After Supabase auth succeeds the store calls POST /api/devices/check-lock
(x-device-id auto-attached via apiFetch). A 409 DEVICE_LOCKED response
triggers a Supabase sign-out and returns { deviceLocked } instead of
proceeding. The signin screen swaps to DeviceLockedPanel which shows:
- lock icon + headline + explanatory body
- amber countdown badge if a release is already in progress
- grey hint pointing to the email notification
- primary CTA to go back and sign in with the original account
Backend TODO: POST /api/devices/check-lock endpoint — same device-lock
query as login.post.ts but callable with a valid Supabase session token
(for email-login flow that bypasses /api/auth/login).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- mail/MailAccountSettingsSheet: handleSaveTitle + handleSavePassword now
dismiss sheet FIRST, then trigger parent SuccessAlert via setTimeout(350ms).
Fixes iOS "already presenting" crash + page-freeze when editing mailbox name.
Also fixes double-click-needed UX bug.
- stores/auth: signOut adds WebBrowser.coolDownAsync() to clear OAuth cookies.
signInWithOAuth for Google adds prompt=select_account — forces account-picker
on every sign-in attempt instead of auto-reusing previous account.
- app/(app)/index: feed page uses colors.groupedBg instead of colors.bg —
matches iOS Mail/Messages list-style, post-cards stand out clearer.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
