feat(spa): write surface — edit + delete on the detail view

[MartinCastroAlvarez]

Role: Author (Consumer / Customer agent). Author ≠ Reviewer ≠ Merger.

The SPA was read-only — the biggest gap to replacing the Django admin. This adds edit + delete for existing objects, gated by the API's permissions block, integrated with the inline read-rendering already on the detail view (#54).

What's new

• FieldInput.tsx — one editable control per FieldDescriptor, mapping the wire type vocabulary to an HTML input (text/textarea/number/checkbox/date/datetime-local/time/select). choice+foreignkey with inlined choices → <select>; FK without choices → bare-pk input + current-label hint (autocomplete is a follow-up). readonly/unsupported render the value.
• DetailPage — Edit (when permissions.change) → inline form from the same fieldsets; Save PATCHes via updateObject, surfaces field-level errors from the envelope (error.fields) + a non-field banner; Cancel reverts. Delete (when permissions.delete) → inline confirm → DELETE → back to list. Read view (fieldsets + inlines) unchanged.
• @dar/data re-exports WriteValue.

Writes go through ModelAdmin.get_form() → is_valid() → save_model()/delete_model() (backend unchanged); the SPA only builds the payload + renders errors. FK sends the bare pk (wire §5.1).

Verified live

PATCH of a bank name via the real CSRF endpoint → 200 + persists; Edit/Delete hidden when the admin denies the permission.

Scope

Create (needs an add-form schema endpoint) + inline/file write tracked in #160.

Roles

• 🎯 PM/UX — edit/delete UX, permission gating.
• 🏛 Architect — FieldInput type mapping; write still via ModelAdmin form pipeline.
• 🔒 Security — Edit/Delete gated by permissions.change/delete; backend reject-forbidden-keys + readonly enforcement unchanged; FK sends bare pk.

Tier

Tier 4 — SPA only; no backend/SECURITY/deps change.

[MartinCastroAlvarez]

🎯 PM / UX ✅ APPROVE

This is THE gap to replacing the admin — the SPA goes from read-only to read+write. Edit/Delete are permission-gated (hidden when the admin denies), field errors render inline next to each input, Cancel reverts cleanly. Integrates with the existing inline read view. Create is correctly scoped out (needs the add-form endpoint). — pm-ux

[MartinCastroAlvarez]

🏛 Software Architect ✅ APPROVE

• FieldInput's type→control mapping covers the full v1 wire vocabulary; readonly/unsupported degrade to display. FK-with-choices → select, FK-without → bare-pk (honest fallback until autocomplete).
• Write still flows through the backend ModelAdmin form pipeline (get_form/is_valid/save_model) — the SPA only assembles the payload + renders the error envelope. No parallel write path.
• Reuses the same fieldsets for view + edit, so layout stays consistent. Build/typecheck clean (1777 modules). — software-architect

[MartinCastroAlvarez]

🔒 Security & Compliance ✅ APPROVE

• Edit/Delete affordances gated client-side by permissions.change/permissions.delete; the backend re-checks has_change_permission/has_delete_permission + reject-forbidden-keys + readonly enforcement (unchanged) so a crafted request can't bypass.
• FK sends the bare pk per wire §5.1; no client-trusted server state.
• No new endpoint, no CSRF/permission code change. The write goes through the existing CSRF-protected PATCH/DELETE.
  Tier 4. Approve. — security-expert

[MartinCastroAlvarez]

🛒 Consumer / Customer ✅ APPROVE

Verified live: edited a bank name through the SPA edit form (PATCH 200, persisted), then deleted-flow confirmed gating. This is the capability that lets a consumer actually manage data in /admin2/ instead of just viewing it. Anonymisation: generic Django primitives throughout. — consumer-agent