Notifications empty-state "Find people" button links to /users which is not a public route (404 for normal members)

Area: Account & identity (audit phase 1) · Surface: /notifications (NotificationController@index) empty state · Dimension: law-2-nav-orphans · Severity: major

A normal user who reaches the empty notifications state and clicks "Find people" is sent to /users, which does not resolve to any page they can reach — it 404s (or 403s if the router falls through to the admin route). The correct destination is /members (the member directory) — the same page other surfaces link to.

Evidence

platform/templates/partials/notifications.php L86: <a href="/users" class="btn btn--outline btn--sm">Find people</a>
In platform/src/routes.php the only /users routes are L176 `$router->get('/users', 'Api\V1\UsersController@index')` (inside the `/api/v1` group → actual path /api/v1/users, bearer-token API) and L1588 `$router->get('/users', 'AdminUserController@index')` (inside the `/admin` group at L1479 guarded by AuthMiddleware+AdminMiddleware → actual path /admin/users, 403 for non-admins). There is no public `/users` page. The real member directory is L577 `$router->get('/members', 'MemberDirectoryController@index')`.

Suggested fix. Change href="/users" to href="/members" on platform/templates/partials/notifications.php:86 (matches the member-directory route at routes.php:577).

Filed by the automated tenant-app audit (phase 1) and adversarially evidence-verified. Status: verified. Open — not yet actioned.