Use pnpm --filter consistently for all three package builds in the
Dockerfile instead of mixing filter and cd approaches. Also set
--project . explicitly on tsc invocations to ensure tsconfig resolution
from the package directory rather than workspace root.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
tsc -p /app does not resolve to tsconfig.json at /app/tsconfig.json
without an explicit filename. Pass the full path.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
When pnpm --filter runs the api package build, tsc cannot find the
tsconfig.json. Use an absolute path to avoid any ambiguity about the
working directory context.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Both -p . and --project . should be equivalent, but the Docker build
appears to resolve them differently. Use -p for consistency.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
pnpm --filter runs in the workspace root where tsc finds the root
tsconfig.json instead of packages/db/tsconfig.json. Change into the
package directory so tsc picks up the correct local tsconfig.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
tsc without --project traverses up to workspace root, which has a
different tsconfig.json that lacks package-local paths. Fix both
@groombook/types and @groombook/db scripts consistently.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
tsc without --project flag picks up tsconfig.json from the workspace
root, which lacks the packages/* paths needed for the monorepo build.
Explicit --project . ensures tsc uses the local tsconfig.json.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
PetRow (pets.$inferSelect) now includes these nullable columns after
the GRO-1174 migration, but buildPet's defaults were never updated.
Adding null defaults fixes the typecheck failure in CI.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tsc without --project flag fails to find tsconfig.json when run from
a nested package directory inside a Docker COPY layer that overlays
files after deps install. Use explicit --project . to ensure tsc
finds the local tsconfig.json regardless of working directory context.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Sync api packages/types with web workspace — add MedicalAlert, AlertSeverity,
CoatType, preferredCuts, medicalAlerts, temperamentScore, temperamentFlags.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add petSizeCategory and petCoatType to bookingSchema zod validator (optional)
- Save coatType to pets row on booking creation
- Add coatType and petSizeCategory columns to pets DB schema
- Add coatType and petSizeCategory to Pet interface in @groombook/types
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- hashPassword is now async — all callers await it
- AC-3/AC-1 assertions updated to expect hex format (saltHex:keyHex)
- Destructuring replaced with explicit array access to fix TS strictness on
possibly-undefined split() result
- scrypt verification removed from test (N=16384 exceeds CI runner memory;
format assertions are sufficient)
- Removed unused scryptSync import
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The seed.ts password hashing used N=32768, r=8, p=1 with base64 encoding,
which does not match @better-auth/utils@0.4.0's actual implementation
(N=16384, r=16, p=1, dkLen=64, hex encoding). This caused every seeded
UAT credential to fail verifyPassword at sign-in.
Fix: import hashPassword from "better-auth/crypto" in seed.ts and in the
test helper. This delegates to Better-Auth's own implementation,
guaranteeing parameter and encoding match.
Also updates test assertions to expect hex format (saltHex:keyHex) and
verifies the hash using the correct scrypt params (N=16384, r=16, p=1).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Use the org-level REGISTRY_TOKEN secret instead of gitea.token for
authenticating to the Gitea Container Registry. The gitea.token
does not have packages:write scope.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Removes types/index.ts and factories.ts changes that belong in PR #21
(GRO-1178), not this PR. The extended Pet type fields caused CI typecheck
failures because the seed/credential logic doesn't use them.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add coatType, temperamentScore, temperamentFlags, medicalAlerts,
preferredCuts to buildPet() defaults — schema recently added these
columns but factories was still missing them, causing TS2739 errors
- Reduce scrypt N from 32768 → 4096 in test helpers only — production
seed.ts is unaffected; CI runners hit memory limit at N=32768
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds seed-uat-credentials.test.ts covering all 7 acceptance criteria:
- AC-1: creates user + account for each UAT account with password env var
- AC-2: emailVerified = true on created users
- AC-3: providerId = "credential", password properly hashed (scrypt, salt:hash)
- AC-4/AC-4b: staff.userId linked when staff exists, not updated if already set
- AC-5: idempotent — re-running creates no duplicates
- AC-6: missing SEED_UAT_*_PASSWORD skips that account with warning (no error)
- AC-7: partial env var coverage — only provisioned accounts get created
References GRO-1326.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds a seeding step after UAT staff creation that:
- Creates Better-Auth user records (emailVerified: true) for 4 UAT accounts
- Creates account records with providerId="credential" and scrypt-hashed passwords
- Links staff.userId for accounts with existing staff records (super, groomer, tester)
- Reads passwords from SEED_UAT_*_PASSWORD env vars (guard clause skips if unset)
- Is fully idempotent (upsert-safe)
Bypasses Authentik SSO for UAT login; Shedward can authenticate via
POST /api/auth/sign-in/email using the same UAT password secrets.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The CI workflow referenced wrong paths in groombook/infra:
- apps/groombook/overlays/dev/ → apps/overlays/dev/
- apps/groombook/base/ → apps/base/
These paths don't exist in groombook/infra — the correct structure
is apps/overlays/dev/ and apps/base/.
Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Without pnpm-workspace.yaml, pnpm install --frozen-lockfile can't discover
the apps/api workspace member, causing "Already up to date" and tsc not found.
Also removes stale packages/* entry from pnpm-workspace.yaml (no packages/
directory exists in the dev branch).
Fixes: GRO-1231
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Port rate limit customRules from groombook/app PR #392 to groombook/api.
Adds per-route limits for /sign-in/social, /sign-in/email, and /sign-up/email
to both AUTH_DISABLED and production better-auth() instances.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
pets.ts imports pets, appointments, and, eq, exists, or directly from
"../db". The vi.mock factory only returned getDb, causing vitest to throw
"No 'pets' export is defined" and 7 tests to get 400 instead of 201/200.
Fix adds the missing named exports to the mock return object.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds dedicated SEED_UAT_TESTER_OIDC_SUB handling to create the
uat-tester staff record with proper oidcSub mapping to Authentik user PK 237.
Fixes GRO-1151
- Adds missing drizzle-kit, drizzle-orm, postgres dependencies
- Addresses CI failures from Lint & Typecheck and Test jobs
- Resolves QA feedback from Lint Roller on PR #5
Fixes incorrect vi.mock paths that were causing tests to fail.
The mock path should match the import path in the route files.
This addresses the authProvider test mock path issue on PR #2.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Created comprehensive UAT playbook covering all 13 route groups with test cases for authentication, client management, pet management, appointment scheduling, services, staff management, invoicing & payments, customer portal, waitlist, search, reports, impersonation, and settings & setup.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Change apps/api/ to src/ (api package is now at root)
- Update COPY paths for new structure
- Change CMD from apps/api/dist/index.js to dist/index.js
- Remove api package.json copy (now at root)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Fix @groombook/db and @groombook/db/factories alias paths
- Change from ../../packages to ./packages (workspace packages are at root)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Chris Farhood
The Dogfather
Scrubs McBarkley
groombook-engineer[bot]