Implement two-layer CAPTCHA bypass

src/hooks/useAdminSettings.ts

@@ -78,6 +78,12 @@ export function useAdminSettings() {
     return settings?.filter(s => s.category === category) || [];
   };
 
+  const getCaptchaBypassEnabled = (): boolean => {
+    const value = getSettingValue('auth.captcha_bypass_enabled', 'false');
+    const cleanValue = typeof value === 'string' ? value.replace(/"/g, '') : value;
+    return cleanValue === 'true' || cleanValue === true;
+  };
+
   const updateSetting = async (key: string, value: any) => {
     return updateSettingMutation.mutateAsync({ key, value });
   };
@@ -179,5 +185,6 @@ export function useAdminSettings() {
     getAutoRefreshStrategy,
     getPreserveInteractionState,
     getUseRealtimeQueue,
+    getCaptchaBypassEnabled,
   };
 }

src/hooks/useCaptchaBypass.ts

@@ -0,0 +1,34 @@
+import { useEffect } from 'react';
+import { useAdminSettings } from './useAdminSettings';
+
+export function useCaptchaBypass() {
+  const { getSettingValue } = useAdminSettings();
+  
+  // Layer 1: Check if environment allows bypass
+  const environmentAllowsBypass = import.meta.env.VITE_ALLOW_CAPTCHA_BYPASS === 'true';
+  
+  // Layer 2: Check if admin has enabled bypass
+  const adminEnabledBypass = getSettingValue('auth.captcha_bypass_enabled', false) === true || 
+                             getSettingValue('auth.captcha_bypass_enabled', false) === 'true';
+  
+  // Both layers must allow bypass
+  const bypassEnabled = environmentAllowsBypass && adminEnabledBypass;
+  
+  // Log warning if bypass is active
+  useEffect(() => {
+    if (bypassEnabled && typeof window !== 'undefined') {
+      console.warn(
+        '⚠️ CAPTCHA BYPASS IS ACTIVE\n' +
+        'This should only be enabled in development/preview environments.\n' +
+        'Verify VITE_ALLOW_CAPTCHA_BYPASS=false in production!'
+      );
+    }
+  }, [bypassEnabled]);
+  
+  return {
+    bypassEnabled,
+    requireCaptcha: !bypassEnabled,
+    environmentAllowsBypass,
+    adminEnabledBypass
+  };
+}