fix: mobile nav close button + CI Gatekeeper auth

- Add explicit close (×) button inside mobile nav overlay
  - Was unreachable because header's hamburger was behind overlay z-index
  - New button lives inside the overlay at full z-index visibility
- Fix check-forms.ts: authenticate via Gatekeeper login form
  - Old approach: inject raw password as session cookie (didn't work)
  - New approach: navigate to protected page, detect Gatekeeper gate,
    fill password form and submit to get a real server-signed session cookie
  - Fixes E2E form tests that failed because pages returned Gatekeeper HTML

components/Header.tsx

@@ -352,6 +352,29 @@ export default function Header() {
         ref={mobileMenuRef}
         inert={isMobileMenuOpen ? undefined : true}
       >
+        {/* Close Button inside overlay */}
+        <div className="flex justify-end p-6 pt-8">
+          <button
+            className="touch-target p-2 rounded-xl bg-white/10 border border-white/20 text-white hover:bg-white/20 transition-all duration-300"
+            aria-label={t('toggleMenu')}
+            onClick={() => {
+              setIsMobileMenuOpen(false);
+              trackEvent(AnalyticsEvents.BUTTON_CLICK, {
+                type: 'mobile_menu',
+                action: 'close',
+              });
+            }}
+          >
+            <svg className="w-7 h-7" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path
+                strokeLinecap="round"
+                strokeLinejoin="round"
+                strokeWidth={2}
+                d="M6 18L18 6M6 6l12 12"
+              />
+            </svg>
+          </button>
+        </div>
         <nav className="flex-grow flex flex-col justify-center items-center p-8 space-y-8">
           {menuItems.map((item, idx) => (
             <div

scripts/check-forms.ts

@@ -66,16 +66,29 @@ async function main() {
 
   const page = await browser.newPage();
 
-  // 3. Inject Gatekeeper session bypassing auth screens
+  // 3. Authenticate through Gatekeeper login form
-  console.log(`\n🛡️ Injecting Gatekeeper Session...`);
+  console.log(`\n🛡️ Authenticating through Gatekeeper...`);
-  await page.setCookie({
+  try {
-    name: 'klz_gatekeeper_session',
+    // Navigate to a protected page so Gatekeeper redirects us to the login screen
-    value: gatekeeperPassword,
+    await page.goto(contactUrl, { waitUntil: 'networkidle0', timeout: 30000 });
-    domain: new URL(targetUrl).hostname,
+
-    path: '/',
+    // Check if we landed on the Gatekeeper login page
-    httpOnly: true,
+    const isGatekeeperPage = await page.$('input[name="password"]');
-    secure: targetUrl.startsWith('https://'),
+    if (isGatekeeperPage) {
-  });
+      await page.type('input[name="password"]', gatekeeperPassword);
+      await Promise.all([
+        page.waitForNavigation({ waitUntil: 'networkidle0', timeout: 30000 }),
+        page.click('button[type="submit"]'),
+      ]);
+      console.log(`✅ Gatekeeper authentication successful!`);
+    } else {
+      console.log(`✅ Already authenticated (no Gatekeeper gate detected).`);
+    }
+  } catch (err: any) {
+    console.error(`❌ Gatekeeper authentication failed: ${err.message}`);
+    await browser.close();
+    process.exit(1);
+  }
 
   let hasErrors = false;