/* ------------------------------------------------------------
   Auth recovery screens — Forgot / Activate / Reset
   Loaded alongside pages/login/site.css (whose .login__* brand
   chrome these screens reuse). Only the net-new recovery pieces
   live here; the split-panel shell, brand panel and card come
   from the login styles.
   ------------------------------------------------------------ */

/* Brand-panel eyebrow (login brand has no eyebrow of its own) */
.login__brand-eyebrow {
  font-family: var(--f-head);
  font-size: 11px; font-weight: 700;
  letter-spacing: 0.18em; text-transform: uppercase;
  color: var(--brand-red-soft);
  margin-bottom: 14px;
}

/* Mobile: collapse the split panel to a 180px brand strip + form.
   Scoped to pages that load this file, so Login is unaffected. */
@media (max-width: 768px) {
  .login {
    grid-template-columns: 1fr;
    grid-template-rows: 180px 1fr;
  }
  .login__brand { padding: 20px; }
  .login__brand-body,
  .login__brand-foot { display: none; }
  .login__card-wrap { padding: 30px 18px; overflow-y: auto; }
}

/* -------------------- Link verification (SPA shell) -------------------- */
/* Pending state shown while js/pages/auth/site.js verifies the activate/reset
   token against the API; replaced by the form or the invalid-link state. */
.auth-pending {
  display: flex; align-items: center; justify-content: center; gap: 10px;
  padding: 34px 0;
  color: var(--text-2);
  font-size: 13px;
}
.auth-pending__spinner {
  width: 18px; height: 18px;
  flex-shrink: 0;
  border-radius: 50%;
  border: 2px solid var(--border-strong);
  border-top-color: var(--primary);
  animation: bt-spin 0.7s linear infinite; /* keyframes live in core/components/components.css */
}

/* -------------------- Form header -------------------- */
.auth-form .field { margin-bottom: 16px; }

.auth-fhead { margin-bottom: 24px; }
.auth-fhead__eyebrow {
  font-family: var(--f-head);
  font-size: 11px; font-weight: 700;
  letter-spacing: 0.14em; color: var(--primary);
  text-transform: uppercase;
  margin-bottom: 6px;
}
.auth-fhead__title {
  font-family: var(--f-head);
  font-size: 26px; font-weight: 700;
  letter-spacing: -0.01em;
  margin: 0; line-height: 1.1;
}
.auth-fhead__sub {
  margin: 10px 0 0;
  color: var(--text-2);
  font-size: 13px; line-height: 1.55;
}

/* -------------------- Identity card -------------------- */
.auth-identity {
  display: flex; align-items: center; gap: 12px;
  padding: 12px 14px;
  background: var(--surface-alt);
  border: 1px solid var(--border);
  border-radius: 6px;
  margin-bottom: 22px;
}
.auth-identity__avatar {
  width: 40px; height: 40px;
  border-radius: 50%;
  background: var(--ink); color: white;
  display: grid; place-items: center;
  font-family: var(--f-head);
  font-weight: 700; font-size: 14px;
  letter-spacing: 0.02em;
  flex-shrink: 0;
}
.auth-identity__body { flex: 1; min-width: 0; line-height: 1.3; }
.auth-identity__name { font-weight: 600; font-size: 13px; color: var(--ink); }
.auth-identity__meta {
  font-size: 11px; color: var(--text-2);
  display: flex; align-items: center; gap: 8px;
}
.auth-identity__user { font-family: var(--f-mono); }
.auth-identity__sep {
  width: 3px; height: 3px; border-radius: 50%;
  background: var(--text-3);
}
.auth-id-pill {
  font-size: 10px;
  padding: 3px 8px;
  border-radius: 99px;
  font-family: var(--f-head);
  font-weight: 700;
  letter-spacing: 0.10em;
  text-transform: uppercase;
  border: 1px solid currentColor;
  flex-shrink: 0;
}
.auth-id-pill--ok   { background: var(--st-approved-bg); color: var(--st-approved); }
.auth-id-pill--info { background: var(--st-printed-bg);  color: var(--st-printed); }

/* -------------------- Password rules -------------------- */
.auth-rules {
  list-style: none; padding: 0; margin: 10px 0 0;
  display: grid; gap: 6px;
}
.auth-rule {
  display: flex; align-items: center; gap: 8px;
  font-size: 12px; color: var(--text-2);
  transition: color var(--dur-fast);
}
.auth-rule__bullet {
  width: 16px; height: 16px;
  border-radius: 50%;
  display: grid; place-items: center;
  flex-shrink: 0;
  background: var(--surface-2);
  border: 1px solid var(--border-strong);
  color: white;
  transition: background var(--dur-fast), border-color var(--dur-fast);
}
.auth-rule__bullet svg { opacity: 0; transition: opacity var(--dur-fast); }
.auth-rule.is-met { color: var(--st-approved); }
.auth-rule.is-met .auth-rule__bullet {
  background: var(--st-approved);
  border-color: var(--st-approved);
}
.auth-rule.is-met .auth-rule__bullet svg { opacity: 1; }

/* -------------------- Strength meter -------------------- */
.auth-meter { margin-top: 10px; }
.auth-meter__bars { display: flex; gap: 4px; }
.auth-meter__bar {
  flex: 1; height: 4px;
  border-radius: 2px;
  background: var(--surface-2);
  transition: background 160ms;
}
.auth-meter__label {
  margin-top: 6px;
  font-size: 11px;
  font-family: var(--f-head);
  letter-spacing: 0.10em;
  text-transform: uppercase;
  font-weight: 700;
  color: var(--text-3);
}
.auth-meter[data-pw-strength="1"] .auth-meter__bar:nth-child(-n+1) { background: var(--st-rejected); }
.auth-meter[data-pw-strength="1"] .auth-meter__label { color: var(--st-rejected); }
.auth-meter[data-pw-strength="2"] .auth-meter__bar:nth-child(-n+2) { background: var(--warning); }
.auth-meter[data-pw-strength="2"] .auth-meter__label { color: var(--warning); }
.auth-meter[data-pw-strength="3"] .auth-meter__bar:nth-child(-n+3) { background: var(--st-printed); }
.auth-meter[data-pw-strength="3"] .auth-meter__label { color: var(--st-printed); }
.auth-meter[data-pw-strength="4"] .auth-meter__bar { background: var(--st-approved); }
.auth-meter[data-pw-strength="4"] .auth-meter__label { color: var(--st-approved); }

/* -------------------- Notes & helpers -------------------- */
.auth-note {
  margin-top: 18px;
  padding: 10px 12px;
  background: var(--surface-alt);
  border-radius: 6px;
  font-size: 12px;
  color: var(--text-2);
  line-height: 1.55;
  display: flex; gap: 8px; align-items: flex-start;
}
.auth-note svg { flex-shrink: 0; margin-top: 1px; }
.auth-note--info  { border-left: 3px solid var(--st-printed); }
.auth-note--info svg { color: var(--st-printed); }
.auth-note--ok    { border-left: 3px solid var(--st-approved); }
.auth-note--ok svg { color: var(--st-approved); }
.auth-note--muted svg { color: var(--text-2); }
.auth-note a { color: var(--primary); font-weight: 600; text-decoration: none; }
.auth-note a:hover { text-decoration: underline; }

.auth-back-row {
  margin-top: 22px;
  text-align: center;
  font-size: 13px;
}
.auth-back-link {
  color: var(--primary);
  font-weight: 600;
  text-decoration: none;
  display: inline-flex; align-items: center; gap: 6px;
}
.auth-back-link:hover { text-decoration: underline; }

.auth-secondary-row {
  margin-top: 18px;
  text-align: center;
  font-size: 12px;
  color: var(--text-2);
}
.auth-secondary-row a {
  color: var(--primary);
  font-weight: 600;
  text-decoration: none;
  margin-left: 6px;
}
.auth-secondary-row a:hover { text-decoration: underline; }

/* Inline confirm match / mismatch (mirrors .field__error) */
.field__ok {
  display: flex; align-items: center; gap: 6px;
  margin-top: 6px;
  font-size: 13px;
  color: var(--st-approved);
}
.field__ok svg { width: 12px; height: 12px; }
.input-group.is-error { border-color: var(--st-rejected); }

/* .field__error / .field__ok set an explicit display, which overrides the UA
   [hidden] rule — restore it so the JS `el.hidden = true` toggles work. */
.field__error[hidden],
.field__ok[hidden] { display: none; }

/* -------------------- Success state -------------------- */
.auth-success__ring {
  width: 56px; height: 56px;
  border-radius: 50%;
  background: var(--st-approved-bg);
  border: 1px solid rgba(19, 122, 63, 0.25);
  display: grid; place-items: center;
  color: var(--st-approved);
  margin: 0 0 20px;
}
.auth-success__cta { margin-top: 4px; }