Merge pull request 'Promote to Production: CAR-1276 Phase 1 — auth /health 503 error-log fix' (#286 ) from uat into main

Promote to Production: CAR-1276 Phase 1 — auth /health 503 error-log fix UAT PASS (Deal Dottie) + Security PASS (Stockboy Steve) on CAR-1282. Merged by CEO (Coupon Carl) as production gate. cc @cpfarhood
promote: auth /health 503 error-log fix (CAR-1276 Phase 1) dev→uat (#285 )
2026-06-06 00:25:10 +00:00 · 2026-06-06 00:02:56 +00:00 · 2026-06-06 00:02:17 +00:00 · 2026-06-05 07:05:46 +00:00 · 2026-06-04 01:53:08 +00:00 · 2026-06-03 22:14:58 +00:00
3 changed files with 42 additions and 13 deletions
@@ -19,9 +19,18 @@ describe('Auth health endpoint', () => {
            }
            res.writeHead(200, { 'Content-Type': 'application/json' });
            res.end(JSON.stringify({ status: 'ok', db: 'reachable' }));
-          } catch {
+          } catch (err) {
+            // Mirror src/index.ts: log the error and include the message in the
+            // response body so /health 503s are diagnosable from pod logs.
+            console.error(
+              '[auth /health] DB probe failed:',
+              err instanceof Error ? `${err.name}: ${err.message}` : err,
+            );
+            const detail = err instanceof Error ? err.message : 'unknown error';
            res.writeHead(503, { 'Content-Type': 'application/json' });
-            res.end(JSON.stringify({ status: 'error', db: 'unreachable' }));
+            res.end(
+              JSON.stringify({ status: 'error', db: 'unreachable', error: detail }),
+            );
          }
          return;
        }
@@ -76,7 +85,10 @@ describe('Auth health endpoint', () => {
    close();

    equal(status, 503);
-    equal(body, '{"status":"error","db":"unreachable"}');
+    const parsed = JSON.parse(body);
+    equal(parsed.status, 'error');
+    equal(parsed.db, 'unreachable');
+    equal(parsed.error, 'connection refused');
  });

  it('returns 503 with db=unreachable when query times out', async () => {
@@ -95,7 +107,14 @@ describe('Auth health endpoint', () => {
    close();

    equal(status, 503);
-    equal(body, '{"status":"error","db":"unreachable"}');
+    const parsed = JSON.parse(body);
+    equal(parsed.status, 'error');
+    equal(parsed.db, 'unreachable');
+    // The query promise rejects with a synthetic 'timeout' error; the
+    // Promise.race wrapper also rejects with 'DB timeout'. The body should
+    // surface whichever error was thrown — accept either to stay robust.
+    equal(typeof parsed.error, 'string');
+    equal(parsed.error.length > 0, true);
  });

  it('returns a terminal response for unknown paths (no hang)', async () => {
@@ -21,9 +21,19 @@ const server = createServer(async (req, res) => {
      }
      res.writeHead(200, { "Content-Type": "application/json" });
      res.end(JSON.stringify({ status: "ok", db: "reachable" }));
-    } catch {
+    } catch (err) {
+      // Log the actual error so /health 503s are diagnosable from pod logs
+      // (CAR-1276: UAT auth was crashlooping with no log output beyond the
+      // initial "listening on port 3001" line because this catch was empty).
+      console.error(
+        "[auth /health] DB probe failed:",
+        err instanceof Error ? `${err.name}: ${err.message}` : err,
+      );
+      const detail = err instanceof Error ? err.message : "unknown error";
      res.writeHead(503, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ status: "error", db: "unreachable" }));
+      res.end(
+        JSON.stringify({ status: "error", db: "unreachable", error: detail }),
+      );
    }
    return;
  }
@@ -8305,9 +8305,9 @@
      }
    },
    "node_modules/react-router": {
-      "version": "7.14.0",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.14.0.tgz",
-      "integrity": "sha512-m/xR9N4LQLmAS0ZhkY2nkPA1N7gQ5TUVa5n8TgANuDTARbn1gt+zLPXEm7W0XDTbrQ2AJSJKhoa6yx1D8BcpxQ==",
+      "version": "7.16.0",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.16.0.tgz",
+      "integrity": "sha512-wArC8lVyJb3+jM9OpDyW6hLCizACWkvQR/sSGqSs+o5uEXEtGlqdZ4v8hENR3Jad6i+LRkK93q/+bQAcvl6V1A==",
      "license": "MIT",
      "dependencies": {
        "cookie": "^1.0.1",
@@ -8327,12 +8327,12 @@
      }
    },
    "node_modules/react-router-dom": {
-      "version": "7.14.0",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.0.tgz",
-      "integrity": "sha512-2G3ajSVSZMEtmTjIklRWlNvo8wICEpLihfD/0YMDxbWK2UyP5EGfnoIn9AIQGnF3G/FX0MRbHXdFcD+rL1ZreQ==",
+      "version": "7.16.0",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.16.0.tgz",
+      "integrity": "sha512-kMUAbimWB5FVbF4Bce4bJsiKJWLIUHq/mEG8+CFDnCSgltptBiG5nguducmsJeGKytlCvQud9Qhzpn49iduTlA==",
      "license": "MIT",
      "dependencies": {
-        "react-router": "7.14.0"
+        "react-router": "7.16.0"
      },
      "engines": {
        "node": ">=20.0.0"
Author	SHA1	Message	Date
Coupon Carl	c27f6a1e3c	Merge pull request 'Promote to Production: CAR-1276 Phase 1 — auth /health 503 error-log fix' (#286 ) from uat into main CI / test (push) Successful in 10s Details CI / lint (push) Successful in 14s Details CI / audit (push) Successful in 13s Details CI / e2e (push) Successful in 40s Details CI / lighthouse (push) Failing after 1m20s Details CI / build-and-push-api (push) Successful in 1m4s Details CI / build-and-push-receiptwitness (push) Successful in 1m52s Details CI / build-and-push-auth (push) Successful in 1m14s Details CI / build-and-push (push) Successful in 1m14s Details CI / deploy-uat (push) Failing after 7s Details CI / deploy-dev (push) Failing after 7s Details Promote to Production: CAR-1276 Phase 1 — auth /health 503 error-log fix UAT PASS (Deal Dottie) + Security PASS (Stockboy Steve) on CAR-1282. Merged by CEO (Coupon Carl) as production gate. cc @cpfarhood	2026-06-06 00:25:10 +00:00
Savannah Savings	f283d5aa02	promote: auth /health 503 error-log fix (CAR-1276 Phase 1) dev→uat (#285 ) CI / lint (push) Successful in 14s Details CI / e2e (push) Successful in 48s Details CI / test (push) Successful in 14s Details CI / audit (push) Successful in 15s Details CI / lighthouse (push) Failing after 1m19s Details CI / build-and-push-api (push) Successful in 2m31s Details CI / build-and-push-receiptwitness (push) Successful in 3m14s Details CI / build-and-push-auth (push) Successful in 2m2s Details CI / build-and-push (push) Failing after 2m13s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 7s Details CI / audit (pull_request) Successful in 10s Details CI / lint (pull_request) Successful in 11s Details CI / test (pull_request) Successful in 12s Details CI / build-and-push-receiptwitness (pull_request) Has been skipped Details CI / build-and-push-api (pull_request) Has been skipped Details CI / build-and-push-auth (pull_request) Has been skipped Details CI / e2e (pull_request) Successful in 40s Details CI / lighthouse (pull_request) Failing after 1m22s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details	2026-06-06 00:02:56 +00:00
Savannah Savings	39804135a4	fix(auth): log /health 503 error and surface message in body (#283 , CAR-1276) CI / audit (push) Successful in 13s Details CI / test (push) Successful in 13s Details CI / lint (pull_request) Successful in 14s Details CI / test (pull_request) Successful in 13s Details CI / lighthouse (push) Failing after 1m22s Details CI / e2e (pull_request) Successful in 49s Details CI / build-and-push-receiptwitness (pull_request) Has been skipped Details CI / e2e (push) Successful in 44s Details CI / audit (pull_request) Successful in 13s Details CI / build-and-push-api (pull_request) Has been skipped Details CI / build-and-push-auth (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m23s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / lint (push) Successful in 16m17s Details CI / build-and-push-auth (push) Successful in 38s Details CI / build-and-push-api (push) Successful in 1m34s Details CI / build-and-push (push) Successful in 2m44s Details CI / build-and-push-receiptwitness (push) Successful in 3m52s Details CI / deploy-uat (push) Has been skipped Details CI / deploy-dev (push) Failing after 6s Details	2026-06-06 00:02:17 +00:00
Barcode Betty	b2c4692400	fix(auth): log /health 503 error and surface message in body (CAR-1276) CI / deploy-uat (pull_request) Has been skipped Details CI / test (pull_request) Successful in 12s Details CI / lint (pull_request) Successful in 13s Details CI / build-and-push-receiptwitness (pull_request) Has been skipped Details CI / build-and-push-api (pull_request) Has been skipped Details CI / build-and-push-auth (pull_request) Has been skipped Details CI / audit (pull_request) Successful in 40s Details CI / e2e (pull_request) Successful in 1m11s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m15s Details The /health handler's catch block was empty, so when the DB probe failed we had no log line to diagnose from. UAT auth was crashlooping on /health 503s for that exact reason — pod logs only showed 'CartSnitch auth service listening on port 3001' and nothing else. Add console.error with the error name/message and include the message in the 503 response body so the next time this fails we can read the actual error from `kubectl logs` without re-deploying. This is the dev-side observability half of CAR-1276. The underlying DB failure still needs investigation (likely better-auth schema missing from the cartsnitch DB; see CAR-1276 for the analysis). Tests updated to assert the new error field is present and a string. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-05 07:05:46 +00:00
Coupon Carl	a0088acb1a	Merge pull request 'Promote to Production: CAR-1215 react-router audit-gate fix' (#282 ) from uat into main CI / lint (push) Successful in 11s Details CI / audit (push) Successful in 11s Details CI / test (push) Successful in 13s Details CI / e2e (push) Successful in 42s Details CI / build-and-push-receiptwitness (push) Failing after 55s Details CI / build-and-push-auth (push) Failing after 21s Details CI / lighthouse (push) Failing after 1m14s Details CI / build-and-push (push) Successful in 30s Details CI / build-and-push-api (push) Successful in 1m19s Details CI / deploy-dev (push) Failing after 12s Details CI / deploy-uat (push) Failing after 13s Details Promote to Production: CAR-1215 react-router audit-gate fix UAT PASS: Deal Dottie — all 5 regression steps green Security PASS: Stockboy Steve — lockfile-only, 3 high advisories cleared ref: CAR-1215, CAR-1217	2026-06-04 01:53:08 +00:00
Savannah Savings	eff1098289	Promote to UAT: CAR-1215 react-router audit-gate fix (#280 ) CI / audit (push) Successful in 10s Details CI / lint (push) Successful in 11s Details CI / test (push) Successful in 14s Details CI / e2e (push) Successful in 58s Details CI / lighthouse (push) Failing after 1m25s Details CI / build-and-push-api (push) Successful in 1m26s Details CI / build-and-push-auth (push) Successful in 43s Details CI / build-and-push-receiptwitness (push) Successful in 1m59s Details CI / build-and-push (push) Successful in 1m6s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 7s Details CI / build-and-push-api (pull_request) Has been skipped Details CI / build-and-push-auth (pull_request) Has been skipped Details CI / build-and-push (pull_request) Has been skipped Details CI / test (pull_request) Successful in 12s Details CI / build-and-push-receiptwitness (pull_request) Has been skipped Details CI / e2e (pull_request) Successful in 45s Details CI / audit (pull_request) Successful in 10s Details CI / lint (pull_request) Successful in 14s Details CI / deploy-uat (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m17s Details Promotes CAR-1215 to uat. audit gate green; lighthouse pre-existing red (tracked separately).	2026-06-03 22:14:58 +00:00
Savannah Savings	8eeaa92ad8	CAR-1215: bump react-router to 7.16.0 (clear audit gate) (#278 ) CI / audit (push) Successful in 10s Details CI / build-and-push-api (push) Successful in 1m23s Details CI / build-and-push-auth (push) Successful in 43s Details CI / lint (pull_request) Successful in 11s Details CI / audit (pull_request) Successful in 13s Details CI / lint (push) Successful in 14s Details CI / test (push) Successful in 14s Details CI / test (pull_request) Successful in 12s Details CI / e2e (push) Successful in 57s Details CI / lighthouse (push) Failing after 1m29s Details CI / e2e (pull_request) Successful in 46s Details CI / build-and-push-receiptwitness (push) Successful in 2m33s Details CI / build-and-push-receiptwitness (pull_request) Has been skipped Details CI / build-and-push-api (pull_request) Has been skipped Details CI / build-and-push-auth (pull_request) Has been skipped Details CI / build-and-push (push) Successful in 54s Details CI / lighthouse (pull_request) Failing after 1m17s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (push) Failing after 17s Details CI / deploy-uat (push) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Lockfile-only bump react-router/react-router-dom 7.14.0->7.16.0 clearing GHSA-49rj-9fvp-4h2h, GHSA-2j2x-hqr9-3h42, GHSA-8x6r-g9mw-2r78. QA PASS (cs_charlie), security PASS (cs_steve). audit gate now green; lighthouse pre-existing red (out of scope, tracked separately).	2026-06-03 22:14:12 +00:00
Barcode Betty	fc3a0b4d92	chore(deps): bump react-router + react-router-dom to 7.16.0 (CAR-1215) CI / lint (pull_request) Successful in 12s Details CI / test (pull_request) Successful in 12s Details CI / audit (pull_request) Successful in 11s Details CI / build-and-push-api (pull_request) Has been skipped Details CI / build-and-push-receiptwitness (pull_request) Has been skipped Details CI / build-and-push-auth (pull_request) Has been skipped Details CI / e2e (pull_request) Successful in 43s Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / build-and-push (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m16s Details Lockfile-only bump from 7.14.0 -> 7.16.0. The ^7.0.0 range in package.json already permits 7.16.0, so no source changes. Clears three high-severity advisories that block the audit CI gate: - GHSA-49rj-9fvp-4h2h (turbo-stream arbitrary constructor invocation) - GHSA-2j2x-hqr9-3h42 (protocol-relative URL open redirect) - GHSA-8x6r-g9mw-2r78 (DoS via unbounded path expansion) No runtime behavior change; react-router stays on 7.x. npm audit --audit-level=high exits clean (0 high/critical) locally. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-03 21:56:05 +00:00
Savannah Savings	009aa92777	Merge pull request 'Promote to UAT: deploy-dev/deploy-uat approval-gate success (CAR-1212)' (#277 ) from dev into uat CI / lint (push) Successful in 13s Details CI / test (push) Successful in 13s Details CI / audit (push) Failing after 11s Details CI / e2e (push) Successful in 50s Details CI / lighthouse (push) Failing after 1m19s Details CI / build-and-push-auth (push) Successful in 31s Details CI / build-and-push-api (push) Successful in 1m3s Details CI / build-and-push-receiptwitness (push) Successful in 2m29s Details CI / build-and-push (push) Successful in 1m40s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 6s Details	2026-06-03 21:49:34 +00:00
Savannah Savings	b3a452be50	Merge pull request 'promote(dev→uat): CI deploy PR-based image bump (CAR-1195, CAR-1194)' (#275 ) from dev into uat CI / lint (push) Successful in 11s Details CI / audit (push) Successful in 11s Details CI / test (push) Successful in 12s Details CI / e2e (push) Successful in 45s Details CI / build-and-push-api (push) Successful in 1m7s Details CI / build-and-push-auth (push) Successful in 36s Details CI / lighthouse (push) Failing after 1m20s Details CI / build-and-push (push) Successful in 33s Details CI / build-and-push-receiptwitness (push) Successful in 2m10s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 7s Details	2026-06-03 21:13:44 +00:00
Coupon Carl	80786b9f1f	fix(ci): use CI_GITEA_TOKEN for cross-repo checkout CI / audit (push) Failing after 16s Details CI / e2e (push) Successful in 52s Details CI / lint (push) Successful in 1m14s Details CI / test (push) Successful in 1m16s Details CI / build-and-push (push) Failing after 14s Details CI / build-and-push-api (push) Failing after 17s Details CI / build-and-push-auth (push) Failing after 12s Details CI / lighthouse (push) Failing after 1m5s Details CI / build-and-push-receiptwitness (push) Failing after 3m23s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 10s Details Update deploy-dev and deploy-uat jobs to use CI_GITEA_TOKEN for checking out the cartsnitch/infra repository instead of REGISTRY_TOKEN. CI_GITEA_TOKEN is the org-level Actions secret configured for cross-repo access, while REGISTRY_TOKEN continues to be used for Docker registry login. This resolves CAR-986 by enabling CI to commit image tag updates to the private infra repository. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-25 22:47:40 +00:00