bfdf0c9987
passlib 1.7.4 has a known bug with bcrypt 4.x on Python 3.13 where detect_wrap_bug passes an over-72-byte hash as a password, causing ValueError on every login attempt. Switched to bcrypt.hashpw/checkpw directly, removing the passlib dependency entirely. Also fixed 401 page reload on /auth/login endpoint. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>