docs: consolidate audit and analysis reports into docs/audits/

Move 36 root-level audit/analysis documents and 7 web app audit documents
into docs/audits/ directory to declutter the project root. Remove stale
EXPLORATION_SUMMARY.txt.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

docs/audits/IMAGE_AUDIT_SUMMARY.txt

@@ -0,0 +1,258 @@
+╔════════════════════════════════════════════════════════════════════════════╗
+║                    IMAGE USAGE AUDIT - QUICK SUMMARY                      ║
+║                        GoodGo Web App (apps/web/)                         ║
+╚════════════════════════════════════════════════════════════════════════════╝
+
+📊 AUDIT RESULTS
+════════════════════════════════════════════════════════════════════════════
+
+✅ HTML <img> Tags (Production):             0 found
+⚠️  HTML <img> Tags (Test Mocks):           4 found (acceptable)
+✅ next/image Imports:                       8 files using properly
+✅ Image-Specific Components:                3 components
+✅ Image Configuration:                      Properly configured
+✅ CSP Headers:                              Properly configured
+✅ Accessibility:                            Full support
+
+
+1️⃣  HTML <IMG> TAGS
+════════════════════════════════════════════════════════════════════════════
+
+Production Usage: EXCELLENT ✅
+  • 0 HTML <img> tags in production code
+  • All uses replaced with Next.js Image component
+  • Only exception: temporary blob URLs in image-upload (acceptable)
+
+Test Usage: ACCEPTABLE ⚠️
+  • 3 test files mock next/image component with <img>
+    - app/[locale]/(public)/__tests__/landing.spec.tsx:37
+    - app/[locale]/(public)/search/__tests__/search.spec.tsx:46
+    - app/[locale]/(dashboard)/dashboard/__tests__/dashboard.spec.tsx:14
+
+  • 1 production use of <img> for file preview:
+    - components/listings/image-upload.tsx:144
+    - Purpose: Display blob URL preview before upload
+
+
+2️⃣  NEXT/IMAGE IMPORTS
+════════════════════════════════════════════════════════════════════════════
+
+8 Files Using next/image:
+
+  COMPONENTS:
+  ✓ components/listings/image-gallery.tsx (127 lines)
+    → Main gallery viewer with thumbnails
+    → Uses: Image component (lines 46, 106)
+    → Features: fill + sizes prop, responsive, priority loading
+
+  ✓ components/listings/image-lightbox.tsx (349 lines)
+    → Fullscreen image viewer
+    → Uses: Image component (lines 249, 335)
+    → Features: Keyboard nav, swipe support, preloading
+
+  ✓ components/search/property-card.tsx
+    → Property thumbnail cards
+    → Uses: Image for first listing media
+
+  ✓ components/agents/agent-profile-client.tsx
+    → Agent avatars and agent's listings
+    → Uses: Image (line 50 for avatar, line 337 for listings)
+
+  ✓ components/comparison/comparison-table.tsx
+    → Comparison table property images
+    → Uses: Image for listing thumbnails
+
+  PAGES:
+  ✓ app/[locale]/(admin)/admin/kyc/page.tsx
+  ✓ app/[locale]/(dashboard)/listings/page.tsx
+  ✓ app/[locale]/(dashboard)/dashboard/page.tsx
+
+
+3️⃣  IMAGE-SPECIFIC COMPONENTS
+════════════════════════════════════════════════════════════════════════════
+
+Component 1: ImageGallery
+├─ Location: components/listings/image-gallery.tsx
+├─ Lines: 127 total
+├─ Purpose: Main gallery viewer
+├─ Features:
+│  ✓ Primary image with thumbnails
+│  ✓ Navigation arrows
+│  ✓ Counter display
+│  ✓ Lightbox integration
+│  ✓ Responsive sizes: (max-width: 768px) 100vw, 60vw
+│  └─ Fallback: "Chưa có hình ảnh"
+
+Component 2: ImageLightbox
+├─ Location: components/listings/image-lightbox.tsx
+├─ Lines: 349 total
+├─ Purpose: Fullscreen viewer
+├─ Features:
+│  ✓ Keyboard navigation (Arrow Left/Right, Escape)
+│  ✓ Touch swipe support
+│  ✓ Focus trap accessibility
+│  ✓ Image preloading for adjacent images
+│  ✓ Thumbnail navigation at bottom
+│  └─ Responsive sizing: 100vw
+
+Component 3: ImageUpload
+├─ Location: components/listings/image-upload.tsx
+├─ Lines: 175 total
+├─ Purpose: File upload with preview
+├─ Features:
+│  ✓ Drag-drop file handling
+│  ✓ Validation: JPEG, PNG, WebP
+│  ✓ Max size: 10MB per image
+│  ✓ Max files: 20 images
+│  ✓ Object URL cleanup (prevents memory leaks)
+│  ✓ Preview grid with delete buttons
+│  └─ Cover photo indicator
+
+
+4️⃣  PROPERTY/LISTING IMAGE COMPONENTS
+════════════════════════════════════════════════════════════════════════════
+
+Components Rendering Property Images:
+
+  PropertyCard
+  ├─ File: components/search/property-card.tsx
+  └─ Usage: First listing media as card thumbnail
+
+  ListingDetailClient
+  ├─ File: components/listings/listing-detail-client.tsx
+  └─ Usage: Integrates ImageGallery (line 92)
+
+  AgentProfileClient
+  ├─ File: components/agents/agent-profile-client.tsx
+  └─ Usage: Agent avatar + active listings images
+
+  ComparisonTable
+  ├─ File: components/comparison/comparison-table.tsx
+  └─ Usage: First media for each listing in comparison
+
+  ListingCard (in AgentProfileClient)
+  ├─ File: components/agents/agent-profile-client.tsx
+  └─ Usage: Listing images in agent's portfolio
+
+
+5️⃣  NEXT.JS IMAGE CONFIGURATION
+════════════════════════════════════════════════════════════════════════════
+
+File: apps/web/next.config.js
+
+Configuration:
+  images: {
+    remotePatterns: [
+      {
+        protocol: 'https',
+        hostname: '**',
+      },
+    ],
+  }
+
+Analysis:
+  ✅ Permissive remotePatterns allows all HTTPS domains
+  ✅ Protocol restricted to HTTPS (security)
+  ✅ Sensible for multi-source property platform
+  ⚠️  Wildcard hostname - ensure API validates image URLs
+
+CSP Headers (lines 34-47):
+  img-src 'self' data: blob: https://*.mapbox.com https://*.tiles.mapbox.com https:
+
+Analysis:
+  ✅ Allows blob: URLs (file upload preview)
+  ✅ Allows data: URLs (inline base64)
+  ✅ Allows self-hosted images
+  ✅ Allows Mapbox tiles
+  ✅ Allows all HTTPS sources
+
+
+6️⃣  IMAGE UTILITIES & HELPERS
+════════════════════════════════════════════════════════════════════════════
+
+No Dedicated Image Utility Libraries Found
+
+Inline Utilities:
+  In image-upload.tsx:
+  ✓ URL.createObjectURL() for blob preview (line 36)
+  ✓ URL.revokeObjectURL() for cleanup (lines 50, 80)
+
+  In image-lightbox.tsx:
+  ✓ useSwipe() hook (lines 19-52) - touch gestures
+  ✓ useFocusTrap() hook (lines 56-99) - accessibility
+  ✓ Image preloading with new window.Image() (line 185)
+
+
+7️⃣  ACCESSIBILITY & PERFORMANCE
+════════════════════════════════════════════════════════════════════════════
+
+Accessibility Features:
+  ✅ Alt text on all images
+  ✅ Vietnamese localization
+  ✅ ARIA labels for galleries
+  ✅ Keyboard navigation (Arrow keys, Escape)
+  ✅ Focus trap in modal
+  ✅ Tab trapping for accessibility
+
+Performance Optimizations:
+  ✅ priority prop for above-fold images
+  ✅ sizes prop for responsive images
+  ✅ fill + sizes for gallery
+  ✅ Image preloading in lightbox
+  ✅ Blob URL cleanup on unmount
+  ✅ Object URL revocation (prevent memory leaks)
+
+Potential Improvements:
+  ⚠️  Add skeleton/blur placeholders during load
+  ⚠️  Implement image compression before upload
+  ⚠️  Add image resize optimization on upload
+
+
+8️⃣  SECURITY OBSERVATIONS
+════════════════════════════════════════════════════════════════════════════
+
+Secure Practices:
+  ✅ Remote patterns restricted to HTTPS only
+  ✅ CSP headers properly configured
+  ✅ blob: URLs only for temporary client-side previews
+  ✅ No inline image data in components
+
+Points to Monitor:
+  ⚠️  Validate image URLs at API layer
+  ⚠️  Scan user-uploaded images for malware
+  ⚠️  Consider CDN integration for scaling
+
+
+9️⃣  RECOMMENDATIONS
+════════════════════════════════════════════════════════════════════════════
+
+Priority 1 (Implement Soon):
+  1. Add image URL validation at API layer
+  2. Implement image scanning for user uploads
+  3. Consider CDN integration
+
+Priority 2 (Nice to Have):
+  1. Add skeleton/blur placeholders
+  2. Implement image compression before upload
+  3. Add image resize worker on upload
+
+Priority 3 (Future):
+  1. Implement image caching strategy
+  2. Progressive image loading (LQIP)
+  3. EXIF data removal for privacy
+
+
+🔟 OVERALL GRADE
+════════════════════════════════════════════════════════════════════════════
+
+  HTML <img> Tags:           ✅ A+ (0 production uses)
+  next/image Implementation: ✅ A+ (properly across 8 files)
+  Image Configuration:       ✅ A  (good, could validate URLs)
+  Accessibility:             ✅ A+ (comprehensive support)
+  Performance:               ✅ A  (good, could add placeholders)
+  Security:                  ✅ A  (good, ensure API validation)
+  Code Quality:              ✅ A+ (clean, well-organized)
+
+  Overall Score:             ✅ A+ EXCELLENT
+
+════════════════════════════════════════════════════════════════════════════