fix(pres_mgmt): enforce presenter agreement before file upload

presenter_is_authed only checked sign-in state, never .agree, so a
presenter could upload without ever agreeing whenever the admin's
"Require Presenter Agreement" setting was on.

Added presenter_agree_ok (trusted_access || !require__presenter_agree ||
auth__event_presenter_obj.agree) and presenter_can_upload
(presenter_is_authed && presenter_agree_ok) in
presenter/[presenter_id]/+page.svelte, swapped into every place the
upload UI / file-list permissions are gated in both the default and
manage_files alt views. The alt view's public_access identity bypass is
preserved but now also requires presenter_agree_ok.

Added an inline warning message in place of the upload section when
signed in but pending agreement, instead of it silently disappearing.

Marked done in TODO__Agents.md; all three open LCI Pres Mgmt restoration
items are now resolved (2 were already fixed and just needed verifying).

svelte-check: 0 errors, 0 warnings.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

documentation/TODO__Agents.md

@@ -5,7 +5,7 @@
 > **Status:** Stable — ongoing development.
 > **Scope:** Active/open work only. Completed detail lives in archive files.
 
-## 🔴 LCI October — Pres Mgmt Restoration (in progress 2026-06-12)
+## ✅ LCI October — Pres Mgmt Restoration (complete 2026-06-16)
 
 These features regressed over the last 6 months and must be working before the LCI conference.
 Reference commit for original working implementation: `bb993a102`.
@@ -52,18 +52,16 @@ wrong to users.
   session page) reads `presenter_id`/`presentation_id` from the URL and grants presenter-level
   auth via `auth__kv.presenter`/`auth__kv.presentation`, not just session read access.
 
-- [ ] **[Pres Mgmt] Presenter agreement not enforced before file upload** (verified still open,
-  2026-06-16) `presenter_is_authed` in `presenter/[presenter_id]/+page.svelte` — the gate used
-  everywhere the upload UI is shown (`Comp_event_files_upload`, `Element_manage_event_file_li_wrap`)
-  — only checks sign-in state (`auth__kv.presenter`/`auth__kv.session`/person match). It has no
-  dependency on `.agree` at all. `require__presenter_agree` (`pres_mgmt_loc.current`) is read in
-  exactly one place (`presenter_page_menu.svelte`) to decide whether to *show* the Agreed/Not
-  Agreed button — it never blocks anything. A presenter who signs in but has not agreed can still
-  see and use the upload section when this setting is on. Confirmed `ae_comp__event_files_upload.svelte`
-  has no internal agreement check either — there is no enforcement anywhere in the chain.
-  Fix: gate the upload sections (and ideally `allow_basic`/`allow_moderator` on the file list too)
-  on `!pres_mgmt_loc.current.require__presenter_agree || $lq__auth__event_presenter_obj?.agree`
-  in addition to `presenter_is_authed`.
+- [x] **[Pres Mgmt] Presenter agreement not enforced before file upload** (fixed 2026-06-16)
+  `presenter_is_authed` only checked sign-in state, never `.agree`, so a presenter could upload
+  without agreeing whenever `require__presenter_agree` was on. Added a new derived
+  `presenter_agree_ok` (`trusted_access || !require__presenter_agree || auth__event_presenter_obj.agree`)
+  and `presenter_can_upload` (`presenter_is_authed && presenter_agree_ok`) in
+  `presenter/[presenter_id]/+page.svelte`, and swapped it in everywhere the upload UI/file-list
+  permissions are gated (both the default view and the `manage_files` alt view — the latter's
+  `public_access` identity bypass is preserved but still requires `presenter_agree_ok`). Also
+  added an inline warning message in place of the upload section when signed in but pending
+  agreement, instead of it just silently disappearing.
 
 ### Session POC Sign-In