feat(pwa): implement real offline mode with IndexedDB sync

Add genuine offline read/write capability for trips:

- Dexie IndexedDB schema (trips, places, packing, todo, budget,
  reservations, files, mutationQueue, syncMeta, blobCache)
- Repo layer for all domains: offline reads from Dexie, writes
  optimistically to Dexie and enqueue mutations for later replay
- Mutation queue with UUID idempotency keys (X-Idempotency-Key),
  FIFO flush, temp-ID reconciliation on 2xx, fail-and-continue on 4xx
- Trip sync manager: caches all trips with end_date >= today or null,
  auto-evicts 7d after end_date, fetches bundle endpoint in one request
- Map tile prefetcher: bbox from place coords, zooms 10-16, 50MB cap,
  warms SW cache via fetch
- Sync triggers: network online → flush + syncAll; WS reconnect →
  flush only (rate-limiter safe); visibilitychange/30s → flush only
- WS remoteEventHandler writes through to Dexie on every event
- Server idempotency middleware + idempotency_keys table (migration 100,
  24h TTL nightly cleanup)
- GET /api/trips/:id/bundle endpoint for efficient single-request sync
- OfflineBanner component: amber (offline) / blue (syncing) / hidden
- OfflineTab in Settings: cached trip list, re-sync and clear actions
- usePendingMutations hook for per-item pending indicators

Closes #505 #541

server/src/middleware/auth.ts

@@ -3,6 +3,7 @@ import jwt from 'jsonwebtoken';
 import { db } from '../db/database';
 import { JWT_SECRET } from '../config';
 import { AuthRequest, OptionalAuthRequest, User } from '../types';
+import { applyIdempotency } from './idempotency';
 
 export function extractToken(req: Request): string | null {
   // Prefer httpOnly cookie; fall back to Authorization: Bearer (MCP, API clients)
@@ -38,7 +39,7 @@ const authenticate = (req: Request, res: Response, next: NextFunction): void =>
     return;
   }
   (req as AuthRequest).user = user;
-  next();
+  applyIdempotency(req, res, next, user.id);
 };
 
 /** Like `authenticate` but rejects requests that don't carry an httpOnly session cookie.

server/src/middleware/idempotency.ts

@@ -0,0 +1,59 @@
+import { Request, Response, NextFunction } from 'express';
+import { db } from '../db/database';
+
+const MUTATING_METHODS = new Set(['POST', 'PUT', 'PATCH', 'DELETE']);
+
+interface IdempotencyRow {
+  status_code: number;
+  response_body: string;
+}
+
+/**
+ * Called from within `authenticate` after req.user is set.
+ *
+ * For mutating requests carrying X-Idempotency-Key:
+ * - If (key, userId) already stored: replays the cached response.
+ * - Otherwise: wraps res.json to capture and store a successful response.
+ *
+ * Storing happens in idempotency_keys (24h TTL, cleaned by scheduler).
+ */
+export function applyIdempotency(req: Request, res: Response, next: NextFunction, userId: number): void {
+  if (!MUTATING_METHODS.has(req.method)) {
+    next();
+    return;
+  }
+
+  const key = req.headers['x-idempotency-key'] as string | undefined;
+  if (!key) {
+    next();
+    return;
+  }
+
+  // Return cached response if key already processed for this user
+  const existing = db.prepare(
+    'SELECT status_code, response_body FROM idempotency_keys WHERE key = ? AND user_id = ?'
+  ).get(key, userId) as IdempotencyRow | undefined;
+
+  if (existing) {
+    res.status(existing.status_code).json(JSON.parse(existing.response_body));
+    return;
+  }
+
+  // Wrap res.json to capture the response on first successful execution
+  const originalJson = res.json.bind(res);
+  res.json = function (body: unknown): Response {
+    if (res.statusCode >= 200 && res.statusCode < 300) {
+      try {
+        db.prepare(
+          `INSERT OR IGNORE INTO idempotency_keys (key, user_id, method, path, status_code, response_body, created_at)
+           VALUES (?, ?, ?, ?, ?, ?, ?)`
+        ).run(key, userId, req.method, req.path, res.statusCode, JSON.stringify(body), Math.floor(Date.now() / 1000));
+      } catch {
+        // Non-fatal: if storage fails, the request still succeeds
+      }
+    }
+    return originalJson(body);
+  };
+
+  next();
+}