feat(api): complete unified v2 mobile surface

backend/core-api/src/routes/core.js

@@ -24,6 +24,12 @@ import {
   retryVerificationJob,
   reviewVerificationJob,
 } from '../services/verification-jobs.js';
+import {
+  deleteCertificate,
+  uploadCertificate,
+  uploadProfilePhoto,
+  uploadStaffDocument,
+} from '../services/mobile-upload.js';
 
 const DEFAULT_MAX_FILE_BYTES = 10 * 1024 * 1024;
 const DEFAULT_MAX_SIGNED_URL_SECONDS = 900;
@@ -56,6 +62,14 @@ const uploadMetaSchema = z.object({
   visibility: z.enum(['public', 'private']).optional(),
 });
 
+const certificateUploadMetaSchema = z.object({
+  certificateType: z.string().min(1).max(120),
+  name: z.string().min(1).max(160),
+  issuer: z.string().max(160).optional(),
+  certificateNumber: z.string().max(160).optional(),
+  expiresAt: z.string().datetime().optional(),
+});
+
 function mockSignedUrl(fileUri, expiresInSeconds) {
   const encoded = encodeURIComponent(fileUri);
   const expiresAt = new Date(Date.now() + expiresInSeconds * 1000).toISOString();
@@ -292,7 +306,7 @@ async function handleCreateVerification(req, res, next) {
       });
     }
 
-    const created = createVerificationJob({
+    const created = await createVerificationJob({
       actorUid: req.actor.uid,
       payload,
     });
@@ -305,10 +319,107 @@ async function handleCreateVerification(req, res, next) {
   }
 }
 
+async function handleProfilePhotoUpload(req, res, next) {
+  try {
+    const file = req.file;
+    if (!file) {
+      throw new AppError('INVALID_FILE', 'Missing file in multipart form data', 400);
+    }
+    const result = await uploadProfilePhoto({
+      actorUid: req.actor.uid,
+      file,
+    });
+    return res.status(200).json({
+      ...result,
+      requestId: req.requestId,
+    });
+  } catch (error) {
+    return next(error);
+  }
+}
+
+async function handleDocumentUpload(req, res, next) {
+  try {
+    const file = req.file;
+    if (!file) {
+      throw new AppError('INVALID_FILE', 'Missing file in multipart form data', 400);
+    }
+    const result = await uploadStaffDocument({
+      actorUid: req.actor.uid,
+      documentId: req.params.documentId,
+      file,
+      routeType: 'document',
+    });
+    return res.status(200).json({
+      ...result,
+      requestId: req.requestId,
+    });
+  } catch (error) {
+    return next(error);
+  }
+}
+
+async function handleAttireUpload(req, res, next) {
+  try {
+    const file = req.file;
+    if (!file) {
+      throw new AppError('INVALID_FILE', 'Missing file in multipart form data', 400);
+    }
+    const result = await uploadStaffDocument({
+      actorUid: req.actor.uid,
+      documentId: req.params.documentId,
+      file,
+      routeType: 'attire',
+    });
+    return res.status(200).json({
+      ...result,
+      requestId: req.requestId,
+    });
+  } catch (error) {
+    return next(error);
+  }
+}
+
+async function handleCertificateUpload(req, res, next) {
+  try {
+    const file = req.file;
+    if (!file) {
+      throw new AppError('INVALID_FILE', 'Missing file in multipart form data', 400);
+    }
+    const payload = parseBody(certificateUploadMetaSchema, req.body || {});
+    const result = await uploadCertificate({
+      actorUid: req.actor.uid,
+      file,
+      payload,
+    });
+    return res.status(200).json({
+      ...result,
+      requestId: req.requestId,
+    });
+  } catch (error) {
+    return next(error);
+  }
+}
+
+async function handleCertificateDelete(req, res, next) {
+  try {
+    const result = await deleteCertificate({
+      actorUid: req.actor.uid,
+      certificateType: req.params.certificateType,
+    });
+    return res.status(200).json({
+      ...result,
+      requestId: req.requestId,
+    });
+  } catch (error) {
+    return next(error);
+  }
+}
+
 async function handleGetVerification(req, res, next) {
   try {
     const verificationId = req.params.verificationId;
-    const job = getVerificationJob(verificationId, req.actor.uid);
+    const job = await getVerificationJob(verificationId, req.actor.uid);
     return res.status(200).json({
       ...job,
       requestId: req.requestId,
@@ -322,7 +433,7 @@ async function handleReviewVerification(req, res, next) {
   try {
     const verificationId = req.params.verificationId;
     const payload = parseBody(reviewVerificationSchema, req.body || {});
-    const updated = reviewVerificationJob(verificationId, req.actor.uid, payload);
+    const updated = await reviewVerificationJob(verificationId, req.actor.uid, payload);
     return res.status(200).json({
       ...updated,
       requestId: req.requestId,
@@ -335,7 +446,7 @@ async function handleReviewVerification(req, res, next) {
 async function handleRetryVerification(req, res, next) {
   try {
     const verificationId = req.params.verificationId;
-    const updated = retryVerificationJob(verificationId, req.actor.uid);
+    const updated = await retryVerificationJob(verificationId, req.actor.uid);
     return res.status(202).json({
       ...updated,
       requestId: req.requestId,
@@ -353,6 +464,11 @@ export function createCoreRouter() {
   router.post('/invoke-llm', requireAuth, requirePolicy('core.invoke-llm', 'model'), handleInvokeLlm);
   router.post('/rapid-orders/transcribe', requireAuth, requirePolicy('core.rapid-order.transcribe', 'model'), handleRapidOrderTranscribe);
   router.post('/rapid-orders/parse', requireAuth, requirePolicy('core.rapid-order.parse', 'model'), handleRapidOrderParse);
+  router.post('/staff/profile/photo', requireAuth, requirePolicy('core.upload', 'file'), upload.single('file'), handleProfilePhotoUpload);
+  router.post('/staff/documents/:documentId/upload', requireAuth, requirePolicy('core.upload', 'file'), upload.single('file'), handleDocumentUpload);
+  router.post('/staff/attire/:documentId/upload', requireAuth, requirePolicy('core.upload', 'file'), upload.single('file'), handleAttireUpload);
+  router.post('/staff/certificates/upload', requireAuth, requirePolicy('core.upload', 'file'), upload.single('file'), handleCertificateUpload);
+  router.delete('/staff/certificates/:certificateType', requireAuth, requirePolicy('core.upload', 'file'), handleCertificateDelete);
   router.post('/verifications', requireAuth, requirePolicy('core.verification.create', 'verification'), handleCreateVerification);
   router.get('/verifications/:verificationId', requireAuth, requirePolicy('core.verification.read', 'verification'), handleGetVerification);
   router.post('/verifications/:verificationId/review', requireAuth, requirePolicy('core.verification.review', 'verification'), handleReviewVerification);

backend/core-api/src/routes/health.js

@@ -1,4 +1,5 @@
 import { Router } from 'express';
+import { checkDatabaseHealth, isDatabaseConfigured } from '../services/db.js';
 
 export const healthRouter = Router();
 
@@ -13,3 +14,31 @@ function healthHandler(req, res) {
 
 healthRouter.get('/health', healthHandler);
 healthRouter.get('/healthz', healthHandler);
+
+healthRouter.get('/readyz', async (req, res) => {
+  if (!isDatabaseConfigured()) {
+    return res.status(503).json({
+      ok: false,
+      service: 'krow-core-api',
+      status: 'DATABASE_NOT_CONFIGURED',
+      requestId: req.requestId,
+    });
+  }
+
+  const healthy = await checkDatabaseHealth().catch(() => false);
+  if (!healthy) {
+    return res.status(503).json({
+      ok: false,
+      service: 'krow-core-api',
+      status: 'DATABASE_UNAVAILABLE',
+      requestId: req.requestId,
+    });
+  }
+
+  return res.status(200).json({
+    ok: true,
+    service: 'krow-core-api',
+    status: 'READY',
+    requestId: req.requestId,
+  });
+});