refactor: fix remaining P2 architecture issues

Fix P2-6: proxy.ts now uses Permissions constants instead of hardcoded strings

Fix P2-7: useA11yId file no longer exists (use-aria-live.ts already in hooks/)

Fix P2-8: schema.ts section numbering reordered to continuous 1-24

Fix P2-11: announcements dead code void wasPublished already removed

Fix P2-17: app-sidebar.tsx uses hasRole() instead of permission-based role inference

Fix P2-18: scheduling/actions.ts removes trailing re-export of data-access; 4 pages now import directly from data-access

Sync architecture docs 004 and 005

src/proxy.ts

@@ -2,20 +2,22 @@ import { NextResponse } from "next/server"
 import type { NextRequest } from "next/server"
 import { getToken } from "next-auth/jwt"
 
+import { Permissions } from "@/shared/types/permissions"
+
 // Route prefix → minimum required permission
 // Note: /admin/announcements is covered by /admin prefix (requires school:manage)
 // Note: /announcements is accessible to all authenticated users (no permission entry needed)
 const ROUTE_PERMISSIONS: Record<string, string> = {
-  "/admin": "school:manage",
-  "/teacher": "exam:read",
-  "/student": "homework:submit",
-  "/parent": "exam:read",
-  "/management": "grade:manage",
+  "/admin": Permissions.SCHOOL_MANAGE,
+  "/teacher": Permissions.EXAM_READ,
+  "/student": Permissions.HOMEWORK_SUBMIT,
+  "/parent": Permissions.EXAM_READ,
+  "/management": Permissions.GRADE_MANAGE,
 }
 
 // API route prefix → required permission
 const API_PERMISSIONS: Record<string, string> = {
-  "/api/ai/chat": "ai:chat",
+  "/api/ai/chat": Permissions.AI_CHAT,
 }
 
 function resolveDefaultPath(roles: string[]): string {