Add lookup tables, payment methods, tax exemptions, and processor link APIs

Replace unit_status and item_condition pgEnums with company-scoped lookup
tables that support custom values. Add account_payment_method table,
tax_exemption table with approve/revoke workflow, and CRUD routes for
processor links. Validate inventory unit status/condition against lookup
tables at service layer.

packages/backend/src/routes/v1/lookups.ts

@@ -0,0 +1,66 @@
+import type { FastifyPluginAsync } from 'fastify'
+import { LookupCreateSchema, LookupUpdateSchema } from '@forte/shared/schemas'
+import { UnitStatusService, ItemConditionService } from '../../services/lookup.service.js'
+
+function createLookupRoutes(prefix: string, service: typeof UnitStatusService) {
+  const routes: FastifyPluginAsync = async (app) => {
+    app.get(`/${prefix}`, { preHandler: [app.authenticate] }, async (request, reply) => {
+      const data = await service.list(app.db, request.companyId)
+      return reply.send({ data })
+    })
+
+    app.post(`/${prefix}`, { preHandler: [app.authenticate] }, async (request, reply) => {
+      const parsed = LookupCreateSchema.safeParse(request.body)
+      if (!parsed.success) {
+        return reply.status(400).send({ error: { message: 'Validation failed', details: parsed.error.flatten(), statusCode: 400 } })
+      }
+
+      // Check slug uniqueness
+      const existing = await service.getBySlug(app.db, request.companyId, parsed.data.slug)
+      if (existing) {
+        return reply.status(409).send({ error: { message: `Slug "${parsed.data.slug}" already exists`, statusCode: 409 } })
+      }
+
+      const row = await service.create(app.db, request.companyId, parsed.data)
+      return reply.status(201).send(row)
+    })
+
+    app.patch(`/${prefix}/:id`, { preHandler: [app.authenticate] }, async (request, reply) => {
+      const { id } = request.params as { id: string }
+      const parsed = LookupUpdateSchema.safeParse(request.body)
+      if (!parsed.success) {
+        return reply.status(400).send({ error: { message: 'Validation failed', details: parsed.error.flatten(), statusCode: 400 } })
+      }
+      try {
+        const row = await service.update(app.db, request.companyId, id, parsed.data)
+        if (!row) return reply.status(404).send({ error: { message: 'Not found', statusCode: 404 } })
+        return reply.send(row)
+      } catch (err) {
+        if (err instanceof Error && err.message.includes('system')) {
+          return reply.status(403).send({ error: { message: err.message, statusCode: 403 } })
+        }
+        throw err
+      }
+    })
+
+    app.delete(`/${prefix}/:id`, { preHandler: [app.authenticate] }, async (request, reply) => {
+      const { id } = request.params as { id: string }
+      try {
+        const row = await service.delete(app.db, request.companyId, id)
+        if (!row) return reply.status(404).send({ error: { message: 'Not found', statusCode: 404 } })
+        return reply.send(row)
+      } catch (err) {
+        if (err instanceof Error && err.message.includes('system')) {
+          return reply.status(403).send({ error: { message: err.message, statusCode: 403 } })
+        }
+        throw err
+      }
+    })
+  }
+  return routes
+}
+
+export const lookupRoutes: FastifyPluginAsync = async (app) => {
+  await app.register(createLookupRoutes('unit-statuses', UnitStatusService))
+  await app.register(createLookupRoutes('item-conditions', ItemConditionService))
+}