PR-feedback round on #60:
- Time-zone field is now a continent-grouped <select> populated from
`Intl.supportedValuesOf("timeZone")`, with the browser-detected
zone pre-selected when no value is stored. A stored zone the
runtime no longer advertises is preserved as an "Other" entry.
- Saving the profile no longer kicks the user back to the lobby:
the form stays put and shows a transient `saved` notice, cleared
on the next edit. Only `cancel` returns to the lobby.
- New `lib/account-store.svelte.ts` caches `user.account.get` for
the session; lobby + profile share it through `account.ensure()`,
so navigating Overview ⇄ Profile no longer flashes the
"loading account…" placeholder or fires a second gateway call.
Profile save writes through to the store so the shell identity
strip picks up the new display name without refetching. Cleared
on logout to prevent identity bleed between accounts.
- e2e: existing 4 cases adjusted for save-stay; added two new ones
for the timezone dropdown and identity-strip stability across
navigation.
- Docs: `ui/docs/lobby.md` updated to describe the shared cache,
the new timezone picker shape, and the save-stay behaviour.
Implements ui/PLAN.md Phase 7 end-to-end:
- /login two-step form (email -> code) over the gateway public REST
surface; /lobby placeholder issues the first authenticated
user.account.get and renders the decoded display name.
- SessionStore (Svelte 5 runes) with loading / unsupported / anonymous /
authenticated states; layout-level route guard, browser-not-supported
blocker, and a minimal SubscribeEvents revocation watcher that closes
the active client within 1s on a clean stream end or
Unauthenticated.
- VITE_GATEWAY_BASE_URL + VITE_GATEWAY_RESPONSE_PUBLIC_KEY config plus
AuthError taxonomy in api/auth.ts.
- Vitest (auth-api, session-store, login-page) and Playwright e2e
(auth-flow.spec.ts) on the four configured projects, with a fixture
Ed25519 keypair forging Connect-Web JSON responses.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Ilia Denisov