feat(api): add comprehensive repository management API endpoints

- Introduce new repo module with complete repository functionality
- Add endpoints for repository CRUD operations (create, get, update, archive, delete)
- Implement branch management with create, list, delete and protection features
- Add tag management with create, list and delete operations
- Include release management with create, update and delete capabilities
- Support repository forking with sync functionality
- Implement starring and watching mechanisms for repositories
- Add member management with roles and invitations
- Provide deploy key management for CI/CD integration
- Create webhook management for external integrations
- Implement branch protection rules with approval requirements
- Add commit status and comment functionality for code reviews
- Include merge checking logic for pull requests
- Register all new endpoints in OpenAPI documentation
- Configure routes to handle new repository-specific paths

api/repo/update_protection_rule.rs

@@ -0,0 +1,78 @@
+use actix_web::{web, HttpResponse};
+use serde::Deserialize;
+use utoipa::IntoParams;
+
+use crate::api::response::{ApiResponse, ApiErrorResponse};
+use crate::error::AppError;
+use crate::models::repos::BranchProtectionRule;
+use crate::service::repo::protection::UpdateProtectionRuleParams;
+use crate::service::AppService;
+use crate::session::Session;
+
+#[derive(Debug, Deserialize, IntoParams)]
+pub struct PathParams {
+    /// Workspace name (unique identifier)
+    pub workspace_name: String,
+    /// Repository name (unique within the workspace)
+    pub repo_name: String,
+    /// Protection rule ID (UUID)
+    pub rule_id: uuid::Uuid,
+}
+
+/// Update a branch protection rule
+///
+/// Updates an existing branch protection rule's configuration.
+/// Requires Admin role or higher in the repository.
+/// 
+/// Updatable fields:
+/// - required_approvals: Number of required approvals before merging (0-10)
+/// - require_status_checks: Whether status checks must pass
+/// - required_status_checks: List of required status check contexts
+/// - restrict_pushes: Restrict who can push to matching branches
+/// - allow_force_pushes: Allow force pushes (only if restrict_pushes is false)
+/// - allow_deletions: Allow branch deletion (only if restrict_pushes is false)
+/// 
+/// All fields are optional; only provided fields are updated.
+/// Returns the updated protection rule with full configuration.
+#[utoipa::path(
+    put,
+    path = "/api/v1/workspaces/{workspace_name}/repos/{repo_name}/protection-rules/{rule_id}",
+    tag = "Repos",
+    operation_id = "repoUpdateProtectionRule",
+    params(PathParams),
+    request_body(
+        content = UpdateProtectionRuleParams,
+        description = "Protection rule update parameters (all fields optional)",
+        content_type = "application/json"
+    ),
+    responses(
+        (status = 200, description = "Protection rule updated successfully. Returns the updated protection rule with full configuration.", body = ApiResponse<BranchProtectionRule>),
+        (status = 400, description = "Invalid parameters: negative approvals count or conflicting settings", body = ApiErrorResponse),
+        (status = 401, description = "Authentication required or session expired", body = ApiErrorResponse),
+        (status = 403, description = "Insufficient permissions (requires Admin role or higher)", body = ApiErrorResponse),
+        (status = 404, description = "Repository, workspace, or protection rule not found", body = ApiErrorResponse),
+        (status = 500, description = "Internal server error", body = ApiErrorResponse),
+    ),
+    security(
+        ("session_cookie" = [])
+    )
+)]
+pub async fn update_protection_rule(
+    service: web::Data<AppService>,
+    session: Session,
+    path: web::Path<PathParams>,
+    params: web::Json<UpdateProtectionRuleParams>,
+) -> Result<HttpResponse, AppError> {
+    let rule = service
+        .repo
+        .repo_update_protection_rule(
+            &session,
+            &path.workspace_name,
+            &path.repo_name,
+            path.rule_id,
+            params.into_inner(),
+        )
+        .await?;
+
+    Ok(HttpResponse::Ok().json(ApiResponse::new(rule)))
+}