
-    }
-
-    /**
-     * Get current user's email
-     */
-    public static function getEmail(): string {
-        return $_SESSION['auth']['email'] ?? '';
-    }
-
-    /**
-     * Get current user's role
-     */
-    public static function getRole(): string {
-        return $_SESSION['auth']['role'] ?? '';
-    }
-
-    /**
-     * Get current user's role display name
-     */
-    public static function getRoleDisplay(): string {
-        return $_SESSION['auth']['role_display'] ?? '';
-    }
-
-    /**
-     * Check if current user is admin
-     */
-    public static function isAdmin(): bool {
-        return self::getRole() === 'admin';
-    }
-
-    /**
-     * Get user data for API response
-     */
-    public static function getUserData(): ?array {
-        if (!self::isLoggedIn()) {
-            return null;
-        }
-
-        return [
-            'id' => self::getUserId(),
-            'username' => self::getUsername(),
-            'email' => self::getEmail(),
-            'fullName' => self::getFullName(),
-            'role' => self::getRole(),
-            'roleDisplay' => self::getRoleDisplay(),
-            'isAdmin' => self::isAdmin()
-        ];
-    }
-
-    /**
-     * Check if user has specific permission
-     *
-     * @param string $permission Permission name (e.g., 'projects.create')
-     * @return bool True if user has permission
-     */
-    public static function hasPermission(string $permission): bool {
-        if (!self::isLoggedIn()) {
-            return false;
-        }
-
-        // Admins have all permissions
-        if (self::isAdmin()) {
-            return true;
-        }
-
-        try {
-            $pdo = db();
-            $stmt = $pdo->prepare("
-                SELECT 1 FROM role_permissions rp
-                INNER JOIN permissions p ON rp.permission_id = p.id
-                INNER JOIN roles r ON rp.role_id = r.id
-                INNER JOIN users u ON u.role_id = r.id
-                WHERE u.id = ? AND p.name = ?
-            ");
-            $stmt->execute([self::getUserId(), $permission]);
-
-            return $stmt->fetch() !== false;
-
-        } catch (PDOException $e) {
-            error_log("Auth permission check error: " . $e->getMessage());
-            return false;
-        }
-    }
-
-    /**
-     * Require user to be logged in
-     */
-    public static function requireLogin(): void {
-        if (!self::check()) {
-            errorResponse('Vyzadovano prihlaseni', 401);
-        }
-    }
-
-    /**
-     * Require specific permission
-     *
-     * @param string $permission Permission name
-     */
-    public static function requirePermission(string $permission): void {
-        self::requireLogin();
-
-        if (!self::hasPermission($permission)) {
-            errorResponse('Pristup odepren', 403);
-        }
-    }
-
-    /**
-     * Get session time remaining in seconds
-     */
-    public static function getSessionTimeRemaining(): int {
-        if (!self::isLoggedIn()) {
-            return 0;
-        }
-
-        $lastActivity = $_SESSION['auth']['last_activity'] ?? 0;
-        $elapsed = time() - $lastActivity;
-        $remaining = (SESSION_LIFETIME_MINUTES * 60) - $elapsed;
-
-        return max(0, $remaining);
-    }
-}
-```
-
-### 4.3 api/includes/RateLimiter.php
-
-```php
-<?php
-/**
- * BOHA Automation - IP-based Rate Limiter
- *
- * Implements rate limiting using file-based storage to prevent abuse
- * and protect API endpoints from excessive requests.
- *
- * Features:
- * - IP-based rate limiting
- * - Configurable limits per endpoint
- * - File-based storage (no database dependency)
- * - Automatic cleanup of expired entries
- */
-
-class RateLimiter {
-    /** @var string Directory for storing rate limit data */
-    private string $storagePath;
-
-    /** @var int Default requests per minute */
-    private int $defaultLimit = 60;
-
-    /** @var int Time window in seconds (1 minute) */
-    private int $windowSeconds = 60;
-
-    /**
-     * Initialize the rate limiter
-     *
-     * @param string|null $storagePath Path to store rate limit files
-     */
-    public function __construct(?string $storagePath = null) {
-        $this->storagePath = $storagePath ?? (defined('RATE_LIMIT_STORAGE_PATH') ? RATE_LIMIT_STORAGE_PATH : __DIR__ . '/../rate_limits');
-
-        // Ensure storage directory exists
-        if (!is_dir($this->storagePath)) {
-            mkdir($this->storagePath, 0755, true);
-        }
-
-        // Cleanup old files occasionally (1% of requests)
-        if (rand(1, 100) === 1) {
-            $this->cleanup();
-        }
-    }
-
-    /**
-     * Check if the request should be rate limited
-     *
-     * @param string $endpoint Endpoint identifier (e.g., 'login', 'session')
-     * @param int|null $limit Custom limit for this endpoint (requests per minute)
-     * @return bool True if request is allowed, false if rate limited
-     */
-    public function check(string $endpoint, ?int $limit = null): bool {
-        $limit = $limit ?? $this->defaultLimit;
-        $ip = $this->getClientIp();
-        $key = $this->getKey($ip, $endpoint);
-
-        $data = $this->getData($key);
-        $now = time();
-
-        // Check if we're still in the same time window
-        if ($data && $data['window_start'] > ($now - $this->windowSeconds)) {
-            // Same window - check count
-            if ($data['count'] >= $limit) {
-                return false; // Rate limited
-            }
-
-            // Increment counter
-            $data['count']++;
-            $this->saveData($key, $data);
-            return true;
-        }
-
-        // New window - reset counter
-        $this->saveData($key, [
-            'window_start' => $now,
-            'count' => 1
-        ]);
-
-        return true;
-    }
-
-    /**
-     * Enforce rate limit and return 429 response if exceeded
-     *
-     * @param string $endpoint Endpoint identifier
-     * @param int|null $limit Custom limit for this endpoint
-     */
-    public function enforce(string $endpoint, ?int $limit = null): void {
-        if (!$this->check($endpoint, $limit)) {
-            $this->sendRateLimitResponse();
-        }
-    }
-
-    /**
-     * Get remaining requests for current window
-     *
-     * @param string $endpoint Endpoint identifier
-     * @param int|null $limit Custom limit for this endpoint
-     * @return int Remaining requests
-     */
-    public function getRemaining(string $endpoint, ?int $limit = null): int {
-        $limit = $limit ?? $this->defaultLimit;
-        $ip = $this->getClientIp();
-        $key = $this->getKey($ip, $endpoint);
-
-        $data = $this->getData($key);
-        $now = time();
-
-        if (!$data || $data['window_start'] <= ($now - $this->windowSeconds)) {
-            return $limit;
-        }
-
-        return max(0, $limit - $data['count']);
-    }
-
-    /**
-     * Get time until rate limit resets
-     *
-     * @param string $endpoint Endpoint identifier
-     * @return int Seconds until reset
-     */
-    public function getResetTime(string $endpoint): int {
-        $ip = $this->getClientIp();
-        $key = $this->getKey($ip, $endpoint);
-
-        $data = $this->getData($key);
-        $now = time();
-
-        if (!$data) {
-            return 0;
-        }
-
-        $windowEnd = $data['window_start'] + $this->windowSeconds;
-        return max(0, $windowEnd - $now);
-    }
-
-    /**
-     * Send 429 Too Many Requests response and exit
-     */
-    private function sendRateLimitResponse(): void {
-        http_response_code(429);
-        header('Content-Type: application/json; charset=utf-8');
-        header('Retry-After: ' . $this->windowSeconds);
-
-        echo json_encode([
-            'success' => false,
-            'error' => 'Prilis mnoho pozadavku. Zkuste to prosim pozdeji.',
-            'retry_after' => $this->windowSeconds
-        ], JSON_UNESCAPED_UNICODE);
-
-        exit();
-    }
-
-    /**
-     * Get client IP address
-     *
-     * @return string IP address
-     */
-    private function getClientIp(): string {
-        // Use the global helper if available
-        if (function_exists('getClientIp')) {
-            return getClientIp();
-        }
-
-        // Fallback: use only REMOTE_ADDR (cannot be spoofed)
-        return $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
-    }
-
-    /**
-     * Generate storage key for IP and endpoint
-     *
-     * @param string $ip Client IP
-     * @param string $endpoint Endpoint identifier
-     * @return string Storage key (filename-safe)
-     */
-    private function getKey(string $ip, string $endpoint): string {
-        // Create a safe filename from IP and endpoint
-        return md5($ip . ':' . $endpoint);
-    }
-
-    /**
-     * Get rate limit data from storage
-     *
-     * @param string $key Storage key
-     * @return array|null Data array or null if not found
-     */
-    private function getData(string $key): ?array {
-        $file = $this->storagePath . '/' . $key . '.json';
-
-        if (!file_exists($file)) {
-            return null;
-        }
-
-        $content = @file_get_contents($file);
-        if ($content === false) {
-            return null;
-        }
-
-        $data = json_decode($content, true);
-        return is_array($data) ? $data : null;
-    }
-
-    /**
-     * Save rate limit data to storage
-     *
-     * @param string $key Storage key
-     * @param array $data Data to save
-     */
-    private function saveData(string $key, array $data): void {
-        $file = $this->storagePath . '/' . $key . '.json';
-        @file_put_contents($file, json_encode($data), LOCK_EX);
-    }
-
-    /**
-     * Cleanup expired rate limit files
-     *
-     * Removes files older than the time window to prevent disk space issues
-     */
-    private function cleanup(): void {
-        if (!is_dir($this->storagePath)) {
-            return;
-        }
-
-        $files = glob($this->storagePath . '/*.json');
-        $expireTime = time() - ($this->windowSeconds * 2); // Keep for 2x window to be safe
-
-        foreach ($files as $file) {
-            if (filemtime($file) < $expireTime) {
-                @unlink($file);
-            }
-        }
-    }
-
-    /**
-     * Clear all rate limit data (useful for testing)
-     */
-    public function clearAll(): void {
-        if (!is_dir($this->storagePath)) {
-            return;
-        }
-
-        $files = glob($this->storagePath . '/*.json');
-        foreach ($files as $file) {
-            @unlink($file);
-        }
-    }
-}
-```
-
-### 4.4 api/admin/login.php
-
-```php
-<?php
-/**
- * BOHA Automation - Admin Login API
- *
- * POST /api/admin/login.php
- *
- * Request body:
- * {
- *   "username": "string",
- *   "password": "string",
- *   "remember": boolean (optional)
- * }
- *
- * Response:
- * {
- *   "success": boolean,
- *   "user": { ... } | null,
- *   "error": "string" | null
- * }
- */
-
-require_once dirname(__DIR__) . '/config.php';
-require_once dirname(__DIR__) . '/includes/Auth.php';
-require_once dirname(__DIR__) . '/includes/AuditLog.php';
-require_once dirname(__DIR__) . '/includes/RateLimiter.php';
-
-// Set headers
-setCorsHeaders();
-setSecurityHeaders();
-setNoCacheHeaders();
-header('Content-Type: application/json; charset=utf-8');
-
-// Rate limiting - stricter for login endpoint (10 requests/minute)
-$rateLimiter = new RateLimiter();
-$rateLimiter->enforce('login', 10);
-
-// Only accept POST
-if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
-    errorResponse('Metoda neni povolena', 405);
-}
-
-// Initialize auth
-Auth::initialize();
-
-// Check if already logged in
-if (Auth::check()) {
-    successResponse([
-        'user' => Auth::getUserData(),
-        'sessionTimeRemaining' => Auth::getSessionTimeRemaining()
-    ], 'Jiz prihlasen');
-}
-
-// Get input
-$input = getJsonInput();
-
-// Verify CSRF token
-$csrfToken = $input['csrf_token'] ?? '';
-if (empty($csrfToken) || !verifyCsrfToken($csrfToken)) {
-    errorResponse('Neplatny CSRF token', 403);
-}
-
-$username = trim($input['username'] ?? '');
-$password = $input['password'] ?? '';
-$remember = (bool) ($input['remember'] ?? false);
-
-// Validate input
-if (empty($username)) {
-    errorResponse('Uzivatelske jmeno je povinne');
-}
-
-if (empty($password)) {
-    errorResponse('Heslo je povinne');
-}
-
-// Attempt login
-$result = Auth::login($username, $password, $remember);
-
-if ($result['success']) {
-    // Log successful login
-    AuditLog::logLogin(
-        Auth::getUserId(),
-        Auth::getUsername()
-    );
-
-    successResponse([
-        'user' => $result['user'],
-        'sessionTimeRemaining' => Auth::getSessionTimeRemaining()
-    ], 'Prihlaseni uspesne');
-} else {
-    // Log failed login
-    AuditLog::logLoginFailed($username, $result['error']);
-
-    // Translate error codes to user-friendly messages
-    $errorMessages = [
-        'invalid_credentials' => 'Neplatne uzivatelske jmeno nebo heslo',
-        'account_locked' => 'Ucet je docasne uzamcen. Zkuste to prosim za ' . ($result['minutes'] ?? 15) . ' minut.',
-        'account_deactivated' => 'Tento ucet byl deaktivovan',
-        'system_error' => 'Doslo k systemove chybe. Zkuste to prosim pozdeji.'
-    ];
-
-    $message = $errorMessages[$result['error']] ?? 'Prihlaseni se nezdarilo';
-
-    errorResponse($message, $result['error'] === 'account_locked' ? 429 : 401);
-}
-```
-
-### 4.5 api/admin/logout.php
-
-```php
-<?php
-/**
- * BOHA Automation - Admin Logout API
- *
- * POST /api/admin/logout.php
- *
- * Response:
- * {
- *   "success": true,
- *   "message": "Logged out successfully"
- * }
- */
-
-require_once dirname(__DIR__) . '/config.php';
-require_once dirname(__DIR__) . '/includes/Auth.php';
-require_once dirname(__DIR__) . '/includes/AuditLog.php';
-require_once dirname(__DIR__) . '/includes/RateLimiter.php';
-
-// Set headers
-setCorsHeaders();
-setSecurityHeaders();
-setNoCacheHeaders();
-header('Content-Type: application/json; charset=utf-8');
-
-// Rate limiting (30 requests/minute)
-$rateLimiter = new RateLimiter();
-$rateLimiter->enforce('logout', 30);
-
-// Only accept POST
-if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
-    errorResponse('Metoda neni povolena', 405);
-}
-
-// Initialize auth
-Auth::initialize();
-
-// Verify CSRF token (log warning but don't block - logout should always succeed)
-$input = getJsonInput();
-$csrfToken = $input['csrf_token'] ?? '';
-if (empty($csrfToken) || !verifyCsrfToken($csrfToken)) {
-    error_log("Logout CSRF warning: Invalid or missing token for session " . session_id());
-    // Continue with logout anyway - trapping users in zombie sessions is worse
-}
-
-// Log logout before destroying session
-if (Auth::isLoggedIn()) {
-    AuditLog::logLogout();
-}
-
-// Perform logout
-Auth::logout();
-
-successResponse(null, 'Odhlaseni uspesne');
-```
-
-### 4.6 api/admin/session.php
-
-```php
-<?php
-/**
- * BOHA Automation - Session Check API
- *
- * GET /api/admin/session.php
- *
- * Response:
- * {
- *   "success": true,
- *   "authenticated": boolean,
- *   "user": { ... } | null,
- *   "sessionTimeRemaining": int (seconds)
- * }
- */
-
-require_once dirname(__DIR__) . '/config.php';
-require_once dirname(__DIR__) . '/includes/Auth.php';
-require_once dirname(__DIR__) . '/includes/RateLimiter.php';
-
-// Set headers
-setCorsHeaders();
-setSecurityHeaders();
-setNoCacheHeaders();
-header('Content-Type: application/json; charset=utf-8');
-
-// Rate limiting (60 requests/minute)
-$rateLimiter = new RateLimiter();
-$rateLimiter->enforce('session', 60);
-
-// Accept GET and POST
-if (!in_array($_SERVER['REQUEST_METHOD'], ['GET', 'POST'])) {
-    errorResponse('Metoda neni povolena', 405);
-}
-
-// Initialize auth
-Auth::initialize();
-
-// Check session
-$authenticated = Auth::check();
-
-if ($authenticated) {
-    // Always fetch fresh user data from database
-    $pdo = db();
-    $stmt = $pdo->prepare("
-        SELECT u.id, u.username, u.email, u.first_name, u.last_name,
-               r.name as role_name, r.display_name as role_display_name
-        FROM users u
-        LEFT JOIN roles r ON u.role_id = r.id
-        WHERE u.id = ?
-    ");
-    $stmt->execute([Auth::getUserId()]);
-    $dbUser = $stmt->fetch();
-
-    $userData = [
-        'id' => $dbUser['id'],
-        'username' => $dbUser['username'],
-        'email' => $dbUser['email'],
-        'fullName' => trim($dbUser['first_name'] . ' ' . $dbUser['last_name']),
-        'role' => $dbUser['role_name'],
-        'roleDisplay' => $dbUser['role_display_name'] ?? $dbUser['role_name'],
-        'isAdmin' => $dbUser['role_name'] === 'admin'
-    ];
-
-    successResponse([
-        'authenticated' => true,
-        'user' => $userData,
-        'sessionTimeRemaining' => Auth::getSessionTimeRemaining()
-    ]);
-} else {
-    successResponse([
-        'authenticated' => false,
-        'user' => null,
-        'sessionTimeRemaining' => 0
-    ]);
-}
-```
-
-### 4.7 api/admin/csrf.php
-
-```php
-<?php
-/**
- * BOHA Automation - CSRF Token API
- *
- * GET /api/admin/csrf.php
- *
- * Generates and returns a CSRF token for use in subsequent requests.
- * The token is stored in the session and must be included in
- * state-changing requests (login, logout, etc.)
- *
- * Response:
- * {
- *   "success": true,
- *   "data": {
- *     "csrf_token": "string"
- *   }
- * }
- */
-
-require_once dirname(__DIR__) . '/config.php';
-require_once dirname(__DIR__) . '/includes/Auth.php';
-require_once dirname(__DIR__) . '/includes/RateLimiter.php';
-
-// Set headers
-setCorsHeaders();
-setSecurityHeaders();
-setNoCacheHeaders();
-header('Content-Type: application/json; charset=utf-8');
-
-// Rate limiting (30 requests/minute)
-$rateLimiter = new RateLimiter();
-$rateLimiter->enforce('csrf', 30);
-
-// Only accept GET
-if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
-    errorResponse('Metoda neni povolena', 405);
-}
-
-// Initialize auth (starts session)
-Auth::initialize();
-
-// Generate CSRF token
-$token = generateCsrfToken();
-
-successResponse([
-    'csrf_token' => $token
-]);
-```
-
-### 4.8 src/admin/context/AuthContext.jsx
-
-```jsx
-import { createContext, useContext, useState, useEffect, useCallback, useRef } from 'react'
-import { setLogoutCallback } from '../utils/api'
-
-const API_BASE = '/api/admin'
-
-const AuthContext = createContext(null)
-
-let cachedUser = null
-let sessionFetched = false
-let lastSessionCheck = 0
-let cachedCsrfToken = null
-
-// Export for AdminLayout to check timing
-export const getLastSessionCheck = () => lastSessionCheck
-export const setLastSessionCheck = (time) => { lastSessionCheck = time }
-
-export function AuthProvider({ children }) {
-  const [user, setUser] = useState(cachedUser)
-  const [loading, setLoading] = useState(!sessionFetched)
-  const [error, setError] = useState(null)
-  const [csrfToken, setCsrfToken] = useState(cachedCsrfToken)
-
-  useEffect(() => {
-    cachedUser = user
-  }, [user])
-
-  useEffect(() => {
-    cachedCsrfToken = csrfToken
-  }, [csrfToken])
-
-  const fetchCsrfToken = useCallback(async () => {
-    try {
-      const response = await fetch(`${API_BASE}/csrf.php`, {
-        credentials: 'include'
-      })
-      const data = await response.json()
-
-      if (data.success && data.data?.csrf_token) {
-        setCsrfToken(data.data.csrf_token)
-        cachedCsrfToken = data.data.csrf_token
-        return data.data.csrf_token
-      }
-      return null
-    } catch (err) {
-      console.error('Failed to fetch CSRF token:', err)
-      return null
-    }
-  }, [])
-
-  const checkSession = useCallback(async () => {
-    try {
-      lastSessionCheck = Date.now()
-      const response = await fetch(`${API_BASE}/session.php`, {
-        credentials: 'include'
-      })
-      const data = await response.json()
-
-      if (data.success && data.data?.authenticated) {
-        setUser(data.data.user)
-        cachedUser = data.data.user
-        return true
-      } else {
-        setUser(null)
-        cachedUser = null
-        return false
-      }
-    } catch (err) {
-      console.error('Session check failed:', err)
-      setUser(null)
-      cachedUser = null
-      return false
-    } finally {
-      setLoading(false)
-      sessionFetched = true
-    }
-  }, [])
-
-  useEffect(() => {
-    if (!sessionFetched) {
-      checkSession()
-    }
-  }, [])
-
-  // Set up the logout callback for the global apiFetch
-  useEffect(() => {
-    setLogoutCallback(() => {
-      setUser(null)
-      cachedUser = null
-      sessionFetched = false
-    })
-  }, [])
-
-  const login = async (username, password, remember = false) => {
-    setError(null)
-
-    try {
-      // Always fetch a fresh CSRF token before login to avoid stale token issues
-      const tokenToUse = await fetchCsrfToken()
-
-      if (!tokenToUse) {
-        const errorMsg = 'Nepodarilo se ziskat bezpecnostni token. Zkuste to prosim znovu.'
-        setError(errorMsg)
-        return { success: false, error: errorMsg }
-      }
-
-      const response = await fetch(`${API_BASE}/login.php`, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json'
-        },
-        credentials: 'include',
-        body: JSON.stringify({ username, password, remember, csrf_token: tokenToUse })
-      })
-
-      const data = await response.json()
-
-      if (data.success) {
-        setUser(data.data.user)
-        lastSessionCheck = Date.now() // Mark session as just verified
-        // Fetch a new CSRF token after successful login (token rotation)
-        fetchCsrfToken()
-        return { success: true }
-      } else {
-        setError(data.error)
-        // Fetch a new CSRF token on failure (token may have been invalidated)
-        fetchCsrfToken()
-        return { success: false, error: data.error }
-      }
-    } catch (err) {
-      const errorMsg = 'Chyba pripojeni. Zkuste to prosim znovu.'
-      setError(errorMsg)
-      return { success: false, error: errorMsg }
-    }
-  }
-
-  const logout = async () => {
-    try {
-      // Use current token or fetch a fresh one
-      const tokenToUse = csrfToken || await fetchCsrfToken()
-
-      await fetch(`${API_BASE}/logout.php`, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json'
-        },
-        credentials: 'include',
-        body: JSON.stringify({ csrf_token: tokenToUse })
-      })
-    } catch (err) {
-      console.error('Logout error:', err)
-    } finally {
-      setUser(null)
-      cachedUser = null
-      sessionFetched = false
-      setCsrfToken(null)
-      cachedCsrfToken = null
-    }
-  }
-
-  const updateUser = useCallback((updates) => {
-    setUser(prev => prev ? { ...prev, ...updates } : null)
-  }, [])
-
-  const value = {
-    user,
-    loading,
-    error,
-    csrfToken,
-    isAuthenticated: !!user,
-    isAdmin: user?.isAdmin || false,
-    login,
-    logout,
-    checkSession,
-    updateUser,
-    fetchCsrfToken
-  }
-
-  return (
-    <AuthContext.Provider value={value}>
-      {children}
-    </AuthContext.Provider>
-  )
-}
-
-export function useAuth() {
-  const context = useContext(AuthContext)
-  if (!context) {
-    throw new Error('useAuth must be used within an AuthProvider')
-  }
-  return context
-}
-
-export default AuthContext
-```
-
-### 4.9 src/admin/pages/Login.jsx
-
-```jsx
-import { useState, useEffect } from 'react'
-import { Navigate } from 'react-router-dom'
-import { motion } from 'framer-motion'
-import { useAuth } from '../context/AuthContext'
-import { useAlert } from '../context/AlertContext'
-import { useTheme } from '../../context/ThemeContext'
-import { shouldShowSessionExpiredAlert } from '../utils/api'
-
-export default function Login() {
-  const { login, isAuthenticated, loading: authLoading } = useAuth()
-  const alert = useAlert()
-  const { theme, toggleTheme } = useTheme()
-  const [username, setUsername] = useState('')
-  const [password, setPassword] = useState('')
-  const [remember, setRemember] = useState(false)
-  const [loading, setLoading] = useState(false)
-
-
-  // Show session expired alert if redirected due to 401
-  useEffect(() => {
-    if (shouldShowSessionExpiredAlert()) {
-      alert.warning('Vase relace vyprsela. Prihlas se prosim znovu.')
-    }
-  }, [])
-
-  if (authLoading) {
-    return (
-      <div className="admin-login">
-        <div className="admin-loading">
-          <div className="admin-spinner" />
-        </div>
-      </div>
-    )
-  }
-
-  if (isAuthenticated) {
-    return <Navigate to="/boha" replace />
-  }
-
-  const handleSubmit = async (e) => {
-    e.preventDefault()
-    setLoading(true)
-
-    const result = await login(username, password, remember)
-
-    if (!result.success) {
-      alert.error(result.error)
-    }
-
-    setLoading(false)
-  }
-
-  return (
-    <div className="admin-login">
-      <div className="bg-orb bg-orb-1" />
-      <div className="bg-orb bg-orb-2" />
-
-      <button
-        onClick={toggleTheme}
-        className="admin-login-theme-btn"
-        title={theme === 'dark' ? 'Svetly rezim' : 'Tmavy rezim'}
-      >
-        <span className={`admin-theme-icon ${theme === 'light' ? 'visible' : ''}`}>
-          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
-            <circle cx="12" cy="12" r="5" />
-            <path d="M12 1v2M12 21v2M4.22 4.22l1.42 1.42M18.36 18.36l1.42 1.42M1 12h2M21 12h2M4.22 19.78l1.42-1.42M18.36 5.64l1.42-1.42" />
-          </svg>
-        </span>
-        <span className={`admin-theme-icon ${theme === 'dark' ? 'visible' : ''}`}>
-          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
-            <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z" />
-          </svg>
-        </span>
-      </button>
-
-      <motion.div
-        className="admin-login-card"
-        initial={{ opacity: 0, y: 30 }}
-        animate={{ opacity: 1, y: 0 }}
-        transition={{ duration: 0.5 }}
-      >
-        <div className="admin-login-header">
-          <img
-            src={theme === 'dark' ? '/images/logo-dark.png' : '/images/logo-light.png'}
-            alt="BOHA Automation"
-            className="admin-login-logo"
-          />
-          <h1 className="admin-login-title">Interni system</h1>
-          <p className="admin-login-subtitle">Prihlas se ke svemu uctu</p>
-        </div>
-
-        <form onSubmit={handleSubmit} className="admin-form">
-          <div className="admin-form-group">
-            <label htmlFor="username" className="admin-form-label">
-              Uzivatelske jmeno nebo e-mail
-            </label>
-            <input
-              id="username"
-              type="text"
-              value={username}
-              onChange={(e) => setUsername(e.target.value)}
-              required
-              autoComplete="username"
-              className="admin-form-input"
-              placeholder="Zadejte uzivatelske jmeno"
-            />
-          </div>
-
-          <div className="admin-form-group">
-            <label htmlFor="password" className="admin-form-label">
-              Heslo
-            </label>
-            <input
-              id="password"
-              type="password"
-              value={password}
-              onChange={(e) => setPassword(e.target.value)}
-              required
-              autoComplete="current-password"
-              className="admin-form-input"
-              placeholder="Zadejte heslo"
-            />
-          </div>
-
-          <label className="admin-form-checkbox">
-            <input
-              type="checkbox"
-              checked={remember}
-              onChange={(e) => setRemember(e.target.checked)}
-            />
-            <span>Zapamatovat si me na 30 dni</span>
-          </label>
-
-          <button
-            type="submit"
-            disabled={loading}
-            className="admin-btn admin-btn-primary"
-            style={{ width: '100%' }}
-          >
-            {loading ? (
-              <>
-                <div className="admin-spinner" style={{ width: 20, height: 20, borderWidth: 2 }} />
-                Prihlasovani...
-              </>
-            ) : (
-              'Prihlasit se'
-            )}
-          </button>
-        </form>
-
-        <a href="/" className="admin-back-link">
-          &larr; Zpet na web
-        </a>
-      </motion.div>
-    </div>
-  )
-}
-```
-
-### 4.10 src/admin/utils/api.js
-
-```javascript
-/**
- * API utility with automatic 401 handling
- * Triggers logout and shows alert when session expires
- */
-
-let logoutCallback = null
-let showSessionExpiredAlert = false
-
-// Set the logout callback (called from AuthContext)
-export const setLogoutCallback = (callback) => {
-  logoutCallback = callback
-}
-
-// Check and clear the session expired flag (called from Login page)
-export const shouldShowSessionExpiredAlert = () => {
-  if (showSessionExpiredAlert) {
-    showSessionExpiredAlert = false
-    return true
-  }
-  return false
-}
-
-// Wrapper for fetch that handles 401 responses
-export const apiFetch = async (url, options = {}) => {
-  const response = await fetch(url, {
-    ...options,
-    credentials: 'include'
-  })
-
-  // If we get a 401, the session is invalid - set flag and trigger logout
-  if (response.status === 401) {
-    showSessionExpiredAlert = true
-    if (logoutCallback) {
-      logoutCallback()
-    }
-  }
-
-  return response
-}
-
-export default apiFetch
-```
-
-### 4.11 src/admin/components/AdminLayout.jsx
-
-```jsx
-import { useState, useEffect } from 'react'
-import { Outlet, Navigate, useLocation } from 'react-router-dom'
-import { useAuth, getLastSessionCheck } from '../context/AuthContext'
-import { useTheme } from '../../context/ThemeContext'
-import Sidebar from './Sidebar'
-
-const SESSION_CHECK_INTERVAL = 30000 // 30 seconds minimum between checks
-
-export default function AdminLayout() {
-  const { isAuthenticated, loading, checkSession } = useAuth()
-  const { theme, toggleTheme } = useTheme()
-  const [sidebarOpen, setSidebarOpen] = useState(false)
-  const location = useLocation()
-
-  // Verify session on route changes, but not too frequently
-  useEffect(() => {
-    const now = Date.now()
-    const lastCheck = getLastSessionCheck()
-
-    // Only check if enough time has passed since last check
-    if (now - lastCheck > SESSION_CHECK_INTERVAL) {
-      checkSession()
-    }
-  }, [location.pathname])
-
-  useEffect(() => {
-    if (sidebarOpen) {
-      document.documentElement.style.overflow = 'hidden'
-      document.body.style.overflow = 'hidden'
-    } else {
-      document.documentElement.style.overflow = ''
-      document.body.style.overflow = ''
-    }
-    return () => {
-      document.documentElement.style.overflow = ''
-      document.body.style.overflow = ''
-    }
-  }, [sidebarOpen])
-
-  if (loading) {
-    return (
-      <div className="admin-layout">
-        <div className="admin-loading" style={{ width: '100%' }}>
-          <div className="admin-spinner" />
-        </div>
-      </div>
-    )
-  }
-
-  if (!isAuthenticated) {
-    return <Navigate to="/boha/login" replace />
-  }
-
-  return (
-    <div className="admin-layout">
-      <Sidebar isOpen={sidebarOpen} onClose={() => setSidebarOpen(false)} />
-
-      <div className="admin-main">
-        <header className="admin-header">
-          <button
-            onClick={() => setSidebarOpen(true)}
-            className="admin-menu-btn"
-          >
-            <svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
-              <line x1="3" y1="12" x2="21" y2="12" />
-              <line x1="3" y1="6" x2="21" y2="6" />
-              <line x1="3" y1="18" x2="21" y2="18" />
-            </svg>
-          </button>
-
-          <div style={{ flex: 1 }} />
-
-          <button
-            onClick={toggleTheme}
-            className="admin-header-theme-btn"
-            title={theme === 'dark' ? 'Svetly rezim' : 'Tmavy rezim'}
-          >
-            <span className={`admin-theme-icon ${theme === 'light' ? 'visible' : ''}`}>
-              <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
-                <circle cx="12" cy="12" r="5" />
-                <path d="M12 1v2M12 21v2M4.22 4.22l1.42 1.42M18.36 18.36l1.42 1.42M1 12h2M21 12h2M4.22 19.78l1.42-1.42M18.36 5.64l1.42-1.42" />
-              </svg>
-            </span>
-            <span className={`admin-theme-icon ${theme === 'dark' ? 'visible' : ''}`}>
-              <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
-                <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z" />
-              </svg>
-            </span>
-          </button>
-
-          <a
-            href="/"
-            target="_blank"
-            rel="noopener noreferrer"
-            className="admin-header-link"
-          >
-            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
-              <path d="M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6" />
-              <polyline points="15 3 21 3 21 9" />
-              <line x1="10" y1="14" x2="21" y2="3" />
-            </svg>
-            Zobrazit web
-          </a>
-        </header>
-
-        <main className="admin-content">
-          <Outlet />
-        </main>
-      </div>
-    </div>
-  )
-}
-```
-
----
-
-## 5. Security Features
-
-### 5.1 CSRF Protection
-
-CSRF tokens protect against Cross-Site Request Forgery attacks.
-
-**Implementation:**
-- Tokens generated using `bin2hex(random_bytes(32))` (64 hex characters)
-- Stored in PHP session (`$_SESSION['csrf_token']`)
-- Required for state-changing requests (login, logout)
-- Verified using timing-safe `hash_equals()` comparison
-- Token rotated on successful login (prevents Login CSRF attacks)
-
-**Token Rotation on Login:**
-```php
-// In Auth::login() after session_regenerate_id(true)
-unset($_SESSION['csrf_token']); // Force new CSRF token generation post-login
-```
-
-This prevents attackers from preparing CSRF tokens before the victim logs in.
-
-### 5.2 Rate Limiting
-
-IP-based rate limiting protects against brute force and abuse.
-
-| Endpoint | Limit | Purpose |
-|----------|-------|---------|
-| `/api/admin/login.php` | 10/min | Strict - prevents brute force |
-| `/api/admin/logout.php` | 30/min | Moderate - logout operations |
-| `/api/admin/session.php` | 60/min | Higher - frequent session checks |
-| `/api/admin/csrf.php` | 30/min | Moderate - token generation |
-
-**Rate Limit Response (429):**
-```json
-{
-  "success": false,
-  "error": "Prilis mnoho pozadavku. Zkuste to prosim pozdeji.",
-  "retry_after": 60
-}
-```
-
-The `Retry-After` header is also set.
-
-### 5.3 Security Headers
-
-All API endpoints set these headers:
-
-| Header | Value | Purpose |
-|--------|-------|---------|
-| `X-Content-Type-Options` | `nosniff` | Prevents MIME type sniffing |
-| `X-Frame-Options` | `DENY` | Prevents clickjacking |
-| `X-XSS-Protection` | `1; mode=block` | Enables browser XSS filter |
-| `Referrer-Policy` | `strict-origin-when-cross-origin` | Controls referrer info |
-| `Cache-Control` | `no-store, no-cache...` | Prevents caching of sensitive data |
-
-### 5.4 Brute Force Protection
-
-Failed login attempts tracked per user with automatic lockout.
-
-**Configuration:**
-- `MAX_LOGIN_ATTEMPTS = 5` - Account locks after 5 failures
-- `LOCKOUT_MINUTES = 15` - Lock duration
-
-**Behavior:**
-1. Each failed login increments `failed_login_attempts` in users table
-2. After 5 failures, `locked_until` is set to current time + 15 minutes
-3. Login attempts during lockout return `account_locked` error with remaining time
-4. Successful login resets counter and clears lock
-
-### 5.5 Session Security
-
-**Cookie Configuration:**
-
-| Attribute | Value | Purpose |
-|-----------|-------|---------|
-| `lifetime` | 0 | Session cookie - expires when browser closes |
-| `path` | `/` | Available across entire domain |
-| `secure` | `true` (HTTPS) | Only transmitted over HTTPS |
-| `httponly` | `true` | Not accessible via JavaScript |
-| `samesite` | `Lax` | Prevents CSRF in cross-site requests |
-
-**Additional Security:**
-- Session ID regenerated on login (`session_regenerate_id(true)`)
-- Sessions validated against database on each request
-- **User-Agent binding** - Each session is bound to the browser's User-Agent string. If an attacker steals a session cookie but uses a different browser, the session will be rejected
-- Client IP tracked for audit purposes
-- Sliding expiration extends session on activity
-- Periodic cleanup of expired sessions (1% of requests)
-
-**IP Address Handling:**
-- Uses only `REMOTE_ADDR` which represents the actual TCP connection IP
-- Does not trust proxy headers (`X-Forwarded-For`, `X-Real-IP`, etc.) which can be spoofed
-- If a reverse proxy is added in the future (Cloudflare, Nginx, etc.), the `getClientIp()` function should be updated to trust specific headers only from known proxy IP ranges
-
-### 5.6 Remember Me Token Security
-
-Implements the selector:token pattern with SHA-256 hashing.
-
-**Token Structure:**
-- `selector`: 32 hex characters (public identifier for database lookup)
-- `token`: 64 hex characters (secret validator, only hash stored)
-- Cookie value: `selector:token`
-
-**Security Features:**
-
-1. **Split Token Pattern**: Selector used for lookup, only token hash stored
-2. **SHA-256 Hashing**: Token hashed before storage, prevents database leak exposure
-3. **Single-Use Rotation**: Token deleted and new one issued after each use
-4. **Theft Detection**: If hash doesn't match, all user tokens deleted (possible theft)
-5. **Secure Cookie**: Same security attributes as session cookie
-
-**Token Rotation Flow:**
-```
-1. User visits with remember_me cookie
-2. Extract selector:token from cookie
-3. Lookup token by selector in database
-4. Verify SHA-256(token) matches stored hash
-5. If match: delete old token, create new one, restore session
-6. If mismatch: delete ALL user tokens (possible theft)
-```
-
----
-
-## 6. Authentication Flows
-
-### 6.1 Login Flow
-
-```
-Frontend                              Backend
---------                              -------
-1. User enters credentials
-2. fetchCsrfToken() -----------------> GET /csrf.php
-                                       - Start session
-                                       - Generate token
-3. <---------------------------------- Return csrf_token
-4. login() --------------------------> POST /login.php
-   {username, password,                - Verify CSRF token
-    remember, csrf_token}              - Check rate limit
-                                       - Find user by username/email
-                                       - Check if locked
-                                       - Verify password
-                                       - Check if active
-                                       - Regenerate session ID
-                                       - Clear old CSRF token
-                                       - Create session data
-                                       - Store in user_sessions
-                                       - Create remember_me_token (if remember)
-                                       - Reset failed attempts
-5. <---------------------------------- Return user data
-6. Store user in state
-7. fetchCsrfToken() -----------------> GET /csrf.php (token rotation)
-8. <---------------------------------- Return new csrf_token
-```
-
-### 6.2 Logout Flow
-
-```
-Frontend                              Backend
---------                              -------
-1. logout() -------------------------> POST /logout.php
-   {csrf_token}                        - Verify CSRF (warn only)
-                                       - Log logout event
-                                       - Delete from user_sessions
-                                       - Delete remember_me_token
-                                       - Delete cookies
-                                       - Destroy PHP session
-2. <---------------------------------- Return success
-3. Clear user state
-4. Clear CSRF token
-5. Redirect to login
-```
-
-### 6.3 Session Validation Flow
-
-```
-Frontend                              Backend
---------                              -------
-1. checkSession() ------------------> GET /session.php
-                                      - Initialize session
-                                      - Check $_SESSION['auth']
-                                      - Validate against user_sessions DB
-                                      - If valid: update activity, return user
-                                      - If invalid: try remember me restore
-                                      - If remember me works: return user
-                                      - If both fail: clear all, return false
-2. <--------------------------------- Return {authenticated, user}
-3. Update user state
-```
-
-### 6.4 Remember Me Restoration Flow
-
-```
-1. Auth::check() called
-2. Session data exists but DB validation fails
-3. Check for boha_remember cookie
-4. Parse selector:token from cookie
-5. Lookup in remember_me_tokens by selector
-6. Verify SHA-256(token) matches token_hash
-7. If mismatch: DELETE ALL tokens for user (theft detection)
-8. If match and user active:
-   a. Delete old token from DB
-   b. Create new token (rotation)
-   c. Update session expiry
-   d. Create session data
-   e. Return true (authenticated)
-```
-
----
-
-## 7. API Endpoints
-
-### GET /api/admin/csrf.php
-
-Generates and returns a CSRF token.
-
-**Rate Limit:** 30 requests/minute
-
-**Request:**
-```http
-GET /api/admin/csrf.php
-Cookie: BOHA_ADMIN_SESSION=xxx
-```
-
-**Response:**
-```json
-{
-  "success": true,
-  "data": {
-    "csrf_token": "a1b2c3d4e5f6g7h8i9j0..."
-  }
-}
-```
-
----
-
-### POST /api/admin/login.php
-
-Authenticates a user and creates a session.
-
-**Rate Limit:** 10 requests/minute
-
-**Request:**
-```http
-POST /api/admin/login.php
-Content-Type: application/json
-Cookie: BOHA_ADMIN_SESSION=xxx
-
-{
-  "username": "john.doe",
-  "password": "secret123",
-  "remember": true,
-  "csrf_token": "a1b2c3d4e5f6..."
-}
-```
-
-**Success Response (200):**
-```json
-{
-  "success": true,
-  "message": "Prihlaseni uspesne",
-  "data": {
-    "user": {
-      "id": 1,
-      "username": "john.doe",
-      "email": "john@example.com",
-      "fullName": "John Doe",
-      "role": "admin",
-      "roleDisplay": "Administrator",
-      "isAdmin": true
-    },
-    "sessionTimeRemaining": 3600
-  }
-}
-```
-
-**Error Responses:**
-
-Invalid credentials (401):
-```json
-{
-  "success": false,
-  "error": "Neplatne uzivatelske jmeno nebo heslo"
-}
-```
-
-Account locked (429):
-```json
-{
-  "success": false,
-  "error": "Ucet je docasne uzamcen. Zkuste to prosim za 15 minut."
-}
-```
-
-Invalid CSRF token (403):
-```json
-{
-  "success": false,
-  "error": "Neplatny CSRF token"
-}
-```
-
-Rate limited (429):
-```json
-{
-  "success": false,
-  "error": "Prilis mnoho pozadavku. Zkuste to prosim pozdeji.",
-  "retry_after": 60
-}
-```
-
----
-
-### POST /api/admin/logout.php
-
-Logs out the current user.
-
-**Rate Limit:** 30 requests/minute
-
-**Request:**
-```http
-POST /api/admin/logout.php
-Content-Type: application/json
-Cookie: BOHA_ADMIN_SESSION=xxx
-
-{
-  "csrf_token": "a1b2c3d4e5f6..."
-}
-```
-
-**Response (200):**
-```json
-{
-  "success": true,
-  "message": "Odhlaseni uspesne"
-}
-```
-
-Note: Logout proceeds even with invalid CSRF token (warning logged). This prevents users from being trapped in zombie sessions.
-
----
-
-### GET /api/admin/session.php
-
-Validates the current session and returns user data.
-
-**Rate Limit:** 60 requests/minute
-
-**Request:**
-```http
-GET /api/admin/session.php
-Cookie: BOHA_ADMIN_SESSION=xxx
-```
-
-**Authenticated Response (200):**
-```json
-{
-  "success": true,
-  "data": {
-    "authenticated": true,
-    "user": {
-      "id": 1,
-      "username": "john.doe",
-      "email": "john@example.com",
-      "fullName": "John Doe",
-      "role": "admin",
-      "roleDisplay": "Administrator",
-      "isAdmin": true
-    },
-    "sessionTimeRemaining": 3540
-  }
-}
-```
-
-**Unauthenticated Response (200):**
-```json
-{
-  "success": true,
-  "data": {
-    "authenticated": false,
-    "user": null,
-    "sessionTimeRemaining": 0
-  }
-}
-```
-
----
-
-## Summary
-
-The BOHA authentication system implements comprehensive security measures:
-
-1. **Defense in Depth** - Multiple layers (CSRF, session validation, brute force protection, rate limiting)
-2. **Secure Defaults** - HttpOnly, Secure, SameSite cookies; bcrypt hashing; security headers
-3. **Database-Backed Sessions** - Server-side validation prevents session manipulation
-4. **Remember Me Security** - Selector/validator pattern with single-use token rotation
-5. **CSRF Token Rotation** - Tokens invalidated on login to prevent Login CSRF attacks
-6. **Rate Limiting** - IP-based limits per endpoint protect against abuse
-7. **Audit Logging** - All authentication events logged for security monitoring
-8. **Clean Architecture** - Clear separation between React frontend and PHP backend
diff --git a/example_design/boha-spa.html b/example_design/boha-spa.html
deleted file mode 100644
index 43c4737..0000000
--- a/example_design/boha-spa.html
+++ /dev/null
@@ -1,1519 +0,0 @@
-<!DOCTYPE html>
-<html lang="cs">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>BOHA Automation – Platforma</title>
-<link href="https://fonts.googleapis.com/css2?family=DM+Sans:ital,opsz,wght@0,9..40,300;0,9..40,400;0,9..40,500;0,9..40,600;0,9..40,700;1,9..40,400&family=DM+Mono:wght@400;500&display=swap" rel="stylesheet">
-<style>
-*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}
-:root{
-  --red:#D63031;--red-dark:#B52626;--red-soft:#FFF0F0;--red-mid:#FDDCDC;
-  --sidebar-bg:#141414;--bg:#F5F4F2;--card:#FFFFFF;--border:#E8E6E1;
-  --text:#1A1A1A;--muted:#888;--muted2:#BBB;
-  --green:#00B894;--green-soft:#E8FBF7;
-  --amber:#F39C12;--amber-soft:#FEF9EC;
-  --blue:#2D80E4;--blue-soft:#EBF3FD;
-  --purple:#7C3AED;--purple-soft:#EDE9FE;
-  --shadow:0 1px 3px rgba(0,0,0,.06),0 4px 16px rgba(0,0,0,.04);
-  --shadow-md:0 2px 8px rgba(0,0,0,.08),0 8px 32px rgba(0,0,0,.06);
-  --r:10px;
-}
-body{font-family:'DM Sans',sans-serif;background:var(--bg);color:var(--text);display:flex;height:100vh;overflow:hidden;font-size:14px}
-
-/* ─── SIDEBAR ─── */
-aside{width:220px;flex-shrink:0;background:var(--sidebar-bg);display:flex;flex-direction:column;height:100vh;overflow-y:auto}
-.sidebar-logo{padding:20px 18px 16px;border-bottom:1px solid #2a2a2a;display:flex;align-items:center;gap:10px;flex-shrink:0}
-.logo-mark{width:32px;height:32px;background:var(--red);border-radius:6px;display:flex;align-items:center;justify-content:center;font-weight:700;color:#fff;font-size:13px;letter-spacing:-0.5px}
-.sidebar-logo span{color:#fff;font-weight:600;font-size:15px;letter-spacing:-0.3px}
-.sb-section{padding:14px 10px 6px}
-.sb-label{font-size:10px;font-weight:600;letter-spacing:1px;text-transform:uppercase;color:#444;padding:0 8px;margin-bottom:4px}
-.nav-item{display:flex;align-items:center;gap:9px;padding:7px 10px;border-radius:7px;color:#A0A0A0;cursor:pointer;transition:all .15s;font-size:13px;font-weight:450;margin-bottom:1px;user-select:none}
-.nav-item:hover{background:#1f1f1f;color:#ddd}
-.nav-item.active{background:#fff;color:#141414;font-weight:600}
-.nav-item.active svg{color:var(--red)}
-.nav-item svg{width:14px;height:14px;flex-shrink:0}
-.nav-badge{margin-left:auto;background:var(--red);color:#fff;font-size:10px;font-weight:700;border-radius:20px;padding:1px 6px;min-width:18px;text-align:center}
-.nav-badge.g{background:var(--green)}
-.nav-badge.b{background:var(--blue)}
-.sb-footer{margin-top:auto;border-top:1px solid #222;padding:14px 10px;flex-shrink:0}
-.user-chip{display:flex;align-items:center;gap:10px;padding:8px;border-radius:8px;cursor:pointer;transition:background .15s}
-.user-chip:hover{background:#1f1f1f}
-.avatar{width:32px;height:32px;border-radius:50%;background:var(--red);display:flex;align-items:center;justify-content:center;font-weight:700;color:#fff;font-size:12px;flex-shrink:0}
-.u-name{color:#ddd;font-size:13px;font-weight:500}
-.u-role{color:#555;font-size:11px}
-
-/* ─── MAIN ─── */
-main{flex:1;overflow-y:auto;display:flex;flex-direction:column}
-.page{padding:28px 32px;display:flex;flex-direction:column;gap:22px;animation:fadeIn .2s ease}
-@keyframes fadeIn{from{opacity:0;transform:translateY(6px)}to{opacity:1;transform:translateY(0)}}
-
-/* ─── TOPBAR ─── */
-.topbar{display:flex;align-items:flex-start;justify-content:space-between;gap:16px}
-.topbar h1{font-size:22px;font-weight:700;letter-spacing:-0.5px;color:#111}
-.topbar-sub{color:var(--muted);font-size:13px;margin-top:3px}
-.topbar-actions{display:flex;gap:8px;align-items:center;flex-shrink:0}
-
-/* ─── BUTTONS ─── */
-.btn{display:inline-flex;align-items:center;gap:6px;padding:8px 14px;border-radius:8px;cursor:pointer;font-family:inherit;font-size:13px;font-weight:550;border:none;transition:all .15s;white-space:nowrap}
-.btn-primary{background:var(--red);color:#fff}
-.btn-primary:hover{background:var(--red-dark)}
-.btn-ghost{background:#fff;color:var(--text);border:1px solid var(--border)}
-.btn-ghost:hover{background:#f0eeea}
-.btn-sm{padding:6px 11px;font-size:12px;border-radius:7px}
-.btn svg{width:13px;height:13px}
-.btn-icon{width:32px;height:32px;padding:0;display:inline-flex;align-items:center;justify-content:center;border-radius:7px}
-
-/* ─── CARDS ─── */
-.card{background:var(--card);border-radius:var(--r);box-shadow:var(--shadow);overflow:hidden}
-.card-header{padding:14px 18px;border-bottom:1px solid var(--border);display:flex;align-items:center;justify-content:space-between;gap:12px}
-.card-title{font-size:14px;font-weight:650;color:#111}
-.card-link{font-size:12px;color:var(--red);font-weight:550;cursor:pointer}
-.card-body{padding:18px}
-
-/* ─── KPI ─── */
-.kpi-grid{display:grid;gap:14px}
-.kpi-4{grid-template-columns:repeat(4,1fr)}
-.kpi-3{grid-template-columns:repeat(3,1fr)}
-.kpi-2{grid-template-columns:repeat(2,1fr)}
-.kpi-card{background:var(--card);border-radius:var(--r);padding:18px 20px;box-shadow:var(--shadow);display:flex;flex-direction:column;gap:10px;position:relative;overflow:hidden}
-.kpi-card::after{content:'';position:absolute;top:0;left:0;right:0;height:3px;border-radius:var(--r) var(--r) 0 0;background:var(--accent,var(--border))}
-.kpi-card.red{--accent:var(--red)}.kpi-card.green{--accent:var(--green)}.kpi-card.amber{--accent:var(--amber)}.kpi-card.blue{--accent:var(--blue)}.kpi-card.purple{--accent:var(--purple)}
-.kpi-lbl{font-size:11px;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.5px}
-.kpi-val{font-size:28px;font-weight:700;letter-spacing:-1px;line-height:1;color:#111}
-.kpi-val small{font-size:13px;font-weight:500;color:var(--muted);margin-left:2px}
-.kpi-foot{display:flex;align-items:center;gap:6px;font-size:12px;color:var(--muted)}
-
-/* ─── PILLS / TAGS ─── */
-.pill{display:inline-flex;align-items:center;gap:4px;padding:3px 9px;border-radius:20px;font-size:11.5px;font-weight:600;white-space:nowrap}
-.pill.g{background:var(--green-soft);color:var(--green)}
-.pill.a{background:var(--amber-soft);color:var(--amber)}
-.pill.r{background:var(--red-soft);color:var(--red)}
-.pill.b{background:var(--blue-soft);color:var(--blue)}
-.pill.p{background:var(--purple-soft);color:var(--purple)}
-.pill.n{background:#F3F4F6;color:#6B7280}
-.tag-up{background:var(--green-soft);color:var(--green);font-size:11px;font-weight:600;padding:2px 7px;border-radius:20px}
-.tag-dn{background:var(--red-soft);color:var(--red);font-size:11px;font-weight:600;padding:2px 7px;border-radius:20px}
-.tag-neu{background:var(--amber-soft);color:var(--amber);font-size:11px;font-weight:600;padding:2px 7px;border-radius:20px}
-
-/* ─── TABLE ─── */
-.tbl-wrap{overflow-x:auto}
-table{width:100%;border-collapse:collapse}
-thead th{font-size:11px;font-weight:600;text-transform:uppercase;letter-spacing:.5px;color:var(--muted);padding:10px 16px;text-align:left;border-bottom:2px solid var(--border);white-space:nowrap}
-tbody tr{border-bottom:1px solid var(--border);transition:background .1s}
-tbody tr:last-child{border-bottom:none}
-tbody tr:hover{background:#FAFAF8}
-tbody td{padding:11px 16px;font-size:13px;color:#333;vertical-align:middle}
-tbody td strong{font-weight:600;color:#111}
-.mono{font-family:'DM Mono',monospace;font-size:12px}
-
-/* ─── FILTER BAR ─── */
-.filter-bar{display:flex;gap:8px;align-items:center;flex-wrap:wrap}
-.filter-input{background:#fff;border:1px solid var(--border);border-radius:8px;padding:7px 12px;font-family:inherit;font-size:13px;color:var(--text);outline:none;transition:border .15s;min-width:160px}
-.filter-input:focus{border-color:var(--red)}
-.filter-select{background:#fff;border:1px solid var(--border);border-radius:8px;padding:7px 12px;font-family:inherit;font-size:13px;color:var(--text);outline:none;cursor:pointer;appearance:none;padding-right:28px;background-image:url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='10' height='6' fill='none'%3E%3Cpath d='M1 1l4 4 4-4' stroke='%23888' stroke-width='1.5' stroke-linecap='round'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:right 10px center}
-
-/* ─── TABS ─── */
-.tabs{display:flex;gap:2px;background:#EEECEA;border-radius:9px;padding:3px}
-.tab{padding:6px 14px;border-radius:7px;font-size:13px;font-weight:500;cursor:pointer;color:var(--muted);transition:all .15s;white-space:nowrap}
-.tab.active{background:#fff;color:#111;font-weight:600;box-shadow:0 1px 3px rgba(0,0,0,.08)}
-
-/* ─── GRID LAYOUTS ─── */
-.two-col{display:grid;grid-template-columns:1fr 1fr;gap:16px}
-.three-col{display:grid;grid-template-columns:1.4fr 1fr 1fr;gap:16px}
-.col-32{display:grid;grid-template-columns:3fr 2fr;gap:16px}
-.col-23{display:grid;grid-template-columns:2fr 3fr;gap:16px}
-
-/* ─── ACTIVITY / LIST ROWS ─── */
-.list-row{display:flex;align-items:center;gap:12px;padding:11px 18px;border-bottom:1px solid var(--border);transition:background .1s}
-.list-row:last-child{border-bottom:none}
-.list-row:hover{background:#FAFAF8}
-.row-icon{width:34px;height:34px;border-radius:8px;display:flex;align-items:center;justify-content:center;flex-shrink:0}
-.row-icon svg{width:15px;height:15px}
-.row-icon.r{background:var(--red-soft);color:var(--red)}
-.row-icon.g{background:var(--green-soft);color:var(--green)}
-.row-icon.b{background:var(--blue-soft);color:var(--blue)}
-.row-icon.a{background:var(--amber-soft);color:var(--amber)}
-.row-icon.p{background:var(--purple-soft);color:var(--purple)}
-.row-main{flex:1;min-width:0}
-.row-title{font-size:13px;font-weight:500;color:#222}
-.row-sub{font-size:12px;color:var(--muted);margin-top:1px}
-.row-end{display:flex;flex-direction:column;align-items:flex-end;gap:3px;flex-shrink:0}
-
-/* ─── PRESENCE ─── */
-.status-dot{width:7px;height:7px;border-radius:50%;flex-shrink:0}
-.status-dot.in{background:var(--green)}
-.status-dot.out{background:#ddd}
-.status-dot.away{background:var(--amber)}
-.status-label.in{color:var(--green)}
-.status-label.out{color:#bbb}
-.status-label.away{color:var(--amber)}
-.status-label{font-size:11.5px;font-weight:550}
-
-/* ─── PROGRESS ─── */
-.prog-bar-bg{height:6px;background:var(--border);border-radius:99px;overflow:hidden}
-.prog-bar-fill{height:100%;border-radius:99px}
-
-/* ─── FORM ─── */
-.form-grid{display:grid;grid-template-columns:1fr 1fr;gap:16px}
-.form-group{display:flex;flex-direction:column;gap:6px}
-.form-group.full{grid-column:1/-1}
-.form-label{font-size:12px;font-weight:600;color:#555;letter-spacing:.2px}
-.form-input,.form-textarea,.form-sel{background:#fff;border:1.5px solid var(--border);border-radius:8px;padding:9px 12px;font-family:inherit;font-size:13px;color:var(--text);outline:none;transition:border .15s;width:100%}
-.form-input:focus,.form-textarea:focus,.form-sel:focus{border-color:var(--red)}
-.form-textarea{resize:vertical;min-height:80px}
-.form-sel{cursor:pointer;appearance:none;background-image:url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='10' height='6' fill='none'%3E%3Cpath d='M1 1l4 4 4-4' stroke='%23888' stroke-width='1.5' stroke-linecap='round'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:right 12px center;padding-right:32px}
-
-/* ─── CALENDAR ─── */
-.cal-grid{display:grid;grid-template-columns:repeat(7,1fr);gap:3px}
-.cal-head{text-align:center;font-size:11px;font-weight:600;color:var(--muted);padding:6px 0;text-transform:uppercase;letter-spacing:.5px}
-.cal-day{aspect-ratio:1;display:flex;align-items:center;justify-content:center;border-radius:8px;font-size:13px;cursor:pointer;transition:all .15s;position:relative;flex-direction:column;gap:2px}
-.cal-day:hover{background:#F0EEEA}
-.cal-day.today{background:var(--red);color:#fff;font-weight:700}
-.cal-day.has-data::after{content:'';width:4px;height:4px;border-radius:50%;background:var(--green);position:absolute;bottom:4px;left:50%;transform:translateX(-50%)}
-.cal-day.today.has-data::after{background:rgba(255,255,255,.7)}
-.cal-day.other-month{color:#ccc}
-.cal-day.weekend{color:var(--muted)}
-
-/* ─── VEHICLE CARDS ─── */
-.vehicle-grid{display:grid;grid-template-columns:repeat(3,1fr);gap:14px}
-.vehicle-card{background:var(--card);border-radius:var(--r);padding:18px;box-shadow:var(--shadow);display:flex;flex-direction:column;gap:12px;transition:box-shadow .15s}
-.vehicle-card:hover{box-shadow:var(--shadow-md)}
-.vehicle-plate{font-family:'DM Mono',monospace;font-size:15px;font-weight:500;background:#141414;color:#fff;padding:4px 10px;border-radius:6px;display:inline-block;letter-spacing:2px}
-.vehicle-name{font-size:15px;font-weight:650;color:#111;margin-top:4px}
-.vehicle-stats{display:grid;grid-template-columns:1fr 1fr;gap:8px;margin-top:4px}
-.v-stat{display:flex;flex-direction:column;gap:2px}
-.v-stat-lbl{font-size:10px;font-weight:600;text-transform:uppercase;letter-spacing:.5px;color:var(--muted)}
-.v-stat-val{font-size:14px;font-weight:650;color:#111}
-
-/* ─── PROJECT KANBAN ─── */
-.kanban{display:grid;grid-template-columns:repeat(4,1fr);gap:14px;align-items:start}
-.kanban-col{display:flex;flex-direction:column;gap:8px}
-.kanban-header{display:flex;align-items:center;justify-content:space-between;padding:8px 2px;margin-bottom:2px}
-.kanban-title{font-size:12px;font-weight:650;text-transform:uppercase;letter-spacing:.5px}
-.kanban-count{font-size:11px;font-weight:600;background:var(--border);color:var(--muted);padding:2px 7px;border-radius:99px}
-.kanban-card{background:var(--card);border-radius:9px;padding:14px;box-shadow:var(--shadow);display:flex;flex-direction:column;gap:8px;cursor:pointer;transition:all .15s;border-left:3px solid transparent}
-.kanban-card:hover{box-shadow:var(--shadow-md);transform:translateY(-1px)}
-.kanban-card.kred{border-left-color:var(--red)}
-.kanban-card.kblue{border-left-color:var(--blue)}
-.kanban-card.kamber{border-left-color:var(--amber)}
-.kanban-card.kgreen{border-left-color:var(--green)}
-.kc-title{font-size:13px;font-weight:600;color:#111;line-height:1.3}
-.kc-client{font-size:11.5px;color:var(--muted)}
-.kc-foot{display:flex;align-items:center;justify-content:space-between;margin-top:2px}
-.kc-date{font-size:11px;color:var(--muted2);font-family:'DM Mono',monospace}
-.kc-avatar{width:22px;height:22px;border-radius:50%;display:flex;align-items:center;justify-content:center;font-size:9px;font-weight:700;color:#fff}
-
-/* ─── CUSTOMER CARDS ─── */
-.customer-grid{display:grid;grid-template-columns:repeat(3,1fr);gap:14px}
-.customer-card{background:var(--card);border-radius:var(--r);padding:18px;box-shadow:var(--shadow);display:flex;flex-direction:column;gap:10px;transition:box-shadow .15s;cursor:pointer}
-.customer-card:hover{box-shadow:var(--shadow-md)}
-.cc-logo{width:40px;height:40px;border-radius:10px;display:flex;align-items:center;justify-content:center;font-weight:700;font-size:14px;color:#fff;flex-shrink:0}
-.cc-name{font-size:14px;font-weight:650;color:#111}
-.cc-sub{font-size:12px;color:var(--muted)}
-.cc-stats{display:flex;gap:16px}
-.cc-s{display:flex;flex-direction:column;gap:1px}
-.cc-s-val{font-size:15px;font-weight:700;color:#111}
-.cc-s-lbl{font-size:10px;font-weight:600;text-transform:uppercase;letter-spacing:.4px;color:var(--muted)}
-
-/* ─── SETTINGS ─── */
-.settings-tabs{display:flex;gap:0;border-bottom:2px solid var(--border);margin-bottom:0}
-.settings-tab{padding:10px 20px;font-size:13.5px;font-weight:500;color:var(--muted);cursor:pointer;border-bottom:2px solid transparent;margin-bottom:-2px;transition:all .15s}
-.settings-tab.active{color:var(--red);border-bottom-color:var(--red);font-weight:650}
-.settings-section{display:flex;flex-direction:column;gap:0}
-.settings-row{display:flex;align-items:center;justify-content:space-between;padding:16px 0;border-bottom:1px solid var(--border);gap:20px}
-.settings-row:last-child{border-bottom:none}
-.settings-info{display:flex;flex-direction:column;gap:3px}
-.settings-lbl{font-size:13.5px;font-weight:550;color:#111}
-.settings-desc{font-size:12px;color:var(--muted)}
-.toggle{width:42px;height:24px;border-radius:99px;cursor:pointer;transition:background .2s;flex-shrink:0;position:relative;border:none}
-.toggle::after{content:'';width:18px;height:18px;border-radius:50%;background:#fff;position:absolute;top:3px;left:3px;transition:transform .2s;box-shadow:0 1px 3px rgba(0,0,0,.2)}
-.toggle.on{background:var(--green)}.toggle.on::after{transform:translateX(18px)}
-.toggle.off{background:#ddd}
-
-/* ─── USER CARDS ─── */
-.user-grid{display:grid;grid-template-columns:repeat(3,1fr);gap:14px}
-.user-card{background:var(--card);border-radius:var(--r);padding:18px;box-shadow:var(--shadow);display:flex;align-items:center;gap:14px;transition:box-shadow .15s}
-.user-card:hover{box-shadow:var(--shadow-md)}
-.ua-info{flex:1;min-width:0}
-.ua-name{font-size:14px;font-weight:650;color:#111}
-.ua-email{font-size:12px;color:var(--muted);overflow:hidden;text-overflow:ellipsis;white-space:nowrap}
-.ua-meta{display:flex;align-items:center;gap:8px;margin-top:6px}
-
-/* ─── FIRMA ─── */
-.firma-header{background:linear-gradient(135deg,#141414 0%,#2a2a2a 100%);border-radius:var(--r);padding:28px;display:flex;align-items:center;gap:20px;color:#fff}
-.firma-logo{width:64px;height:64px;border-radius:12px;background:var(--red);display:flex;align-items:center;justify-content:center;font-weight:700;font-size:24px;flex-shrink:0}
-
-/* Scrollbar */
-::-webkit-scrollbar{width:5px}
-::-webkit-scrollbar-track{background:transparent}
-::-webkit-scrollbar-thumb{background:#ddd;border-radius:99px}
-aside::-webkit-scrollbar-thumb{background:#333}
-</style>
-</head>
-<body>
-
-<!-- ══════════════ SIDEBAR ══════════════ -->
-<aside>
-  <div class="sidebar-logo">
-    <div class="logo-mark">B</div>
-    <span>BOHA</span>
-  </div>
-
-  <div class="sb-section">
-    <div class="sb-label">Přehled</div>
-    <div class="nav-item" data-page="dashboard">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><rect x="3" y="3" width="7" height="7" rx="1"/><rect x="14" y="3" width="7" height="7" rx="1"/><rect x="3" y="14" width="7" height="7" rx="1"/><rect x="14" y="14" width="7" height="7" rx="1"/></svg>
-      Přehled
-    </div>
-  </div>
-
-  <div class="sb-section">
-    <div class="sb-label">Docházka</div>
-    <div class="nav-item" data-page="doc-zaznam">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="9"/><polyline points="12 7 12 12 15 15"/></svg>
-      Záznam <span class="nav-badge g">3</span>
-    </div>
-    <div class="nav-item" data-page="doc-historie">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><polyline points="12 8 12 12 14 14"/><path d="M3.05 11a9 9 0 1 1 .5 4m-.5 5v-5h5"/></svg>
-      Historie
-    </div>
-    <div class="nav-item" data-page="doc-zadosti">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/><line x1="12" y1="18" x2="12" y2="12"/><line x1="9" y1="15" x2="15" y2="15"/></svg>
-      Žádosti
-    </div>
-    <div class="nav-item" data-page="doc-schvalovani">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path d="M9 12l2 2 4-4"/><path d="M21 12c-1 4.5-5 8-9 8s-8-3.5-9-8 5-8 9-8 8 3.5 9 8z"/></svg>
-      Schvalování <span class="nav-badge">2</span>
-    </div>
-    <div class="nav-item" data-page="doc-bilance">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><line x1="18" y1="20" x2="18" y2="10"/><line x1="12" y1="20" x2="12" y2="4"/><line x1="6" y1="20" x2="6" y2="14"/></svg>
-      Správa bilancí
-    </div>
-  </div>
-
-  <div class="sb-section">
-    <div class="sb-label">Kniha jízd</div>
-    <div class="nav-item" data-page="kj-zaznam">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><circle cx="5" cy="18" r="3"/><circle cx="19" cy="18" r="3"/><path d="M10 18H14"/><path d="M5 18V12L8 5h8l3 7v6"/><path d="M8 5h8"/></svg>
-      Záznam
-    </div>
-    <div class="nav-item" data-page="kj-historie">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><polyline points="12 8 12 12 14 14"/><path d="M3.05 11a9 9 0 1 1 .5 4m-.5 5v-5h5"/></svg>
-      Historie
-    </div>
-    <div class="nav-item" data-page="kj-vozidla">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><rect x="1" y="3" width="15" height="13" rx="2"/><path d="M16 8h4l3 3v5h-7V8z"/><circle cx="5.5" cy="18.5" r="2.5"/><circle cx="18.5" cy="18.5" r="2.5"/></svg>
-      Vozidla
-    </div>
-  </div>
-
-  <div class="sb-section">
-    <div class="sb-label">Administrativa</div>
-    <div class="nav-item" data-page="adm-nabidky">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/></svg>
-      Nabídky <span class="nav-badge b">5</span>
-    </div>
-    <div class="nav-item" data-page="adm-objednavky">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z"/><line x1="3" y1="6" x2="21" y2="6"/><path d="M16 10a4 4 0 0 1-8 0"/></svg>
-      Objednávky
-    </div>
-    <div class="nav-item" data-page="adm-projekty">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><rect x="2" y="3" width="20" height="14" rx="2"/><line x1="8" y1="21" x2="16" y2="21"/><line x1="12" y1="17" x2="12" y2="21"/></svg>
-      Projekty
-    </div>
-    <div class="nav-item" data-page="adm-faktury">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><line x1="12" y1="1" x2="12" y2="23"/><path d="M17 5H9.5a3.5 3.5 0 0 0 0 7h5a3.5 3.5 0 0 1 0 7H6"/></svg>
-      Faktury
-    </div>
-    <div class="nav-item" data-page="adm-zakaznici">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M23 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>
-      Zákazníci
-    </div>
-    <div class="nav-item" data-page="adm-firma">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path d="M3 9l9-7 9 7v11a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z"/><polyline points="9 22 9 12 15 12 15 22"/></svg>
-      Firma
-    </div>
-  </div>
-
-  <div class="sb-section">
-    <div class="sb-label">Systém</div>
-    <div class="nav-item" data-page="uzivatele">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M23 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>
-      Uživatelé
-    </div>
-    <div class="nav-item" data-page="nastaveni">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="3"/><path d="M19.07 4.93a10 10 0 0 1 0 14.14M4.93 4.93a10 10 0 0 0 0 14.14"/></svg>
-      Nastavení
-    </div>
-  </div>
-
-  <div class="sb-footer">
-    <div class="user-chip">
-      <div class="avatar">ŠH</div>
-      <div>
-        <div class="u-name">Šimon Haas</div>
-        <div class="u-role">Administrátor</div>
-      </div>
-    </div>
-  </div>
-</aside>
-
-<!-- ══════════════ MAIN ══════════════ -->
-<main id="main-content"></main>
-
-<script>
-// ══════════════════════════════════════════
-// PAGE RENDERERS
-// ══════════════════════════════════════════
-
-const pages = {
-
-// ── DASHBOARD ──────────────────────────────
-dashboard: () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Dobrý den, Šimone 👋</h1><div class="topbar-sub">Neděle, 8. března 2026 · Týden 10</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-ghost">
-        <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2" style="width:13px;height:13px"><path d="M18 8A6 6 0 0 0 6 8c0 7-3 9-3 9h18s-3-2-3-9"/><path d="M13.73 21a2 2 0 0 1-3.46 0"/></svg>
-        Notifikace <span style="background:var(--red);color:#fff;border-radius:99px;padding:0 5px;font-size:10px;font-weight:700;margin-left:4px">7</span>
-      </button>
-      <button class="btn btn-primary">+ Nová nabídka</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card green"><div class="kpi-lbl">Přítomní dnes</div><div class="kpi-val">7<small> / 9</small></div><div class="kpi-foot"><span class="tag-up">↑ +1</span> oproti včerejšku</div></div>
-    <div class="kpi-card blue"><div class="kpi-lbl">Otevřené nabídky</div><div class="kpi-val">5</div><div class="kpi-foot"><span class="tag-neu">2 čekají</span> na schválení</div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Tržby (březen)</div><div class="kpi-val">148<small>k Kč</small></div><div class="kpi-foot"><span class="tag-up">↑ 12 %</span> vs. únor</div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Čeká schválení</div><div class="kpi-val">2</div><div class="kpi-foot"><span class="tag-dn">! urgentní</span> vyžaduje akci</div></div>
-  </div>
-
-  <div style="display:grid;grid-template-columns:repeat(4,1fr);gap:10px">
-    ${qaBtn('green','M9 12l2 2 4-4','Zaznamenat příchod')}
-    ${qaBtn('blue','M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z','Nová nabídka')}
-    ${qaBtn('amber','M3 9l9-7 9 7v11a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z','Přidat jízdu')}
-    ${qaBtn('red','M12 1v22M17 5H9.5a3.5 3.5 0 0 0 0 7h5a3.5 3.5 0 0 1 0 7H6','Vystavit fakturu')}
-  </div>
-
-  <div class="three-col">
-    <div class="card">
-      <div class="card-header"><span class="card-title">Poslední aktivita</span><span class="card-link">Vše →</span></div>
-      ${actRow('b','M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z','Nabídka <strong>VW-2026-047</strong> odeslána','Volkswagen Group of America','09:14')}
-      ${actRow('g','M9 12l2 2 4-4','<strong>Jan Novák</strong> příchod zaznamenán','Docházka · 08:52','08:52')}
-      ${actRow('a','M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z','Žádost o <strong>dovolenou</strong> čeká','Pavel Kratochvíl · 15.–19.3.','Včera')}
-      ${actRow('r','M12 1v22M17 5H9.5a3.5 3.5 0 0 0 0 7h5a3.5 3.5 0 0 1 0 7H6','Faktura <strong>#2026-018</strong> uhrazena','+42 500 Kč · ŠKODA AUTO','Včera')}
-      ${actRow('b','M2 3h20M2 3v14h20V3','Projekt <strong>TIA Migration</strong> aktualizován','75 % hotovo','6.3.')}
-    </div>
-    <div class="card">
-      <div class="card-header"><span class="card-title">Docházka dnes</span><span class="card-link">Detail →</span></div>
-      ${presRow('JN','#DBEAFE','#2D80E4','Jan Novák','in','Přítomen','08:52')}
-      ${presRow('MK','#D1FAE5','#00B894','Marie Kučerová','in','Přítomna','07:45')}
-      ${presRow('PK','#FEF3C7','#F39C12','Pavel Kratochvíl','away','Home office','09:00')}
-      ${presRow('LP','#FCE7F3','#DB2777','Lucie Procházková','in','Přítomna','08:10')}
-      ${presRow('TO','#F3F4F6','#9CA3AF','Tomáš Ondřej','out','Nepřihlášen','—')}
-      ${presRow('RB','#EDE9FE','#7C3AED','Radka Bílá','in','Přítomna','08:30')}
-    </div>
-    <div style="display:flex;flex-direction:column;gap:14px">
-      <div class="card">
-        <div class="card-header"><span class="card-title">Projekty – průběh</span><span class="card-link">Vše →</span></div>
-        <div style="padding:8px 0">
-          ${progRow('TIA Migration S7-300','75','var(--blue)')}
-          ${progRow('CIMPLICITY HMI Update','40','var(--amber)')}
-          ${progRow('Web Platform BOHA','90','var(--green)')}
-        </div>
-      </div>
-      <div class="card">
-        <div class="card-header"><span class="card-title">Nabídky – status</span><span class="card-link">Zobrazit →</span></div>
-        ${miniStatRow('Čeká na odeslání','3','a')}
-        ${miniStatRow('Odesláno, čeká odezvu','2','b')}
-        ${miniStatRow('Schváleno (březen)','4','g')}
-        ${miniStatRow('Zamítnuto','1','r')}
-      </div>
-    </div>
-  </div>
-</div>`,
-
-// ── DOCHÁZKA – ZÁZNAM ──────────────────────
-'doc-zaznam': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Docházka – Záznamy</h1><div class="topbar-sub">Dnešní přehled příchodů a odchodů</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-ghost btn-sm">Export CSV</button>
-      <button class="btn btn-primary">+ Ruční záznam</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card green"><div class="kpi-lbl">Přítomno</div><div class="kpi-val">7</div><div class="kpi-foot">z 9 zaměstnanců</div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Home office</div><div class="kpi-val">1</div><div class="kpi-foot">Pavel Kratochvíl</div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Nepřítomno</div><div class="kpi-val">1</div><div class="kpi-foot">Bez záznamu</div></div>
-    <div class="kpi-card blue"><div class="kpi-lbl">Průměr příchodu</div><div class="kpi-val">08:24</div><div class="kpi-foot">dnes</div></div>
-  </div>
-
-  <div class="card">
-    <div class="card-header">
-      <span class="card-title">Záznamy – dnes, 8. března 2026</span>
-      <div style="display:flex;gap:8px">
-        <input class="filter-input" style="width:180px" placeholder="Hledat jméno…">
-        <select class="filter-select" style="width:140px"><option>Všichni</option><option>Přítomní</option><option>Nepřítomní</option></select>
-      </div>
-    </div>
-    <div class="tbl-wrap">
-      <table>
-        <thead><tr><th>Zaměstnanec</th><th>Příchod</th><th>Odchod</th><th>Přestávky</th><th>Celkem</th><th>Typ</th><th>Status</th><th></th></tr></thead>
-        <tbody>
-          ${docRow('JN','#DBEAFE','#2D80E4','Jan Novák','08:52','—','0:30','7:23','Kancelář','in','Přítomen')}
-          ${docRow('MK','#D1FAE5','#00B894','Marie Kučerová','07:45','—','0:30','8:00','Kancelář','in','Přítomna')}
-          ${docRow('PK','#FEF3C7','#F39C12','Pavel Kratochvíl','09:00','—','0:00','6:45','Home office','away','HO')}
-          ${docRow('LP','#FCE7F3','#DB2777','Lucie Procházková','08:10','—','1:00','7:35','Kancelář','in','Přítomna')}
-          ${docRow('TO','#F3F4F6','#9CA3AF','Tomáš Ondřej','—','—','—','—','—','out','Nepřihlášen')}
-          ${docRow('RB','#EDE9FE','#7C3AED','Radka Bílá','08:30','—','0:30','7:15','Kancelář','in','Přítomna')}
-          ${docRow('JK','#FEE2E2','#DC2626','Jiří Kratochvíl','07:30','15:30','0:45','7:15','Kancelář','g','Odešel')}
-          ${docRow('AH','#DBEAFE','#1D4ED8','Anna Horáčková','08:05','—','0:30','7:30','Kancelář','in','Přítomna')}
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>`,
-
-// ── DOCHÁZKA – HISTORIE ─────────────────────
-'doc-historie': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Docházka – Historie</h1><div class="topbar-sub">Přehled docházky za vybrané období</div></div>
-    <div class="topbar-actions">
-      <input class="filter-input" type="month" value="2026-03">
-      <select class="filter-select"><option>Všichni zaměstnanci</option><option>Jan Novák</option><option>Marie Kučerová</option></select>
-      <button class="btn btn-ghost btn-sm">Export</button>
-    </div>
-  </div>
-
-  <div class="col-32">
-    <div class="card">
-      <div class="card-header"><span class="card-title">Kalendář – Březen 2026</span></div>
-      <div style="padding:16px">
-        <div class="cal-grid">
-          ${['Po','Út','St','Čt','Pá','So','Ne'].map(d=>`<div class="cal-head">${d}</div>`).join('')}
-          ${Array.from({length:6},(_,i)=>'<div class="cal-day other-month">'+(23+i)+'</div>').join('')}
-          ${Array.from({length:31},(_,i)=>{
-            const d=i+1,isToday=d===8,isWe=((5+i)%7>=5),hasData=d<8&&!isWe;
-            return `<div class="cal-day${isToday?' today':''}${hasData?' has-data':''}${isWe&&!isToday?' weekend':''}">${d}</div>`;
-          }).join('')}
-          ${Array.from({length:3},(_,i)=>'<div class="cal-day other-month">'+(i+1)+'</div>').join('')}
-        </div>
-        <div style="display:flex;gap:16px;margin-top:14px;font-size:11.5px;color:var(--muted)">
-          <span style="display:flex;align-items:center;gap:5px"><span style="width:8px;height:8px;border-radius:50%;background:var(--green);display:inline-block"></span>Pracovní den</span>
-          <span style="display:flex;align-items:center;gap:5px"><span style="width:8px;height:8px;border-radius:50%;background:var(--amber);display:inline-block"></span>Dovolená / HO</span>
-          <span style="display:flex;align-items:center;gap:5px"><span style="width:8px;height:8px;border-radius:50%;background:var(--red);display:inline-block"></span>Nepřítomnost</span>
-        </div>
-      </div>
-    </div>
-    <div style="display:flex;flex-direction:column;gap:14px">
-      <div class="card">
-        <div class="card-header"><span class="card-title">Souhrn – Březen 2026</span></div>
-        ${miniStatRow('Pracovní dny v měsíci','21','n')}
-        ${miniStatRow('Odpracováno dní','7','g')}
-        ${miniStatRow('Dovolená','0','a')}
-        ${miniStatRow('Přesčasy','3h 20min','b')}
-        ${miniStatRow('Nemocenská','0','n')}
-        ${miniStatRow('Zbývá dovolené','18 dní','g')}
-      </div>
-      <div class="card">
-        <div class="card-header"><span class="card-title">Rychlé porovnání</span></div>
-        ${miniStatRow('Únor 2026','160h 45min','n')}
-        ${miniStatRow('Leden 2026','158h 30min','n')}
-        ${miniStatRow('Prosinec 2025','148h 00min','n')}
-      </div>
-    </div>
-  </div>
-
-  <div class="card">
-    <div class="card-header"><span class="card-title">Detail záznamů</span></div>
-    <div class="tbl-wrap">
-      <table>
-        <thead><tr><th>Datum</th><th>Den</th><th>Příchod</th><th>Odchod</th><th>Přestávka</th><th>Odpracováno</th><th>Přesčas</th><th>Typ</th></tr></thead>
-        <tbody>
-          ${histRow('3.3.2026','Úterý','08:45','17:30','0:30','8:15','+0:15','Kancelář','g')}
-          ${histRow('4.3.2026','Středa','08:12','17:45','0:45','8:48','+0:48','Kancelář','g')}
-          ${histRow('5.3.2026','Čtvrtek','08:55','17:00','0:30','7:35','0:00','Kancelář','g')}
-          ${histRow('6.3.2026','Pátek','08:30','16:30','0:30','7:30','0:00','Kancelář','g')}
-          ${histRow('7.3.2026','Sobota','—','—','—','—','—','Víkend','n')}
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>`,
-
-// ── DOCHÁZKA – ŽÁDOSTI ─────────────────────
-'doc-zadosti': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Žádosti</h1><div class="topbar-sub">Dovolené, sick days, home office, přesčasy</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-primary">+ Nová žádost</button>
-    </div>
-  </div>
-
-  <div style="display:flex;gap:12px;align-items:center">
-    <div class="tabs">
-      <div class="tab active">Vše (8)</div>
-      <div class="tab">Čeká (2)</div>
-      <div class="tab">Schváleno (5)</div>
-      <div class="tab">Zamítnuto (1)</div>
-    </div>
-    <div style="margin-left:auto;display:flex;gap:8px">
-      <input class="filter-input" placeholder="Hledat…" style="width:160px">
-      <select class="filter-select" style="width:140px"><option>Všichni</option></select>
-    </div>
-  </div>
-
-  <div class="card">
-    <div class="tbl-wrap">
-      <table>
-        <thead><tr><th>Žadatel</th><th>Typ</th><th>Od</th><th>Do</th><th>Dní</th><th>Poznámka</th><th>Podáno</th><th>Stav</th><th></th></tr></thead>
-        <tbody>
-          ${zadostRow('PK','#FEF3C7','#F39C12','Pavel Kratochvíl','Dovolená','15.3.2026','19.3.2026','5','Rodinná dovolená','4.3.2026','a','Čeká')}
-          ${zadostRow('TO','#F3F4F6','#9CA3AF','Tomáš Ondřej','Sick day','8.3.2026','8.3.2026','1','Nachlazení','8.3.2026','a','Čeká')}
-          ${zadostRow('MK','#D1FAE5','#00B894','Marie Kučerová','Dovolená','24.3.2026','28.3.2026','5','Jarní prázdniny','2.3.2026','g','Schváleno')}
-          ${zadostRow('JN','#DBEAFE','#2D80E4','Jan Novák','Home office','10.3.2026','12.3.2026','3','Práce z domova','1.3.2026','g','Schváleno')}
-          ${zadostRow('LP','#FCE7F3','#DB2777','Lucie Procházková','Dovolená','1.4.2026','3.4.2026','3','','28.2.2026','g','Schváleno')}
-          ${zadostRow('RB','#EDE9FE','#7C3AED','Radka Bílá','Přesčas','5.3.2026','5.3.2026','1','Dokončení projektu','5.3.2026','g','Schváleno')}
-          ${zadostRow('JK','#FEE2E2','#DC2626','Jiří Kratochvíl','Dovolená','20.3.2026','21.3.2026','2','','25.2.2026','r','Zamítnuto')}
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>`,
-
-// ── DOCHÁZKA – SCHVALOVÁNÍ ─────────────────
-'doc-schvalovani': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Schvalování</h1><div class="topbar-sub">Žádosti čekající na váš podpis</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-ghost btn-sm">Schválit vše</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-3">
-    <div class="kpi-card red"><div class="kpi-lbl">Čeká schválení</div><div class="kpi-val">2</div><div class="kpi-foot"><span class="tag-dn">urgentní</span></div></div>
-    <div class="kpi-card green"><div class="kpi-lbl">Schváleno tento měsíc</div><div class="kpi-val">9</div><div class="kpi-foot">z 10 žádostí</div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Zamítnuto</div><div class="kpi-val">1</div><div class="kpi-foot">v březnu</div></div>
-  </div>
-
-  <div style="display:flex;flex-direction:column;gap:12px">
-    <div style="font-size:12px;font-weight:700;text-transform:uppercase;letter-spacing:.8px;color:var(--muted)">Čeká na schválení</div>
-    ${schvalCard('PK','#FEF3C7','#F39C12','Pavel Kratochvíl','Dovolená','15.3.2026 – 19.3.2026','5 pracovních dní','Rodinná dovolená v Alpách. Záskok zajistí kolega Novák.','4.3.2026')}
-    ${schvalCard('TO','#F3F4F6','#9CA3AF','Tomáš Ondřej','Sick day','8.3.2026','1 den','Nachlazení, doloženo potvrzením od lékaře.','8.3.2026')}
-  </div>
-
-  <div style="display:flex;flex-direction:column;gap:12px">
-    <div style="font-size:12px;font-weight:700;text-transform:uppercase;letter-spacing:.8px;color:var(--muted)">Nedávno vyřešené</div>
-    <div class="card">
-      <div class="tbl-wrap">
-        <table>
-          <thead><tr><th>Žadatel</th><th>Typ</th><th>Datum</th><th>Vyřídil</th><th>Dne</th><th>Stav</th></tr></thead>
-          <tbody>
-            ${histRow2('Marie Kučerová','Dovolená','24.–28.3.','Šimon Haas','2.3.','g','Schváleno')}
-            ${histRow2('Jan Novák','Home office','10.–12.3.','Šimon Haas','1.3.','g','Schváleno')}
-            ${histRow2('Jiří Kratochvíl','Dovolená','20.–21.3.','Šimon Haas','26.2.','r','Zamítnuto')}
-          </tbody>
-        </table>
-      </div>
-    </div>
-  </div>
-</div>`,
-
-// ── DOCHÁZKA – BILANCE ─────────────────────
-'doc-bilance': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Správa bilancí</h1><div class="topbar-sub">Přehled dovolených, přesčasů a sick days na rok 2026</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-ghost btn-sm">Export XLSX</button>
-      <button class="btn btn-primary">Hromadná úprava</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card blue"><div class="kpi-lbl">Průměr dovolené zbývá</div><div class="kpi-val">17.4<small>dní</small></div><div class="kpi-foot">na zaměstnance</div></div>
-    <div class="kpi-card green"><div class="kpi-lbl">Dovolená čerpána</div><div class="kpi-val">2.6<small>dní</small></div><div class="kpi-foot">průměr, Q1 2026</div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Celkem přesčasy</div><div class="kpi-val">24<small>h</small></div><div class="kpi-foot">nevyčerpáno</div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Sick days použito</div><div class="kpi-val">3</div><div class="kpi-foot">z 30 dostupných</div></div>
-  </div>
-
-  <div class="card">
-    <div class="card-header"><span class="card-title">Bilance zaměstnanců – 2026</span></div>
-    <div class="tbl-wrap">
-      <table>
-        <thead><tr><th>Zaměstnanec</th><th>Dovolená nárok</th><th>Čerpáno</th><th>Zbývá</th><th>Přesčas (h)</th><th>Sick days</th><th>HO (dní)</th><th>Stav</th></tr></thead>
-        <tbody>
-          ${bilanceRow('JN','#DBEAFE','#2D80E4','Jan Novák','25','3','22','12','1','8','g')}
-          ${bilanceRow('MK','#D1FAE5','#00B894','Marie Kučerová','25','5','20','4','2','12','g')}
-          ${bilanceRow('PK','#FEF3C7','#F39C12','Pavel Kratochvíl','25','0','25','8','0','3','a')}
-          ${bilanceRow('LP','#FCE7F3','#DB2777','Lucie Procházková','20','3','17','6','0','5','g')}
-          ${bilanceRow('TO','#F3F4F6','#9CA3AF','Tomáš Ondřej','20','1','19','0','1','2','g')}
-          ${bilanceRow('RB','#EDE9FE','#7C3AED','Radka Bílá','25','2','23','0','0','0','g')}
-          ${bilanceRow('JK','#FEE2E2','#DC2626','Jiří Kratochvíl','25','5','20','-4','0','0','r')}
-          ${bilanceRow('AH','#DBEAFE','#1D4ED8','Anna Horáčková','25','2','23','2','0','4','g')}
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>`,
-
-// ── KNIHA JÍZD – ZÁZNAM ────────────────────
-'kj-zaznam': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Záznam jízdy</h1><div class="topbar-sub">Nová nebo aktivní jízda</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-ghost btn-sm">Uložit jako koncept</button>
-      <button class="btn btn-primary">Uložit jízdu</button>
-    </div>
-  </div>
-
-  <div class="two-col">
-    <div class="card">
-      <div class="card-header"><span class="card-title">Detail jízdy</span></div>
-      <div class="card-body">
-        <div class="form-grid">
-          <div class="form-group">
-            <label class="form-label">Datum</label>
-            <input class="form-input" type="date" value="2026-03-08">
-          </div>
-          <div class="form-group">
-            <label class="form-label">Vozidlo</label>
-            <select class="form-sel"><option>1AX 1234 – Škoda Octavia</option><option>2BC 5678 – VW Passat</option><option>3CD 9012 – Renault Trafic</option></select>
-          </div>
-          <div class="form-group">
-            <label class="form-label">Řidič</label>
-            <select class="form-sel"><option>Šimon Haas</option><option>Jan Novák</option><option>Marie Kučerová</option></select>
-          </div>
-          <div class="form-group">
-            <label class="form-label">Účel jízdy</label>
-            <select class="form-sel"><option>Služební</option><option>Soukromá</option></select>
-          </div>
-          <div class="form-group">
-            <label class="form-label">Odkud</label>
-            <input class="form-input" placeholder="Výchozí místo" value="Mladá Boleslav, závod">
-          </div>
-          <div class="form-group">
-            <label class="form-label">Kam</label>
-            <input class="form-input" placeholder="Cílové místo" value="Volkswagen, Chattanooga TN">
-          </div>
-          <div class="form-group">
-            <label class="form-label">Stav km – začátek</label>
-            <input class="form-input" type="number" placeholder="km" value="48230">
-          </div>
-          <div class="form-group">
-            <label class="form-label">Stav km – konec</label>
-            <input class="form-input" type="number" placeholder="km">
-          </div>
-          <div class="form-group full">
-            <label class="form-label">Popis / poznámka</label>
-            <textarea class="form-textarea" placeholder="Popis cesty, zákazník, projekt…">Servisní návštěva VW Chattanooga – komisionování enkodéru</textarea>
-          </div>
-        </div>
-      </div>
-    </div>
-
-    <div style="display:flex;flex-direction:column;gap:14px">
-      <div class="card">
-        <div class="card-header"><span class="card-title">Shrnutí jízdy</span></div>
-        <div class="card-body">
-          <div style="display:flex;flex-direction:column;gap:12px">
-            ${sumRow('Vzdálenost','— km','b')}
-            ${sumRow('Vozidlo','Škoda Octavia · 1AX 1234','n')}
-            ${sumRow('Řidič','Šimon Haas','g')}
-            ${sumRow('Datum','8.3.2026','n')}
-            ${sumRow('Typ','Služební','b')}
-          </div>
-        </div>
-      </div>
-
-      <div class="card">
-        <div class="card-header"><span class="card-title">Dnešní jízdy vozidla</span></div>
-        <div style="padding:12px 0">
-          <div style="text-align:center;padding:20px;color:var(--muted);font-size:13px">Zatím žádné záznamy dnes</div>
-        </div>
-      </div>
-
-      <div class="card">
-        <div class="card-header"><span class="card-title">Nejčastější trasy</span></div>
-        ${actRow('b','M9 17H7A5 5 0 0 1 7 7h2','MB závod → Praha','42 km · 87x použita','nejčastější')}
-        ${actRow('g','M9 17H7A5 5 0 0 1 7 7h2','MB závod → Volkswagen CZ','18 km · 34x použita','')}
-        ${actRow('a','M9 17H7A5 5 0 0 1 7 7h2','Praha → Brno','210 km · 12x použita','')}
-      </div>
-    </div>
-  </div>
-</div>`,
-
-// ── KNIHA JÍZD – HISTORIE ──────────────────
-'kj-historie': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Kniha jízd – Historie</h1><div class="topbar-sub">Kompletní přehled zaznamenaných jízd</div></div>
-    <div class="topbar-actions">
-      <input class="filter-input" type="month" value="2026-03">
-      <button class="btn btn-ghost btn-sm">Export PDF</button>
-      <button class="btn btn-primary">+ Nová jízda</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card blue"><div class="kpi-lbl">Celkem km (březen)</div><div class="kpi-val">2 840<small>km</small></div><div class="kpi-foot"><span class="tag-up">↑ 8 %</span> vs únor</div></div>
-    <div class="kpi-card green"><div class="kpi-lbl">Jízd celkem</div><div class="kpi-val">47</div><div class="kpi-foot">v tomto měsíci</div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Průměr km / jízda</div><div class="kpi-val">60.4<small>km</small></div><div class="kpi-foot"></div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Soukromé jízdy</div><div class="kpi-val">3</div><div class="kpi-foot">6.4 % z celku</div></div>
-  </div>
-
-  <div class="card">
-    <div class="card-header">
-      <span class="card-title">Záznamy</span>
-      <div style="display:flex;gap:8px">
-        <input class="filter-input" placeholder="Hledat trasu…" style="width:180px">
-        <select class="filter-select" style="width:160px"><option>Všechna vozidla</option><option>1AX 1234</option><option>2BC 5678</option></select>
-        <select class="filter-select" style="width:140px"><option>Všichni řidiči</option></select>
-      </div>
-    </div>
-    <div class="tbl-wrap">
-      <table>
-        <thead><tr><th>Datum</th><th>Vozidlo</th><th>Řidič</th><th>Odkud</th><th>Kam</th><th>km</th><th>Účel</th><th>Typ</th><th></th></tr></thead>
-        <tbody>
-          ${jizdaRow('8.3.2026','1AX 1234','Šimon Haas','MB závod','VW Chattanooga','18','Komisionování enkodéru','Služební','b')}
-          ${jizdaRow('7.3.2026','2BC 5678','Jan Novák','Praha','Mladá Boleslav','58','Zákazník ŠKODA','Služební','b')}
-          ${jizdaRow('6.3.2026','1AX 1234','Šimon Haas','MB závod','Praha, zákazník','120','Obchodní jednání','Služební','b')}
-          ${jizdaRow('6.3.2026','1AX 1234','Šimon Haas','Praha','MB závod','120','Zpáteční cesta','Služební','b')}
-          ${jizdaRow('5.3.2026','3CD 9012','Pavel Kratochvíl','MB','Liberec','85','Servis klienta','Služební','b')}
-          ${jizdaRow('4.3.2026','2BC 5678','Marie Kučerová','MB závod','Nymburk','34','Dodávka dokumentů','Služební','b')}
-          ${jizdaRow('4.3.2026','1AX 1234','Jan Novák','MB','Praha','60','Osobní','Soukromá','n')}
-          ${jizdaRow('3.3.2026','3CD 9012','Šimon Haas','MB','Brno','210','Výstava AMPER','Služební','b')}
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>`,
-
-// ── KNIHA JÍZD – VOZIDLA ───────────────────
-'kj-vozidla': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Vozidla</h1><div class="topbar-sub">Správa firemního vozového parku</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-primary">+ Přidat vozidlo</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card green"><div class="kpi-lbl">Vozidel celkem</div><div class="kpi-val">3</div><div class="kpi-foot">v provozu</div></div>
-    <div class="kpi-card blue"><div class="kpi-lbl">Km celkem (rok)</div><div class="kpi-val">34 820<small>km</small></div><div class="kpi-foot">2026</div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Nejbližší STK</div><div class="kpi-val">48<small>dní</small></div><div class="kpi-foot">Škoda Octavia</div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Servis potřeba</div><div class="kpi-val">1</div><div class="kpi-foot">Renault Trafic</div></div>
-  </div>
-
-  <div class="vehicle-grid">
-    ${vehicleCard('1AX 1234','Škoda Octavia','2021','Benzín','48 230','8.3.2026','dostupné','g','Dostupné','25.4.2026')}
-    ${vehicleCard('2BC 5678','VW Passat','2020','Diesel','92 450','7.3.2026','dostupné','g','Dostupné','12.9.2026')}
-    ${vehicleCard('3CD 9012','Renault Trafic','2019','Diesel','124 780','5.3.2026','servis','r','Servis potřeba','2.2.2026')}
-  </div>
-
-  <div class="card">
-    <div class="card-header"><span class="card-title">Vytíženost vozidel – Březen 2026</span></div>
-    <div style="padding:16px;display:flex;flex-direction:column;gap:14px">
-      ${progRow2('Škoda Octavia (1AX 1234)','1 240 km','var(--blue)','62')}
-      ${progRow2('VW Passat (2BC 5678)','980 km','var(--green)','49')}
-      ${progRow2('Renault Trafic (3CD 9012)','620 km','var(--amber)','31')}
-    </div>
-  </div>
-</div>`,
-
-// ── ADMINISTRATIVA – NABÍDKY ───────────────
-'adm-nabidky': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Nabídky</h1><div class="topbar-sub">Cenové nabídky a kalkulace</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-ghost btn-sm">Import</button>
-      <button class="btn btn-primary">+ Nová nabídka</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card blue"><div class="kpi-lbl">Otevřené</div><div class="kpi-val">5</div><div class="kpi-foot">2 čekají na odezvu</div></div>
-    <div class="kpi-card green"><div class="kpi-lbl">Schváleno (březen)</div><div class="kpi-val">4</div><div class="kpi-foot"><span class="tag-up">480 000 Kč</span></div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Úspěšnost</div><div class="kpi-val">72<small>%</small></div><div class="kpi-foot">za posledních 90 dní</div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Zamítnuto</div><div class="kpi-val">1</div><div class="kpi-foot">v březnu</div></div>
-  </div>
-
-  <div style="display:flex;gap:10px;align-items:center">
-    <div class="tabs">
-      <div class="tab active">Vše (12)</div>
-      <div class="tab">Koncept (3)</div>
-      <div class="tab">Odesláno (2)</div>
-      <div class="tab">Schváleno (4)</div>
-      <div class="tab">Zamítnuto (1)</div>
-    </div>
-    <div style="margin-left:auto;display:flex;gap:8px">
-      <input class="filter-input" placeholder="Číslo nebo zákazník…" style="width:200px">
-    </div>
-  </div>
-
-  <div class="card">
-    <div class="tbl-wrap">
-      <table>
-        <thead><tr><th>Číslo</th><th>Zákazník</th><th>Předmět</th><th>Hodnota</th><th>Vytvořeno</th><th>Platnost</th><th>Stav</th><th></th></tr></thead>
-        <tbody>
-          ${nabidkaRow('VW-2026-047','Volkswagen Group of America','TIA Portal S7-1500 Migration','185 000 Kč','4.3.2026','4.4.2026','b','Odesláno')}
-          ${nabidkaRow('SK-2026-031','ŠKODA AUTO a.s.','CIMPLICITY SCADA Update','92 500 Kč','1.3.2026','1.4.2026','b','Odesláno')}
-          ${nabidkaRow('BO-2026-028','BOSCH CZ s.r.o.','PLC Programming S7-300→1500','340 000 Kč','25.2.2026','25.3.2026','g','Schváleno')}
-          ${nabidkaRow('SI-2026-021','Siemens s.r.o.','HMI Panel Replacement','76 000 Kč','20.2.2026','20.3.2026','g','Schváleno')}
-          ${nabidkaRow('AU-2026-019','AutoCont CZ a.s.','Web Platform Development','125 000 Kč','15.2.2026','15.3.2026','g','Schváleno')}
-          ${nabidkaRow('SE-2026-014','SEW-Eurodrive','Drive Commissioning','48 000 Kč','10.2.2026','10.3.2026','r','Zamítnuto')}
-          ${nabidkaRow('VW-2026-052','Volkswagen Group of America','SICK Sensor Integration','28 000 Kč','6.3.2026','—','n','Koncept')}
-          ${nabidkaRow('AB-2026-053','ABB s.r.o.','Electro Documentation','55 000 Kč','7.3.2026','—','n','Koncept')}
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>`,
-
-// ── ADMINISTRATIVA – OBJEDNÁVKY ────────────
-'adm-objednavky': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Objednávky</h1><div class="topbar-sub">Přijaté i vystavené objednávky</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-primary">+ Nová objednávka</button>
-    </div>
-  </div>
-
-  <div style="display:flex;gap:10px;margin-bottom:0">
-    <div class="tabs">
-      <div class="tab active">Přijaté (8)</div>
-      <div class="tab">Vystavené (5)</div>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-3">
-    <div class="kpi-card green"><div class="kpi-lbl">Splněno</div><div class="kpi-val">5</div><div class="kpi-foot">tento měsíc</div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">V řešení</div><div class="kpi-val">2</div><div class="kpi-foot">probíhá</div></div>
-    <div class="kpi-card blue"><div class="kpi-lbl">Hodnota (březen)</div><div class="kpi-val">720<small>k Kč</small></div><div class="kpi-foot">přijaté objednávky</div></div>
-  </div>
-
-  <div class="card">
-    <div class="tbl-wrap">
-      <table>
-        <thead><tr><th>Číslo OBJ</th><th>Zákazník / Dodavatel</th><th>Předmět</th><th>Hodnota</th><th>Datum</th><th>Termín</th><th>Stav</th><th></th></tr></thead>
-        <tbody>
-          ${objednavkaRow('OBJ-2026-038','Volkswagen Group of America','TIA Portal Migration Phase 2','185 000 Kč','5.3.2026','30.6.2026','b','V řešení')}
-          ${objednavkaRow('OBJ-2026-035','ŠKODA AUTO a.s.','SCADA Update – Linka B','92 500 Kč','1.3.2026','31.5.2026','b','V řešení')}
-          ${objednavkaRow('OBJ-2026-029','BOSCH CZ s.r.o.','PLC Programming','340 000 Kč','22.2.2026','30.4.2026','g','Splněno')}
-          ${objednavkaRow('OBJ-2026-022','Siemens s.r.o.','HMI Replacement','76 000 Kč','18.2.2026','28.2.2026','g','Splněno')}
-          ${objednavkaRow('OBJ-2026-017','AutoCont CZ a.s.','Web Platform','125 000 Kč','10.2.2026','31.3.2026','a','Čeká')}
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>`,
-
-// ── ADMINISTRATIVA – PROJEKTY ──────────────
-'adm-projekty': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Projekty</h1><div class="topbar-sub">Přehled všech aktivních projektů</div></div>
-    <div class="topbar-actions">
-      <div class="tabs" style="background:transparent;padding:0;gap:6px">
-        <div class="tab active" style="background:#fff;border:1px solid var(--border);box-shadow:none">Kanban</div>
-        <div class="tab" style="background:transparent">Seznam</div>
-      </div>
-      <button class="btn btn-primary">+ Nový projekt</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card blue"><div class="kpi-lbl">Aktivní projekty</div><div class="kpi-val">7</div><div class="kpi-foot"></div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Blíží se deadline</div><div class="kpi-val">2</div><div class="kpi-foot">do 30 dní</div></div>
-    <div class="kpi-card green"><div class="kpi-lbl">Dokončeno (2026)</div><div class="kpi-val">3</div><div class="kpi-foot"></div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Po termínu</div><div class="kpi-val">0</div><div class="kpi-foot">vše v pořádku ✓</div></div>
-  </div>
-
-  <div class="kanban">
-    <div class="kanban-col">
-      <div class="kanban-header"><span class="kanban-title" style="color:var(--muted)">📋 Plánování</span><span class="kanban-count">2</span></div>
-      ${kanbanCard('kblue','Web Platform v2.0','BOHA Automation','15.6.2026','ŠH','#D63031')}
-      ${kanbanCard('kblue','Dokumentace TIA','Interní','30.4.2026','JN','#2D80E4')}
-    </div>
-    <div class="kanban-col">
-      <div class="kanban-header"><span class="kanban-title" style="color:var(--amber)">⚙️ V realizaci</span><span class="kanban-count">3</span></div>
-      ${kanbanCard('kamber','TIA Migration S7-300→1500','Volkswagen Group of America','30.6.2026','ŠH','#D63031')}
-      ${kanbanCard('kamber','CIMPLICITY HMI Update','ŠKODA AUTO a.s.','31.5.2026','MK','#00B894')}
-      ${kanbanCard('kamber','SICK Sensor FB Migration','ABB s.r.o.','15.4.2026','JN','#2D80E4')}
-    </div>
-    <div class="kanban-col">
-      <div class="kanban-header"><span class="kanban-title" style="color:var(--blue)">🔍 Review</span><span class="kanban-count">1</span></div>
-      ${kanbanCard('kred','SSI Encoder Commissioning','Pepperl+Fuchs','20.3.2026','ŠH','#D63031')}
-    </div>
-    <div class="kanban-col">
-      <div class="kanban-header"><span class="kanban-title" style="color:var(--green)">✅ Hotovo</span><span class="kanban-count">2</span></div>
-      ${kanbanCard('kgreen','PLC Library Standard','BOSCH CZ','28.2.2026','JK','#DC2626')}
-      ${kanbanCard('kgreen','G120 Drive Commissioning','SEW-Eurodrive','15.2.2026','ŠH','#D63031')}
-    </div>
-  </div>
-</div>`,
-
-// ── ADMINISTRATIVA – FAKTURY ───────────────
-'adm-faktury': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Faktury</h1><div class="topbar-sub">Vydané faktury a přehled pohledávek</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-ghost btn-sm">Export účetnictví</button>
-      <button class="btn btn-primary">+ Vystavit fakturu</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card green"><div class="kpi-lbl">Uhrazeno (březen)</div><div class="kpi-val">148<small>k Kč</small></div><div class="kpi-foot"><span class="tag-up">+3 faktury</span></div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Čeká úhrada</div><div class="kpi-val">277<small>k Kč</small></div><div class="kpi-foot">4 faktury</div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Po splatnosti</div><div class="kpi-val">0<small>Kč</small></div><div class="kpi-foot">vše v pořádku ✓</div></div>
-    <div class="kpi-card blue"><div class="kpi-lbl">DPH (březen)</div><div class="kpi-val">29.4<small>k Kč</small></div><div class="kpi-foot">21 %</div></div>
-  </div>
-
-  <div style="display:flex;gap:8px;align-items:center">
-    <div class="tabs">
-      <div class="tab active">Vše (11)</div>
-      <div class="tab">Čeká (4)</div>
-      <div class="tab">Uhrazeno (6)</div>
-      <div class="tab">Po splatnosti (0)</div>
-    </div>
-    <input class="filter-input" placeholder="Číslo faktury nebo zákazník…" style="margin-left:auto;width:220px">
-  </div>
-
-  <div class="card">
-    <div class="tbl-wrap">
-      <table>
-        <thead><tr><th>Číslo</th><th>Zákazník</th><th>Předmět</th><th>Základ</th><th>DPH</th><th>Celkem</th><th>Vystaveno</th><th>Splatnost</th><th>Stav</th><th></th></tr></thead>
-        <tbody>
-          ${fakturaRow('2026-021','ŠKODA AUTO a.s.','CIMPLICITY Update','42 500','8 925','51 425 Kč','1.3.2026','15.3.2026','g','Uhrazeno')}
-          ${fakturaRow('2026-020','BOSCH CZ s.r.o.','PLC Programming','180 000','37 800','217 800 Kč','25.2.2026','25.3.2026','a','Čeká')}
-          ${fakturaRow('2026-019','Siemens s.r.o.','HMI Replacement','76 000','15 960','91 960 Kč','20.2.2026','20.3.2026','a','Čeká')}
-          ${fakturaRow('2026-018','Volkswagen Group of America','TIA Consultation','35 000','7 350','42 350 Kč','15.2.2026','1.3.2026','g','Uhrazeno')}
-          ${fakturaRow('2026-017','AutoCont CZ a.s.','Web Development','68 000','14 280','82 280 Kč','10.2.2026','10.3.2026','a','Čeká')}
-          ${fakturaRow('2026-016','ABB s.r.o.','Sensor Integration','28 000','5 880','33 880 Kč','5.2.2026','5.3.2026','g','Uhrazeno')}
-        </tbody>
-      </table>
-    </div>
-  </div>
-</div>`,
-
-// ── ADMINISTRATIVA – ZÁKAZNÍCI ─────────────
-'adm-zakaznici': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Zákazníci</h1><div class="topbar-sub">Přehled klientů a firem</div></div>
-    <div class="topbar-actions">
-      <div style="display:flex;gap:8px">
-        <input class="filter-input" placeholder="Hledat zákazníka…" style="width:200px">
-        <button class="btn btn-ghost">
-          <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2" style="width:13px;height:13px"><line x1="4" y1="6" x2="20" y2="6"/><line x1="8" y1="12" x2="16" y2="12"/><line x1="12" y1="18" x2="12" y2="18"/></svg>
-          Filtr
-        </button>
-        <button class="btn btn-primary">+ Přidat zákazníka</button>
-      </div>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-3">
-    <div class="kpi-card blue"><div class="kpi-lbl">Celkem zákazníků</div><div class="kpi-val">18</div><div class="kpi-foot">aktivní klienti</div></div>
-    <div class="kpi-card green"><div class="kpi-lbl">Nových (2026)</div><div class="kpi-val">3</div><div class="kpi-foot"></div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">Obrát top 5 (rok)</div><div class="kpi-val">2.4<small>M Kč</small></div><div class="kpi-foot"></div></div>
-  </div>
-
-  <div class="customer-grid">
-    ${customerCard('#1e3a5f','VW','Volkswagen Group of America','Automobilový průmysl, USA','4 jízdy · 6 projektů','1 240 000 Kč')}
-    ${customerCard('#1b5e20','SK','ŠKODA AUTO a.s.','Automobilový průmysl, CZ','12 faktur · 4 projekty','840 000 Kč')}
-    ${customerCard('#7f1d1d','BO','BOSCH CZ s.r.o.','Automotive / Electronics','8 faktur · 3 projekty','620 000 Kč')}
-    ${customerCard('#1a237e','SI','Siemens s.r.o.','Průmyslová automatizace','5 faktur · 2 projekty','310 000 Kč')}
-    ${customerCard('#4a148c','AB','ABB s.r.o.','Průmyslová automatizace','3 faktury · 1 projekt','185 000 Kč')}
-    ${customerCard('#e65100','AU','AutoCont CZ a.s.','IT & automatizace','2 faktury · 1 projekt','125 000 Kč')}
-  </div>
-</div>`,
-
-// ── ADMINISTRATIVA – FIRMA ─────────────────
-'adm-firma': () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Profil firmy</h1><div class="topbar-sub">Základní informace a nastavení společnosti</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-primary">Uložit změny</button>
-    </div>
-  </div>
-
-  <div class="firma-header">
-    <div class="firma-logo">B</div>
-    <div>
-      <div style="font-size:22px;font-weight:700;letter-spacing:-0.5px">BOHA Automation s.r.o.</div>
-      <div style="color:#888;font-size:14px;margin-top:4px">IČO: 12345678 · DIČ: CZ12345678 · Plátce DPH</div>
-      <div style="display:flex;gap:8px;margin-top:10px">
-        <span class="pill g">Aktivní</span>
-        <span class="pill b">Plátce DPH</span>
-        <span class="pill n">s.r.o.</span>
-      </div>
-    </div>
-  </div>
-
-  <div class="two-col">
-    <div class="card">
-      <div class="card-header"><span class="card-title">Základní údaje</span></div>
-      <div class="card-body">
-        <div class="form-grid">
-          <div class="form-group full"><label class="form-label">Název společnosti</label><input class="form-input" value="BOHA Automation s.r.o."></div>
-          <div class="form-group"><label class="form-label">IČO</label><input class="form-input" value="12345678"></div>
-          <div class="form-group"><label class="form-label">DIČ</label><input class="form-input" value="CZ12345678"></div>
-          <div class="form-group full"><label class="form-label">Sídlo</label><input class="form-input" value="Mladá Boleslav, Česká republika"></div>
-          <div class="form-group"><label class="form-label">Telefon</label><input class="form-input" value="+420 xxx xxx xxx"></div>
-          <div class="form-group"><label class="form-label">E-mail</label><input class="form-input" value="info@boha-automation.cz"></div>
-          <div class="form-group full"><label class="form-label">Web</label><input class="form-input" value="www.boha-automation.cz"></div>
-        </div>
-      </div>
-    </div>
-    <div style="display:flex;flex-direction:column;gap:14px">
-      <div class="card">
-        <div class="card-header"><span class="card-title">Bankovní údaje</span></div>
-        <div class="card-body">
-          <div class="form-grid">
-            <div class="form-group full"><label class="form-label">Banka</label><input class="form-input" value="Komerční banka"></div>
-            <div class="form-group"><label class="form-label">Číslo účtu</label><input class="form-input" value="123456789/0100"></div>
-            <div class="form-group"><label class="form-label">IBAN</label><input class="form-input" value="CZ65 0100 0000 0012 3456 7890"></div>
-          </div>
-        </div>
-      </div>
-      <div class="card">
-        <div class="card-header"><span class="card-title">Fakturační nastavení</span></div>
-        <div class="card-body">
-          <div class="form-grid">
-            <div class="form-group"><label class="form-label">Splatnost (dní)</label><input class="form-input" value="14" type="number"></div>
-            <div class="form-group"><label class="form-label">DPH sazba</label><select class="form-sel"><option>21 %</option><option>12 %</option><option>0 %</option></select></div>
-            <div class="form-group full"><label class="form-label">Způsob platby</label><select class="form-sel"><option>Bankovní převod</option><option>Hotovost</option></select></div>
-          </div>
-        </div>
-      </div>
-    </div>
-  </div>
-</div>`,
-
-// ── UŽIVATELÉ ──────────────────────────────
-uzivatele: () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Uživatelé</h1><div class="topbar-sub">Správa účtů a přístupových práv</div></div>
-    <div class="topbar-actions">
-      <input class="filter-input" placeholder="Hledat uživatele…" style="width:200px">
-      <button class="btn btn-primary">+ Přidat uživatele</button>
-    </div>
-  </div>
-
-  <div class="kpi-grid kpi-4">
-    <div class="kpi-card blue"><div class="kpi-lbl">Celkem uživatelů</div><div class="kpi-val">9</div><div class="kpi-foot"></div></div>
-    <div class="kpi-card green"><div class="kpi-lbl">Aktivní dnes</div><div class="kpi-val">7</div><div class="kpi-foot"></div></div>
-    <div class="kpi-card red"><div class="kpi-lbl">Administrátoři</div><div class="kpi-val">1</div><div class="kpi-foot"></div></div>
-    <div class="kpi-card amber"><div class="kpi-lbl">2FA aktivní</div><div class="kpi-val">3</div><div class="kpi-foot">z 9 uživatelů</div></div>
-  </div>
-
-  <div class="user-grid">
-    ${userCard('ŠH','#D63031','Šimon Haas','simon.haas@boha-automation.cz','Administrátor','Před 5 min','g','Aktivní',true)}
-    ${userCard('JN','#2D80E4','Jan Novák','jan.novak@boha-automation.cz','Zaměstnanec','Dnes 08:52','g','Aktivní',true)}
-    ${userCard('MK','#00B894','Marie Kučerová','marie.kucerova@boha-automation.cz','Zaměstnanec','Dnes 07:45','g','Aktivní',true)}
-    ${userCard('PK','#F39C12','Pavel Kratochvíl','pavel.kratochvil@boha-automation.cz','Zaměstnanec','Dnes 09:00','a','HO',false)}
-    ${userCard('LP','#DB2777','Lucie Procházková','lucie.prochazkova@boha-automation.cz','Manažer','Dnes 08:10','g','Aktivní',false)}
-    ${userCard('TO','#9CA3AF','Tomáš Ondřej','tomas.ondrej@boha-automation.cz','Zaměstnanec','Včera 17:22','n','Offline',false)}
-    ${userCard('RB','#7C3AED','Radka Bílá','radka.bila@boha-automation.cz','Zaměstnanec','Dnes 08:30','g','Aktivní',false)}
-    ${userCard('JK','#DC2626','Jiří Kratochvíl','jiri.kratochvil@boha-automation.cz','Zaměstnanec','Dnes 07:30','g','Aktivní',false)}
-    ${userCard('AH','#1D4ED8','Anna Horáčková','anna.horackova@boha-automation.cz','Zaměstnanec','Dnes 08:05','g','Aktivní',false)}
-  </div>
-</div>`,
-
-// ── NASTAVENÍ ──────────────────────────────
-nastaveni: () => `
-<div class="page">
-  <div class="topbar">
-    <div><h1>Nastavení</h1><div class="topbar-sub">Konfigurace systému a vašeho účtu</div></div>
-    <div class="topbar-actions">
-      <button class="btn btn-primary">Uložit změny</button>
-    </div>
-  </div>
-
-  <div class="two-col">
-    <div style="display:flex;flex-direction:column;gap:14px">
-      <div class="card">
-        <div class="card-header"><span class="card-title">Váš účet</span></div>
-        <div class="card-body">
-          <div style="display:flex;align-items:center;gap:16px;margin-bottom:18px">
-            <div class="avatar" style="width:56px;height:56px;font-size:18px;border-radius:12px">ŠH</div>
-            <div>
-              <div style="font-size:16px;font-weight:650">Šimon Haas</div>
-              <div style="font-size:13px;color:var(--muted)">simon.haas@boha-automation.cz</div>
-              <div style="margin-top:6px"><span class="pill r">Administrátor</span></div>
-            </div>
-          </div>
-          <div class="form-grid">
-            <div class="form-group"><label class="form-label">Jméno</label><input class="form-input" value="Šimon"></div>
-            <div class="form-group"><label class="form-label">Příjmení</label><input class="form-input" value="Haas"></div>
-            <div class="form-group full"><label class="form-label">E-mail</label><input class="form-input" value="simon.haas@boha-automation.cz"></div>
-            <div class="form-group full"><label class="form-label">Nové heslo</label><input class="form-input" type="password" placeholder="Ponechte prázdné pro zachování"></div>
-          </div>
-        </div>
-      </div>
-
-      <div class="card">
-        <div class="card-header"><span class="card-title">Zabezpečení</span></div>
-        <div class="card-body" style="padding:0">
-          <div class="settings-section">
-            ${settingsRow('Dvoufaktorové ověření (2FA)','Přidat extra vrstvu ochrany','off')}
-            ${settingsRow('Přihlašovací notifikace','E-mail při každém novém přihlášení','on')}
-            ${settingsRow('Automatické odhlášení','Po 8 hodinách nečinnosti','on')}
-          </div>
-        </div>
-      </div>
-    </div>
-
-    <div style="display:flex;flex-direction:column;gap:14px">
-      <div class="card">
-        <div class="card-header"><span class="card-title">Notifikace</span></div>
-        <div class="card-body" style="padding:0">
-          <div class="settings-section">
-            ${settingsRow('E-mail – nová žádost','Při podání žádosti zaměstnancem','on')}
-            ${settingsRow('E-mail – splatnost faktury','3 dny před splatností','on')}
-            ${settingsRow('E-mail – schválená nabídka','Potvrzení od zákazníka','on')}
-            ${settingsRow('Push notifikace','V prohlížeči (pokud povoleno)','off')}
-            ${settingsRow('Týdenní report','Souhrn aktivit každé pondělí','on')}
-          </div>
-        </div>
-      </div>
-
-      <div class="card">
-        <div class="card-header"><span class="card-title">Systém</span></div>
-        <div class="card-body" style="padding:0">
-          <div class="settings-section">
-            ${settingsRow('Tmavý režim','Přepnout na tmavé rozhraní','off')}
-            ${settingsRow('Kompaktní zobrazení','Menší řádky v tabulkách','off')}
-            ${settingsRow('Česky jako výchozí jazyk','Lokalizace rozhraní','on')}
-          </div>
-        </div>
-      </div>
-
-      <div class="card">
-        <div class="card-header"><span class="card-title">Přihlášená zařízení</span></div>
-        <div style="padding:0">
-          <div class="list-row">
-            <div class="row-icon g"><svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><rect x="2" y="3" width="20" height="14" rx="2"/><line x1="8" y1="21" x2="16" y2="21"/><line x1="12" y1="17" x2="12" y2="21"/></svg></div>
-            <div class="row-main"><div class="row-title">Google Chrome na Windows 10/11</div><div class="row-sub">Mladá Boleslav, CZ · 8.3.2026 13:04</div></div>
-            <div><span class="pill g">Aktuální</span></div>
-          </div>
-          <div class="list-row">
-            <div class="row-icon b"><svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><rect x="2" y="3" width="20" height="14" rx="2"/><line x1="8" y1="21" x2="16" y2="21"/><line x1="12" y1="17" x2="12" y2="21"/></svg></div>
-            <div class="row-main"><div class="row-title">Google Chrome na Windows 10/11</div><div class="row-sub">Mladá Boleslav, CZ · 6.3.2026 20:56</div></div>
-            <div><button class="btn btn-ghost btn-sm" style="font-size:11px;color:var(--red)">Odhlásit</button></div>
-          </div>
-        </div>
-      </div>
-    </div>
-  </div>
-</div>`,
-};
-
-// ══════════════════════════════════════════
-// COMPONENT HELPERS
-// ══════════════════════════════════════════
-function qaBtn(color,path,label){
-  const colors={green:'#00B894',blue:'#2D80E4',amber:'#F39C12',red:'#D63031'};
-  const bgs={green:'var(--green-soft)',blue:'var(--blue-soft)',amber:'var(--amber-soft)',red:'var(--red-soft)'};
-  return `<div class="qa-btn" style="background:#fff;border:1.5px solid var(--border);border-radius:10px;padding:14px;cursor:pointer;text-align:center;display:flex;flex-direction:column;align-items:center;gap:8px;transition:all .15s">
-    <div style="width:36px;height:36px;border-radius:9px;background:${bgs[color]};display:flex;align-items:center;justify-content:center">
-      <svg fill="none" viewBox="0 0 24 24" stroke="${colors[color]}" stroke-width="2" style="width:18px;height:18px"><path d="${path}"/></svg>
-    </div>
-    <span style="font-size:12px;font-weight:550">${label}</span>
-  </div>`;
-}
-function actRow(c,path,title,sub,time){
-  return `<div class="list-row">
-    <div class="row-icon ${c}"><svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path d="${path}"/></svg></div>
-    <div class="row-main"><div class="row-title">${title}</div><div class="row-sub">${sub}</div></div>
-    <div class="activity-time" style="font-size:11px;color:#bbb;font-family:'DM Mono',monospace;margin-top:3px;flex-shrink:0">${time}</div>
-  </div>`;
-}
-function presRow(initials,bg,color,name,cls,label,time){
-  return `<div class="list-row">
-    <div class="presence-avatar" style="width:28px;height:28px;border-radius:50%;background:${bg};color:${color};display:flex;align-items:center;justify-content:center;font-size:10px;font-weight:700;flex-shrink:0">${initials}</div>
-    <span style="font-size:13px;font-weight:500;flex:1">${name}</span>
-    <div class="status-dot ${cls}"></div>
-    <span class="status-label ${cls}">${label}</span>
-    <span class="mono" style="color:var(--muted2);margin-left:8px">${time}</span>
-  </div>`;
-}
-function progRow(name,pct,color){
-  return `<div style="padding:10px 18px;border-bottom:1px solid var(--border)">
-    <div style="display:flex;justify-content:space-between;margin-bottom:6px">
-      <span style="font-size:13px;font-weight:500">${name}</span>
-      <span class="mono" style="font-size:12px;color:var(--muted)">${pct} %</span>
-    </div>
-    <div class="prog-bar-bg"><div class="prog-bar-fill" style="width:${pct}%;background:${color}"></div></div>
-  </div>`;
-}
-function miniStatRow(label,val,c){
-  return `<div style="display:flex;align-items:center;justify-content:space-between;padding:11px 18px;border-bottom:1px solid var(--border)">
-    <span style="font-size:13px;color:#444">${label}</span>
-    <span class="pill ${c}">${val}</span>
-  </div>`;
-}
-function docRow(i,bg,c,name,inn,out,br,tot,type,sc,sl){
-  return `<tr>
-    <td><div style="display:flex;align-items:center;gap:8px">
-      <div style="width:26px;height:26px;border-radius:50%;background:${bg};color:${c};display:flex;align-items:center;justify-content:center;font-size:9px;font-weight:700;flex-shrink:0">${i}</div>
-      <strong>${name}</strong>
-    </div></td>
-    <td class="mono">${inn}</td><td class="mono">${out}</td><td class="mono">${br}</td>
-    <td class="mono"><strong>${tot}</strong></td>
-    <td><span class="pill n">${type}</span></td>
-    <td><div style="display:flex;align-items:center;gap:5px"><div class="status-dot ${sc}"></div><span class="status-label ${sc}" style="font-size:12px">${sl}</span></div></td>
-    <td><button class="btn btn-ghost btn-sm">Detail</button></td>
-  </tr>`;
-}
-function histRow(date,day,inn,out,br,tot,over,type,c){
-  return `<tr>
-    <td class="mono"><strong>${date}</strong></td><td>${day}</td>
-    <td class="mono">${inn}</td><td class="mono">${out}</td><td class="mono">${br}</td>
-    <td class="mono"><strong>${tot}</strong></td>
-    <td class="mono"><span class="pill ${over==='+0:00'||over==='0:00'?'n':'g'}">${over}</span></td>
-    <td><span class="pill ${c}">${type}</span></td>
-  </tr>`;
-}
-function histRow2(name,type,date,who,when,c,label){
-  return `<tr>
-    <td><strong>${name}</strong></td><td>${type}</td><td class="mono">${date}</td>
-    <td>${who}</td><td class="mono">${when}</td>
-    <td><span class="pill ${c}">${label}</span></td>
-  </tr>`;
-}
-function zadostRow(i,bg,c,name,type,from,to,days,note,sub,sc,sl){
-  return `<tr>
-    <td><div style="display:flex;align-items:center;gap:8px">
-      <div style="width:26px;height:26px;border-radius:50%;background:${bg};color:${c};display:flex;align-items:center;justify-content:center;font-size:9px;font-weight:700;flex-shrink:0">${i}</div>
-      <strong>${name}</strong>
-    </div></td>
-    <td><span class="pill b">${type}</span></td>
-    <td class="mono">${from}</td><td class="mono">${to}</td>
-    <td style="font-weight:600;color:#111">${days}</td>
-    <td style="color:var(--muted);font-size:12px;max-width:120px">${note||'—'}</td>
-    <td class="mono">${sub}</td>
-    <td><span class="pill ${sc}">${sl}</span></td>
-    <td style="display:flex;gap:4px;padding-right:12px">
-      ${sc==='a'?`<button class="btn btn-ghost btn-sm" style="color:var(--green)">✓</button><button class="btn btn-ghost btn-sm" style="color:var(--red)">✗</button>`:''}
-    </td>
-  </tr>`;
-}
-function schvalCard(i,bg,c,name,type,date,days,note,sub){
-  return `<div class="card" style="border-left:3px solid var(--amber)">
-    <div style="padding:16px 20px">
-      <div style="display:flex;align-items:flex-start;justify-content:space-between;gap:12px">
-        <div style="display:flex;align-items:center;gap:12px">
-          <div style="width:40px;height:40px;border-radius:50%;background:${bg};color:${c};display:flex;align-items:center;justify-content:center;font-size:13px;font-weight:700;flex-shrink:0">${i}</div>
-          <div>
-            <div style="font-size:14px;font-weight:650">${name}</div>
-            <div style="font-size:12px;color:var(--muted)">Podáno ${sub}</div>
-          </div>
-        </div>
-        <div style="display:flex;gap:8px">
-          <button class="btn btn-ghost btn-sm" style="color:var(--red)">✗ Zamítnout</button>
-          <button class="btn btn-primary btn-sm">✓ Schválit</button>
-        </div>
-      </div>
-      <div style="margin-top:14px;background:var(--bg);border-radius:8px;padding:12px;display:grid;grid-template-columns:repeat(3,1fr);gap:12px">
-        ${sumRow('Typ',type,'b')}${sumRow('Datum',date,'n')}${sumRow('Délka',days,'a')}
-      </div>
-      <div style="margin-top:10px;font-size:13px;color:#555;line-height:1.5">${note}</div>
-    </div>
-  </div>`;
-}
-function bilanceRow(i,bg,c,name,nar,cer,zby,over,sick,ho,sc){
-  return `<tr>
-    <td><div style="display:flex;align-items:center;gap:8px">
-      <div style="width:26px;height:26px;border-radius:50%;background:${bg};color:${c};display:flex;align-items:center;justify-content:center;font-size:9px;font-weight:700;flex-shrink:0">${i}</div>
-      <strong>${name}</strong>
-    </div></td>
-    <td class="mono">${nar} dní</td><td class="mono">${cer} dní</td>
-    <td class="mono"><strong style="color:${parseInt(zby)<5?'var(--red)':'var(--text)'}">${zby} dní</strong></td>
-    <td class="mono"><span class="pill ${parseInt(over)<0?'r':parseInt(over)>0?'g':'n'}">${over}h</span></td>
-    <td class="mono">${sick}</td><td class="mono">${ho}</td>
-    <td><span class="pill ${sc}">OK</span></td>
-  </tr>`;
-}
-function jizdaRow(date,vehicle,driver,from,to,km,purpose,type,c){
-  return `<tr>
-    <td class="mono">${date}</td>
-    <td><span class="mono" style="background:#141414;color:#fff;padding:2px 7px;border-radius:4px;font-size:11px">${vehicle}</span></td>
-    <td>${driver}</td><td>${from}</td><td><strong>${to}</strong></td>
-    <td class="mono"><strong>${km}</strong></td>
-    <td style="max-width:140px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;color:var(--muted)">${purpose}</td>
-    <td><span class="pill ${c}">${type}</span></td>
-    <td><button class="btn btn-ghost btn-sm">Detail</button></td>
-  </tr>`;
-}
-function vehicleCard(plate,name,year,fuel,km,lastTrip,status,sc,sl,stk){
-  return `<div class="vehicle-card">
-    <div>
-      <div class="vehicle-plate">${plate}</div>
-      <div class="vehicle-name">${name} <span style="font-weight:400;color:var(--muted);font-size:13px">${year}</span></div>
-    </div>
-    <div style="display:flex;justify-content:space-between;align-items:center">
-      <span class="pill ${sc}">${sl}</span>
-      <span style="font-size:12px;color:var(--muted)">${fuel}</span>
-    </div>
-    <div class="vehicle-stats">
-      <div class="v-stat"><div class="v-stat-lbl">Celkem km</div><div class="v-stat-val">${parseInt(km).toLocaleString('cs')}</div></div>
-      <div class="v-stat"><div class="v-stat-lbl">Poslední jízda</div><div class="v-stat-val">${lastTrip}</div></div>
-      <div class="v-stat"><div class="v-stat-lbl">STK do</div><div class="v-stat-val" style="font-size:12px">${stk}</div></div>
-    </div>
-    <div style="display:flex;gap:6px">
-      <button class="btn btn-ghost btn-sm" style="flex:1">Historie</button>
-      <button class="btn btn-ghost btn-sm" style="flex:1">Detail</button>
-    </div>
-  </div>`;
-}
-function progRow2(name,km,color,pct){
-  return `<div>
-    <div style="display:flex;justify-content:space-between;margin-bottom:6px">
-      <span style="font-size:13px;font-weight:500">${name}</span>
-      <span style="font-size:13px;font-weight:650;color:#111">${km}</span>
-    </div>
-    <div class="prog-bar-bg"><div class="prog-bar-fill" style="width:${pct}%;background:${color}"></div></div>
-  </div>`;
-}
-function nabidkaRow(num,client,subject,val,created,valid,sc,sl){
-  return `<tr>
-    <td class="mono"><strong>${num}</strong></td>
-    <td>${client}</td>
-    <td style="max-width:200px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap">${subject}</td>
-    <td style="font-weight:650;color:#111">${val}</td>
-    <td class="mono">${created}</td>
-    <td class="mono">${valid}</td>
-    <td><span class="pill ${sc}">${sl}</span></td>
-    <td style="display:flex;gap:4px">
-      <button class="btn btn-ghost btn-sm">PDF</button>
-      <button class="btn btn-ghost btn-sm">Detail</button>
-    </td>
-  </tr>`;
-}
-function objednavkaRow(num,client,subject,val,date,deadline,sc,sl){
-  return `<tr>
-    <td class="mono"><strong>${num}</strong></td>
-    <td>${client}</td>
-    <td>${subject}</td>
-    <td style="font-weight:650;color:#111">${val}</td>
-    <td class="mono">${date}</td>
-    <td class="mono">${deadline}</td>
-    <td><span class="pill ${sc}">${sl}</span></td>
-    <td><button class="btn btn-ghost btn-sm">Detail</button></td>
-  </tr>`;
-}
-function kanbanCard(cls,title,client,deadline,initials,color){
-  return `<div class="kanban-card ${cls}">
-    <div class="kc-title">${title}</div>
-    <div class="kc-client">${client}</div>
-    <div class="kc-foot">
-      <span class="kc-date">${deadline}</span>
-      <div class="kc-avatar" style="background:${color}">${initials}</div>
-    </div>
-  </div>`;
-}
-function fakturaRow(num,client,subject,base,dph,total,created,due,sc,sl){
-  return `<tr>
-    <td class="mono"><strong>${num}</strong></td>
-    <td>${client}</td>
-    <td style="color:var(--muted);font-size:12px">${subject}</td>
-    <td class="mono">${base} Kč</td>
-    <td class="mono">${dph} Kč</td>
-    <td style="font-weight:700;color:#111">${total}</td>
-    <td class="mono">${created}</td>
-    <td class="mono">${due}</td>
-    <td><span class="pill ${sc}">${sl}</span></td>
-    <td style="display:flex;gap:4px">
-      <button class="btn btn-ghost btn-sm">PDF</button>
-      <button class="btn btn-ghost btn-sm">Detail</button>
-    </td>
-  </tr>`;
-}
-function customerCard(bg,initials,name,sector,activity,revenue){
-  return `<div class="customer-card">
-    <div style="display:flex;align-items:center;gap:12px">
-      <div class="cc-logo" style="background:${bg}">${initials}</div>
-      <div><div class="cc-name">${name}</div><div class="cc-sub">${sector}</div></div>
-    </div>
-    <div class="cc-stats">
-      <div class="cc-s"><div class="cc-s-val">${revenue}</div><div class="cc-s-lbl">Celk. obrat</div></div>
-      <div class="cc-s"><div class="cc-s-val" style="font-size:12px;color:var(--muted)">${activity}</div><div class="cc-s-lbl">Aktivita</div></div>
-    </div>
-    <div style="display:flex;gap:6px;margin-top:4px">
-      <button class="btn btn-ghost btn-sm" style="flex:1">Faktury</button>
-      <button class="btn btn-ghost btn-sm" style="flex:1">Projekty</button>
-    </div>
-  </div>`;
-}
-function userCard(i,color,name,email,role,lastLogin,sc,sl,twofa){
-  return `<div class="user-card">
-    <div class="avatar" style="background:${color};width:42px;height:42px;border-radius:10px;font-size:13px;flex-shrink:0">${i}</div>
-    <div class="ua-info">
-      <div class="ua-name">${name}</div>
-      <div class="ua-email">${email}</div>
-      <div class="ua-meta">
-        <span class="pill ${sc}" style="font-size:10px;padding:1px 6px">${sl}</span>
-        <span class="pill n" style="font-size:10px;padding:1px 6px">${role}</span>
-        ${twofa?'<span class="pill g" style="font-size:10px;padding:1px 6px">2FA ✓</span>':''}
-      </div>
-      <div style="font-size:11px;color:var(--muted);margin-top:4px">${lastLogin}</div>
-    </div>
-    <button class="btn btn-ghost btn-icon">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2" style="width:14px;height:14px"><circle cx="12" cy="12" r="1"/><circle cx="12" cy="5" r="1"/><circle cx="12" cy="19" r="1"/></svg>
-    </button>
-  </div>`;
-}
-function settingsRow(label,desc,state){
-  return `<div class="settings-row">
-    <div class="settings-info">
-      <div class="settings-lbl">${label}</div>
-      <div class="settings-desc">${desc}</div>
-    </div>
-    <button class="toggle ${state}" onclick="this.classList.toggle('on');this.classList.toggle('off')"></button>
-  </div>`;
-}
-function sumRow(label,val,c){
-  return `<div style="display:flex;flex-direction:column;gap:3px">
-    <div style="font-size:11px;font-weight:600;text-transform:uppercase;letter-spacing:.4px;color:var(--muted)">${label}</div>
-    <div style="font-size:13px;font-weight:600;color:#111">${val}</div>
-  </div>`;
-}
-
-// ══════════════════════════════════════════
-// ROUTER
-// ══════════════════════════════════════════
-function navigate(pageId){
-  document.querySelectorAll('.nav-item').forEach(el=>{
-    el.classList.toggle('active', el.dataset.page===pageId);
-  });
-  const content = document.getElementById('main-content');
-  content.innerHTML = pages[pageId] ? pages[pageId]() : `<div class="page"><h2>Stránka nenalezena</h2></div>`;
-  content.scrollTop = 0;
-}
-
-document.querySelectorAll('.nav-item[data-page]').forEach(el=>{
-  el.addEventListener('click', ()=>navigate(el.dataset.page));
-});
-
-navigate('dashboard');
-</script>
-</body>
-</html>
diff --git a/index.html b/index.html
index e54cae4..8eec5cd 100644
--- a/index.html
+++ b/index.html
@@ -9,10 +9,10 @@
   <meta http-equiv="Pragma" content="no-cache" />
   <meta http-equiv="Expires" content="0" />
 
-  <title>BOHA Interni system</title>
+  <title>Interní systém</title>
 
   <meta name="robots" content="noindex, nofollow" />
-  <meta name="apple-mobile-web-app-title" content="BOHA System" />
+  <meta name="apple-mobile-web-app-title" content="Interní systém" />
 
   <link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96" />
   <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
diff --git a/package-lock.json b/package-lock.json
index cbe64ca..1b1cc47 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,6 +8,10 @@
       "name": "boha-system",
       "version": "1.0.0",
       "dependencies": {
+        "@dnd-kit/core": "^6.3.1",
+        "@dnd-kit/modifiers": "^9.0.0",
+        "@dnd-kit/sortable": "^10.0.0",
+        "@dnd-kit/utilities": "^3.2.2",
         "date-fns": "^4.1.0",
         "dompurify": "^3.3.1",
         "framer-motion": "^12.23.25",
@@ -20,14 +24,91 @@
       },
       "devDependencies": {
         "@eslint/js": "^10.0.1",
+        "@testing-library/dom": "^10.4.1",
+        "@testing-library/jest-dom": "^6.9.1",
+        "@testing-library/react": "^16.3.2",
         "@vitejs/plugin-react": "^4.7.0",
         "eslint": "^10.0.2",
         "eslint-plugin-react-hooks": "^5.2.0",
         "eslint-plugin-react-refresh": "^0.5.2",
         "globals": "^17.4.0",
-        "vite": "^5.4.11"
+        "jsdom": "^28.1.0",
+        "vite": "^5.4.11",
+        "vitest": "^4.0.18"
       }
     },
+    "node_modules/@acemir/cssom": {
+      "version": "0.9.31",
+      "resolved": "https://registry.npmjs.org/@acemir/cssom/-/cssom-0.9.31.tgz",
+      "integrity": "sha512-ZnR3GSaH+/vJ0YlHau21FjfLYjMpYVIzTD8M8vIEQvIGxeOXyXdzCI140rrCY862p/C/BbzWsjc1dgnM9mkoTA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@adobe/css-tools": {
+      "version": "4.4.4",
+      "resolved": "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.4.4.tgz",
+      "integrity": "sha512-Elp+iwUx5rN5+Y8xLt5/GRoG20WGoDCQ/1Fb+1LiGtvwbDavuSk0jhD/eZdckHAuzcDzccnkv+rEjyWfRx18gg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@asamuzakjp/css-color": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-5.0.1.tgz",
+      "integrity": "sha512-2SZFvqMyvboVV1d15lMf7XiI3m7SDqXUuKaTymJYLN6dSGadqp+fVojqJlVoMlbZnlTmu3S0TLwLTJpvBMO1Aw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@csstools/css-calc": "^3.1.1",
+        "@csstools/css-color-parser": "^4.0.2",
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0",
+        "lru-cache": "^11.2.6"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
+    "node_modules/@asamuzakjp/css-color/node_modules/lru-cache": {
+      "version": "11.2.6",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.6.tgz",
+      "integrity": "sha512-ESL2CrkS/2wTPfuend7Zhkzo2u0daGJ/A2VucJOgQ/C48S/zB8MMeMHSGKYpXhIjbPxfuezITkaBH1wqv00DDQ==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/@asamuzakjp/dom-selector": {
+      "version": "6.8.1",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/dom-selector/-/dom-selector-6.8.1.tgz",
+      "integrity": "sha512-MvRz1nCqW0fsy8Qz4dnLIvhOlMzqDVBabZx6lH+YywFDdjXhMY37SmpV1XFX3JzG5GWHn63j6HX6QPr3lZXHvQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@asamuzakjp/nwsapi": "^2.3.9",
+        "bidi-js": "^1.0.3",
+        "css-tree": "^3.1.0",
+        "is-potential-custom-element-name": "^1.0.1",
+        "lru-cache": "^11.2.6"
+      }
+    },
+    "node_modules/@asamuzakjp/dom-selector/node_modules/lru-cache": {
+      "version": "11.2.6",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.6.tgz",
+      "integrity": "sha512-ESL2CrkS/2wTPfuend7Zhkzo2u0daGJ/A2VucJOgQ/C48S/zB8MMeMHSGKYpXhIjbPxfuezITkaBH1wqv00DDQ==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/@asamuzakjp/nwsapi": {
+      "version": "2.3.9",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/nwsapi/-/nwsapi-2.3.9.tgz",
+      "integrity": "sha512-n8GuYSrI9bF7FFZ/SjhwevlHc8xaVlb/7HmHelnc/PZXBD2ZR49NnN9sMMuDdEGPeeRQ5d0hqlSlEpgCX3Wl0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@babel/code-frame": {
       "version": "7.27.1",
       "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
@@ -262,6 +343,16 @@
         "@babel/core": "^7.0.0-0"
       }
     },
+    "node_modules/@babel/runtime": {
+      "version": "7.28.6",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.6.tgz",
+      "integrity": "sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
     "node_modules/@babel/template": {
       "version": "7.27.2",
       "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz",
@@ -310,6 +401,218 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@bramus/specificity": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/@bramus/specificity/-/specificity-2.4.2.tgz",
+      "integrity": "sha512-ctxtJ/eA+t+6q2++vj5j7FYX3nRu311q1wfYH3xjlLOsczhlhxAg2FWNUXhpGvAw3BWo1xBcvOV6/YLc2r5FJw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "css-tree": "^3.0.0"
+      },
+      "bin": {
+        "specificity": "bin/cli.js"
+      }
+    },
+    "node_modules/@csstools/color-helpers": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-6.0.2.tgz",
+      "integrity": "sha512-LMGQLS9EuADloEFkcTBR3BwV/CGHV7zyDxVRtVDTwdI2Ca4it0CCVTT9wCkxSgokjE5Ho41hEPgb8OEUwoXr6Q==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0",
+      "engines": {
+        "node": ">=20.19.0"
+      }
+    },
+    "node_modules/@csstools/css-calc": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-3.1.1.tgz",
+      "integrity": "sha512-HJ26Z/vmsZQqs/o3a6bgKslXGFAungXGbinULZO3eMsOyNJHeBBZfup5FiZInOghgoM4Hwnmw+OgbJCNg1wwUQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/@csstools/css-color-parser": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-4.0.2.tgz",
+      "integrity": "sha512-0GEfbBLmTFf0dJlpsNU7zwxRIH0/BGEMuXLTCvFYxuL1tNhqzTbtnFICyJLTNK4a+RechKP75e7w42ClXSnJQw==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "@csstools/color-helpers": "^6.0.2",
+        "@csstools/css-calc": "^3.1.1"
+      },
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/@csstools/css-parser-algorithms": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-4.0.0.tgz",
+      "integrity": "sha512-+B87qS7fIG3L5h3qwJ/IFbjoVoOe/bpOdh9hAjXbvx0o8ImEmUsGXN0inFOnk2ChCFgqkkGFQ+TpM5rbhkKe4w==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/@csstools/css-syntax-patches-for-csstree": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.1.0.tgz",
+      "integrity": "sha512-H4tuz2nhWgNKLt1inYpoVCfbJbMwX/lQKp3g69rrrIMIYlFD9+zTykOKhNR8uGrAmbS/kT9n6hTFkmDkxLgeTA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0"
+    },
+    "node_modules/@csstools/css-tokenizer": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-4.0.0.tgz",
+      "integrity": "sha512-QxULHAm7cNu72w97JUNCBFODFaXpbDg+dP8b/oWFAZ2MTRppA3U00Y2L1HqaS4J6yBqxwa/Y3nMBaxVKbB/NsA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      }
+    },
+    "node_modules/@dnd-kit/accessibility": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/accessibility/-/accessibility-3.1.1.tgz",
+      "integrity": "sha512-2P+YgaXF+gRsIihwwY1gCsQSYnu9Zyj2py8kY5fFvUM1qm2WA2u639R6YNVfU4GWr+ZM5mqEsfHZZLoRONbemw==",
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "react": ">=16.8.0"
+      }
+    },
+    "node_modules/@dnd-kit/core": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/core/-/core-6.3.1.tgz",
+      "integrity": "sha512-xkGBRQQab4RLwgXxoqETICr6S5JlogafbhNsidmrkVv2YRs5MLwpjoF2qpiGjQt8S9AoxtIV603s0GIUpY5eYQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@dnd-kit/accessibility": "^3.1.1",
+        "@dnd-kit/utilities": "^3.2.2",
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "react": ">=16.8.0",
+        "react-dom": ">=16.8.0"
+      }
+    },
+    "node_modules/@dnd-kit/modifiers": {
+      "version": "9.0.0",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/modifiers/-/modifiers-9.0.0.tgz",
+      "integrity": "sha512-ybiLc66qRGuZoC20wdSSG6pDXFikui/dCNGthxv4Ndy8ylErY0N3KVxY2bgo7AWwIbxDmXDg3ylAFmnrjcbVvw==",
+      "license": "MIT",
+      "dependencies": {
+        "@dnd-kit/utilities": "^3.2.2",
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "@dnd-kit/core": "^6.3.0",
+        "react": ">=16.8.0"
+      }
+    },
+    "node_modules/@dnd-kit/sortable": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/sortable/-/sortable-10.0.0.tgz",
+      "integrity": "sha512-+xqhmIIzvAYMGfBYYnbKuNicfSsk4RksY2XdmJhT+HAC01nix6fHCztU68jooFiMUB01Ky3F0FyOvhG/BZrWkg==",
+      "license": "MIT",
+      "dependencies": {
+        "@dnd-kit/utilities": "^3.2.2",
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "@dnd-kit/core": "^6.3.0",
+        "react": ">=16.8.0"
+      }
+    },
+    "node_modules/@dnd-kit/utilities": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/@dnd-kit/utilities/-/utilities-3.2.2.tgz",
+      "integrity": "sha512-+MKAJEOfaBe5SmV6t34p80MMKhjvUz0vRrvVJbPT0WElzaOJ/1xs+D+KDv+tD/NE5ujfrChEcshd4fLn0wpiqg==",
+      "license": "MIT",
+      "dependencies": {
+        "tslib": "^2.0.0"
+      },
+      "peerDependencies": {
+        "react": ">=16.8.0"
+      }
+    },
     "node_modules/@esbuild/aix-ppc64": {
       "version": "0.21.5",
       "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz",
@@ -599,6 +902,23 @@
         "node": ">=12"
       }
     },
+    "node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.3.tgz",
+      "integrity": "sha512-sDpk0RgmTCR/5HguIZa9n9u+HVKf40fbEUt+iTzSnCaGvY9kFP0YKBWZtJaraonFnqef5SlJ8/TiPAxzyS+UoA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/@esbuild/netbsd-x64": {
       "version": "0.21.5",
       "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz",
@@ -616,6 +936,23 @@
         "node": ">=12"
       }
     },
+    "node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.3.tgz",
+      "integrity": "sha512-AIcMP77AvirGbRl/UZFTq5hjXK+2wC7qFRGoHSDrZ5v5b8DK/GYpXW3CPRL53NkvDqb9D+alBiC/dV0Fb7eJcw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/@esbuild/openbsd-x64": {
       "version": "0.21.5",
       "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz",
@@ -633,6 +970,23 @@
         "node": ">=12"
       }
     },
+    "node_modules/@esbuild/openharmony-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.3.tgz",
+      "integrity": "sha512-NinAEgr/etERPTsZJ7aEZQvvg/A6IsZG/LgZy+81wON2huV7SrK3e63dU0XhyZP4RKGyTm7aOgmQk0bGp0fy2g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/@esbuild/sunos-x64": {
       "version": "0.21.5",
       "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz",
@@ -829,6 +1183,24 @@
         "node": "^20.19.0 || ^22.13.0 || >=24"
       }
     },
+    "node_modules/@exodus/bytes": {
+      "version": "1.15.0",
+      "resolved": "https://registry.npmjs.org/@exodus/bytes/-/bytes-1.15.0.tgz",
+      "integrity": "sha512-UY0nlA+feH81UGSHv92sLEPLCeZFjXOuHhrIo0HQydScuQc8s0A7kL/UdgwgDq8g8ilksmuoF35YVTNphV2aBQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      },
+      "peerDependencies": {
+        "@noble/hashes": "^1.8.0 || ^2.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@noble/hashes": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@floating-ui/core": {
       "version": "1.7.5",
       "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-1.7.5.tgz",
@@ -1308,6 +1680,105 @@
         "win32"
       ]
     },
+    "node_modules/@standard-schema/spec": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.1.0.tgz",
+      "integrity": "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@testing-library/dom": {
+      "version": "10.4.1",
+      "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-10.4.1.tgz",
+      "integrity": "sha512-o4PXJQidqJl82ckFaXUeoAW+XysPLauYI43Abki5hABd853iMhitooc6znOnczgbTYmEP6U6/y1ZyKAIsvMKGg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/runtime": "^7.12.5",
+        "@types/aria-query": "^5.0.1",
+        "aria-query": "5.3.0",
+        "dom-accessibility-api": "^0.5.9",
+        "lz-string": "^1.5.0",
+        "picocolors": "1.1.1",
+        "pretty-format": "^27.0.2"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/aria-query": {
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.0.tgz",
+      "integrity": "sha512-b0P0sZPKtyu8HkeRAfCq0IfURZK+SuwMjY1UXGBU27wpAiTwQAIlq56IbIO+ytk/JjS1fMR14ee5WBBfKi5J6A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "dequal": "^2.0.3"
+      }
+    },
+    "node_modules/@testing-library/dom/node_modules/dom-accessibility-api": {
+      "version": "0.5.16",
+      "resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.5.16.tgz",
+      "integrity": "sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@testing-library/jest-dom": {
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-6.9.1.tgz",
+      "integrity": "sha512-zIcONa+hVtVSSep9UT3jZ5rizo2BsxgyDYU7WFD5eICBE7no3881HGeb/QkGfsJs6JTkY1aQhT7rIPC7e+0nnA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@adobe/css-tools": "^4.4.0",
+        "aria-query": "^5.0.0",
+        "css.escape": "^1.5.1",
+        "dom-accessibility-api": "^0.6.3",
+        "picocolors": "^1.1.1",
+        "redent": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=14",
+        "npm": ">=6",
+        "yarn": ">=1"
+      }
+    },
+    "node_modules/@testing-library/react": {
+      "version": "16.3.2",
+      "resolved": "https://registry.npmjs.org/@testing-library/react/-/react-16.3.2.tgz",
+      "integrity": "sha512-XU5/SytQM+ykqMnAnvB2umaJNIOsLF3PVv//1Ew4CTcpz0/BRyy/af40qqrt7SjKpDdT1saBMc42CUok5gaw+g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/runtime": "^7.12.5"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "peerDependencies": {
+        "@testing-library/dom": "^10.0.0",
+        "@types/react": "^18.0.0 || ^19.0.0",
+        "@types/react-dom": "^18.0.0 || ^19.0.0",
+        "react": "^18.0.0 || ^19.0.0",
+        "react-dom": "^18.0.0 || ^19.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@types/aria-query": {
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-5.0.4.tgz",
+      "integrity": "sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@types/babel__core": {
       "version": "7.20.5",
       "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz",
@@ -1353,6 +1824,24 @@
         "@babel/types": "^7.28.2"
       }
     },
+    "node_modules/@types/chai": {
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/@types/chai/-/chai-5.2.3.tgz",
+      "integrity": "sha512-Mw558oeA9fFbv65/y4mHtXDs9bPnFMZAL/jxdPFUpOHHIXX91mcgEHbS5Lahr+pwZFR8A7GQleRWeI6cGFC2UA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/deep-eql": "*",
+        "assertion-error": "^2.0.1"
+      }
+    },
+    "node_modules/@types/deep-eql": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/@types/deep-eql/-/deep-eql-4.0.2.tgz",
+      "integrity": "sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@types/esrecurse": {
       "version": "4.3.1",
       "resolved": "https://registry.npmjs.org/@types/esrecurse/-/esrecurse-4.3.1.tgz",
@@ -1402,6 +1891,117 @@
         "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0"
       }
     },
+    "node_modules/@vitest/expect": {
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.18.tgz",
+      "integrity": "sha512-8sCWUyckXXYvx4opfzVY03EOiYVxyNrHS5QxX3DAIi5dpJAAkyJezHCP77VMX4HKA2LDT/Jpfo8i2r5BE3GnQQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@standard-schema/spec": "^1.0.0",
+        "@types/chai": "^5.2.2",
+        "@vitest/spy": "4.0.18",
+        "@vitest/utils": "4.0.18",
+        "chai": "^6.2.1",
+        "tinyrainbow": "^3.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/mocker": {
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.0.18.tgz",
+      "integrity": "sha512-HhVd0MDnzzsgevnOWCBj5Otnzobjy5wLBe4EdeeFGv8luMsGcYqDuFRMcttKWZA5vVO8RFjexVovXvAM4JoJDQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/spy": "4.0.18",
+        "estree-walker": "^3.0.3",
+        "magic-string": "^0.30.21"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "msw": "^2.4.9",
+        "vite": "^6.0.0 || ^7.0.0-0"
+      },
+      "peerDependenciesMeta": {
+        "msw": {
+          "optional": true
+        },
+        "vite": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@vitest/pretty-format": {
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.0.18.tgz",
+      "integrity": "sha512-P24GK3GulZWC5tz87ux0m8OADrQIUVDPIjjj65vBXYG17ZeU3qD7r+MNZ1RNv4l8CGU2vtTRqixrOi9fYk/yKw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tinyrainbow": "^3.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/runner": {
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.0.18.tgz",
+      "integrity": "sha512-rpk9y12PGa22Jg6g5M3UVVnTS7+zycIGk9ZNGN+m6tZHKQb7jrP7/77WfZy13Y/EUDd52NDsLRQhYKtv7XfPQw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/utils": "4.0.18",
+        "pathe": "^2.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/snapshot": {
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.0.18.tgz",
+      "integrity": "sha512-PCiV0rcl7jKQjbgYqjtakly6T1uwv/5BQ9SwBLekVg/EaYeQFPiXcgrC2Y7vDMA8dM1SUEAEV82kgSQIlXNMvA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/pretty-format": "4.0.18",
+        "magic-string": "^0.30.21",
+        "pathe": "^2.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/spy": {
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.0.18.tgz",
+      "integrity": "sha512-cbQt3PTSD7P2OARdVW3qWER5EGq7PHlvE+QfzSC0lbwO+xnt7+XH06ZzFjFRgzUX//JmpxrCu92VdwvEPlWSNw==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/utils": {
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.0.18.tgz",
+      "integrity": "sha512-msMRKLMVLWygpK3u2Hybgi4MNjcYJvwTb0Ru09+fOyCXIgT5raYP041DRRdiJiI3k/2U6SEbAETB3YtBrUkCFA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/pretty-format": "4.0.18",
+        "tinyrainbow": "^3.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
     "node_modules/acorn": {
       "version": "8.16.0",
       "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz",
@@ -1425,6 +2025,16 @@
         "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
       }
     },
+    "node_modules/agent-base": {
+      "version": "7.1.4",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz",
+      "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
     "node_modules/ajv": {
       "version": "6.14.0",
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
@@ -1466,6 +2076,26 @@
         "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
+    "node_modules/aria-query": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.2.tgz",
+      "integrity": "sha512-COROpnaoap1E2F000S62r6A60uHZnmlvomhfyT2DlTcrY1OrBKn2UhH7qn5wTC9zMvD0AY7csdPSNwKP+7WiQw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/assertion-error": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-2.0.1.tgz",
+      "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      }
+    },
     "node_modules/balanced-match": {
       "version": "4.0.4",
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
@@ -1486,6 +2116,16 @@
         "baseline-browser-mapping": "dist/cli.js"
       }
     },
+    "node_modules/bidi-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz",
+      "integrity": "sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "require-from-string": "^2.0.2"
+      }
+    },
     "node_modules/brace-expansion": {
       "version": "5.0.4",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
@@ -1563,6 +2203,16 @@
       ],
       "license": "CC-BY-4.0"
     },
+    "node_modules/chai": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-6.2.2.tgz",
+      "integrity": "sha512-NUPRluOfOiTKBKvWPtSD4PhFvWCqOi0BGStNWs57X9js7XGTprSmFoz5F0tWhR4WPjNeR9jXqdC7/UpSJTnlRg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/cliui": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz",
@@ -1623,6 +2273,67 @@
         "node": ">= 8"
       }
     },
+    "node_modules/css-tree": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-3.2.1.tgz",
+      "integrity": "sha512-X7sjQzceUhu1u7Y/ylrRZFU2FS6LRiFVp6rKLPg23y3x3c3DOKAwuXGDp+PAGjh6CSnCjYeAul8pcT8bAl+lSA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mdn-data": "2.27.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0"
+      }
+    },
+    "node_modules/css.escape": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/css.escape/-/css.escape-1.5.1.tgz",
+      "integrity": "sha512-YUifsXXuknHlUsmlgyY0PKzgPOr7/FjCePfHNt0jxm83wHZi44VDMQ7/fGNkjY3/jV1MC+1CmZbaHzugyeRtpg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/cssstyle": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-6.2.0.tgz",
+      "integrity": "sha512-Fm5NvhYathRnXNVndkUsCCuR63DCLVVwGOOwQw782coXFi5HhkXdu289l59HlXZBawsyNccXfWRYvLzcDCdDig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@asamuzakjp/css-color": "^5.0.1",
+        "@csstools/css-syntax-patches-for-csstree": "^1.0.28",
+        "css-tree": "^3.1.0",
+        "lru-cache": "^11.2.6"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/cssstyle/node_modules/lru-cache": {
+      "version": "11.2.6",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.6.tgz",
+      "integrity": "sha512-ESL2CrkS/2wTPfuend7Zhkzo2u0daGJ/A2VucJOgQ/C48S/zB8MMeMHSGKYpXhIjbPxfuezITkaBH1wqv00DDQ==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/data-urls": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-7.0.0.tgz",
+      "integrity": "sha512-23XHcCF+coGYevirZceTVD7NdJOqVn+49IHyxgszm+JIiHLoB2TkmPtsYkNWT1pvRSGkc35L6NHs0yHkN2SumA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "whatwg-mimetype": "^5.0.0",
+        "whatwg-url": "^16.0.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
     "node_modules/date-fns": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-4.1.0.tgz",
@@ -1660,6 +2371,13 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/decimal.js": {
+      "version": "10.6.0",
+      "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.6.0.tgz",
+      "integrity": "sha512-YpgQiITW3JXGntzdUmyUR1V812Hn8T1YVXhCu+wO3OpS4eU9l4YdD3qjyiKdV6mvV29zapkMeD390UVEf2lkUg==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/deep-is": {
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
@@ -1667,12 +2385,29 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/dequal": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz",
+      "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/dijkstrajs": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz",
       "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==",
       "license": "MIT"
     },
+    "node_modules/dom-accessibility-api": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.6.3.tgz",
+      "integrity": "sha512-7ZgogeTnjuHbo+ct10G9Ffp0mif17idi0IyWNVA/wcwcm7NPOD/WEHVP3n7n3MhXqxoIYm8d6MuZohYWIZ4T3w==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/dompurify": {
       "version": "3.3.1",
       "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz",
@@ -1695,6 +2430,26 @@
       "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
       "license": "MIT"
     },
+    "node_modules/entities": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz",
+      "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/es-module-lexer": {
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz",
+      "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/esbuild": {
       "version": "0.21.5",
       "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.21.5.tgz",
@@ -1922,6 +2677,16 @@
         "node": ">=4.0"
       }
     },
+    "node_modules/estree-walker": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz",
+      "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "^1.0.0"
+      }
+    },
     "node_modules/esutils": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
@@ -1938,6 +2703,16 @@
       "integrity": "sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw==",
       "license": "MIT"
     },
+    "node_modules/expect-type": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
+      "integrity": "sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
     "node_modules/fast-deep-equal": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -1965,6 +2740,24 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/fdir": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
+      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "picomatch": "^3 || ^4"
+      },
+      "peerDependenciesMeta": {
+        "picomatch": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/file-entry-cache": {
       "version": "8.0.0",
       "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-8.0.0.tgz",
@@ -2103,6 +2896,47 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/html-encoding-sniffer": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-6.0.0.tgz",
+      "integrity": "sha512-CV9TW3Y3f8/wT0BRFc1/KAVQ3TUHiXmaAb6VW9vtiMFf7SLoMd1PdAc4W3KFOFETBJUb90KatHqlsZMWV+R9Gg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@exodus/bytes": "^1.6.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
+    "node_modules/http-proxy-agent": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
+      "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^7.1.0",
+        "debug": "^4.3.4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/https-proxy-agent": {
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
+      "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^7.1.2",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
     "node_modules/ignore": {
       "version": "5.3.2",
       "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
@@ -2123,6 +2957,16 @@
         "node": ">=0.8.19"
       }
     },
+    "node_modules/indent-string": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz",
+      "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/is-extglob": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
@@ -2155,6 +2999,13 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/is-potential-custom-element-name": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz",
+      "integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/isexe": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
@@ -2168,6 +3019,47 @@
       "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
       "license": "MIT"
     },
+    "node_modules/jsdom": {
+      "version": "28.1.0",
+      "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-28.1.0.tgz",
+      "integrity": "sha512-0+MoQNYyr2rBHqO1xilltfDjV9G7ymYGlAUazgcDLQaUf8JDHbuGwsxN6U9qWaElZ4w1B2r7yEGIL3GdeW3Rug==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@acemir/cssom": "^0.9.31",
+        "@asamuzakjp/dom-selector": "^6.8.1",
+        "@bramus/specificity": "^2.4.2",
+        "@exodus/bytes": "^1.11.0",
+        "cssstyle": "^6.0.1",
+        "data-urls": "^7.0.0",
+        "decimal.js": "^10.6.0",
+        "html-encoding-sniffer": "^6.0.0",
+        "http-proxy-agent": "^7.0.2",
+        "https-proxy-agent": "^7.0.6",
+        "is-potential-custom-element-name": "^1.0.1",
+        "parse5": "^8.0.0",
+        "saxes": "^6.0.0",
+        "symbol-tree": "^3.2.4",
+        "tough-cookie": "^6.0.0",
+        "undici": "^7.21.0",
+        "w3c-xmlserializer": "^5.0.0",
+        "webidl-conversions": "^8.0.1",
+        "whatwg-mimetype": "^5.0.0",
+        "whatwg-url": "^16.0.0",
+        "xml-name-validator": "^5.0.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      },
+      "peerDependencies": {
+        "canvas": "^3.0.0"
+      },
+      "peerDependenciesMeta": {
+        "canvas": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/jsesc": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz",
@@ -2296,6 +3188,43 @@
         "yallist": "^3.0.2"
       }
     },
+    "node_modules/lz-string": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/lz-string/-/lz-string-1.5.0.tgz",
+      "integrity": "sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "lz-string": "bin/bin.js"
+      }
+    },
+    "node_modules/magic-string": {
+      "version": "0.30.21",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
+      "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.5.5"
+      }
+    },
+    "node_modules/mdn-data": {
+      "version": "2.27.1",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.27.1.tgz",
+      "integrity": "sha512-9Yubnt3e8A0OKwxYSXyhLymGW4sCufcLG6VdiDdUGVkPhpqLxlvP5vl1983gQjJl3tqbrM731mjaZaP68AgosQ==",
+      "dev": true,
+      "license": "CC0-1.0"
+    },
+    "node_modules/min-indent": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz",
+      "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
     "node_modules/minimatch": {
       "version": "10.2.4",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
@@ -2367,6 +3296,17 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/obug": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/obug/-/obug-2.1.1.tgz",
+      "integrity": "sha512-uTqF9MuPraAQ+IsnPf366RG4cP9RtUi7MLO1N3KEc+wb0a6yKpeL0lmk2IB1jY5KHPAlTc6T/JRdC/YqxHNwkQ==",
+      "dev": true,
+      "funding": [
+        "https://github.com/sponsors/sxzz",
+        "https://opencollective.com/debug"
+      ],
+      "license": "MIT"
+    },
     "node_modules/optionator": {
       "version": "0.9.4",
       "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz",
@@ -2432,6 +3372,19 @@
       "integrity": "sha512-HUrJFQ/StvgmXRcQ1ftY6VEZUq3jA2t9ncFN4F84J/vN0/FPpQF+8FKXb3l6fLces6q0uOHj6NJn+2xvZnxO6A==",
       "license": "BSD-3-Clause"
     },
+    "node_modules/parse5": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.0.tgz",
+      "integrity": "sha512-9m4m5GSgXjL4AjumKzq1Fgfp3Z8rsvjRNbnkVwfu2ImRqE5D0LnY2QfDen18FSY9C573YU5XxSapdHZTZ2WolA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "entities": "^6.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/inikulin/parse5?sponsor=1"
+      }
+    },
     "node_modules/path-exists": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
@@ -2451,6 +3404,13 @@
         "node": ">=8"
       }
     },
+    "node_modules/pathe": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz",
+      "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/picocolors": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
@@ -2458,6 +3418,19 @@
       "dev": true,
       "license": "ISC"
     },
+    "node_modules/picomatch": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
+      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
     "node_modules/pngjs": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz",
@@ -2506,6 +3479,34 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/pretty-format": {
+      "version": "27.5.1",
+      "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz",
+      "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1",
+        "ansi-styles": "^5.0.0",
+        "react-is": "^17.0.1"
+      },
+      "engines": {
+        "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0"
+      }
+    },
+    "node_modules/pretty-format/node_modules/ansi-styles": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz",
+      "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
     "node_modules/punycode": {
       "version": "2.3.1",
       "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
@@ -2608,6 +3609,13 @@
         "react": "^18.3.1"
       }
     },
+    "node_modules/react-is": {
+      "version": "17.0.2",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
+      "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/react-quill-new": {
       "version": "3.8.3",
       "resolved": "https://registry.npmjs.org/react-quill-new/-/react-quill-new-3.8.3.tgz",
@@ -2665,6 +3673,20 @@
         "react-dom": ">=16.8"
       }
     },
+    "node_modules/redent": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz",
+      "integrity": "sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "indent-string": "^4.0.0",
+        "strip-indent": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/require-directory": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
@@ -2674,6 +3696,16 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/require-from-string": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
+      "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/require-main-filename": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
@@ -2722,6 +3754,19 @@
         "fsevents": "~2.3.2"
       }
     },
+    "node_modules/saxes": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/saxes/-/saxes-6.0.0.tgz",
+      "integrity": "sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "xmlchars": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=v12.22.7"
+      }
+    },
     "node_modules/scheduler": {
       "version": "0.23.2",
       "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz",
@@ -2770,6 +3815,13 @@
         "node": ">=8"
       }
     },
+    "node_modules/siginfo": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz",
+      "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==",
+      "dev": true,
+      "license": "ISC"
+    },
     "node_modules/source-map-js": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
@@ -2780,6 +3832,20 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/stackback": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz",
+      "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/std-env": {
+      "version": "3.10.0",
+      "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz",
+      "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/string-width": {
       "version": "4.2.3",
       "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
@@ -2806,12 +3872,122 @@
         "node": ">=8"
       }
     },
+    "node_modules/strip-indent": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz",
+      "integrity": "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "min-indent": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/symbol-tree": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
+      "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/tabbable": {
       "version": "6.4.0",
       "resolved": "https://registry.npmjs.org/tabbable/-/tabbable-6.4.0.tgz",
       "integrity": "sha512-05PUHKSNE8ou2dwIxTngl4EzcnsCDZGJ/iCLtDflR/SHB/ny14rXc+qU5P4mG9JkusiV7EivzY9Mhm55AzAvCg==",
       "license": "MIT"
     },
+    "node_modules/tinybench": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz",
+      "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/tinyexec": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.0.2.tgz",
+      "integrity": "sha512-W/KYk+NFhkmsYpuHq5JykngiOCnxeVL8v8dFnqxSD8qEEdRfXk1SDM6JzNqcERbcGYj9tMrDQBYV9cjgnunFIg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/tinyglobby": {
+      "version": "0.2.15",
+      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
+      "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fdir": "^6.5.0",
+        "picomatch": "^4.0.3"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/SuperchupuDev"
+      }
+    },
+    "node_modules/tinyrainbow": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-3.1.0.tgz",
+      "integrity": "sha512-Bf+ILmBgretUrdJxzXM0SgXLZ3XfiaUuOj/IKQHuTXip+05Xn+uyEYdVg0kYDipTBcLrCVyUzAPz7QmArb0mmw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/tldts": {
+      "version": "7.0.25",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.25.tgz",
+      "integrity": "sha512-keinCnPbwXEUG3ilrWQZU+CqcTTzHq9m2HhoUP2l7Xmi8l1LuijAXLpAJ5zRW+ifKTNscs4NdCkfkDCBYm352w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tldts-core": "^7.0.25"
+      },
+      "bin": {
+        "tldts": "bin/cli.js"
+      }
+    },
+    "node_modules/tldts-core": {
+      "version": "7.0.25",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.25.tgz",
+      "integrity": "sha512-ZjCZK0rppSBu7rjHYDYsEaMOIbbT+nWF57hKkv4IUmZWBNrBWBOjIElc0mKRgLM8bm7x/BBlof6t2gi/Oq/Asw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/tough-cookie": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-6.0.0.tgz",
+      "integrity": "sha512-kXuRi1mtaKMrsLUxz3sQYvVl37B0Ns6MzfrtV5DvJceE9bPyspOqk9xxv7XbZWcfLWbFmm997vl83qUWVJA64w==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "tldts": "^7.0.5"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/tr46": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-6.0.0.tgz",
+      "integrity": "sha512-bLVMLPtstlZ4iMQHpFHTR7GAGj2jxi8Dg0s2h2MafAE4uSWF98FC/3MomU51iQAMf8/qDUbKWf5GxuvvVcXEhw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "punycode": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
     "node_modules/tslib": {
       "version": "2.8.1",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
@@ -2831,6 +4007,16 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/undici": {
+      "version": "7.23.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-7.23.0.tgz",
+      "integrity": "sha512-HVMxHKZKi+eL2mrUZDzDkKW3XvCjynhbtpSq20xQp4ePDFeSFuAfnvM0GIwZIv8fiKHjXFQ5WjxhCt15KRNj+g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.18.1"
+      }
+    },
     "node_modules/update-browserslist-db": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.2.tgz",
@@ -2932,6 +4118,640 @@
         }
       }
     },
+    "node_modules/vitest": {
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.18.tgz",
+      "integrity": "sha512-hOQuK7h0FGKgBAas7v0mSAsnvrIgAvWmRFjmzpJ7SwFHH3g1k2u37JtYwOwmEKhK6ZO3v9ggDBBm0La1LCK4uQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/expect": "4.0.18",
+        "@vitest/mocker": "4.0.18",
+        "@vitest/pretty-format": "4.0.18",
+        "@vitest/runner": "4.0.18",
+        "@vitest/snapshot": "4.0.18",
+        "@vitest/spy": "4.0.18",
+        "@vitest/utils": "4.0.18",
+        "es-module-lexer": "^1.7.0",
+        "expect-type": "^1.2.2",
+        "magic-string": "^0.30.21",
+        "obug": "^2.1.1",
+        "pathe": "^2.0.3",
+        "picomatch": "^4.0.3",
+        "std-env": "^3.10.0",
+        "tinybench": "^2.9.0",
+        "tinyexec": "^1.0.2",
+        "tinyglobby": "^0.2.15",
+        "tinyrainbow": "^3.0.3",
+        "vite": "^6.0.0 || ^7.0.0",
+        "why-is-node-running": "^2.3.0"
+      },
+      "bin": {
+        "vitest": "vitest.mjs"
+      },
+      "engines": {
+        "node": "^20.0.0 || ^22.0.0 || >=24.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "@edge-runtime/vm": "*",
+        "@opentelemetry/api": "^1.9.0",
+        "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0",
+        "@vitest/browser-playwright": "4.0.18",
+        "@vitest/browser-preview": "4.0.18",
+        "@vitest/browser-webdriverio": "4.0.18",
+        "@vitest/ui": "4.0.18",
+        "happy-dom": "*",
+        "jsdom": "*"
+      },
+      "peerDependenciesMeta": {
+        "@edge-runtime/vm": {
+          "optional": true
+        },
+        "@opentelemetry/api": {
+          "optional": true
+        },
+        "@types/node": {
+          "optional": true
+        },
+        "@vitest/browser-playwright": {
+          "optional": true
+        },
+        "@vitest/browser-preview": {
+          "optional": true
+        },
+        "@vitest/browser-webdriverio": {
+          "optional": true
+        },
+        "@vitest/ui": {
+          "optional": true
+        },
+        "happy-dom": {
+          "optional": true
+        },
+        "jsdom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/aix-ppc64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.3.tgz",
+      "integrity": "sha512-9fJMTNFTWZMh5qwrBItuziu834eOCUcEqymSH7pY+zoMVEZg3gcPuBNxH1EvfVYe9h0x/Ptw8KBzv7qxb7l8dg==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/android-arm": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.3.tgz",
+      "integrity": "sha512-i5D1hPY7GIQmXlXhs2w8AWHhenb00+GxjxRncS2ZM7YNVGNfaMxgzSGuO8o8SJzRc/oZwU2bcScvVERk03QhzA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/android-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.3.tgz",
+      "integrity": "sha512-YdghPYUmj/FX2SYKJ0OZxf+iaKgMsKHVPF1MAq/P8WirnSpCStzKJFjOjzsW0QQ7oIAiccHdcqjbHmJxRb/dmg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/android-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.3.tgz",
+      "integrity": "sha512-IN/0BNTkHtk8lkOM8JWAYFg4ORxBkZQf9zXiEOfERX/CzxW3Vg1ewAhU7QSWQpVIzTW+b8Xy+lGzdYXV6UZObQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/darwin-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.3.tgz",
+      "integrity": "sha512-Re491k7ByTVRy0t3EKWajdLIr0gz2kKKfzafkth4Q8A5n1xTHrkqZgLLjFEHVD+AXdUGgQMq+Godfq45mGpCKg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/darwin-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.3.tgz",
+      "integrity": "sha512-vHk/hA7/1AckjGzRqi6wbo+jaShzRowYip6rt6q7VYEDX4LEy1pZfDpdxCBnGtl+A5zq8iXDcyuxwtv3hNtHFg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.3.tgz",
+      "integrity": "sha512-ipTYM2fjt3kQAYOvo6vcxJx3nBYAzPjgTCk7QEgZG8AUO3ydUhvelmhrbOheMnGOlaSFUoHXB6un+A7q4ygY9w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/freebsd-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.3.tgz",
+      "integrity": "sha512-dDk0X87T7mI6U3K9VjWtHOXqwAMJBNN2r7bejDsc+j03SEjtD9HrOl8gVFByeM0aJksoUuUVU9TBaZa2rgj0oA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-arm": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.3.tgz",
+      "integrity": "sha512-s6nPv2QkSupJwLYyfS+gwdirm0ukyTFNl3KTgZEAiJDd+iHZcbTPPcWCcRYH+WlNbwChgH2QkE9NSlNrMT8Gfw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.3.tgz",
+      "integrity": "sha512-sZOuFz/xWnZ4KH3YfFrKCf1WyPZHakVzTiqji3WDc0BCl2kBwiJLCXpzLzUBLgmp4veFZdvN5ChW4Eq/8Fc2Fg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-ia32": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.3.tgz",
+      "integrity": "sha512-yGlQYjdxtLdh0a3jHjuwOrxQjOZYD/C9PfdbgJJF3TIZWnm/tMd/RcNiLngiu4iwcBAOezdnSLAwQDPqTmtTYg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-loong64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.3.tgz",
+      "integrity": "sha512-WO60Sn8ly3gtzhyjATDgieJNet/KqsDlX5nRC5Y3oTFcS1l0KWba+SEa9Ja1GfDqSF1z6hif/SkpQJbL63cgOA==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-mips64el": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.3.tgz",
+      "integrity": "sha512-APsymYA6sGcZ4pD6k+UxbDjOFSvPWyZhjaiPyl/f79xKxwTnrn5QUnXR5prvetuaSMsb4jgeHewIDCIWljrSxw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-ppc64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.3.tgz",
+      "integrity": "sha512-eizBnTeBefojtDb9nSh4vvVQ3V9Qf9Df01PfawPcRzJH4gFSgrObw+LveUyDoKU3kxi5+9RJTCWlj4FjYXVPEA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-riscv64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.3.tgz",
+      "integrity": "sha512-3Emwh0r5wmfm3ssTWRQSyVhbOHvqegUDRd0WhmXKX2mkHJe1SFCMJhagUleMq+Uci34wLSipf8Lagt4LlpRFWQ==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-s390x": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.3.tgz",
+      "integrity": "sha512-pBHUx9LzXWBc7MFIEEL0yD/ZVtNgLytvx60gES28GcWMqil8ElCYR4kvbV2BDqsHOvVDRrOxGySBM9Fcv744hw==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/linux-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.3.tgz",
+      "integrity": "sha512-Czi8yzXUWIQYAtL/2y6vogER8pvcsOsk5cpwL4Gk5nJqH5UZiVByIY8Eorm5R13gq+DQKYg0+JyQoytLQas4dA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/netbsd-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.3.tgz",
+      "integrity": "sha512-P14lFKJl/DdaE00LItAukUdZO5iqNH7+PjoBm+fLQjtxfcfFE20Xf5CrLsmZdq5LFFZzb5JMZ9grUwvtVYzjiA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/openbsd-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.3.tgz",
+      "integrity": "sha512-DnW2sRrBzA+YnE70LKqnM3P+z8vehfJWHXECbwBmH/CU51z6FiqTQTHFenPlHmo3a8UgpLyH3PT+87OViOh1AQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/sunos-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.3.tgz",
+      "integrity": "sha512-PanZ+nEz+eWoBJ8/f8HKxTTD172SKwdXebZ0ndd953gt1HRBbhMsaNqjTyYLGLPdoWHy4zLU7bDVJztF5f3BHA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/win32-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.3.tgz",
+      "integrity": "sha512-B2t59lWWYrbRDw/tjiWOuzSsFh1Y/E95ofKz7rIVYSQkUYBjfSgf6oeYPNWHToFRr2zx52JKApIcAS/D5TUBnA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/win32-ia32": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.3.tgz",
+      "integrity": "sha512-QLKSFeXNS8+tHW7tZpMtjlNb7HKau0QDpwm49u0vUp9y1WOF+PEzkU84y9GqYaAVW8aH8f3GcBck26jh54cX4Q==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/@esbuild/win32-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.3.tgz",
+      "integrity": "sha512-4uJGhsxuptu3OcpVAzli+/gWusVGwZZHTlS63hh++ehExkVT8SgiEf7/uC/PclrPPkLhZqGgCTjd0VWLo6xMqA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vitest/node_modules/esbuild": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.3.tgz",
+      "integrity": "sha512-8VwMnyGCONIs6cWue2IdpHxHnAjzxnw2Zr7MkVxB2vjmQ2ivqGFb4LEG3SMnv0Gb2F/G/2yA8zUaiL1gywDCCg==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.27.3",
+        "@esbuild/android-arm": "0.27.3",
+        "@esbuild/android-arm64": "0.27.3",
+        "@esbuild/android-x64": "0.27.3",
+        "@esbuild/darwin-arm64": "0.27.3",
+        "@esbuild/darwin-x64": "0.27.3",
+        "@esbuild/freebsd-arm64": "0.27.3",
+        "@esbuild/freebsd-x64": "0.27.3",
+        "@esbuild/linux-arm": "0.27.3",
+        "@esbuild/linux-arm64": "0.27.3",
+        "@esbuild/linux-ia32": "0.27.3",
+        "@esbuild/linux-loong64": "0.27.3",
+        "@esbuild/linux-mips64el": "0.27.3",
+        "@esbuild/linux-ppc64": "0.27.3",
+        "@esbuild/linux-riscv64": "0.27.3",
+        "@esbuild/linux-s390x": "0.27.3",
+        "@esbuild/linux-x64": "0.27.3",
+        "@esbuild/netbsd-arm64": "0.27.3",
+        "@esbuild/netbsd-x64": "0.27.3",
+        "@esbuild/openbsd-arm64": "0.27.3",
+        "@esbuild/openbsd-x64": "0.27.3",
+        "@esbuild/openharmony-arm64": "0.27.3",
+        "@esbuild/sunos-x64": "0.27.3",
+        "@esbuild/win32-arm64": "0.27.3",
+        "@esbuild/win32-ia32": "0.27.3",
+        "@esbuild/win32-x64": "0.27.3"
+      }
+    },
+    "node_modules/vitest/node_modules/vite": {
+      "version": "7.3.1",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.1.tgz",
+      "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "^0.27.0",
+        "fdir": "^6.5.0",
+        "picomatch": "^4.0.3",
+        "postcss": "^8.5.6",
+        "rollup": "^4.43.0",
+        "tinyglobby": "^0.2.15"
+      },
+      "bin": {
+        "vite": "bin/vite.js"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "funding": {
+        "url": "https://github.com/vitejs/vite?sponsor=1"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      },
+      "peerDependencies": {
+        "@types/node": "^20.19.0 || >=22.12.0",
+        "jiti": ">=1.21.0",
+        "less": "^4.0.0",
+        "lightningcss": "^1.21.0",
+        "sass": "^1.70.0",
+        "sass-embedded": "^1.70.0",
+        "stylus": ">=0.54.8",
+        "sugarss": "^5.0.0",
+        "terser": "^5.16.0",
+        "tsx": "^4.8.1",
+        "yaml": "^2.4.2"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "jiti": {
+          "optional": true
+        },
+        "less": {
+          "optional": true
+        },
+        "lightningcss": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        },
+        "stylus": {
+          "optional": true
+        },
+        "sugarss": {
+          "optional": true
+        },
+        "terser": {
+          "optional": true
+        },
+        "tsx": {
+          "optional": true
+        },
+        "yaml": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/w3c-xmlserializer": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-5.0.0.tgz",
+      "integrity": "sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "xml-name-validator": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/webidl-conversions": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-8.0.1.tgz",
+      "integrity": "sha512-BMhLD/Sw+GbJC21C/UgyaZX41nPt8bUTg+jWyDeg7e7YN4xOM05YPSIXceACnXVtqyEw/LMClUQMtMZ+PGGpqQ==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/whatwg-mimetype": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-5.0.0.tgz",
+      "integrity": "sha512-sXcNcHOC51uPGF0P/D4NVtrkjSU2fNsm9iog4ZvZJsL3rjoDAzXZhkm2MWt1y+PUdggKAYVoMAIYcs78wJ51Cw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/whatwg-url": {
+      "version": "16.0.1",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-16.0.1.tgz",
+      "integrity": "sha512-1to4zXBxmXHV3IiSSEInrreIlu02vUOvrhxJJH5vcxYTBDAx51cqZiKdyTxlecdKNSjj8EcxGBxNf6Vg+945gw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@exodus/bytes": "^1.11.0",
+        "tr46": "^6.0.0",
+        "webidl-conversions": "^8.0.1"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
     "node_modules/which": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
@@ -2954,6 +4774,23 @@
       "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==",
       "license": "ISC"
     },
+    "node_modules/why-is-node-running": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz",
+      "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "siginfo": "^2.0.0",
+        "stackback": "0.0.2"
+      },
+      "bin": {
+        "why-is-node-running": "cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/word-wrap": {
       "version": "1.2.5",
       "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
@@ -2978,6 +4815,23 @@
         "node": ">=8"
       }
     },
+    "node_modules/xml-name-validator": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-5.0.0.tgz",
+      "integrity": "sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/xmlchars": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz",
+      "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/y18n": {
       "version": "4.0.3",
       "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz",
diff --git a/package.json b/package.json
index ff26aee..afdd532 100644
--- a/package.json
+++ b/package.json
@@ -8,9 +8,15 @@
     "build": "vite build",
     "preview": "vite preview",
     "deploy": "bash deploy.sh",
-    "lint": "eslint src/"
+    "lint": "eslint src/",
+    "test": "vitest run",
+    "test:watch": "vitest"
   },
   "dependencies": {
+    "@dnd-kit/core": "^6.3.1",
+    "@dnd-kit/modifiers": "^9.0.0",
+    "@dnd-kit/sortable": "^10.0.0",
+    "@dnd-kit/utilities": "^3.2.2",
     "date-fns": "^4.1.0",
     "dompurify": "^3.3.1",
     "framer-motion": "^12.23.25",
@@ -23,11 +29,16 @@
   },
   "devDependencies": {
     "@eslint/js": "^10.0.1",
+    "@testing-library/dom": "^10.4.1",
+    "@testing-library/jest-dom": "^6.9.1",
+    "@testing-library/react": "^16.3.2",
     "@vitejs/plugin-react": "^4.7.0",
     "eslint": "^10.0.2",
     "eslint-plugin-react-hooks": "^5.2.0",
     "eslint-plugin-react-refresh": "^0.5.2",
     "globals": "^17.4.0",
-    "vite": "^5.4.11"
+    "jsdom": "^28.1.0",
+    "vite": "^5.4.11",
+    "vitest": "^4.0.18"
   }
 }
diff --git a/public/.htaccess b/public/.htaccess
deleted file mode 100644
index 8e45d20..0000000
--- a/public/.htaccess
+++ /dev/null
@@ -1,81 +0,0 @@
-<FilesMatch "^\.env">
-  Order allow,deny
-  Deny from all
-</FilesMatch>
-
-<FilesMatch "\.(log|sql|bak|backup|db|ini)$">
-  Order allow,deny
-  Deny from all
-</FilesMatch>
-
-Options -Indexes
-
-AddDefaultCharset UTF-8
-<IfModule mod_mime.c>
-  AddCharset UTF-8 .html .css .js .json .xml .txt
-</IfModule>
-
-<IfModule mod_headers.c>
-  Header set X-Content-Type-Options "nosniff"
-  Header set X-Frame-Options "SAMEORIGIN"
-  Header set Referrer-Policy "strict-origin-when-cross-origin"
-  Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
-  Header set Permissions-Policy "camera=(), microphone=(), geolocation=(self)"
-  Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob:; connect-src 'self'"
-</IfModule>
-
-<IfModule mod_rewrite.c>
-  RewriteEngine On
-  RewriteBase /
-
-  # Force HTTPS
-  RewriteCond %{HTTPS} off
-  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
-
-  RewriteRule ^api/ - [L]
-
-  RewriteCond %{REQUEST_FILENAME} -f [OR]
-  RewriteCond %{REQUEST_FILENAME} -d
-  RewriteRule ^ - [L]
-
-  # All SPA routes go through router.php
-  RewriteRule ^ /router.php [L]
-</IfModule>
-
-<IfModule mod_deflate.c>
-  AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css
-  AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/rss+xml
-  AddOutputFilterByType DEFLATE application/javascript application/x-javascript application/json
-  AddOutputFilterByType DEFLATE image/svg+xml application/font-woff2
-  SetEnvIfNoCase Request_URI "\.(jpg|jpeg|png|gif|webp|zip|gz|br|woff2)$" no-gzip
-</IfModule>
-
-<IfModule mod_expires.c>
-  ExpiresActive On
-  ExpiresByType image/jpg "access plus 1 year"
-  ExpiresByType image/jpeg "access plus 1 year"
-  ExpiresByType image/gif "access plus 1 year"
-  ExpiresByType image/png "access plus 1 year"
-  ExpiresByType image/svg+xml "access plus 1 year"
-  ExpiresByType text/css "access plus 1 year"
-  ExpiresByType application/javascript "access plus 1 year"
-  ExpiresByType text/javascript "access plus 1 year"
-  ExpiresByType application/font-woff2 "access plus 1 year"
-  ExpiresByType text/html "access plus 0 seconds"
-</IfModule>
-
-<FilesMatch "index\.html$">
-  <IfModule mod_headers.c>
-    Header set Cache-Control "no-cache, no-store, must-revalidate"
-    Header set Pragma "no-cache"
-    Header set Expires "0"
-  </IfModule>
-</FilesMatch>
-
-<FilesMatch "\.php$">
-  <IfModule mod_headers.c>
-    Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
-    Header set Pragma "no-cache"
-    Header set Expires "0"
-  </IfModule>
-</FilesMatch>
diff --git a/public/site.webmanifest b/public/site.webmanifest
index 7a470b3..860663f 100644
--- a/public/site.webmanifest
+++ b/public/site.webmanifest
@@ -1,6 +1,6 @@
 {
-  "name": "BOHA",
-  "short_name": "BOHA",
+  "name": "System",
+  "short_name": "System",
   "icons": [
     {
       "src": "/web-app-manifest-192x192.png",
diff --git a/src/admin/admin.css b/src/admin/admin.css
index 20d1cf3..1e3fa2d 100644
--- a/src/admin/admin.css
+++ b/src/admin/admin.css
@@ -2148,3 +2148,200 @@ img {
   transform: translateY(-1px);
 }
 
+/* ============================================================================
+   Mobile Responsive Enhancements
+   ============================================================================ */
+
+/* Touch targets - min 44px na mobilech */
+@media (max-width: 768px) {
+  .admin-btn {
+    min-height: 44px;
+    padding: 10px 16px;
+  }
+
+  .admin-btn-sm {
+    min-height: 36px;
+  }
+
+  .admin-btn-icon {
+    min-width: 44px;
+    min-height: 44px;
+  }
+
+  .admin-form-input,
+  .admin-form-select,
+  .admin-form-textarea {
+    min-height: 44px;
+    font-size: 16px; /* zabrání auto-zoomu na iOS */
+  }
+
+  .admin-form-checkbox {
+    min-height: 44px;
+    padding: 8px 0;
+  }
+
+  .admin-form-checkbox input + span::before {
+    width: 20px;
+    height: 20px;
+  }
+
+  .admin-form-label {
+    font-size: 13px;
+  }
+}
+
+/* Tabulky - kompaktnejsi na mobilech, lepsi scroll indikace */
+@media (max-width: 640px) {
+  .admin-table-wrapper,
+  .admin-table-responsive {
+    margin: 0 -1rem;
+    padding: 0 1rem;
+    position: relative;
+  }
+
+  .admin-table-wrapper::after {
+    content: '';
+    position: absolute;
+    top: 0;
+    right: 0;
+    bottom: 0;
+    width: 24px;
+    background: linear-gradient(to right, transparent, var(--bg-primary));
+    pointer-events: none;
+    opacity: 0.8;
+  }
+
+  .admin-table {
+    min-width: 500px;
+  }
+
+  .admin-table th,
+  .admin-table td {
+    padding: 8px;
+    font-size: 11px;
+  }
+
+  .admin-table th {
+    font-size: 9px;
+  }
+
+  .admin-table-actions {
+    gap: 0.25rem;
+  }
+}
+
+/* Page header na mobilech */
+@media (max-width: 480px) {
+  .admin-page-title {
+    font-size: 18px;
+  }
+
+  .admin-page-subtitle {
+    font-size: 12px;
+  }
+
+  .admin-content {
+    padding: 12px !important;
+  }
+
+  .admin-card-body {
+    padding: 12px;
+  }
+
+  .admin-card-header {
+    padding: 12px;
+  }
+}
+
+/* Grid - single column na malych mobilech */
+@media (max-width: 480px) {
+  .admin-grid-4 {
+    grid-template-columns: 1fr;
+  }
+}
+
+/* Confirm modal - ne fullscreen na mobilech */
+@media (max-width: 480px) {
+  .admin-confirm-content {
+    padding: 1.5rem 1rem;
+  }
+
+  .admin-confirm-title {
+    font-size: 1.1rem;
+  }
+
+  .admin-confirm-message {
+    font-size: 0.875rem;
+  }
+}
+
+/* Skeleton loading na mobilech */
+@media (max-width: 640px) {
+  .admin-skeleton {
+    border-radius: 4px;
+  }
+}
+
+/* Badge na mobilech - vetsi pro touch */
+@media (max-width: 768px) {
+  .admin-badge {
+    padding: 4px 10px;
+    font-size: 12px;
+  }
+
+  button.admin-badge {
+    min-height: 32px;
+  }
+}
+
+/* Prefers reduced motion */
+@media (prefers-reduced-motion: reduce) {
+  *,
+  *::before,
+  *::after {
+    animation-duration: 0.01ms !important;
+    animation-iteration-count: 1 !important;
+    transition-duration: 0.01ms !important;
+    scroll-behavior: auto !important;
+  }
+}
+
+/* Drag handle */
+.admin-drag-handle {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 24px;
+  height: 24px;
+  border: none;
+  background: none;
+  color: var(--text-muted);
+  cursor: grab;
+  border-radius: 4px;
+  padding: 0;
+  transition: color 0.15s, background 0.15s;
+  touch-action: none;
+}
+
+.admin-drag-handle:hover {
+  color: var(--text-primary);
+  background: var(--bg-secondary);
+}
+
+.admin-drag-handle:active {
+  cursor: grabbing;
+}
+
+/* Keyboard shortcut badge */
+.admin-kbd {
+  display: inline-block;
+  padding: 2px 7px;
+  font-family: var(--font-mono);
+  font-size: 12px;
+  line-height: 1.4;
+  border-radius: 4px;
+  background: var(--bg-secondary);
+  border: 1px solid var(--border-color);
+  white-space: nowrap;
+}
+
diff --git a/src/admin/components/AdminLayout.jsx b/src/admin/components/AdminLayout.jsx
index 87acefe..63beed7 100644
--- a/src/admin/components/AdminLayout.jsx
+++ b/src/admin/components/AdminLayout.jsx
@@ -6,6 +6,7 @@ import { useTheme } from '../../context/ThemeContext'
 import { setLogoutAlert } from '../utils/api'
 import useModalLock from '../hooks/useModalLock'
 import Sidebar from './Sidebar'
+import ShortcutsHelp from './ShortcutsHelp'
 
 export default function AdminLayout() {
   const { isAuthenticated, loading, checkSession, user, logout } = useAuth()
@@ -101,6 +102,7 @@ export default function AdminLayout() {
           <Outlet />
         </main>
       </div>
+      <ShortcutsHelp />
     </motion.div>
   )
 }
diff --git a/src/admin/components/OfferItemsSection.jsx b/src/admin/components/OfferItemsSection.jsx
index ed600c7..879d561 100644
--- a/src/admin/components/OfferItemsSection.jsx
+++ b/src/admin/components/OfferItemsSection.jsx
@@ -1,12 +1,23 @@
 import { motion } from 'framer-motion'
+import { DndContext, closestCenter, KeyboardSensor, PointerSensor, TouchSensor, useSensor, useSensors } from '@dnd-kit/core'
+import { SortableContext, verticalListSortingStrategy } from '@dnd-kit/sortable'
+import { restrictToVerticalAxis } from '@dnd-kit/modifiers'
 import { formatCurrency } from '../utils/formatters'
+import SortableRow, { DragHandle } from './SortableRow'
+import useSortableList from '../hooks/useSortableList'
 
 export default function OfferItemsSection({
-  items, updateItem, addItem, removeItem, moveItem,
+  items, setItems, updateItem, addItem, removeItem,
   itemTemplates, showItemTemplateMenu, setShowItemTemplateMenu,
   addItemFromTemplate, totals, currency, applyVat, vatRate,
   itemsError, readOnly
 }) {
+  const sensors = useSensors(
+    useSensor(PointerSensor, { activationConstraint: { distance: 5 } }),
+    useSensor(TouchSensor, { activationConstraint: { delay: 200, tolerance: 5 } }),
+    useSensor(KeyboardSensor)
+  )
+  const { handleDragEnd } = useSortableList(setItems, '_key')
   return (
     <motion.div
       className="offers-editor-section"
@@ -61,6 +72,7 @@ export default function OfferItemsSection({
         <table className="admin-table">
           <thead>
             <tr>
+              {!readOnly && <th style={{ width: '2rem' }}></th>}
               <th style={{ width: '2.5rem', textAlign: 'center' }}>#</th>
               <th>Popis položky</th>
               <th style={{ width: '5.5rem', textAlign: 'center' }}>Množství</th>
@@ -68,107 +80,112 @@ export default function OfferItemsSection({
               <th style={{ width: '5.5rem', textAlign: 'center' }}>Jedn. cena</th>
               <th style={{ width: '4.5rem', textAlign: 'center' }}>V ceně</th>
               <th style={{ width: '8rem', textAlign: 'right' }}>Celkem</th>
-              {!readOnly && <th style={{ width: '5.5rem', textAlign: 'center' }}></th>}
+              {!readOnly && <th style={{ width: '2.5rem', textAlign: 'center' }}></th>}
             </tr>
           </thead>
-          <tbody>
-            {items.map((item, index) => {
-              const lineTotal = (Number(item.quantity) || 0) * (Number(item.unit_price) || 0)
-              return (
-                <tr key={item._key || index}>
-                  <td style={{ color: 'var(--text-tertiary)', textAlign: 'center', fontWeight: 500 }}>{index + 1}</td>
-                  <td>
-                    <input
-                      type="text"
-                      value={item.description}
-                      onChange={(e) => updateItem(index, 'description', e.target.value)}
-                      className="admin-form-input"
-                      placeholder="Název položky"
-                      style={{ marginBottom: '0.5rem', fontWeight: 500 }}
-                      readOnly={readOnly}
-                    />
-                    <input
-                      type="text"
-                      value={item.item_description}
-                      onChange={(e) => updateItem(index, 'item_description', e.target.value)}
-                      className="admin-form-input"
-                      placeholder="Podrobný popis (volitelný)"
-                      style={{ fontSize: '0.8rem', opacity: 0.8 }}
-                      readOnly={readOnly}
-                    />
-                  </td>
-                  <td>
-                    <input
-                      type="number"
-                      value={item.quantity}
-                      onChange={(e) => updateItem(index, 'quantity', parseFloat(e.target.value) || 0)}
-                      className="admin-form-input"
-                      min="0"
-                      step="1"
-                      style={{ textAlign: 'center', height: '2.25rem', padding: '0.375rem 0.5rem' }}
-                      readOnly={readOnly}
-                    />
-                  </td>
-                  <td>
-                    <input
-                      type="text"
-                      value={item.unit}
-                      onChange={(e) => updateItem(index, 'unit', e.target.value)}
-                      className="admin-form-input"
-                      placeholder="hod"
-                      style={{ textAlign: 'center', height: '2.25rem', padding: '0.375rem 0.5rem' }}
-                      readOnly={readOnly}
-                    />
-                  </td>
-                  <td>
-                    <input
-                      type="number"
-                      value={item.unit_price}
-                      onChange={(e) => updateItem(index, 'unit_price', parseFloat(e.target.value) || 0)}
-                      className="admin-form-input"
-                      min="0"
-                      step="0.01"
-                      style={{ textAlign: 'right', height: '2.25rem', padding: '0.375rem 0.5rem' }}
-                      readOnly={readOnly}
-                    />
-                  </td>
-                  <td style={{ textAlign: 'center' }}>
-                    <label className="admin-form-checkbox" style={{ justifyContent: 'center' }}>
-                      <input
-                        type="checkbox"
-                        checked={item.is_included_in_total}
-                        onChange={(e) => updateItem(index, 'is_included_in_total', e.target.checked)}
-                        disabled={readOnly}
-                      />
-                      <span></span>
-                    </label>
-                  </td>
-                  <td style={{ textAlign: 'right', fontWeight: 600, whiteSpace: 'nowrap', fontSize: '0.875rem' }}>
-                    {formatCurrency(lineTotal, currency)}
-                  </td>
-                  {!readOnly && (
-                    <td>
-                      <div style={{ display: 'flex', gap: '0.125rem', justifyContent: 'center' }}>
-                        <button type="button" onClick={() => moveItem(index, -1)} disabled={index === 0} className="admin-btn-icon" title="Nahoru" aria-label="Nahoru">
-                          <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2"><path d="M18 15l-6-6-6 6" /></svg>
-                        </button>
-                        <button type="button" onClick={() => moveItem(index, 1)} disabled={index === items.length - 1} className="admin-btn-icon" title="Dolů" aria-label="Dolů">
-                          <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2"><path d="M6 9l6 6 6-6" /></svg>
-                        </button>
-                        {items.length > 1 && (
-                          <button type="button" onClick={() => removeItem(index)} className="admin-btn-icon danger" title="Odebrat" aria-label="Odebrat">
-                            <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
-                              <line x1="18" y1="6" x2="6" y2="18" /><line x1="6" y1="6" x2="18" y2="18" />
-                            </svg>
-                          </button>
-                        )}
-                      </div>
-                    </td>
-                  )}
-                </tr>
-              )
-            })}
-          </tbody>
+          <DndContext sensors={sensors} collisionDetection={closestCenter} onDragEnd={handleDragEnd} modifiers={[restrictToVerticalAxis]}>
+            <SortableContext items={items.map(i => String(i._key))} strategy={verticalListSortingStrategy}>
+              <tbody>
+                {items.map((item, index) => {
+                  const lineTotal = (Number(item.quantity) || 0) * (Number(item.unit_price) || 0)
+                  return (
+                    <SortableRow key={item._key} id={String(item._key)} disabled={readOnly}>
+                      {({ attributes, listeners }) => (
+                        <>
+                          {!readOnly && (
+                            <td style={{ width: '2rem' }}>
+                              <DragHandle listeners={listeners} attributes={attributes} />
+                            </td>
+                          )}
+                          <td style={{ color: 'var(--text-tertiary)', textAlign: 'center', fontWeight: 500 }}>{index + 1}</td>
+                          <td>
+                            <input
+                              type="text"
+                              value={item.description}
+                              onChange={(e) => updateItem(index, 'description', e.target.value)}
+                              className="admin-form-input"
+                              placeholder="Název položky"
+                              style={{ marginBottom: '0.5rem', fontWeight: 500 }}
+                              readOnly={readOnly}
+                            />
+                            <input
+                              type="text"
+                              value={item.item_description}
+                              onChange={(e) => updateItem(index, 'item_description', e.target.value)}
+                              className="admin-form-input"
+                              placeholder="Podrobný popis (volitelný)"
+                              style={{ fontSize: '0.8rem', opacity: 0.8 }}
+                              readOnly={readOnly}
+                            />
+                          </td>
+                          <td>
+                            <input
+                              type="number"
+                              value={item.quantity}
+                              onChange={(e) => updateItem(index, 'quantity', parseFloat(e.target.value) || 0)}
+                              className="admin-form-input"
+                              min="0"
+                              step="1"
+                              style={{ textAlign: 'center', height: '2.25rem', padding: '0.375rem 0.5rem' }}
+                              readOnly={readOnly}
+                            />
+                          </td>
+                          <td>
+                            <input
+                              type="text"
+                              value={item.unit}
+                              onChange={(e) => updateItem(index, 'unit', e.target.value)}
+                              className="admin-form-input"
+                              placeholder="hod"
+                              style={{ textAlign: 'center', height: '2.25rem', padding: '0.375rem 0.5rem' }}
+                              readOnly={readOnly}
+                            />
+                          </td>
+                          <td>
+                            <input
+                              type="number"
+                              value={item.unit_price}
+                              onChange={(e) => updateItem(index, 'unit_price', parseFloat(e.target.value) || 0)}
+                              className="admin-form-input"
+                              min="0"
+                              step="0.01"
+                              style={{ textAlign: 'right', height: '2.25rem', padding: '0.375rem 0.5rem' }}
+                              readOnly={readOnly}
+                            />
+                          </td>
+                          <td style={{ textAlign: 'center' }}>
+                            <label className="admin-form-checkbox" style={{ justifyContent: 'center' }}>
+                              <input
+                                type="checkbox"
+                                checked={item.is_included_in_total}
+                                onChange={(e) => updateItem(index, 'is_included_in_total', e.target.checked)}
+                                disabled={readOnly}
+                              />
+                              <span></span>
+                            </label>
+                          </td>
+                          <td style={{ textAlign: 'right', fontWeight: 600, whiteSpace: 'nowrap', fontSize: '0.875rem' }}>
+                            {formatCurrency(lineTotal, currency)}
+                          </td>
+                          {!readOnly && (
+                            <td>
+                              {items.length > 1 && (
+                                <button type="button" onClick={() => removeItem(index)} className="admin-btn-icon danger" title="Odebrat" aria-label="Odebrat">
+                                  <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
+                                    <line x1="18" y1="6" x2="6" y2="18" /><line x1="6" y1="6" x2="18" y2="18" />
+                                  </svg>
+                                </button>
+                              )}
+                            </td>
+                          )}
+                        </>
+                      )}
+                    </SortableRow>
+                  )
+                })}
+              </tbody>
+            </SortableContext>
+          </DndContext>
         </table>
       </div>
 
diff --git a/src/admin/components/ShortcutsHelp.jsx b/src/admin/components/ShortcutsHelp.jsx
new file mode 100644
index 0000000..fa3bd87
--- /dev/null
+++ b/src/admin/components/ShortcutsHelp.jsx
@@ -0,0 +1,50 @@
+import { useState } from 'react'
+import useKeyboardShortcuts from '../hooks/useKeyboardShortcuts'
+
+const GLOBAL_SHORTCUTS = [
+  { keys: '?', description: 'Zobrazit klávesové zkratky' },
+  { keys: 'Ctrl + N', description: 'Nový záznam' },
+  { keys: 'Ctrl + S', description: 'Uložit' },
+  { keys: 'Escape', description: 'Zavřít modal / zrušit' },
+  { keys: '/', description: 'Hledat' },
+]
+
+export default function ShortcutsHelp() {
+  const [open, setOpen] = useState(false)
+
+  useKeyboardShortcuts([
+    { key: '?', shift: true, handler: () => setOpen(prev => !prev) },
+    { key: 'Escape', handler: () => setOpen(false), when: open },
+  ])
+
+  if (!open) return null
+
+  return (
+    <div className="admin-modal-overlay" onClick={() => setOpen(false)}>
+      <div className="admin-modal" style={{ maxWidth: 420 }} onClick={e => e.stopPropagation()}>
+        <div className="admin-modal-header">
+          <h3>Klávesové zkratky</h3>
+          <button className="admin-modal-close" onClick={() => setOpen(false)}>
+            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
+              <path d="M18 6L6 18M6 6l12 12"/>
+            </svg>
+          </button>
+        </div>
+        <div className="admin-modal-body">
+          <table className="admin-table" style={{ minWidth: 'auto' }}>
+            <tbody>
+              {GLOBAL_SHORTCUTS.map(s => (
+                <tr key={s.keys}>
+                  <td style={{ width: 120 }}>
+                    <kbd className="admin-kbd">{s.keys}</kbd>
+                  </td>
+                  <td>{s.description}</td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/src/admin/components/SortableRow.jsx b/src/admin/components/SortableRow.jsx
new file mode 100644
index 0000000..ba008a9
--- /dev/null
+++ b/src/admin/components/SortableRow.jsx
@@ -0,0 +1,53 @@
+import { useSortable } from '@dnd-kit/sortable'
+import { CSS } from '@dnd-kit/utilities'
+
+export function DragHandle({ listeners, attributes }) {
+  return (
+    <button
+      type="button"
+      className="admin-drag-handle"
+      {...attributes}
+      {...listeners}
+      title="Přetáhnout"
+      aria-label="Přetáhnout pro změnu pořadí"
+    >
+      <svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor">
+        <circle cx="9" cy="5" r="1.5" />
+        <circle cx="15" cy="5" r="1.5" />
+        <circle cx="9" cy="12" r="1.5" />
+        <circle cx="15" cy="12" r="1.5" />
+        <circle cx="9" cy="19" r="1.5" />
+        <circle cx="15" cy="19" r="1.5" />
+      </svg>
+    </button>
+  )
+}
+
+export default function SortableRow({ id, children, disabled }) {
+  const {
+    attributes,
+    listeners,
+    setNodeRef,
+    transform,
+    transition,
+    isDragging,
+  } = useSortable({ id, disabled })
+
+  const style = {
+    transform: CSS.Transform.toString(transform),
+    transition,
+    opacity: isDragging ? 0.5 : 1,
+    position: 'relative',
+    zIndex: isDragging ? 10 : undefined,
+    background: isDragging ? 'var(--bg-secondary)' : undefined,
+  }
+
+  return (
+    <tr ref={setNodeRef} style={style}>
+      {typeof children === 'function'
+        ? children({ attributes, listeners })
+        : children
+      }
+    </tr>
+  )
+}
diff --git a/src/admin/hooks/__tests__/useTableSort.test.js b/src/admin/hooks/__tests__/useTableSort.test.js
new file mode 100644
index 0000000..d2e651b
--- /dev/null
+++ b/src/admin/hooks/__tests__/useTableSort.test.js
@@ -0,0 +1,65 @@
+import { describe, it, expect } from 'vitest'
+import { renderHook, act } from '@testing-library/react'
+import useTableSort from '../useTableSort'
+
+describe('useTableSort', () => {
+  it('vraci pocatecni stav s default hodnotami', () => {
+    const { result } = renderHook(() => useTableSort('name'))
+    expect(result.current.sort).toBe('name')
+    expect(result.current.order).toBe('DESC')
+    expect(result.current.activeSort).toBeNull()
+  })
+
+  it('respektuje custom pocatecni order', () => {
+    const { result } = renderHook(() => useTableSort('date', 'ASC'))
+    expect(result.current.sort).toBe('date')
+    expect(result.current.order).toBe('ASC')
+  })
+
+  it('activeSort je null dokud uzivatel neklikne', () => {
+    const { result } = renderHook(() => useTableSort('name'))
+    expect(result.current.activeSort).toBeNull()
+  })
+
+  it('po kliknuti na sloupec nastavi activeSort', () => {
+    const { result } = renderHook(() => useTableSort('name'))
+
+    act(() => {
+      result.current.handleSort('name')
+    })
+
+    expect(result.current.activeSort).toBe('name')
+  })
+
+  it('toggleuje order pri kliknuti na stejny sloupec', () => {
+    const { result } = renderHook(() => useTableSort('name'))
+
+    act(() => {
+      result.current.handleSort('name')
+    })
+    // Default DESC -> toggle to ASC
+    expect(result.current.order).toBe('ASC')
+
+    act(() => {
+      result.current.handleSort('name')
+    })
+    expect(result.current.order).toBe('DESC')
+  })
+
+  it('pri kliknuti na jiny sloupec resetuje order na DESC', () => {
+    const { result } = renderHook(() => useTableSort('name'))
+
+    // Klikneme na name - toggle z DESC na ASC
+    act(() => {
+      result.current.handleSort('name')
+    })
+    expect(result.current.order).toBe('ASC')
+
+    // Klikneme na jiny sloupec - reset na DESC
+    act(() => {
+      result.current.handleSort('date')
+    })
+    expect(result.current.sort).toBe('date')
+    expect(result.current.order).toBe('DESC')
+  })
+})
diff --git a/src/admin/hooks/useKeyboardShortcuts.js b/src/admin/hooks/useKeyboardShortcuts.js
new file mode 100644
index 0000000..1752fa2
--- /dev/null
+++ b/src/admin/hooks/useKeyboardShortcuts.js
@@ -0,0 +1,36 @@
+import { useEffect, useCallback } from 'react'
+
+/**
+ * Hook pro globalni keyboard shortcuts
+ * @param {Array<{key: string, ctrl?: boolean, shift?: boolean, alt?: boolean, handler: Function, when?: boolean}>} shortcuts
+ */
+export default function useKeyboardShortcuts(shortcuts) {
+  const handleKeyDown = useCallback((e) => {
+    // Ignorovat pokud je focus v inputu/textarea/contenteditable (krome Escape)
+    const tag = e.target.tagName
+    const isInput = tag === 'INPUT' || tag === 'TEXTAREA' || tag === 'SELECT' || e.target.isContentEditable
+
+    for (const shortcut of shortcuts) {
+      if (shortcut.when === false) continue
+
+      const ctrlMatch = shortcut.ctrl ? (e.ctrlKey || e.metaKey) : !(e.ctrlKey || e.metaKey)
+      const shiftMatch = shortcut.shift ? e.shiftKey : !e.shiftKey
+      const altMatch = shortcut.alt ? e.altKey : !e.altKey
+      const keyMatch = e.key.toLowerCase() === shortcut.key.toLowerCase()
+
+      if (keyMatch && ctrlMatch && shiftMatch && altMatch) {
+        // Escape funguje i v inputech
+        if (isInput && e.key !== 'Escape') continue
+
+        e.preventDefault()
+        shortcut.handler(e)
+        return
+      }
+    }
+  }, [shortcuts])
+
+  useEffect(() => {
+    window.addEventListener('keydown', handleKeyDown)
+    return () => window.removeEventListener('keydown', handleKeyDown)
+  }, [handleKeyDown])
+}
diff --git a/src/admin/hooks/useSortableList.js b/src/admin/hooks/useSortableList.js
new file mode 100644
index 0000000..4476f1e
--- /dev/null
+++ b/src/admin/hooks/useSortableList.js
@@ -0,0 +1,29 @@
+import { useCallback } from 'react'
+import { arrayMove } from '@dnd-kit/sortable'
+
+/**
+ * Hook pro drag-and-drop razeni seznamu
+ * Vraci handleDragEnd pro DndContext
+ *
+ * @param {Function} setItems - setter pro pole polozek
+ * @param {string} keyField - nazev property pro unikatni identifikaci (_key, id)
+ */
+export default function useSortableList(setItems, keyField = '_key') {
+  const handleDragEnd = useCallback((event) => {
+    const { active, over } = event
+    if (!over || active.id === over.id) {
+      return
+    }
+
+    setItems(prev => {
+      const oldIndex = prev.findIndex(item => String(item[keyField]) === String(active.id))
+      const newIndex = prev.findIndex(item => String(item[keyField]) === String(over.id))
+      if (oldIndex === -1 || newIndex === -1) {
+        return prev
+      }
+      return arrayMove(prev, oldIndex, newIndex)
+    })
+  }, [setItems, keyField])
+
+  return { handleDragEnd }
+}
diff --git a/src/admin/invoices.css b/src/admin/invoices.css
index 1bec7cd..59f916e 100644
--- a/src/admin/invoices.css
+++ b/src/admin/invoices.css
@@ -124,3 +124,18 @@
   align-items: flex-start;
 }
 
+@media (max-width: 640px) {
+  .invoice-month-btn {
+    width: 44px;
+    height: 44px;
+  }
+
+  .received-upload-row {
+    flex-direction: column;
+  }
+
+  .received-upload-file-name {
+    max-width: 200px;
+  }
+}
+
diff --git a/src/admin/pages/Login.jsx b/src/admin/pages/Login.jsx
index 501a647..cb1b32c 100644
--- a/src/admin/pages/Login.jsx
+++ b/src/admin/pages/Login.jsx
@@ -158,7 +158,7 @@ export default function Login() {
             <div className="admin-login-header">
               <img
                 src={theme === 'dark' ? '/images/logo-dark.png' : '/images/logo-light.png'}
-                alt="BOHA Automation"
+                alt="Logo"
                 className="admin-login-logo"
               />
               <h1 className="admin-login-title">Interní systém</h1>
diff --git a/src/admin/pages/OfferDetail.jsx b/src/admin/pages/OfferDetail.jsx
index b5b0bb3..f7a2f80 100644
--- a/src/admin/pages/OfferDetail.jsx
+++ b/src/admin/pages/OfferDetail.jsx
@@ -330,16 +330,6 @@ export default function OfferDetail() {
     setItems(prev => prev.length > 1 ? prev.filter((_, i) => i !== index) : prev)
   }
 
-  const moveItem = (index, direction) => {
-    setItems(prev => {
-      const newItems = [...prev]
-      const target = index + direction
-      if (target < 0 || target >= newItems.length) return prev
-      ;[newItems[index], newItems[target]] = [newItems[target], newItems[index]]
-      return newItems
-    })
-  }
-
   const addItemFromTemplate = (template) => {
     setItems(prev => [...prev, {
       _key: `item-${++_keyCounter}`,
@@ -921,10 +911,10 @@ export default function OfferDetail() {
 
       <OfferItemsSection
         items={items}
+        setItems={setItems}
         updateItem={updateItem}
         addItem={addItem}
         removeItem={removeItem}
-        moveItem={moveItem}
         itemTemplates={itemTemplates}
         showItemTemplateMenu={showItemTemplateMenu}
         setShowItemTemplateMenu={setShowItemTemplateMenu}
diff --git a/src/admin/settings.css b/src/admin/settings.css
index d107a25..6388b4d 100644
--- a/src/admin/settings.css
+++ b/src/admin/settings.css
@@ -52,3 +52,13 @@
   line-height: 1.4;
   padding-left: 2.75rem;
 }
+
+@media (max-width: 768px) {
+  .admin-permission-item {
+    padding: 0.75rem;
+  }
+
+  .admin-permission-item .admin-form-checkbox {
+    min-height: 44px;
+  }
+}
diff --git a/src/admin/utils/__tests__/attendanceHelpers.test.js b/src/admin/utils/__tests__/attendanceHelpers.test.js
new file mode 100644
index 0000000..51e8686
--- /dev/null
+++ b/src/admin/utils/__tests__/attendanceHelpers.test.js
@@ -0,0 +1,132 @@
+import { describe, it, expect } from 'vitest'
+import {
+  formatDate,
+  formatTime,
+  formatDatetime,
+  formatMinutes,
+  calculateWorkMinutes,
+  getLeaveTypeName,
+  getLeaveTypeBadgeClass
+} from '../attendanceHelpers'
+
+describe('formatDate', () => {
+  it('formatuje datum do cs-CZ formatu', () => {
+    const result = formatDate('2026-03-12')
+    expect(result).toMatch(/12/)
+    expect(result).toMatch(/2026/)
+  })
+
+  it('vraci pomlcku pro falsy hodnoty', () => {
+    expect(formatDate('')).toBe('—')
+    expect(formatDate(null)).toBe('—')
+    expect(formatDate(undefined)).toBe('—')
+  })
+})
+
+describe('formatTime', () => {
+  it('formatuje cas ve formatu HH:MM', () => {
+    const result = formatTime('2026-03-12T14:30:00')
+    expect(result).toBe('14:30')
+  })
+
+  it('vraci pomlcku pro prazdny vstup', () => {
+    expect(formatTime('')).toBe('—')
+    expect(formatTime(null)).toBe('—')
+  })
+})
+
+describe('formatDatetime', () => {
+  it('formatuje datum a cas dohromady', () => {
+    const result = formatDatetime('2026-03-12T14:30:00')
+    expect(result).toContain('12')
+    expect(result).toContain('14:30')
+  })
+
+  it('vraci pomlcku pro prazdny vstup', () => {
+    expect(formatDatetime('')).toBe('—')
+    expect(formatDatetime(null)).toBe('—')
+  })
+})
+
+describe('formatMinutes', () => {
+  it('formatuje minuty na H:MM', () => {
+    expect(formatMinutes(90)).toBe('1:30')
+    expect(formatMinutes(60)).toBe('1:00')
+    expect(formatMinutes(0)).toBe('0:00')
+    expect(formatMinutes(125)).toBe('2:05')
+  })
+
+  it('formatuje s jednotkou kdyz withUnit=true', () => {
+    expect(formatMinutes(90, true)).toBe('1:30 h')
+    expect(formatMinutes(0, true)).toBe('0:00 h')
+  })
+
+  it('formatuje male hodnoty s paddingem', () => {
+    expect(formatMinutes(5)).toBe('0:05')
+    expect(formatMinutes(1)).toBe('0:01')
+  })
+})
+
+describe('calculateWorkMinutes', () => {
+  it('spocita minuty bez prestavky', () => {
+    const record = {
+      arrival_time: '2026-03-12T08:00:00',
+      departure_time: '2026-03-12T16:00:00'
+    }
+    expect(calculateWorkMinutes(record)).toBe(480)
+  })
+
+  it('odecte prestavku', () => {
+    const record = {
+      arrival_time: '2026-03-12T08:00:00',
+      departure_time: '2026-03-12T16:00:00',
+      break_start: '2026-03-12T12:00:00',
+      break_end: '2026-03-12T12:30:00'
+    }
+    expect(calculateWorkMinutes(record)).toBe(450)
+  })
+
+  it('vraci 0 kdyz chybi prichod nebo odchod', () => {
+    expect(calculateWorkMinutes({ arrival_time: '2026-03-12T08:00:00' })).toBe(0)
+    expect(calculateWorkMinutes({ departure_time: '2026-03-12T16:00:00' })).toBe(0)
+    expect(calculateWorkMinutes({})).toBe(0)
+  })
+
+  it('vraci 0 pro zaporne minuty', () => {
+    const record = {
+      arrival_time: '2026-03-12T16:00:00',
+      departure_time: '2026-03-12T08:00:00'
+    }
+    expect(calculateWorkMinutes(record)).toBe(0)
+  })
+})
+
+describe('getLeaveTypeName', () => {
+  it('vraci spravne nazvy pro zname typy', () => {
+    expect(getLeaveTypeName('work')).toBe('Práce')
+    expect(getLeaveTypeName('vacation')).toBe('Dovolená')
+    expect(getLeaveTypeName('sick')).toBe('Nemoc')
+    expect(getLeaveTypeName('holiday')).toBe('Svátek')
+    expect(getLeaveTypeName('unpaid')).toBe('Neplacené volno')
+  })
+
+  it('vraci Prace jako fallback', () => {
+    expect(getLeaveTypeName('unknown')).toBe('Práce')
+    expect(getLeaveTypeName(undefined)).toBe('Práce')
+  })
+})
+
+describe('getLeaveTypeBadgeClass', () => {
+  it('vraci spravne CSS tridy', () => {
+    expect(getLeaveTypeBadgeClass('vacation')).toBe('badge-vacation')
+    expect(getLeaveTypeBadgeClass('sick')).toBe('badge-sick')
+    expect(getLeaveTypeBadgeClass('holiday')).toBe('badge-holiday')
+    expect(getLeaveTypeBadgeClass('unpaid')).toBe('badge-unpaid')
+  })
+
+  it('vraci prazdny retezec pro work a nezname typy', () => {
+    expect(getLeaveTypeBadgeClass('work')).toBe('')
+    expect(getLeaveTypeBadgeClass('unknown')).toBe('')
+    expect(getLeaveTypeBadgeClass(undefined)).toBe('')
+  })
+})
diff --git a/src/admin/utils/__tests__/formatters.test.js b/src/admin/utils/__tests__/formatters.test.js
new file mode 100644
index 0000000..38a959f
--- /dev/null
+++ b/src/admin/utils/__tests__/formatters.test.js
@@ -0,0 +1,102 @@
+import { describe, it, expect } from 'vitest'
+import { formatCurrency, formatDate, formatKm, czechPlural } from '../formatters'
+
+describe('formatCurrency', () => {
+  it('formatuje CZK s dvema desetinnymi misty', () => {
+    const result = formatCurrency(1234.5, 'CZK')
+    expect(result).toContain('Kč')
+    expect(result).toMatch(/1[\s\u00a0]?234,50/)
+  })
+
+  it('formatuje EUR s eurem za castkou', () => {
+    const result = formatCurrency(99.9, 'EUR')
+    expect(result).toContain('€')
+    expect(result).toContain('99,90')
+  })
+
+  it('formatuje USD s dolarem pred castkou', () => {
+    const result = formatCurrency(1500, 'USD')
+    expect(result).toMatch(/^\$/)
+    expect(result).toContain('1,500.00')
+  })
+
+  it('formatuje GBP s librou pred castkou', () => {
+    const result = formatCurrency(250, 'GBP')
+    expect(result).toMatch(/^£/)
+    expect(result).toContain('250.00')
+  })
+
+  it('pouzije fallback pro neznámou menu', () => {
+    const result = formatCurrency(100, 'CHF')
+    expect(result).toBe('100.00 CHF')
+  })
+
+  it('vraci 0 pro nevalidni vstup', () => {
+    const result = formatCurrency('abc', 'CZK')
+    expect(result).toContain('0,00')
+    expect(result).toContain('Kč')
+  })
+
+  it('vraci 0 pro null', () => {
+    const result = formatCurrency(null, 'CZK')
+    expect(result).toContain('0,00')
+  })
+
+  it('formatuje zaporne castky', () => {
+    const result = formatCurrency(-500, 'CZK')
+    expect(result).toContain('Kč')
+    expect(result).toContain('500')
+  })
+})
+
+describe('formatDate', () => {
+  it('formatuje datum do cs-CZ formatu', () => {
+    const result = formatDate('2026-03-12')
+    // cs-CZ format: 12. 3. 2026 nebo 12.3.2026
+    expect(result).toMatch(/12/)
+    expect(result).toMatch(/3/)
+    expect(result).toMatch(/2026/)
+  })
+
+  it('vraci pomlcku pro prazdny vstup', () => {
+    expect(formatDate('')).toBe('—')
+    expect(formatDate(null)).toBe('—')
+    expect(formatDate(undefined)).toBe('—')
+  })
+})
+
+describe('formatKm', () => {
+  it('formatuje kilometry s oddelovacem tisicu', () => {
+    const result = formatKm(12345)
+    // cs-CZ pouziva mezeru nebo narrow no-break space jako oddelovac
+    expect(result).toMatch(/12[\s\u00a0]?345/)
+  })
+
+  it('vraci 0 pro nevalidni vstup', () => {
+    expect(formatKm('abc')).toBe('0')
+    expect(formatKm(null)).toBe('0')
+  })
+
+  it('formatuje mala cisla bez oddelovace', () => {
+    expect(formatKm(42)).toBe('42')
+  })
+})
+
+describe('czechPlural', () => {
+  it('vraci tvar pro 1', () => {
+    expect(czechPlural(1, 'den', 'dny', 'dní')).toBe('den')
+  })
+
+  it('vraci tvar pro 2-4', () => {
+    expect(czechPlural(2, 'den', 'dny', 'dní')).toBe('dny')
+    expect(czechPlural(3, 'den', 'dny', 'dní')).toBe('dny')
+    expect(czechPlural(4, 'den', 'dny', 'dní')).toBe('dny')
+  })
+
+  it('vraci tvar pro 0 a 5+', () => {
+    expect(czechPlural(0, 'den', 'dny', 'dní')).toBe('dní')
+    expect(czechPlural(5, 'den', 'dny', 'dní')).toBe('dní')
+    expect(czechPlural(10, 'den', 'dny', 'dní')).toBe('dní')
+    expect(czechPlural(100, 'den', 'dny', 'dní')).toBe('dní')
+  })
+})
diff --git a/src/test/setup.js b/src/test/setup.js
new file mode 100644
index 0000000..c44951a
--- /dev/null
+++ b/src/test/setup.js
@@ -0,0 +1 @@
+import '@testing-library/jest-dom'
diff --git a/vite.config.js b/vite.config.js
index 1f6f7cb..8b44012 100644
--- a/vite.config.js
+++ b/vite.config.js
@@ -58,6 +58,11 @@ import { defineConfig } from 'vite'
 
   export default defineConfig({
     plugins: [react(), copyFoldersPlugin()],
+    test: {
+      globals: true,
+      environment: 'jsdom',
+      setupFiles: './src/test/setup.js',
+    },
     build: {
       outDir: 'dist',
       emptyOutDir: true,