Adds a full CRUD system for user-defined violation types stored in a new
violation_types table. Custom types appear in the violation dropdown alongside
hardcoded types, grouped by category, with ✦ marker and a green Custom badge.
- db/database.js: auto-migration adds violation_types table on startup
- server.js: GET/POST/PUT/DELETE /api/violation-types; type_key auto-generated
as custom_<slug>; DELETE blocked if any violations reference the type
- ViolationTypeModal.jsx: create/edit modal with name, category (datalist
autocomplete from existing categories), handbook chapter reference,
description/reference text, fixed vs sliding point toggle, context field
checkboxes; delete with usage guard
- ViolationForm.jsx: fetches custom types on mount; merges into dropdown via
mergedGroups memo; resolveViolation() checks hardcoded then custom; '+ Add
Type' button above dropdown; 'Edit Type' button appears when a custom type is
selected; newly created type auto-selects; all audit calls flow through
existing audit() helper
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds express.static middleware for the demo/ directory mounted at /demo,
placed before the SPA catch-all so /demo/index.html resolves to the
standalone stakeholder demo page instead of the React app.
The /api/employees/:id/score endpoint previously only returned data from
the active_cpas_scores view (active_points + violation_count for the 90-day
window). The EmployeeModal score cards reference total_violations and
negated_count which were undefined, causing blank displays.
Now queries the violations table directly for all-time totals alongside
the rolling 90-day active data.
- POST /api/violations now accepts acknowledged_by and acknowledged_date
- Both fields added to AMENDABLE_FIELDS whitelist for post-submission edits
- Acknowledgment data persisted to DB and passed through to PDF generation
