fix(workflow): ADR-021 code review fixes (8 bugs)

- fix(transmittal): guard duplicate workflow instance on submit()
- fix(workflow-guard): add organizationId to context so Level-2 RBAC works
- fix(circulation): organizationId context passed relation object not INT FK
- fix(transmittal): require Idempotency-Key header on POST submit endpoint
- fix(workflow): userId non-optional in processTransition controller
- fix(circulation): auto-close counts PENDING and IN_PROGRESS tasks
- fix(transmittal): status badge uses workflowState/DRAFT not purpose field
- fix(workflow): log cache invalidation failures instead of swallowing
- fix(workflow): implement getAvailableActions endpoint stub
- fix(i18n): add removeFile key to EN/TH locales

backend/src/modules/workflow-engine/workflow-engine.controller.ts

@@ -116,7 +116,7 @@ export class WorkflowEngineController {
       throw new BadRequestException('Idempotency-Key header is required');
     }
 
-    const userId = req.user?.user_id;
+    const userId = req.user.user_id;
 
     // ตรวจ Redis ว่า Request นี้ถูกส่งมาแล้วหรือไม่ (key ผูกกับ userId ป้องกัน cross-user replay)
     const cacheKey = `idempotency:transition:${idempotencyKey}:${userId}`;
@@ -154,9 +154,18 @@ export class WorkflowEngineController {
   @ApiOperation({
     summary: 'ดึงรายการปุ่ม Action ที่สามารถกดได้ ณ สถานะปัจจุบัน',
   })
-  @RequirePermission('document.view') // ผู้ที่มีสิทธิ์ดูเอกสาร ควรดู Action ได้
-  getAvailableActions(@Param('id') _instanceId: string) {
-    // Note: Logic การดึง Action ตาม Instance ID จะถูก Implement ใน Task ถัดไป
-    return { message: 'Pending implementation in Service layer' };
+  @ApiParam({ name: 'id', description: 'Workflow Instance ID (UUID)' })
+  @RequirePermission('document.view')
+  async getAvailableActions(@Param('id') instanceId: string) {
+    const instance = await this.workflowService.getInstanceById(instanceId);
+    const actions = await this.workflowService.getAvailableActions(
+      instance.definition.workflow_code,
+      instance.currentState
+    );
+    return {
+      instanceId,
+      currentState: instance.currentState,
+      availableActions: actions,
+    };
   }
 }

backend/src/modules/workflow-engine/workflow-engine.service.ts

@@ -387,7 +387,13 @@ export class WorkflowEngineService {
       await queryRunner.commitTransaction();
 
       // ADR-021 T043: Invalidate Workflow History cache หลัง transition สำเร็จ
-      void this.cacheManager.del(`wf:history:${instanceId}`);
+      this.cacheManager
+        .del(`wf:history:${instanceId}`)
+        .catch((e: unknown) =>
+          this.logger.warn(
+            `Cache invalidation failed for wf:history:${instanceId} — stale data may be served. Error: ${e instanceof Error ? e.message : String(e)}`
+          )
+        );
 
       // [NEW] เก็บค่าไว้ Dispatch หลัง Commit
       eventsToDispatch = evaluation.events;