fix: skip 401 redirect for auth endpoints to prevent login interference

The API client's 401 handler was intercepting responses from /auth/*
endpoints (login, register, me), throwing "Session expired" before the
actual response could reach the caller. This prevented the login form
from working — the AuthProvider's me() call returned 401, threw, and
the error propagated into the login flow.

Now the 401 redirect only triggers for non-auth API calls (where it
genuinely indicates an expired session). Auth endpoints handle their
own error responses normally.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

frontend/src/api/client.ts

@@ -55,11 +55,8 @@ class ApiClient {
     });
 
     if (!response.ok) {
-      if (response.status === 401) {
+      if (response.status === 401 && !url.includes('/auth/')) {
-        const path = window.location.pathname;
+        window.location.href = '/login';
-        if (path !== '/login' && path !== '/register') {
-          window.location.href = '/login';
-        }
         throw { status: 401, message: 'Session expired' } satisfies ApiError;
       }
 

frontend/src/api/syntheses.ts

@@ -45,10 +45,7 @@ export async function fetchFile(path: string): Promise<Response> {
 
   if (!response.ok) {
     if (response.status === 401) {
-      const path = window.location.pathname;
+      window.location.href = '/login';
-      if (path !== '/login' && path !== '/register') {
-        window.location.href = '/login';
-      }
     }
     const errorBody = await response.json().catch(() => ({ error: 'Unknown error' }));
     throw {