[QA] All tests pass. Browser verification confirms auth endpoints use correct URLs (/auth/* not /api/auth/*). See /tmp/qa-PPLX-53.md for full report.

## Issue Analysis The auth API client functions (`login`, `logout`, `checkAuth`) already existed in `src/src/api/backend.ts` but were using the wrong base URL. **Problem Found:** - Auth endpoints in the backend are mounted at `/auth/*` (without `/api` prefix) - see `backend/main.py:481` - But the frontend was calling `${API_BASE_URL}/auth/login` which resolves to `/api/auth/login` - This mismatch meant the auth functions would fail in production ## Changes Made ### 1. `src/src/api/backend.ts` (line 151) - Added `AUTH_BASE_URL` constant: `http://localhost:8000` (without `/api` suffix) - Updated `checkAuth()` to use `AUTH_BASE_URL` and added `credentials: include` - Updated `login()` to use `AUTH_BASE_URL` - Updated `logout()` to use `AUTH_BASE_URL` ### 2. `src/src/pages/LoginPageContainer.test.tsx` (line 21-22) - Added `AUTH_URL` constant for tests - Updated all `/auth/*` endpoint mocks to use `AUTH_URL` instead of `BASE_URL` ## Test Results All tests pass: - 30 LoginPageContainer tests pass - 29 backend auth tests pass - 34 API client tests pass ## Acceptance Criteria Status - Login function calls correct endpoint (`/auth/login` at root, not `/api/auth/login`) - Logout function calls correct endpoint (`/auth/logout` at root) - Cookies sent/received automatically (`credentials: include` on all auth requests) - Errors handled with APIError (via `handleResponse`) - TypeScript types correct (`LoginResponse`, `AuthCheckResponse`, etc.) - `credentials: include` on all auth requests