Assemble QMS app + SQLite refactor + Unraid single-container deploy

Reconstruct the full app from init-source overlays (base + fix-1..6 +
update-1..3, last-wins) at the repo root, complete the missing pieces so it
builds and runs, and stage the Unraid deployment.

App completion:
- types/index.ts: former Prisma enums as string-literal unions + AppUser
- pages/_app.tsx + styles/globals.css (mount AppProvider/ToastProvider)
- API routes: auth/login, auth/me, users, submissions (+REVIEW_READY notify),
  forms (list/create), notifications
- scripts/create-admin.js: idempotent first-admin bootstrap
- 14 unbuilt nav targets stubbed via ComingSoon placeholder

SQLite refactor (single-container, no external DB):
- schema provider -> sqlite; enums -> String; Json -> String;
  FormField.options String[] -> JSON-encoded String
- lib/forms.ts (de)serialises options at the DB boundary
- drop mode:"insensitive" (unsupported on SQLite)
- enum imports repointed from @prisma/client to @/types

Deploy:
- multi-stage Dockerfile (next build -> prod runner), docker-entrypoint.sh
  (prisma db push -> create-admin -> next start), .dockerignore
- docker-compose.yml: br0 10.2.0.x, /mnt/user/appdata/qms -> /data volume
- README rewritten for the Unraid/Gitea Actions flow; .env scrubbed of the
  live Supabase credential; vercel.json removed

Verified: next build clean (41 routes); live SQLite round-trip of
login/session, form options array, and submission -> REVIEW_READY.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

pages/api/forms/[id].ts

@@ -0,0 +1,113 @@
+import type { NextApiRequest, NextApiResponse } from 'next'
+import { prisma } from '@/lib/prisma'
+import { requireAuth, logAction } from '@/lib/auth'
+import { serializeOptions, withParsedFields } from '@/lib/forms'
+import { FormStatus } from '@/types'
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  const user = await requireAuth(req, res)
+  if (!user) return
+
+  const { id } = req.query as { id: string }
+
+  if (req.method === 'GET') {
+    const form = await prisma.buildForm.findUnique({
+      where: { id },
+      include: { fields: { orderBy: { order: 'asc' } }, _count: { select: { submissions: true, fields: true } } },
+    })
+    if (!form) return res.status(404).json({ error: 'Not found' })
+    return res.json({ data: withParsedFields(form) })
+  }
+
+  if (req.method === 'PATCH') {
+    if (user.role !== 'ADMIN') return res.status(403).json({ error: 'Admin only' })
+
+    const before = await prisma.buildForm.findUnique({ where: { id }, include: { fields: true } })
+    if (!before) return res.status(404).json({ error: 'Not found' })
+
+    const { fields, status, ...rest } = req.body as {
+      fields?: Array<{ id?: string; label: string; type: string; hint?: string; options?: string[]; required?: boolean; trackStd?: boolean }>
+      status?: FormStatus
+      name?: string; product?: string; description?: string; minSubmissions?: number; publishedAt?: string
+    }
+
+    // ── Full field-level edit (name/product/description/minSubmissions + fields array) ──
+    if (fields !== undefined) {
+      const existingIds = new Set(before.fields.map(f => f.id))
+      const keepIds = new Set(fields.filter(f => f.id && existingIds.has(f.id)).map(f => f.id as string))
+      const toDeleteIds = before.fields.filter(f => !keepIds.has(f.id)).map(f => f.id)
+
+      const ops: any[] = []
+
+      if (toDeleteIds.length > 0) {
+        ops.push(prisma.formField.deleteMany({ where: { id: { in: toDeleteIds } } }))
+      }
+
+      fields.forEach((f, i) => {
+        const data = {
+          label: f.label,
+          type: f.type as any,
+          hint: f.hint || null,
+          options: serializeOptions(f.options),
+          required: !!f.required,
+          trackStd: f.trackStd !== false,
+          order: i,
+        }
+        if (f.id && existingIds.has(f.id)) {
+          ops.push(prisma.formField.update({ where: { id: f.id }, data }))
+        } else {
+          ops.push(prisma.formField.create({ data: { ...data, formId: id } }))
+        }
+      })
+
+      const formUpdate: any = {}
+      if (rest.name !== undefined) formUpdate.name = rest.name
+      if (rest.product !== undefined) formUpdate.product = rest.product
+      if (rest.description !== undefined) formUpdate.description = rest.description
+      if (rest.minSubmissions !== undefined) formUpdate.minSubmissions = rest.minSubmissions
+
+      if (Object.keys(formUpdate).length > 0) {
+        ops.push(prisma.buildForm.update({ where: { id }, data: formUpdate }))
+      }
+
+      await prisma.$transaction(ops)
+
+      const updated = await prisma.buildForm.findUnique({
+        where: { id },
+        include: { fields: { orderBy: { order: 'asc' } }, _count: { select: { submissions: true, fields: true } } },
+      })
+
+      await logAction(user.id, 'UPDATE', 'BuildForm', id, before, updated)
+      return res.json({ data: withParsedFields(updated) })
+    }
+
+    // ── Status transitions (publish / suspend / reactivate / archive / restore) ──
+    const updateData: any = { ...rest }
+    if (status !== undefined) {
+      updateData.status = status
+      if (status === 'ACTIVE' && before.status === 'DRAFT') updateData.publishedAt = new Date()
+      if (status === 'ACTIVE' && before.status === 'SUSPENDED') updateData.suspendedAt = null
+      if (status === 'SUSPENDED') updateData.suspendedAt = new Date()
+      if (status === 'ARCHIVED') updateData.archivedAt = new Date()
+      if (status === 'DRAFT' && before.status === 'ARCHIVED') updateData.archivedAt = null
+    }
+
+    const updated = await prisma.buildForm.update({
+      where: { id },
+      data: updateData,
+      include: { fields: { orderBy: { order: 'asc' } }, _count: { select: { submissions: true, fields: true } } },
+    })
+
+    await logAction(user.id, 'UPDATE', 'BuildForm', id, { status: before.status }, { status: updated.status })
+    return res.json({ data: withParsedFields(updated) })
+  }
+
+  if (req.method === 'DELETE') {
+    if (user.role !== 'ADMIN') return res.status(403).json({ error: 'Admin only' })
+    await prisma.buildForm.delete({ where: { id } })
+    await logAction(user.id, 'DELETE', 'BuildForm', id, null, null)
+    return res.json({ ok: true })
+  }
+
+  res.status(405).end()
+}

pages/api/forms/[id]/clone.ts

@@ -0,0 +1,50 @@
+import type { NextApiRequest, NextApiResponse } from 'next'
+import { prisma } from '@/lib/prisma'
+import { requireAuth, logAction } from '@/lib/auth'
+import { withParsedFields } from '@/lib/forms'
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  const user = await requireAuth(req, res, ['ADMIN'])
+  if (!user) return
+  if (req.method !== 'POST') return res.status(405).end()
+
+  const { id } = req.query as { id: string }
+
+  const source = await prisma.buildForm.findUnique({
+    where: { id },
+    include: { fields: { orderBy: { order: 'asc' } } },
+  })
+  if (!source) return res.status(404).json({ error: 'Form not found' })
+
+  const clone = await prisma.buildForm.create({
+    data: {
+      name: `${source.name} (Copy)`,
+      product: source.product,
+      description: source.description,
+      minSubmissions: source.minSubmissions,
+      status: 'DRAFT',
+      createdById: user.id,
+      clonedFromId: source.id,
+      clonedFromName: source.name,
+      fields: {
+        create: source.fields.map(f => ({
+          label: f.label,
+          type: f.type,
+          hint: f.hint,
+          options: f.options,
+          required: f.required,
+          trackStd: f.trackStd,
+          order: f.order,
+        })),
+      },
+    },
+    include: {
+      fields: { orderBy: { order: 'asc' } },
+      _count: { select: { submissions: true, fields: true } },
+    },
+  })
+
+  await logAction(user.id, 'CREATE', 'BuildForm', clone.id, null, { clonedFrom: source.id, name: clone.name })
+
+  return res.status(201).json({ data: withParsedFields(clone) })
+}

pages/api/forms/index.ts

@@ -0,0 +1,71 @@
+import type { NextApiRequest, NextApiResponse } from 'next'
+import { prisma } from '@/lib/prisma'
+import { requireAuth, logAction } from '@/lib/auth'
+import { serializeOptions, withParsedFields } from '@/lib/forms'
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  const user = await requireAuth(req, res)
+  if (!user) return
+
+  if (req.method === 'GET') {
+    const { status } = req.query
+    const where: any = {}
+    if (status) where.status = String(status)
+
+    const forms = await prisma.buildForm.findMany({
+      where,
+      include: {
+        fields: { orderBy: { order: 'asc' } },
+        _count: { select: { submissions: true, fields: true } },
+      },
+      orderBy: { createdAt: 'desc' },
+    })
+
+    return res.json({ data: forms.map(f => withParsedFields(f)) })
+  }
+
+  if (req.method === 'POST') {
+    if (user.role !== 'ADMIN') return res.status(403).json({ error: 'Admin only' })
+
+    const { name, product, description, minSubmissions, fields } = req.body as {
+      name?: string
+      product?: string
+      description?: string
+      minSubmissions?: number
+      fields?: Array<{ label: string; type: string; hint?: string; options?: string[]; required?: boolean; trackStd?: boolean }>
+    }
+
+    if (!name) return res.status(400).json({ error: 'Form name is required' })
+
+    const form = await prisma.buildForm.create({
+      data: {
+        name,
+        product: product || null,
+        description: description || null,
+        minSubmissions: minSubmissions ?? 10,
+        status: 'DRAFT',
+        createdById: user.id,
+        fields: {
+          create: (fields || []).map((f, i) => ({
+            label: f.label,
+            type: f.type,
+            hint: f.hint || null,
+            options: serializeOptions(f.options),
+            required: !!f.required,
+            trackStd: f.trackStd !== false,
+            order: i,
+          })),
+        },
+      },
+      include: {
+        fields: { orderBy: { order: 'asc' } },
+        _count: { select: { submissions: true, fields: true } },
+      },
+    })
+
+    await logAction(user.id, 'CREATE', 'BuildForm', form.id, null, { name })
+    return res.status(201).json({ data: withParsedFields(form) })
+  }
+
+  res.status(405).end()
+}