Fix blank-screen on load + close 3 admin gaps (v0.1.0:79)

The web UI rendered a blank screen for every user. Root cause: the page
loaded @babel/standalone from unpkg with no version pin, so the CDN silently
served Babel 8.0.0. Babel 8 defaults @babel/preset-react to the automatic JSX
runtime, which prepends `import {jsx} from "react/jsx-runtime"` to the compiled
output. An ESM import is illegal in this classic (non-module) inline <script>,
so the browser rejected the whole bundle and React never mounted — hence the
blank screen. The prior "verified live" checks were server-up/curl, which can't
catch a browser-render failure.

- Pin @babel/standalone@7.29.7 (its preset-react defaults to the classic
  React.createElement runtime). Verified via headless render: app mounts, login
  screen renders, no console error. Follow-up: vendor + SRI-pin the CDN libs so
  a third party can't swap our front-end deps in production again.
- Close three server-side admin gaps surfaced by a permissions audit — endpoints
  that were UI-hidden from members but not API-enforced: GET /api/users,
  /api/email/status, /api/email/accounts now require_admin. Removed the now-dead
  non-admin mailbox-row filter. 21/21 backend tests green; py_compile clean.

backend/email_integration/routes.py

@@ -115,7 +115,9 @@ def _require_admin(handler) -> Optional[dict]:
 # ---------------------------------------------------------------------------- GET handlers
 
 def _h_status(handler):
-    user = _require_auth(handler)
+    # Email Capture is an admin-only surface (nav-hidden from members); these read
+    # endpoints expose mailbox/sync metadata, so enforce admin server-side too.
+    user = _require_admin(handler)
     if not user:
         return
     snap = _sched.status_snapshot()
@@ -150,7 +152,9 @@ def _h_status(handler):
 
 
 def _h_list_accounts(handler):
-    user = _require_auth(handler)
+    # Admin-only: the mailbox list (addresses, sync state, errors) belongs to the
+    # admin-only Email Capture surface. Enforced server-side, not just nav-hidden.
+    user = _require_admin(handler)
     if not user:
         return
     conn = _conn()
@@ -180,9 +184,6 @@ def _h_list_accounts(handler):
             r["matched"] = matched.get(r["id"], 0)
     finally:
         conn.close()
-    # Non-admins only see their own row
-    if user.get("role") != "admin":
-        rows = [r for r in rows if r["user_id"] == user["user_id"]]
     handler.send_json({"accounts": rows})
 
 

backend/server.py

@@ -3914,6 +3914,11 @@ class CRMHandler(BaseHTTPRequestHandler):
         return self.send_json({"data": res})
 
     def handle_list_users(self, user):
+        # The full user directory (names, emails, roles) is admin-only — it is only
+        # consumed by the admin section of Settings. The nav already hides it from
+        # members; this enforces the same boundary server-side.
+        if not require_admin(user):
+            return self.send_error_json("Admin access required", 403)
         conn = get_db()
         users = rows_to_list(conn.execute(
             "SELECT id, username, email, full_name, role, is_active, created_at FROM users ORDER BY full_name"

frontend/index.html

@@ -8,7 +8,11 @@
     <link rel="shortcut icon" href="/assets/ten31-inverted-square.png">
     <script crossorigin src="https://unpkg.com/react@18/umd/react.production.min.js"></script>
     <script crossorigin src="https://unpkg.com/react-dom@18/umd/react-dom.production.min.js"></script>
-    <script src="https://unpkg.com/@babel/standalone/babel.min.js"></script>
+    <!-- Pinned: Babel 8 defaults @babel/preset-react to the automatic JSX runtime,
+         which emits `import {jsx} from "react/jsx-runtime"` — illegal in this classic
+         (non-module) inline script and blanks the whole app. Stay on the 7.x line,
+         whose preset-react defaults to the classic runtime (React.createElement). -->
+    <script src="https://unpkg.com/@babel/standalone@7.29.7/babel.min.js"></script>
     <style>
         @import url('https://fonts.googleapis.com/css2?family=IBM+Plex+Sans:wght@400;500;600;700&family=IBM+Plex+Mono:wght@500;600&display=swap');
 

start9/0.4/startos/utils.ts

@@ -43,8 +43,9 @@ export const PACKAGE_TITLE = 'Ten31 Database'
 //   * 0.1.0:75 (Phase-A digest SMTP: per-package "Configure Digest SMTP" action writes /data/secrets/smtp/*; entrypoint exports SMTP_*; backend smtp_send.py + admin "send test email" endpoint + Settings→Admin "Send Test Digest Email" button)
 //   * 0.1.0:76 (digest send via Gmail DWD: backend/email_integration/gmail_send.py uses the existing service account's gmail.compose scope for users.messages.send; digest_mailer prefers Gmail DWD and falls back to SMTP; the admin test endpoint + Settings button route through it — no app password needed when Gmail is enabled)
 //   * 0.1.0:77 (daily activity digest — Phase B: digest_builder builds by-team-member [per-user Spark narrative, never Claude] + by-investor [inbound+outbound, deduped] sections; always-on digest_scheduler reads a DB-backed policy; enable/send-time in Settings→Admin via GET/PATCH /api/admin/digest/policy; POST /api/admin/digest/send-now + "Send Digest Now" button)
-//   * Current:        0.1.0:78 (retire legacy lp_profiles + orphaned LP Tracker; Dashboard "Total Committed" repointed onto the fundraising grid [graveyard-excluded], "Total Funded" dropped; /api/lp-profiles* + lp-breakdown report removed; contact-dossier LP section + demo-seed LP block removed)
+//   * 0.1.0:78 (retire legacy lp_profiles + orphaned LP Tracker; Dashboard "Total Committed" repointed onto the fundraising grid [graveyard-excluded], "Total Funded" dropped; /api/lp-profiles* + lp-breakdown report removed; contact-dossier LP section + demo-seed LP block removed)
-export const PACKAGE_VERSION = '0.1.0:78'
+//   * Current:        0.1.0:79 (HOTFIX blank-screen: pin @babel/standalone@7.29.7 — the unpinned CDN upgraded to Babel 8, whose preset-react automatic JSX runtime emits an ESM import that blanks the classic inline-script app; plus close 3 server-side admin gaps: GET /api/users, /api/email/status, /api/email/accounts now require_admin)
+export const PACKAGE_VERSION = '0.1.0:79'
 
 export const DATA_MOUNT_PATH = '/data'
 export const WEB_PORT = 8080

start9/0.4/startos/versions/index.ts

@@ -39,8 +39,9 @@ import { v_0_1_0_75 } from './v0.1.0.75'
 import { v_0_1_0_76 } from './v0.1.0.76'
 import { v_0_1_0_77 } from './v0.1.0.77'
 import { v_0_1_0_78 } from './v0.1.0.78'
+import { v_0_1_0_79 } from './v0.1.0.79'
 
 export const versionGraph = VersionGraph.of({
-  current: v_0_1_0_78,
+  current: v_0_1_0_79,
-  other: [v_0_1_0_39, v_0_1_0_40, v_0_1_0_41, v_0_1_0_42, v_0_1_0_43, v_0_1_0_44, v_0_1_0_45, v_0_1_0_46, v_0_1_0_47, v_0_1_0_48, v_0_1_0_49, v_0_1_0_50, v_0_1_0_51, v_0_1_0_52, v_0_1_0_53, v_0_1_0_54, v_0_1_0_55, v_0_1_0_56, v_0_1_0_57, v_0_1_0_58, v_0_1_0_59, v_0_1_0_60, v_0_1_0_61, v_0_1_0_62, v_0_1_0_63, v_0_1_0_64, v_0_1_0_65, v_0_1_0_66, v_0_1_0_67, v_0_1_0_68, v_0_1_0_69, v_0_1_0_70, v_0_1_0_71, v_0_1_0_72, v_0_1_0_73, v_0_1_0_74, v_0_1_0_75, v_0_1_0_76, v_0_1_0_77],
+  other: [v_0_1_0_39, v_0_1_0_40, v_0_1_0_41, v_0_1_0_42, v_0_1_0_43, v_0_1_0_44, v_0_1_0_45, v_0_1_0_46, v_0_1_0_47, v_0_1_0_48, v_0_1_0_49, v_0_1_0_50, v_0_1_0_51, v_0_1_0_52, v_0_1_0_53, v_0_1_0_54, v_0_1_0_55, v_0_1_0_56, v_0_1_0_57, v_0_1_0_58, v_0_1_0_59, v_0_1_0_60, v_0_1_0_61, v_0_1_0_62, v_0_1_0_63, v_0_1_0_64, v_0_1_0_65, v_0_1_0_66, v_0_1_0_67, v_0_1_0_68, v_0_1_0_69, v_0_1_0_70, v_0_1_0_71, v_0_1_0_72, v_0_1_0_73, v_0_1_0_74, v_0_1_0_75, v_0_1_0_76, v_0_1_0_77, v_0_1_0_78],
 })

start9/0.4/startos/versions/v0.1.0.79.ts

@@ -0,0 +1,25 @@
+import { VersionInfo } from '@start9labs/start-sdk'
+
+// HOTFIX — restore the web UI (every user was getting a blank screen) + close three
+// server-side admin gaps. Code-only, no schema change (migrations are no-ops):
+//   * Pin @babel/standalone to 7.29.7. The page loaded Babel from unpkg with no version
+//     pin, so unpkg silently served Babel 8.0.0. Babel 8 defaults @babel/preset-react to
+//     the automatic JSX runtime, which prepends `import {jsx} from "react/jsx-runtime"`
+//     to the compiled output — an ESM import is illegal in this classic (non-module)
+//     inline <script>, so the browser rejected the whole bundle and React never mounted.
+//     The 7.x line defaults preset-react to the classic runtime (React.createElement),
+//     which restores the prior, working behavior. (Follow-up: vendor + SRI-pin the CDN
+//     libs so a third party can't swap our front-end deps in production again.)
+//   * Enforce admin server-side on three GET endpoints that were UI-hidden but not
+//     API-enforced: /api/users, /api/email/status, /api/email/accounts.
+export const v_0_1_0_79 = VersionInfo.of({
+  version: '0.1.0:79',
+  releaseNotes: {
+    en_US: [
+      'Fixes a blank screen on load caused by an upstream Babel CDN upgrade; the web app',
+      'now loads reliably. Also tightens admin-only access controls on a few internal',
+      'endpoints. No data changes.',
+    ].join(' '),
+  },
+  migrations: { up: async () => {}, down: async () => {} },
+})