Forbid slashes in case numbers

FastAPI path routing can't capture a slash inside a {case_number}
segment — %2F gets decoded before route matching, so any case created
with "1000/0426" becomes permanently unreachable at
GET /api/cases/{case_number}/details. Enforce the hyphen convention
used by existing prod cases (1033-25, 1130-25) at the zod layer so
the wizard rejects the bad shape before submit.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

web-ui/src/lib/schemas/case.ts

@@ -11,9 +11,13 @@
 
 import { z } from "zod";
 
-/* Appeal numbers follow the 1xxx / 8xxx / 9xxx convention from CLAUDE.md —
+/* Appeal numbers follow the 1xxx / 8xxx / 9xxx convention from CLAUDE.md.
- * permissive regex that still catches obvious typos. */
+ * Slashes are deliberately forbidden: FastAPI path routing can't capture
-const caseNumberRe = /^[1-9]\d{3,}(?:[-/][\w\u0590-\u05FF]+)*$/;
+ * a `/` inside a case-number segment even when URL-encoded as %2F, so
+ * any case created with a slash becomes unreachable at
+ * GET /api/cases/{case_number}/details. Existing prod cases use hyphens
+ * (e.g. "1033-25", "1130-25") which is the enforced convention here. */
+const caseNumberRe = /^[1-9]\d{3,}(?:-[\w\u0590-\u05FF]+)*$/;
 
 const hebrewPartyRe = /[\u0590-\u05FFA-Za-z]/;
 
@@ -37,7 +41,7 @@ export const caseCreateSchema = z.object({
     .string()
     .trim()
     .min(1, "שדה חובה")
-    .regex(caseNumberRe, "מספר תיק לא תקין (למשל 1234 או 8001/2026)"),
+    .regex(caseNumberRe, "מספר תיק לא תקין — השתמש במקף, לא בקו נטוי (למשל 1033-25)"),
   title: z.string().trim().min(3, "כותרת קצרה מדי").max(200, "כותרת ארוכה מדי"),
   appellants: z
     .array(z.string().trim().min(1).refine((v) => hebrewPartyRe.test(v), "שם לא תקין"))