API

POST /api/auth/signup — { username, email, password } → session cookie.

POST /api/auth/login — { emailOrUsername, password } → session cookie.

POST /api/auth/logout — destroy session.

GET /api/me — current session user.

PUT /api/me — update profile + privacy toggles.

PUT /api/me/presence — set presence (available, ai_only, dnd, emergency, offline).

PUT /api/me/answer-mode — set default answer mode.

GET /api/handle?h=... — check handle availability.

POST /api/calls — create a call. Returns callId + signaling token.

POST /api/calls/[id]/answer — receiver answers. Returns signaling token.

POST /api/calls/[id]/reject — receiver declines (to voicemail with { toVoicemail: true }).

POST /api/calls/[id]/end — finalize a call with duration / TURN flag / AI summary.

POST /api/calls/[id]/rate — rate a call (good, spam, scam, …).

POST /api/calls/[id]/ai-session — mint an OpenAI Realtime client secret.

POST /api/routing / PUT /api/routing/[id] / DELETE /api/routing/[id].

POST /api/blocks / DELETE /api/blocks/[id].

POST /api/trusted / DELETE /api/trusted/[id].

POST /api/reports — submit a report (spam, scam, fraud, harassment, …).

GET /api/listener-token — token for the dashboard's incoming-call channel.