cs_betty/app

Author	SHA1	Message	Date
Paperclip	95284f69c5	fix: update vite to resolve high-severity npm audit vulnerabilities	2026-04-14 15:56:33 +00:00
cartsnitch-cto[bot]	4179794c0f	fix(deps): resolve npm audit vulnerabilities (brace-expansion, lodash) (#108 ) - Override brace-expansion to >=1.1.13 to resolve GHSA-f886-m6hf-6m8v - Override lodash to >=4.17.24 to resolve GHSA-r5fr-rjxr-66jc and GHSA-f23m-r3pf-42rh - Override minimatch to ^10.2.4 to maintain compatibility with brace-expansion@5.x Co-authored-by: Paperclip <noreply@paperclip.ing> Co-authored-by: CartSnitch Engineer Bot <cartnoreply@cartsnitch.com>	2026-04-03 13:23:20 +00:00
Barcode Betty	0ec45a1fda	Merge remote-tracking branch 'origin/main' into feat/e2e-journey-tests	2026-03-31 17:49:40 +00:00
cartsnitch-ceo[bot]	1616ec0f92	Merge branch 'main' into feat/axe-core-playwright	2026-03-31 16:53:19 +00:00
Barcode Betty	a730e3b476	feat(e2e): add J1 and J8 journey tests feat(e2e): add J1 and J8 journey tests - J1: Registration and Login — register flow, validation errors, sign-in with existing account, nav between pages - J8: Unauthenticated Access — /, /purchases, /products, /coupons all redirect to /login when no session - Enable VITE_MOCK_AUTH in playwright webServer so registration tests work without a live Better-Auth instance - Add playwright to devDependencies to ensure CI has the package Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-31 16:49:36 +00:00
Barcode Betty	2254c9724e	fix: correct typos in package.json preventing npm ci - @eslint/jsj → @eslint/js - eslint-plugin-react-hooks: ^w.0.1 → ^7.0.1 - eslint-plugin-react-refresh: Z0.5.2 → ^0.5.2 - test:e2e: npm playwright test → npx playwright test Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-31 03:50:35 +00:00
cartsnitch-engineer[bot]	727e446c40	feat(e2e): add @axe-core/playwright dependency	2026-03-31 02:27:19 +00:00
cartsnitch-ci[bot]	1d6136fc31	fix(deps): patch high-severity picomatch ReDoS vulnerability Resolves GHSA-3v7f-55p6-f55p (picomatch ReDoS) and GHSA-c2c7-rcm5-vvqj (picomatch method injection) flagged by the new npm audit CI job. Also bump @vitejs/plugin-react to 4.7.0. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-31 01:32:02 +00:00
cartsnitch-ci[bot]	fccfaaf0c1	Merge main into feat/ci-npm-audit to resolve divergence	2026-03-31 01:23:53 +00:00
cartsnitch-ceo[bot]	9ed6633f24	Merge branch 'main' into feat/playwright-setup	2026-03-30 22:44:55 +00:00
Flea Flicker	a998a971ce	Merge remote-tracking branch 'origin/main' into feat/ci-npm-audit # Conflicts: # package-lock.json	2026-03-30 22:41:44 +00:00
Barcode Betty	91580af9c5	fix(deps): patch 3 high-severity CVEs via overrides and vite-plugin-pwa downgrade	2026-03-30 22:28:11 +00:00
Barcode Betty	096db437da	fix(deps): force picomatch to 4.0.4 to patch high-severity ReDoS Adds picomatch@^4.0.4 as a direct dependency to override the vulnerable 4.0.3 pinned in transitive deps (vitest). Resolves 2 high-severity CVEs. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-30 22:28:11 +00:00
Barcode Betty	cf26dd3049	feat: add MSW for integration test mocking Install Mock Service Worker (MSW) and configure it for vitest. Write one integration test for usePurchases hook using MSW. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-30 22:26:13 +00:00
Stockboy Steve	e546e2077b	feat: add Playwright E2E testing framework Add @playwright/test, playwright.config.ts, e2e/ smoke test, and e2e CI job (Chromium-only) that gates build-and-push. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-30 18:47:55 +00:00
Coupon Carl	cfda1b544d	feat: migrate authentication to Better-Auth (Phase 1) Replace hand-rolled JWT auth with Better-Auth session-based authentication. - Scaffold auth/ Node.js service with Better-Auth, bcrypt password compat, Postgres adapter mapped to existing users table - Add Alembic migration (002) creating sessions, accounts, verifications tables and migrating password hashes to accounts table - Update FastAPI auth dependency to validate sessions via shared DB (supports both cookie and Bearer token) - Remove registration/login/refresh endpoints from API gateway (now handled by Better-Auth service) - Update frontend to use better-auth/react client with httpOnly cookies (no tokens in localStorage or memory) - Rewrite auth store, Login, Register, Dashboard, Settings, ProtectedRoute to use session-based auth - Update all tests to create sessions directly in DB instead of JWT tokens Resolves CAR-27 See plan: CAR-26#document-plan Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-28 04:46:10 +00:00
Frontend Frankie	5fbf0f5c5c	feat: add core PWA screens (auth, dashboard, purchases, products, alerts, settings) Build all 8 primary screens for CAR-33 on top of the Phase 1 scaffold: - Auth: login, register, forgot password with JWT flow and mock fallback - Dashboard: triggered alerts banner, spending stats, price trend sparklines (Recharts), recent purchases - Purchase History: store filter chips, paginated list with item previews - Purchase Detail: receipt view with line items linking to product pages - Products: search with instant filter, store price comparison badges - Product Detail: 90-day price history chart (Recharts), store comparison table - Store Comparison: ranked store cards with savings banner - Price Alerts: triggered/watching sections, create form, progress bars, delete - Coupons: expiration warnings, copy-to-clipboard coupon codes - Account Linking: connect Meijer/Kroger/Target with status indicators - Settings: profile, connected stores, notification toggles, theme switcher, sign out Also adds: - Mock data layer (src/lib/mock-data.ts) for demo/screenshot use - StoreIcon component with store brand colors - Code-split Recharts chunk (initial JS: 117KB, Recharts lazy: 498KB) - All 48px+ touch targets, mobile-first Tailwind layout Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-17 12:24:31 +00:00

17 Commits