feat(defects): file a defect via a board-section modal (T5)

POST /api/defects validates the body with arktype (known section, uuid
project, non-empty trimmed verbatim) and resolves the reporter through a dev
seam (getReporter, ADR 0002) until OAuth lands. DefectForm is a DaisyUI modal
opened by a section click — pick a project, describe the problem, submit.
This commit is contained in:
Julien Calixte
2026-05-27 23:53:49 +02:00
parent bd427ab171
commit cb19b2df55
8 changed files with 337 additions and 8 deletions

View File

@@ -0,0 +1,17 @@
import { type } from 'arktype'
import { sectionIds } from '../../app/board/definition'
// Validated request body for filing a defect (F2). The reporter is resolved
// server-side via the session seam, never trusted from the client. Verbatim is
// trimmed; the section must be one defined on the canonical board (C1).
export const DefectInput = type({
sectionId: type('string').narrow(
(id, ctx) => sectionIds.has(id) || ctx.reject('a known board section id'),
),
projectId: 'string.uuid',
verbatim: type('string')
.pipe((s) => s.trim())
.narrow((s, ctx) => s.length > 0 || ctx.reject('non-empty text')),
})
export type DefectInputData = typeof DefectInput.infer

View File

@@ -0,0 +1,10 @@
import type { H3Event } from 'h3'
/**
* Resolves the reporter's email — the one seam between filing and auth (ADR
* 0002). For now it returns a fixed dev identity so the filing slice works
* before OAuth exists; Task 9 swaps this to read the verified session email.
*/
export function getReporter(_event: H3Event): string {
return process.env.DEV_REPORTER_EMAIL ?? 'dev@theodo.com'
}