npm - @nexttylabs/echo - Versions diffs - 0.4.0 → 0.6.0 - Mend

@nexttylabs/echo 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

package/CHANGELOG.md +27 -0
package/app/(dashboard)/admin/feedback/[id]/edit/page.tsx +12 -6
package/app/(dashboard)/admin/feedback/new/page.tsx +19 -17
package/app/(dashboard)/admin/layout.tsx +16 -6
package/app/(dashboard)/layout.tsx +4 -2
package/app/(dashboard)/settings/api-keys/page.tsx +13 -3
package/app/(dashboard)/settings/layout.tsx +25 -2
package/app/(dashboard)/settings/organization/page.tsx +8 -9
package/app/(public)/[organizationSlug]/roadmap/page.tsx +19 -1
package/app/api/admin/backup/route.ts +22 -4
package/app/api/auth/register/handler.ts +1 -2
package/app/api/feedback/[id]/comments/[commentId]/route.ts +13 -4
package/app/api/feedback/[id]/reclassify/route.ts +4 -4
package/app/api/organizations/handler.ts +2 -4
package/components/settings/settings-sidebar.tsx +4 -4
package/hooks/use-organization.tsx +116 -0
package/hooks/use-permissions.ts +24 -11
package/lib/auth/config.ts +0 -7
package/lib/auth/organization.ts +20 -0
package/lib/auth/permissions.ts +10 -0
package/lib/db/migrations/0000_needy_leech.sql +335 -0
package/lib/db/migrations/meta/0000_snapshot.json +2186 -1
package/lib/db/migrations/meta/_journal.json +2 -135
package/lib/db/schema/auth.ts +0 -1
package/lib/db/schema/index.ts +0 -1
package/lib/portal/public-context.tsx +5 -0
package/package.json +20 -1
package/.changeset/README.md +0 -21
package/.changeset/config.json +0 -11
package/.changeset/cozy-ghosts-care.md +0 -5
package/.changeset/sharp-lines-stand.md +0 -5
package/.changeset/sour-doodles-eat.md +0 -5
package/.changeset/tender-moose-shop.md +0 -5
package/.github/pull_request_template.md +0 -13
package/.github/workflows/ci.yml +0 -41
package/.github/workflows/publish.yml +0 -44
package/.github/workflows/release.yml +0 -73
package/AGENTS.md +0 -92
package/Dockerfile +0 -57
package/Makefile +0 -77
package/bun.lock +0 -2503
package/components/portal/project-switcher.tsx +0 -20
package/docker-compose.dev.yml +0 -26
package/docker-compose.yml +0 -98
package/docs/architecture.md +0 -259
package/docs/component-inventory.md +0 -261
package/docs/database-migrations.md +0 -76
package/docs/development-guide.md +0 -209
package/docs/e2e-user-flows.csv +0 -31
package/docs/er-diagram-feedback.mmd +0 -138
package/docs/er-diagram.mmd +0 -281
package/docs/i18n-check-report.md +0 -296
package/docs/index.md +0 -214
package/docs/logic-chain.md +0 -94
package/docs/plans/2026-01-02-database-migration-scripts.md +0 -496
package/docs/plans/2026-01-02-user-login-design.md +0 -37
package/docs/plans/2026-01-02-user-login.md +0 -437
package/docs/plans/2026-01-02-user-registration-design.md +0 -47
package/docs/plans/2026-01-02-user-registration.md +0 -628
package/docs/plans/2026-01-03-roles-permissions-design.md +0 -20
package/docs/plans/2026-01-03-roles-permissions.md +0 -266
package/docs/plans/2026-01-05-authentication-middleware.md +0 -207
package/docs/plans/2026-01-05-member-removal.md +0 -186
package/docs/plans/2026-01-05-organization-creation.md +0 -374
package/docs/plans/2026-01-05-rbac-middleware.md +0 -112
package/docs/plans/2026-01-05-role-configuration.md +0 -441
package/docs/plans/2026-01-06-file-upload-support.md +0 -804
package/docs/plans/2026-01-06-permission-check-hook.md +0 -155
package/docs/plans/2026-01-06-resource-ownership-check.md +0 -231
package/docs/plans/2026-01-07-feedback-tracking-link.md +0 -459
package/docs/plans/2026-01-09-logout-redirect-design.md +0 -52
package/docs/plans/2026-01-09-phase2-3-plan.md +0 -654
package/docs/plans/2026-01-09-portal-execution-plan.md +0 -408
package/docs/plans/2026-01-09-project-delete-feature-design.md +0 -163
package/docs/plans/2026-01-09-project-delete-implementation.md +0 -451
package/docs/plans/2026-01-09-project-edit-delete-design.md +0 -52
package/docs/plans/2026-01-09-settings-center-design.md +0 -114
package/docs/plans/2026-01-09-settings-center.md +0 -948
package/docs/plans/2026-01-10-organization-only-design.md +0 -66
package/docs/plans/2026-01-10-organization-only-implementation.md +0 -433
package/docs/plans/2026-01-10-portal-settings-restructure-plan.md +0 -18
package/docs/plans/2026-01-10-project-settings-tabs-design-implementation.md +0 -296
package/docs/plans/2026-01-14-e2e-playwright-feedback.md +0 -173
package/docs/plans/2026-01-15-feedback-management-org-context-design.md +0 -82
package/docs/plans/2026-01-15-feedback-management-org-context-implementation-plan.md +0 -521
package/docs/plans/2026-01-16-admin-feedback-filters-design.md +0 -75
package/docs/plans/2026-01-16-admin-feedback-filters-implementation.md +0 -293
package/docs/plans/2026-01-16-admin-feedback-route-consolidation.md +0 -180
package/docs/plans/2026-01-16-e2e-test-fixes.md +0 -158
package/docs/plans/2026-01-17-admin-feedback-filters.md +0 -214
package/docs/plans/2026-01-17-admin-feedback-improvements.md +0 -453
package/docs/plans/2026-01-18-changesets-design.md +0 -40
package/docs/product_changes.md +0 -37
package/docs/project-overview.md +0 -159
package/docs/project-scan-report.json +0 -104
package/docs/route-role-visibility.md +0 -51
package/docs/source-tree-analysis.md +0 -150
package/docs/testing/delete-project-manual-tests.md +0 -18
package/docs/user-story-tracking.md +0 -191
package/eslint.config.mjs +0 -19
package/lib/db/migrations/.gitkeep +0 -0
package/lib/db/migrations/0000_cynical_gladiator.sql +0 -53
package/lib/db/migrations/0001_wandering_sunfire.sql +0 -27
package/lib/db/migrations/0002_shallow_speedball.sql +0 -1
package/lib/db/migrations/0003_add_org_description.sql +0 -1
package/lib/db/migrations/0003_boring_wild_pack.sql +0 -13
package/lib/db/migrations/0004_windy_tyrannus.sql +0 -27
package/lib/db/migrations/0005_perpetual_doorman.sql +0 -5
package/lib/db/migrations/0006_aberrant_captain_midlands.sql +0 -13
package/lib/db/migrations/0007_clever_captain_cross.sql +0 -14
package/lib/db/migrations/0008_sparkling_pandemic.sql +0 -2
package/lib/db/migrations/0009_happy_black_tom.sql +0 -29
package/lib/db/migrations/0010_kind_junta.sql +0 -8
package/lib/db/migrations/0011_mute_squadron_supreme.sql +0 -25
package/lib/db/migrations/0012_giant_power_man.sql +0 -24
package/lib/db/migrations/0013_damp_titanium_man.sql +0 -17
package/lib/db/migrations/0014_blue_alice.sql +0 -18
package/lib/db/migrations/0015_webhook_tables.sql +0 -41
package/lib/db/migrations/0016_github_integration.sql +0 -30
package/lib/db/migrations/0016_overjoyed_ghost_rider.sql +0 -22
package/lib/db/migrations/0017_slimy_inhumans.sql +0 -6
package/lib/db/migrations/0018_same_spitfire.sql +0 -1
package/lib/db/migrations/0019_jittery_loners.sql +0 -16
package/lib/db/migrations/0019_remove_projects_add_org_settings.sql +0 -14
package/lib/db/migrations/meta/0001_snapshot.json +0 -553
package/lib/db/migrations/meta/0002_snapshot.json +0 -560
package/lib/db/migrations/meta/0003_snapshot.json +0 -650
package/lib/db/migrations/meta/0004_snapshot.json +0 -852
package/lib/db/migrations/meta/0005_snapshot.json +0 -900
package/lib/db/migrations/meta/0006_snapshot.json +0 -1011
package/lib/db/migrations/meta/0007_snapshot.json +0 -1125
package/lib/db/migrations/meta/0008_snapshot.json +0 -1146
package/lib/db/migrations/meta/0009_snapshot.json +0 -1386
package/lib/db/migrations/meta/0010_snapshot.json +0 -1419
package/lib/db/migrations/meta/0011_snapshot.json +0 -1615
package/lib/db/migrations/meta/0012_snapshot.json +0 -1805
package/lib/db/migrations/meta/0013_snapshot.json +0 -1948
package/lib/db/migrations/meta/0014_snapshot.json +0 -2082
package/lib/db/migrations/meta/0015_snapshot.json +0 -2476
package/lib/db/migrations/meta/0016_snapshot.json +0 -2633
package/lib/db/migrations/meta/0017_snapshot.json +0 -2680
package/lib/db/migrations/meta/0018_snapshot.json +0 -2686
package/lib/db/migrations/meta/0019_snapshot.json +0 -2741
package/lib/db/schema/projects.ts +0 -145
package/lib/db/schema/user-profiles.ts +0 -31
package/lib/validations/projects.ts +0 -49
package/next-env.d.ts +0 -6
package/playwright.config.ts +0 -44
package/proxy.test.ts +0 -131
package/proxy.ts +0 -116
package/scripts/backup-db.sh +0 -57
package/scripts/backup-db.ts +0 -24
package/scripts/generate-openapi.ts +0 -22
package/scripts/migration-helper.ts +0 -39
package/scripts/pre-deploy.ts +0 -75
package/scripts/restore-db.sh +0 -60
package/scripts/rollback.ts +0 -72
package/scripts/seed-tags.ts +0 -48
package/tests/api/feedback-bulk.test.ts +0 -47
package/tests/api/feedback-by-id.test.ts +0 -67
package/tests/api/feedback-comments-route-import.test.ts +0 -26
package/tests/api/feedback-create.test.ts +0 -71
package/tests/api/feedback-delete.test.ts +0 -160
package/tests/api/feedback-filter.test.ts +0 -250
package/tests/api/feedback-list.test.ts +0 -234
package/tests/api/feedback-route-assignee-condition.test.ts +0 -32
package/tests/api/feedback-similar.test.ts +0 -46
package/tests/api/feedback-sort.test.ts +0 -261
package/tests/api/feedback-status-enum.test.ts +0 -49
package/tests/api/feedback-status-filter.test.ts +0 -117
package/tests/api/feedback-submit-on-behalf.test.ts +0 -269
package/tests/api/feedback.test.ts +0 -175
package/tests/api/identify-jwt.test.ts +0 -25
package/tests/api/invitation-accept.test.ts +0 -213
package/tests/api/organization-invitations.test.ts +0 -186
package/tests/api/organization-members-list.test.ts +0 -79
package/tests/api/organization-members.test.ts +0 -340
package/tests/api/organizations.test.ts +0 -149
package/tests/api/register.test.ts +0 -112
package/tests/api/upload.test.ts +0 -103
package/tests/api/vote.test.ts +0 -82
package/tests/app/admin-feedback-detail-page.test.tsx +0 -25
package/tests/app/admin-feedback-list-page.test.tsx +0 -25
package/tests/app/admin-feedback-new-page.test.tsx +0 -25
package/tests/app/health-route-helpers.test.ts +0 -27
package/tests/app/login-page.test.ts +0 -26
package/tests/app/portal-page.test.ts +0 -29
package/tests/app/project-portal-overview.test.tsx +0 -25
package/tests/app/widget-page-import.test.ts +0 -25
package/tests/components/create-post-dialog-defaults.test.ts +0 -43
package/tests/components/feedback/duplicate-suggestions-inline.test.tsx +0 -27
package/tests/components/feedback/embedded-feedback-form.test.tsx +0 -96
package/tests/components/feedback/feedback-detail.test.tsx +0 -25
package/tests/components/feedback/feedback-stats.test.tsx +0 -49
package/tests/components/feedback-bulk-actions.test.tsx +0 -39
package/tests/components/feedback-i18n-keys.test.ts +0 -70
package/tests/components/feedback-list-controls-compile.test.ts +0 -25
package/tests/components/feedback-list-controls.test.tsx +0 -204
package/tests/components/feedback-list-item.test.tsx +0 -67
package/tests/components/landing/hero.test.tsx +0 -46
package/tests/components/layout/language-switcher.test.tsx +0 -25
package/tests/components/layout/sidebar.test.tsx +0 -157
package/tests/components/login-form.test.ts +0 -25
package/tests/components/organization-form.test.ts +0 -32
package/tests/components/organization-switcher.test.ts +0 -25
package/tests/components/pagination.test.tsx +0 -43
package/tests/components/portal-overview.test.tsx +0 -25
package/tests/components/profile-form.test.tsx +0 -139
package/tests/components/role-selector.test.ts +0 -31
package/tests/components/status-chart.test.tsx +0 -90
package/tests/e2e/auth.e2e.ts +0 -323
package/tests/e2e/feedback-actions.e2e.ts +0 -471
package/tests/e2e/feedback-attachment.e2e.ts +0 -168
package/tests/e2e/feedback-customer.e2e.ts +0 -226
package/tests/e2e/feedback-management.e2e.ts +0 -565
package/tests/e2e/feedback-submit.e2e.ts +0 -133
package/tests/e2e/feedback-view.e2e.ts +0 -297
package/tests/e2e/fixtures/test-data.ts +0 -235
package/tests/e2e/health-check.e2e.ts +0 -230
package/tests/e2e/helpers/test-utils-helpers.test.ts +0 -43
package/tests/e2e/helpers/test-utils.ts +0 -298
package/tests/e2e/integration-placeholders.e2e.ts +0 -199
package/tests/e2e/organization.e2e.ts +0 -292
package/tests/e2e/permissions.e2e.ts +0 -424
package/tests/e2e/project-widget.e2e.ts +0 -63
package/tests/feedback/filters.test.ts +0 -29
package/tests/hooks/use-permissions.test.ts +0 -52
package/tests/lib/ai/classifier.test.ts +0 -104
package/tests/lib/ai/duplicate-detector.test.ts +0 -234
package/tests/lib/attachments-schema.test.ts +0 -30
package/tests/lib/auth/session.test.ts +0 -49
package/tests/lib/auth-client.test.ts +0 -37
package/tests/lib/auth-config.test.ts +0 -26
package/tests/lib/feedback-prefill.test.ts +0 -52
package/tests/lib/feedback-processor.test.ts +0 -41
package/tests/lib/feedback-schema.test.ts +0 -33
package/tests/lib/file-validator.test.ts +0 -48
package/tests/lib/get-feedback-by-id.test.ts +0 -37
package/tests/lib/invitations.test.ts +0 -35
package/tests/lib/login-schema.test.ts +0 -36
package/tests/lib/org-context.test.ts +0 -95
package/tests/lib/organization-access.test.ts +0 -44
package/tests/lib/organization-member-role-schema.test.ts +0 -41
package/tests/lib/permissions.test.ts +0 -88
package/tests/lib/portal-analytics.test.ts +0 -25
package/tests/lib/portal-contributors.test.ts +0 -25
package/tests/lib/portal-copy.test.ts +0 -27
package/tests/lib/portal-i18n.test.ts +0 -30
package/tests/lib/portal-leaderboard-settings.test.ts +0 -25
package/tests/lib/portal-modules.test.ts +0 -25
package/tests/lib/portal-seo.test.ts +0 -25
package/tests/lib/portal-sharing.test.ts +0 -25
package/tests/lib/portal-sorting.test.ts +0 -25
package/tests/lib/portal-theme.test.ts +0 -25
package/tests/lib/rate-limit.test.ts +0 -142
package/tests/lib/resolve-locale.test.ts +0 -34
package/tests/lib/services/backup.test.ts +0 -145
package/tests/lib/user-organizations.test.ts +0 -42
package/tests/lib/user-role-schema.test.ts +0 -33
package/tests/lib/user-schema.test.ts +0 -25
package/tests/setup.ts +0 -74
package/vercel.json +0 -4

package/docs/plans/2026-01-06-file-upload-support.md DELETED Viewed

@@ -1,804 +0,0 @@
-# File Upload Support Implementation Plan
-> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
-**Goal:** Add MVP file upload support for feedback with local storage, server validation, and attachment linking at upload time.
-**Architecture:** Add an `attachments` table with a feedback relation, implement server-side upload validation + storage, expose `/api/upload`, and extend feedback submission to link uploaded attachments. Integrate a client-side upload UI into the feedback form.
-**Tech Stack:** Next.js App Router (Route Handlers), TypeScript, Drizzle ORM (Postgres), Bun tests, Shadcn UI
-### Task 1: Add attachments schema + relations + migration (feedbackId required)
-**Files:**
-- Create: `lib/db/schema/attachments.ts`
-- Modify: `lib/db/schema/feedback.ts`
-- Modify: `lib/db/schema/index.ts`
-- Modify: `lib/db/migrations/*` (generated by drizzle-kit)
-**Step 1: Write the failing test**
-Create `tests/lib/attachments-schema.test.ts`:
-```ts
-import { describe, expect, it } from "bun:test";
-import { attachments } from "@/lib/db/schema/attachments";
-describe("attachments schema", () => {
-  it("defines required columns", () => {
-    expect(attachments).toBeDefined();
-    expect(attachments["feedbackId"]).toBeDefined();
-    expect(attachments["fileName"]).toBeDefined();
-    expect(attachments["filePath"]).toBeDefined();
-    expect(attachments["fileSize"]).toBeDefined();
-    expect(attachments["mimeType"]).toBeDefined();
-  });
-});
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test tests/lib/attachments-schema.test.ts`
-Expected: FAIL with module not found (`attachments.ts`).
-**Step 3: Write minimal implementation**
-Create `lib/db/schema/attachments.ts`:
-```ts
-import { index, integer, pgTable, serial, text, timestamp } from "drizzle-orm/pg-core";
-import { relations } from "drizzle-orm";
-import { feedback } from "./feedback";
-export const attachments = pgTable(
-  "attachments",
-  {
-    attachmentId: serial("attachmentId").primaryKey(),
-    feedbackId: integer("feedbackId")
-      .notNull()
-      .references(() => feedback.feedbackId, { onDelete: "cascade" }),
-    fileName: text("fileName").notNull(),
-    filePath: text("filePath").notNull(),
-    fileSize: integer("fileSize").notNull(),
-    mimeType: text("mimeType").notNull(),
-    createdAt: timestamp("createdAt").defaultNow().notNull(),
-  },
-  (table) => ({
-    feedbackIdx: index("idx_attachments_feedbackId").on(table.feedbackId),
-  }),
-);
-export const attachmentRelations = relations(attachments, ({ one }) => ({
-  feedback: one(feedback, {
-    fields: [attachments.feedbackId],
-    references: [feedback.feedbackId],
-  }),
-}));
-export type Attachment = typeof attachments.$inferSelect;
-export type NewAttachment = typeof attachments.$inferInsert;
-```
-Update `lib/db/schema/feedback.ts`:
-```ts
-import { relations } from "drizzle-orm";
-import { attachments } from "./attachments";
-export const feedbackRelations = relations(feedback, ({ many }) => ({
-  attachments: many(attachments),
-}));
-```
-Update `lib/db/schema/index.ts`:
-```ts
-export * from "./attachments";
-```
-Generate migration via Drizzle:
-```bash
-bun run db:generate
-```
-**Step 4: Run test to verify it passes**
-Run: `bun test tests/lib/attachments-schema.test.ts`
-Expected: PASS.
-**Step 5: Commit**
-```bash
-git add lib/db/schema/attachments.ts lib/db/schema/feedback.ts lib/db/schema/index.ts lib/db/migrations tests/lib/attachments-schema.test.ts
-git commit -m "feat: add attachments schema"
-```
-### Task 2: Add file validation + local storage utilities
-**Files:**
-- Create: `lib/upload/file-validator.ts`
-- Create: `lib/upload/storage.ts`
-- Create: `public/uploads/.gitkeep`
-**Step 1: Write the failing test**
-Create `tests/lib/file-validator.test.ts`:
-```ts
-import { describe, expect, it } from "bun:test";
-import { validateFile, MAX_FILE_SIZE } from "@/lib/upload/file-validator";
-describe("validateFile", () => {
-  it("rejects files over max size", () => {
-    const file = new File([new ArrayBuffer(MAX_FILE_SIZE + 1)], "big.png", {
-      type: "image/png",
-    });
-    const result = validateFile(file);
-    expect(result.valid).toBe(false);
-    if (!result.valid) {
-      expect(result.code).toBe("FILE_TOO_LARGE");
-    }
-  });
-  it("rejects unsupported types", () => {
-    const file = new File(["hello"], "note.txt", { type: "text/plain" });
-    const result = validateFile(file);
-    expect(result.valid).toBe(false);
-    if (!result.valid) {
-      expect(result.code).toBe("INVALID_FILE_TYPE");
-    }
-  });
-  it("accepts allowed types within size", () => {
-    const file = new File(["data"], "image.png", { type: "image/png" });
-    const result = validateFile(file);
-    expect(result.valid).toBe(true);
-  });
-});
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test tests/lib/file-validator.test.ts`
-Expected: FAIL with module not found.
-**Step 3: Write minimal implementation**
-Create `lib/upload/file-validator.ts`:
-```ts
-export const MAX_FILE_SIZE = 5 * 1024 * 1024;
-export const ALLOWED_MIME_TYPES = [
-  "image/png",
-  "image/jpeg",
-  "image/jpg",
-  "image/gif",
-  "application/pdf",
-] as const;
-export type AllowedMimeType = (typeof ALLOWED_MIME_TYPES)[number];
-export type FileValidationResult =
-  | { valid: true; mimeType: AllowedMimeType }
-  | { valid: false; error: string; code: "INVALID_FILE_TYPE" | "FILE_TOO_LARGE" };
-export function validateFile(file: File): FileValidationResult {
-  if (file.size > MAX_FILE_SIZE) {
-    return {
-      valid: false,
-      error: "文件大小不能超过 5MB",
-      code: "FILE_TOO_LARGE",
-    };
-  }
-  if (!ALLOWED_MIME_TYPES.includes(file.type as AllowedMimeType)) {
-    return {
-      valid: false,
-      error: "不支持的文件类型",
-      code: "INVALID_FILE_TYPE",
-    };
-  }
-  return { valid: true, mimeType: file.type as AllowedMimeType };
-}
-```
-Create `lib/upload/storage.ts`:
-```ts
-import { mkdir, writeFile, unlink } from "fs/promises";
-import { join } from "path";
-import { randomUUID } from "crypto";
-export interface StoredFile {
-  fileName: string;
-  filePath: string;
-  fullPath: string;
-}
-export function generateUniqueFileName(originalName: string): string {
-  const ext = originalName.split(".").pop() ?? "";
-  const uuid = randomUUID();
-  return ext ? `${uuid}.${ext}` : uuid;
-}
-export async function saveFile(
-  file: File,
-  uploadDir: string = "public/uploads",
-): Promise<StoredFile> {
-  await mkdir(uploadDir, { recursive: true });
-  const uniqueFileName = generateUniqueFileName(file.name);
-  const fullPath = join(uploadDir, uniqueFileName);
-  const buffer = Buffer.from(await file.arrayBuffer());
-  await writeFile(fullPath, buffer);
-  return {
-    fileName: file.name,
-    filePath: fullPath.replace(/^public\//, ""),
-    fullPath,
-  };
-}
-export async function deleteFile(fullPath: string): Promise<void> {
-  try {
-    await unlink(fullPath);
-  } catch (error) {
-    console.error("Failed to delete file:", fullPath, error);
-  }
-}
-```
-Add `public/uploads/.gitkeep` (empty file).
-**Step 4: Run test to verify it passes**
-Run: `bun test tests/lib/file-validator.test.ts`
-Expected: PASS.
-**Step 5: Commit**
-```bash
-git add lib/upload/file-validator.ts lib/upload/storage.ts public/uploads/.gitkeep tests/lib/file-validator.test.ts
-git commit -m "feat: add file upload validation and storage"
-```
-### Task 3: Add upload API handler + route
-**Files:**
-- Create: `app/api/upload/handler.ts`
-- Create: `app/api/upload/route.ts`
-**Step 1: Write the failing test**
-Create `tests/api/upload.test.ts`:
-```ts
-import { describe, expect, it } from "bun:test";
-import { buildUploadHandler } from "@/app/api/upload/handler";
-import { attachments } from "@/lib/db/schema";
-const makeDeps = () => {
-  const inserted: Record<string, unknown>[] = [];
-  const db = {
-    insert: (table?: unknown) => ({
-      values: (values: Record<string, unknown>) => {
-        if (table === attachments) {
-          inserted.push(values);
-        }
-        return {
-          returning: async () => [
-            { attachmentId: 1, ...values, createdAt: new Date() },
-          ],
-        };
-      },
-    }),
-  };
-  const saveFile = async (file: File) => ({
-    fileName: file.name,
-    filePath: `uploads/${file.name}`,
-    fullPath: `/tmp/${file.name}`,
-  });
-  const validateFile = (file: File) =>
-    file.type === "text/plain"
-      ? { valid: false, error: "不支持的文件类型", code: "INVALID_FILE_TYPE" as const }
-      : { valid: true, mimeType: file.type as "image/png" };
-  return { db, saveFile, validateFile, inserted };
-};
-describe("POST /api/upload", () => {
-  it("rejects invalid file types", async () => {
-    const deps = makeDeps();
-    const handler = buildUploadHandler(deps);
-    const form = new FormData();
-    form.append("files", new File(["x"], "bad.txt", { type: "text/plain" }));
-    form.append("feedbackId", "1");
-    const res = await handler(new Request("http://localhost/api/upload", {
-      method: "POST",
-      body: form,
-    }));
-    const json = await res.json();
-    expect(res.status).toBe(400);
-    expect(json.code).toBe("VALIDATION_ERROR");
-  });
-  it("uploads valid files", async () => {
-    const deps = makeDeps();
-    const handler = buildUploadHandler(deps);
-    const form = new FormData();
-    form.append("files", new File(["x"], "good.png", { type: "image/png" }));
-    form.append("feedbackId", "1");
-    const res = await handler(new Request("http://localhost/api/upload", {
-      method: "POST",
-      body: form,
-    }));
-    const json = await res.json();
-    expect(res.status).toBe(201);
-    expect(json.data[0].attachmentId).toBe(1);
-    expect(deps.inserted.length).toBe(1);
-  });
-});
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test tests/api/upload.test.ts`
-Expected: FAIL with module not found (`handler`).
-**Step 3: Write minimal implementation**
-Create `app/api/upload/handler.ts`:
-```ts
-import { NextResponse } from "next/server";
-import { attachments } from "@/lib/db/schema";
-import { apiError, validationError } from "@/lib/api/errors";
-import type { FileValidationResult } from "@/lib/upload/file-validator";
-import type { db as database } from "@/lib/db";
-type Database = NonNullable<typeof database>;
-type UploadDeps = {
-  db: {
-    insert: Database["insert"];
-  };
-  validateFile: (file: File) => FileValidationResult;
-  saveFile: (file: File) => Promise<{ fileName: string; filePath: string; fullPath: string }>;
-};
-export function buildUploadHandler(deps: UploadDeps) {
-  return async function POST(req: Request) {
-    try {
-      const formData = await req.formData();
-      const feedbackIdRaw = formData.get("feedbackId");
-      const feedbackId = Number(feedbackIdRaw);
-      if (!feedbackIdRaw || Number.isNaN(feedbackId)) {
-        return validationError(undefined, "feedbackId is required");
-      }
-      const files = formData.getAll("files").filter(Boolean) as File[];
-      if (!files.length) {
-        return validationError(undefined, "No files provided");
-      }
-      const validationResults = files.map(deps.validateFile);
-      const invalid = validationResults.filter((result) => !result.valid);
-      if (invalid.length) {
-        return validationError(invalid, "Validation failed");
-      }
-      const saved = await Promise.all(
-        files.map(async (file) => {
-          const stored = await deps.saveFile(file);
-          const [attachment] = await deps.db
-            .insert(attachments)
-            .values({
-              feedbackId,
-              fileName: stored.fileName,
-              filePath: stored.filePath,
-              fileSize: file.size,
-              mimeType: file.type,
-            })
-            .returning();
-          return attachment;
-        }),
-      );
-      return NextResponse.json({ data: saved }, { status: 201 });
-    } catch (error) {
-      return apiError(error);
-    }
-  };
-}
-```
-Create `app/api/upload/route.ts`:
-```ts
-import { NextResponse } from "next/server";
-import { buildUploadHandler } from "./handler";
-import { db } from "@/lib/db";
-import { validateFile } from "@/lib/upload/file-validator";
-import { saveFile } from "@/lib/upload/storage";
-export const dynamic = "force-dynamic";
-export const runtime = "nodejs";
-export async function POST(req: Request) {
-  if (!db) {
-    return NextResponse.json(
-      { error: "Database not configured", code: "DATABASE_NOT_CONFIGURED" },
-      { status: 500 },
-    );
-  }
-  const handler = buildUploadHandler({ db, validateFile, saveFile });
-  return handler(req);
-}
-```
-**Step 4: Run test to verify it passes**
-Run: `bun test tests/api/upload.test.ts`
-Expected: PASS.
-**Step 5: Commit**
-```bash
-git add app/api/upload/handler.ts app/api/upload/route.ts tests/api/upload.test.ts
-git commit -m "feat: add upload api"
-```
-### Task 4: Update feedback form flow to upload after feedback creation
-**Files:**
-- Create: `components/feedback/file-upload.tsx`
-- Modify: `components/feedback/embedded-feedback-form.tsx`
-- Modify: `tests/components/feedback/embedded-feedback-form.test.tsx`
-**Step 1: Write the failing test**
-Update `tests/components/feedback/embedded-feedback-form.test.tsx`:
-```tsx
-it("includes file upload UI", () => {
-  render(<EmbeddedFeedbackForm />);
-  expect(screen.getByText("拖拽文件到此处，或点击选择文件")).toBeInTheDocument();
-});
-```
-**Step 2: Run test to verify it fails**
-Run: `bun test tests/components/feedback/embedded-feedback-form.test.tsx`
-Expected: FAIL (upload UI not rendered).
-**Step 3: Write minimal implementation**
-Create `components/feedback/file-upload.tsx` and accept `feedbackId`:
-```tsx
-"use client";
-import { useCallback, useEffect, useMemo, useState } from "react";
-import { Upload, File as FileIcon, X } from "lucide-react";
-import { Button } from "@/components/ui/button";
-import { cn } from "@/lib/utils";
-type UploadStatus = "pending" | "uploading" | "success" | "error";
-interface UploadedFile {
-  file: File;
-  preview?: string;
-  status: UploadStatus;
-  attachmentId?: number;
-}
-interface FileUploadProps {
-  feedbackId?: number;
-  onUploaded?: (ids: number[]) => void;
-  maxSize?: number;
-  accept?: string;
-}
-export function FileUpload({
-  feedbackId,
-  onUploaded,
-  maxSize = 5 * 1024 * 1024,
-  accept = "image/png,image/jpeg,image/gif,application/pdf",
-}: FileUploadProps) {
-  const [files, setFiles] = useState<UploadedFile[]>([]);
-  const [isDragging, setIsDragging] = useState(false);
-  const allowedTypes = useMemo(() => accept.split(","), [accept]);
-  const validateFile = useCallback(
-    (file: File): string | null => {
-      if (file.size > maxSize) {
-        return "文件大小不能超过 5MB";
-      }
-      if (!allowedTypes.includes(file.type)) {
-        return "不支持的文件类型";
-      }
-      return null;
-    },
-    [maxSize, allowedTypes],
-  );
-  const handleFiles = useCallback(
-    (newFiles: File[]) => {
-      const validFiles: UploadedFile[] = [];
-      for (const file of newFiles) {
-        const error = validateFile(file);
-        if (error) {
-          alert(error);
-          continue;
-        }
-        const preview = file.type.startsWith("image/")
-          ? URL.createObjectURL(file)
-          : undefined;
-        validFiles.push({ file, preview, status: "pending" });
-      }
-      setFiles((prev) => [...prev, ...validFiles]);
-    },
-    [validateFile],
-  );
-  useEffect(() => {
-    return () => {
-      files.forEach((file) => {
-        if (file.preview) {
-          URL.revokeObjectURL(file.preview);
-        }
-      });
-    };
-  }, [files]);
-  const uploadFiles = async () => {
-    if (!feedbackId) {
-      alert("请先提交反馈");
-      return;
-    }
-    const pending = files.filter((file) => file.status === "pending");
-    for (const fileItem of pending) {
-      setFiles((prev) =>
-        prev.map((item) =>
-          item === fileItem ? { ...item, status: "uploading" } : item,
-        ),
-      );
-      try {
-        const formData = new FormData();
-        formData.append("files", fileItem.file);
-        formData.append("feedbackId", String(feedbackId));
-        const response = await fetch("/api/upload", {
-          method: "POST",
-          body: formData,
-        });
-        if (!response.ok) {
-          setFiles((prev) =>
-            prev.map((item) =>
-              item === fileItem ? { ...item, status: "error" } : item,
-            ),
-          );
-          continue;
-        }
-        const result = await response.json();
-        const attachmentId = result.data?.[0]?.attachmentId as number | undefined;
-        setFiles((prev) =>
-          prev.map((item) =>
-            item === fileItem
-              ? { ...item, status: "success", attachmentId }
-              : item,
-          ),
-        );
-      } catch {
-        setFiles((prev) =>
-          prev.map((item) =>
-            item === fileItem ? { ...item, status: "error" } : item,
-          ),
-        );
-      }
-    }
-    const uploadedIds = files
-      .filter((file) => file.attachmentId !== undefined)
-      .map((file) => file.attachmentId as number);
-    onUploaded?.(uploadedIds);
-  };
-  const removeFile = (fileItem: UploadedFile) => {
-    setFiles((prev) => prev.filter((file) => file !== fileItem));
-    if (fileItem.preview) {
-      URL.revokeObjectURL(fileItem.preview);
-    }
-  };
-  return (
-    <div className="space-y-4">
-      <div
-        onDragOver={(event) => {
-          event.preventDefault();
-          setIsDragging(true);
-        }}
-        onDragLeave={() => setIsDragging(false)}
-        onDrop={(event) => {
-          event.preventDefault();
-          setIsDragging(false);
-          handleFiles(Array.from(event.dataTransfer.files));
-        }}
-        className={cn(
-          "border-2 border-dashed rounded-lg p-6 text-center transition-colors",
-          isDragging
-            ? "border-primary bg-primary/5"
-            : "border-muted-foreground/25 hover:border-muted-foreground/50",
-        )}
-      >
-        <input
-          id="file-upload"
-          type="file"
-          multiple
-          accept={accept}
-          onChange={(event) =>
-            handleFiles(Array.from(event.target.files ?? []))
-          }
-          className="hidden"
-        />
-        <label htmlFor="file-upload" className="cursor-pointer">
-          <Upload className="mx-auto h-10 w-10 text-muted-foreground mb-2" />
-          <p className="text-sm text-muted-foreground">
-            拖拽文件到此处，或点击选择文件
-          </p>
-          <p className="text-xs text-muted-foreground mt-1">
-            支持 PNG, JPG, GIF, PDF (最大 5MB)
-          </p>
-        </label>
-      </div>
-      {files.length > 0 && (
-        <div className="space-y-2">
-          {files.map((fileItem) => (
-            <div
-              key={`${fileItem.file.name}-${fileItem.file.size}`}
-              className="flex items-center gap-3 p-3 border rounded-lg"
-            >
-              {fileItem.preview ? (
-                <img
-                  src={fileItem.preview}
-                  alt={fileItem.file.name}
-                  className="w-12 h-12 object-cover rounded"
-                />
-              ) : (
-                <div className="w-12 h-12 bg-muted rounded flex items-center justify-center">
-                  <FileIcon className="w-6 h-6 text-muted-foreground" />
-                </div>
-              )}
-              <div className="flex-1 min-w-0">
-                <p className="text-sm font-medium truncate">
-                  {fileItem.file.name}
-                </p>
-                <p className="text-xs text-muted-foreground">
-                  {(fileItem.file.size / 1024).toFixed(1)} KB
-                </p>
-              </div>
-              <div className="text-xs">
-                {fileItem.status === "pending" && "待上传"}
-                {fileItem.status === "uploading" && "上传中..."}
-                {fileItem.status === "success" && "✓ 已上传"}
-                {fileItem.status === "error" && "✗ 上传失败"}
-              </div>
-              <Button
-                type="button"
-                variant="ghost"
-                size="icon"
-                onClick={() => removeFile(fileItem)}
-              >
-                <X className="w-4 h-4" />
-              </Button>
-            </div>
-          ))}
-          <Button
-            type="button"
-            onClick={uploadFiles}
-            disabled={!feedbackId || files.every((file) => file.status !== "pending")}
-            className="w-full"
-          >
-            上传文件
-          </Button>
-        </div>
-      )}
-    </div>
-  );
-}
-```
-Update `components/feedback/embedded-feedback-form.tsx` to create feedback first and then allow upload:
-```tsx
-import { FileUpload } from "./file-upload";
-const [feedbackId, setFeedbackId] = useState<number | null>(null);
-const onSubmit = async (data: FeedbackInput) => {
-  const response = await fetch("/api/feedback", {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify(data),
-  });
-  if (!response.ok) {
-    return;
-  }
-  const result = await response.json();
-  setFeedbackId(result.data.feedbackId);
-};
-// In JSX, before footer
-<FileUpload feedbackId={feedbackId ?? undefined} />
-```
-**Step 4: Run test to verify it passes**
-Run: `bun test tests/components/feedback/embedded-feedback-form.test.tsx`
-Expected: PASS.
-**Step 5: Commit**
-```bash
-git add components/feedback/file-upload.tsx components/feedback/embedded-feedback-form.tsx tests/components/feedback/embedded-feedback-form.test.tsx
-git commit -m "feat: add feedback upload UI"
-```
-### Task 5: Final validation
-**Files:**
-- None
-**Step 1: Run full test suite**
-Run: `bun test`
-Expected: PASS.
-**Step 2: Run lint**
-Run: `bun run lint`
-Expected: PASS.
-**Step 3: Commit (if needed)**
-```bash
-git status -sb
-```
-If any missing changes remain, add and commit with a descriptive message.