feat(pbi-dialog): conform aan dialog-pattern + DemoTooltip + dirty-guard

Story 3 van PBI "Alle dialogen conform docs/patterns/dialog.md".

- lib/schemas/pbi.ts — gedeeld zod-schema (createPbiSchema/updatePbiSchema)
- actions/pbis.ts — returnen nu code+fieldErrors (422) en code: 403 voor
  auth/demo errors
- PbiDialog adopt useDirtyCloseGuard, useDialogSubmitShortcut,
  entityDialog* layout-classes; submit-knop + Annuleren in DemoTooltip
- isDemo-prop toegevoegd, pbi-list geeft 'm door
- docs/specs/dialogs/pbi.md — "Bekende gaps" weggewerkt; alleen bewuste
  uitsluitingen blijven

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

actions/pbis.ts

@@ -3,44 +3,24 @@
 import { revalidatePath } from 'next/cache'
 import { cookies } from 'next/headers'
 import { getIronSession } from 'iron-session'
-import { z } from 'zod'
 import { prisma } from '@/lib/prisma'
 import { SessionData, sessionOptions } from '@/lib/session'
 import { getAccessibleProduct } from '@/lib/product-access'
-import { isValidCode, MAX_CODE_LENGTH, normalizeCode } from '@/lib/code'
+import { isValidCode, normalizeCode } from '@/lib/code'
 import { createWithCodeRetry, generateNextPbiCode } from '@/lib/code-server'
 import { pbiStatusFromApi } from '@/lib/task-status'
+import { createPbiSchema, updatePbiSchema } from '@/lib/schemas/pbi'
 
 async function getSession() {
   return getIronSession<SessionData>(await cookies(), sessionOptions)
 }
 
-const codeField = z.string().max(MAX_CODE_LENGTH).optional()
-
-const statusField = z.enum(['ready', 'blocked', 'done']).optional()
-
-const createPbiSchema = z.object({
-  productId: z.string(),
-  code: codeField,
-  title: z.string().min(1, 'Titel is verplicht').max(200),
-  description: z.string().max(2000).optional(),
-  priority: z.coerce.number().int().min(1).max(4),
-  status: statusField,
-})
-
-const updatePbiSchema = z.object({
-  id: z.string(),
-  code: codeField,
-  title: z.string().min(1, 'Titel is verplicht').max(200),
-  description: z.string().max(2000).optional(),
-  priority: z.coerce.number().int().min(1).max(4),
-  status: statusField,
-})
+type PbiFieldErrors = Record<string, string[]>
 
 export async function createPbiAction(_prevState: unknown, formData: FormData) {
   const session = await getSession()
-  if (!session.userId) return { error: 'Niet ingelogd' }
-  if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
+  if (!session.userId) return { error: 'Niet ingelogd', code: 403 }
+  if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus', code: 403 }
 
   const parsed = createPbiSchema.safeParse({
     productId: formData.get('productId'),
@@ -50,18 +30,34 @@ export async function createPbiAction(_prevState: unknown, formData: FormData) {
     priority: formData.get('priority'),
     status: (formData.get('status') as string) || undefined,
   })
-  if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
+  if (!parsed.success) {
+    return {
+      error: 'Validatie mislukt',
+      code: 422,
+      fieldErrors: parsed.error.flatten().fieldErrors as PbiFieldErrors,
+    }
+  }
 
   const product = await getAccessibleProduct(parsed.data.productId, session.userId)
-  if (!product) return { error: 'Product niet gevonden' }
+  if (!product) return { error: 'Product niet gevonden', code: 403 }
 
   const manualCode = normalizeCode(parsed.data.code)
   if (manualCode !== null && !isValidCode(manualCode)) {
-    return { error: { code: ['Code mag alleen letters, cijfers, punten, koppeltekens of underscores bevatten'] } }
+    return {
+      error: 'Validatie mislukt',
+      code: 422,
+      fieldErrors: { code: ['Alleen letters, cijfers, punten, koppeltekens of underscores'] } as PbiFieldErrors,
+    }
   }
   if (manualCode) {
     const dup = await prisma.pbi.findFirst({ where: { product_id: parsed.data.productId, code: manualCode } })
-    if (dup) return { error: { code: ['Deze code is al in gebruik binnen dit product'] } }
+    if (dup) {
+      return {
+        error: 'Validatie mislukt',
+        code: 422,
+        fieldErrors: { code: ['Deze code is al in gebruik binnen dit product'] } as PbiFieldErrors,
+      }
+    }
   }
 
   const last = await prisma.pbi.findFirst({
@@ -94,7 +90,11 @@ export async function createPbiAction(_prevState: unknown, formData: FormData) {
           (code) => insert(code),
         )
   } catch {
-    return { error: { code: ['Kon geen unieke code genereren — probeer opnieuw'] } }
+    return {
+      error: 'Validatie mislukt',
+      code: 422,
+      fieldErrors: { code: ['Kon geen unieke code genereren — probeer opnieuw'] } as PbiFieldErrors,
+    }
   }
 
   revalidatePath(`/products/${parsed.data.productId}`)
@@ -103,8 +103,8 @@ export async function createPbiAction(_prevState: unknown, formData: FormData) {
 
 export async function updatePbiAction(_prevState: unknown, formData: FormData) {
   const session = await getSession()
-  if (!session.userId) return { error: 'Niet ingelogd' }
-  if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
+  if (!session.userId) return { error: 'Niet ingelogd', code: 403 }
+  if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus', code: 403 }
 
   const parsed = updatePbiSchema.safeParse({
     id: formData.get('id'),
@@ -114,25 +114,41 @@ export async function updatePbiAction(_prevState: unknown, formData: FormData) {
     priority: formData.get('priority'),
     status: (formData.get('status') as string) || undefined,
   })
-  if (!parsed.success) return { error: parsed.error.flatten().fieldErrors }
+  if (!parsed.success) {
+    return {
+      error: 'Validatie mislukt',
+      code: 422,
+      fieldErrors: parsed.error.flatten().fieldErrors as PbiFieldErrors,
+    }
+  }
 
   const pbi = await prisma.pbi.findFirst({
     where: { id: parsed.data.id },
     include: { product: true },
   })
-  if (!pbi) return { error: 'PBI niet gevonden' }
+  if (!pbi) return { error: 'PBI niet gevonden', code: 403 }
   const accessible = await getAccessibleProduct(pbi.product_id, session.userId)
-  if (!accessible) return { error: 'PBI niet gevonden' }
+  if (!accessible) return { error: 'PBI niet gevonden', code: 403 }
 
   const code = normalizeCode(parsed.data.code)
   if (code !== null && !isValidCode(code)) {
-    return { error: { code: ['Code mag alleen letters, cijfers, punten, koppeltekens of underscores bevatten'] } }
+    return {
+      error: 'Validatie mislukt',
+      code: 422,
+      fieldErrors: { code: ['Alleen letters, cijfers, punten, koppeltekens of underscores'] } as PbiFieldErrors,
+    }
   }
   if (code) {
     const dup = await prisma.pbi.findFirst({
       where: { product_id: pbi.product_id, code, NOT: { id: parsed.data.id } },
     })
-    if (dup) return { error: { code: ['Deze code is al in gebruik binnen dit product'] } }
+    if (dup) {
+      return {
+        error: 'Validatie mislukt',
+        code: 422,
+        fieldErrors: { code: ['Deze code is al in gebruik binnen dit product'] } as PbiFieldErrors,
+      }
+    }
   }
 
   const status = parsed.data.status ? pbiStatusFromApi(parsed.data.status) ?? undefined : undefined
@@ -154,16 +170,16 @@ export async function updatePbiAction(_prevState: unknown, formData: FormData) {
 
 export async function deletePbiAction(id: string) {
   const session = await getSession()
-  if (!session.userId) return { error: 'Niet ingelogd' }
-  if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus' }
+  if (!session.userId) return { error: 'Niet ingelogd', code: 403 }
+  if (session.isDemo) return { error: 'Niet beschikbaar in demo-modus', code: 403 }
 
   const pbi = await prisma.pbi.findFirst({
     where: { id },
     include: { product: true },
   })
-  if (!pbi) return { error: 'PBI niet gevonden' }
+  if (!pbi) return { error: 'PBI niet gevonden', code: 403 }
   const accessible = await getAccessibleProduct(pbi.product_id, session.userId)
-  if (!accessible) return { error: 'PBI niet gevonden' }
+  if (!accessible) return { error: 'PBI niet gevonden', code: 403 }
 
   await prisma.pbi.delete({ where: { id } })