--- issue: 007 title: "Frontend deleteAccount action calls DELETE /user/profile which has no backend route — account deletion is broken" severity: critical domain: Authentication status: resolved resolved: 2026-05-29 fix: "Updated deleteAccount in account.ts to call DELETE /auth/account (endpoints.auth.deleteAccount) — the route that exists in authRoutes.ts. Added deleteAccount entry to endpoints.auth in axios.ts." labels: [bug, frontend, critical, broken-feature] status: open created: 2026-05-29 source: Doc vs Code Audit 2026-05-29 --- # 🔴 Frontend deleteAccount action calls DELETE /user/profile which has no backend route — account deletion is broken **Severity:** critical **Domain:** Authentication **Labels:** bug, frontend, critical, broken-feature ## Description The frontend deleteAccount action in src/actions/account.ts (line 144) calls axiosInstance.delete(endpoints.users.profile) which resolves to DELETE /user/profile. The actual soft-delete route is DELETE /api/auth/account (requires password in body, runs deleteAccountValidation). Account deletion silently returns 404 from every UI path. ## Current Behavior DELETE /user/profile returns 404. Users cannot delete their accounts from the UI. ## Expected Behavior deleteAccount action should call DELETE /api/auth/account with the user's password in the request body. ## Affected Files - `frontend/src/actions/account.ts` - `frontend/src/lib/axios.ts` ## References - [Doc vs Code Audit Report](../09%20-%20Audits/Doc%20vs%20Code%20Audit%20Report%20-%202026-05-29.md)