phase 2 and 3

app/api/v1/projects/route.ts

@@ -0,0 +1,48 @@
+import { type NextRequest } from "next/server";
+import { prisma } from "@/lib/prisma";
+import { ok, errorResponse, requireRole, parseJson } from "@/lib/api";
+import { CreateProjectSchema } from "@/lib/schemas";
+import { audit } from "@/lib/audit";
+import { clientIp } from "@/lib/request";
+
+export async function GET() {
+  try {
+    await requireRole("admin");
+    const projects = await prisma.project.findMany({
+      orderBy: [{ createdAt: "desc" }],
+      include: {
+        _count: { select: { assemblies: true } },
+      },
+    });
+    return ok({ projects });
+  } catch (err) {
+    return errorResponse(err);
+  }
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const actor = await requireRole("admin");
+    const body = await parseJson(req, CreateProjectSchema);
+    const created = await prisma.project.create({
+      data: {
+        code: body.code,
+        name: body.name,
+        customerCode: body.customerCode ?? null,
+        dueDate: body.dueDate ?? null,
+        notes: body.notes ?? null,
+      },
+    });
+    await audit({
+      actorId: actor.id,
+      action: "create",
+      entity: "Project",
+      entityId: created.id,
+      after: created,
+      ipAddress: clientIp(req),
+    });
+    return ok({ project: created }, { status: 201 });
+  } catch (err) {
+    return errorResponse(err);
+  }
+}