8 Commits

Author	SHA1	Message	Date
Flea Flicker	1f888ac716	security(audit): log owner-bypass reads in GET /pets/:id/profile-summary (GRO-2062) ... Adds a defense-in-depth audit row to impersonationAuditLogs when the staff-side owner-bypass path fires. Mirrors the failure-isolation pattern in src/middleware/portalAudit.ts: insert failures are logged and swallowed so a working read can never turn into a 500. - New writeOwnerBypassAudit helper called only when isOwner === true. - No DB migration; petId + actorStaffId go inside metadata jsonb. - resolveImpersonationClientId stays pure (no audit side effects). - Positive + negative tests + a cross-tenant regression test. - UAT_PLAYBOOK.md §3.19d: TC-API-3.19d documents the audit assertion. Parent tracking: GRO-2062 (Paperclip). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 04:10:58 +00:00
The Dogfather	a2b09ba502	fix(pets): port owner-bypass into deployed tree (GRO-2013) (#139)	2026-06-01 20:06:24 +00:00
Flea Flicker	fee62c895d	fix(api): GRO-2014 — profile-summary 500 → 404/401/JSON-500 (#137)	2026-06-01 18:16:29 +00:00
Flea Flicker	a14bb5e17d	fix(api): repair root src/routes/pets.ts visit-count query (GRO-1945) ... Use sql\`count(*)::int\` instead of selecting appointments.id, which was causing TS2339 under noUncheckedIndexedAccess (arr[0] is T | undefined). Import sql from @groombook/db. Use countRow?.count ?? 0 to stay noUncheckedIndexedAccess-safe. Matches the working implementation in apps/api/src/routes/pets.ts:365. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-30 03:21:28 +00:00
Flea Flicker	53677b1420	feat(pets): add GET /:id/profile-summary endpoint ... Adds profile-summary endpoint for groombook web to display: - Basic pet fields (name, species, breed, coatType, etc.) - Recent grooming history (last 10 completed appointments with staff names) - Visit count (completed appointments) - Upcoming appointment (next scheduled/confirmed) Groomer RBAC: groomers can only see pets they've had appointments with. Non-groomer staff (admin/super) can see all pets. Fixes GRO-1802 (UAT regression: profile-summary route never deployed). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-05-30 03:00:39 +00:00
Chris Farhood	9462915a66	fix: align root src/ enum values with packages/db schema ... Root src/routes/ used stale enum values (xlarge→extra_large, smooth→silky, missing short/medium/silky from coatType) and sizeCategory→petSizeCategory field name mismatch with the pets table column. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-05-22 03:17:13 +00:00
Flea Flicker	07eb611549	feat(GRO-1427): add buffer rules CRUD — enums, table, routes ... Re-implement lost commit from worktree cleanup. PR #12 already has UAT_PLAYBOOK + factories fix; add all missing core implementation: - Add petSizeCategoryEnum/coatTypeEnum to schema - Add bufferRules table with service FK + unique constraint - Add defaultBufferMinutes column to services table - Change pets.coatType/petSizeCategory text columns to use enums - Add routes/buffer-rules.ts: GET/POST/PATCH/DELETE, manager role guard - Register /api/buffer-rules in index.ts - Update services.ts PATCH to accept defaultBufferMinutes - Update pets.ts POST/PATCH to accept sizeCategory/coatType - Cast coatType/petSizeCategory in book.ts insert to match new enums - Add 0031_buffer_rules.sql migration - Fix factories.ts buildService to include defaultBufferMinutes: null Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-21 10:01:40 +00:00
Chris Farhood	abac9dfe6c	Extract groombook/api from monorepo with CI workflow ... - Add source code from apps/api - Add packages/db and packages/types workspace dependencies - Add GitHub Actions CI workflow (lint, typecheck, test, docker) - Generate pnpm-lock.yaml - Add .gitignore Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-11 01:26:56 +00:00