Add server routes for companies, approvals, costs, and dashboard

New routes: companies, approvals, costs, dashboard, authz. New services: companies, approvals, costs, dashboard, heartbeat, activity-log. Add auth middleware and structured error handling. Expand existing agent and issue routes with richer CRUD operations. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 09:07:27 -06:00
parent 8c830eae70
commit abadd469bc
29 changed files with 2151 additions and 98 deletions
--- a/server/src/routes/companies.ts
+++ b/server/src/routes/companies.ts
@@ -0,0 +1,82 @@
+import { Router } from "express";
+import type { Db } from "@paperclip/db";
+import { createCompanySchema, updateCompanySchema } from "@paperclip/shared";
+import { validate } from "../middleware/validate.js";
+import { companyService, logActivity } from "../services/index.js";
+import { assertBoard } from "./authz.js";
+
+export function companyRoutes(db: Db) {
+  const router = Router();
+  const svc = companyService(db);
+
+  router.get("/", async (_req, res) => {
+    const result = await svc.list();
+    res.json(result);
+  });
+
+  router.get("/:companyId", async (req, res) => {
+    const companyId = req.params.companyId as string;
+    const company = await svc.getById(companyId);
+    if (!company) {
+      res.status(404).json({ error: "Company not found" });
+      return;
+    }
+    res.json(company);
+  });
+
+  router.post("/", validate(createCompanySchema), async (req, res) => {
+    assertBoard(req);
+    const company = await svc.create(req.body);
+    await logActivity(db, {
+      companyId: company.id,
+      actorType: "user",
+      actorId: req.actor.userId ?? "board",
+      action: "company.created",
+      entityType: "company",
+      entityId: company.id,
+      details: { name: company.name },
+    });
+    res.status(201).json(company);
+  });
+
+  router.patch("/:companyId", validate(updateCompanySchema), async (req, res) => {
+    assertBoard(req);
+    const companyId = req.params.companyId as string;
+    const company = await svc.update(companyId, req.body);
+    if (!company) {
+      res.status(404).json({ error: "Company not found" });
+      return;
+    }
+    await logActivity(db, {
+      companyId,
+      actorType: "user",
+      actorId: req.actor.userId ?? "board",
+      action: "company.updated",
+      entityType: "company",
+      entityId: companyId,
+      details: req.body,
+    });
+    res.json(company);
+  });
+
+  router.post("/:companyId/archive", async (req, res) => {
+    assertBoard(req);
+    const companyId = req.params.companyId as string;
+    const company = await svc.archive(companyId);
+    if (!company) {
+      res.status(404).json({ error: "Company not found" });
+      return;
+    }
+    await logActivity(db, {
+      companyId,
+      actorType: "user",
+      actorId: req.actor.userId ?? "board",
+      action: "company.archived",
+      entityType: "company",
+      entityId: companyId,
+    });
+    res.json(company);
+  });
+
+  return router;
+}