CRUD for members, reports, and HM data lives in Supabase from the browser (RLS). This server exposes report processing and account deletion (Bearer user JWT). See BACKEND.md.
| Method | Path | Auth | Notes |
|---|---|---|---|
| GET | /health | - | Liveness check |
| GET | /docs | - | This page (disabled in production unless SHOW_API_DOCS=1) |
| POST | /api/reports/:id/process | User JWT | 202 - owner/uploader only; forwards to Python ai-backend |
| POST | /api/auth/delete-orphan-user | User JWT | Deletes auth user only if no user_profiles row (OAuth / provisioning cleanup) |
| POST | /api/account/delete-family | User JWT | JSON {"confirm":"DELETE"} - family owner only; removes auth user (DB cascades) |
| POST | /api/account/delete-health-manager | User JWT | JSON {"confirm":"DELETE"} - HM only; detaches operational rows then deletes auth user |