From 08c7b01effbcb0b5997dffa52febffe1a1e7fa1f Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:22:53 +0200
Subject: [PATCH 01/10] fix(surface-tabs): optional module-activation filter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Tab descriptors may carry an optional 'module' field naming their owning
optional module; resolveSurfaceTabs gains an optional isActive predicate
(default keep-all) that hides tabs whose module is deactivated. Routes are
already gated at injection time — this closes the matching render-time gap
where a baked config tab for a deactivated module clicked through to a 404.

refs #4295
---
 src/lib/helpers/surface-tabs.js               | 25 +++++++---
 .../helpers/tests/surface-tabs.unit.tests.js  | 46 +++++++++++++++++++
 2 files changed, 64 insertions(+), 7 deletions(-)

diff --git a/src/lib/helpers/surface-tabs.js b/src/lib/helpers/surface-tabs.js
index d003dc05f..82645bc13 100644
--- a/src/lib/helpers/surface-tabs.js
+++ b/src/lib/helpers/surface-tabs.js
@@ -53,22 +53,33 @@ export function isValidTab(tab) {
 }
 
 /**
- * Filter a tabs array by validity then by CASL permissions.
+ * Filter a tabs array by validity, then by CASL permissions, then by module
+ * activation.
  *
  * A tab with no `{action, subject}` pair is always shown (unconditional tabs).
  * Both `action` AND `subject` must be present for the CASL check to apply.
  *
- * Intended for use by surface layouts (org-settings, admin, etc.) to derive
- * their reactive extra-tab list from a config array + a `can` predicate from
- * `useAbility()`.
+ * A tab may carry an optional `module` field naming the optional module that
+ * owns it (e.g. a module-contributed `config.admin.tabs` entry). When the
+ * `isActive` predicate reports that module inactive, the tab is hidden —
+ * keeping render-time tab visibility consistent with route injection, which
+ * already skips deactivated modules (`injectModuleChildren`). Tabs without a
+ * `module` field are never activation-filtered, and the keep-all default
+ * preserves existing 2-argument callers byte-for-byte.
+ *
+ * Intended for use by surface layouts (org-settings, admin, account, etc.)
+ * to derive their reactive extra-tab list from a config array + a `can`
+ * predicate from `useAbility()` (+ optionally `isModuleActive`).
  *
  * @param {Array<unknown>|null|undefined} tabs - Raw tabs from config.
  * @param {(action: string, subject: string) => boolean} can - Required. CASL predicate from `useAbility()`. Must be a function.
- * @returns {Array<object>} Validated + permitted tabs.
+ * @param {(moduleName: string) => boolean} [isActive=() => true] - Optional module-activation predicate (e.g. `isModuleActive`). Defaults to keep-all.
+ * @returns {Array<object>} Validated + permitted + activation-filtered tabs.
  */
-export function resolveSurfaceTabs(tabs, can) {
+export function resolveSurfaceTabs(tabs, can, isActive = () => true) {
   if (typeof can !== 'function') throw new TypeError('[resolveSurfaceTabs] can must be a function');
   return (Array.isArray(tabs) ? tabs : [])
     .filter(isValidTab)
-    .filter((t) => (t.action && t.subject ? can(t.action, t.subject) : true));
+    .filter((t) => (t.action && t.subject ? can(t.action, t.subject) : true))
+    .filter((t) => (t.module ? isActive(t.module) : true));
 }
diff --git a/src/lib/helpers/tests/surface-tabs.unit.tests.js b/src/lib/helpers/tests/surface-tabs.unit.tests.js
index 2e0f9f188..a4d691d48 100644
--- a/src/lib/helpers/tests/surface-tabs.unit.tests.js
+++ b/src/lib/helpers/tests/surface-tabs.unit.tests.js
@@ -182,3 +182,49 @@ describe('resolveSurfaceTabs', () => {
     expect(resolveSurfaceTabs(tabs, can).map((t) => t.value)).toEqual(['billing']);
   });
 });
+
+/**
+ * resolveSurfaceTabs — optional module-activation filter (3rd param).
+ * A tab may carry an optional `module` field naming its owning optional
+ * module; when the `isActive` predicate reports that module inactive the tab
+ * is hidden. Tabs without a `module` field are never activation-filtered,
+ * and omitting `isActive` keeps every tab (backward compatible default).
+ */
+describe('resolveSurfaceTabs — module activation filter', () => {
+  const allowAll = () => true;
+  const tabs = [
+    { value: 'profile', label: 'Profile', route: 'profile' },
+    { value: 'invitations', label: 'Referrals', route: 'invitations', module: 'invitations' },
+  ];
+
+  it('filters out a tab whose module is inactive', () => {
+    const isActive = (name) => name !== 'invitations';
+    expect(resolveSurfaceTabs(tabs, allowAll, isActive).map((t) => t.value)).toEqual(['profile']);
+  });
+
+  it('keeps a tab whose module is active', () => {
+    const isActive = () => true;
+    expect(resolveSurfaceTabs(tabs, allowAll, isActive).map((t) => t.value)).toEqual(['profile', 'invitations']);
+  });
+
+  it('never activation-filters tabs without a module field, even when isActive rejects everything', () => {
+    const isActive = () => false;
+    expect(resolveSurfaceTabs(tabs, allowAll, isActive).map((t) => t.value)).toEqual(['profile']);
+  });
+
+  it('keeps all tabs when isActive is omitted (backward-compatible default)', () => {
+    expect(resolveSurfaceTabs(tabs, allowAll).map((t) => t.value)).toEqual(['profile', 'invitations']);
+  });
+
+  it('applies validity + CASL + activation in one pass', () => {
+    const mixed = [
+      { value: 'profile', label: 'Profile', route: 'profile' },
+      { value: 'denied', label: 'Denied', route: 'denied', action: 'manage', subject: 'Nope' },
+      { value: 'invitations', label: 'Referrals', route: 'invitations', module: 'invitations' },
+      { label: 'broken' },
+    ];
+    const can = (action, subject) => subject !== 'Nope';
+    const isActive = (name) => name !== 'invitations';
+    expect(resolveSurfaceTabs(mixed, can, isActive).map((t) => t.value)).toEqual(['profile']);
+  });
+});

From 9c77129142b2f11532fe8b7341badba66078310c Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:24:16 +0200
Subject: [PATCH 02/10] fix(invitations): hide module-owned tabs when
 deactivated

Tag the admin Invitations + account Referrals tab descriptors with
module: 'invitations' and pass isModuleActive as resolveSurfaceTabs'
third argument from CoreSurfaceTabBar (the single call site, so every
surface gets the gate). Regenerates src/config/index.js (gitignored
build artifact). Render-time filtering keeps one source of truth
(isModuleActive) instead of pruning at generation time across the 5
merge layers.

refs #4295
---
 .../components/core.surfaceTabBar.component.vue  | 16 ++++++++++------
 .../config/invitations.development.config.js     |  9 +++++++--
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/modules/core/components/core.surfaceTabBar.component.vue b/src/modules/core/components/core.surfaceTabBar.component.vue
index 7c86a8f4f..592bb68ed 100644
--- a/src/modules/core/components/core.surfaceTabBar.component.vue
+++ b/src/modules/core/components/core.surfaceTabBar.component.vue
@@ -1,18 +1,22 @@
 <script setup>
 import { computed } from 'vue';
 import { resolveSurfaceTabs } from '@/lib/helpers/surface-tabs';
+import { isModuleActive } from '@/lib/helpers/modules';
 
 defineOptions({ name: 'CoreSurfaceTabBar' });
 
 /**
  * SurfaceTabBar — a cosmetic tab strip that renders only the tabs allowed by
- * reactive CASL. Filtering is done via `resolveSurfaceTabs`, which validates
- * descriptors AND applies the `can` predicate.
+ * reactive CASL AND module activation. Filtering is done via
+ * `resolveSurfaceTabs`, which validates descriptors, applies the `can`
+ * predicate, and hides tabs whose optional `module` field names a
+ * deactivated module (`isModuleActive`, config-backed).
  *
  * Decoupling contract: this component does NOT import CASL/ability itself.
- * The parent owns the ability source and passes `can` as a prop. The computed
- * getter re-evaluates automatically whenever `tabs` or `can` change — no
- * remount needed.
+ * The parent owns the ability source and passes `can` as a prop. Module
+ * activation is config-backed (not ability-backed), so `isModuleActive` is
+ * imported directly. The computed getter re-evaluates automatically whenever
+ * `tabs` or `can` change — no remount needed.
  */
 const props = defineProps({
   /** Raw tab descriptors from config. */
@@ -35,7 +39,7 @@ const props = defineProps({
   },
 });
 
-const visibleTabs = computed(() => resolveSurfaceTabs(props.tabs, props.can));
+const visibleTabs = computed(() => resolveSurfaceTabs(props.tabs, props.can, isModuleActive));
 
 /**
  * Resolve a tab descriptor to a concrete absolute path.
diff --git a/src/modules/invitations/config/invitations.development.config.js b/src/modules/invitations/config/invitations.development.config.js
index f225dc3c5..65117e2b8 100644
--- a/src/modules/invitations/config/invitations.development.config.js
+++ b/src/modules/invitations/config/invitations.development.config.js
@@ -9,14 +9,19 @@ export default {
   // `users` alphabetically, so contributing `users.tabs` here would clobber the
   // base Profile/Organizations tabs. `extraTabs` is a fresh key owned by nobody,
   // so it merges cleanly into the `users` config object.
+  //
+  // The `module` field marks each tab as owned by this optional module so
+  // CoreSurfaceTabBar (via resolveSurfaceTabs + isModuleActive) hides it when
+  // `modules.invitations.activated` is false — mirroring the route-injection
+  // gate, which already skips deactivated modules.
   admin: {
     tabs: [
-      { value: 'invitations', label: 'Invitations', icon: 'fa-solid fa-envelope', route: 'invitations', action: 'manage', subject: 'UserAdmin' },
+      { value: 'invitations', label: 'Invitations', icon: 'fa-solid fa-envelope', route: 'invitations', action: 'manage', subject: 'UserAdmin', module: 'invitations' },
     ],
   },
   users: {
     extraTabs: [
-      { value: 'invitations', label: 'Referrals', icon: 'fa-solid fa-gift', route: 'invitations', action: 'create', subject: 'Invitation' },
+      { value: 'invitations', label: 'Referrals', icon: 'fa-solid fa-gift', route: 'invitations', action: 'create', subject: 'Invitation', module: 'invitations' },
     ],
   },
   modules: {

From 9070297a18b8cfc33f5e3ba1751a10e042489289 Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:24:33 +0200
Subject: [PATCH 03/10] docs(migrations): activation-aware surface-tabs entry

Downstream projects overriding admin.tabs/users.extraTabs must tag
module-owned descriptors with the new module field; tabs without it are
always shown.

refs #4295
---
 MIGRATIONS.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/MIGRATIONS.md b/MIGRATIONS.md
index 9e13f112a..139f66c4b 100644
--- a/MIGRATIONS.md
+++ b/MIGRATIONS.md
@@ -4,6 +4,25 @@ Breaking changes and upgrade notes for downstream projects.
 
 ---
 
+## surface-tabs: activation-aware tab filtering (2026-06-12, #4295)
+
+Module-contributed surface tabs now respect `config.modules.{name}.activated`. Previously a downstream setting `modules: { invitations: { activated: false } }` still rendered the admin "Invitations" tab + the account "Referrals" tab (the module fragment's `admin.tabs` / `users.extraTabs` merge unconditionally at generation time) while the routes were correctly NOT injected — clicking the tab landed on a 404.
+
+### What changed (this repo)
+
+- `resolveSurfaceTabs(tabs, can, isActive = () => true)` gained an optional third parameter: tab descriptors may carry an optional `module` field, and a tab whose `module` is reported inactive is filtered out. Tabs without a `module` field are never activation-filtered; omitting `isActive` keeps every tab (existing callers unchanged).
+- `core.surfaceTabBar.component.vue` passes `isModuleActive` as the third argument — its single call site means ALL surfaces using `CoreSurfaceTabBar` (admin, account, org-settings) get the gate.
+- The invitations config fragment tags both of its tab descriptors with `module: 'invitations'`; the regenerated `src/config/index.js` carries the field.
+- The filter is render-time on purpose (single source of truth: `isModuleActive`). Generation-time pruning would have to run after all 5 merge layers, handle env-var string coercion (`'false' !== false`), and silently diverge the committed generated file.
+
+### Action required for downstream projects (`/update-stack`)
+
+1. All files are devkit-owned → arrive via `/update-stack`. Re-run `npm run generateConfig` (any `dev`/`build`/`preview` does it) so the regenerated config picks up the `module` fields.
+2. **⚠️ If a downstream overrides `admin.tabs` or `users.extraTabs` in its `{project}.config.js`** (deepMerge REPLACES arrays — the override is the whole array), add `module: '<owning-module>'` to any module-owned tab descriptors in the override, or those tabs will keep rendering when that module is deactivated. Tabs without a `module` field are always shown — project-owned tabs need no change.
+3. Deactivating a module (e.g. `modules: { invitations: { activated: false } }`) now hides its surface tabs as well as its routes — no more tab-to-404.
+
+---
+
 ## organizations: org email-invite UI removed (2026-06-11, #4280)
 
 Phase 7 of the invitations↔org decouple epic. Pairs with Node P4 (#3812), which deleted the backends (`POST /api/organizations/:id/invites`, `GET /api/invites/:token`, `POST /api/invites/:token/accept`) — this UI was dead.

From 3cf38bb3c6ed899cab98b1e9aa339e721afe82ab Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:26:45 +0200
Subject: [PATCH 04/10] fix(admin): drop the layout-level mailer banner

The Readiness tab already reports mail-provider status ('mail' readiness
row); the admin layout banner duplicated that signal on every admin tab.
Remove the v-alert + showMailerWarning computed + now-unused useAuthStore
import, and delete the orphan AuthAdminMailerWarning snackbar component
(imported only by its own unit test).

refs #4297
---
 .../admin/tests/admin.layout.unit.tests.js    |   9 +-
 src/modules/admin/views/admin.layout.vue      |  30 +----
 .../auth.adminMailerWarning.component.vue     | 101 ---------------
 ...adminMailerWarning.component.unit.tests.js | 116 ------------------
 4 files changed, 6 insertions(+), 250 deletions(-)
 delete mode 100644 src/modules/auth/components/auth.adminMailerWarning.component.vue
 delete mode 100644 src/modules/auth/tests/auth.adminMailerWarning.component.unit.tests.js

diff --git a/src/modules/admin/tests/admin.layout.unit.tests.js b/src/modules/admin/tests/admin.layout.unit.tests.js
index 61749d227..523414575 100644
--- a/src/modules/admin/tests/admin.layout.unit.tests.js
+++ b/src/modules/admin/tests/admin.layout.unit.tests.js
@@ -151,17 +151,10 @@ describe('admin.layout', () => {
     expect(html.indexOf('Boom')).toBeLessThan(html.indexOf('page-header-tabs-stub'));
   });
 
-  it('renders the mailer warning at the TOP when serverConfig.mail.configured is false', async () => {
+  it('does NOT render a mailer banner even when serverConfig.mail.configured is false (signal lives in the Readiness tab)', async () => {
     authStoreState.serverConfig = { mail: { configured: false } };
     const wrapper = mountLayout();
     await wrapper.vm.$nextTick();
-    const html = wrapper.html();
-    expect(html.indexOf('No mailer configured')).toBeLessThan(html.indexOf('page-header-tabs-stub'));
-  });
-
-  it('does NOT render the mailer warning when mail is configured', () => {
-    authStoreState.serverConfig = { mail: { configured: true } };
-    const wrapper = mountLayout();
     expect(wrapper.html()).not.toContain('No mailer configured');
   });
 
diff --git a/src/modules/admin/views/admin.layout.vue b/src/modules/admin/views/admin.layout.vue
index a4c6897d5..7659a9ae2 100644
--- a/src/modules/admin/views/admin.layout.vue
+++ b/src/modules/admin/views/admin.layout.vue
@@ -13,19 +13,6 @@
     >
       <span class="text-body-medium">{{ error }}</span>
     </v-alert>
-    <v-alert
-      v-if="showMailerWarning"
-      type="warning"
-      variant="tonal"
-      density="compact"
-      class="mx-2 mt-2"
-      :class="config.vuetify.theme.rounded"
-      icon="fa-solid fa-triangle-exclamation"
-    >
-      <span class="text-body-medium">
-        No mailer configured. Users can register with any email without verification. Set up SMTP to enable email verification.
-      </span>
-    </v-alert>
 
     <CorePageHeaderTabs
       icon="fa-solid fa-user-tie"
@@ -52,7 +39,6 @@
 import CorePageHeaderTabs from '../../core/components/core.pageHeaderTabs.component.vue';
 import { ability } from '../../../lib/helpers/ability';
 import { useAdminStore } from '../stores/admin.store';
-import { useAuthStore } from '../../auth/stores/auth.store';
 
 /**
  * Built-in admin tabs (canonical). Downstream apps may add more via
@@ -69,10 +55,11 @@ const BUILT_IN_TABS = Object.freeze([
 /**
  * Component definition.
  *
- * `admin.layout.vue` is the parent layout for the admin section. It renders
- * banners (error + mailer-not-configured warning), a page header that either
- * shows the admin tab bar (list-page mode) or a breadcrumb pushed by a sub-
- * view (detail-page mode), and a `<router-view>` for nested children.
+ * `admin.layout.vue` is the parent layout for the admin section. It renders an
+ * error banner, a page header that either shows the admin tab bar (list-page
+ * mode) or a breadcrumb pushed by a sub-view (detail-page mode), and a
+ * `<router-view>` for nested children. Mailer readiness is reported by the
+ * Readiness tab only — no layout-level banner.
  *
  * Tab rendering is delegated to `CoreSurfaceTabBar` (the same primitive used
  * by `user.view.vue` and `organization.detail.component.vue`) — full chrome
@@ -98,13 +85,6 @@ export default {
     error() {
       return useAdminStore().error;
     },
-    /**
-     * @desc Whether to show the mailer-not-configured warning across admin tabs.
-     * @returns {boolean}
-     */
-    showMailerWarning() {
-      return useAuthStore().serverConfig?.mail?.configured === false;
-    },
     /**
      * @desc Current breadcrumb published by an admin sub-view via
      *       `useAdminStore().setBreadcrumb(...)`. When set, the layout renders
diff --git a/src/modules/auth/components/auth.adminMailerWarning.component.vue b/src/modules/auth/components/auth.adminMailerWarning.component.vue
deleted file mode 100644
index bd56faa0d..000000000
--- a/src/modules/auth/components/auth.adminMailerWarning.component.vue
+++ /dev/null
@@ -1,101 +0,0 @@
-<template>
-  <v-snackbar
-    v-model="visible"
-    location="top right"
-    color="warning"
-    :timeout="-1"
-    multi-line
-  >
-    <span class="text-body-medium">
-      <v-icon icon="fa-solid fa-triangle-exclamation" size="small" class="mr-1"></v-icon>
-      No mailer configured. Users can register with any email without verification. Set up SMTP to enable email verification.
-    </span>
-    <template #actions>
-      <v-btn
-        variant="text"
-        size="small"
-        icon="$close"
-        @click="dismiss"
-      />
-    </template>
-  </v-snackbar>
-</template>
-
-<script>
-/**
- * Module dependencies.
- */
-import { useAuthStore } from '../stores/auth.store';
-/**
- * Component definition.
- */
-export default {
-  name: 'AuthAdminMailerWarning',
-  data() {
-    return {
-      dismissed: sessionStorage.getItem('adminMailerWarningDismissed') === 'true',
-    };
-  },
-  computed: {
-    /**
-     * @desc Whether the user is currently logged in.
-     * @returns {boolean}
-     */
-    isLoggedIn() {
-      const authStore = useAuthStore();
-      return authStore.isLoggedIn;
-    },
-    /**
-     * @desc The current authenticated user object.
-     * @returns {Object|null}
-     */
-    user() {
-      const authStore = useAuthStore();
-      return authStore.user;
-    },
-    /**
-     * @desc Whether the user has admin role.
-     * @returns {boolean}
-     */
-    isAdmin() {
-      return !!(this.user?.roles?.includes('admin'));
-    },
-    /**
-     * @desc Whether the server has mail/SMTP configured.
-     * @returns {boolean}
-     */
-    mailConfigured() {
-      const authStore = useAuthStore();
-      return authStore.serverConfig?.mail?.configured;
-    },
-    /**
-     * @desc Whether the warning should be shown.
-     * @returns {boolean}
-     */
-    shouldShow() {
-      return this.isLoggedIn && this.isAdmin && this.mailConfigured === false;
-    },
-    /**
-     * @desc v-model binding for the snackbar visibility.
-     */
-    visible: {
-      get() {
-        return this.shouldShow && !this.dismissed;
-      },
-      set(val) {
-        if (!val) this.dismiss();
-      },
-    },
-  },
-  methods: {
-    /**
-     * @desc Dismiss the warning and persist in sessionStorage.
-     * @returns {void}
-     */
-    dismiss() {
-      this.dismissed = true;
-      sessionStorage.setItem('adminMailerWarningDismissed', 'true');
-    },
-  },
-};
-</script>
diff --git a/src/modules/auth/tests/auth.adminMailerWarning.component.unit.tests.js b/src/modules/auth/tests/auth.adminMailerWarning.component.unit.tests.js
deleted file mode 100644
index 70d4a974c..000000000
--- a/src/modules/auth/tests/auth.adminMailerWarning.component.unit.tests.js
+++ /dev/null
@@ -1,116 +0,0 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest';
-import { mount } from '@vue/test-utils';
-import { createPinia, setActivePinia } from 'pinia';
-import { createVuetify } from 'vuetify';
-
-// v-snackbar uses visualViewport which is not available in jsdom
-if (typeof globalThis.visualViewport === 'undefined') {
-  globalThis.visualViewport = { addEventListener: vi.fn(), removeEventListener: vi.fn(), width: 1024, height: 768 };
-}
-
-const storeMock = vi.hoisted(() => ({
-  isLoggedIn: false,
-  user: null,
-  serverConfig: null,
-}));
-
-vi.mock('../stores/auth.store', () => ({
-  useAuthStore: () => storeMock,
-}));
-
-import AuthAdminMailerWarning from '../components/auth.adminMailerWarning.component.vue';
-
-/**
- * Mount the admin mailer warning component with Vuetify installed.
- * @returns {import('@vue/test-utils').VueWrapper} mounted wrapper
- */
-const mountComponent = () =>
-  mount(AuthAdminMailerWarning, {
-    global: {
-      plugins: [createVuetify()],
-    },
-  });
-
-describe('auth.adminMailerWarning.component', () => {
-  beforeEach(() => {
-    setActivePinia(createPinia());
-    storeMock.isLoggedIn = false;
-    storeMock.user = null;
-    storeMock.serverConfig = null;
-    sessionStorage.removeItem('adminMailerWarningDismissed');
-  });
-
-  it('does not show when user is not logged in', () => {
-    storeMock.isLoggedIn = false;
-    const wrapper = mountComponent();
-
-    expect(wrapper.vm.shouldShow).toBe(false);
-  });
-
-  it('does not show when user is not admin', () => {
-    storeMock.isLoggedIn = true;
-    storeMock.user = { roles: ['user'] };
-    storeMock.serverConfig = { mail: { configured: false } };
-    const wrapper = mountComponent();
-
-    expect(wrapper.vm.shouldShow).toBe(false);
-  });
-
-  it('does not show when mail is configured', () => {
-    storeMock.isLoggedIn = true;
-    storeMock.user = { roles: ['admin'] };
-    storeMock.serverConfig = { mail: { configured: true } };
-    const wrapper = mountComponent();
-
-    expect(wrapper.vm.shouldShow).toBe(false);
-  });
-
-  it('shows when admin is logged in and mail is not configured', () => {
-    storeMock.isLoggedIn = true;
-    storeMock.user = { roles: ['admin'] };
-    storeMock.serverConfig = { mail: { configured: false } };
-    const wrapper = mountComponent();
-
-    expect(wrapper.vm.shouldShow).toBe(true);
-    expect(wrapper.vm.visible).toBe(true);
-  });
-
-  it('does not show when serverConfig is null (config still loading)', () => {
-    storeMock.isLoggedIn = true;
-    storeMock.user = { roles: ['admin'] };
-    storeMock.serverConfig = null;
-    const wrapper = mountComponent();
-
-    expect(wrapper.vm.shouldShow).toBe(false);
-    expect(wrapper.vm.visible).toBe(false);
-  });
-
-  it('hides when dismissed via dismiss() and persists in sessionStorage', () => {
-    storeMock.isLoggedIn = true;
-    storeMock.user = { roles: ['admin'] };
-    storeMock.serverConfig = { mail: { configured: false } };
-    const wrapper = mountComponent();
-
-    expect(wrapper.vm.visible).toBe(true);
-
-    wrapper.vm.dismiss();
-
-    expect(wrapper.vm.visible).toBe(false);
-    expect(sessionStorage.getItem('adminMailerWarningDismissed')).toBe('true');
-  });
-
-  it('hides when dismissed via visible setter (implicit close) and persists in sessionStorage', async () => {
-    storeMock.isLoggedIn = true;
-    storeMock.user = { roles: ['admin'] };
-    storeMock.serverConfig = { mail: { configured: false } };
-    const wrapper = mountComponent();
-
-    expect(wrapper.vm.visible).toBe(true);
-
-    wrapper.vm.visible = false;
-    await wrapper.vm.$nextTick();
-
-    expect(wrapper.vm.visible).toBe(false);
-    expect(sessionStorage.getItem('adminMailerWarningDismissed')).toBe('true');
-  });
-});

From 28692849723b728d46a2849e3f64fc93fb378b04 Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:30:01 +0200
Subject: [PATCH 05/10] feat(admin): warning-count badge on the readiness tab
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Derive the non-ok readiness check count client-side from the admin store and
decorate the built-in readiness tab descriptor with an optional numeric
badge. CoreSurfaceTabBar renders it as a small tonal warning chip after the
label — additive, tabs without a badge render exactly as before, so the
account and organization surfaces sharing the component are unaffected. The
layout fetches readiness on mount only when the store is empty and skips
entirely when landing on the readiness tab, whose view already fetches on
its own mount (child mounted runs first, so an empty-store check alone
cannot prevent the double GET).

refs pierreb-devkit/Node#3836
---
 .../admin/tests/admin.layout.unit.tests.js    | 40 ++++++++++++++++++-
 src/modules/admin/views/admin.layout.vue      | 34 +++++++++++++++-
 .../core.surfaceTabBar.component.vue          |  7 ++++
 ...core.surfaceTabBar.component.unit.tests.js | 33 +++++++++++++++
 4 files changed, 111 insertions(+), 3 deletions(-)

diff --git a/src/modules/admin/tests/admin.layout.unit.tests.js b/src/modules/admin/tests/admin.layout.unit.tests.js
index 523414575..bda2ef73b 100644
--- a/src/modules/admin/tests/admin.layout.unit.tests.js
+++ b/src/modules/admin/tests/admin.layout.unit.tests.js
@@ -3,7 +3,7 @@ import { mount } from '@vue/test-utils';
 import { createPinia, setActivePinia } from 'pinia';
 import { createVuetify } from 'vuetify';
 
-const adminStoreState = { error: null, currentBreadcrumb: null };
+const adminStoreState = { error: null, currentBreadcrumb: null, readiness: [], getReadiness: vi.fn() };
 const authStoreState = { serverConfig: null };
 
 vi.mock('../stores/admin.store', () => ({
@@ -68,6 +68,8 @@ describe('admin.layout', () => {
     setActivePinia(createPinia());
     adminStoreState.error = null;
     adminStoreState.currentBreadcrumb = null;
+    adminStoreState.readiness = [];
+    adminStoreState.getReadiness = vi.fn();
     authStoreState.serverConfig = null;
   });
 
@@ -204,4 +206,40 @@ describe('admin.layout', () => {
     expect(wrapper.text()).toContain('Jane Doe');
   });
 
+  it('fetches readiness on mount when the store has none (feeds the tab badge)', () => {
+    mountLayout();
+    expect(adminStoreState.getReadiness).toHaveBeenCalledTimes(1);
+  });
+
+  it('does not fetch readiness on mount when the store is already populated', () => {
+    adminStoreState.readiness = [{ category: 'database', status: 'ok', message: 'up' }];
+    mountLayout();
+    expect(adminStoreState.getReadiness).not.toHaveBeenCalled();
+  });
+
+  it('does not fetch readiness when landing directly on the readiness tab (view fetches itself)', () => {
+    mountLayout({}, '/admin/readiness');
+    expect(adminStoreState.getReadiness).not.toHaveBeenCalled();
+  });
+
+  it('decorates the readiness tab with a badge equal to the non-ok check count', () => {
+    adminStoreState.readiness = [
+      { category: 'database', status: 'ok', message: 'up' },
+      { category: 'mailer', status: 'warning', message: 'not configured' },
+      { category: 'storage', status: 'error', message: 'unreachable' },
+    ];
+    const wrapper = mountLayout();
+    const tabs = wrapper.findComponent({ name: 'CorePageHeaderTabs' }).props('tabs');
+    const readinessTab = tabs.find((t) => t.value === 'readiness');
+    expect(readinessTab.badge).toBe(2);
+  });
+
+  it('adds no badge field when every readiness check is ok', () => {
+    adminStoreState.readiness = [{ category: 'database', status: 'ok', message: 'up' }];
+    const wrapper = mountLayout();
+    const tabs = wrapper.findComponent({ name: 'CorePageHeaderTabs' }).props('tabs');
+    const readinessTab = tabs.find((t) => t.value === 'readiness');
+    expect(readinessTab.badge).toBeUndefined();
+  });
+
 });
diff --git a/src/modules/admin/views/admin.layout.vue b/src/modules/admin/views/admin.layout.vue
index 7659a9ae2..7d67bbcc5 100644
--- a/src/modules/admin/views/admin.layout.vue
+++ b/src/modules/admin/views/admin.layout.vue
@@ -94,15 +94,31 @@ export default {
     currentBreadcrumb() {
       return useAdminStore().currentBreadcrumb;
     },
+    /**
+     * @desc Number of readiness checks that are not OK — drives the badge
+     *       on the built-in Readiness tab.
+     * @returns {number}
+     */
+    readinessWarnings() {
+      const checks = useAdminStore().readiness;
+      if (!Array.isArray(checks)) return 0;
+      return checks.filter((c) => c && c.status !== 'ok').length;
+    },
     /**
      * @desc Merged tab list (built-in + config-driven extras), passed to
      *       CoreSurfaceTabBar. Validation and CASL filtering happen inside
-     *       the bar via `resolveSurfaceTabs`.
+     *       the bar via `resolveSurfaceTabs`. The built-in Readiness tab is
+     *       decorated with an optional numeric `badge` (non-ok check count)
+     *       that CoreSurfaceTabBar renders as a small warning chip.
      * @returns {Array<object>}
      */
     allTabs() {
       const extras = Array.isArray(this.config?.admin?.tabs) ? this.config.admin.tabs : [];
-      return [...BUILT_IN_TABS, ...extras];
+      const tabs = [...BUILT_IN_TABS, ...extras];
+      if (this.readinessWarnings > 0) {
+        return tabs.map((t) => (t.value === 'readiness' ? { ...t, badge: this.readinessWarnings } : t));
+      }
+      return tabs;
     },
     /**
      * @desc Reactive CASL predicate passed to CoreSurfaceTabBar. Falls back
@@ -114,6 +130,20 @@ export default {
       return (action, subject) => (ability ? ability.can(action, subject) : true);
     },
   },
+  mounted() {
+    // Readiness data feeds the tab badge. The readiness view fetches on its
+    // own mount, and child mounted() runs BEFORE the parent's — so when the
+    // user lands directly on /admin/readiness a request is already in
+    // flight and an empty-store check alone would still double-hit
+    // GET /admin/readiness. Skip that route entirely; everywhere else,
+    // fetch once iff the store has no readiness data yet (fire-and-forget;
+    // the store sanitizes failures into its own `error` state).
+    if (this.$route?.path?.startsWith('/admin/readiness')) return;
+    const adminStore = useAdminStore();
+    if (!Array.isArray(adminStore.readiness) || adminStore.readiness.length === 0) {
+      adminStore.getReadiness();
+    }
+  },
   methods: {
     /**
      * @desc Clear the global admin error banner.
diff --git a/src/modules/core/components/core.surfaceTabBar.component.vue b/src/modules/core/components/core.surfaceTabBar.component.vue
index 592bb68ed..e896ff517 100644
--- a/src/modules/core/components/core.surfaceTabBar.component.vue
+++ b/src/modules/core/components/core.surfaceTabBar.component.vue
@@ -68,6 +68,13 @@ function tabTo(route) {
     >
       <v-icon v-if="t.icon" :icon="t.icon" class="mr-2" />
       {{ t.label }}
+      <!-- Optional numeric badge on a tab descriptor (e.g. the admin
+           readiness warning count). Additive: tabs without a `badge`
+           field render exactly as before, so the Account / Organization
+           surfaces sharing this component are unaffected. -->
+      <v-chip v-if="t.badge > 0" size="small" density="compact" variant="tonal" color="warning" class="ml-1">
+        {{ t.badge }}
+      </v-chip>
     </v-tab>
   </v-tabs>
 </template>
diff --git a/src/modules/core/components/tests/core.surfaceTabBar.component.unit.tests.js b/src/modules/core/components/tests/core.surfaceTabBar.component.unit.tests.js
index 96f3b4cb5..70056d852 100644
--- a/src/modules/core/components/tests/core.surfaceTabBar.component.unit.tests.js
+++ b/src/modules/core/components/tests/core.surfaceTabBar.component.unit.tests.js
@@ -135,3 +135,36 @@ describe('SurfaceTabBar — path composition', () => {
     expect(wrapper.find('.v-tab-stub').attributes('href')).toBe('/admin/x');
   });
 });
+
+describe('SurfaceTabBar — optional tab badge', () => {
+  it('renders a small tonal warning chip with the count after the label when badge > 0', () => {
+    const wrapper = mountBar({
+      tabs: [{ value: 'readiness', label: 'Readiness', route: 'readiness', badge: 3 }],
+      can: () => true,
+      basePath: '/admin',
+    });
+    const chip = wrapper.findComponent({ name: 'VChip' });
+    expect(chip.exists()).toBe(true);
+    expect(chip.text()).toBe('3');
+    expect(chip.props('color')).toBe('warning');
+    expect(chip.props('variant')).toBe('tonal');
+  });
+
+  it('renders no chip when badge is 0', () => {
+    const wrapper = mountBar({
+      tabs: [{ value: 'readiness', label: 'Readiness', route: 'readiness', badge: 0 }],
+      can: () => true,
+      basePath: '/admin',
+    });
+    expect(wrapper.findComponent({ name: 'VChip' }).exists()).toBe(false);
+  });
+
+  it('renders no chip when badge is absent (existing surfaces unaffected)', () => {
+    const wrapper = mountBar({
+      tabs: [{ value: 'general', label: 'General', route: 'general' }],
+      can: () => true,
+      basePath: '/users/organizations/1',
+    });
+    expect(wrapper.findComponent({ name: 'VChip' }).exists()).toBe(false);
+  });
+});

From 472638fdf78e9e1cbd1fc510e0377e4e2f657203 Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:33:42 +0200
Subject: [PATCH 06/10] feat(admin): card-title search and top-right actions on
 activity tab

Mirror the datatable card-title row on the Activity tab: title + spacer +
Clear action + two compact outlined filter fields, debounced 1000ms like the
datatable search (replaces the enter-key + Search-button flow). Gate the
user-ID filter on a client-side ObjectId check since GET /audit 400s on
malformed userId values; dedupe the trailing debounce so Clear does not
double-fetch. max-width stays a Vuetify prop (no inline styles in this view).

refs #4296
---
 .../tests/admin.activity.view.unit.tests.js   |  97 +++++++++++-
 .../admin/views/admin.activity.view.vue       | 147 +++++++++++-------
 2 files changed, 186 insertions(+), 58 deletions(-)

diff --git a/src/modules/admin/tests/admin.activity.view.unit.tests.js b/src/modules/admin/tests/admin.activity.view.unit.tests.js
index d0b1b5353..1021b5ecc 100644
--- a/src/modules/admin/tests/admin.activity.view.unit.tests.js
+++ b/src/modules/admin/tests/admin.activity.view.unit.tests.js
@@ -1,4 +1,4 @@
-import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
 import { setActivePinia, createPinia } from 'pinia';
 import { shallowMount } from '@vue/test-utils';
 import { useAdminStore } from '../stores/admin.store';
@@ -224,3 +224,98 @@ describe('admin.activity.view — template chrome', () => {
     expect(tmpl).toMatch(/@keydown\.space/);
   });
 });
+
+describe('admin.activity.view — debounced card-title filters', () => {
+  let adminStore;
+
+  /**
+   * Mount with a fresh pinia + mocked store action. Call AFTER
+   * vi.useFakeTimers() so the debounce timer is controllable.
+   * @returns {import('@vue/test-utils').VueWrapper}
+   */
+  const mountWithFreshStore = () => {
+    setActivePinia(createPinia());
+    adminStore = useAdminStore();
+    adminStore.getAuditLogs = vi.fn().mockResolvedValue();
+    return mountActivity();
+  };
+
+  afterEach(() => {
+    vi.useRealTimers();
+  });
+
+  it('fetches 1000ms after typing in the action filter (single trailing call, page reset)', async () => {
+    vi.useFakeTimers();
+    const wrapper = mountWithFreshStore();
+    expect(adminStore.getAuditLogs).toHaveBeenCalledTimes(1); // mount fetch
+    wrapper.vm.activityFilterAction = 'auth.log';
+    await wrapper.vm.$nextTick();
+    wrapper.vm.activityFilterAction = 'auth.login';
+    await wrapper.vm.$nextTick();
+    vi.advanceTimersByTime(999);
+    expect(adminStore.getAuditLogs).toHaveBeenCalledTimes(1);
+    vi.advanceTimersByTime(1);
+    expect(adminStore.getAuditLogs).toHaveBeenCalledTimes(2);
+    expect(adminStore.getAuditLogs).toHaveBeenLastCalledWith(
+      expect.objectContaining({ action: 'auth.login', page: 1 }),
+    );
+  });
+
+  it('does not fetch while the user-ID filter is not a valid ObjectId', async () => {
+    vi.useFakeTimers();
+    const wrapper = mountWithFreshStore();
+    wrapper.vm.activityFilterUserId = 'not-an-objectid';
+    await wrapper.vm.$nextTick();
+    vi.advanceTimersByTime(1000);
+    expect(adminStore.getAuditLogs).toHaveBeenCalledTimes(1); // mount fetch only
+    expect(wrapper.vm.activityUserIdValid).toBe(false);
+    wrapper.vm.activityFilterUserId = '507f1f77bcf86cd799439011';
+    await wrapper.vm.$nextTick();
+    vi.advanceTimersByTime(1000);
+    expect(adminStore.getAuditLogs).toHaveBeenCalledTimes(2);
+    expect(adminStore.getAuditLogs).toHaveBeenLastCalledWith(
+      expect.objectContaining({ userId: '507f1f77bcf86cd799439011', page: 1 }),
+    );
+  });
+
+  it('Clear fetches immediately and the trailing debounce does not double-fetch', async () => {
+    vi.useFakeTimers();
+    const wrapper = mountWithFreshStore();
+    wrapper.vm.activityFilterAction = 'auth.login';
+    await wrapper.vm.$nextTick();
+    vi.advanceTimersByTime(1000);
+    expect(adminStore.getAuditLogs).toHaveBeenCalledTimes(2);
+    wrapper.vm.clearActivityFilters();
+    expect(adminStore.getAuditLogs).toHaveBeenCalledTimes(3);
+    await wrapper.vm.$nextTick();
+    vi.advanceTimersByTime(1000);
+    expect(adminStore.getAuditLogs).toHaveBeenCalledTimes(3); // debounce deduped
+  });
+});
+
+describe('admin.activity.view — card-title chrome (datatable parity)', () => {
+  /**
+   * Read the SFC template section from disk.
+   * @returns {string}
+   */
+  const readTemplate = () => {
+    const here = dirname(fileURLToPath(import.meta.url));
+    const sfc = readFileSync(resolve(here, '../views/admin.activity.view.vue'), 'utf8');
+    return sfc.split('<script>')[0];
+  };
+
+  it('mirrors the datatable card-title row: flex title + spacer + two compact outlined filter fields', () => {
+    const tmpl = readTemplate();
+    expect(tmpl).toMatch(/<v-card-title class="d-flex align-center ga-3">/);
+    expect(tmpl).toMatch(/<v-spacer><\/v-spacer>/);
+    expect(tmpl).toMatch(/prepend-inner-icon="fa-solid fa-magnifying-glass"/);
+    expect(tmpl).toMatch(/prepend-inner-icon="fa-solid fa-user"/);
+    expect(tmpl.match(/max-width="280"/g) || []).toHaveLength(2);
+  });
+
+  it('the enter-key + Search-button flow is gone (debounce replaces it)', () => {
+    const tmpl = readTemplate();
+    expect(tmpl).not.toMatch(/@keyup\.enter/);
+    expect(tmpl).not.toMatch(/Search\s*<\/v-btn>/);
+  });
+});
diff --git a/src/modules/admin/views/admin.activity.view.vue b/src/modules/admin/views/admin.activity.view.vue
index 93ddaf222..3cfab54a9 100644
--- a/src/modules/admin/views/admin.activity.view.vue
+++ b/src/modules/admin/views/admin.activity.view.vue
@@ -14,54 +14,42 @@
           <span class="text-body-medium">Audit logging is disabled. Enable it in configuration to start tracking activity.</span>
         </v-alert>
         <v-card v-else width="100%" color="surface" :flat="config.vuetify.theme.flat" :class="config.vuetify.theme.rounded">
-    <v-card-title>
-      <v-row dense align="center">
-        <v-col cols="12" sm="auto">
-          <v-text-field
-            v-model="activityFilterAction"
-            placeholder="Filter by action"
-            hide-details
-            density="compact"
-            variant="outlined"
-            prepend-inner-icon="fa-solid fa-filter"
-            :class="config.vuetify.theme.rounded"
-            max-width="240"
-            @keyup.enter="applyActivityFilters"
-          ></v-text-field>
-        </v-col>
-        <v-col cols="12" sm="auto">
-          <v-text-field
-            v-model="activityFilterUserId"
-            placeholder="Filter by user ID"
-            hide-details
-            density="compact"
-            variant="outlined"
-            prepend-inner-icon="fa-solid fa-user"
-            :class="config.vuetify.theme.rounded"
-            max-width="240"
-            @keyup.enter="applyActivityFilters"
-          ></v-text-field>
-        </v-col>
-        <v-col cols="12" sm="auto">
-          <v-btn
-            variant="tonal"
-            color="primary"
-            class="text-none text-body-medium"
-            :class="config.vuetify.theme.rounded"
-            @click="applyActivityFilters"
-          >
-            <v-icon icon="fa-solid fa-magnifying-glass" size="small" class="mr-2"></v-icon>Search
-          </v-btn>
-          <v-btn
-            v-if="activityFilterAction || activityFilterUserId"
-            variant="text"
-            class="text-none text-body-medium ml-2"
-            @click="clearActivityFilters"
-          >
-            Clear
-          </v-btn>
-        </v-col>
-      </v-row>
+    <v-card-title class="d-flex align-center ga-3">
+      <span class="text-title-medium">Activity</span>
+      <v-spacer></v-spacer>
+      <v-btn
+        v-if="activityFilterAction || activityFilterUserId"
+        color="primary"
+        variant="tonal"
+        size="small"
+        :class="config.vuetify.theme.rounded"
+        class="text-none text-body-medium"
+        @click="clearActivityFilters"
+      >
+        <v-icon icon="fa-solid fa-xmark" size="small" class="mr-2"></v-icon>
+        Clear
+      </v-btn>
+      <v-text-field
+        v-model="activityFilterAction"
+        placeholder="Filter by action"
+        hide-details
+        density="compact"
+        variant="outlined"
+        prepend-inner-icon="fa-solid fa-magnifying-glass"
+        max-width="280"
+        :class="config.vuetify.theme.rounded"
+      ></v-text-field>
+      <v-text-field
+        v-model="activityFilterUserId"
+        placeholder="Filter by user ID"
+        hide-details
+        density="compact"
+        variant="outlined"
+        prepend-inner-icon="fa-solid fa-user"
+        max-width="280"
+        :error="!activityUserIdValid"
+        :class="config.vuetify.theme.rounded"
+      ></v-text-field>
     </v-card-title>
     <v-progress-linear :active="activityLoading" indeterminate color="primary"></v-progress-linear>
     <v-table v-if="!activityLoading && auditLogs.length" fixed-header hover>
@@ -144,15 +132,23 @@
  * Module dependencies.
  */
 import dayjs from 'dayjs';
+import { debounce } from 'lodash-es';
 import { useAdminStore } from '../stores/admin.store';
 
+/**
+ * Mongo ObjectId shape — GET /audit rejects malformed `userId` values with
+ * a 400, so the user-ID filter is gated client-side until it is complete.
+ */
+const OBJECT_ID_REGEX = /^[a-f\d]{24}$/i;
+
 /**
  * Component definition.
  *
  * Activity tab of the admin section — renders the audit-log table with
- * filters and pagination. Fetches on `mounted()` since it is now a routed
- * view (no parent tab model to watch). Mounted as a routed child of
- * `admin.layout.vue` at `/admin/activity`.
+ * card-title filters (debounced 1000ms, mirroring the search field of
+ * `core.datatable.component.vue`) and auditTotal-based pagination. Fetches
+ * on `mounted()` since it is a routed view (no parent tab model to watch).
+ * Mounted as a routed child of `admin.layout.vue` at `/admin/activity`.
  */
 export default {
   name: 'AdminActivity',
@@ -164,6 +160,10 @@ export default {
       activityFilterAction: '',
       activityFilterUserId: '',
       activityExpandedId: null,
+      // Snapshot of the last APPLIED filter pair — lets the trailing
+      // debounce no-op when nothing changed (e.g. right after Clear
+      // already fetched with the reset values).
+      activityAppliedFilters: JSON.stringify(['', '']),
     };
   },
   computed: {
@@ -180,6 +180,15 @@ export default {
     activityHasNextPage() {
       return this.activityPage * this.activityPerPage < this.auditTotal;
     },
+    /**
+     * @desc Whether the user-ID filter is empty or a complete Mongo
+     *       ObjectId. The backend 400s on malformed userId values, so
+     *       debounced fetches are gated on this while the user types.
+     * @returns {boolean}
+     */
+    activityUserIdValid() {
+      return !this.activityFilterUserId || OBJECT_ID_REGEX.test(this.activityFilterUserId);
+    },
   },
   watch: {
     activityPerPage() {
@@ -187,11 +196,24 @@ export default {
       this.fetchActivityLogs();
     },
   },
+  created() {
+    // Mirror core.datatable.component.vue's search wiring: a 1000ms
+    // debounced watcher replaces the old enter-key + Search-button flow.
+    // Stored on the instance (non-reactive) so it can be cancelled.
+    this.debouncedApplyFilters = debounce(() => {
+      this.applyActivityFilters();
+    }, 1000);
+    this.$watch('activityFilterAction', this.debouncedApplyFilters);
+    this.$watch('activityFilterUserId', this.debouncedApplyFilters);
+  },
   mounted() {
     if (!(this.config?.audit && this.config.audit.enabled === false)) {
       this.fetchActivityLogs();
     }
   },
+  beforeUnmount() {
+    this.debouncedApplyFilters.cancel();
+  },
   methods: {
     /**
      * @desc Format an ISO date string for display in the activity table.
@@ -210,9 +232,11 @@ export default {
       this.activityExpandedId = this.activityExpandedId === id ? null : id;
     },
     /**
-     * @desc Fetch audit logs from the store with current filters and pagination.
-     *       Loading flag is always cleared, even if the store action rejects,
-     *       so the progress bar does not stay pinned on failure.
+     * @desc Fetch audit logs from the store with current filters and
+     *       pagination. The userId param is only sent when it is a valid
+     *       ObjectId (backend 400s otherwise). Loading flag is always
+     *       cleared, even if the store action rejects, so the progress bar
+     *       does not stay pinned on failure.
      * @returns {Promise<void>}
      */
     async fetchActivityLogs() {
@@ -220,7 +244,7 @@ export default {
       try {
         await useAdminStore().getAuditLogs({
           action: this.activityFilterAction || undefined,
-          userId: this.activityFilterUserId || undefined,
+          userId: this.activityUserIdValid ? this.activityFilterUserId || undefined : undefined,
           page: this.activityPage,
           perPage: this.activityPerPage,
         });
@@ -228,15 +252,24 @@ export default {
         this.activityLoading = false;
       }
     },
-    /** @desc Apply activity filters and reset to page 1. */
+    /**
+     * @desc Apply activity filters and reset to page 1. Skips when the
+     *       user-ID filter is incomplete, and dedupes against the last
+     *       applied pair so the trailing debounce after Clear is a no-op.
+     */
     applyActivityFilters() {
+      if (!this.activityUserIdValid) return;
+      const next = JSON.stringify([this.activityFilterAction, this.activityFilterUserId]);
+      if (next === this.activityAppliedFilters) return;
+      this.activityAppliedFilters = next;
       this.activityPage = 1;
       this.fetchActivityLogs();
     },
-    /** @desc Clear all activity filters and reset to page 1. */
+    /** @desc Clear all activity filters, reset to page 1 and refetch. */
     clearActivityFilters() {
       this.activityFilterAction = '';
       this.activityFilterUserId = '';
+      this.activityAppliedFilters = JSON.stringify(['', '']);
       this.activityPage = 1;
       this.fetchActivityLogs();
     },

From ebfc027e23f3ca3f06a8d2eb366f07173858f21e Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:35:43 +0200
Subject: [PATCH 07/10] feat(invitations): resendInvitation store action

POST /invitations/:id/resend mirroring the create/delete error
contract (sanitized banner + rethrow). Pins createInvitation's return
value as the one-time token source for copy-link: the list endpoint
strips tokens, only the create response carries one.

refs pierreb-devkit/Node#3834
---
 .../invitations/stores/invitations.store.js   | 23 +++++++++++++-
 .../tests/invitations.store.unit.tests.js     | 30 +++++++++++++++++++
 2 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/src/modules/invitations/stores/invitations.store.js b/src/modules/invitations/stores/invitations.store.js
index b2aa1d6d7..4e7ac6660 100644
--- a/src/modules/invitations/stores/invitations.store.js
+++ b/src/modules/invitations/stores/invitations.store.js
@@ -67,7 +67,8 @@ export const useInvitationsStore = defineStore('invitations', {
      * Re-emits the `invitation_created` analytics event so the funnel parity is
      * preserved after the org `invitation_sent` capture is dropped (P7).
      * @param {string} email
-     * @returns {Promise<Object>} the created invitation
+     * @returns {Promise<Object>} the created invitation — includes the one-time
+     * `token` (the list endpoint strips it; copy-link surfaces MUST read it here)
      */
     async createInvitation(email) {
       this.error = null;
@@ -82,6 +83,26 @@ export const useInvitationsStore = defineStore('invitations', {
       }
     },
 
+    /**
+     * @desc Re-send the invitation email for a still-pending invitation. The
+     * backend re-uses the EXISTING token (no regeneration), so a previously
+     * shared link stays valid. Success/error toast is fired by the axios POST
+     * interceptor.
+     * @param {string} id
+     * @returns {Promise<Object>} the resent invitation
+     */
+    async resendInvitation(id) {
+      this.error = null;
+      try {
+        const res = await axios.post(`${apiBase()}/invitations/${id}/resend`);
+        return res.data.data;
+      } catch (err) {
+        this.error = sanitizeApiError(err);
+        logger.error(err);
+        throw err;
+      }
+    },
+
     /**
      * @desc Revoke a signup invitation by id.
      * @param {string} id
diff --git a/src/modules/invitations/tests/invitations.store.unit.tests.js b/src/modules/invitations/tests/invitations.store.unit.tests.js
index 080070058..762c36eb5 100644
--- a/src/modules/invitations/tests/invitations.store.unit.tests.js
+++ b/src/modules/invitations/tests/invitations.store.unit.tests.js
@@ -139,4 +139,34 @@ describe('invitations store', () => {
     expect(store.error).toBe('Failed to load data. Please try again.');
     consoleErrorSpy.mockRestore();
   });
+
+  // ── #3834 invitation ops: resend + the one-time token contract ──
+
+  it('createInvitation returns the created invite INCLUDING the one-time token (copy-link source)', async () => {
+    const store = useInvitationsStore();
+    axios.post.mockResolvedValueOnce({ data: { data: { id: '2', email: 'new@b.co', token: 'tok-abc' } } });
+    const result = await store.createInvitation('new@b.co');
+    // The list endpoint strips tokens server-side — the create response is the
+    // ONLY place a /signup?inviteToken= link can ever be built from.
+    expect(result.token).toBe('tok-abc');
+  });
+
+  it('resendInvitation POSTs to /api/invitations/:id/resend and returns the invitation', async () => {
+    const store = useInvitationsStore();
+    axios.post.mockResolvedValueOnce({ data: { data: { id: '4', email: 'a@b.co', status: 'pending' } } });
+    const result = await store.resendInvitation('4');
+    expect(axios.post).toHaveBeenCalledWith(expect.stringMatching(/\/api\/invitations\/4\/resend$/));
+    expect(axios.post).not.toHaveBeenCalledWith(expect.stringMatching(/\/auth\/invitations/));
+    expect(result).toEqual({ id: '4', email: 'a@b.co', status: 'pending' });
+  });
+
+  it('resendInvitation sets error state and rethrows on API failure', async () => {
+    const store = useInvitationsStore();
+    const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+    axios.post.mockRejectedValueOnce(new Error('Conflict'));
+    await expect(store.resendInvitation('9')).rejects.toThrow('Conflict');
+    expect(store.error).toBe('Failed to load data. Please try again.');
+    expect(consoleErrorSpy).toHaveBeenCalled();
+    consoleErrorSpy.mockRestore();
+  });
 });

From 2a296c5c9f1fcdf6e730803471b78e1632d0f45e Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:37:19 +0200
Subject: [PATCH 08/10] feat(invitations): admin one-time copy-link + resend
 button
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

After create the dialog stays open showing the signup link once (the
list payload is token-stripped, the create response is the only token
source) with a clipboard copy button — local label flip, no snackbar
(interceptor-only). Paper-plane resend action on pending rows,
single-flight, toasted by the POST interceptor.

refs pierreb-devkit/Node#3834
---
 .../invitations.admin.view.unit.tests.js      |  84 +++++++++++-
 .../views/invitations.admin.view.vue          | 124 ++++++++++++++----
 2 files changed, 184 insertions(+), 24 deletions(-)

diff --git a/src/modules/invitations/tests/invitations.admin.view.unit.tests.js b/src/modules/invitations/tests/invitations.admin.view.unit.tests.js
index 031df8084..edda98e84 100644
--- a/src/modules/invitations/tests/invitations.admin.view.unit.tests.js
+++ b/src/modules/invitations/tests/invitations.admin.view.unit.tests.js
@@ -57,7 +57,7 @@ const stubs = {
 const mountView = () =>
   shallowMount(InvitationsAdmin, {
     global: {
-      mocks: { config: { vuetify: { theme: { flat: true, rounded: 'rounded-lg' } } } },
+      mocks: { config: { vuetify: { theme: { flat: true, rounded: 'rounded-lg' } }, app: { url: 'https://app.example.test' } } },
       stubs,
     },
   });
@@ -128,7 +128,7 @@ describe('invitations.admin.view', () => {
     // Simulate a dirty dialog state before opening
     wrapper.vm.createDialog = { show: false, email: 'old@b.co', valid: true, loading: true };
     wrapper.vm.openCreate();
-    expect(wrapper.vm.createDialog).toEqual({ show: true, email: '', valid: false, loading: false });
+    expect(wrapper.vm.createDialog).toEqual({ show: true, email: '', valid: false, loading: false, createdLink: null, copied: false });
   });
 
   it('openRevoke populates deleteDialog with the item id and email', () => {
@@ -244,3 +244,83 @@ describe('invitations.admin.view', () => {
     }
   });
 });
+
+describe('invitations.admin.view — copy-link + resend (#3834)', () => {
+  let store;
+  const writeText = vi.fn();
+
+  beforeEach(() => {
+    setActivePinia(createPinia());
+    store = useInvitationsStore();
+    store.getInvitations = vi.fn().mockResolvedValue();
+    store.createInvitation = vi.fn().mockResolvedValue({ id: '9', email: 'x@y.co', token: 'tok-9' });
+    store.deleteInvitation = vi.fn().mockResolvedValue();
+    store.resendInvitation = vi.fn().mockResolvedValue({ id: '7', status: 'pending' });
+    // FIRST clipboard code in the repo — happy-dom needs an explicit mock.
+    writeText.mockReset().mockResolvedValue();
+    Object.defineProperty(globalThis.navigator, 'clipboard', { value: { writeText }, configurable: true });
+  });
+
+  it('signupLink builds the config-based one-time URL (null without a token)', () => {
+    const wrapper = mountView();
+    expect(wrapper.vm.signupLink('tok-9')).toBe('https://app.example.test/signup?inviteToken=tok-9');
+    expect(wrapper.vm.signupLink(undefined)).toBeNull();
+  });
+
+  it('submitInvite keeps the dialog open with the one-time link when the response carries a token', async () => {
+    const wrapper = mountView();
+    wrapper.vm.createDialog = { show: true, email: 'new@b.co', valid: true, loading: false, createdLink: null, copied: false };
+    await wrapper.vm.submitInvite();
+    expect(wrapper.vm.createDialog.show).toBe(true); // NOT closed — one-time copy chance
+    expect(wrapper.vm.createDialog.createdLink).toBe('https://app.example.test/signup?inviteToken=tok-9');
+    expect(wrapper.vm.createDialog.copied).toBe(false);
+    expect(store.getInvitations).toHaveBeenCalled();
+  });
+
+  it('submitInvite without a token in the response closes the dialog (no dead link shown)', async () => {
+    store.createInvitation = vi.fn().mockResolvedValue({ id: '9', email: 'x@y.co' });
+    const wrapper = mountView();
+    wrapper.vm.createDialog = { show: true, email: 'new@b.co', valid: true, loading: false, createdLink: null, copied: false };
+    await wrapper.vm.submitInvite();
+    expect(wrapper.vm.createDialog.show).toBe(false);
+    expect(wrapper.vm.createDialog.createdLink).toBeNull();
+  });
+
+  it('copyCreatedLink writes the link to the clipboard and flips the label to Copied', async () => {
+    const wrapper = mountView();
+    wrapper.vm.createDialog.createdLink = 'https://app.example.test/signup?inviteToken=tok-9';
+    await wrapper.vm.copyCreatedLink();
+    expect(writeText).toHaveBeenCalledWith('https://app.example.test/signup?inviteToken=tok-9');
+    expect(wrapper.vm.createDialog.copied).toBe(true);
+  });
+
+  it('copyCreatedLink clipboard failure: no throw, label does NOT flip (link stays selectable)', async () => {
+    writeText.mockRejectedValueOnce(new Error('denied'));
+    const wrapper = mountView();
+    wrapper.vm.createDialog.createdLink = 'https://app.example.test/signup?inviteToken=tok-9';
+    await expect(wrapper.vm.copyCreatedLink()).resolves.toBeUndefined();
+    expect(wrapper.vm.createDialog.copied).toBe(false);
+  });
+
+  it('resendInvite delegates to the store with the row id and resets the single-flight guard', async () => {
+    const wrapper = mountView();
+    await wrapper.vm.resendInvite({ id: '7', status: 'pending' });
+    expect(store.resendInvitation).toHaveBeenCalledWith('7');
+    expect(wrapper.vm.resendingId).toBeNull();
+  });
+
+  it('resendInvite is single-flight: a call while one is in-flight no-ops', async () => {
+    const wrapper = mountView();
+    wrapper.vm.resendingId = 'other';
+    await wrapper.vm.resendInvite({ id: '7', status: 'pending' });
+    expect(store.resendInvitation).not.toHaveBeenCalled();
+  });
+
+  it('resendInvite error path: no throw, guard reset, _id-only rows supported', async () => {
+    store.resendInvitation = vi.fn().mockRejectedValue(new Error('Conflict'));
+    const wrapper = mountView();
+    await expect(wrapper.vm.resendInvite({ _id: 'm1', status: 'pending' })).resolves.toBeUndefined();
+    expect(store.resendInvitation).toHaveBeenCalledWith('m1');
+    expect(wrapper.vm.resendingId).toBeNull();
+  });
+});
diff --git a/src/modules/invitations/views/invitations.admin.view.vue b/src/modules/invitations/views/invitations.admin.view.vue
index acb830d79..f9655a6ef 100644
--- a/src/modules/invitations/views/invitations.admin.view.vue
+++ b/src/modules/invitations/views/invitations.admin.view.vue
@@ -39,6 +39,16 @@
             {{ item.invitedBy?.email || '—' }}
           </template>
           <template #actions="{ item }">
+            <v-btn
+              icon="fa-solid fa-paper-plane"
+              size="small"
+              variant="text"
+              color="primary"
+              :loading="resendingId === (item.id || item._id)"
+              :disabled="item.status !== 'pending'"
+              :data-test="`resend-invitation-${item.id || item._id}`"
+              @click="resendInvite(item)"
+            ></v-btn>
             <v-btn
               icon="fa-solid fa-trash"
               size="small"
@@ -52,26 +62,43 @@
       </v-col>
     </v-row>
 
-    <!-- Create invite dialog -->
+    <!-- Create invite dialog — flips to a one-time copy-link panel after create -->
     <v-dialog v-model="createDialog.show" max-width="460">
       <v-card :class="config.vuetify.theme.rounded">
         <v-card-title>Invite a user</v-card-title>
-        <v-card-text>
-          <v-form ref="createForm" v-model="createDialog.valid">
-            <v-text-field
-              v-model="createDialog.email"
-              label="Email address"
-              :rules="[rules.required, rules.mail]"
-              variant="outlined"
-              density="comfortable"
-              hide-details="auto"
-            ></v-text-field>
-          </v-form>
-        </v-card-text>
-        <v-card-actions>
-          <v-btn variant="text" @click="createDialog.show = false">Cancel</v-btn>
-          <v-btn color="primary" variant="flat" :loading="createDialog.loading" :disabled="createDialog.valid !== true" @click="submitInvite">Send invite</v-btn>
-        </v-card-actions>
+        <template v-if="!createDialog.createdLink">
+          <v-card-text>
+            <v-form ref="createForm" v-model="createDialog.valid">
+              <v-text-field
+                v-model="createDialog.email"
+                label="Email address"
+                :rules="[rules.required, rules.mail]"
+                variant="outlined"
+                density="comfortable"
+                hide-details="auto"
+              ></v-text-field>
+            </v-form>
+          </v-card-text>
+          <v-card-actions>
+            <v-btn variant="text" @click="createDialog.show = false">Cancel</v-btn>
+            <v-btn color="primary" variant="flat" :loading="createDialog.loading" :disabled="createDialog.valid !== true" @click="submitInvite">Send invite</v-btn>
+          </v-card-actions>
+        </template>
+        <template v-else>
+          <v-card-text data-test="invite-created-link">
+            <p class="text-body-medium text-medium-emphasis mb-2">
+              Invitation sent. This signup link is shown only once — the list never exposes it again.
+            </p>
+            <code class="text-body-small">{{ createDialog.createdLink }}</code>
+          </v-card-text>
+          <v-card-actions>
+            <v-btn variant="text" @click="createDialog.show = false">Close</v-btn>
+            <v-btn color="primary" variant="tonal" data-test="copy-invite-link" @click="copyCreatedLink">
+              <v-icon start icon="fa-solid fa-copy" size="small"></v-icon>
+              {{ createDialog.copied ? 'Copied' : 'Copy link' }}
+            </v-btn>
+          </v-card-actions>
+        </template>
       </v-card>
     </v-dialog>
 
@@ -122,8 +149,10 @@ export default {
         { text: 'Expires', value: 'expiresAt', kind: 'date', format: 'DD/MM/YY' },
         { text: 'Actions', value: 'actions', kind: 'slot', slotName: 'actions' },
       ],
-      createDialog: { show: false, email: '', valid: false, loading: false },
+      createDialog: { show: false, email: '', valid: false, loading: false, createdLink: null, copied: false },
       deleteDialog: { show: false, id: null, email: '' },
+      // Single-flight guard for the resend icon-button (id in flight, or null).
+      resendingId: null,
       rules: {
         required: (v) => !!v || 'Required',
         mail: (v) => /\S+@\S+\.\S+/.test(v) || 'E-mail must be valid',
@@ -167,18 +196,26 @@ export default {
      * @returns {void}
      */
     openCreate() {
-      this.createDialog = { show: true, email: '', valid: false, loading: false };
+      this.createDialog = { show: true, email: '', valid: false, loading: false, createdLink: null, copied: false };
     },
     /**
-     * @desc Submit a new invitation, then refresh the list and close the dialog.
+     * @desc Submit a new invitation. On success the dialog STAYS OPEN showing
+     * the one-time signup link (the list strips tokens server-side, so the
+     * link can only be built here, from the create response).
      * @returns {Promise<void>}
      */
     async submitInvite() {
       this.createDialog.loading = true;
       try {
-        await useInvitationsStore().createInvitation(this.createDialog.email);
+        const created = await useInvitationsStore().createInvitation(this.createDialog.email);
         await this.fetchInvitations();
-        this.createDialog.show = false;
+        const link = this.signupLink(created?.token);
+        if (link) {
+          this.createDialog.createdLink = link;
+          this.createDialog.copied = false;
+        } else {
+          this.createDialog.show = false;
+        }
       } catch {
         // error is surfaced via the view's own error banner (invitations store)
       } finally {
@@ -207,6 +244,49 @@ export default {
         this.deleteDialog.show = false;
       }
     },
+    /**
+     * @desc Build the one-time signup link for a freshly created invitation.
+     * @param {string|undefined} token - invitation token from the create response
+     * @returns {string|null} the absolute signup link, or null without a token
+     */
+    signupLink(token) {
+      if (!token) return null;
+      const base = (this.config.app?.url || window.location.origin).replace(/\/+$/, '');
+      return `${base}/signup?inviteToken=${token}`;
+    },
+    /**
+     * @desc Copy the one-time signup link. Feedback is a local label flip
+     * ('Copy link' → 'Copied') — the global snackbar is interceptor-only and
+     * a clipboard write is not an HTTP call.
+     * @returns {Promise<void>}
+     */
+    async copyCreatedLink() {
+      try {
+        await navigator.clipboard.writeText(this.createDialog.createdLink);
+        this.createDialog.copied = true;
+      } catch {
+        // Clipboard unavailable (permissions / insecure context): the link
+        // stays visible above for manual selection.
+      }
+    },
+    /**
+     * @desc Re-send the invitation email (single-flight per row). The POST
+     * response toasts via the axios interceptor; errors land in the banner.
+     * @param {Object} item - invitation row
+     * @returns {Promise<void>}
+     */
+    async resendInvite(item) {
+      const id = item.id || item._id;
+      if (!id || this.resendingId) return;
+      this.resendingId = id;
+      try {
+        await useInvitationsStore().resendInvitation(id);
+      } catch {
+        // error is surfaced via the view's own error banner (invitations store)
+      } finally {
+        this.resendingId = null;
+      }
+    },
     /**
      * @desc Clear the invitations store error banner.
      * @returns {void}

From 4ee34ff426e62f366ec8631811be81ae1b2099d8 Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 18:38:25 +0200
Subject: [PATCH 09/10] feat(invitations): referrals tab one-time copy-link

Surface the signup link once after create in the account Referrals
form (success alert + clipboard button, local Copied label flip).
Same one-time constraint as the admin dialog: the list payload is
token-stripped, only the create response carries the token.

refs pierreb-devkit/Node#3834
---
 .../invitations.account.view.unit.tests.js    | 65 ++++++++++++++++++-
 .../views/invitations.account.view.vue        | 65 ++++++++++++++++++-
 2 files changed, 127 insertions(+), 3 deletions(-)

diff --git a/src/modules/invitations/tests/invitations.account.view.unit.tests.js b/src/modules/invitations/tests/invitations.account.view.unit.tests.js
index b7227dea0..42cb4b6fe 100644
--- a/src/modules/invitations/tests/invitations.account.view.unit.tests.js
+++ b/src/modules/invitations/tests/invitations.account.view.unit.tests.js
@@ -41,7 +41,7 @@ const stubs = {
 const mountView = () =>
   shallowMount(InvitationsAccount, {
     global: {
-      mocks: { config: { vuetify: { theme: { flat: true, rounded: 'rounded-lg' } } } },
+      mocks: { config: { vuetify: { theme: { flat: true, rounded: 'rounded-lg' } }, app: { url: 'https://app.example.test' } } },
       stubs,
     },
   });
@@ -218,3 +218,66 @@ describe('invitations.account.view', () => {
     expect(wrapper.find('[data-test="referrals-summary"]').exists()).toBe(true);
   });
 });
+
+describe('invitations.account.view — one-time copy-link (#3834)', () => {
+  let store;
+  const writeText = vi.fn();
+
+  beforeEach(() => {
+    // Task 2b's describe leaves the hoisted auth-store mock with signup OPEN
+    // ({ sign: { up: true } }), which hides the <template v-else> form branch
+    // these tests render into — reset to the signup-closed default first.
+    authStoreMock.serverConfig = { sign: { in: true, up: false } };
+    setActivePinia(createPinia());
+    store = useInvitationsStore();
+    store.getInvitations = vi.fn().mockResolvedValue();
+    store.createInvitation = vi.fn().mockResolvedValue({ id: '9', email: 'x@y.co', token: 'tok-9' });
+    writeText.mockReset().mockResolvedValue();
+    Object.defineProperty(globalThis.navigator, 'clipboard', { value: { writeText }, configurable: true });
+  });
+
+  it('submitInvite surfaces the one-time copy link when the response carries a token', async () => {
+    const wrapper = mountView();
+    wrapper.vm.inviteForm.valid = true;
+    wrapper.vm.inviteForm.email = 'new@b.co';
+    await wrapper.vm.submitInvite();
+    expect(wrapper.vm.createdLink).toBe('https://app.example.test/signup?inviteToken=tok-9');
+    expect(wrapper.vm.linkCopied).toBe(false);
+    expect(wrapper.vm.inviteForm.email).toBe(''); // form still resets
+  });
+
+  it('submitInvite without a token leaves the link block hidden (no dead link)', async () => {
+    store.createInvitation = vi.fn().mockResolvedValue({ id: '9', email: 'x@y.co' });
+    const wrapper = mountView();
+    wrapper.vm.inviteForm.valid = true;
+    wrapper.vm.inviteForm.email = 'new@b.co';
+    await wrapper.vm.submitInvite();
+    expect(wrapper.vm.createdLink).toBeNull();
+  });
+
+  it('renders the one-time link block with the copy button when createdLink is set', async () => {
+    const wrapper = mountView();
+    wrapper.vm.createdLink = 'https://app.example.test/signup?inviteToken=tok-9';
+    await wrapper.vm.$nextTick();
+    const block = wrapper.find('[data-test="invite-created-link"]');
+    expect(block.exists()).toBe(true);
+    expect(block.text()).toContain('signup?inviteToken=tok-9');
+    expect(wrapper.find('[data-test="copy-invite-link"]').exists()).toBe(true);
+  });
+
+  it('copyCreatedLink writes to the clipboard and flips Copy link → Copied', async () => {
+    const wrapper = mountView();
+    wrapper.vm.createdLink = 'https://app.example.test/signup?inviteToken=tok-9';
+    await wrapper.vm.copyCreatedLink();
+    expect(writeText).toHaveBeenCalledWith('https://app.example.test/signup?inviteToken=tok-9');
+    expect(wrapper.vm.linkCopied).toBe(true);
+  });
+
+  it('copyCreatedLink clipboard failure: no throw, Copied not shown', async () => {
+    writeText.mockRejectedValueOnce(new Error('denied'));
+    const wrapper = mountView();
+    wrapper.vm.createdLink = 'https://app.example.test/signup?inviteToken=tok-9';
+    await expect(wrapper.vm.copyCreatedLink()).resolves.toBeUndefined();
+    expect(wrapper.vm.linkCopied).toBe(false);
+  });
+});
diff --git a/src/modules/invitations/views/invitations.account.view.vue b/src/modules/invitations/views/invitations.account.view.vue
index b75e3509e..59514b4aa 100644
--- a/src/modules/invitations/views/invitations.account.view.vue
+++ b/src/modules/invitations/views/invitations.account.view.vue
@@ -67,6 +67,39 @@
                 </v-btn>
               </div>
             </v-form>
+            <!-- One-time copy-link: built from the create response only (the list
+                 endpoint strips tokens). Local label-flip feedback — the global
+                 snackbar is interceptor-only and a copy is not an HTTP call. -->
+            <v-alert
+              v-if="createdLink"
+              type="success"
+              variant="tonal"
+              density="compact"
+              class="mt-4"
+              :class="config.vuetify.theme.rounded"
+              data-test="invite-created-link"
+              closable
+              @click:close="createdLink = null"
+            >
+              <div class="d-flex align-center flex-wrap ga-2">
+                <span class="text-body-medium flex-grow-1">
+                  Invitation sent. This signup link is shown only once:
+                  <code class="text-body-small d-block mt-1">{{ createdLink }}</code>
+                </span>
+                <v-btn
+                  color="success"
+                  variant="tonal"
+                  size="small"
+                  :class="config.vuetify.theme.rounded"
+                  class="text-none"
+                  data-test="copy-invite-link"
+                  @click="copyCreatedLink"
+                >
+                  <v-icon start icon="fa-solid fa-copy" size="x-small"></v-icon>
+                  {{ linkCopied ? 'Copied' : 'Copy link' }}
+                </v-btn>
+              </div>
+            </v-alert>
           </template>
         </v-card>
       </v-col>
@@ -140,6 +173,9 @@ export default {
   data() {
     return {
       inviteForm: { email: '', valid: false, loading: false },
+      // One-time copy-link state — set from the create response only.
+      createdLink: null,
+      linkCopied: false,
       inviteHeaders: [
         { text: 'Email', value: 'email', kind: 'email' },
         { text: 'Status', value: 'status', kind: 'slot', slotName: 'status' },
@@ -218,14 +254,17 @@ export default {
       return deriveInviteStatus(item);
     },
     /**
-     * @desc Submit a new invitation, then refresh the list and reset the form.
+     * @desc Submit a new invitation, surface the one-time signup link from the
+     * create response (the list strips tokens), then refresh and reset the form.
      * @returns {Promise<void>}
      */
     async submitInvite() {
       if (this.inviteForm.valid !== true) return;
       this.inviteForm.loading = true;
       try {
-        await useInvitationsStore().createInvitation(this.inviteForm.email);
+        const created = await useInvitationsStore().createInvitation(this.inviteForm.email);
+        this.createdLink = this.signupLink(created?.token);
+        this.linkCopied = false;
         this.inviteForm.email = '';
         this.$refs.inviteForm?.resetValidation?.();
         await this.fetchInvitations();
@@ -235,6 +274,28 @@ export default {
         this.inviteForm.loading = false;
       }
     },
+    /**
+     * @desc Build the one-time signup link for a freshly created invitation.
+     * @param {string|undefined} token - invitation token from the create response
+     * @returns {string|null} the absolute signup link, or null without a token
+     */
+    signupLink(token) {
+      if (!token) return null;
+      const base = (this.config.app?.url || window.location.origin).replace(/\/+$/, '');
+      return `${base}/signup?inviteToken=${token}`;
+    },
+    /**
+     * @desc Copy the one-time signup link — local 'Copy link' → 'Copied' flip.
+     * @returns {Promise<void>}
+     */
+    async copyCreatedLink() {
+      try {
+        await navigator.clipboard.writeText(this.createdLink);
+        this.linkCopied = true;
+      } catch {
+        // Clipboard unavailable: the link stays visible for manual selection.
+      }
+    },
     /**
      * @desc Clear the invitations store error banner.
      * @returns {void}

From 089609a5e5f076fbdf901f28562406e78497a070 Mon Sep 17 00:00:00 2001
From: Pierre Brisorgueil <pierrebrisorgueil@me.com>
Date: Sat, 13 Jun 2026 19:01:21 +0200
Subject: [PATCH 10/10] fix(invitations): encode token in signup link,
 aria-label resend, fix jsdoc

- encodeURIComponent(token) in signupLink() on both admin + account views
- aria-label="Resend invitation" on the icon-only resend button (a11y)
- correct resendInvite() jsdoc: global in-flight guard, not per-row
---
 .../invitations/views/invitations.account.view.vue        | 2 +-
 src/modules/invitations/views/invitations.admin.view.vue  | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/modules/invitations/views/invitations.account.view.vue b/src/modules/invitations/views/invitations.account.view.vue
index 59514b4aa..576f155e1 100644
--- a/src/modules/invitations/views/invitations.account.view.vue
+++ b/src/modules/invitations/views/invitations.account.view.vue
@@ -282,7 +282,7 @@ export default {
     signupLink(token) {
       if (!token) return null;
       const base = (this.config.app?.url || window.location.origin).replace(/\/+$/, '');
-      return `${base}/signup?inviteToken=${token}`;
+      return `${base}/signup?inviteToken=${encodeURIComponent(token)}`;
     },
     /**
      * @desc Copy the one-time signup link — local 'Copy link' → 'Copied' flip.
diff --git a/src/modules/invitations/views/invitations.admin.view.vue b/src/modules/invitations/views/invitations.admin.view.vue
index f9655a6ef..8e24e5c1e 100644
--- a/src/modules/invitations/views/invitations.admin.view.vue
+++ b/src/modules/invitations/views/invitations.admin.view.vue
@@ -44,6 +44,7 @@
               size="small"
               variant="text"
               color="primary"
+              aria-label="Resend invitation"
               :loading="resendingId === (item.id || item._id)"
               :disabled="item.status !== 'pending'"
               :data-test="`resend-invitation-${item.id || item._id}`"
@@ -252,7 +253,7 @@ export default {
     signupLink(token) {
       if (!token) return null;
       const base = (this.config.app?.url || window.location.origin).replace(/\/+$/, '');
-      return `${base}/signup?inviteToken=${token}`;
+      return `${base}/signup?inviteToken=${encodeURIComponent(token)}`;
     },
     /**
      * @desc Copy the one-time signup link. Feedback is a local label flip
@@ -270,8 +271,9 @@ export default {
       }
     },
     /**
-     * @desc Re-send the invitation email (single-flight per row). The POST
-     * response toasts via the axios interceptor; errors land in the banner.
+     * @desc Re-send the invitation email (single global in-flight guard — only
+     * one resend at a time across all rows). The POST response toasts via the
+     * axios interceptor; errors land in the banner.
      * @param {Object} item - invitation row
      * @returns {Promise<void>}
      */