--- issue: 007 title: "Frontend deleteAccount action calls DELETE /user/profile which has no backend route — account deletion is broken" severity: critical domain: Authentication labels: [bug, frontend, critical, broken-feature] status: open created: 2026-05-29 source: Doc vs Code Audit 2026-05-29 --- # 🔴 Frontend deleteAccount action calls DELETE /user/profile which has no backend route — account deletion is broken **Severity:** critical **Domain:** Authentication **Labels:** bug, frontend, critical, broken-feature ## Description The frontend deleteAccount action in src/actions/account.ts (line 144) calls axiosInstance.delete(endpoints.users.profile) which resolves to DELETE /user/profile. The actual soft-delete route is DELETE /api/auth/account (requires password in body, runs deleteAccountValidation). Account deletion silently returns 404 from every UI path. ## Current Behavior DELETE /user/profile returns 404. Users cannot delete their accounts from the UI. ## Expected Behavior deleteAccount action should call DELETE /api/auth/account with the user's password in the request body. ## Affected Files - `frontend/src/actions/account.ts` - `frontend/src/lib/axios.ts` ## References - [Doc vs Code Audit Report](../09%20-%20Audits/Doc%20vs%20Code%20Audit%20Report%20-%202026-05-29.md)