[AZ-460] [AZ-462] [AZ-466] [AZ-475] Batch 4 - destructive UX/forms/overlay/save

AZ-466 — Destructive UX policy + ConfirmDialog a11y + no-alert (4pts):
  src/components/ConfirmDialog.test.tsx (8 fast),
  tests/destructive_ux.test.tsx (4 fast, AdminPage class-delete drift),
  e2e/tests/destructive_ux.e2e.ts. New static checks STC-SEC7 (alert
  allowlist) + STC-SEC8 (destructive-surfaces gated/drift) wired through
  scripts/check-banned-deps.mjs reading tests/security/banned-deps.json.

AZ-475 — Numeric form input rejection (2pts):
  tests/form_hygiene.test.tsx (3 fast). Documents two SettingsPage drifts:
  silent zero coercion via parseInt(v)||0 and labels missing htmlFor.

AZ-462 — Overlay membership at in-window edges (2pts):
  tests/overlay_membership.test.tsx (6 fast). Documents getTimeWindowDetections
  strict < drift; AC-1 boundary tests are it.fails(); AC-2 / control PASS.
  Mocks HTMLCanvasElement.getContext to capture strokeRect.

AZ-460 — Annotation save URL + payload contract (2pts):
  tests/annotations_endpoint.test.tsx (6 fast),
  e2e/tests/annotations_endpoint.e2e.ts. AC-1 URL canary PASSes; AC-2
  payload missing 4 fields documented as it.fails(); AC-3 manual-draw
  PASS, AI-suggestion-accept + bulk-edit-save QUARANTINE skip.

Test infrastructure:
  - tests/setup.ts: NoopResizeObserver + NoopEventSource JSDOM polyfills.
  - tests/msw/handlers/annotations.ts: doubly-prefixed paths matching
    production calls (e.g. /api/annotations/annotations).
  - tests/msw/handlers/flights.ts: plural /aircrafts paths.

Verification: bun run test:fast → 80 passed, 13 skipped (14 files).
scripts/run-tests.sh --static-only → 24/24 PASS (was 22; +STC-SEC7/SEC8).
Per-batch self-review verdict: PASS_WITH_WARNINGS. Cumulative review
of batches 04-06 due after batch 6 per implement/SKILL.md Step 14.5.
Report: _docs/03_implementation/batch_04_report.md.

Also includes the previously-untracked
_docs/03_implementation/cumulative_review_batches_01-03_report.md
generated at the start of this session before batch 4 began.

Co-authored-by: Cursor <cursoragent@cursor.com>

scripts/run-tests.sh

@@ -196,6 +196,18 @@ if [ "$RUN_STATIC" = "true" ]; then
     node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=concurrent_edit_patterns
   }
 
+  # AZ-466 — NFT-SEC-07 (no alert() outside the seeded allowlist) and
+  # NFT-SEC-08 (every destructive surface is reviewed: gated by ConfirmDialog
+  # OR recorded as known drift). Both delegate to check-banned-deps.mjs which
+  # reads tests/security/banned-deps.json.
+  static_check_no_alert() {
+    node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=alert_calls
+  }
+
+  static_check_destructive_surfaces() {
+    node "$PROJECT_ROOT/scripts/check-banned-deps.mjs" --kind=destructive_surfaces
+  }
+
   # AZ-482 — NFT-SEC-09 AC-1 dist/ portion. The src/ counterpart is STC-SEC1
   # below; this check runs AFTER `bun run build` (STC-B1) so dist/ exists.
   static_check_no_owm_key_in_dist() {
@@ -376,6 +388,8 @@ if [ "$RUN_STATIC" = "true" ]; then
   run_static "STC-CI11" "CI image tag + OCI labels (woodpecker)" "AC-32" "70" static_check_ci_image_labels
   run_static "STC-SEC13" "no legacy integrations in src/" "SEC-13" "n/a"  static_check_no_legacy_integrations
   run_static "STC-SEC14" "no concurrent-edit reconcile (AC-N1)" "SEC-14" "n/a"  static_check_no_concurrent_edit
+  run_static "STC-SEC7" "no alert() outside allowlist"        "SEC-07"  "AZ-466"  static_check_no_alert
+  run_static "STC-SEC8" "destructive surfaces reviewed (gated/drift)" "SEC-08"  "AZ-466"  static_check_destructive_surfaces
   run_static "STC-T1"  "tsc --noEmit (test config)"     "AC-6"   "n/a"  static_check_typecheck
   run_static "STC-B1"  "vite build succeeds"            "AC-6"   "n/a"  static_check_vite_build
   run_static "STC-S5"  "mission-planner not in dist/"   "AC-31"  "n/a"  static_check_dist_no_mission_planner