test(e2e): expand coverage and harden cross-file isolation

New specs (4):
- accept-invite: pre-registrant flow happy path + cadence/preset UX
- admin-pre-registrants: list, filter, action gating, redirect
- admin-series: list, create, edit (delete skipped — button no-ops)
- admin-site-content: list whitelist, edit + roundtrip on /

Extended specs (6):
- join-flow: cadence ×12 math, guidance label, paid-tier success
- events: series-pass-required, member-savings gating
- admin-events: full CRUD via /admin/events/create?edit=<id>
- admin-members: add-member submit, status select, detail nav
- a11y: add /accept-invite, /member/account, /board, /admin/pre-registrants
- wave-slack-onboarding: 9 of 16 scaffold tests now passing

Cross-file isolation hardening:
- admin-events CRUD: refresh auth cookie (auth.spec.js logout test
  bumps tokenVersion on the shared admin), wait for hydration
  before form fill, search by unique title to dodge pagination.
- board: switch memberPage from shared admin to dedicated seeded
  member to avoid the same tokenVersion race.
- wave-slack §6.4: create dedicated test member, filter by email
  before clicking, removing the "first row" anchor.

Also fixed board heading drift ("Board" → "Bulletin Board").

e2e/join-flow.spec.js

@@ -104,6 +104,104 @@ test.describe('Join page — member signup flow', () => {
     ).toBeVisible({ timeout: 15000 })
   })
 
+  test('cadence toggle updates billing summary to annual ×12', async ({ page }) => {
+    await page.goto('/join')
+    await page.waitForLoadState('networkidle')
+
+    await page.locator('#join-contribution').fill('10')
+    await page.locator('label[for="cadence-annual"]').click()
+
+    const summary = page.locator('.billing-summary')
+    await expect(summary).toBeVisible()
+    await expect(summary).toContainText('$120 today')
+    await expect(summary).toContainText('$10/month × 12')
+    await expect(summary).toContainText('$120 every year')
+
+    await page.locator('label[for="cadence-monthly"]').click()
+    await expect(summary).toContainText('$10 today')
+    await expect(summary).toContainText('$10 every month')
+  })
+
+  test('contribution guidance label changes with amount tier', async ({ page }) => {
+    await page.goto('/join')
+    await page.waitForLoadState('networkidle')
+
+    const guidance = page.locator('.contribution-guidance')
+
+    await page.locator('#join-contribution').fill('5')
+    await expect(guidance).toHaveText(/I can contribute/)
+
+    await page.locator('#join-contribution').fill('30')
+    await expect(guidance).toHaveText(/I can support others too/)
+  })
+
+  test('paid tier flow reaches success state with HelcimPay stubbed', async ({ page }) => {
+    const uniqueEmail = `test-e2e-paid-${Date.now()}@example.com`
+
+    // Stub HelcimPay window globals before the page loads so the composable's
+    // script-load path is bypassed and we resolve verifyPayment synchronously.
+    await page.addInitScript(() => {
+      window.appendHelcimPayIframe = (checkoutToken) => {
+        const eventName = 'helcim-pay-js-' + checkoutToken
+        setTimeout(() => {
+          window.postMessage({
+            eventName,
+            eventStatus: 'SUCCESS',
+            eventMessage: JSON.stringify({
+              data: {
+                data: {
+                  transactionId: 'stub-txn-1',
+                  cardToken: 'stub-card-token-1',
+                  cardNumber: '4111111111111234',
+                  cardType: 'visa'
+                }
+              }
+            })
+          }, '*')
+        }, 50)
+      }
+      window.removeHelcimPayIframe = () => {}
+    })
+
+    await page.goto('/join')
+    await page.waitForLoadState('networkidle')
+
+    await mockHelcimAPIs(page)
+
+    await page.route('**/api/helcim/initialize-payment', async (route) => {
+      return route.fulfill({
+        status: 200,
+        contentType: 'application/json',
+        body: JSON.stringify({
+          success: true,
+          checkoutToken: 'stub-checkout-token',
+          secretToken: 'stub-secret-token'
+        })
+      })
+    })
+
+    await page.route('**/api/helcim/verify-payment', async (route) => {
+      return route.fulfill({
+        status: 200,
+        contentType: 'application/json',
+        body: JSON.stringify({ success: true })
+      })
+    })
+
+    await page.locator('#join-name').fill('Paid E2E User')
+    await page.locator('#join-email').fill(uniqueEmail)
+    await page.locator('#circle-community').check({ force: true })
+    await page.locator('#join-contribution').fill('15')
+    await page.getByRole('checkbox', { name: /Community Guidelines/ }).check()
+
+    await expect(page.locator('.form-submit')).toBeEnabled()
+    await page.locator('.form-submit').click()
+
+    await expect(
+      page.getByRole('heading', { name: 'Welcome to Ghost Guild!' })
+    ).toBeVisible({ timeout: 15000 })
+  })
+
   test('duplicate email shows error', async ({ page }) => {
     const duplicateEmail = `test-e2e-dup-${Date.now()}@example.com`