The api gate ran `pnpm --filter @groombook/api <script>`, but @groombook/api
is the workspace ROOT package and pnpm-workspace.yaml only includes packages/*,
so --filter excluded the root and the lint/typecheck/test steps silently
no-op'd (false-green). Invoke the root scripts directly instead.
Now that the gate actually runs eslint, fix the latent unused-var error in
src/__tests__/petProfileSummary.test.ts: servicesTable was declared and
assigned in resetMock but never enqueued/read. Remove the declaration, the
dead write, and the now-orphaned makeService helper (its only caller).
Verified locally: pnpm run typecheck, pnpm --filter @groombook/db typecheck,
pnpm run lint (0 errors), pnpm run test (602 passed) all green.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds a defense-in-depth audit row to impersonationAuditLogs when the
staff-side owner-bypass path fires. Mirrors the failure-isolation
pattern in src/middleware/portalAudit.ts: insert failures are logged
and swallowed so a working read can never turn into a 500.
- New writeOwnerBypassAudit helper called only when isOwner === true.
- No DB migration; petId + actorStaffId go inside metadata jsonb.
- resolveImpersonationClientId stays pure (no audit side effects).
- Positive + negative tests + a cross-tenant regression test.
- UAT_PLAYBOOK.md §3.19d: TC-API-3.19d documents the audit assertion.
Parent tracking: GRO-2062 (Paperclip).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Flea Flicker
Flea Flicker
The Dogfather