src/app/api/v1/companies/%5Bid%5D/notes/route.ts

import { NextResponse } from 'next/server';

import { withAuth, withPermission } from '@/lib/api/helpers';
import { parseBody } from '@/lib/api/route-helpers';
import { createAuditLog } from '@/lib/audit';
import { errorResponse, NotFoundError } from '@/lib/errors';
import { createNoteSchema } from '@/lib/validators/notes';
import * as notesService from '@/lib/services/notes.service';

export const GET = withAuth(
  withPermission('companies', 'view', async (req, ctx, params) => {
    try {
      const companyId = params.id;
      if (!companyId) throw new NotFoundError('Company');
      const aggregate = new URL(req.url).searchParams.get('aggregate') === 'true';
      const notes = aggregate
        ? await notesService.listForCompanyAggregated(ctx.portId, companyId)
        : await notesService.listForEntity(ctx.portId, 'companies', companyId);
      return NextResponse.json({ data: notes });
    } catch (error) {
      return errorResponse(error);
    }
  }),
);

export const POST = withAuth(
  withPermission('companies', 'edit', async (req, ctx, params) => {
    try {
      const companyId = params.id;
      if (!companyId) throw new NotFoundError('Company');
      const body = await parseBody(req, createNoteSchema);
      const note = await notesService.create(ctx.portId, 'companies', companyId, ctx.userId, body);

      void createAuditLog({
        userId: ctx.userId,
        portId: ctx.portId,
        action: 'create',
        entityType: 'company_note',
        entityId: note.id,
        metadata: { companyId },
        ipAddress: ctx.ipAddress,
        userAgent: ctx.userAgent,
      });

      return NextResponse.json({ data: note }, { status: 201 });
    } catch (error) {
      return errorResponse(error);
    }
  }),
);
feat(platform): residential module + admin UI + reliability fixes Residential platform - New schema: residentialClients, residentialInterests (separate from marina/yacht clients) with migration 0010 - Service layer with CRUD + audit + sockets + per-port portal toggle - v1 + public API routes (/api/v1/residential/*, /api/public/residential-inquiries) - List + detail pages with inline editing for clients and interests - Per-user residentialAccess toggle on userPortRoles (migration 0011) - Permission keys: residential_clients, residential_interests - Sidebar nav + role form integration - Smoke spec covering page loads, UI create flow, public endpoint Admin & shared UI - Admin → Forms (form templates CRUD) with validators + service - Notification preferences page (in-app + email per type) - Email composition + accounts list + threads view - Branded auth shell shared across CRM + portal auth surfaces - Inline editing extended to yacht/company/interest detail pages - InlineTagEditor + per-entity tags endpoints (yachts, companies) - Notes service polymorphic across clients/interests/yachts/companies - Client list columns: yachtCount + companyCount badges - Reservation file-download via presigned URL (replaces stale <a href>) Route handler refactor - Extracted yachts/companies/berths reservation handlers to sibling handlers.ts files (Next.js 15 route.ts only allows specific exports) Reliability fixes - apiFetch double-stringify bug fixed across 13 components (apiFetch already JSON.stringifies its body; passing a stringified body produced double-encoded JSON which failed zod validation) - SocketProvider gated behind useSyncExternalStore-based mount check to avoid useSession() SSR crashes under React 19 + Next 15 - apiFetch falls back to URL-pathname → port-id resolution when the Zustand store hasn't hydrated yet (fresh contexts, e2e tests) - CRM invite flow (schema, service, route, email, dev script) - Dashboard route → [portSlug]/dashboard/page.tsx + redirect - Document the dev-server restart-after-migration gotcha in CLAUDE.md Tests - 5-case residential smoke spec - Integration test updates for new service signatures Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-27 21:54:32 +02:00			`import { NextResponse } from 'next/server';`

			`import { withAuth, withPermission } from '@/lib/api/helpers';`
			`import { parseBody } from '@/lib/api/route-helpers';`
			`import { createAuditLog } from '@/lib/audit';`
			`import { errorResponse, NotFoundError } from '@/lib/errors';`
			`import { createNoteSchema } from '@/lib/validators/notes';`
			`import * as notesService from '@/lib/services/notes.service';`

			`export const GET = withAuth(`
feat(notes): aggregate-on-read for yachts, companies, residential clients Extends the listForClientAggregated pattern to three new symmetric helpers in notes.service so the Notes tab on yacht / company / residential-client detail pages surfaces the full timeline (own notes + related-entity notes) instead of just rows on the entity itself. - listForYachtAggregated: yacht own + owner client (when ownership is polymorphic 'client') + linked interest notes. - listForCompanyAggregated: company own + company-owned yacht notes + interests linked to those yachts. - listForResidentialClientAggregated: own + residential interests. Generalises NotesList so aggregate=true works for all four entity types via SELF_SOURCE / AGGREGATABLE / SOURCE_BADGE_CLASS / SOURCE_LABEL maps; cross-source notes render with a coloured chip and are read-only (rep edits on the source entity's page so the right timeline records the change). Wires ?aggregate=true into the yacht / company / residential-client notes routes; the yacht / company / residential-client tabs now pass aggregate. Drops the legacy single-textarea spots on the companies overview tab and the residential-interest "Initial brief" row in favour of the threaded feed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-09 18:36:05 +02:00			`withPermission('companies', 'view', async (req, ctx, params) => {`
feat(platform): residential module + admin UI + reliability fixes Residential platform - New schema: residentialClients, residentialInterests (separate from marina/yacht clients) with migration 0010 - Service layer with CRUD + audit + sockets + per-port portal toggle - v1 + public API routes (/api/v1/residential/*, /api/public/residential-inquiries) - List + detail pages with inline editing for clients and interests - Per-user residentialAccess toggle on userPortRoles (migration 0011) - Permission keys: residential_clients, residential_interests - Sidebar nav + role form integration - Smoke spec covering page loads, UI create flow, public endpoint Admin & shared UI - Admin → Forms (form templates CRUD) with validators + service - Notification preferences page (in-app + email per type) - Email composition + accounts list + threads view - Branded auth shell shared across CRM + portal auth surfaces - Inline editing extended to yacht/company/interest detail pages - InlineTagEditor + per-entity tags endpoints (yachts, companies) - Notes service polymorphic across clients/interests/yachts/companies - Client list columns: yachtCount + companyCount badges - Reservation file-download via presigned URL (replaces stale <a href>) Route handler refactor - Extracted yachts/companies/berths reservation handlers to sibling handlers.ts files (Next.js 15 route.ts only allows specific exports) Reliability fixes - apiFetch double-stringify bug fixed across 13 components (apiFetch already JSON.stringifies its body; passing a stringified body produced double-encoded JSON which failed zod validation) - SocketProvider gated behind useSyncExternalStore-based mount check to avoid useSession() SSR crashes under React 19 + Next 15 - apiFetch falls back to URL-pathname → port-id resolution when the Zustand store hasn't hydrated yet (fresh contexts, e2e tests) - CRM invite flow (schema, service, route, email, dev script) - Dashboard route → [portSlug]/dashboard/page.tsx + redirect - Document the dev-server restart-after-migration gotcha in CLAUDE.md Tests - 5-case residential smoke spec - Integration test updates for new service signatures Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-27 21:54:32 +02:00			`try {`
			`const companyId = params.id;`
			`if (!companyId) throw new NotFoundError('Company');`
feat(notes): aggregate-on-read for yachts, companies, residential clients Extends the listForClientAggregated pattern to three new symmetric helpers in notes.service so the Notes tab on yacht / company / residential-client detail pages surfaces the full timeline (own notes + related-entity notes) instead of just rows on the entity itself. - listForYachtAggregated: yacht own + owner client (when ownership is polymorphic 'client') + linked interest notes. - listForCompanyAggregated: company own + company-owned yacht notes + interests linked to those yachts. - listForResidentialClientAggregated: own + residential interests. Generalises NotesList so aggregate=true works for all four entity types via SELF_SOURCE / AGGREGATABLE / SOURCE_BADGE_CLASS / SOURCE_LABEL maps; cross-source notes render with a coloured chip and are read-only (rep edits on the source entity's page so the right timeline records the change). Wires ?aggregate=true into the yacht / company / residential-client notes routes; the yacht / company / residential-client tabs now pass aggregate. Drops the legacy single-textarea spots on the companies overview tab and the residential-interest "Initial brief" row in favour of the threaded feed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-09 18:36:05 +02:00			`const aggregate = new URL(req.url).searchParams.get('aggregate') === 'true';`
			`const notes = aggregate`
			`? await notesService.listForCompanyAggregated(ctx.portId, companyId)`
			`: await notesService.listForEntity(ctx.portId, 'companies', companyId);`
feat(platform): residential module + admin UI + reliability fixes Residential platform - New schema: residentialClients, residentialInterests (separate from marina/yacht clients) with migration 0010 - Service layer with CRUD + audit + sockets + per-port portal toggle - v1 + public API routes (/api/v1/residential/*, /api/public/residential-inquiries) - List + detail pages with inline editing for clients and interests - Per-user residentialAccess toggle on userPortRoles (migration 0011) - Permission keys: residential_clients, residential_interests - Sidebar nav + role form integration - Smoke spec covering page loads, UI create flow, public endpoint Admin & shared UI - Admin → Forms (form templates CRUD) with validators + service - Notification preferences page (in-app + email per type) - Email composition + accounts list + threads view - Branded auth shell shared across CRM + portal auth surfaces - Inline editing extended to yacht/company/interest detail pages - InlineTagEditor + per-entity tags endpoints (yachts, companies) - Notes service polymorphic across clients/interests/yachts/companies - Client list columns: yachtCount + companyCount badges - Reservation file-download via presigned URL (replaces stale <a href>) Route handler refactor - Extracted yachts/companies/berths reservation handlers to sibling handlers.ts files (Next.js 15 route.ts only allows specific exports) Reliability fixes - apiFetch double-stringify bug fixed across 13 components (apiFetch already JSON.stringifies its body; passing a stringified body produced double-encoded JSON which failed zod validation) - SocketProvider gated behind useSyncExternalStore-based mount check to avoid useSession() SSR crashes under React 19 + Next 15 - apiFetch falls back to URL-pathname → port-id resolution when the Zustand store hasn't hydrated yet (fresh contexts, e2e tests) - CRM invite flow (schema, service, route, email, dev script) - Dashboard route → [portSlug]/dashboard/page.tsx + redirect - Document the dev-server restart-after-migration gotcha in CLAUDE.md Tests - 5-case residential smoke spec - Integration test updates for new service signatures Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-27 21:54:32 +02:00			`return NextResponse.json({ data: notes });`
			`} catch (error) {`
			`return errorResponse(error);`
			`}`
			`}),`
			`);`

			`export const POST = withAuth(`
			`withPermission('companies', 'edit', async (req, ctx, params) => {`
			`try {`
			`const companyId = params.id;`
			`if (!companyId) throw new NotFoundError('Company');`
			`const body = await parseBody(req, createNoteSchema);`
			`const note = await notesService.create(ctx.portId, 'companies', companyId, ctx.userId, body);`

			`void createAuditLog({`
			`userId: ctx.userId,`
			`portId: ctx.portId,`
			`action: 'create',`
			`entityType: 'company_note',`
			`entityId: note.id,`
			`metadata: { companyId },`
			`ipAddress: ctx.ipAddress,`
			`userAgent: ctx.userAgent,`
			`});`

			`return NextResponse.json({ data: note }, { status: 201 });`
			`} catch (error) {`
			`return errorResponse(error);`
			`}`
			`}),`
			`);`