fix(api): use service role for call_logs queries to bypass RLS

The RLS subquery was failing because auth.uid() wasn't properly available.
Use service role after verifying store ownership through the user's token.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

supabase/functions/api/index.ts

@@ -2125,8 +2125,12 @@ serve(async (req) => {
         )
       }
 
+      // Use service role to bypass RLS for call_logs (we've already verified store ownership above)
+      const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+      const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey)
+
       // Fetch call logs for these stores
-      const { data: callLogs, error: logsError } = await supabase
+      const { data: callLogs, error: logsError } = await supabaseAdmin
         .from('call_logs')
         .select('id, store_id, created_at, started_at, ended_at, duration, caller, cost_total')
         .in('store_id', storeIds)
@@ -2167,8 +2171,12 @@ serve(async (req) => {
 
       const storeIds = userStores?.map(s => s.id) || []
 
+      // Use service role to bypass RLS for call_logs (we've already verified store ownership above)
+      const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+      const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey)
+
       // Fetch the specific call log (only if it belongs to user's stores)
-      const { data: callLog, error: logError } = await supabase
+      const { data: callLog, error: logError } = await supabaseAdmin
         .from('call_logs')
         .select('*')
         .eq('id', callLogId)