Skip to main content

Update Session Notes

POST 

/api/v1/devices/:device_id/notes

Update notes for the current active session.

Mobile-facing endpoint (preserved contract from v1.20). Each call:

  1. Truncates the payload to 2000 chars.
  2. Writes the truncated body to device.current_session_notes (mobile pre-fill cache).
  3. Upserts a SessionNote row keyed on (active_session, author=request.auth) so the manager-side GET in v1.23 sees an authored note row.

The upsert is idempotent across repeated POSTs during the same shift — calls 2..N update the same row's body and refresh created_at. A new shift gets a new SessionNote because the (session, author) key differs.

Concurrency (CR-01): the (session, author) upsert is serialized via select_for_update() on the Device row inside transaction.atomic(). Two concurrent POSTs from the same authenticated user (offline-buffered flush, mobile retry storm, multi-tab race) block at the lock so the second caller sees the first caller's row via update_or_create.get() and falls into the UPDATE branch — preventing duplicate (session, author) rows. The Device row lock serializes per-device POSTs without holding a workspace-wide lock.

BYOD Security: Only the device owner can update notes (enforced by get_device_with_permission(require_write=True)). Must have an active or paused shift to update notes.

Notes are limited to 2000 characters.

Request

Responses

OK