fix: await logout before navigating, prevent cancelled fetch

- Logout is now async — awaits sidecar /auth/logout before clearing tokens
- confirmSignOut awaits logout() before navigate('/login')
- 5 second timeout on logout fetch to prevent indefinite hang
- Added console.warn on logout failure

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/components/layout/sidebar.tsx

@@ -132,9 +132,9 @@ export const Sidebar = ({ activeUrl = "/" }: SidebarProps) => {
         setLogoutOpen(true);
     };
 
-    const confirmSignOut = () => {
+    const confirmSignOut = async () => {
         setLogoutOpen(false);
-        logout();
+        await logout();
         navigate('/login');
     };
 

src/providers/auth-provider.tsx

@@ -95,15 +95,20 @@ export const AuthProvider = ({ children }: AuthProviderProps) => {
         setIsAuthenticated(true);
     }, []);
 
-    const logout = useCallback(() => {
-        // Notify sidecar to unlock Redis session + Ozonetel logout
+    const logout = useCallback(async () => {
+        // Notify sidecar to unlock Redis session + Ozonetel logout — await before clearing tokens
         const token = localStorage.getItem('helix_access_token');
         if (token) {
             const apiUrl = import.meta.env.VITE_API_URL ?? 'http://localhost:4100';
-            fetch(`${apiUrl}/auth/logout`, {
-                method: 'POST',
-                headers: { Authorization: `Bearer ${token}` },
-            }).catch(() => {});
+            try {
+                await fetch(`${apiUrl}/auth/logout`, {
+                    method: 'POST',
+                    headers: { Authorization: `Bearer ${token}` },
+                    signal: AbortSignal.timeout(5000),
+                });
+            } catch (err) {
+                console.warn('Logout cleanup failed:', err);
+            }
         }
 
         setUser(DEFAULT_USER);