feat: add PATCH /api/chats endpoint to update chat topic (#191)

* feat: add PATCH /api/chats endpoint to update chat topic

Migrate Recoup-Chat/app/api/room/update/route.ts to PATCH /api/chats
following the new API docs at developers.recoupable.com/api-reference/chat/update

- Add PATCH method to app/api/chats/route.ts
- Add lib/chats/updateChatHandler.ts for business logic
- Add lib/chats/validateUpdateChatBody.ts for Zod validation
- Add lib/supabase/rooms/updateRoom.ts for database operations

The endpoint:
- Accepts chatId (UUID) and topic (3-50 chars) in request body
- Supports both x-api-key and Authorization Bearer token auth
- Validates access using buildGetChatsParams (same as GET /api/chats)
- Returns 404 if chat not found, 403 if no access, 200 on success

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: correct access control in updateChatHandler + add TDD requirement

Bug fix:
- Remove target_account_id from buildGetChatsParams call which was causing
  "Personal API keys cannot filter by account_id" error for users updating
  their own chats
- Access control now correctly checks if room's account_id is in the
  user's allowed account_ids

Tests:
- Add comprehensive test suite for updateChatHandler covering:
  - Successful updates (personal key, org key)
  - Validation errors (invalid UUID, topic length)
  - Auth errors (401)
  - Not found errors (404)
  - Access denied errors (403)

Documentation:
- Add TDD section to CLAUDE.md requiring tests before implementation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: move JSON parsing into validateUpdateChatBody

- validateUpdateChatBody now takes NextRequest instead of unknown body
- Handles JSON parsing internally with try/catch
- Remove safeParseJson import from updateChatHandler
- Add comprehensive tests for validateUpdateChatBody (10 tests)
- Update handler tests to mock validateUpdateChatBody instead of safeParseJson

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: move auth and room validation into validateUpdateChatBody

- validateUpdateChatBody now handles:
  - JSON parsing
  - Body schema validation
  - Authentication via validateAuthContext
  - Room existence check via selectRoom
- Returns ValidatedUpdateChat with chatId, topic, room, accountId, orgId
- Handler now only handles access control and update logic
- Updated tests for both validation (13 tests) and handler (7 tests)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: move access control into validateUpdateChatBody

- validateUpdateChatBody now handles complete request validation:
  - JSON parsing
  - Body schema validation (chatId UUID, topic 3-50 chars)
  - Authentication via validateAuthContext
  - Room existence check via selectRoom
  - Access control via buildGetChatsParams
- Returns only { chatId, topic } on success (simpler interface)
- Handler now only calls updateRoom and formats response
- Validation tests: 16 tests (including 2 new access denied tests)
- Handler tests: 7 tests (simplified, validation errors pass through)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: sweetmantech

CLAUDE.md

@@ -144,6 +144,74 @@ export async function selectTableName({
 - All API routes should have JSDoc comments
 - Run `pnpm lint` before committing
 
+## Test-Driven Development (TDD)
+
+**CRITICAL: Always write tests BEFORE implementing new features or fixing bugs.**
+
+### TDD Workflow
+
+1. **Write failing tests first** - Create tests in `lib/[domain]/__tests__/[filename].test.ts` that describe the expected behavior
+2. **Run tests to verify they fail** - `pnpm test path/to/test.ts`
+3. **Implement the code** - Write the minimum code needed to make tests pass
+4. **Run tests to verify they pass** - All tests should be green
+5. **Refactor if needed** - Clean up while keeping tests green
+
+### Test File Location
+
+Tests live alongside the code they test:
+```
+lib/
+├── chats/
+│   ├── __tests__/
+│   │   └── updateChatHandler.test.ts
+│   ├── updateChatHandler.ts
+│   └── validateUpdateChatBody.ts
+```
+
+### Test Pattern
+
+```typescript
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { NextRequest, NextResponse } from "next/server";
+
+// Mock dependencies
+vi.mock("@/lib/networking/getCorsHeaders", () => ({
+  getCorsHeaders: vi.fn(() => ({ "Access-Control-Allow-Origin": "*" })),
+}));
+
+describe("functionName", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe("successful cases", () => {
+    it("does something when condition is met", async () => {
+      // Arrange
+      vi.mocked(dependency).mockResolvedValue(mockData);
+
+      // Act
+      const result = await functionName(input);
+
+      // Assert
+      expect(result.status).toBe(200);
+    });
+  });
+
+  describe("error cases", () => {
+    it("returns 400 when validation fails", async () => {
+      // Test error handling
+    });
+  });
+});
+```
+
+### When to Write Tests
+
+- **New API endpoints**: Write tests for all success and error paths
+- **New handlers**: Test business logic with mocked dependencies
+- **Bug fixes**: Write a failing test that reproduces the bug, then fix it
+- **Validation functions**: Test all valid and invalid input combinations
+
 ## Authentication
 
 **Never use `account_id` in request bodies or tool schemas.** Always derive the account ID from authentication:

app/api/chats/route.ts

@@ -3,6 +3,7 @@ import { NextResponse } from "next/server";
 import { getCorsHeaders } from "@/lib/networking/getCorsHeaders";
 import { createChatHandler } from "@/lib/chats/createChatHandler";
 import { getChatsHandler } from "@/lib/chats/getChatsHandler";
+import { updateChatHandler } from "@/lib/chats/updateChatHandler";
 
 /**
  * OPTIONS handler for CORS preflight requests.
@@ -52,3 +53,21 @@ export async function GET(request: NextRequest): Promise<NextResponse> {
 export async function POST(request: NextRequest): Promise<NextResponse> {
   return createChatHandler(request);
 }
+
+/**
+ * PATCH /api/chats
+ *
+ * Update a chat room's topic (display name).
+ *
+ * Authentication: x-api-key header or Authorization Bearer token required.
+ *
+ * Body parameters:
+ * - chatId (required): UUID of the chat room to update
+ * - topic (required): New display name for the chat (3-50 characters)
+ *
+ * @param request - The request object
+ * @returns A NextResponse with the updated chat or an error
+ */
+export async function PATCH(request: NextRequest): Promise<NextResponse> {
+  return updateChatHandler(request);
+}

lib/chats/__tests__/updateChatHandler.test.ts

@@ -0,0 +1,167 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { NextRequest, NextResponse } from "next/server";
+import { updateChatHandler } from "../updateChatHandler";
+
+vi.mock("@/lib/networking/getCorsHeaders", () => ({
+  getCorsHeaders: vi.fn(() => ({ "Access-Control-Allow-Origin": "*" })),
+}));
+
+vi.mock("@/lib/chats/validateUpdateChatBody", () => ({
+  validateUpdateChatBody: vi.fn(),
+}));
+
+vi.mock("@/lib/supabase/rooms/updateRoom", () => ({
+  updateRoom: vi.fn(),
+}));
+
+import { validateUpdateChatBody } from "@/lib/chats/validateUpdateChatBody";
+import { updateRoom } from "@/lib/supabase/rooms/updateRoom";
+
+describe("updateChatHandler", () => {
+  const mockRequest = () => {
+    return new NextRequest("http://localhost/api/chats", {
+      method: "PATCH",
+      headers: { "x-api-key": "test-key", "Content-Type": "application/json" },
+      body: JSON.stringify({}),
+    });
+  };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe("successful update", () => {
+    it("updates chat topic and returns success response", async () => {
+      const chatId = "123e4567-e89b-12d3-a456-426614174001";
+      const accountId = "123e4567-e89b-12d3-a456-426614174000";
+      const newTopic = "My Updated Chat";
+
+      vi.mocked(validateUpdateChatBody).mockResolvedValue({
+        chatId,
+        topic: newTopic,
+      });
+
+      vi.mocked(updateRoom).mockResolvedValue({
+        id: chatId,
+        account_id: accountId,
+        artist_id: null,
+        topic: newTopic,
+        updated_at: "2024-01-02T00:00:00Z",
+      });
+
+      const request = mockRequest();
+      const response = await updateChatHandler(request);
+
+      expect(response.status).toBe(200);
+      const body = await response.json();
+      expect(body).toEqual({
+        status: "success",
+        chat: {
+          id: chatId,
+          account_id: accountId,
+          topic: newTopic,
+          updated_at: "2024-01-02T00:00:00Z",
+          artist_id: null,
+        },
+      });
+
+      expect(updateRoom).toHaveBeenCalledWith(chatId, { topic: newTopic });
+    });
+  });
+
+  describe("validation errors", () => {
+    it("returns 400 from validation when body is invalid", async () => {
+      vi.mocked(validateUpdateChatBody).mockResolvedValue(
+        NextResponse.json(
+          { status: "error", error: "chatId must be a valid UUID" },
+          { status: 400 },
+        ),
+      );
+
+      const request = mockRequest();
+      const response = await updateChatHandler(request);
+
+      expect(response.status).toBe(400);
+      expect(updateRoom).not.toHaveBeenCalled();
+    });
+
+    it("returns 401 from validation when auth fails", async () => {
+      vi.mocked(validateUpdateChatBody).mockResolvedValue(
+        NextResponse.json(
+          { status: "error", error: "Unauthorized" },
+          { status: 401 },
+        ),
+      );
+
+      const request = mockRequest();
+      const response = await updateChatHandler(request);
+
+      expect(response.status).toBe(401);
+      expect(updateRoom).not.toHaveBeenCalled();
+    });
+
+    it("returns 404 from validation when chat not found", async () => {
+      vi.mocked(validateUpdateChatBody).mockResolvedValue(
+        NextResponse.json(
+          { status: "error", error: "Chat room not found" },
+          { status: 404 },
+        ),
+      );
+
+      const request = mockRequest();
+      const response = await updateChatHandler(request);
+
+      expect(response.status).toBe(404);
+      expect(updateRoom).not.toHaveBeenCalled();
+    });
+
+    it("returns 403 from validation when access denied", async () => {
+      vi.mocked(validateUpdateChatBody).mockResolvedValue(
+        NextResponse.json(
+          { status: "error", error: "Access denied to this chat" },
+          { status: 403 },
+        ),
+      );
+
+      const request = mockRequest();
+      const response = await updateChatHandler(request);
+
+      expect(response.status).toBe(403);
+      expect(updateRoom).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("update errors", () => {
+    it("returns 500 when updateRoom fails", async () => {
+      vi.mocked(validateUpdateChatBody).mockResolvedValue({
+        chatId: "123e4567-e89b-12d3-a456-426614174001",
+        topic: "New Topic",
+      });
+
+      vi.mocked(updateRoom).mockResolvedValue(null);
+
+      const request = mockRequest();
+      const response = await updateChatHandler(request);
+
+      expect(response.status).toBe(500);
+      const body = await response.json();
+      expect(body.error).toContain("Failed to update");
+    });
+
+    it("returns 500 when updateRoom throws", async () => {
+      vi.mocked(validateUpdateChatBody).mockResolvedValue({
+        chatId: "123e4567-e89b-12d3-a456-426614174001",
+        topic: "New Topic",
+      });
+
+      vi.mocked(updateRoom).mockRejectedValue(new Error("Database error"));
+
+      const request = mockRequest();
+      const response = await updateChatHandler(request);
+
+      expect(response.status).toBe(500);
+      const body = await response.json();
+      expect(body.error).toBe("Database error");
+    });
+  });
+});