feat: Add kiosk management, artist selection, and schedule management

- Add KiosksManagement component with full CRUD for kiosks
- Add ScheduleManagement for staff schedules with break reminders
- Update booking flow to allow artist selection by customers
- Add staff_services API for assigning services to artists
- Update staff management UI with service assignment dialog
- Add auto-break reminder when schedule >= 8 hours
- Update availability API to filter artists by service
- Add kiosk management to Aperture dashboard
- Clean up ralphy artifacts and logs

app/api/webhooks/stripe/route.ts

@@ -3,9 +3,17 @@ import { supabaseAdmin } from '@/lib/supabase/admin'
 import Stripe from 'stripe'
 
 /**
- * @description Handle Stripe webhooks for payment intents and refunds
- * @param {NextRequest} request - Raw Stripe webhook payload with signature
- * @returns {NextResponse} Webhook processing result
+ * @description Processes Stripe webhook events for payment lifecycle management
+ * @param {NextRequest} request - HTTP request with raw Stripe webhook payload and stripe-signature header
+ * @returns {NextResponse} JSON confirming webhook receipt and processing status
+ * @example POST /api/webhooks/stripe (Stripe sends webhook payload)
+ * @audit BUSINESS RULE: Handles payment_intent.succeeded, payment_intent.payment_failed, and charge.refunded events
+ * @audit SECURITY: Verifies Stripe webhook signature using STRIPE_WEBHOOK_SECRET to prevent spoofing
+ * @audit Validate: Checks for duplicate event processing using event_id tracking
+ * @audit Validate: Returns 400 for missing signature or invalid signature
+ * @audit PERFORMANCE: Uses idempotency check to prevent duplicate processing
+ * @audit AUDIT: All webhook events logged in webhook_logs table with full payload
+ * @audit RELIABILITY: Critical for payment reconciliation - must be highly available
  */
 export async function POST(request: NextRequest) {
   try {