# Task 3-6: Customer Service System API Routes

**Agent**: API Route Builder
**Status**: COMPLETED

## Summary
Created all 30 API route endpoints for the Customer Service System across 7 route groups.

## Route Groups

### 1. Auth Routes (`/api/auth/`)
- POST `/api/auth/login` — Login for all 3 roles
- POST `/api/auth/register` — Register new customer
- POST `/api/auth/change-password` — Change password (requires auth)
- GET `/api/auth/me` — Current user profile

### 2. Reviews Routes (`/api/reviews/`)
- GET `/api/reviews` — List reviews (Supervisor/Manager)
- POST `/api/reviews` — Create review (Customer, auto-classify sentiment, auto-assign supervisor)
- GET `/api/reviews/my` — Customer's own reviews
- GET `/api/reviews/[id]` — Review detail
- DELETE `/api/reviews/[id]` — Soft delete (Manager)
- PUT `/api/reviews/[id]/respond` — Supervisor responds
- PUT `/api/reviews/[id]/acknowledge` — Supervisor acknowledges
- PUT `/api/reviews/[id]/status` — Manager changes status

### 3. Photo Upload (`/api/reviews/[id]/photos`)
- POST — Upload photo (max 3/review, max 5MB)
- GET — Get photos for review

### 4. Dashboard (`/api/dashboard/`)
- GET `/api/dashboard/manager` — Manager metrics
- GET `/api/dashboard/supervisor` — Supervisor metrics

### 5. Notifications (`/api/notifications/`)
- GET — User's notifications
- PUT `/api/notifications/[id]/read` — Mark as read
- PUT `/api/notifications/read-all` — Mark all as read
- GET `/api/notifications/unread-count` — Unread count

### 6. Users/Customers (`/api/users/`)
- GET `/api/users/customers` — List customers
- POST `/api/users/customers` — Create customer
- GET `/api/users/customers/[id]` — Customer detail
- PUT `/api/users/customers/[id]` — Update customer
- DELETE `/api/users/customers/[id]` — Deactivate customer
- GET `/api/users/supervisors` — List supervisors
- POST `/api/users/supervisors` — Create supervisor

### 7. Reports (`/api/reports/`)
- GET `/api/reports/summary` — Summary report by period
- GET `/api/reports/by-supervisor` — Performance by supervisor
- GET `/api/reports/ratings` — Rating distribution

## Key Decisions
- Used `requireAuth()` for all protected routes with role-based access
- Sentiment auto-classification: rating ≤ 2 → NEGATIVE/PENDING, rating ≥ 3 → POSITIVE/RESOLVED
- Supervisor auto-assignment: round-robin based on fewest active assignments
- Photo uploads to `public/uploads/reviews/{reviewId}/` with unique filenames
- Fixed Prisma SQLite `{ not: null }` → `NOT: { field: null }` for compatibility
- All error messages in Spanish
- Dynamic route params use `Promise<{ id: string }>` (Next.js 16)

## Verification
- All 30 endpoints tested and working
- `bun run lint` passes with no errors
- Dev server running without compilation errors
