M64_006: auth e2e continuation + W3 carry-over changelog

[indykish]

Summary

• New <Update label="May 11, 2026"> entry on the changelog covers the useClientToken retirement, the eight unblocked Playwright authenticated specs, the <RadioGroup> primitive ship, the zombiectl coverage uplift, and the auth-e2e-dev + auth-e2e-prod CI jobs.
• Sits above the May 11 nanos/BYOK breaking-change entry — rendered chronologically by Mintlify.
• Companion code PR: M64_006: auth e2e continuation + W3 carry-over usezombie#317

Test plan

• Mintlify dev preview renders the new <Update> block above the existing May 11 entry.
• Tags render: Internal, Testing, CI.
• No marketing words (banned: "seamless", "magical", "powerful", "robust"); lead paragraph states the change, not the announcement.
• Bullets follow **Bold lead-noun** — consequence-first shape.

🤖 Generated with Claude Code

Greptile Summary

This PR adds a new <Update label="May 11, 2026"> changelog entry documenting the M64_006 auth e2e continuation work: useClientToken retirement, eight unblocked Playwright tests, the <RadioGroup> primitive ship, zombiectl coverage uplift, and the two new CI jobs.

• useClientToken retired — all six dashboard mutation routes now use per-route Server Actions via the withToken<T> shared wrapper; the api-template JWT is never exposed to the browser.
• Eight new/unblocked Playwright tests — three previously test.fixme specs (lifecycle, kill, signup) and five new test files (multi-zombie, multi-workspace, settings-billing, events, logs-detail) now run in CI.
• CI pipeline additions — auth-e2e-dev and auth-e2e-prod jobs added to the dev deploy and post-prod smoke workflows respectively.

Confidence Score: 5/5

Documentation-only changelog entry — no executable code changed, and the vault path exposure flagged in earlier review rounds is no longer present in the current diff.

The change is a single MDX block describing already-shipped work. The previously raised vault-path exposure (op:// references) has been addressed; what remains are minor terminology nits against the AGENTS.md style guide.

No files require special attention beyond the terminology note on changelog.mdx.

Important Files Changed

Filename	Overview
changelog.mdx	Adds a new May 11 block covering the auth e2e uplift; terminology nit — "dashboard" used in place of "Mission Control" per AGENTS.md.

Sequence Diagram

sequenceDiagram
    participant Browser
    participant SA as Server Action<br/>(per-route actions.ts)
    participant WT as withToken wrapper<br/>(lib/actions/with-token.ts)
    participant API as API backend<br/>(api-dev / api.usezombie.com)

    Note over Browser,API: Before M64_006 - client-side token fetch
    Browser->>Browser: fetch token client-side
    Browser->>API: mutation request with token

    Note over Browser,API: After M64_006 - server-side token mint
    Browser->>SA: invoke mutation
    SA->>WT: withToken(handler)
    WT->>API: server mints token, calls API
    API-->>WT: response
    WT-->>SA: ActionResult of T
    SA-->>Browser: ok plus data OR ok false plus error

Loading

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
changelog.mdx:22-28
**`dashboard` used instead of product name `Mission Control`**

`AGENTS.md` says "Use 'Mission Control' for the web dashboard (app.usezombie.com)." The heading ("Authenticated **dashboard** e2e ungated") and the body ("eight **dashboard** lifecycles", "every **dashboard** mutation") each use the informal term instead of the product name. These should read "Authenticated Mission Control e2e ungated", "eight Mission Control lifecycles", and "every Mission Control mutation" to match the terminology standard.

_{Reviews (2): Last reviewed commit: "docs(changelog): redact 1Password vault ..." | Re-trigger Greptile}

Context used:

• Context used - AGENTS.md (source)