Merge pull request 'chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129)' (#158) from dev into uat

Co-authored-by: Flea Flicker <flea@groombook.dev>
Co-committed-by: Flea Flicker <flea@groombook.dev>

UAT_PLAYBOOK.md

@@ -147,6 +147,8 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
 | TC-API-3.19b | Get pet profile summary — customer cross-tenant blocked (GRO-2013) | Sign in as `uat-customer@groombook.dev`; reuse the customer's sessionId from TC-API-3.19a; `GET /api/pets/{otherClientPetId}/profile-summary` for a pet owned by a different client (`c0000002-...` or any non-customer pet) | 403 Forbidden (owner-bypass requires session.clientId === pet.clientId) |
 | TC-API-3.19c | Get pet profile summary — customer without portal session header | Same as TC-API-3.19a but omit the `X-Impersonation-Session-Id` header | 403 Forbidden (no owner-bypass without valid portal session) |
 | TC-API-3.19d | Get pet profile summary — owner-bypass writes audit row (GRO-2063) | Same setup as TC-API-3.19a (sign in as `uat-customer@groombook.dev`, establish a portal session for the customer's own clientId, call `GET /api/pets/{ownPetId}/profile-summary` with `X-Impersonation-Session-Id: {sessionId}` and a 200 OK response). Then call `GET /api/impersonation/sessions/{sessionId}/audit-log` and confirm there is exactly one entry with `action === "read_profile_summary"`, `pageVisited` matching the profile-summary path, and `metadata` containing `petId` and `actorStaffId` for the customer. Repeat TC-API-3.19b (cross-tenant attempt) and confirm NO new `read_profile_summary` row was written for the cross-tenant attempt. | 200 OK on the profile-summary call AND an audit log entry is present with the correct shape (defense-in-depth audit row; bypass attempts against other clients must NOT log) |
+| TC-UAT-2 | Groomer accesses linked pet profile summary (GRO-2100) | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000002/profile-summary` (UAT Pup Alpha — linked via deterministic completed appointment `a0000001-0000-0000-0000-000000000001`, service `b0000001-…-0001` "Bath & Brush", `startTime` ~7 days ago) | 200 OK, `recentGroomingHistory[]` non-empty (>=1 entry), `visitCount >= 1`, `upcomingAppointment` null (the seeded appointment is in the past) |
+| TC-UAT-3 | Groomer blocked from unlinked pet profile summary (GRO-2100) | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000003/profile-summary` (UAT Pup Beta — intentionally UNLINKED; no appointment row references this pet's clientId+groomerId combo) | 403 Forbidden (RBAC `groomer` role lacks the appointment-linkage grant for this pet). NOTE: if 404 is returned instead of 403, file a separate RBAC defect (not against the seed) — see GRO-2100 verification note |
 | TC-API-3.29 | Get pet profile summary — unknown UUID returns 404 (GRO-2014) | GET /api/pets/00000000-0000-0000-0000-000000000001/profile-summary while authenticated (any role) | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014) |
 | TC-API-3.30 | Get pet profile summary — malformed UUID returns 404 (GRO-2014) | GET /api/pets/not-a-uuid/profile-summary while authenticated | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014 — Postgres uuid cast failure) |
 | TC-API-3.31 | Get pet profile summary — never empty-body 500 (GRO-2014) | GET /api/pets/{anyId}/profile-summary across the test sweep | No response has status 500 with an empty body. Any 500 must include a JSON body `{"error":"Internal Server Error"}` |

packages/db/migrations/0041_route_optimization.sql

@@ -1,66 +0,0 @@
--- Migration: 0041_route_optimization.sql
--- Route optimization schema: geocoding columns on clients, groomerRoutes +
--- routeStops tables, and route settings on business_settings.
--- Written idempotently so it is safe to re-run.
-
--- ─── Enums ────────────────────────────────────────────────────────────────────
-
-DO $$ BEGIN
-  CREATE TYPE "route_status" AS ENUM ('draft', 'optimized', 'in_progress', 'completed');
-EXCEPTION WHEN duplicate_object THEN NULL;
-END $$;
-
--- ─── Clients: geocoding columns ───────────────────────────────────────────────
-
-ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "latitude" double precision;
-ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "longitude" double precision;
-ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "geocoded_at" timestamp;
-
--- ─── Business settings: route optimization config ─────────────────────────────
-
-ALTER TABLE "business_settings"
-  ADD COLUMN IF NOT EXISTS "default_travel_buffer_mins" integer NOT NULL DEFAULT 15;
-ALTER TABLE "business_settings"
-  ADD COLUMN IF NOT EXISTS "route_optimization_provider" text DEFAULT 'nominatim';
--- Encrypted at rest at the application layer (AES-256-GCM).
-ALTER TABLE "business_settings"
-  ADD COLUMN IF NOT EXISTS "google_maps_api_key" text;
-
--- ─── Groomer routes table ─────────────────────────────────────────────────────
-
-CREATE TABLE IF NOT EXISTS "groomer_routes" (
-  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  "staff_id" uuid NOT NULL REFERENCES "staff"("id") ON DELETE CASCADE,
-  "route_date" date NOT NULL,
-  "status" "route_status" NOT NULL DEFAULT 'draft',
-  "total_travel_mins" integer,
-  "total_distance_km" numeric(8, 2),
-  "optimized_at" timestamp,
-  "created_at" timestamp NOT NULL DEFAULT now(),
-  "updated_at" timestamp NOT NULL DEFAULT now(),
-  CONSTRAINT "uq_groomer_routes_staff_date" UNIQUE ("staff_id", "route_date")
-);
-
-CREATE INDEX IF NOT EXISTS "idx_groomer_routes_staff_id"
-  ON "groomer_routes"("staff_id");
-
--- ─── Route stops table ────────────────────────────────────────────────────────
-
-CREATE TABLE IF NOT EXISTS "route_stops" (
-  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid(),
-  "route_id" uuid NOT NULL REFERENCES "groomer_routes"("id") ON DELETE CASCADE,
-  "appointment_id" uuid NOT NULL REFERENCES "appointments"("id") ON DELETE CASCADE,
-  "stop_order" integer NOT NULL,
-  "latitude" double precision NOT NULL,
-  "longitude" double precision NOT NULL,
-  "travel_mins_from_prev" integer,
-  "travel_distance_km_from_prev" numeric(8, 2),
-  "buffer_mins" integer NOT NULL DEFAULT 15,
-  "created_at" timestamp NOT NULL DEFAULT now(),
-  "updated_at" timestamp NOT NULL DEFAULT now(),
-  CONSTRAINT "uq_route_stops_route_appointment" UNIQUE ("route_id", "appointment_id"),
-  CONSTRAINT "uq_route_stops_route_order" UNIQUE ("route_id", "stop_order")
-);
-
-CREATE INDEX IF NOT EXISTS "idx_route_stops_route_id"
-  ON "route_stops"("route_id");

packages/db/migrations/meta/_journal.json

@@ -281,13 +281,6 @@
       "when": 1780000000002,
       "tag": "0040_register_missing_coat_type_values",
       "breakpoints": true
-    },
-    {
-      "idx": 41,
-      "version": "7",
-      "when": 1780000000003,
-      "tag": "0041_route_optimization",
-      "breakpoints": true
     }
   ]
-}
+}

packages/db/src/factories.ts

@@ -78,9 +78,6 @@ export function buildClient(overrides: Partial<ClientRow> = {}): ClientRow {
     stripeCustomerId: null,
     status: "active",
     disabledAt: null,
-    latitude: null,
-    longitude: null,
-    geocodedAt: null,
     createdAt: new Date("2025-01-01T00:00:00Z"),
     updatedAt: new Date("2025-01-01T00:00:00Z"),
     ...overrides,

packages/db/src/schema.ts

@@ -1,7 +1,5 @@
 import {
   boolean,
-  date,
-  doublePrecision,
   index,
   integer,
   jsonb,
@@ -142,10 +140,6 @@ export const clients = pgTable(
     stripeCustomerId: text("stripe_customer_id"),
     status: clientStatusEnum("status").notNull().default("active"),
     disabledAt: timestamp("disabled_at"),
-    // Geocoded coordinates for route optimization; null until geocoded.
-    latitude: doublePrecision("latitude"),
-    longitude: doublePrecision("longitude"),
-    geocodedAt: timestamp("geocoded_at"),
     createdAt: timestamp("created_at").notNull().defaultNow(),
     updatedAt: timestamp("updated_at").notNull().defaultNow(),
   },
@@ -561,16 +555,6 @@ export const businessSettings = pgTable("business_settings", {
   accentColor: text("accent_color").notNull().default("#8b7355"),
   messagingPhoneNumber: text("messaging_phone_number"),
   telnyxMessagingProfileId: text("telnyx_messaging_profile_id"),
-  // Route optimization settings.
-  defaultTravelBufferMins: integer("default_travel_buffer_mins")
-    .notNull()
-    .default(15),
-  routeOptimizationProvider: text("route_optimization_provider").default(
-    "nominatim"
-  ),
-  // Encrypted at rest at the application layer (AES-256-GCM), mirroring
-  // the handling of authProviderConfigs.clientSecret.
-  googleMapsApiKey: text("google_maps_api_key"),
   createdAt: timestamp("created_at").notNull().defaultNow(),
   updatedAt: timestamp("updated_at").notNull().defaultNow(),
 });
@@ -674,69 +658,3 @@ export const bufferRules = pgTable(
     index("idx_buffer_rules_service_id").on(t.serviceId),
   ]
 );
-
-// ─── Route Optimization ───────────────────────────────────────────────────────
-
-export const routeStatusEnum = pgEnum("route_status", [
-  "draft",
-  "optimized",
-  "in_progress",
-  "completed",
-]);
-
-// A groomer's optimized route for a single day. One row per (staff, date).
-export const groomerRoutes = pgTable(
-  "groomer_routes",
-  {
-    id: uuid("id").primaryKey().defaultRandom(),
-    staffId: uuid("staff_id")
-      .notNull()
-      .references(() => staff.id, { onDelete: "cascade" }),
-    routeDate: date("route_date", { mode: "string" }).notNull(),
-    status: routeStatusEnum("status").notNull().default("draft"),
-    // Populated once the route is optimized.
-    totalTravelMins: integer("total_travel_mins"),
-    totalDistanceKm: numeric("total_distance_km", { precision: 8, scale: 2 }),
-    optimizedAt: timestamp("optimized_at"),
-    createdAt: timestamp("created_at").notNull().defaultNow(),
-    updatedAt: timestamp("updated_at").notNull().defaultNow(),
-  },
-  (t) => [
-    // One route per groomer per day.
-    unique("uq_groomer_routes_staff_date").on(t.staffId, t.routeDate),
-    index("idx_groomer_routes_staff_id").on(t.staffId),
-  ]
-);
-
-// An ordered stop within a groomer's route, tied to an appointment.
-export const routeStops = pgTable(
-  "route_stops",
-  {
-    id: uuid("id").primaryKey().defaultRandom(),
-    routeId: uuid("route_id")
-      .notNull()
-      .references(() => groomerRoutes.id, { onDelete: "cascade" }),
-    appointmentId: uuid("appointment_id")
-      .notNull()
-      .references(() => appointments.id, { onDelete: "cascade" }),
-    stopOrder: integer("stop_order").notNull(),
-    latitude: doublePrecision("latitude").notNull(),
-    longitude: doublePrecision("longitude").notNull(),
-    // Null for the first stop in the route.
-    travelMinsFromPrev: integer("travel_mins_from_prev"),
-    travelDistanceKmFromPrev: numeric("travel_distance_km_from_prev", {
-      precision: 8,
-      scale: 2,
-    }),
-    bufferMins: integer("buffer_mins").notNull().default(15),
-    createdAt: timestamp("created_at").notNull().defaultNow(),
-    updatedAt: timestamp("updated_at").notNull().defaultNow(),
-  },
-  (t) => [
-    // An appointment appears at most once per route.
-    unique("uq_route_stops_route_appointment").on(t.routeId, t.appointmentId),
-    // Stop order is unique within a route.
-    unique("uq_route_stops_route_order").on(t.routeId, t.stopOrder),
-    index("idx_route_stops_route_id").on(t.routeId),
-  ]
-);