feat: add MFA/TOTP auth, PII encryption, agents/leads/inquiries modules, and comprehensive tests

- Add TOTP-based MFA with setup, verify, disable, backup codes, and challenge flow
- Add PII field encryption middleware with AES-256-GCM and deterministic search hashes
- Add agents, inquiries, and leads domain modules with entities, events, value objects
- Add web dashboard pages for inquiries and leads with detail dialogs
- Add 30+ component tests (valuation, charts, listings, search, providers, UI)
- Add Prisma migrations for encryption hash columns and MFA TOTP support
- Fix all ESLint errors (unused imports, duplicate imports, lint auto-fixes)
- Update dependencies and lock file
- Clean up obsolete exploration/QA docs, add audit documentation

Co-Authored-By: Paperclip <noreply@paperclip.ing>

apps/web/lib/hooks/use-inquiries.ts

@@ -0,0 +1,34 @@
+import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
+import { inquiriesApi, type ListInquiriesParams } from '@/lib/inquiries-api';
+
+export const inquiriesKeys = {
+  all: ['inquiries'] as const,
+  myInquiries: (params: ListInquiriesParams) => ['inquiries', 'my', params] as const,
+  byListing: (listingId: string, params: ListInquiriesParams) =>
+    ['inquiries', 'listing', listingId, params] as const,
+};
+
+export function useMyInquiries(params: ListInquiriesParams = {}) {
+  return useQuery({
+    queryKey: inquiriesKeys.myInquiries(params),
+    queryFn: () => inquiriesApi.getMyInquiries(params),
+  });
+}
+
+export function useInquiriesByListing(listingId: string, params: ListInquiriesParams = {}) {
+  return useQuery({
+    queryKey: inquiriesKeys.byListing(listingId, params),
+    queryFn: () => inquiriesApi.getByListing(listingId, params),
+    enabled: !!listingId,
+  });
+}
+
+export function useMarkInquiryRead() {
+  const queryClient = useQueryClient();
+  return useMutation({
+    mutationFn: (id: string) => inquiriesApi.markAsRead(id),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: inquiriesKeys.all });
+    },
+  });
+}

apps/web/lib/hooks/use-leads.ts

@@ -0,0 +1,58 @@
+import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query';
+import {
+  leadsApi,
+  type CreateLeadPayload,
+  type LeadStatus,
+  type ListLeadsParams,
+} from '@/lib/leads-api';
+
+export const leadsKeys = {
+  all: ['leads'] as const,
+  list: (params: ListLeadsParams) => ['leads', 'list', params] as const,
+  stats: () => ['leads', 'stats'] as const,
+};
+
+export function useLeads(params: ListLeadsParams = {}) {
+  return useQuery({
+    queryKey: leadsKeys.list(params),
+    queryFn: () => leadsApi.getLeads(params),
+  });
+}
+
+export function useLeadStats() {
+  return useQuery({
+    queryKey: leadsKeys.stats(),
+    queryFn: () => leadsApi.getStats(),
+  });
+}
+
+export function useCreateLead() {
+  const queryClient = useQueryClient();
+  return useMutation({
+    mutationFn: (data: CreateLeadPayload) => leadsApi.create(data),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: leadsKeys.all });
+    },
+  });
+}
+
+export function useUpdateLeadStatus() {
+  const queryClient = useQueryClient();
+  return useMutation({
+    mutationFn: ({ id, status }: { id: string; status: LeadStatus }) =>
+      leadsApi.updateStatus(id, status),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: leadsKeys.all });
+    },
+  });
+}
+
+export function useDeleteLead() {
+  const queryClient = useQueryClient();
+  return useMutation({
+    mutationFn: (id: string) => leadsApi.delete(id),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: leadsKeys.all });
+    },
+  });
+}