feat: Phase 6, Device provisioning and deployment of updates on git-pull

backend/manufacturing/router.py

@@ -1,5 +1,6 @@
 from fastapi import APIRouter, Depends, Query
 from fastapi.responses import Response
+from fastapi.responses import RedirectResponse
 from typing import Optional
 
 from auth.models import TokenPayload
@@ -7,19 +8,48 @@ from auth.dependencies import require_permission
 from manufacturing.models import (
     BatchCreate, BatchResponse,
     DeviceInventoryItem, DeviceInventoryListResponse,
-    DeviceStatusUpdate,
+    DeviceStatusUpdate, DeviceAssign,
+    ManufacturingStats,
 )
 from manufacturing import service
+from manufacturing import audit
 
 router = APIRouter(prefix="/api/manufacturing", tags=["manufacturing"])
 
 
-@router.post("/batch", response_model=BatchResponse, status_code=201)
-def create_batch(
-    body: BatchCreate,
-    _user: TokenPayload = Depends(require_permission("manufacturing", "add")),
+@router.get("/stats", response_model=ManufacturingStats)
+def get_stats(
+    _user: TokenPayload = Depends(require_permission("manufacturing", "view")),
 ):
-    return service.create_batch(body)
+    return service.get_stats()
+
+
+@router.get("/audit-log")
+async def get_audit_log(
+    limit: int = Query(20, ge=1, le=100),
+    _user: TokenPayload = Depends(require_permission("manufacturing", "view")),
+):
+    entries = await audit.get_recent(limit=limit)
+    return {"entries": entries}
+
+
+@router.post("/batch", response_model=BatchResponse, status_code=201)
+async def create_batch(
+    body: BatchCreate,
+    user: TokenPayload = Depends(require_permission("manufacturing", "add")),
+):
+    result = service.create_batch(body)
+    await audit.log_action(
+        admin_user=user.email,
+        action="batch_created",
+        detail={
+            "batch_id": result.batch_id,
+            "board_type": result.board_type,
+            "board_version": result.board_version,
+            "quantity": len(result.serial_numbers),
+        },
+    )
+    return result
 
 
 @router.get("/devices", response_model=DeviceInventoryListResponse)
@@ -50,22 +80,62 @@ def get_device(
 
 
 @router.patch("/devices/{sn}/status", response_model=DeviceInventoryItem)
-def update_status(
+async def update_status(
     sn: str,
     body: DeviceStatusUpdate,
-    _user: TokenPayload = Depends(require_permission("manufacturing", "edit")),
+    user: TokenPayload = Depends(require_permission("manufacturing", "edit")),
 ):
-    return service.update_device_status(sn, body)
+    result = service.update_device_status(sn, body)
+    await audit.log_action(
+        admin_user=user.email,
+        action="status_updated",
+        serial_number=sn,
+        detail={"status": body.status.value, "note": body.note},
+    )
+    return result
 
 
 @router.get("/devices/{sn}/nvs.bin")
-def download_nvs(
+async def download_nvs(
     sn: str,
-    _user: TokenPayload = Depends(require_permission("manufacturing", "view")),
+    user: TokenPayload = Depends(require_permission("manufacturing", "view")),
 ):
     binary = service.get_nvs_binary(sn)
+    await audit.log_action(
+        admin_user=user.email,
+        action="device_flashed",
+        serial_number=sn,
+    )
     return Response(
         content=binary,
         media_type="application/octet-stream",
         headers={"Content-Disposition": f'attachment; filename="{sn}_nvs.bin"'},
     )
+
+
+@router.post("/devices/{sn}/assign", response_model=DeviceInventoryItem)
+async def assign_device(
+    sn: str,
+    body: DeviceAssign,
+    user: TokenPayload = Depends(require_permission("manufacturing", "edit")),
+):
+    result = service.assign_device(sn, body)
+    await audit.log_action(
+        admin_user=user.email,
+        action="device_assigned",
+        serial_number=sn,
+        detail={"customer_email": body.customer_email, "customer_name": body.customer_name},
+    )
+    return result
+
+
+@router.get("/devices/{sn}/firmware.bin")
+def redirect_firmware(
+    sn: str,
+    _user: TokenPayload = Depends(require_permission("manufacturing", "view")),
+):
+    """Redirect to the latest stable firmware binary for this device's hw_type.
+    Resolves to GET /api/firmware/{hw_type}/stable/{version}/firmware.bin.
+    """
+    url = service.get_firmware_url(sn)
+    return RedirectResponse(url=url, status_code=302)