API Reference

Auth Model

All endpoints use session cookie auth (widt_session).

• Missing/invalid session -> 401 Unauthorized
• Mutating actions are protected by CSRF origin checks and rate limiting

Export Endpoints

GET /api/export/csv

Download report as CSV.

Query params:

• date=YYYY-MM-DD (single day)
• or start=YYYY-MM-DD&end=YYYY-MM-DD (range)
• scope=personal|team (default personal)

Response:

• 200 OK
• CSV attachment file

Errors:

• 401 Unauthorized
• 429 Rate limit exceeded

GET /api/export/pdf

Download report as PDF.

Query params:

• date=YYYY-MM-DD or start + end
• scope=personal|team (default personal)

Response:

• 200 OK
• PDF attachment file

Errors:

• 401 Unauthorized
• 429 Rate limit exceeded

Server Actions

File: src/app/actions/index.ts

Auth

• setupAction
• loginAction
• logoutAction

Logs

• createLogAction
• deleteLogAction

Category/Project

• createCategoryAction
• updateCategoryAction
• deleteCategoryAction
• createProjectAction
• updateProjectAction
• deleteProjectAction

Team / RBAC

• createTeamMemberAction
• updateTeamMemberRoleAction
• deleteTeamMemberAction

Planning + Drift

• createPlanAllocationAction
• deletePlanAllocationAction

Automation

• createScheduledExportAction
• updateScheduledExportAction
• deleteScheduledExportAction
• runScheduledExportsNowAction

AI Summary

• generateDailyNarrativeAction

Validation Highlights

• date: YYYY-MM-DD
• time: HH:mm, endTime > startTime
• energy: integer 1..5
• planned minutes: 15..1440
• role enums: OWNER, ADMIN, MEMBER
• export enums:
  • frequency DAILY|WEEKLY|MONTHLY
  • format CSV|PDF
  • scope PERSONAL|TEAM