[AZ-460] [AZ-462] [AZ-466] [AZ-475] Batch 4 - destructive UX/forms/overlay/save

AZ-466 — Destructive UX policy + ConfirmDialog a11y + no-alert (4pts):
  src/components/ConfirmDialog.test.tsx (8 fast),
  tests/destructive_ux.test.tsx (4 fast, AdminPage class-delete drift),
  e2e/tests/destructive_ux.e2e.ts. New static checks STC-SEC7 (alert
  allowlist) + STC-SEC8 (destructive-surfaces gated/drift) wired through
  scripts/check-banned-deps.mjs reading tests/security/banned-deps.json.

AZ-475 — Numeric form input rejection (2pts):
  tests/form_hygiene.test.tsx (3 fast). Documents two SettingsPage drifts:
  silent zero coercion via parseInt(v)||0 and labels missing htmlFor.

AZ-462 — Overlay membership at in-window edges (2pts):
  tests/overlay_membership.test.tsx (6 fast). Documents getTimeWindowDetections
  strict < drift; AC-1 boundary tests are it.fails(); AC-2 / control PASS.
  Mocks HTMLCanvasElement.getContext to capture strokeRect.

AZ-460 — Annotation save URL + payload contract (2pts):
  tests/annotations_endpoint.test.tsx (6 fast),
  e2e/tests/annotations_endpoint.e2e.ts. AC-1 URL canary PASSes; AC-2
  payload missing 4 fields documented as it.fails(); AC-3 manual-draw
  PASS, AI-suggestion-accept + bulk-edit-save QUARANTINE skip.

Test infrastructure:
  - tests/setup.ts: NoopResizeObserver + NoopEventSource JSDOM polyfills.
  - tests/msw/handlers/annotations.ts: doubly-prefixed paths matching
    production calls (e.g. /api/annotations/annotations).
  - tests/msw/handlers/flights.ts: plural /aircrafts paths.

Verification: bun run test:fast → 80 passed, 13 skipped (14 files).
scripts/run-tests.sh --static-only → 24/24 PASS (was 22; +STC-SEC7/SEC8).
Per-batch self-review verdict: PASS_WITH_WARNINGS. Cumulative review
of batches 04-06 due after batch 6 per implement/SKILL.md Step 14.5.
Report: _docs/03_implementation/batch_04_report.md.

Also includes the previously-untracked
_docs/03_implementation/cumulative_review_batches_01-03_report.md
generated at the start of this session before batch 4 began.

Co-authored-by: Cursor <cursoragent@cursor.com>

tests/security/banned-deps.json

@@ -81,5 +81,38 @@
     "patterns": [
       "335799082893fad97fa36118b131f919"
     ]
+  },
+  "alert_calls": {
+    "ac": "NFT-SEC-07 (AZ-466 AC-5) — no alert() in production source",
+    "scope": "src/ and mission-planner/ (production sources; tests excluded)",
+    "match": "ripgrep-pattern",
+    "patterns": [
+      "\\balert\\s*\\("
+    ],
+    "$allowlist_comment": "Snapshot of currently-allowed alert() locations. Phase B feature tasks should drain this list one entry at a time. New alerts are blocked by the static check; removing an entry is a code-review-visible improvement.",
+    "allowlist": [
+      "src/features/annotations/MediaList.tsx",
+      "src/features/flights/FlightsPage.tsx",
+      "mission-planner/src/flightPlanning/JsonEditorDialog.tsx",
+      "mission-planner/src/flightPlanning/flightPlan.tsx"
+    ]
+  },
+  "destructive_surfaces": {
+    "ac": "NFT-SEC-08 (AZ-466 AC-4) — every destructive surface is reviewed and either gated by ConfirmDialog or recorded as a known drift",
+    "scope": "src/ files that call api.delete( or destructive api.patch(",
+    "match": "file-level: a file containing a destructive call MUST be listed below; new destructive surfaces FAIL the check",
+    "patterns": [
+      "api\\.delete\\(",
+      "api\\.patch\\([^,]+,\\s*\\{\\s*isActive\\s*:"
+    ],
+    "$gated_comment": "Files that perform destructive mutations AND wire ConfirmDialog around them. Code review checks the wiring per file.",
+    "gated": [
+      "src/features/annotations/MediaList.tsx",
+      "src/features/flights/FlightsPage.tsx"
+    ],
+    "$drift_comment": "Files that perform destructive mutations WITHOUT a ConfirmDialog gate today. Phase B follow-up tasks land the gate and move each entry to `gated`. Adding a new entry here requires a code-review reason.",
+    "drift": [
+      "src/features/admin/AdminPage.tsx"
+    ]
   }
 }