fix: migrate UI to V2 API and fix admin dashboard

Backend fixes:
- Fix markdown generation using correct 'markdown_content' key in tasks.py
- Update admin service to return flat data structure matching frontend types
- Add task_count and failed_tasks fields to user statistics
- Fix top users endpoint to return complete user data

Frontend fixes:
- Migrate ResultsPage from V1 batch API to V2 task API with polling
- Create TaskDetailPage component with markdown preview and download buttons
- Refactor ExportPage to support multi-task selection using V2 download endpoints
- Fix login infinite refresh loop with concurrency control flags
- Create missing Checkbox UI component

New features:
- Add /tasks/:taskId route for task detail view
- Implement multi-task batch export functionality
- Add real-time task status polling (2s interval)

OpenSpec:
- Archive completed proposal 2025-11-17-fix-v2-api-ui-issues
- Create result-export and task-management specifications

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

frontend/src/services/apiV2.ts

@@ -47,6 +47,8 @@ class ApiClientV2 {
   private userInfo: UserInfo | null = null
   private tokenExpiresAt: number | null = null
   private refreshTimer: NodeJS.Timeout | null = null
+  private isRefreshing: boolean = false
+  private refreshFailed: boolean = false
 
   constructor() {
     this.client = axios.create({
@@ -73,21 +75,41 @@ class ApiClientV2 {
       (response) => response,
       async (error: AxiosError<ApiError>) => {
         if (error.response?.status === 401) {
+          // If refresh has already failed, don't try again - just redirect
+          if (this.refreshFailed) {
+            console.warn('Refresh already failed, redirecting to login')
+            this.clearAuth()
+            window.location.href = '/login'
+            return Promise.reject(error)
+          }
+
+          // If already refreshing, reject immediately to prevent retry storm
+          if (this.isRefreshing) {
+            console.warn('Token refresh already in progress, rejecting request')
+            return Promise.reject(error)
+          }
+
           // Token expired or invalid
           const detail = error.response?.data?.detail
           if (detail?.includes('Session expired') || detail?.includes('Invalid session')) {
             console.warn('Session expired, attempting refresh')
-            // Try to refresh token once
+            this.isRefreshing = true
+
             try {
               await this.refreshToken()
-              // Retry the original request
+              this.isRefreshing = false
+
+              // Retry the original request only if refresh succeeded
               if (error.config) {
                 return this.client.request(error.config)
               }
             } catch (refreshError) {
               console.error('Token refresh failed, redirecting to login')
+              this.isRefreshing = false
+              this.refreshFailed = true
               this.clearAuth()
               window.location.href = '/login'
+              return Promise.reject(error)
             }
           } else {
             this.clearAuth()
@@ -126,6 +148,8 @@ class ApiClientV2 {
     this.token = null
     this.userInfo = null
     this.tokenExpiresAt = null
+    this.isRefreshing = false
+    this.refreshFailed = false
 
     // Clear refresh timer
     if (this.refreshTimer) {