feat(dashboard): GuruConnect v2 operator console (pass 1)

React + Vite + TypeScript SPA: scaffold, operations-terminal design
system, Bearer-token auth, and the Machines view.

- Design system: OKLCH-tinted dark theme (ink-slate + signal-cyan),
  Hanken Grotesk + JetBrains Mono, status-color language
  (online/offline/granted/pending/denied/not_required), motion with
  prefers-reduced-motion honored.
- Auth: token in sessionStorage via ref (never React state), protected
  routes, 401 session teardown, admin-gated per-agent-key UI.
- Machines view: data table (sticky header, keyboard-activated rows,
  skeleton loading, actionable empty/error states), non-blocking detail
  drawer, delete confirm, admin key management with copy-once reveal.
- UI primitives: Modal (focus trap + inert + portal + dialogStack),
  Drawer, Table, Badge/StatusDot, toast, states.
- Typed API client normalizing the two error-envelope shapes.

Passed Code Review (no blockers), impeccable critique-and-polish, and
local gates (tsc/lint/build green). Dev-only Vite proxy to :3002.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

dashboard/src/api/auth.ts

@@ -0,0 +1,20 @@
+import { http } from "./client";
+import type { LoginRequest, LoginResponse, User } from "./types";
+
+/** POST /api/auth/login — exchange credentials for a JWT + user record. */
+export function login(credentials: LoginRequest): Promise<LoginResponse> {
+  // skipAuthRedirect: a 401 here is "bad credentials", not "session expired".
+  return http.post<LoginResponse>("/api/auth/login", credentials, {
+    skipAuthRedirect: true,
+  });
+}
+
+/** GET /api/auth/me — restore the current user from a stored token. */
+export function getMe(): Promise<User> {
+  return http.get<User>("/api/auth/me");
+}
+
+/** POST /api/auth/logout — revoke the current token server-side. */
+export function logout(): Promise<{ message: string }> {
+  return http.post<{ message: string }>("/api/auth/logout");
+}