## Summary
- **Fix CI build failure**: Auth0Client crashes during Next.js
prerendering when env vars aren't set. Returns a no-op stub (`getSession
→ null`) when domain is missing — semantically correct for static
generation
- **Lazy-load markdown libs (~260kb)**: ReactMarkdown, remarkGfm, and
react-syntax-highlighter were eagerly imported in monaco-diff-viewer but
only rendered when user expands "Generated Tests". Extracted into a
dynamic component
- **Parallelize repo detail query**: `getRepositoryById` ran the
activity count sequentially after the repo lookup. Since `repoId` is
already available, all three queries now run in parallel
## Test plan
- [ ] CI `build` check passes (was failing since #2598)
- [ ] Trace page still renders generated tests correctly when expanded
- [ ] Repository detail page loads correctly with activity status
## Summary
- Run `npm audit fix` to resolve 12 of 14 vulnerabilities
- Fixed: axios (critical), brace-expansion, defu, effect/prisma,
minimatch, picomatch, qs, rollup, vite, yaml
- Remaining 2 moderate (`dompurify` via `monaco-editor`) have no
upstream fix yet
## Test plan
- [ ] Verify cf-webapp builds successfully
- [ ] Verify no regressions in dev server
## Summary
- Upgrade Next.js from 16.1.6 to 16.2.3
- Add `suppressHydrationWarning` to `<html>` tag to fix `next-themes`
hydration mismatch
- Remove unnecessary `isClient` guard in `ThemeProvider` that caused
script tag warning
- Redirect unauthenticated `/roadmap` visitors to `/login` instead of
`/`
## Test plan
- [ ] Verify `/roadmap` redirects to `/login` when not logged in
- [ ] Verify `/roadmap` loads correctly when logged in as team member
- [ ] Verify no hydration warnings in browser console
- [ ] Verify dark/light theme switching still works
