Security
Estimate data is now properly restricted by role. Previously, field technicians could view AI-generated line items, unit prices, totals, overhead/profit margins, and tax rates on every phase — despite their role having no estimate permissions.
Estimate data is now hidden across all UI surfaces: the sidebar no longer shows the Estimates link, estimate tabs don't appear on phase details, and direct navigation to estimate URLs safely redirects to the scope view. Server-side validation ensures API calls are also blocked for unauthorized roles.
This closes a confidentiality gap while maintaining full functionality for owner, admin, project manager, and accounting roles.