- make iframe auto-login/reload flow race-safe and lint-compliant
- normalize API base joins and replace conflict sentinels with typed errors
- tighten proxy port validation and defer cursor preset apply until models load
- add ui api-client unit coverage for path and conflict helpers