Two email changes, per the owner:
1. Code-only login from an installed PWA. A login requested while running as a
standalone PWA now omits the one-tap confirm link from the email — the link
would open in a separate browser whose minted session cannot reach the PWA,
stranding the login. The code is typed in the same window instead. The client
sends a `pwa` flag (isStandalone) on the email-code request (a new FBS field,
threaded through the gateway); the backend omits the deeplink when it is set,
reusing the existing deletion-code link-omission path. Non-PWA browser logins
keep the one-tap link. No polling, no migration.
2. Security: the operator alert digest no longer embeds the admin-console (/_gm)
URL. An admin link must never travel in an email, where a mail provider could
cache or index it; the operator opens the console directly.
Tests: an inttest asserting the PWA login email omits the link (and a browser one
keeps it); a codec round-trip of the new pwa field; the alert-digest test flipped
to guard the admin link is absent. Docs: ARCHITECTURE + FUNCTIONAL (+ru).