fix: resolve Prettier markdown code block parsing errors

- Fix syntax errors in skills markdown files (.github/skills, .opencode/skills)
- Change typescript to tsx for code blocks with JSX
- Replace ellipsis (...) in array examples with valid syntax
- Separate CSS from TypeScript into distinct code blocks
- Convert JavaScript object examples to valid JSON in docs
- Fix enum definitions with proper comma separation

app/api/dashboard/config/route.ts

@@ -1,22 +1,21 @@
 import { type NextRequest, NextResponse } from "next/server";
-import { getServerSession } from "next-auth";
-import { authOptions } from "../../../../lib/auth";
-import { prisma } from "../../../../lib/prisma";
+import { neonAuth } from "@/lib/auth/server";
+import { prisma } from "@/lib/prisma";
 
-export const dynamic = "force-dynamic";
+// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components
 
 export async function GET(_request: NextRequest) {
-  const session = await getServerSession(authOptions);
-  if (!session?.user) {
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
     return NextResponse.json({ error: "Not logged in" }, { status: 401 });
   }
 
   const user = await prisma.user.findUnique({
-    where: { email: session.user.email as string },
+    where: { email: authUser.email },
   });
 
-  if (!user) {
-    return NextResponse.json({ error: "No user" }, { status: 401 });
+  if (!user || !user.companyId) {
+    return NextResponse.json({ error: "No user or company" }, { status: 401 });
   }
 
   // Get company data
@@ -28,17 +27,17 @@ export async function GET(_request: NextRequest) {
 }
 
 export async function POST(request: NextRequest) {
-  const session = await getServerSession(authOptions);
-  if (!session?.user) {
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
     return NextResponse.json({ error: "Not logged in" }, { status: 401 });
   }
 
   const user = await prisma.user.findUnique({
-    where: { email: session.user.email as string },
+    where: { email: authUser.email },
   });
 
-  if (!user) {
-    return NextResponse.json({ error: "No user" }, { status: 401 });
+  if (!user || !user.companyId) {
+    return NextResponse.json({ error: "No user or company" }, { status: 401 });
   }
 
   const body = await request.json();

app/api/dashboard/metrics/route.ts

@@ -1,29 +1,19 @@
 import { type NextRequest, NextResponse } from "next/server";
-import { getServerSession } from "next-auth";
-import { authOptions } from "../../../../lib/auth";
-import { sessionMetrics } from "../../../../lib/metrics";
-import { prisma } from "../../../../lib/prisma";
-import type { ChatSession } from "../../../../lib/types";
+import { neonAuth } from "@/lib/auth/server";
+import { sessionMetrics } from "@/lib/metrics";
+import { prisma } from "@/lib/prisma";
+import type { ChatSession } from "@/lib/types";
 
-export const dynamic = "force-dynamic";
-
-interface SessionUser {
-  email: string;
-  name?: string;
-}
-
-interface SessionData {
-  user: SessionUser;
-}
+// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components
 
 export async function GET(request: NextRequest) {
-  const session = (await getServerSession(authOptions)) as SessionData | null;
-  if (!session?.user) {
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
     return NextResponse.json({ error: "Not logged in" }, { status: 401 });
   }
 
   const user = await prisma.user.findUnique({
-    where: { email: session.user.email },
+    where: { email: authUser.email },
     select: {
       id: true,
       companyId: true,
@@ -38,8 +28,8 @@ export async function GET(request: NextRequest) {
     },
   });
 
-  if (!user) {
-    return NextResponse.json({ error: "No user" }, { status: 401 });
+  if (!user || !user.companyId) {
+    return NextResponse.json({ error: "No user or company" }, { status: 401 });
   }
 
   // Get date range from query parameters
@@ -171,7 +161,7 @@ export async function GET(request: NextRequest) {
 
   return NextResponse.json({
     metrics,
-    csvUrl: user.company.csvUrl,
+    csvUrl: user.company?.csvUrl,
     company: user.company,
     dateRange,
   });

app/api/dashboard/session-filter-options/route.ts

@@ -1,18 +1,29 @@
 import { type NextRequest, NextResponse } from "next/server";
-import { getServerSession } from "next-auth/next";
-import { authOptions } from "../../../../lib/auth";
-import { prisma } from "../../../../lib/prisma";
+import { neonAuth } from "@/lib/auth/server";
+import { prisma } from "@/lib/prisma";
 
-export const dynamic = "force-dynamic";
+// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components
 
 export async function GET(_request: NextRequest) {
-  const authSession = await getServerSession(authOptions);
-
-  if (!authSession || !authSession.user?.companyId) {
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
     return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
   }
 
-  const companyId = authSession.user.companyId;
+  // Look up user in our database to get companyId
+  const user = await prisma.user.findUnique({
+    where: { email: authUser.email },
+    select: { companyId: true },
+  });
+
+  if (!user || !user.companyId) {
+    return NextResponse.json(
+      { error: "User not found or no company" },
+      { status: 401 }
+    );
+  }
+
+  const companyId = user.companyId;
 
   try {
     // Use groupBy for better performance with distinct values

app/api/dashboard/session/[id]/route.ts

@@ -1,8 +1,9 @@
 import { type NextRequest, NextResponse } from "next/server";
-import { prisma } from "../../../../../lib/prisma";
-import type { ChatSession } from "../../../../../lib/types";
+import { neonAuth } from "@/lib/auth/server";
+import { prisma } from "@/lib/prisma";
+import type { ChatSession } from "@/lib/types";
 
-export const dynamic = "force-dynamic";
+// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components
 
 export async function GET(
   _request: NextRequest,
@@ -17,6 +18,22 @@ export async function GET(
     );
   }
 
+  // Verify user is authenticated
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  // Look up user in our database to get companyId for authorization
+  const user = await prisma.user.findUnique({
+    where: { email: authUser.email },
+    select: { companyId: true },
+  });
+
+  if (!user) {
+    return NextResponse.json({ error: "User not found" }, { status: 401 });
+  }
+
   try {
     const prismaSession = await prisma.session.findUnique({
       where: { id },
@@ -31,6 +48,11 @@ export async function GET(
       return NextResponse.json({ error: "Session not found" }, { status: 404 });
     }
 
+    // Verify user has access to this session (same company)
+    if (prismaSession.companyId !== user.companyId) {
+      return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+    }
+
     // Map Prisma session object to ChatSession type
     const session: ChatSession = {
       // Spread prismaSession to include all its properties

app/api/dashboard/sessions/route.ts

@@ -1,20 +1,31 @@
 import type { Prisma, SessionCategory } from "@prisma/client";
 import { type NextRequest, NextResponse } from "next/server";
-import { getServerSession } from "next-auth/next";
-import { authOptions } from "../../../../lib/auth";
-import { prisma } from "../../../../lib/prisma";
-import type { ChatSession } from "../../../../lib/types";
+import { neonAuth } from "@/lib/auth/server";
+import { prisma } from "@/lib/prisma";
+import type { ChatSession } from "@/lib/types";
 
-export const dynamic = "force-dynamic";
+// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components
 
 export async function GET(request: NextRequest) {
-  const authSession = await getServerSession(authOptions);
-
-  if (!authSession || !authSession.user?.companyId) {
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
     return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
   }
 
-  const companyId = authSession.user.companyId;
+  // Look up user in our database to get companyId
+  const user = await prisma.user.findUnique({
+    where: { email: authUser.email },
+    select: { companyId: true },
+  });
+
+  if (!user || !user.companyId) {
+    return NextResponse.json(
+      { error: "User not found or no company" },
+      { status: 401 }
+    );
+  }
+
+  const companyId = user.companyId;
   const { searchParams } = new URL(request.url);
 
   const searchTerm = searchParams.get("searchTerm");

app/api/dashboard/settings/route.ts

@@ -1,22 +1,31 @@
 import { type NextRequest, NextResponse } from "next/server";
-import { getServerSession } from "next-auth";
-import { authOptions } from "../../../../lib/auth";
-import { prisma } from "../../../../lib/prisma";
+import { neonAuth } from "@/lib/auth/server";
+import { prisma } from "@/lib/prisma";
 
-export const dynamic = "force-dynamic";
+// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components
 
 export async function POST(request: NextRequest) {
-  const session = await getServerSession(authOptions);
-  if (!session?.user || session.user.role !== "ADMIN") {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
   }
 
+  // Look up user in our database to get companyId and role
   const user = await prisma.user.findUnique({
-    where: { email: session.user.email as string },
+    where: { email: authUser.email },
+    select: { companyId: true, role: true },
   });
 
-  if (!user) {
-    return NextResponse.json({ error: "No user" }, { status: 401 });
+  if (!user || !user.companyId) {
+    return NextResponse.json(
+      { error: "User not found or no company" },
+      { status: 401 }
+    );
+  }
+
+  // Check for admin role
+  if (user.role !== "ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
   }
 
   const body = await request.json();

app/api/dashboard/users/route.ts

@@ -1,30 +1,38 @@
-import crypto from "node:crypto";
-import bcrypt from "bcryptjs";
 import { type NextRequest, NextResponse } from "next/server";
-import { getServerSession } from "next-auth";
-import { authOptions } from "../../../../lib/auth";
-import { prisma } from "../../../../lib/prisma";
+import { neonAuth } from "@/lib/auth/server";
+import { prisma } from "@/lib/prisma";
 
-export const dynamic = "force-dynamic";
+// MIGRATED: Removed "export const dynamic = 'force-dynamic'" - dynamic by default with Cache Components
 
 interface UserBasicInfo {
   id: string;
   email: string;
+  name: string | null;
   role: string;
 }
 
 export async function GET(_request: NextRequest) {
-  const session = await getServerSession(authOptions);
-  if (!session?.user || session.user.role !== "ADMIN") {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
   }
 
+  // Look up user in our database to get companyId and role
   const user = await prisma.user.findUnique({
-    where: { email: session.user.email as string },
+    where: { email: authUser.email },
+    select: { companyId: true, role: true },
   });
 
-  if (!user) {
-    return NextResponse.json({ error: "No user" }, { status: 401 });
+  if (!user || !user.companyId) {
+    return NextResponse.json(
+      { error: "User not found or no company" },
+      { status: 401 }
+    );
+  }
+
+  // Check for admin role
+  if (user.role !== "ADMIN") {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
   }
 
   const users = await prisma.user.findMany({
@@ -34,28 +42,44 @@ export async function GET(_request: NextRequest) {
   const mappedUsers: UserBasicInfo[] = users.map((u) => ({
     id: u.id,
     email: u.email,
+    name: u.name,
     role: u.role,
   }));
 
   return NextResponse.json({ users: mappedUsers });
 }
 
+/**
+ * POST /api/dashboard/users
+ * Invite a new user to the company (creates a placeholder record)
+ * The user will need to sign up via Neon Auth using the same email
+ */
 export async function POST(request: NextRequest) {
-  const session = await getServerSession(authOptions);
-  if (!session?.user || session.user.role !== "ADMIN") {
+  const { session: authSession, user: authUser } = await neonAuth();
+  if (!authSession || !authUser?.email) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  // Look up user in our database to get companyId and role
+  const user = await prisma.user.findUnique({
+    where: { email: authUser.email },
+    select: { companyId: true, role: true, email: true },
+  });
+
+  if (!user || !user.companyId) {
+    return NextResponse.json(
+      { error: "User not found or no company" },
+      { status: 401 }
+    );
+  }
+
+  // Check for admin role
+  if (user.role !== "ADMIN") {
     return NextResponse.json({ error: "Forbidden" }, { status: 403 });
   }
 
-  const user = await prisma.user.findUnique({
-    where: { email: session.user.email as string },
-  });
-
-  if (!user) {
-    return NextResponse.json({ error: "No user" }, { status: 401 });
-  }
-
   const body = await request.json();
-  const { email, role } = body;
+  const { email, name, role } = body;
 
   if (!email || !role) {
     return NextResponse.json({ error: "Missing fields" }, { status: 400 });
@@ -63,20 +87,28 @@ export async function POST(request: NextRequest) {
 
   const exists = await prisma.user.findUnique({ where: { email } });
   if (exists) {
-    return NextResponse.json({ error: "Email exists" }, { status: 409 });
+    return NextResponse.json(
+      { error: "Email already exists" },
+      { status: 409 }
+    );
   }
 
-  const tempPassword = crypto.randomBytes(12).toString("base64").slice(0, 12); // secure random initial password
-
+  // Create user record (they'll complete signup via Neon Auth)
   await prisma.user.create({
     data: {
       email,
-      password: await bcrypt.hash(tempPassword, 10),
+      name: name || null,
       companyId: user.companyId,
       role,
+      invitedBy: user.email,
+      invitedAt: new Date(),
     },
   });
 
-  // TODO: Email user their temp password (stub, for demo) - Implement a robust and secure email sending mechanism. Consider using a transactional email service.
-  return NextResponse.json({ ok: true, tempPassword });
+  // TODO: Send invitation email with sign-up link
+  return NextResponse.json({
+    ok: true,
+    message:
+      "User invited. They should sign up at /auth/sign-up with this email.",
+  });
 }