Add E2E tests, fix bugs

Made-with: Cursor

_docs/02_document/modules/user.md

@@ -0,0 +1,68 @@
+# Module: user
+
+## Purpose
+
+Defines the authenticated user model and role enumeration for authorization decisions.
+
+## Public Interface
+
+### Enums
+
+#### `RoleEnum` (cdef enum)
+
+| Value            | Numeric |
+|------------------|---------|
+| NONE             | 0       |
+| Operator         | 10      |
+| Validator        | 20      |
+| CompanionPC      | 30      |
+| Admin            | 40      |
+| ResourceUploader | 50      |
+| ApiAdmin         | 1000    |
+
+### Classes
+
+#### `User` (cdef class)
+
+| Attribute | Type     | Visibility |
+|-----------|----------|------------|
+| id        | str      | public     |
+| email     | str      | public     |
+| role      | RoleEnum | public     |
+
+| Method     | Signature                                         | Description |
+|------------|---------------------------------------------------|-------------|
+| `__init__` | `(self, str id, str email, RoleEnum role)` | Constructor |
+
+## Internal Logic
+
+No logic — pure data class with enum.
+
+## Dependencies
+
+- **Internal**: none (leaf module)
+- **External**: none
+
+## Consumers
+
+- `api_client` — creates `User` instances from JWT claims in `set_token()`, maps role strings to `RoleEnum`
+
+## Data Models
+
+`RoleEnum` + `User` are the data models.
+
+## Configuration
+
+None.
+
+## External Integrations
+
+None.
+
+## Security
+
+Role hierarchy is implicit in numeric values but no authorization enforcement logic exists here.
+
+## Tests
+
+No tests found.