refactor(auth): replace JWT/password-lock with token guards

components/header.tsx

@@ -1,6 +1,7 @@
 'use client';
 
-import { useAuth } from '@/lib/auth-context';
+import { useEffect, useState } from 'react';
+import { authApi } from '@/lib/api';
 
 interface HeaderProps {
   title: string;
@@ -11,11 +12,24 @@ interface HeaderProps {
 }
 
 export default function Header({ title, subtitle, imageUrl, actions, maxWidth = 'max-w-7xl' }: HeaderProps) {
-  const { isAuthenticated } = useAuth();
+  const [isAdmin, setIsAdmin] = useState(false);
+
+  useEffect(() => {
+    let cancelled = false;
+    (async () => {
+      try {
+        const who = await authApi.whoami();
+        if (!cancelled) setIsAdmin(who.role === 'admin');
+      } catch {
+        if (!cancelled) setIsAdmin(false);
+      }
+    })();
+    return () => { cancelled = true; };
+  }, []);
 
   return (
     <>
-      {isAuthenticated && (
+      {isAdmin && (
         <div className="sticky top-0 z-50 bg-amber-50 dark:bg-amber-900/40 border-b border-amber-200/70 dark:border-amber-800/60 backdrop-blur">
           <div className={`${maxWidth} mx-auto py-3 px-4 sm:px-6 lg:px-8`}>
             <p className="text-center text-sm text-amber-900 dark:text-amber-100">