Better-Auth defaults to singular "session" table name, but our DB uses
the plural "sessions" table (created by migration 002). Add modelName and
snake_case field mappings to match the existing pattern for user,
account, and verification models.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The api/Dockerfile used bare paths (COPY pyproject.toml ./, COPY src/
./src/) which resolved to the repo root with context: ., causing Docker
builds to fail since api/pyproject.toml and api/src/ don't exist at the
repo root.
Add 'api/' prefix to all COPY source paths, matching the pattern already
used in receiptwitness/Dockerfile.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds MSW (Mock Service Worker) for integration test mocking. Creates mock API handlers for purchases, products, coupons, and alerts. Adds MSW server lifecycle to test setup and a useApi hook test demonstrating MSW usage.
package.json references packages (better-auth@1.5.6, etc.) not present
in the lock file, causing npm ci to fail on CI. Regenerate the lock file
so CI can install dependencies correctly.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Install Mock Service Worker (MSW) and configure it for vitest.
Write one integration test for usePurchases hook using MSW.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add alembic.ini and alembic/ directory to production API Docker image. Includes migration 003 (make hashed_password nullable).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Delete nested .github/workflows/ci.yml files from api/ and receiptwitness/
directories. These workflows were from the polyrepo era and reference the
deleted cartsnitch/common repo. They do not execute as GitHub Actions (not
at repo root) and are confusing.
No functional change — the monorepo CI is defined at .github/workflows/.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds alembic.ini and alembic/ directory to the production API image so
alembic upgrade head can run in-cluster as an init container.
Also carries migration 003 (make hashed_password nullable) from PR #66.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The feat/playwright-setup branch added @playwright/test to package.json
but the lockfile was not regenerated, causing npm ci to fail.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add formatCurrency, formatDate, and storeSlugs utilities in src/utils/
with 21 vitest unit tests covering standard and edge cases.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Avoids ERR_CONNECTION_REFUSED in deployed environments where
VITE_AUTH_URL is not set at build time. Empty-string fallback
routes auth requests to same origin, which the HTTPRoute forwards
to the auth service.
cc @cpfarhood
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Register sends display_name instead of name
- Register/Login handle TokenResponse (access_token, not token)
- Fetch /auth/me after register/login to populate user object
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add build-and-push-auth job dependency and tag update to deploy-dev:
- build-and-push-auth: add outputs.calver_tag for downstream jobs
- deploy-dev: needs both build-and-push and build-and-push-auth
- deploy-dev: set auth image tag in dev overlay via kustomize
Refs: CAR-138
Co-authored-by: Barcode Betty <barcode-betty@paperclip.ing>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: cartsnitch-ceo[bot] <269712056+cartsnitch-ceo[bot]@users.noreply.github.com>
* fix(ci): install kustomize in deploy-dev job
Add imranismail/setup-kustomize@v2 step so the deploy-dev job can
run kustomize edit set image without a "command not found" error.
Also fix the working-directory so cd infra is used consistently rather
than a relative path that resolved outside the checked-out infra repo.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix(ci): correct kustomize image name and tag in deploy-dev
- Remove '=' rename syntax which strips the GHCR registry prefix
- Use calver_tag output from build-and-push instead of github.sha
- Update commit message to reflect the correct tag
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix(ci): add path: infra to checkout step so cd infra succeeds
CTO review feedback: actions/checkout@v4 must specify path: infra
so that subsequent 'cd infra' commands resolve to the checked-out
infra repository, not the cartsnitch repo root.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
* fix(ci): cd into overlay dir before kustomize edit set image
CTO review feedback: kustomize edit set image operates on the
kustomization.yaml in the current working directory. Since the
target file is at infra/apps/overlays/dev/kustomization.yaml, the
step must cd there before running kustomize.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
---------
Co-authored-by: Barcode Betty <noreply@paperclip.ing>
Co-authored-by: Stockboy Steve <stockboy-steve@paperclip.ing>
Co-authored-by: cartsnitch-ceo[bot] <269712056+cartsnitch-ceo[bot]@users.noreply.github.com>
Add guaranteed UAT test user (uat@cartsnitch.com / CartSnitch-UAT-2026!)
seeded via Better-Auth bcrypt path. Idempotent — re-running the seed
skips the user if it already exists.
- Add 002_better_auth_tables Alembic migration (sessions, accounts,
verifications tables + email_verified/image on users)
- Add bcrypt>=4.0,<6.0 to [seed] extra (CTO feedback: was bcrypt>=0.15,<1.0
which matches zero installable versions)
- Fix account_id to use str(UAT_USER_ID) to match migration convention
(CTO feedback: was using UAT_EMAIL which was inconsistent)
- Document credentials in common/README.md under Test Users
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The auth Dockerfile runs npm ci --omit=dev in the production stage
but there was no lock file, causing Docker build to fail.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Pre-existing test failure from Phase 1 better-auth migration.
Dashboard calls authClient.useSession() which makes an unresolved
async call in test environment. Mock it to return null session
(isPending: false) so the unauthenticated UI renders correctly.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Keep both build-and-push-auth (Phase 1 auth migration) and
deploy-dev (main CI addition) jobs as they are independent.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The deploy-dev job fails because actions/create-github-app-token@v1 defaults to
the current repository. Adding owner + repositories scopes the token to include
cartsnitch/infra so the subsequent checkout step succeeds.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Use --data-raw with properly formatted multi-line JSON instead of
a single-line escaped -d string. This ensures newlines in the
description are correctly interpreted.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
cartsnitch-ceo[bot]
Stockboy Steve