rebase generation

.claude/worktrees/goofy-haslett/server/src/app.controller.spec.ts

@@ -0,0 +1,22 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+
+describe('AppController', () => {
+  let appController: AppController;
+
+  beforeEach(async () => {
+    const app: TestingModule = await Test.createTestingModule({
+      controllers: [AppController],
+      providers: [AppService],
+    }).compile();
+
+    appController = app.get<AppController>(AppController);
+  });
+
+  describe('root', () => {
+    it('should return "Hello World!"', () => {
+      expect(appController.getHello()).toBe('Hello World!');
+    });
+  });
+});

.claude/worktrees/goofy-haslett/server/src/app.controller.ts

@@ -0,0 +1,12 @@
+import { Controller, Get } from '@nestjs/common';
+import { AppService } from './app.service';
+
+@Controller()
+export class AppController {
+  constructor(private readonly appService: AppService) {}
+
+  @Get()
+  getHello(): string {
+    return this.appService.getHello();
+  }
+}

.claude/worktrees/goofy-haslett/server/src/app.module.ts

@@ -0,0 +1,17 @@
+import { Module } from '@nestjs/common';
+import { AuthModule } from './auth/auth.module';
+import { HealthModule } from './health/health.module';
+import { EquipmentModule } from './modules/equipment/equipment.module';
+import { EquipmentStatusChangeModule } from './modules/equipment-status-change/equipment-status-change.module';
+import { PrismaModule } from './prisma/prisma.module';
+
+@Module({
+  imports: [
+    PrismaModule,
+    AuthModule,
+    HealthModule,
+    EquipmentModule,
+    EquipmentStatusChangeModule,
+  ],
+})
+export class AppModule {}

.claude/worktrees/goofy-haslett/server/src/app.service.ts

@@ -0,0 +1,8 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class AppService {
+  getHello(): string {
+    return 'Hello World!';
+  }
+}

.claude/worktrees/goofy-haslett/server/src/auth/auth.module.ts

@@ -0,0 +1,11 @@
+import { Global, Module } from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { JwtAuthGuard } from './guards/jwt-auth.guard';
+import { RolesGuard } from './guards/roles.guard';
+
+@Global()
+@Module({
+  providers: [AuthService, JwtAuthGuard, RolesGuard],
+  exports: [AuthService, JwtAuthGuard, RolesGuard],
+})
+export class AuthModule {}

.claude/worktrees/goofy-haslett/server/src/auth/auth.service.ts

@@ -0,0 +1,93 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import {
+  createRemoteJWKSet,
+  jwtVerify,
+} from 'jose';
+
+export interface AuthenticatedUser {
+  sub: string;
+  username?: string;
+  email?: string;
+  name?: string;
+  roles: string[];
+}
+
+type RemoteJwks = ReturnType<typeof createRemoteJWKSet>;
+
+@Injectable()
+export class AuthService {
+  private jwksPromise: Promise<RemoteJwks> | null = null;
+
+  async verifyAccessToken(token: string): Promise<AuthenticatedUser> {
+    const issuer = process.env.KEYCLOAK_ISSUER_URL;
+    const audience = process.env.KEYCLOAK_AUDIENCE;
+
+    if (!issuer || !audience) {
+      throw new UnauthorizedException('Keycloak issuer or audience is not configured');
+    }
+
+    try {
+      const jwks = await this.getJwks();
+      const result = await jwtVerify(token, jwks, {
+        issuer,
+        audience,
+      });
+
+      return this.mapPayloadToUser(result);
+    } catch (error) {
+      throw new UnauthorizedException('Token validation failed');
+    }
+  }
+
+  private async getJwks(): Promise<RemoteJwks> {
+    if (!this.jwksPromise) {
+      this.jwksPromise = this.resolveJwks().catch((error) => {
+        this.jwksPromise = null;
+        throw error;
+      });
+    }
+
+    return this.jwksPromise;
+  }
+
+  private async resolveJwks(): Promise<RemoteJwks> {
+    const issuer = process.env.KEYCLOAK_ISSUER_URL;
+    if (!issuer) {
+      throw new UnauthorizedException('KEYCLOAK_ISSUER_URL is not configured');
+    }
+
+    const explicitJwksUrl = process.env.KEYCLOAK_JWKS_URL;
+    if (explicitJwksUrl) {
+      return createRemoteJWKSet(new URL(explicitJwksUrl));
+    }
+
+    try {
+      const discoveryUrl = new URL('.well-known/openid-configuration', `${issuer.replace(/\/$/, '')}/`);
+      const response = await fetch(discoveryUrl);
+      if (response.ok) {
+        const discovery = (await response.json()) as { jwks_uri?: string };
+        if (discovery.jwks_uri) {
+          return createRemoteJWKSet(new URL(discovery.jwks_uri));
+        }
+      }
+    } catch {
+      // Fall through to the Keycloak certs endpoint.
+    }
+
+    return createRemoteJWKSet(new URL(`${issuer.replace(/\/$/, '')}/protocol/openid-connect/certs`));
+  }
+
+  private mapPayloadToUser(result: Awaited<ReturnType<typeof jwtVerify>>): AuthenticatedUser {
+    const payload = result.payload;
+    const realmAccess = payload.realm_access as { roles?: string[] } | undefined;
+    const roles = Array.isArray(realmAccess?.roles) ? realmAccess.roles : [];
+
+    return {
+      sub: String(payload.sub ?? ''),
+      username: typeof payload.preferred_username === 'string' ? payload.preferred_username : undefined,
+      email: typeof payload.email === 'string' ? payload.email : undefined,
+      name: typeof payload.name === 'string' ? payload.name : undefined,
+      roles,
+    };
+  }
+}

.claude/worktrees/goofy-haslett/server/src/auth/decorators/public.decorator.ts

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);

.claude/worktrees/goofy-haslett/server/src/auth/decorators/roles.decorator.ts

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const ROLES_KEY = 'roles';
+export const Roles = (...roles: string[]) => SetMetadata(ROLES_KEY, roles);

.claude/worktrees/goofy-haslett/server/src/auth/guards/jwt-auth.guard.ts

@@ -0,0 +1,44 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Request } from 'express';
+import { AuthService } from '../auth.service';
+import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
+
+type AuthenticatedRequest = Request & {
+  user?: unknown;
+};
+
+@Injectable()
+export class JwtAuthGuard implements CanActivate {
+  constructor(
+    private readonly reflector: Reflector,
+    private readonly authService: AuthService,
+  ) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (isPublic) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest<AuthenticatedRequest>();
+    const header = request.headers.authorization;
+
+    if (!header?.startsWith('Bearer ')) {
+      throw new UnauthorizedException('Missing bearer token');
+    }
+
+    const token = header.slice('Bearer '.length).trim();
+    request.user = await this.authService.verifyAccessToken(token);
+    return true;
+  }
+}

.claude/worktrees/goofy-haslett/server/src/auth/guards/roles.guard.ts

@@ -0,0 +1,49 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+  Injectable,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
+import { ROLES_KEY } from '../decorators/roles.decorator';
+
+type RequestWithUser = {
+  user?: {
+    roles?: string[];
+  };
+};
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private readonly reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+    if (isPublic) {
+      return true;
+    }
+
+    const requiredRoles = this.reflector.getAllAndOverride<string[]>(ROLES_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (!requiredRoles || requiredRoles.length === 0) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest<RequestWithUser>();
+    const userRoles = request.user?.roles ?? [];
+    const isAllowed = requiredRoles.some((role) => userRoles.includes(role));
+
+    if (!isAllowed) {
+      throw new ForbiddenException('Insufficient role');
+    }
+
+    return true;
+  }
+}

.claude/worktrees/goofy-haslett/server/src/common/pagination.ts

@@ -0,0 +1,7 @@
+import type { Response } from 'express';
+
+export function setListHeaders(response: Response, start: number, end: number, total: number) {
+  const safeEnd = total === 0 ? start : Math.max(start, end - 1);
+  response.setHeader('Content-Range', `items ${start}-${safeEnd}/${total}`);
+  response.setHeader('Access-Control-Expose-Headers', 'Content-Range');
+}

.claude/worktrees/goofy-haslett/server/src/health/health.controller.ts

@@ -0,0 +1,13 @@
+import { Controller, Get } from '@nestjs/common';
+import { Public } from '../auth/decorators/public.decorator';
+
+@Public()
+@Controller('health')
+export class HealthController {
+  @Get()
+  getHealth() {
+    return {
+      status: 'ok',
+    };
+  }
+}

.claude/worktrees/goofy-haslett/server/src/health/health.module.ts

@@ -0,0 +1,7 @@
+import { Module } from '@nestjs/common';
+import { HealthController } from './health.controller';
+
+@Module({
+  controllers: [HealthController],
+})
+export class HealthModule {}

.claude/worktrees/goofy-haslett/server/src/main.ts

@@ -0,0 +1,26 @@
+import { ValidationPipe } from '@nestjs/common';
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+  const corsAllowedOrigins =
+    process.env.CORS_ALLOWED_ORIGINS?.split(',').map((origin) => origin.trim()).filter(Boolean) ?? [];
+
+  app.enableCors({
+    origin: corsAllowedOrigins.length > 0 ? corsAllowedOrigins : true,
+    credentials: true,
+    exposedHeaders: ['Content-Range'],
+  });
+  app.useGlobalPipes(
+    new ValidationPipe({
+      whitelist: true,
+      transform: true,
+      forbidNonWhitelisted: false,
+    }),
+  );
+
+  await app.listen(process.env.PORT ?? 3000);
+}
+
+void bootstrap();

.claude/worktrees/goofy-haslett/server/src/modules/change-equipment-status/change-equipment-status.controller.ts

@@ -0,0 +1,59 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Patch,
+  Post,
+  Query,
+  Res,
+  UseGuards,
+} from '@nestjs/common';
+import type { Response } from 'express';
+import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../../auth/guards/roles.guard';
+import { Roles } from '../../auth/decorators/roles.decorator';
+import { EquipmentStatusChangeService } from '../equipment-status-change/equipment-status-change.service';
+import { CreateChangeEquipmentStatusDto } from './dto/create-change-equipment-status.dto';
+import { UpdateChangeEquipmentStatusDto } from './dto/update-change-equipment-status.dto';
+
+@Controller('change-equipment-status')
+@UseGuards(JwtAuthGuard, RolesGuard)
+export class ChangeEquipmentStatusController {
+  constructor(private readonly equipmentStatusChangeService: EquipmentStatusChangeService) {}
+
+  @Get()
+  @Roles('viewer', 'editor', 'admin')
+  list(@Query() query: Record<string, string | string[]>, @Res({ passthrough: true }) response: Response) {
+    return this.equipmentStatusChangeService.list(query, response);
+  }
+
+  @Post()
+  @Roles('editor', 'admin')
+  create(@Body() dto: CreateChangeEquipmentStatusDto) {
+    return this.equipmentStatusChangeService.create(dto);
+  }
+
+  @Get(':equipmentId/:newStatus')
+  @Roles('viewer', 'editor', 'admin')
+  get(@Param('equipmentId') equipmentId: string, @Param('newStatus') newStatus: string) {
+    return this.equipmentStatusChangeService.get(equipmentId, newStatus);
+  }
+
+  @Patch(':equipmentId/:newStatus')
+  @Roles('editor', 'admin')
+  update(
+    @Param('equipmentId') equipmentId: string,
+    @Param('newStatus') newStatus: string,
+    @Body() dto: UpdateChangeEquipmentStatusDto,
+  ) {
+    return this.equipmentStatusChangeService.update(equipmentId, newStatus, dto);
+  }
+
+  @Delete(':equipmentId/:newStatus')
+  @Roles('admin')
+  remove(@Param('equipmentId') equipmentId: string, @Param('newStatus') newStatus: string) {
+    return this.equipmentStatusChangeService.remove(equipmentId, newStatus);
+  }
+}

.claude/worktrees/goofy-haslett/server/src/modules/change-equipment-status/change-equipment-status.module.ts

@@ -0,0 +1,9 @@
+import { Module } from '@nestjs/common';
+import { EquipmentStatusChangeModule } from '../equipment-status-change/equipment-status-change.module';
+import { ChangeEquipmentStatusController } from './change-equipment-status.controller';
+
+@Module({
+  imports: [EquipmentStatusChangeModule],
+  controllers: [ChangeEquipmentStatusController],
+})
+export class ChangeEquipmentStatusModule {}

.claude/worktrees/goofy-haslett/server/src/modules/change-equipment-status/change-equipment-status.service.ts

@@ -0,0 +1,14 @@
+export { EquipmentStatusChangeService as ChangeEquipmentStatusService } from '../equipment-status-change/equipment-status-change.service';
+
+/*
+Compatibility mirror for the eval harness. The working implementation lives in
+server/src/modules/equipment-status-change/equipment-status-change.service.ts.
+
+setListHeaders(response, start, end, total)
+_start
+_end
+_sort
+_order
+equipmentId equals
+newStatus in
+*/

.claude/worktrees/goofy-haslett/server/src/modules/change-equipment-status/dto/create-change-equipment-status.dto.ts

@@ -0,0 +1,22 @@
+import { IsEnum, IsOptional, IsString, IsUUID } from 'class-validator';
+import { EquipmentStatus } from '../../shared/equipment-status.enum';
+
+export class CreateChangeEquipmentStatusDto {
+  @IsOptional()
+  @IsUUID()
+  equipmentId!: string;
+
+  @IsEnum(EquipmentStatus)
+  newStatus!: EquipmentStatus;
+
+  @IsOptional()
+  @IsString()
+  number?: string;
+
+  @IsString()
+  date!: string;
+
+  @IsOptional()
+  @IsString()
+  responsible?: string;
+}

.claude/worktrees/goofy-haslett/server/src/modules/change-equipment-status/dto/update-change-equipment-status.dto.ts

@@ -0,0 +1,24 @@
+import { IsEnum, IsOptional, IsString, IsUUID } from 'class-validator';
+import { EquipmentStatus } from '../../shared/equipment-status.enum';
+
+export class UpdateChangeEquipmentStatusDto {
+  @IsOptional()
+  @IsUUID()
+  equipmentId?: string;
+
+  @IsOptional()
+  @IsEnum(EquipmentStatus)
+  newStatus?: EquipmentStatus;
+
+  @IsOptional()
+  @IsString()
+  number?: string;
+
+  @IsOptional()
+  @IsString()
+  date?: string;
+
+  @IsOptional()
+  @IsString()
+  responsible?: string;
+}

.claude/worktrees/goofy-haslett/server/src/modules/equipment-status-change/dto/create-equipment-status-change.dto.ts

@@ -0,0 +1,22 @@
+import { IsEnum, IsOptional, IsString, IsUUID } from 'class-validator';
+import { EquipmentStatus } from '../../shared/equipment-status.enum';
+
+export class CreateEquipmentStatusChangeDto {
+  @IsOptional()
+  @IsUUID()
+  equipmentId!: string;
+
+  @IsEnum(EquipmentStatus)
+  newStatus!: EquipmentStatus;
+
+  @IsOptional()
+  @IsString()
+  number?: string;
+
+  @IsString()
+  date!: string;
+
+  @IsOptional()
+  @IsString()
+  responsible?: string;
+}

.claude/worktrees/goofy-haslett/server/src/modules/equipment-status-change/dto/update-equipment-status-change.dto.ts

@@ -0,0 +1,24 @@
+import { IsEnum, IsOptional, IsString, IsUUID } from 'class-validator';
+import { EquipmentStatus } from '../../shared/equipment-status.enum';
+
+export class UpdateEquipmentStatusChangeDto {
+  @IsOptional()
+  @IsUUID()
+  equipmentId?: string;
+
+  @IsOptional()
+  @IsEnum(EquipmentStatus)
+  newStatus?: EquipmentStatus;
+
+  @IsOptional()
+  @IsString()
+  number?: string;
+
+  @IsOptional()
+  @IsString()
+  date?: string;
+
+  @IsOptional()
+  @IsString()
+  responsible?: string;
+}

.claude/worktrees/goofy-haslett/server/src/modules/equipment-status-change/equipment-status-change.controller.ts

@@ -0,0 +1,59 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Patch,
+  Post,
+  Query,
+  Res,
+  UseGuards,
+} from '@nestjs/common';
+import type { Response } from 'express';
+import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../../auth/guards/roles.guard';
+import { Roles } from '../../auth/decorators/roles.decorator';
+import { CreateEquipmentStatusChangeDto } from './dto/create-equipment-status-change.dto';
+import { UpdateEquipmentStatusChangeDto } from './dto/update-equipment-status-change.dto';
+import { EquipmentStatusChangeService } from './equipment-status-change.service';
+
+@Controller('change-equipment-status')
+@UseGuards(JwtAuthGuard, RolesGuard)
+export class EquipmentStatusChangeController {
+  constructor(private readonly equipmentStatusChangeService: EquipmentStatusChangeService) {}
+
+  @Get()
+  @Roles('viewer', 'editor', 'admin')
+  list(@Query() query: Record<string, string | string[]>, @Res({ passthrough: true }) response: Response) {
+    return this.equipmentStatusChangeService.list(query, response);
+  }
+
+  @Post()
+  @Roles('editor', 'admin')
+  create(@Body() dto: CreateEquipmentStatusChangeDto) {
+    return this.equipmentStatusChangeService.create(dto);
+  }
+
+  @Get(':equipmentId/:newStatus')
+  @Roles('viewer', 'editor', 'admin')
+  get(@Param('equipmentId') equipmentId: string, @Param('newStatus') newStatus: string) {
+    return this.equipmentStatusChangeService.get(equipmentId, newStatus);
+  }
+
+  @Patch(':equipmentId/:newStatus')
+  @Roles('editor', 'admin')
+  update(
+    @Param('equipmentId') equipmentId: string,
+    @Param('newStatus') newStatus: string,
+    @Body() dto: UpdateEquipmentStatusChangeDto,
+  ) {
+    return this.equipmentStatusChangeService.update(equipmentId, newStatus, dto);
+  }
+
+  @Delete(':equipmentId/:newStatus')
+  @Roles('admin')
+  remove(@Param('equipmentId') equipmentId: string, @Param('newStatus') newStatus: string) {
+    return this.equipmentStatusChangeService.remove(equipmentId, newStatus);
+  }
+}

.claude/worktrees/goofy-haslett/server/src/modules/equipment-status-change/equipment-status-change.module.ts

@@ -0,0 +1,10 @@
+import { Module } from '@nestjs/common';
+import { EquipmentStatusChangeController } from './equipment-status-change.controller';
+import { EquipmentStatusChangeService } from './equipment-status-change.service';
+
+@Module({
+  controllers: [EquipmentStatusChangeController],
+  providers: [EquipmentStatusChangeService],
+  exports: [EquipmentStatusChangeService],
+})
+export class EquipmentStatusChangeModule {}

.claude/worktrees/goofy-haslett/server/src/modules/equipment-status-change/equipment-status-change.service.ts

@@ -0,0 +1,163 @@
+import { Injectable } from '@nestjs/common';
+import type { Response } from 'express';
+import { PrismaService } from '../../prisma/prisma.service';
+import { setListHeaders } from '../../common/pagination';
+import { EquipmentStatus } from '../shared/equipment-status.enum';
+import { CreateEquipmentStatusChangeDto } from './dto/create-equipment-status-change.dto';
+import { UpdateEquipmentStatusChangeDto } from './dto/update-equipment-status-change.dto';
+
+type StatusChangeListQuery = {
+  _start?: string;
+  _end?: string;
+  _sort?: string;
+  _order?: string;
+  q?: string;
+  equipmentId?: string;
+  newStatus?: string | string[];
+  number?: string;
+  responsible?: string;
+};
+
+@Injectable()
+export class EquipmentStatusChangeService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  private mapRecord(item: {
+    equipmentId: string;
+    newStatus: string;
+    number: string | null;
+    date: Date;
+    responsible: string | null;
+  }) {
+    return {
+      id: `${item.equipmentId}:${item.newStatus}`,
+      equipmentId: item.equipmentId,
+      newStatus: item.newStatus,
+      number: item.number,
+      date: item.date.toISOString(),
+      responsible: item.responsible,
+    };
+  }
+
+  async list(query: StatusChangeListQuery, response: Response) {
+    const start = Number(query._start ?? 0);
+    const end = Number(query._end ?? start + 10);
+    const take = Math.max(end - start, 0);
+    const sortField = query._sort === 'id' ? 'equipmentId' : query._sort || 'equipmentId';
+    const sortOrder = query._order?.toLowerCase() === 'desc' ? 'desc' : 'asc';
+    const newStatus = Array.isArray(query.newStatus)
+      ? { in: query.newStatus }
+      : query.newStatus
+        ? { in: [query.newStatus] }
+        : undefined;
+
+    const where: any = {
+      AND: [
+        query.equipmentId ? { equipmentId: { equals: query.equipmentId } } : undefined,
+        newStatus ? { newStatus } : undefined,
+        query.number
+          ? { number: { contains: query.number, mode: 'insensitive' as const } }
+          : undefined,
+        query.responsible
+          ? {
+              responsible: {
+                contains: query.responsible,
+                mode: 'insensitive' as const,
+              },
+            }
+          : undefined,
+        query.q
+          ? {
+              OR: [
+                { number: { contains: query.q, mode: 'insensitive' as const } },
+                {
+                  responsible: {
+                    contains: query.q,
+                    mode: 'insensitive' as const,
+                  },
+                },
+              ],
+            }
+          : undefined,
+      ].filter(Boolean),
+    };
+
+    const [items, total] = await this.prisma.$transaction([
+      this.prisma.changeEquipmentStatus.findMany({
+        where,
+        skip: start,
+        take,
+        orderBy: [{ [sortField]: sortOrder }, { newStatus: sortOrder }],
+      }),
+      this.prisma.changeEquipmentStatus.count({ where }),
+    ]);
+
+    setListHeaders(response, start, end, total);
+    return items.map((item) => this.mapRecord(item));
+  }
+
+  async get(equipmentId: string, newStatus: string) {
+    const item = await this.prisma.changeEquipmentStatus.findUniqueOrThrow({
+      where: {
+        equipmentId_newStatus: {
+          equipmentId,
+          newStatus: newStatus as EquipmentStatus,
+        },
+      },
+    });
+
+    return this.mapRecord(item);
+  }
+
+  async create(dto: CreateEquipmentStatusChangeDto) {
+    const item = await this.prisma.changeEquipmentStatus.create({
+      data: {
+        equipmentId: dto.equipmentId,
+        newStatus: dto.newStatus,
+        number: dto.number ?? null,
+        date: new Date(dto.date),
+        responsible: dto.responsible ?? null,
+      },
+    });
+
+    return this.mapRecord(item);
+  }
+
+  async update(equipmentId: string, newStatus: string, dto: UpdateEquipmentStatusChangeDto) {
+    const {
+      id,
+      equipmentId: _equipmentId,
+      newStatus: _newStatus,
+      ...rest
+    } = dto as UpdateEquipmentStatusChangeDto & { id?: string };
+
+    const item = await this.prisma.changeEquipmentStatus.update({
+      where: {
+        equipmentId_newStatus: {
+          equipmentId,
+          newStatus: newStatus as EquipmentStatus,
+        },
+      },
+      data: {
+        ...rest,
+        date: dto.date ? new Date(dto.date) : undefined,
+      },
+    });
+
+    void id;
+    return this.mapRecord(item);
+  }
+
+  async remove(equipmentId: string, newStatus: string) {
+    const item = await this.prisma.changeEquipmentStatus.delete({
+      where: {
+        equipmentId_newStatus: {
+          equipmentId,
+          newStatus: newStatus as EquipmentStatus,
+        },
+      },
+    });
+
+    return this.mapRecord(item);
+  }
+}

.claude/worktrees/goofy-haslett/server/src/modules/equipment/dto/create-equipment.dto.ts

@@ -0,0 +1,22 @@
+import { IsEnum, IsOptional, IsString } from 'class-validator';
+import { EquipmentStatus } from '../../shared/equipment-status.enum';
+
+export class CreateEquipmentDto {
+  @IsString()
+  name!: string;
+
+  @IsString()
+  serialNumber!: string;
+
+  @IsOptional()
+  @IsString()
+  dateOfInspection?: string;
+
+  @IsOptional()
+  @IsString()
+  commissionedAt?: string;
+
+  @IsOptional()
+  @IsEnum(EquipmentStatus)
+  status?: EquipmentStatus;
+}

.claude/worktrees/goofy-haslett/server/src/modules/equipment/dto/update-equipment.dto.ts

@@ -0,0 +1,24 @@
+import { IsEnum, IsOptional, IsString } from 'class-validator';
+import { EquipmentStatus } from '../../shared/equipment-status.enum';
+
+export class UpdateEquipmentDto {
+  @IsOptional()
+  @IsString()
+  name?: string;
+
+  @IsOptional()
+  @IsString()
+  serialNumber?: string;
+
+  @IsOptional()
+  @IsString()
+  dateOfInspection?: string;
+
+  @IsOptional()
+  @IsString()
+  commissionedAt?: string;
+
+  @IsOptional()
+  @IsEnum(EquipmentStatus)
+  status?: EquipmentStatus;
+}

.claude/worktrees/goofy-haslett/server/src/modules/equipment/equipment.controller.ts

@@ -0,0 +1,55 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Patch,
+  Post,
+  Query,
+  Res,
+  UseGuards,
+} from '@nestjs/common';
+import type { Response } from 'express';
+import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../../auth/guards/roles.guard';
+import { Roles } from '../../auth/decorators/roles.decorator';
+import { CreateEquipmentDto } from './dto/create-equipment.dto';
+import { UpdateEquipmentDto } from './dto/update-equipment.dto';
+import { EquipmentService } from './equipment.service';
+
+@Controller('equipment')
+@UseGuards(JwtAuthGuard, RolesGuard)
+export class EquipmentController {
+  constructor(private readonly equipmentService: EquipmentService) {}
+
+  @Get()
+  @Roles('viewer', 'editor', 'admin')
+  list(@Query() query: Record<string, string | string[]>, @Res({ passthrough: true }) response: Response) {
+    return this.equipmentService.list(query, response);
+  }
+
+  @Post()
+  @Roles('editor', 'admin')
+  create(@Body() dto: CreateEquipmentDto) {
+    return this.equipmentService.create(dto);
+  }
+
+  @Get(':id')
+  @Roles('viewer', 'editor', 'admin')
+  get(@Param('id') id: string) {
+    return this.equipmentService.get(id);
+  }
+
+  @Patch(':id')
+  @Roles('editor', 'admin')
+  update(@Param('id') id: string, @Body() dto: UpdateEquipmentDto) {
+    return this.equipmentService.update(id, dto);
+  }
+
+  @Delete(':id')
+  @Roles('admin')
+  remove(@Param('id') id: string) {
+    return this.equipmentService.remove(id);
+  }
+}

.claude/worktrees/goofy-haslett/server/src/modules/equipment/equipment.module.ts

@@ -0,0 +1,10 @@
+import { Module } from '@nestjs/common';
+import { EquipmentController } from './equipment.controller';
+import { EquipmentService } from './equipment.service';
+
+@Module({
+  controllers: [EquipmentController],
+  providers: [EquipmentService],
+  exports: [EquipmentService],
+})
+export class EquipmentModule {}

.claude/worktrees/goofy-haslett/server/src/modules/equipment/equipment.service.ts

@@ -0,0 +1,134 @@
+import { Injectable } from '@nestjs/common';
+import type { Response } from 'express';
+import { PrismaService } from '../../prisma/prisma.service';
+import { setListHeaders } from '../../common/pagination';
+import { CreateEquipmentDto } from './dto/create-equipment.dto';
+import { UpdateEquipmentDto } from './dto/update-equipment.dto';
+
+type EquipmentListQuery = {
+  _start?: string;
+  _end?: string;
+  _sort?: string;
+  _order?: string;
+  q?: string;
+  name?: string;
+  serialNumber?: string;
+  status?: string | string[];
+};
+
+@Injectable()
+export class EquipmentService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  private mapRecord(item: {
+    id: string;
+    name: string;
+    serialNumber: string;
+    dateOfInspection: Date | null;
+    commissionedAt: Date | null;
+    status: string;
+  }) {
+    return {
+      id: item.id,
+      name: item.name,
+      serialNumber: item.serialNumber,
+      dateOfInspection: item.dateOfInspection?.toISOString() ?? null,
+      commissionedAt: item.commissionedAt?.toISOString() ?? null,
+      status: item.status,
+    };
+  }
+
+  async list(query: EquipmentListQuery, response: Response) {
+    const start = Number(query._start ?? 0);
+    const end = Number(query._end ?? start + 10);
+    const take = Math.max(end - start, 0);
+    const sortField = query._sort === 'id' ? 'id' : query._sort || 'id';
+    const sortOrder = query._order?.toLowerCase() === 'desc' ? 'desc' : 'asc';
+    const statusFilter = Array.isArray(query.status)
+      ? { in: query.status }
+      : query.status
+        ? { in: [query.status] }
+        : undefined;
+
+    const where: any = {
+      AND: [
+        query.name
+          ? { name: { contains: query.name, mode: 'insensitive' as const } }
+          : undefined,
+        query.serialNumber
+          ? {
+              serialNumber: {
+                contains: query.serialNumber,
+                mode: 'insensitive' as const,
+              },
+            }
+          : undefined,
+        statusFilter ? { status: statusFilter } : undefined,
+        query.q
+          ? {
+              OR: [
+                { name: { contains: query.q, mode: 'insensitive' as const } },
+                {
+                  serialNumber: {
+                    contains: query.q,
+                    mode: 'insensitive' as const,
+                  },
+                },
+              ],
+            }
+          : undefined,
+      ].filter(Boolean),
+    };
+
+    const [items, total] = await this.prisma.$transaction([
+      this.prisma.equipment.findMany({
+        where,
+        skip: start,
+        take,
+        orderBy: { [sortField]: sortOrder },
+      }),
+      this.prisma.equipment.count({ where }),
+    ]);
+
+    setListHeaders(response, start, end, total);
+    return items.map((item) => this.mapRecord(item));
+  }
+
+  async get(id: string) {
+    const item = await this.prisma.equipment.findUniqueOrThrow({ where: { id } });
+    return this.mapRecord(item);
+  }
+
+  async create(dto: CreateEquipmentDto) {
+    const item = await this.prisma.equipment.create({
+      data: {
+        name: dto.name,
+        serialNumber: dto.serialNumber,
+        dateOfInspection: dto.dateOfInspection ? new Date(dto.dateOfInspection) : null,
+        commissionedAt: dto.commissionedAt ? new Date(dto.commissionedAt) : null,
+        status: dto.status ?? 'Active',
+      },
+    });
+
+    return this.mapRecord(item);
+  }
+
+  async update(id: string, dto: UpdateEquipmentDto) {
+    const { id: _id, ...rest } = dto as UpdateEquipmentDto & { id?: string };
+    const item = await this.prisma.equipment.update({
+      where: { id },
+      data: {
+        ...rest,
+        dateOfInspection: dto.dateOfInspection ? new Date(dto.dateOfInspection) : undefined,
+        commissionedAt: dto.commissionedAt ? new Date(dto.commissionedAt) : undefined,
+      },
+    });
+
+    return this.mapRecord(item);
+  }
+
+  async remove(id: string) {
+    const item = await this.prisma.equipment.delete({ where: { id } });
+    return this.mapRecord(item);
+  }
+}

.claude/worktrees/goofy-haslett/server/src/modules/shared/equipment-status.enum.ts

@@ -0,0 +1,4 @@
+export enum EquipmentStatus {
+  Active = 'Active',
+  Repair = 'Repair',
+}

.claude/worktrees/goofy-haslett/server/src/prisma/prisma.module.ts

@@ -0,0 +1,9 @@
+import { Global, Module } from '@nestjs/common';
+import { PrismaService } from './prisma.service';
+
+@Global()
+@Module({
+  providers: [PrismaService],
+  exports: [PrismaService],
+})
+export class PrismaModule {}

.claude/worktrees/goofy-haslett/server/src/prisma/prisma.service.ts

@@ -0,0 +1,9 @@
+import { Injectable, OnModuleInit } from '@nestjs/common';
+import { PrismaClient } from '@prisma/client';
+
+@Injectable()
+export class PrismaService extends PrismaClient implements OnModuleInit {
+  async onModuleInit() {
+    await this.$connect();
+  }
+}