feat(#15): fieldsNeedingReentry — close the excludeFields UX gap (v0.3.0)

[mayrang]

Closes #15.

Problem

`excludeFields: ['password']` keeps sensitive values out of storage, which is correct from a security standpoint — but creates a silent UX failure for multi-step wizards. The user fills password in step 1, progresses to step 5, refreshes. `step` is persisted, password is not. They land back at step 5 with an empty password field and click Submit, and the server gets an empty password. Nothing surfaces the gap.

API

```tsx
const draft = useFormDraft({
defaultValues: { email: '', password: '', step: 1 },
excludeFields: ['password'],
// ...
});

return (
<>
{draft.fieldsNeedingReentry.includes('password') && (
보안을 위해 비밀번호를 다시 입력해주세요.
)}
{/* form */}
</>
);
```

Also exposed on:

• `useFormDraftStatus(key).fieldsNeedingReentry` (sibling reader)
• `getFormDraft(key).getFieldsNeedingReentry()` (imperative)
• RHF / Formik / TanStack adapter returns

How it works

• Stored record gains optional `__excludedHad?: string[]` — key names of `excludeFields` whose values were non-default at persist time. Values themselves are never persisted.
• On restore, hint hydrates internal state. `fieldsNeedingReentry` derives per-render: keys that are (a) still in current `excludeFields`, AND (b) currently at default. As the user re-enters a value, it falls out automatically.
• Discard / submit / conflict-resolve-to-remote clear the hint.
• Pre-v0.3 records without `__excludedHad` restore cleanly with an empty list — fully backward compatible. v0.2 readers ignore the unknown field if a v0.3 client writes and the user downgrades.

Audit round (one pass, all findings addressed)

Code review + adversarial audit ran in parallel after the initial implementation. Findings:

ID	Severity	Fix
F1	HIGH	Added notify-effect on `fieldsNeedingReentry` so sibling `useFormDraftStatus` re-renders without waiting for a save/status change
F2	Medium-High	`resolveConflict('remote' | merged)` + LWW remote/merged paths now clear `excludedHadOnRestore`
F4	Medium	Restore filters non-string entries from `__excludedHad` (defends against hand-edited storage / forward-compat issues)
F5	Medium	Migrate path recomputes the hint against migrated values + current defaults; doesn't preserve stale field names after schema rename
F6	Medium	useMemo intersects with current `excludeFields` so a shrunk set doesn't surface ghost entries

Each fix has a regression test.

Tests

• Unit: 216 (was 202; +14 covering happy path, deletion-aware merge, defaults comparison, StrictMode double-mount, F1/F2/F4/F6 regressions)
• e2e: 87 (was 84; new S8 reentry banner across Chromium / Firefox / WebKit)
• Bundle: 5.8 KB brotli (was 5.42; 8 KB CI gate)

Test plan

• `npm run typecheck` — clean
• `npm run lint` — clean
• `npm test` — 216 passing
• `npx playwright test` — 87 passing
• `npm run build` clean
• `npm run size` — 5.8 KB / 8 KB

Migration

Drop-in for v0.2 consumers. No breaking changes. New API is opt-in via reading `draft.fieldsNeedingReentry`.

Bumps `package.json` to 0.3.0.