fix: preserve project runtime defaults on update

[ShchedrinAndrei]

Summary

Fixes a project update bug where saving unrelated project settings could clear project-level runtime defaults for task, plan, review, and chat.

The issue happened because PUT /projects/:id accepted optional default*RuntimeProfileId fields, but the data layer treated omitted fields as null.

Reproduction

1. Configure project runtime defaults for task, plan, review, and chat.
2. Edit the project settings without changing runtime defaults, for example project name, budgets, parallel mode, or auto-queue related settings.
3. Save the project.
4. Runtime defaults are cleared and effective runtime resolution falls back unexpectedly.

Changes

• Preserve existing project runtime defaults when update payload omits them.
• Keep explicit null behavior for intentionally clearing a runtime default.
• Add regression coverage for the data layer and projects API.

AI Model

Which AI model was used to generate or assist with this code?

• Claude Opus 4.6
• Claude Sonnet 4.6
• Claude Haiku 4.5
• Other: gpt-5.5
• No AI used

Test Plan

• Tests pass (npm test)
• Lint passes (npm run lint)
• Documentation updated (if applicable)
• Manually verified the change works as expected

[lee-to]

/code-review

[lee-to]

Code review

This PR fixes the project update path so runtime defaults are preserved when the PUT /projects/:id payload omits them, while keeping explicit null as the clear signal. The change is tightly scoped to @aif/data plus API/data regression coverage, and the risk profile is low because it restores expected update semantics without changing the route contract.

Must fix

None.

Should fix

None.

Nits

None.

Context gates

• Architecture: pass — API code continues to access project persistence through @aif/data; no direct DB boundary violation.
• Rules: pass — no debug leftovers, string-based error classification, expensive CSS, migration edits, or nullable-cast violations found in the diff.
• Roadmap: pass — this is a bug fix within the existing project runtime defaults flow; no roadmap contradiction found.
• CHECKLIST compliance (touched packages: api, data): pass — API integration coverage and data-layer unit coverage were added; no docs/schema/route surface change requiring extra sync.
• Docs sync: pass — behavior now matches the existing optional-field contract; no API response shape, env var, adapter, Docker, or schema docs obligation triggered.
• PR size (159 changed lines / 3 files / 1 concern): pass — comfortably below the decomposition threshold.
• Risk gating (feature flag): n/a — low-risk bug fix preserving existing values on update; no new external call, hot-path policy, schema migration, or adapter behavior.

Verdict: APPROVE

CI note: GitHub reports Build, ESLint, Tests, MCP Unit, and audit successful on head 59e377c. I also attempted a targeted local test run, but this workspace does not have turbo installed (sh: 1: turbo: not found).