groombook/api

Author	SHA1	Message	Date
Flea Flicker	37e9634323	feat(GRO-2319): dev→uat — portal waitlist surfacing + seed (api) (#205 ) CI / Test (pull_request) Successful in 29s Details CI / Lint & Typecheck (pull_request) Successful in 34s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-10 08:29:57 +00:00
Flea Flicker	03f79a3701	uat → main: GRO-2299 redact googleMapsApiKey from PATCH /api/admin/settings (#198 ) CI / Test (push) Successful in 27s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Build & Push Docker Images (push) Successful in 30s Details GRO-2299: redact googleMapsApiKey from PATCH /api/admin/settings response Co-authored-by: Flea Flicker <22+gb_flea@noreply.git.farh.net> Co-committed-by: Flea Flicker <22+gb_flea@noreply.git.farh.net>	2026-06-09 07:49:49 +00:00
Flea Flicker	2b92c2ab6c	uat→main (PROD): GRO-2294 Route Optimization security hardening (frozen @2566fb8) (#197 ) CI / Lint & Typecheck (push) Successful in 30s Details CI / Test (push) Failing after 11m41s Details CI / Build & Push Docker Images (push) Has been skipped Details feat(security): GRO-2294 Route Optimization security hardening [squash] Co-authored-by: Flea Flicker <22+gb_flea@noreply.git.farh.net> Co-committed-by: Flea Flicker <22+gb_flea@noreply.git.farh.net>	2026-06-09 07:38:02 +00:00
Flea Flicker	e9ad92de01	uat→main (PROD): GRO-2157 nav export + GRO-2225/2235 (frozen @4868f18) (#192 ) CI / Test (push) Successful in 28s Details CI / Lint & Typecheck (push) Successful in 31s Details CI / Build & Push Docker Images (push) Successful in 28s Details feat: nav export + conflict guard + UAT seed (GRO-2157, GRO-2225, GRO-2235) Squash-merges PR #192: uat→main PROD promotion. Freezes at validated SHA `4868f18` (UAT regression GRO-2261 11/11 PASS). Bundles: GRO-2157 (nav export), GRO-2225 (UAT seed), GRO-2235 (conflict guard). CTO-reviewed and approved (review #4542). Co-authored-by: Flea Flicker <22+gb_flea@noreply.git.farh.net> Co-committed-by: Flea Flicker <22+gb_flea@noreply.git.farh.net>	2026-06-09 01:23:06 +00:00
Flea Flicker	aabedc8152	fix(GRO-2234): bounded sliding expiration for SSO portal sessions (#183 ) CI / Test (push) Successful in 28s Details CI / Lint & Typecheck (push) Successful in 29s Details CI / Build & Push Docker Images (push) Successful in 38s Details	2026-06-08 18:55:43 +00:00
Flea Flicker	ca62fb8ef6	feat(GRO-2156): travel buffer + reorder endpoint (Phase 2.2) (#180 ) CI / Test (push) Successful in 27s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Lint & Typecheck (pull_request) Successful in 25s Details CI / Test (pull_request) Successful in 24s Details CI / Build & Push Docker Images (push) Successful in 43s Details CI / Build & Push Docker Images (pull_request) Successful in 27s Details	2026-06-08 18:07:54 +00:00
Flea Flicker	29c42e3130	fix(portal): validate waitlist preferredTime/preferredDate, return 400 on bad input (GRO-2211) (#179 ) CI / Test (pull_request) Successful in 26s Details CI / Test (push) Successful in 29s Details CI / Lint & Typecheck (pull_request) Successful in 31s Details CI / Lint & Typecheck (push) Successful in 34s Details CI / Build & Push Docker Images (pull_request) Failing after 13s Details CI / Build & Push Docker Images (push) Successful in 48s Details	2026-06-08 17:19:39 +00:00
Flea Flicker	b842237425	fix(portal): GRO-2203 validate petId as UUID before PATCH lookup (500→404) (#177 ) CI / Lint & Typecheck (push) Successful in 29s Details CI / Test (push) Successful in 29s Details CI / Lint & Typecheck (pull_request) Failing after 2s Details CI / Test (pull_request) Successful in 25s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details CI / Build & Push Docker Images (push) Successful in 47s Details	2026-06-08 17:03:44 +00:00
Flea Flicker	d0c0b1b646	feat(GRO-2155): route CRUD + optimization endpoint (Phase 2.1) (#175 ) CI / Test (push) Successful in 25s Details CI / Lint & Typecheck (push) Successful in 28s Details CI / Test (pull_request) Successful in 24s Details CI / Build & Push Docker Images (push) Successful in 35s Details CI / Lint & Typecheck (pull_request) Successful in 26s Details CI / Build & Push Docker Images (pull_request) Successful in 25s Details	2026-06-08 13:57:07 +00:00
Flea Flicker	14d7889ec0	fix(portal): drop writable photoKey from PATCH /portal/pets — S3 key-hijack (GRO-2187/GRO-2198) (#172 ) CI / Test (push) Successful in 24s Details CI / Lint & Typecheck (push) Successful in 26s Details CI / Build & Push Docker Images (push) Successful in 29s Details CI / Lint & Typecheck (pull_request) Successful in 24s Details CI / Test (pull_request) Successful in 30s Details CI / Build & Push Docker Images (pull_request) Successful in 44s Details	2026-06-08 12:39:02 +00:00
Flea Flicker	582c376df9	feat(GRO-2154): geocoding endpoints + auto-geocode on client mutations (#170 ) CI / Test (push) Successful in 28s Details CI / Test (pull_request) Successful in 23s Details CI / Lint & Typecheck (pull_request) Successful in 26s Details CI / Build & Push Docker Images (pull_request) Successful in 25s Details CI / Lint & Typecheck (push) Failing after 14m33s Details CI / Build & Push Docker Images (push) Has been skipped Details	2026-06-08 11:45:08 +00:00
Flea Flicker	eec198a661	fix(ci): GRO-2197 api lint/typecheck/test run root scripts (de-false-green) (#169 ) CI / Test (push) Successful in 25s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Build & Push Docker Images (push) Successful in 3m23s Details	2026-06-08 11:09:33 +00:00
Flea Flicker	2fa6e3d87b	feat(GRO-2153): abstracted geocoding service (Nominatim + Google) CI / Test (pull_request) Successful in 13s Details CI / Lint & Typecheck (pull_request) Successful in 20s Details CI / Build & Push Docker Images (pull_request) Failing after 27m22s Details Phase 1.2 of Route Optimization. Adds a provider-agnostic geocoding service layer in the deployed src/ tree: - GeocodingProvider interface + GeocodeResult type - NominatimGeocodingProvider (default, free, self-hostable) with an internal rate limiter enforcing the 1 req/sec Nominatim usage policy - GoogleGeocodingProvider (optional fallback) keyed by the encrypted businessSettings.googleMapsApiKey (decrypted via decryptSecret) or GOOGLE_MAPS_API_KEY env fallback - resolveGeocodingProvider() selecting on businessSettings.routeOptimizationProvider, with safe fallback to Nominatim when google is configured but no usable key - geocodeBatch() throttled batch utility (honors provider rate limit, captures per-item errors, optional progress callback) - 20 unit tests covering both providers, selection, throttle spacing, and batch Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-08 09:01:36 +00:00
Flea Flicker	6be78cae35	fix(portal): implement PATCH /portal/pets/:petId + enrich GET (GRO-2187) (#165 ) CI / Test (push) Failing after 3s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Has been skipped Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details	2026-06-08 08:18:13 +00:00
Flea Flicker	1f888ac716	security(audit): log owner-bypass reads in GET /pets/:id/profile-summary (GRO-2062) CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 1m16s Details Adds a defense-in-depth audit row to impersonationAuditLogs when the staff-side owner-bypass path fires. Mirrors the failure-isolation pattern in src/middleware/portalAudit.ts: insert failures are logged and swallowed so a working read can never turn into a 500. - New writeOwnerBypassAudit helper called only when isOwner === true. - No DB migration; petId + actorStaffId go inside metadata jsonb. - resolveImpersonationClientId stays pure (no audit side effects). - Positive + negative tests + a cross-tenant regression test. - UAT_PLAYBOOK.md §3.19d: TC-API-3.19d documents the audit assertion. Parent tracking: GRO-2062 (Paperclip). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 04:10:58 +00:00
Flea Flicker	91eb2ccf71	fix(rbac): port Better-Auth user auto-provision into legacy ./src tree (GRO-2052) (#143 ) CI / Test (push) Successful in 11s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Test (pull_request) Successful in 9s Details CI / Lint & Typecheck (pull_request) Successful in 14s Details CI / Build & Push Docker Images (push) Successful in 36s Details CI / Build & Push Docker Images (pull_request) Successful in 26s Details fix(rbac): port Better-Auth user auto-provision into legacy ./src tree (GRO-2052) Ports the Better-Auth user-table auto-provision branch from canonical apps/api into the deployed ./src/middleware/rbac.ts so the owner-bypass in pets.ts is reachable for Better-Auth email/password customers. OIDC account branch retained as backward-compat fallback. Adds 5 rbac.test.ts cases and UAT_PLAYBOOK pre-condition docs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Co-authored-by: Flea Flicker <flea@groombook.dev> Co-committed-by: Flea Flicker <flea@groombook.dev>	2026-06-02 02:40:43 +00:00
The Dogfather	a2b09ba502	fix(pets): port owner-bypass into deployed tree (GRO-2013) (#139 ) CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 1m5s Details CI / Test (pull_request) Successful in 16s Details CI / Lint & Typecheck (pull_request) Successful in 2m25s Details CI / Build & Push Docker Images (pull_request) Failing after 32s Details	2026-06-01 20:06:24 +00:00
Flea Flicker	fee62c895d	fix(api): GRO-2014 — profile-summary 500 → 404/401/JSON-500 (#137 ) CI / Lint & Typecheck (push) Successful in 16s Details CI / Test (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 46s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 14s Details CI / Build & Push Docker Images (pull_request) Failing after 18s Details	2026-06-01 18:16:29 +00:00
Flea Flicker	280c699d0d	fix(seed): add uat-customer client record for SSO bridge UAT (GRO-1935) (#104 ) CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Test (pull_request) Successful in 10s Details CI / Build & Push Docker Images (pull_request) Failing after 37s Details CI / Lint & Typecheck (push) Successful in 14s Details CI / Test (push) Successful in 2m19s Details CI / Build & Push Docker Images (push) Failing after 33s Details	2026-05-30 03:10:48 +00:00
Flea Flicker	b96b6c06fc	fix: add missing getAuth import and fix db.insert() mock chain Fixes two bugs found in QA review: - ReferenceError: getAuth not defined in beforeEach - add import - TypeError: wrong mock chain insert().into().values() vs insert().values() Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-28 15:59:41 +00:00
Flea Flicker	7e329ff72f	fix(gro-1866): add session-from-auth portal endpoint and role scope Adds POST /api/portal/session-from-auth which bridges a valid Better Auth customer session (from SSO login) to a portal impersonation session, so real SSO customers can access the client portal. The endpoint is registered before the validatePortalSession catch-all so it is not subject to that middleware. It validates the Better Auth session from request cookies, looks up the client by email, creates an active impersonation session, and returns { sessionId, clientId, clientName }. Also adds "role" to the genericOAuth scopes so Authentik propagates the role claim into Better Auth user objects (GRO-1862 root cause fix). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-28 15:00:15 +00:00
Chris Farhood	abac9dfe6c	Extract groombook/api from monorepo with CI workflow - Add source code from apps/api - Add packages/db and packages/types workspace dependencies - Add GitHub Actions CI workflow (lint, typecheck, test, docker) - Generate pnpm-lock.yaml - Add .gitignore Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-11 01:26:56 +00:00

22 Commits