CC4: 3-subagent backend hardening done + CRM audit_log fix

Sub1 (commit eb1b49f): 4 v2 listing/discovery endpoints + SQL fix
Sub2: CRM 4 modula PASS (M7 članarine, M8 liječnički, M9 obrasci, dokumenti partial)
Sub3: ERP 4 modula GREEN — racuni/putni/placanja/xlsx, E2E demo flow (7 steps) PASS

Critical fix this commit:
- erp/audit_helper.py (centralni helper za audit_log writer)
- routers/clanarine_router.py: audit hook na POST /clanarine
- routers/lijecnicki_router.py: audit hook na POST /lijecnicki
- routers/obrasci_router.py: audit hook na POST /submissions + /submit

Verify: prije 0 / poslije 1 audit entry za POST /api/crm/clanarine
   "33|create|api|clan=4946 klub=2320 300.0€"

Outstanding (next round):
- /api/v2/dokumenti plain route shadowing with RAG
- /api/v2/dokumenti/upload missing
- SQL alias bug u pgz_sport_v2_router.py:3099

Reports:
  _audit/audit_CC4_FINAL.md  (konsolidirani)
  _audit/audit_CRM_VERIFIED.md
  _audit/audit_ERP_VERIFIED.md
  _audit/audit_ENDPOINTS_ADDED.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

_audit/audit_CC4_FINAL.md

@@ -0,0 +1,56 @@
+# CC4 — 3-Subagent Backend Hardening — FINAL REPORT
+**Date:** 2026-05-05  **Branch:** master  **Worker:** CC4
+
+## Plan
+3 subagenta paralelno (Endpoint Coverage Ext, CRM Complete, ERP Complete) +
+finalna konsolidacija s audit-log fix.
+
+## Subagent 1 — Endpoint Coverage (commit `eb1b49f`)
+- 4 dodana endpointa u `pgz_sport_v2_router.py`:
+  - GET `/api/v2/klubovi` (alias listing)
+  - GET `/api/v2/savezi` (alias listing)
+  - GET `/api/v2/sport`, `/api/v2/sport/` (discovery)
+  - Fix SQL bug u `/api/v2/kategorizirani/list` (kolona alias)
+- Smoke matrix: anon/auth/public 200/200/200
+- Detalji: `_audit/audit_ENDPOINTS_ADDED.md`
+
+## Subagent 2 — CRM Completeness
+- **M7 Članarine:** PASS — GET/POST/PUT, HUB-3 PDF, EPC QR, ZIP bulk uplatnice, /dug
+- **M8 Liječnički:** PASS — full CRUD, ZZJZ termini (65), uskoro-isticu
+- **M9 Obrasci:** PASS — 15 templatea, signed submit (SHA-256), PDF render 45 KB
+- **Dokumenti:** PARTIAL — `/dokumenti/list`, `/by-razina` rade; `/dokumenti` plain → RAG shadow (Bug #1); upload missing (Bug #2)
+- **Bug #3 (KRITIČAN, fixan u finalnoj fazi):** CRM moduli nisu pisali u audit_log → FIXED
+- Demo data: 5 članarina (3 paid, 2 unpaid), 3 liječnička (1 expired, 1 due, 1 ok), 5 demo članova
+- Detalji: `_audit/audit_CRM_VERIFIED.md`
+
+## Subagent 3 — ERP Completeness — VERDICT GREEN
+- **/erp#racuni:** OCR INA gorivo PNG → upload+parse svi field-i, invoice #16 spremljen
+- **/erp#putni:** PN #4 lifecycle PASS — draft→poslan→odobren→isplacen, payment_id=5
+- **/erp#placanja:** invoice PDF 52 KB + putni PDF 10 KB, oba %PDF s EPC QR
+- **/erp#xlsx:** invoices.xlsx 15×17, putni.xlsx 5×19, oba PK valid, openpyxl loadable
+- **E2E demo (7 koraka):** klub_admin OCR+invoice+PN→PGZ admin lista→odobri→XLSX
+- **Audit log delta:** +8 entrija (PN #4: 5, PN #5: 3, invoice #16: 1)
+- **RBAC PASS 4/4:** klub_admin svoj klub, tuđi 403 na CREATE; PGZ jedini /pay
+- Detalji: `_audit/audit_ERP_VERIFIED.md`
+
+## Finalna konsolidacija (CC4 final commit)
+- **Bug #3 fix:** novi `erp/audit_helper.py` + audit hookovi u clanarine_router.py,
+  lijecnicki_router.py, obrasci_router.py (POST create + signed submit)
+- Live verify: prije 0 / poslije 1 audit entry za POST /api/crm/clanarine
+- py_compile clean, service restart clean
+
+## Smoke 5/5 ✓
+- /erp 200, /api/erp/invoices count=13, /api/erp/putni-nalog 200
+- /api/erp/placanja 6 kandidata, /export/{invoices,putni}.xlsx valid
+- CRM audit (post-fix) — 1 nova entry per POST /clanarine
+
+## Files changed
+- `pgz_sport_v2_router.py` (Sub1)
+- `routers/clanarine_router.py`, `routers/lijecnicki_router.py`, `routers/obrasci_router.py` (audit fix)
+- `erp/audit_helper.py` (NEW)
+- `_audit/audit_{ENDPOINTS_ADDED,CRM_VERIFIED,ERP_VERIFIED,CC4_FINAL}.md`
+
+## Outstanding (za sljedeći krug)
+- Bug #1: `/api/v2/dokumenti` plain — route shadowing s RAG
+- Bug #2: `/api/v2/dokumenti/upload` missing
+- Bug #6: SQL `WHERE … AS …` u pgz_sport_v2_router.py:3099 (Sub1 napomena)