Merge branch 'dev' into 592-migrate-frontend-applications-to-v2-backend-and-database

docs/BACKEND/API_GUIDES/V2/README.md

@@ -2,37 +2,70 @@
 
 This is the frontend-facing source of truth for the v2 backend.
 
-If you are building against the new backend, start here.
+## 1) Use one base URL
 
-## 1) Which service to use
+Frontend should call one public gateway:
 
-| Use case | Service |
-| --- | --- |
-| File upload, signed URLs, model calls, rapid order helpers, verification flows | `core-api-v2` |
-| Business writes and workflow actions | `command-api-v2` |
-| Screen reads for the implemented v2 views | `query-api-v2` |
+```env
+API_V2_BASE_URL=https://krow-api-v2-933560802882.us-central1.run.app
+```
 
-## 2) Live dev base URLs
+Frontend should not call the internal `core`, `command`, or `query` Cloud Run services directly.
 
-- Core API: `https://krow-core-api-v2-e3g6witsvq-uc.a.run.app`
-- Command API: `https://krow-command-api-v2-e3g6witsvq-uc.a.run.app`
-- Query API: `https://krow-query-api-v2-e3g6witsvq-uc.a.run.app`
+## 2) Current status
+
+The unified v2 gateway is ready for frontend integration in `dev`.
+
+What was validated live against the deployed stack:
+
+- client sign-in
+- staff auth bootstrap
+- client dashboard, billing, coverage, hubs, vendors, managers, team members, orders, and reports
+- client hub and order write flows
+- client invoice approve and dispute
+- staff dashboard, availability, payments, shifts, profile sections, documents, certificates, attire, bank accounts, benefits, and time card
+- staff availability, profile, tax form, bank account, shift apply, shift accept, clock-in, clock-out, and swap request
+- direct file upload helpers and verification job creation through the unified host
+- client and staff sign-out
+
+The live validation command is:
+
+```bash
+source ~/.nvm/nvm.sh
+nvm use 23.5.0
+node backend/unified-api/scripts/live-smoke-v2-unified.mjs
+```
+
+The demo tenant can be reset with:
+
+```bash
+source ~/.nvm/nvm.sh
+nvm use 23.5.0
+cd backend/command-api
+npm run seed:v2-demo
+```
 
 ## 3) Auth and headers
 
-All protected routes require:
+Protected routes require:
 
 ```http
 Authorization: Bearer <firebase-id-token>
 ```
 
-All command routes also require:
+Write routes also require:
 
 ```http
 Idempotency-Key: <unique-per-user-action>
 ```
 
-All services return the same error envelope:
+For now:
+
+- backend wraps sign-in and sign-out
+- frontend can keep using Firebase token refresh on the client
+- backend is the only thing frontend should call for session-oriented API flows
+
+All routes return the same error envelope:
 
 ```json
 {
@@ -43,78 +76,40 @@ All services return the same error envelope:
 }
 ```
 
-## 4) What frontend can use now
+## 4) Route model
 
-### Ready now
+Frontend sees one base URL and one route shape:
 
-- `core-api-v2`
-  - upload file
-  - create signed URL
-  - invoke model
-  - rapid order transcribe
-  - rapid order parse
-  - create verification
-  - get verification
-  - review verification
-  - retry verification
-- `command-api-v2`
-  - create order
-  - update order
-  - cancel order
-  - assign staff to shift
-  - accept shift
-  - change shift status
-  - clock in
-  - clock out
-  - favorite and unfavorite staff
-  - create staff review
-- `query-api-v2`
-  - order list
-  - order detail
-  - favorite staff list
-  - staff review summary
-  - assignment attendance detail
+- `/auth/*`
+- `/client/*`
+- `/staff/*`
+- direct upload aliases like `/upload-file` and `/staff/profile/*`
 
-### Do not move yet
+Internally, the gateway still forwards to:
 
-- reports
-- payments and finance screens
-- undocumented dashboard reads
-- undocumented scheduling reads and writes
-- any flow that assumes verification history is durable in SQL
+| Frontend use case | Internal service |
+| --- | --- |
+| auth/session wrapper | `krow-api-v2` |
+| uploads, signed URLs, model calls, verification workflows | `core-api-v2` |
+| writes and workflow actions | `command-api-v2` |
+| reads and mobile read models | `query-api-v2` |
 
-## 5) Important caveat
+## 5) Frontend integration rule
 
-`core-api-v2` is usable now, but verification job state is not yet persisted to `krow-sql-v2`.
+Use the unified routes first.
 
-What is durable today:
-- uploaded files in Google Cloud Storage
-- generated signed URLs
-- model invocation itself
+Do not build new frontend work on:
 
-What is not yet durable:
-- verification job history
-- verification review history
-- verification event history
+- `/query/tenants/*`
+- `/commands/*`
+- `/core/*`
 
-That means frontend can integrate with verification routes now, but should not treat them as mission-critical durable state yet.
+Those routes still exist for backend/internal compatibility, but mobile/frontend migration should target the unified surface documented in [Unified API](./unified-api.md).
 
-## 6) Recommended frontend environment variables
-
-```env
-CORE_API_V2_BASE_URL=https://krow-core-api-v2-e3g6witsvq-uc.a.run.app
-COMMAND_API_V2_BASE_URL=https://krow-command-api-v2-e3g6witsvq-uc.a.run.app
-QUERY_API_V2_BASE_URL=https://krow-query-api-v2-e3g6witsvq-uc.a.run.app
-```
-
-## 7) Service docs
+## 6) Docs
 
+- [Unified API](./unified-api.md)
 - [Core API](./core-api.md)
 - [Command API](./command-api.md)
 - [Query API](./query-api.md)
-
-## 8) Frontend integration rule
-
-Do not point screens directly at database access just because a route does not exist yet.
-
-If a screen is missing from the docs, the next step is to define the route contract and add it to `query-api-v2` or `command-api-v2`.
+- [Mobile API Reconciliation](./mobile-api-gap-analysis.md)

docs/BACKEND/API_GUIDES/V2/mobile-api-gap-analysis.md

@@ -0,0 +1,45 @@
+# Mobile API Reconciliation
+
+Source compared against implementation:
+
+- `mobile-backend-api-specification.md`
+
+## Result
+
+The current mobile v2 surface is implemented behind the unified gateway and validated live in `dev`.
+
+That includes:
+
+- auth session routes
+- client dashboard, billing, coverage, hubs, vendor lookup, managers, team members, orders, and reports
+- client order, hub, coverage review, and invoice write flows
+- staff dashboard, availability, payments, shifts, profile sections, documents, attire, certificates, bank accounts, benefits, privacy, and frequently asked questions
+- staff availability, tax forms, emergency contacts, bank account, shift decision, clock-in/out, and swap write flows
+- upload and verification flows for profile photo, government document, attire, and certificates
+
+## What was validated live
+
+The live smoke executed successfully against:
+
+- `https://krow-api-v2-933560802882.us-central1.run.app`
+- Firebase demo users
+- `krow-sql-v2`
+- `krow-core-api-v2`
+- `krow-command-api-v2`
+- `krow-query-api-v2`
+
+The validation script is:
+
+```bash
+node backend/unified-api/scripts/live-smoke-v2-unified.mjs
+```
+
+## Remaining work
+
+The remaining items are not blockers for current mobile frontend migration.
+
+They are follow-up items:
+
+- extend the same unified pattern to new screens added after the current mobile specification
+- add stronger observability and contract automation around the unified route surface
+- keep refining reporting and financial read models as product scope expands

docs/BACKEND/API_GUIDES/V2/unified-api.md

@@ -0,0 +1,168 @@
+# Unified API V2
+
+Frontend should use this service as the single base URL:
+
+- `https://krow-api-v2-933560802882.us-central1.run.app`
+
+The gateway keeps backend services separate internally, but frontend should treat it as one API.
+
+## 1) Auth routes
+
+### Client auth
+
+- `POST /auth/client/sign-in`
+- `POST /auth/client/sign-up`
+- `POST /auth/client/sign-out`
+
+### Staff auth
+
+- `POST /auth/staff/phone/start`
+- `POST /auth/staff/phone/verify`
+- `POST /auth/staff/sign-out`
+
+### Shared auth
+
+- `GET /auth/session`
+- `POST /auth/sign-out`
+
+## 2) Client routes
+
+### Client reads
+
+- `GET /client/session`
+- `GET /client/dashboard`
+- `GET /client/reorders`
+- `GET /client/billing/accounts`
+- `GET /client/billing/invoices/pending`
+- `GET /client/billing/invoices/history`
+- `GET /client/billing/current-bill`
+- `GET /client/billing/savings`
+- `GET /client/billing/spend-breakdown`
+- `GET /client/coverage`
+- `GET /client/coverage/stats`
+- `GET /client/coverage/core-team`
+- `GET /client/hubs`
+- `GET /client/cost-centers`
+- `GET /client/vendors`
+- `GET /client/vendors/:vendorId/roles`
+- `GET /client/hubs/:hubId/managers`
+- `GET /client/team-members`
+- `GET /client/orders/view`
+- `GET /client/orders/:orderId/reorder-preview`
+- `GET /client/reports/summary`
+- `GET /client/reports/daily-ops`
+- `GET /client/reports/spend`
+- `GET /client/reports/coverage`
+- `GET /client/reports/forecast`
+- `GET /client/reports/performance`
+- `GET /client/reports/no-show`
+
+### Client writes
+
+- `POST /client/orders/one-time`
+- `POST /client/orders/recurring`
+- `POST /client/orders/permanent`
+- `POST /client/orders/:orderId/edit`
+- `POST /client/orders/:orderId/cancel`
+- `POST /client/hubs`
+- `PUT /client/hubs/:hubId`
+- `DELETE /client/hubs/:hubId`
+- `POST /client/hubs/:hubId/assign-nfc`
+- `POST /client/hubs/:hubId/managers`
+- `POST /client/billing/invoices/:invoiceId/approve`
+- `POST /client/billing/invoices/:invoiceId/dispute`
+- `POST /client/coverage/reviews`
+- `POST /client/coverage/late-workers/:assignmentId/cancel`
+
+## 3) Staff routes
+
+### Staff reads
+
+- `GET /staff/session`
+- `GET /staff/dashboard`
+- `GET /staff/profile-completion`
+- `GET /staff/availability`
+- `GET /staff/clock-in/shifts/today`
+- `GET /staff/clock-in/status`
+- `GET /staff/payments/summary`
+- `GET /staff/payments/history`
+- `GET /staff/payments/chart`
+- `GET /staff/shifts/assigned`
+- `GET /staff/shifts/open`
+- `GET /staff/shifts/pending`
+- `GET /staff/shifts/cancelled`
+- `GET /staff/shifts/completed`
+- `GET /staff/shifts/:shiftId`
+- `GET /staff/profile/sections`
+- `GET /staff/profile/personal-info`
+- `GET /staff/profile/industries`
+- `GET /staff/profile/skills`
+- `GET /staff/profile/documents`
+- `GET /staff/profile/attire`
+- `GET /staff/profile/tax-forms`
+- `GET /staff/profile/emergency-contacts`
+- `GET /staff/profile/certificates`
+- `GET /staff/profile/bank-accounts`
+- `GET /staff/profile/benefits`
+- `GET /staff/profile/time-card`
+- `GET /staff/profile/privacy`
+- `GET /staff/faqs`
+- `GET /staff/faqs/search`
+
+### Staff writes
+
+- `POST /staff/profile/setup`
+- `POST /staff/clock-in`
+- `POST /staff/clock-out`
+- `PUT /staff/availability`
+- `POST /staff/availability/quick-set`
+- `POST /staff/shifts/:shiftId/apply`
+- `POST /staff/shifts/:shiftId/accept`
+- `POST /staff/shifts/:shiftId/decline`
+- `POST /staff/shifts/:shiftId/request-swap`
+- `PUT /staff/profile/personal-info`
+- `PUT /staff/profile/experience`
+- `PUT /staff/profile/locations`
+- `POST /staff/profile/emergency-contacts`
+- `PUT /staff/profile/emergency-contacts/:contactId`
+- `PUT /staff/profile/tax-forms/:formType`
+- `POST /staff/profile/tax-forms/:formType/submit`
+- `POST /staff/profile/bank-accounts`
+- `PUT /staff/profile/privacy`
+
+## 4) Upload and verification routes
+
+These are exposed as direct unified aliases even though they are backed by `core-api-v2`.
+
+### Generic core aliases
+
+- `POST /upload-file`
+- `POST /create-signed-url`
+- `POST /invoke-llm`
+- `POST /rapid-orders/transcribe`
+- `POST /rapid-orders/parse`
+- `POST /verifications`
+- `GET /verifications/:verificationId`
+- `POST /verifications/:verificationId/review`
+- `POST /verifications/:verificationId/retry`
+
+### Staff upload aliases
+
+- `POST /staff/profile/photo`
+- `POST /staff/profile/documents/:documentId/upload`
+- `POST /staff/profile/attire/:documentId/upload`
+- `POST /staff/profile/certificates`
+- `DELETE /staff/profile/certificates/:certificateId`
+
+## 5) Notes that matter for frontend
+
+- `roleId` on `POST /staff/shifts/:shiftId/apply` is the concrete `shift_roles.id` for that shift, not the catalog role definition id.
+- `accountType` on `POST /staff/profile/bank-accounts` accepts either lowercase or uppercase and is normalized by the backend.
+- File upload routes return a storage path plus a signed URL. Frontend uploads the file directly to storage using that URL.
+- Verification routes are durable in the v2 backend and were validated live through document, attire, and certificate upload flows.
+
+## 6) Why this shape
+
+- frontend gets one host
+- backend keeps reads, writes, and service helpers separated
+- routing can change internally later without forcing frontend rewrites