Refactor API calls to use csrfFetch for enhanced security across multiple views, including loop-monitor, mcp-manager, memory, prompt-history, rules-manager, session-detail, and skills-manager. Additionally, add Phase 1 and Phase 2 documentation for session initialization and orchestration loop in the ccw-loop-b skill.

ccw/frontend/tests/e2e/api-settings.spec.ts

@@ -8,6 +8,24 @@ import { setupEnhancedMonitoring, switchLanguageAndVerify } from './helpers/i18n
 
 test.describe('[API Settings] - CLI Provider Configuration Tests', () => {
   test.beforeEach(async ({ page }) => {
+    // Set up API mocks BEFORE page navigation to prevent 404 errors
+    await page.route('**/api/settings/cli**', (route) => {
+      route.fulfill({
+        status: 200,
+        contentType: 'application/json',
+        body: JSON.stringify({
+          providers: [
+            {
+              id: 'provider-1',
+              name: 'Gemini',
+              endpoint: 'https://api.example.com',
+              enabled: true
+            }
+          ]
+        })
+      });
+    });
+
     await page.goto('/api-settings', { waitUntil: 'networkidle' as const });
   });