nexus/backend/Controllers/TasksController.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Nexus.Api.Data;
using Nexus.Api.DTOs;
using Nexus.Api.Models;
using Nexus.Api.Services;

namespace Nexus.Api.Controllers;

[ApiController]
[Route("api/v1/tasks")]
public class TasksController(ITaskService taskService) : ControllerBase
{
    [HttpGet]
    public async Task<IResult> GetAll(CancellationToken ct)
        => Results.Ok(await taskService.GetAllAsync(ct));

    [HttpPost]
    public async Task<IResult> Create([FromBody] CreateTaskRequest request, CancellationToken ct)
    {
        if (string.IsNullOrWhiteSpace(request.Title))
            return Results.ValidationProblem(new Dictionary<string, string[]> { ["title"] = ["Title is required."] });

        var task = await taskService.CreateAsync(request, ct);
        return Results.Created($"/api/v1/tasks/{task.Id}", task);
    }

    [HttpGet("pending-approval")]
    public async Task<IResult> GetPendingApproval(CancellationToken ct)
    {
        var pending = await taskService.GetPendingApprovalAsync(ct);
        return Results.Ok(pending.Select(x => new { x.Id, x.Title, x.State, x.Priority, x.ProjectId, x.UpdatedAt }));
    }

    [HttpPost("{id:guid}/approve")]
    public async Task<IResult> Approve(Guid id, CancellationToken ct)
    {
        var result = await taskService.ApproveAsync(id, ct);
        return result.Outcome switch
        {
            TaskOperationOutcome.NotFound => Results.NotFound(),
            TaskOperationOutcome.InvalidState => Results.Problem(
                title: "Approval denied",
                detail: "Only tasks in 'In progress' or 'Blocked' state can be approved.",
                statusCode: StatusCodes.Status403Forbidden),
            _ => Results.Ok(result.Task)
        };
    }

    [HttpPost("{id:guid}/reject")]
    public async Task<IResult> Reject(Guid id, CancellationToken ct)
    {
        var result = await taskService.RejectAsync(id, ct);
        return result.Outcome switch
        {
            TaskOperationOutcome.NotFound => Results.NotFound(),
            TaskOperationOutcome.InvalidState => Results.Problem(
                title: "Rejection denied",
                detail: "Only tasks in 'In progress' or 'Blocked' state can be rejected.",
                statusCode: StatusCodes.Status403Forbidden),
            _ => Results.Ok(result.Task)
        };
    }

    [HttpPatch("{id:guid}/state")]
    public async Task<IResult> UpdateState(Guid id, [FromBody] UpdateTaskStateRequest request, CancellationToken ct)
    {
        if (!TaskStateHelper.IsValidState(request.State))
            return Results.ValidationProblem(new Dictionary<string, string[]> { ["state"] = ["Unsupported task state."] });

        var result = await taskService.UpdateStateAsync(id, request.State, ct);
        return result.Outcome switch
        {
            TaskOperationOutcome.NotFound => Results.NotFound(),
            TaskOperationOutcome.InvalidState => Results.Problem(
                title: "Action denied",
                detail: "Statusänderungen sind nur Iris und Bao vorbehalten. Sub-Agenten können Tasks nicht verschieben.",
                statusCode: StatusCodes.Status403Forbidden),
            _ => Results.Ok(result.Task)
        };
    }

    [HttpPatch("{id:guid}")]
    public async Task<IResult> Update(Guid id, [FromBody] UpdateTaskRequest request, CancellationToken ct)
    {
        var result = await taskService.UpdateAsync(id, request, ct);
        return result.Outcome switch
        {
            TaskOperationOutcome.NotFound => Results.NotFound(),
            _ => Results.Ok(result.Task)
        };
    }

    [HttpDelete("{id:guid}")]
    public async Task<IResult> Delete(Guid id, CancellationToken ct)
    {
        var result = await taskService.DeleteAsync(id, ct);
        return result.Outcome switch
        {
            TaskOperationOutcome.NotFound => Results.NotFound(),
            TaskOperationOutcome.InvalidState => Results.Problem(
                title: "Task deletion denied",
                detail: "Only tasks in 'Done' or 'Backlog' state can be deleted.",
                statusCode: StatusCodes.Status403Forbidden),
            _ => Results.NoContent()
        };
    }

    // ── Board & Stale-Reset (für Iris Autonomous Worker) ──

    /// <summary>
    /// Gibt das Task-Board zurück (gruppiert nach Status, priorisiert sortiert).
    /// Wird vom Iris Autonomous Worker genutzt.
    /// </summary>
    [AllowAnonymous]
    [HttpGet("board")]
    public async Task<IResult> GetBoard(CancellationToken ct)
        => Results.Ok(await taskService.GetBoardAsync(ct));

    /// <summary>
    /// Setzt stale Tasks (InProgress/Delegated, älter als N Stunden) zurück auf Backlog.
    /// Wird vom Iris Autonomous Worker genutzt.
    /// </summary>
    [AllowAnonymous]
    [HttpPost("reset-stale")]
    public async Task<IResult> ResetStale([FromBody] ResetStaleRequest request, CancellationToken ct)
    {
        var count = await taskService.ResetStaleAsync(request.StaleHours, ct);
        return Results.Ok(new ResetStaleResponse(count));
    }
}