a8472ddeed
Root cause: the employee fixture used by the 'logs in active employees with a signed token and company context' test did not include emailVerified: true, so the auth.employee.service.login guard at line 108 correctly rejected the login with 401 email_not_verified. Changes: - Added emailVerified: true to the shared employee fixture - Added a new negative test that verifies login rejects employees with emailVerified: false (401 email_not_verified) The production email-verification guard in auth.employee.service.ts remains unchanged and strictly enforced.