Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): add M5 coverage controls and frontend spec

Browse Source
This commit is contained in:
zouantchaw
2026-03-18 08:18:50 +01:00
parent 008dd7efb1
commit 32f6cd55c8
14 changed files with 894 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
docs/BACKEND/API_GUIDES/V2/unified-api.md
View File

@@ -44,6 +44,7 @@ Full auth behavior, including staff phone flow and refresh rules, is documented
- `GET /client/coverage/stats`
- `GET /client/coverage/core-team`
- `GET /client/coverage/incidents`
- `GET /client/coverage/blocked-staff`
- `GET /client/hubs`
- `GET /client/cost-centers`
- `GET /client/vendors`
@@ -69,6 +70,7 @@ Full auth behavior, including staff phone flow and refresh rules, is documented
- `POST /client/orders/permanent`
- `POST /client/orders/:orderId/edit`
- `POST /client/orders/:orderId/cancel`
- `POST /client/shift-managers`
- `POST /client/hubs`
- `PUT /client/hubs/:hubId`
- `DELETE /client/hubs/:hubId`
@@ -79,6 +81,33 @@ Full auth behavior, including staff phone flow and refresh rules, is documented
- `POST /client/coverage/reviews`
- `POST /client/coverage/late-workers/:assignmentId/cancel`
Coverage-review request payload may also send:
```json
{
"assignmentId": "uuid",
"rating": 2,
"comment": "Worker left the shift early without approval",
"markAsBlocked": true
}
```
If `markAsBlocked` is `true`, backend adds that staff member to the business-level blocked list and future apply or assign attempts are rejected until a later review sends `markAsBlocked: false`.
Shift-manager creation example:
```json
{
"firstName": "Nora",
"lastName": "Lead",
"email": "nora.lead@example.com",
"phone": "+15550001234",
"hubId": "uuid"
}
```
The manager is created as an invited business membership. If `hubId` is present, backend also links the manager to that hub.
## 3) Staff routes
### Staff reads
@@ -109,6 +138,7 @@ Full auth behavior, including staff phone flow and refresh rules, is documented
- `GET /staff/profile/certificates`
- `GET /staff/profile/bank-accounts`
- `GET /staff/profile/benefits`
- `GET /staff/profile/benefits/history`
- `GET /staff/profile/time-card`
- `GET /staff/profile/privacy`
- `GET /staff/faqs`
@@ -197,6 +227,7 @@ These are exposed as direct unified aliases even though they are backed by `core
- `accountType` on `POST /staff/profile/bank-accounts` accepts either lowercase or uppercase and is normalized by the backend.
- Document routes now return only document rows. They do not mix in attire items anymore.
- Tax-form data should come from `GET /staff/profile/tax-forms`, not `GET /staff/profile/documents`.
- Staff benefit activity should come from `GET /staff/profile/benefits/history`; the summary card should keep using `GET /staff/profile/benefits`.
- File upload routes return a storage path plus a signed URL. Frontend uploads the file directly to storage using that URL.
- The frontend upload contract for documents, attire, and certificates is:
1. `POST /upload-file`
@@ -224,6 +255,7 @@ These are exposed as direct unified aliases even though they are backed by `core
- send `overrideReason` only when the worker is bypassing a geofence failure and the shift/hub allows overrides
- `POST /staff/location-streams` is for the background tracking loop after a worker is already clocked in.
- `GET /client/coverage/incidents` is the review feed for geofence breaches, missing-location batches, and clock-in overrides.
- `GET /client/coverage/blocked-staff` is the review feed for workers currently blocked by that business.
- `POST /client/coverage/late-workers/:assignmentId/cancel` is the client-side recovery action when lateness is confirmed by incident evidence or elapsed grace time.
- Raw location stream payloads are stored in the private v2 bucket; SQL only stores the summary and incident index.
- Push delivery is backed by: