# Plan: Issue #22 - MemberController API endpoints

## Summary
Create MemberController with REST API for member CRUD operations including sub-entity
management (addresses, phones, emails). All endpoints require Nextcloud authentication
and CSRF protection on state-changing endpoints. Update routes.php with all API routes.

## Endpoints
- GET /api/v1/members - list (pagination, filters)
- GET /api/v1/members/{id} - get single with sub-entities
- POST /api/v1/members - create
- PUT /api/v1/members/{id} - update
- DELETE /api/v1/members/{id} - soft-delete
- POST /api/v1/members/{id}/addresses - add address
- PUT /api/v1/members/{id}/addresses/{addrId} - update address
- DELETE /api/v1/members/{id}/addresses/{addrId} - delete address
- Same pattern for phones and emails

## Steps
1. Create `lib/Controller/MemberController.php`
2. Update `appinfo/routes.php` with all API routes

## AC Checklist
1. [ ] MemberController exists with proper DI
2. [ ] All CRUD endpoints implemented
3. [ ] Sub-entity endpoints for addresses, phones, emails
4. [ ] Routes registered in routes.php
5. [ ] Proper HTTP status codes (200, 201, 400, 404, 409, 500)
6. [ ] CSRF protection annotations correct
7. [ ] Input validation via MemberService