Major Enhancement: NestJS Migration + CASL Authorization + Error Handling

Complete rewrite from Express to NestJS with enterprise-grade features:

## Backend Improvements
- Migrated from Express to NestJS 11.0.1 with TypeScript
- Implemented Prisma ORM 7.3.0 for type-safe database access
- Added CASL authorization system replacing role-based guards
- Created global exception filters with structured logging
- Implemented Auth0 JWT authentication with Passport.js
- Added vehicle management with conflict detection
- Enhanced event scheduling with driver/vehicle assignment
- Comprehensive error handling and logging

## Frontend Improvements
- Upgraded to React 19.2.0 with Vite 7.2.4
- Implemented CASL-based permission system
- Added AbilityContext for declarative permissions
- Created ErrorHandler utility for consistent error messages
- Enhanced API client with request/response logging
- Added War Room (Command Center) dashboard
- Created VIP Schedule view with complete itineraries
- Implemented Vehicle Management UI
- Added mock data generators for testing (288 events across 20 VIPs)

## New Features
- Vehicle fleet management (types, capacity, status tracking)
- Complete 3-day Jamboree schedule generation
- Individual VIP schedule pages with PDF export (planned)
- Real-time War Room dashboard with auto-refresh
- Permission-based navigation filtering
- First user auto-approval as administrator

## Documentation
- Created CASL_AUTHORIZATION.md (comprehensive guide)
- Created ERROR_HANDLING.md (error handling patterns)
- Updated CLAUDE.md with new architecture
- Added migration guides and best practices

## Technical Debt Resolved
- Removed custom authentication in favor of Auth0
- Replaced role checks with CASL abilities
- Standardized error responses across API
- Implemented proper TypeScript typing
- Added comprehensive logging

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

backend/src/auth/auth.service.ts

@@ -0,0 +1,66 @@
+import { Injectable, Logger } from '@nestjs/common';
+import { PrismaService } from '../prisma/prisma.service';
+import { Role } from '@prisma/client';
+
+@Injectable()
+export class AuthService {
+  private readonly logger = new Logger(AuthService.name);
+
+  constructor(private prisma: PrismaService) {}
+
+  /**
+   * Validate and get/create user from Auth0 token payload
+   */
+  async validateUser(payload: any) {
+    const namespace = 'https://vip-coordinator-api';
+    const auth0Id = payload.sub;
+    const email = payload[`${namespace}/email`] || payload.email || `${auth0Id}@auth0.local`;
+    const name = payload[`${namespace}/name`] || payload.name || 'Unknown User';
+    const picture = payload[`${namespace}/picture`] || payload.picture;
+
+    // Check if user exists
+    let user = await this.prisma.user.findUnique({
+      where: { auth0Id },
+      include: { driver: true },
+    });
+
+    if (!user) {
+      // Check if this is the first user (auto-approve as admin)
+      const userCount = await this.prisma.user.count();
+      const isFirstUser = userCount === 0;
+
+      this.logger.log(
+        `Creating new user: ${email} (isFirstUser: ${isFirstUser})`,
+      );
+
+      // Create new user
+      user = await this.prisma.user.create({
+        data: {
+          auth0Id,
+          email,
+          name,
+          picture,
+          role: isFirstUser ? Role.ADMINISTRATOR : Role.DRIVER,
+          isApproved: isFirstUser, // Auto-approve first user
+        },
+        include: { driver: true },
+      });
+
+      this.logger.log(
+        `User created: ${user.email} with role ${user.role} (approved: ${user.isApproved})`,
+      );
+    }
+
+    return user;
+  }
+
+  /**
+   * Get current user profile
+   */
+  async getCurrentUser(auth0Id: string) {
+    return this.prisma.user.findUnique({
+      where: { auth0Id },
+      include: { driver: true },
+    });
+  }
+}