Implement company AI onboarding/recommendation models, services, repository, and tender UI integration with supporting tests.
Co-authored-by: Cursor <cursoragent@cursor.com>
Addresses PR review on the auth interceptor:
- Guard against unbounded retry recursion: tag the replayed request with
extra['auth_retried'] and skip the refresh/replay path on a second 401 so
it can't recurse refresh -> replay indefinitely. Drop the redundant manual
Authorization header on the replay (onRequest re-injects it).
- Fix the concurrent-refresh race: coalesce concurrent 401s onto a single
in-flight refresh future so the rotating refresh token is only consumed
once, instead of later refreshes posting an already-consumed token and
spuriously logging out. (Chose the shared-future approach over
QueuedInterceptor, which deadlocks with the replay-via-same-Dio pattern.)
- Centralise the 'bearer' / 'refresh_token' / 'customer_data' pref keys in
a PrefKeys constants class used by the interceptor, network manager, auth
service and router so they can't silently diverge.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>