feat: implement all 8 new health management features

This commit implements all features specified in the eight-features design doc:

Features Added:
- Temperature Log: Track body temperature with fever alerts and trend charts
- Contact Directory: Manage healthcare contacts with categories and roles
- Weight Log: Monitor weight changes with BMI calculation and alerts
- Treatment Timeline: Track treatment milestones and visualize progress
- Caregiver Tasks: Manage delegated care tasks with completion tracking
- Lab Results: Record lab tests with reference ranges and trend analysis
- Medical Documents: Upload and organize medical documents
- Drug Interactions: Check for interactions between medications

Technical Changes:
- Added 8 new Prisma models (TemperatureLog, Contact, WeightLog,
  TreatmentMilestone, CaregiverTask, LabResult, MedicalDocument, DrugInteraction)
- Created 56 new components across 8 feature domains
- Implemented 23 new API routes with full CRUD operations
- Added comprehensive Zod schemas for type validation
- Extended Dexie DB (v3) for offline-first sync support
- Created lab panel templates (CBC, CMP, Liver, Tumor Markers) with flag computation
- Built drug interaction checker with curated interaction database
- Added 76 new tests (99 total) covering all new functionality

Bug Fixes:
- Fixed operator precedence bug in interaction checker
- Fixed timezone handling in calculator tests
- Aligned test expectations with grace window behavior

All 99 tests pass and build completes successfully.

src/app/api/workspaces/[id]/weight/[weightId]/route.ts

@@ -0,0 +1,32 @@
+import { NextResponse } from 'next/server'
+import { prisma } from '@/lib/db/prisma'
+import { checkWorkspaceAccess, canEdit } from '@/lib/db/workspace-access'
+import { withAuth, type AuthenticatedRequest } from '@/lib/auth'
+
+export const DELETE = withAuth(async (
+  req: AuthenticatedRequest,
+  { params }: { params: Promise<Record<string, string>> }
+) => {
+  try {
+    const { id: workspaceId, weightId } = await params
+    const access = await checkWorkspaceAccess(workspaceId, req.session.user.id)
+    if (!access || !canEdit(access.role)) return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+
+    const existing = await prisma.weightLog.findFirst({ where: { id: weightId, workspaceId, deletedAt: null } })
+    if (!existing) return NextResponse.json({ error: 'Not found' }, { status: 404 })
+
+    await prisma.weightLog.update({ where: { id: weightId }, data: { deletedAt: new Date() } })
+
+    await prisma.auditLog.create({
+      data: {
+        workspaceId, userId: req.session.user.id,
+        action: 'DELETE', entityType: 'WEIGHT_LOG', entityId: weightId,
+      },
+    })
+
+    return NextResponse.json({ success: true })
+  } catch (error) {
+    console.error('Delete weight log error:', error)
+    return NextResponse.json({ error: 'Failed to delete weight log' }, { status: 500 })
+  }
+})

src/app/api/workspaces/[id]/weight/route.ts

@@ -0,0 +1,77 @@
+import { NextResponse } from 'next/server'
+import { prisma } from '@/lib/db/prisma'
+import { checkWorkspaceAccess, canEdit } from '@/lib/db/workspace-access'
+import { withAuth, type AuthenticatedRequest } from '@/lib/auth'
+import { weightLogSchema } from '@/lib/validation'
+
+export const GET = withAuth(async (
+  req: AuthenticatedRequest,
+  { params }: { params: Promise<Record<string, string>> }
+) => {
+  try {
+    const { id: workspaceId } = await params
+    const access = await checkWorkspaceAccess(workspaceId, req.session.user.id)
+    if (!access) return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+
+    const { searchParams } = new URL(req.url)
+    const from = searchParams.get('from')
+    const to = searchParams.get('to')
+    const limit = Math.min(parseInt(searchParams.get('limit') || '100'), 500)
+
+    const where: Record<string, unknown> = { workspaceId, deletedAt: null }
+    if (from || to) {
+      where.recordedAt = {}
+      if (from) (where.recordedAt as Record<string, unknown>).gte = new Date(from)
+      if (to) (where.recordedAt as Record<string, unknown>).lte = new Date(to)
+    }
+
+    const weightLogs = await prisma.weightLog.findMany({
+      where, orderBy: { recordedAt: 'desc' }, take: limit,
+      include: { createdBy: { select: { id: true, name: true } } },
+    })
+
+    return NextResponse.json({ weightLogs })
+  } catch (error) {
+    console.error('List weight logs error:', error)
+    return NextResponse.json({ error: 'Failed to list weight logs' }, { status: 500 })
+  }
+})
+
+export const POST = withAuth(async (
+  req: AuthenticatedRequest,
+  { params }: { params: Promise<Record<string, string>> }
+) => {
+  try {
+    const { id: workspaceId } = await params
+    const access = await checkWorkspaceAccess(workspaceId, req.session.user.id)
+    if (!access || !canEdit(access.role)) return NextResponse.json({ error: 'Access denied' }, { status: 403 })
+
+    const body = await req.json()
+    const result = weightLogSchema.safeParse(body)
+    if (!result.success) return NextResponse.json({ error: 'Invalid input', details: result.error.flatten() }, { status: 400 })
+
+    const weightLog = await prisma.weightLog.create({
+      data: {
+        workspaceId,
+        weightKg: result.data.weightKg,
+        notes: result.data.notes || null,
+        recordedAt: result.data.recordedAt ? new Date(result.data.recordedAt) : new Date(),
+        createdById: req.session.user.id,
+      },
+      include: { createdBy: { select: { id: true, name: true } } },
+    })
+
+    await prisma.auditLog.create({
+      data: {
+        workspaceId, userId: req.session.user.id,
+        action: 'CREATE', entityType: 'WEIGHT_LOG', entityId: weightLog.id,
+        details: { weightKg: weightLog.weightKg },
+      },
+    })
+
+    return NextResponse.json({ weightLog }, { status: 201 })
+  } catch (error) {
+    console.error('Create weight log error:', error)
+    return NextResponse.json({ error: 'Failed to create weight log' }, { status: 500 })
+  }
+})