Jason Woltje
db35ba03b9
GET /api/projects now returns only projects owned by the requesting user or belonging to teams the user is a member of, via a new findAllForUser() method in the brain projects repo. GET/PATCH/DELETE single-project endpoints now use canAccessProject() (handling both user and team ownership) instead of the direct-owner-only assertOwner(). Fixes #197. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>