fix(api): harden optional audit and session fields

packages/api/src/__tests__/role-router-planning-counts.test.ts

@@ -1,6 +1,49 @@
 import { AllocationStatus, PermissionKey, SystemRole } from "@capakraken/shared";
 import { TRPCError } from "@trpc/server";
 import { describe, expect, it, vi } from "vitest";
+
+vi.mock("@capakraken/application", () => ({
+  countPlanningEntries: vi.fn(async (
+    db: {
+      demandRequirement: { findMany: (args?: { where?: { projectId?: { in: string[] }; roleId?: { in: string[] } } }) => Promise<Array<{ projectId: string; roleId: string | null }>> };
+      assignment: { findMany: (args?: { where?: { projectId?: { in: string[] }; roleId?: { in: string[] } } }) => Promise<Array<{ projectId: string; roleId: string | null }>> };
+    },
+    input: { projectIds?: string[]; roleIds?: string[] } = {},
+  ) => {
+    const where = {
+      ...(input.projectIds?.length ? { projectId: { in: input.projectIds } } : {}),
+      ...(input.roleIds?.length ? { roleId: { in: input.roleIds } } : {}),
+    };
+    const [demandRequirements, assignments] = await Promise.all([
+      db.demandRequirement.findMany({ where }),
+      db.assignment.findMany({ where }),
+    ]);
+
+    const countsByProjectId = new Map<string, number>();
+    const countsByRoleId = new Map<string, number>();
+
+    for (const entry of [...demandRequirements, ...assignments]) {
+      countsByProjectId.set(
+        entry.projectId,
+        (countsByProjectId.get(entry.projectId) ?? 0) + 1,
+      );
+
+      if (entry.roleId) {
+        countsByRoleId.set(
+          entry.roleId,
+          (countsByRoleId.get(entry.roleId) ?? 0) + 1,
+        );
+      }
+    }
+
+    return {
+      countsByProjectId,
+      countsByRoleId,
+      totalCount: demandRequirements.length + assignments.length,
+    };
+  }),
+}));
+
 import { roleRouter } from "../router/role.js";
 import { createCallerFactory } from "../trpc.js";
 

packages/api/src/router/system-role-config-procedure-support.ts

@@ -40,7 +40,7 @@ export async function updateSystemRoleConfig(
     entityId: input.role,
     entityName: result.label,
     action: "UPDATE",
-    userId: ctx.dbUser?.id,
+    ...(ctx.dbUser?.id ? { userId: ctx.dbUser.id } : {}),
     before: (existing ?? {}) as unknown as Record<string, unknown>,
     after: result as unknown as Record<string, unknown>,
     source: "ui",

packages/api/src/router/user-self-service-procedure-support.ts

@@ -157,7 +157,7 @@ export async function generateTotpSecret(ctx: UserSelfServiceContext) {
   const secret = new Secret({ size: 20 });
   const totp = new TOTP({
     issuer: "CapaKraken",
-    label: ctx.session.user?.email ?? ctx.dbUser!.id,
+    label: ctx.session?.user?.email ?? ctx.dbUser!.id,
     algorithm: "SHA1",
     digits: 6,
     period: 30,

packages/api/src/router/utilization-category-procedure-support.ts

@@ -74,7 +74,7 @@ export async function createUtilizationCategory(
     entityId: created.id,
     entityName: created.name,
     action: "CREATE",
-    userId: ctx.dbUser?.id,
+    ...(ctx.dbUser?.id ? { userId: ctx.dbUser.id } : {}),
     after: created as unknown as Record<string, unknown>,
     source: "ui",
   });
@@ -112,7 +112,7 @@ export async function updateUtilizationCategory(
     entityId: updated.id,
     entityName: updated.name,
     action: "UPDATE",
-    userId: ctx.dbUser?.id,
+    ...(ctx.dbUser?.id ? { userId: ctx.dbUser.id } : {}),
     before,
     after: updated as unknown as Record<string, unknown>,
     source: "ui",