From c59b2e69767123d0e1b7796dbbc8dc1b64ee06e0 Mon Sep 17 00:00:00 2001
From: Stockboy Steve <steve@cartsnitch.com>
Date: Tue, 31 Mar 2026 19:23:55 +0000
Subject: [PATCH 1/6] fix(ci): add Chrome sandbox flags and fix CHROME_PATH for
 Lighthouse

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 lighthouserc.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lighthouserc.json b/lighthouserc.json
index fcc75b7..c839ba7 100644
--- a/lighthouserc.json
+++ b/lighthouserc.json
@@ -3,7 +3,10 @@
     "collect": {
       "staticDistDir": "./dist",
       "url": ["http://localhost:4173/"],
-      "numberOfRuns": 1
+      "numberOfRuns": 1,
+      "settings": {
+        "chromeFlags": ["--headless=new", "--no-sandbox"]
+      }
     },
     "assert": {
       "assertions": {

From 1b5b3c404ea384cc84968c88f90b2f59bf4768f7 Mon Sep 17 00:00:00 2001
From: Barcode Betty <barcode-betty@cartsnitch.com>
Date: Tue, 31 Mar 2026 21:07:44 +0000
Subject: [PATCH 2/6] fix(ci): add --disable-gpu and --disable-dev-shm-usage to
 Lighthouse Chrome flags

---
 lighthouserc.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lighthouserc.json b/lighthouserc.json
index c839ba7..525b132 100644
--- a/lighthouserc.json
+++ b/lighthouserc.json
@@ -5,7 +5,7 @@
       "url": ["http://localhost:4173/"],
       "numberOfRuns": 1,
       "settings": {
-        "chromeFlags": ["--headless=new", "--no-sandbox"]
+        "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"]
       }
     },
     "assert": {

From 8f48f87e6b25163a617291fb4ebbe6ea2e822d75 Mon Sep 17 00:00:00 2001
From: Barcode Betty <barcode-betty@cartsnitch.com>
Date: Tue, 31 Mar 2026 21:17:32 +0000
Subject: [PATCH 3/6] fix(ci): skip bf-cache audit to prevent Chrome
 TARGET_CRASHED in CI

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 lighthouserc.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lighthouserc.json b/lighthouserc.json
index 525b132..c974515 100644
--- a/lighthouserc.json
+++ b/lighthouserc.json
@@ -5,7 +5,8 @@
       "url": ["http://localhost:4173/"],
       "numberOfRuns": 1,
       "settings": {
-        "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"]
+        "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"],
+        "skipAudits": ["bf-cache"]
       }
     },
     "assert": {

From 2b232a8488603d40ccabad90eb5800656ac70f00 Mon Sep 17 00:00:00 2001
From: "cartsnitch-engineer[bot]"
 <269717931+cartsnitch-engineer[bot]@users.noreply.github.com>
Date: Tue, 31 Mar 2026 21:58:30 +0000
Subject: [PATCH 4/6] fix(ci): disable FullPageScreenshot gatherer to prevent
 Chrome crash

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 lighthouserc.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lighthouserc.json b/lighthouserc.json
index c974515..f85a377 100644
--- a/lighthouserc.json
+++ b/lighthouserc.json
@@ -6,7 +6,8 @@
       "numberOfRuns": 1,
       "settings": {
         "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"],
-        "skipAudits": ["bf-cache"]
+        "skipAudits": ["bf-cache"],
+        "disableFullPageScreenshot": true
       }
     },
     "assert": {
@@ -20,4 +21,4 @@
       "target": "temporary-public-storage"
     }
   }
-}
+}
\ No newline at end of file

From 837d1196d0386ddfd84f88a32a59b080181f27ed Mon Sep 17 00:00:00 2001
From: CartSnitch Engineer Bot <cartnoreply@cartsnitch.com>
Date: Tue, 31 Mar 2026 22:11:20 +0000
Subject: [PATCH 5/6] fix(auth): wait for session confirmation before post-auth
 redirect
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Race condition between signUp/signIn completion and ProtectedRoute's
useSession() call caused redirect loops — Better-Auth's session cookie
is not immediately visible to useSession() after signUp/signIn resolves.

Fix: call authClient.getSession() explicitly after signUp/signIn to
synchronize before navigating to protected routes. Fall back to error
message if session not confirmed.

Also removes dead setAuthenticated() calls that only work in mock mode.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 src/pages/Login.tsx    | 13 ++++++++-----
 src/pages/Register.tsx | 14 +++++++++-----
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/src/pages/Login.tsx b/src/pages/Login.tsx
index bf6b215..6ee9bcf 100644
--- a/src/pages/Login.tsx
+++ b/src/pages/Login.tsx
@@ -1,7 +1,6 @@
 import { useState } from 'react'
 import { Link, useNavigate } from 'react-router-dom'
 import { authClient } from '../lib/auth-client.ts'
-import { useAuthStore } from '../stores/auth.ts'
 
 export function Login() {
   const [email, setEmail] = useState('')
@@ -9,7 +8,6 @@ export function Login() {
   const [error, setError] = useState('')
   const [loading, setLoading] = useState(false)
   const navigate = useNavigate()
-  const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
 
   async function handleSubmit(e: React.FormEvent) {
     e.preventDefault()
@@ -31,11 +29,16 @@ export function Login() {
         throw new Error(authError.message ?? 'Sign in failed')
       }
 
-      setAuthenticated(true)
-      navigate('/')
+      // After successful signIn, force a session fetch to confirm the cookie is set
+      // before navigating to the protected route
+      const sessionResult = await authClient.getSession()
+      if (sessionResult.data) {
+        navigate('/')
+      } else {
+        setError('Sign in failed. Please try again.')
+      }
     } catch {
       if (import.meta.env.VITE_MOCK_AUTH === 'true') {
-        setAuthenticated(true)
         navigate('/')
       } else {
         setError('Invalid email or password. Please try again.')
diff --git a/src/pages/Register.tsx b/src/pages/Register.tsx
index a65e7b6..a93317d 100644
--- a/src/pages/Register.tsx
+++ b/src/pages/Register.tsx
@@ -1,7 +1,6 @@
 import { useState } from 'react'
 import { Link, useNavigate } from 'react-router-dom'
 import { authClient } from '../lib/auth-client.ts'
-import { useAuthStore } from '../stores/auth.ts'
 
 export function Register() {
   const [name, setName] = useState('')
@@ -10,7 +9,6 @@ export function Register() {
   const [error, setError] = useState('')
   const [loading, setLoading] = useState(false)
   const navigate = useNavigate()
-  const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
 
   async function handleSubmit(e: React.FormEvent) {
     e.preventDefault()
@@ -38,11 +36,17 @@ export function Register() {
         throw new Error(authError.message ?? 'Registration failed')
       }
 
-      setAuthenticated(true)
-      navigate('/')
+      // After successful signUp, force a session fetch to confirm the cookie is set
+      // before navigating to the protected route
+      const sessionResult = await authClient.getSession()
+      if (sessionResult.data) {
+        navigate('/')
+      } else {
+        // Session not established — show success message and link to login
+        setError('Account created! Please sign in.')
+      }
     } catch {
       if (import.meta.env.VITE_MOCK_AUTH === 'true') {
-        setAuthenticated(true)
         navigate('/')
       } else {
         setError('Registration failed. Please try again.')

From 0c34f9aa5706a082322a37dd651a888d5367d0e9 Mon Sep 17 00:00:00 2001
From: CartSnitch Engineer Bot <cartnoreply@cartsnitch.com>
Date: Tue, 31 Mar 2026 22:30:05 +0000
Subject: [PATCH 6/6] fix(auth): restore setAuthenticated in mock-auth catch
 block

The try-block getSession() pattern is correct for real auth mode.
The mock-auth catch block (VITE_MOCK_AUTH) still needs to set
the Zustand flag so ProtectedRoute respects the authenticated state.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 src/pages/Login.tsx    | 3 +++
 src/pages/Register.tsx | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/pages/Login.tsx b/src/pages/Login.tsx
index 6ee9bcf..ae7fc0c 100644
--- a/src/pages/Login.tsx
+++ b/src/pages/Login.tsx
@@ -1,6 +1,7 @@
 import { useState } from 'react'
 import { Link, useNavigate } from 'react-router-dom'
 import { authClient } from '../lib/auth-client.ts'
+import { useAuthStore } from '../stores/auth.ts'
 
 export function Login() {
   const [email, setEmail] = useState('')
@@ -8,6 +9,7 @@ export function Login() {
   const [error, setError] = useState('')
   const [loading, setLoading] = useState(false)
   const navigate = useNavigate()
+  const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
 
   async function handleSubmit(e: React.FormEvent) {
     e.preventDefault()
@@ -39,6 +41,7 @@ export function Login() {
       }
     } catch {
       if (import.meta.env.VITE_MOCK_AUTH === 'true') {
+        setAuthenticated(true)
         navigate('/')
       } else {
         setError('Invalid email or password. Please try again.')
diff --git a/src/pages/Register.tsx b/src/pages/Register.tsx
index a93317d..c75e2d6 100644
--- a/src/pages/Register.tsx
+++ b/src/pages/Register.tsx
@@ -1,6 +1,7 @@
 import { useState } from 'react'
 import { Link, useNavigate } from 'react-router-dom'
 import { authClient } from '../lib/auth-client.ts'
+import { useAuthStore } from '../stores/auth.ts'
 
 export function Register() {
   const [name, setName] = useState('')
@@ -9,6 +10,7 @@ export function Register() {
   const [error, setError] = useState('')
   const [loading, setLoading] = useState(false)
   const navigate = useNavigate()
+  const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
 
   async function handleSubmit(e: React.FormEvent) {
     e.preventDefault()
@@ -47,6 +49,7 @@ export function Register() {
       }
     } catch {
       if (import.meta.env.VITE_MOCK_AUTH === 'true') {
+        setAuthenticated(true)
         navigate('/')
       } else {
         setError('Registration failed. Please try again.')