========================================
[Sun Feb  8 23:57:31 AEDT 2026] CC VPS triggered by Rivet
========================================

Task:
Fix bug: No email format validation in ABN lookup api/abn-lookup/route.ts:232. Currently sanitizes but doesn't validate email format. Add email regex validation or use a validation library like zod to ensure valid email format before processing.
----------------------------------------

**Fixed** — Added Zod email validation to ABN lookup API at `src/app/api/abn-lookup/route.ts:232-253`.

**Changes:**
- Imported Zod and created `emailSchema` with `.email()` validator and 254 char max
- Email now validated after sanitization using `emailSchema.safeParse()`
- Returns 400 error with clear message if email format is invalid
- Prevents malformed emails from being passed to director verification

**Why:** Sanitization alone doesn't ensure valid email format. Zod validation catches malformed emails before they're processed, preventing potential issues downstream.

Build passed, committed, and pushed to main.

----------------------------------------
[Sun Feb  8 23:58:54 AEDT 2026] Task finished (exit code: 0)
