- Added `databack/mysql-backup` service to the production docker-compose Swarm stack, scheduling a daily 02:55 AM cron backup of the database with a 3-day local retention policy.
- Fixed a critical race condition in the backend JWT authentication middleware where an invalid token returning 401 could crash the response flow if the route executed before the defensive checks caught it.
- Added strict undefined defensive checks to the `getUserById` endpoint and RBAC middleware to gracefully reject requests that somehow bypass the token parser.
- Updated `GEMINI.md` technical documentation to fully match the real codebase logic.
- Fixed UX rule to prevent `manager` role from seeing Funnels or Origins tabs in the sidebar.
- Blocked `agent` role from modifying their own 'fullName' string in the Profile UI.
