@knotpad/app 0.1.0 → 0.1.1

package/app/api/tasks/[taskId]/route.tsx

@@ -1,259 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma, getPrimaryDb, isConnectionError } from "@/lib/prisma";
-import { encryptContent, decryptContent } from "@/lib/note-crypto";
-import { getActiveWorkspaceId } from "@/lib/workspace";
-import { getKanbanStatuses } from "@/lib/kanban-status";
-import { parseJson } from "@/lib/api-error";
-import { updateTaskSchema } from "@/lib/validation/task";
-
-export async function PATCH(
-  req: NextRequest,
-  { params }: { params: Promise<{ taskId: string }> }
-) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { taskId } = await params;
-
-  const workspaceId = await getActiveWorkspaceId(session.user.id);
-  if (!workspaceId) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-
-  const db = await getPrimaryDb(workspaceId);
-  const task = await db.task.findFirst({
-    where: { id: taskId, workspaceId },
-  });
-  if (!task) return NextResponse.json({ error: "Not found" }, { status: 404 });
-
-  const parsed = await parseJson(req, updateTaskSchema);
-  if (parsed.response) return parsed.response;
-  const { status, priority, startDate, dueDate, assigneeType, assigneeId } = parsed.data;
-
-  if (status !== undefined) {
-    const kanbanStatuses = await getKanbanStatuses(workspaceId);
-    const validKeys = kanbanStatuses.map((s) => s.key);
-    if (!validKeys.includes(status)) {
-      return NextResponse.json({ error: "Invalid status" }, { status: 400 });
-    }
-  }
-
-  const parsedStartDate =
-    startDate === null ? null : startDate ? new Date(startDate) : undefined;
-  const parsedDueDate =
-    dueDate === null ? null : dueDate ? new Date(dueDate) : undefined;
-
-  const updates: Record<string, unknown> = { version: { increment: 1 } };
-  if (status !== undefined) updates.status = status;
-  if (priority !== undefined) updates.priority = priority;
-  if (parsedStartDate !== undefined) updates.startDate = parsedStartDate;
-  if (parsedDueDate !== undefined) updates.dueDate = parsedDueDate;
-
-  // Assignee changes: when switching to AGENT, clear the human assignee.
-  // When switching to HUMAN, optionally set a specific assignee.
-  if (assigneeType !== undefined) updates.assigneeType = assigneeType;
-  if (assigneeId !== undefined) updates.assigneeId = assigneeId;
-  if (assigneeType === "AGENT") {
-    updates.assigneeId = null;
-  }
-
-  // Releasing a task back to OPEN must clear all agent-claim fields so the
-  // kanban/list views don't keep showing it as claimed.
-  if (status === "OPEN") {
-    updates.claimedBy = null;
-    updates.claimedByAlias = null;
-    updates.claimedAt = null;
-    updates.lastHeartbeat = null;
-  }
-
-  // Fetch note content before the transaction so we can build the updated
-  // content inside it — keeping task + note writes atomic.
-  let noteForSync: { id: string; content: string } | null = null;
-  const needsNoteSync = status !== undefined || parsedStartDate !== undefined || parsedDueDate !== undefined;
-  if (needsNoteSync) {
-    noteForSync = await db.note.findUnique({
-      where: { id: task.noteId },
-      select: { id: true, content: true },
-    });
-  }
-
-  let updated: typeof task;
-  try {
-  [updated] = await db.$transaction(async (tx) => {
-    const updatedTask = await tx.task.update({
-      where: { id: taskId },
-      data: updates,
-    });
-
-    if (status !== undefined) {
-      await tx.auditLog.create({
-        data: {
-          taskId,
-          userId: session.user.id,
-          action: "status_change",
-          detail: `${task.status} → ${status}`,
-        },
-      });
-
-      if (task.assigneeId && task.assigneeId !== session.user.id) {
-        await tx.notification.create({
-          data: {
-            userId: task.assigneeId,
-            type: "task_status",
-            title: `Task "${task.title}" moved to ${status.replace("_", " ").toLowerCase()}`,
-            taskId,
-          },
-        });
-      }
-
-      // Sync note checkbox inside the transaction so task + note are atomic.
-      if (noteForSync) {
-        await syncNoteCheckbox(tx, noteForSync.id, workspaceId, task.title, status, noteForSync.content);
-      }
-    }
-
-    // Sync date annotations in the note when calendar drag updates dates.
-    if ((parsedStartDate !== undefined || parsedDueDate !== undefined) && noteForSync) {
-      const finalStart = parsedStartDate !== undefined ? parsedStartDate : task.startDate;
-      const finalDue   = parsedDueDate   !== undefined ? parsedDueDate   : task.dueDate;
-      await syncNoteDates(tx, noteForSync.id, workspaceId, task.title, finalStart, finalDue, noteForSync.content);
-    }
-
-    return [updatedTask];
-  });
-  } catch (err) {
-    if (isConnectionError(err) && db !== prisma) {
-      // Cloud unreachable — buffer locally
-      if (needsNoteSync) {
-        noteForSync = await prisma.note.findUnique({
-          where: { id: task.noteId },
-          select: { id: true, content: true },
-        });
-      }
-      [updated] = await prisma.$transaction(async (tx) => {
-        const updatedTask = await tx.task.update({ where: { id: taskId }, data: updates });
-        if (status !== undefined) {
-          await tx.auditLog.create({
-            data: { taskId, userId: session.user.id, action: "status_change", detail: `${task.status} → ${status}` },
-          });
-          if (noteForSync) {
-            await syncNoteCheckbox(tx, noteForSync.id, workspaceId, task.title, status, noteForSync.content);
-          }
-        }
-        if ((parsedStartDate !== undefined || parsedDueDate !== undefined) && noteForSync) {
-          const finalStart = parsedStartDate !== undefined ? parsedStartDate : task.startDate;
-          const finalDue   = parsedDueDate   !== undefined ? parsedDueDate   : task.dueDate;
-          await syncNoteDates(tx, noteForSync.id, workspaceId, task.title, finalStart, finalDue, noteForSync.content);
-        }
-        return [updatedTask];
-      });
-      await prisma.task.update({ where: { id: taskId }, data: { pendingSync: true } });
-    } else {
-      throw err;
-    }
-  }
-
-  return NextResponse.json(updated!);
-}
-
-// Runs inside a Prisma transaction — tx is the transaction client.
-async function syncNoteCheckbox(
-  tx: Parameters<Parameters<typeof prisma.$transaction>[0]>[0],
-  noteId: string,
-  workspaceId: string,
-  taskTitle: string,
-  newStatus: string,
-  storedContent: string
-) {
-  const content = await decryptContent(storedContent, workspaceId);
-  const lines = content.split("\n");
-  let changed = false;
-
-  for (let i = 0; i < lines.length; i++) {
-    const taskMatch = /^(\s*)-\s+\[([ x])\]\s+(.+)$/.exec(lines[i]);
-    if (!taskMatch) continue;
-
-    const text = taskMatch[3]
-      .replace(/@[\w-]+/g, "")
-      .replace(/<[^>]+>/g, "")
-      .replace(/\s*<!--task::[^>]*-->/g, "")
-      .trim();
-
-    if (text !== taskTitle) continue;
-
-    // Only flip the checkbox (the editor reads that for done-state). We no longer
-    // append <!--task::STATUS--> comments: nothing reads them and the editor
-    // strips them on load, so writing them only created spurious sync diffs.
-    const stripped = lines[i].replace(/\s*<!--task::[^>]*-->/g, "");
-    const checkbox = newStatus === "DONE" ? "x" : " ";
-    const next = stripped.replace(/\[([ x])\]/, `[${checkbox}]`);
-    if (next !== lines[i]) { lines[i] = next; changed = true; }
-    break;
-  }
-
-  if (changed) {
-    const stored = await encryptContent(lines.join("\n"), workspaceId);
-    await tx.note.update({
-      where: { id: noteId },
-      data: { content: stored, version: { increment: 1 } },
-    });
-  }
-}
-
-// Runs inside a Prisma transaction — updates the date annotation on the task line
-// in the note to reflect what was just saved to Task.startDate / Task.dueDate.
-async function syncNoteDates(
-  tx: Parameters<Parameters<typeof prisma.$transaction>[0]>[0],
-  noteId: string,
-  workspaceId: string,
-  taskTitle: string,
-  finalStart: Date | null,
-  finalDue: Date | null,
-  storedContent: string
-) {
-  const content = await decryptContent(storedContent, workspaceId);
-  const lines = content.split("\n");
-  let changed = false;
-
-  for (let i = 0; i < lines.length; i++) {
-    const taskMatch = /^(\s*)-\s+\[([ x])\]\s+(.+)$/.exec(lines[i]);
-    if (!taskMatch) continue;
-
-    const extractedTitle = taskMatch[3]
-      .replace(/\[\[[^\]]*\]\]/g, "")
-      .replace(/\(\([^)]*\)\)/g, "")
-      .replace(/@[\w-]+/g, "")
-      .replace(/<[^>]+>/g, "")
-      .replace(/(\d{4}-\d{2}-\d{2})\.\.(\d{4}-\d{2}-\d{2})/g, "")
-      .replace(/\d{4}-\d{2}-\d{2}/g, "")
-      .replace(/\s*<!--task::[^>]*-->/g, "")
-      .replace(/\s+/g, " ")
-      .trim();
-
-    if (extractedTitle !== taskTitle) continue;
-
-    // Build the new date string
-    const s = finalStart ? finalStart.toISOString().slice(0, 10) : null;
-    const e = finalDue   ? finalDue.toISOString().slice(0, 10)   : null;
-    let newDateStr = "";
-    if (s && e && s !== e) newDateStr = `${s}..${e}`;
-    else if (e ?? s)       newDateStr = (e ?? s)!;
-
-    // Strip old date annotations from the line, then append the new one
-    const stripped = lines[i]
-      .replace(/\s+(\d{4}-\d{2}-\d{2})\.\.(\d{4}-\d{2}-\d{2})/g, "")
-      .replace(/\s+\d{4}-\d{2}-\d{2}/g, "")
-      .trimEnd();
-    const next = newDateStr ? `${stripped} ${newDateStr}` : stripped;
-
-    if (next !== lines[i]) { lines[i] = next; changed = true; }
-    break;
-  }
-
-  if (changed) {
-    const stored = await encryptContent(lines.join("\n"), workspaceId);
-    await tx.note.update({
-      where: { id: noteId },
-      data: { content: stored, version: { increment: 1 } },
-    });
-  }
-}

package/app/api/tasks/bulk/route.tsx

@@ -1,133 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { getActiveWorkspaceId } from "@/lib/workspace";
-
-/**
- * Bulk update task status
- * POST /api/tasks/bulk
- * Body: { action: "updateStatus", taskIds: string[], status: string }
- */
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const workspaceId = await getActiveWorkspaceId(session.user.id);
-  if (!workspaceId) return NextResponse.json({ error: "No workspace" }, { status: 400 });
-
-  const body = await req.json();
-  const { action, taskIds, status } = body;
-
-  if (!action || !taskIds || !Array.isArray(taskIds) || taskIds.length === 0) {
-    return NextResponse.json({ error: "Invalid request" }, { status: 400 });
-  }
-
-  // Validate all tasks belong to workspace
-  const tasks = await prisma.task.findMany({
-    where: { id: { in: taskIds }, workspaceId },
-    select: { id: true, status: true },
-  });
-
-  if (tasks.length !== taskIds.length) {
-    return NextResponse.json({ error: "Some tasks not found" }, { status: 404 });
-  }
-
-  try {
-    switch (action) {
-      case "updateStatus":
-        if (!status) return NextResponse.json({ error: "status required" }, { status: 400 });
-        
-        await prisma.$transaction(async (tx) => {
-          // Update all tasks
-          await tx.task.updateMany({
-            where: { id: { in: taskIds }, workspaceId },
-            data: { status, version: { increment: 1 } },
-          });
-
-          // Create audit logs
-          const auditLogs = tasks.map((task) => ({
-            taskId: task.id,
-            userId: session.user.id,
-            action: "status_change",
-            detail: `${task.status} → ${status} (bulk)`,
-          }));
-
-          await tx.auditLog.createMany({ data: auditLogs });
-        });
-
-        return NextResponse.json({ 
-          ok: true, 
-          action, 
-          count: taskIds.length,
-          message: `${taskIds.length} tasks updated to ${status}` 
-        });
-
-      case "delete":
-        await prisma.$transaction(async (tx) => {
-          // Delete related records first
-          await tx.auditLog.deleteMany({ where: { taskId: { in: taskIds } } });
-          await tx.taskReference.deleteMany({ where: { taskId: { in: taskIds } } });
-          
-          // Delete tasks
-          await tx.task.deleteMany({
-            where: { id: { in: taskIds }, workspaceId },
-          });
-        });
-
-        return NextResponse.json({ 
-          ok: true, 
-          action, 
-          count: taskIds.length,
-          message: `${taskIds.length} tasks deleted` 
-        });
-
-      default:
-        return NextResponse.json({ error: `Unknown action: ${action}` }, { status: 400 });
-    }
-  } catch (error) {
-    console.error("Bulk action failed:", error);
-    return NextResponse.json({ error: "Bulk action failed" }, { status: 500 });
-  }
-}
-
-/**
- * Bulk update due date
- * PATCH /api/tasks/bulk
- * Body: { taskIds: string[], dueDate: string | null }
- */
-export async function PATCH(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const workspaceId = await getActiveWorkspaceId(session.user.id);
-  if (!workspaceId) return NextResponse.json({ error: "No workspace" }, { status: 400 });
-
-  const { taskIds, dueDate } = await req.json();
-
-  if (!taskIds || !Array.isArray(taskIds) || taskIds.length === 0) {
-    return NextResponse.json({ error: "taskIds required" }, { status: 400 });
-  }
-
-  // Validate all tasks belong to workspace
-  const taskCount = await prisma.task.count({
-    where: { id: { in: taskIds }, workspaceId },
-  });
-
-  if (taskCount !== taskIds.length) {
-    return NextResponse.json({ error: "Some tasks not found" }, { status: 404 });
-  }
-
-  await prisma.task.updateMany({
-    where: { id: { in: taskIds }, workspaceId },
-    data: { 
-      dueDate: dueDate ? new Date(dueDate) : null,
-      version: { increment: 1 }
-    },
-  });
-
-  return NextResponse.json({ 
-    ok: true, 
-    count: taskIds.length,
-    message: `${taskIds.length} tasks due date updated` 
-  });
-}

package/app/api/tasks/route.tsx

@@ -1,36 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { getPrimaryDb } from "@/lib/prisma";
-import { getActiveWorkspaceId } from "@/lib/workspace";
-
-export async function GET(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const workspaceId = await getActiveWorkspaceId(session.user.id);
-  if (!workspaceId) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-
-  const { searchParams } = new URL(req.url);
-  const limitRaw = parseInt(searchParams.get("limit") ?? "500");
-  const limit = Math.min(Math.max(1, isNaN(limitRaw) ? 500 : limitRaw), 500);
-  const noteId = searchParams.get("noteId") ?? undefined;
-  // Exclude DONE tasks by default when fetching for pickers (e.g. ?picker=1)
-  const pickerMode = searchParams.get("picker") === "1";
-
-  const db = await getPrimaryDb(workspaceId);
-  const tasks = await db.task.findMany({
-    where: {
-      workspaceId,
-      ...(noteId && { noteId }),
-      ...(pickerMode && { status: { not: "DONE" } }),
-    },
-    orderBy: { createdAt: "desc" },
-    take: limit,
-    include: {
-      note: { select: { id: true, title: true } },
-      assignee: { select: { id: true, name: true, email: true } },
-    },
-  });
-
-  return NextResponse.json(tasks);
-}

package/app/api/workspace/active/route.tsx

@@ -1,39 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { ACTIVE_WS_COOKIE } from "@/lib/workspace";
-import { isWorkspacePro } from "@/lib/license";
-
-const IS_CLOUD = process.env.IS_CLOUD === "true";
-
-/**
- * POST /api/workspace/active  Body: { workspaceId }
- * Sets the caller's active workspace (validated against membership).
- */
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { workspaceId } = await req.json().catch(() => ({}));
-  if (!workspaceId) return NextResponse.json({ error: "workspaceId required" }, { status: 400 });
-
-  const member = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id, workspaceId, revokedAt: null },
-    select: { id: true, workspace: { select: { planType: true, licenseType: true } } },
-  });
-  if (!member) return NextResponse.json({ error: "Not a member of that workspace" }, { status: 403 });
-
-  // On web/PWA, FREE workspaces are never selectable as the active workspace.
-  if (IS_CLOUD && !isWorkspacePro(member.workspace)) {
-    return NextResponse.json({ error: "Upgrade required" }, { status: 403 });
-  }
-
-  const res = NextResponse.json({ ok: true, workspaceId });
-  res.cookies.set(ACTIVE_WS_COOKIE, workspaceId, {
-    httpOnly: true,
-    sameSite: "lax",
-    path: "/",
-    maxAge: 60 * 60 * 24 * 365,
-  });
-  return res;
-}

package/app/api/workspace/create-team/route.tsx

@@ -1,42 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { seedDefaultKanbanStatuses } from "@/lib/kanban-status";
-
-/**
- * POST /api/workspace/create-team
- *
- * Creates a new TEAM workspace owned by the caller.
- * The workspace starts as FREE + TEAM type — the caller is then redirected to
- * the billing checkout (plan=team) to activate Team Pro.
- *
- * Body: { name: string }
- */
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { name } = await req.json().catch(() => ({}));
-  if (!name?.trim()) return NextResponse.json({ error: "Workspace name required" }, { status: 400 });
-
-  const slug =
-    name.toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "") +
-    "-" +
-    Date.now();
-
-  const workspace = await prisma.workspace.create({
-    data: {
-      name: name.trim(),
-      slug,
-      type: "TEAM",
-      planType: "FREE",
-      isCloud: false,
-      isPro: false,
-      members: { create: { userId: session.user.id, role: "OWNER" } },
-    },
-  });
-
-  await seedDefaultKanbanStatuses(workspace.id);
-
-  return NextResponse.json({ workspaceId: workspace.id, slug: workspace.slug }, { status: 201 });
-}

package/app/api/workspace/kanban-statuses/route.tsx

@@ -1,71 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { getActiveWorkspaceId } from "@/lib/workspace";
-import { getKanbanStatuses } from "@/lib/kanban-status";
-
-export async function GET() {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const workspaceId = await getActiveWorkspaceId(session.user.id);
-  if (!workspaceId) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-
-  const statuses = await getKanbanStatuses(workspaceId);
-  return NextResponse.json(statuses);
-}
-
-export async function PUT(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const workspaceId = await getActiveWorkspaceId(session.user.id);
-  if (!workspaceId) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-
-  const member = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id, workspaceId },
-  });
-  if (!member || member.role === "MEMBER") {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-  }
-
-  const body = await req.json();
-  const statuses = body.statuses;
-  if (!Array.isArray(statuses)) {
-    return NextResponse.json({ error: "statuses array required" }, { status: 400 });
-  }
-
-  for (const s of statuses) {
-    if (typeof s.key !== "string" || !s.key.trim()) {
-      return NextResponse.json({ error: "Each status must have a key" }, { status: 400 });
-    }
-    if (typeof s.label !== "string" || !s.label.trim()) {
-      return NextResponse.json({ error: "Each status must have a label" }, { status: 400 });
-    }
-    if (typeof s.color !== "string" || !s.color.trim()) {
-      return NextResponse.json({ error: "Each status must have a color" }, { status: 400 });
-    }
-    if (typeof s.order !== "number") {
-      return NextResponse.json({ error: "Each status must have an order number" }, { status: 400 });
-    }
-    if (typeof s.isVisible !== "boolean") {
-      return NextResponse.json({ error: "Each status must have isVisible boolean" }, { status: 400 });
-    }
-  }
-
-  await prisma.$transaction(async (tx) => {
-    await tx.kanbanStatus.deleteMany({ where: { workspaceId } });
-    await tx.kanbanStatus.createMany({
-      data: statuses.map((s) => ({
-        workspaceId,
-        key: s.key.trim(),
-        label: s.label.trim(),
-        color: s.color.trim(),
-        order: s.order,
-        isVisible: s.isVisible,
-      })),
-    });
-  });
-
-  return NextResponse.json({ ok: true });
-}

package/app/api/workspace/members/[memberId]/route.tsx

@@ -1,69 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { stripe } from "@/lib/stripe";
-
-export async function DELETE(
-  _req: NextRequest,
-  { params }: { params: Promise<{ memberId: string }> }
-) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { memberId } = await params;
-
-  const target = await prisma.workspaceMember.findFirst({
-    where: { id: memberId },
-  });
-  if (!target) return NextResponse.json({ error: "Not found" }, { status: 404 });
-
-  const actorMember = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id, workspaceId: target.workspaceId, revokedAt: null },
-    include: { workspace: true },
-  });
-  if (!actorMember || actorMember.role === "MEMBER") {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-  }
-  if (target.role === "OWNER") return NextResponse.json({ error: "Cannot remove owner" }, { status: 403 });
-  if (target.revokedAt) return NextResponse.json({ error: "Already removed" }, { status: 409 });
-
-  const workspace = actorMember.workspace;
-
-  await prisma.$transaction(async (tx) => {
-    // Soft delete — preserve the audit trail
-    await tx.workspaceMember.update({
-      where: { id: memberId },
-      data: { revokedAt: new Date() },
-    });
-
-    // Revoke all active MCP tokens for this user in this workspace
-    await tx.mcpToken.updateMany({
-      where: { userId: target.userId, workspaceId: workspace.id, revokedAt: null },
-      data: { revokedAt: new Date() },
-    });
-  });
-
-  // Decrement Stripe seat quantity (non-fatal if it fails)
-  if (workspace.stripeSubId) {
-    try {
-      const sub = await stripe.subscriptions.retrieve(workspace.stripeSubId);
-      const item = sub.items.data[0];
-      if (item && (item.quantity ?? 1) > 2) {
-        // Never go below 2 (Team Pro minimum)
-        const newQuantity = (item.quantity ?? 2) - 1;
-        await stripe.subscriptionItems.update(item.id, {
-          quantity: newQuantity,
-          proration_behavior: "none", // no credit — billed through end of period
-        });
-        await prisma.workspace.update({
-          where: { id: workspace.id },
-          data: { seatCount: newQuantity },
-        });
-      }
-    } catch {
-      // Non-fatal: seat count will reconcile on next Stripe webhook.
-    }
-  }
-
-  return NextResponse.json({ ok: true });
-}

package/app/api/workspace/route.tsx

@@ -1,24 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-
-export async function PATCH(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const member = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id },
-  });
-  if (!member) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-  if (member.role === "MEMBER") return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-
-  const { name } = await req.json();
-  if (!name?.trim()) return NextResponse.json({ error: "Name required" }, { status: 400 });
-
-  const workspace = await prisma.workspace.update({
-    where: { id: member.workspaceId },
-    data: { name: name.trim() },
-  });
-
-  return NextResponse.json(workspace);
-}