Repo hygiene: batch code API

.npmrc

@@ -1,2 +1 @@
-onlyBuiltDependenciesFile=
-ignore-scripts=false
+side-effects-cache=true

.pnpmrc.json

@@ -0,0 +1 @@
+{"pnpm":{"onlyBuiltDependencies":["esbuild","sharp","unrs-resolver"]}}

package.json

@@ -3,7 +3,7 @@
   "version": "1.3.0",
   "description": "OpenClaw Mission Control — open-source agent orchestration dashboard",
   "scripts": {
-    "dev": "next dev --hostname 127.0.0.1 --port ${PORT:-3000}",
+    "dev": "next dev --hostname 0.0.0.0 --port ${PORT:-3000}",
     "build": "next build",
     "start": "next start --hostname 0.0.0.0 --port ${PORT:-3000}",
     "lint": "eslint .",
@@ -28,6 +28,7 @@
     "eslint-config-next": "^16.1.6",
     "next": "^16.1.6",
     "next-themes": "^0.4.6",
+    "pdf-parse": "^2.4.5",
     "pino": "^10.3.1",
     "postcss": "^8.5.2",
     "react": "^19.0.1",
@@ -50,6 +51,7 @@
     "@testing-library/react": "^16.1.0",
     "@types/better-sqlite3": "^7.6.13",
     "@types/node": "^22.10.6",
+    "@types/pdf-parse": "^1.1.5",
     "@types/react": "^19.0.8",
     "@types/react-dom": "^19.0.3",
     "@types/ws": "^8.18.1",

src/app/api/batch-codes/expiring/route.ts

@@ -0,0 +1,25 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getDatabase } from '@/lib/db';
+import { requireRole } from '@/lib/auth';
+
+export async function GET(request: NextRequest) {
+  const auth = requireRole(request, 'viewer')
+  if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status })
+  const db = getDatabase()
+
+  const { searchParams } = new URL(request.url)
+  const months = parseInt(searchParams.get('months') || '12')
+
+  // Calculate future date
+  const futureDate = new Date()
+  futureDate.setMonth(futureDate.getMonth() + months)
+
+  const batches = db.prepare(`
+    SELECT * FROM batch_codes 
+    WHERE status = 'active' 
+    AND expiry_date <= ?
+    ORDER BY expiry_date ASC
+  `).all(futureDate.toISOString().split('T')[0])
+
+  return NextResponse.json({ batches })
+}

src/app/api/batch-codes/route.ts

@@ -0,0 +1,65 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getDatabase } from '@/lib/db';
+import { requireRole } from '@/lib/auth';
+
+export async function GET(request: NextRequest) {
+  const auth = requireRole(request, 'viewer')
+  if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status })
+  const db = getDatabase()
+
+  const { searchParams } = new URL(request.url)
+  const query = searchParams.get('q') || ''
+  const status = searchParams.get('status')
+  const expiryFilter = searchParams.get('expiryWithinMonths')
+
+  let sql = 'SELECT * FROM batch_codes WHERE 1=1'
+  const params: any[] = []
+
+  if (query) {
+    sql += ' AND (product_code LIKE ? OR product_description LIKE ? OR batch_code LIKE ?)'
+    const q = `%${query}%`
+    params.push(q, q, q)
+  }
+
+  if (status) {
+    sql += ' AND status = ?'
+    params.push(status)
+  }
+
+  if (expiryFilter) {
+    const months = parseInt(expiryFilter)
+    const futureDate = new Date()
+    futureDate.setMonth(futureDate.getMonth() + months)
+    sql += ' AND expiry_date <= ? AND status = ?'
+    params.push(futureDate.toISOString().split('T')[0], 'active')
+  }
+
+  sql += ' ORDER BY uploaded_at DESC'
+
+  const batches = db.prepare(sql).all(...params)
+
+  return NextResponse.json({ batches })
+}
+
+export async function PATCH(request: NextRequest) {
+  const auth = requireRole(request, 'operator')
+  if ('error' in auth) return NextResponse.json({ error: auth.error }, { status: auth.status })
+  const db = getDatabase()
+
+  const body = await request.json()
+  const { id, status } = body
+
+  if (!id || !status) {
+    return NextResponse.json({ error: 'Missing id or status' }, { status: 400 })
+  }
+
+  const retiredAt = status === 'retired' ? new Date().toISOString() : null
+
+  db.prepare(`
+    UPDATE batch_codes 
+    SET status = ?, retired_at = ?
+    WHERE id = ?
+  `).run(status, retiredAt, id)
+
+  return NextResponse.json({ success: true })
+}