Merge pull request 'chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129)' (#158 ) from dev into uat

Merge pull request 'dev → uat: GRO-2123 seed advisory lock' (#156 ) from dev-to-uat-gro-2123 into uat
chore(uat): GRO-2100 promote uat-groomer seed-linkage ordering fix to uat (#154 )
2026-06-04 12:45:24 +00:00 · 2026-06-04 11:32:06 +00:00 · 2026-06-02 20:23:54 +00:00 · 2026-06-02 19:11:46 +00:00 · 2026-06-02 18:28:17 +00:00 · 2026-06-02 18:24:40 +00:00
3 changed files with 5 additions and 108 deletions
@@ -147,6 +147,8 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
 | TC-API-3.19b | Get pet profile summary — customer cross-tenant blocked (GRO-2013) | Sign in as `uat-customer@groombook.dev`; reuse the customer's sessionId from TC-API-3.19a; `GET /api/pets/{otherClientPetId}/profile-summary` for a pet owned by a different client (`c0000002-...` or any non-customer pet) | 403 Forbidden (owner-bypass requires session.clientId === pet.clientId) |
 | TC-API-3.19c | Get pet profile summary — customer without portal session header | Same as TC-API-3.19a but omit the `X-Impersonation-Session-Id` header | 403 Forbidden (no owner-bypass without valid portal session) |
 | TC-API-3.19d | Get pet profile summary — owner-bypass writes audit row (GRO-2063) | Same setup as TC-API-3.19a (sign in as `uat-customer@groombook.dev`, establish a portal session for the customer's own clientId, call `GET /api/pets/{ownPetId}/profile-summary` with `X-Impersonation-Session-Id: {sessionId}` and a 200 OK response). Then call `GET /api/impersonation/sessions/{sessionId}/audit-log` and confirm there is exactly one entry with `action === "read_profile_summary"`, `pageVisited` matching the profile-summary path, and `metadata` containing `petId` and `actorStaffId` for the customer. Repeat TC-API-3.19b (cross-tenant attempt) and confirm NO new `read_profile_summary` row was written for the cross-tenant attempt. | 200 OK on the profile-summary call AND an audit log entry is present with the correct shape (defense-in-depth audit row; bypass attempts against other clients must NOT log) |
+| TC-UAT-2 | Groomer accesses linked pet profile summary (GRO-2100) | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000002/profile-summary` (UAT Pup Alpha — linked via deterministic completed appointment `a0000001-0000-0000-0000-000000000001`, service `b0000001-…-0001` "Bath & Brush", `startTime` ~7 days ago) | 200 OK, `recentGroomingHistory[]` non-empty (>=1 entry), `visitCount >= 1`, `upcomingAppointment` null (the seeded appointment is in the past) |
+| TC-UAT-3 | Groomer blocked from unlinked pet profile summary (GRO-2100) | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000003/profile-summary` (UAT Pup Beta — intentionally UNLINKED; no appointment row references this pet's clientId+groomerId combo) | 403 Forbidden (RBAC `groomer` role lacks the appointment-linkage grant for this pet). NOTE: if 404 is returned instead of 403, file a separate RBAC defect (not against the seed) — see GRO-2100 verification note |
 | TC-API-3.29 | Get pet profile summary — unknown UUID returns 404 (GRO-2014) | GET /api/pets/00000000-0000-0000-0000-000000000001/profile-summary while authenticated (any role) | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014) |
 | TC-API-3.30 | Get pet profile summary — malformed UUID returns 404 (GRO-2014) | GET /api/pets/not-a-uuid/profile-summary while authenticated | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014 — Postgres uuid cast failure) |
 | TC-API-3.31 | Get pet profile summary — never empty-body 500 (GRO-2014) | GET /api/pets/{anyId}/profile-summary across the test sweep | No response has status 500 with an empty body. Any 500 must include a JSON body `{"error":"Internal Server Error"}` |
@@ -18,10 +18,9 @@
  "scripts": {
    "build": "tsc --project .",
    "generate": "drizzle-kit generate",
-    "wait-for-db": "node ./scripts/wait-for-db.mjs",
-    "migrate": "node ./scripts/wait-for-db.mjs && drizzle-kit migrate",
-    "seed": "node ./scripts/wait-for-db.mjs && tsx src/seed.ts",
-    "reset": "node ./scripts/wait-for-db.mjs && tsx src/reset.ts && drizzle-kit migrate && tsx src/seed.ts",
+    "migrate": "drizzle-kit migrate",
+    "seed": "tsx src/seed.ts",
+    "reset": "tsx src/reset.ts && drizzle-kit migrate && tsx src/seed.ts",
    "studio": "drizzle-kit studio",
    "typecheck": "tsc --noEmit"
  },
@@ -1,104 +0,0 @@
-#!/usr/bin/env node
-// wait-for-db.mjs
-//
-// GRO-2163: wait for / retry DNS resolution of the database hostname derived
-// from DATABASE_URL before invoking `drizzle-kit migrate`. The first attempt
-// of a fresh migrate-schema pod occasionally hits a transient CoreDNS miss
-// (EAI_AGAIN) on `groombook-postgres-rw.<ns>.svc`; with backoffLimit: 2 the
-// retry pod usually wins, but three unlucky attempts in a row trips
-// BackoffLimitExceeded. Resolving once here, with backoff, removes the dice
-// roll at the source so the first attempt reliably succeeds.
-//
-// Mirrors the belt-and-braces pattern used in GRO-1985 (no Corepack
-// download fallback): we don't try to outsmart CoreDNS, we just don't ask
-// drizzle-kit to do the very first DNS lookup of a freshly-scheduled pod.
-//
-// Configuration (env):
-//   WAIT_FOR_DB_MAX_ATTEMPTS  default 12  (~30s of total wait at default backoff)
-//   WAIT_FOR_DB_BASE_DELAY_MS default 500
-//   WAIT_FOR_DB_MAX_DELAY_MS  default 5000
-//   WAIT_FOR_DB_SKIP          default unset; set to "1" to skip (debug only)
-//
-// On success: exit 0. On exhaustion: exit 1 so the Job's backoff is
-// preserved (we don't want to silently mask a real outage by giving up
-// after 30s and letting drizzle-kit fail with a less-actionable error).
-
-import { setTimeout as delay } from "node:timers/promises";
-import dns from "node:dns/promises";
-
-const MAX_ATTEMPTS = Number(process.env.WAIT_FOR_DB_MAX_ATTEMPTS ?? 12);
-const BASE_DELAY_MS = Number(process.env.WAIT_FOR_DB_BASE_DELAY_MS ?? 500);
-const MAX_DELAY_MS = Number(process.env.WAIT_FOR_DB_MAX_DELAY_MS ?? 5000);
-
-function parseHost(databaseUrl) {
-  try {
-    return new URL(databaseUrl).hostname || null;
-  } catch {
-    return null;
-  }
-}
-
-async function resolveOnce(host) {
-  const start = Date.now();
-  const result = await dns.lookup(host);
-  return { address: result.address, ms: Date.now() - start };
-}
-
-async function main() {
-  if (process.env.WAIT_FOR_DB_SKIP === "1") {
-    console.log("[wait-for-db] WAIT_FOR_DB_SKIP=1, skipping");
-    return;
-  }
-  const databaseUrl = process.env.DATABASE_URL;
-  if (!databaseUrl) {
-    // Don't gate the migrate on a misconfigured env — let drizzle-kit fail
-    // loudly with its own clear error.
-    console.warn("[wait-for-db] DATABASE_URL not set; skipping");
-    return;
-  }
-  const host = parseHost(databaseUrl);
-  if (!host) {
-    console.warn(`[wait-for-db] could not parse hostname from DATABASE_URL; skipping`);
-    return;
-  }
-  console.log(
-    `[wait-for-db] host=${host} max_attempts=${MAX_ATTEMPTS} ` +
-      `base_delay_ms=${BASE_DELAY_MS} max_delay_ms=${MAX_DELAY_MS}`,
-  );
-
-  for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
-    try {
-      const { address, ms } = await resolveOnce(host);
-      console.log(`[wait-for-db] ok attempt=${attempt} host=${host} -> ${address} (${ms}ms)`);
-      return;
-    } catch (err) {
-      const code = err?.code ?? "UNKNOWN";
-      const transient = code === "EAI_AGAIN" || code === "ENOTFOUND" || code === "EAI_NODATA";
-      if (!transient) {
-        // Hard error (e.g. invalid hostname): surface and let drizzle-kit fail
-        // with a real error rather than spinning.
-        console.error(`[wait-for-db] non-transient DNS error attempt=${attempt} code=${code}: ${err.message}`);
-        process.exit(1);
-      }
-      if (attempt === MAX_ATTEMPTS) {
-        console.error(
-          `[wait-for-db] exhausted attempts=${MAX_ATTEMPTS} host=${host} last_code=${code}; exiting 1`,
-        );
-        process.exit(1);
-      }
-      const backoff = Math.min(
-        MAX_DELAY_MS,
-        BASE_DELAY_MS * 2 ** (attempt - 1) + Math.floor(Math.random() * BASE_DELAY_MS),
-      );
-      console.log(
-        `[wait-for-db] transient attempt=${attempt} code=${code} retry_in_ms=${backoff}`,
-      );
-      await delay(backoff);
-    }
-  }
-}
-
-main().catch((err) => {
-  console.error(`[wait-for-db] fatal: ${err?.message ?? err}`);
-  process.exit(1);
-});
Author	SHA1	Message	Date
Flea Flicker	6538406db2	Merge pull request 'chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129)' (#158 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 38s Details CI / Test (pull_request) Successful in 22s Details CI / Lint & Typecheck (pull_request) Successful in 25s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-04 12:45:24 +00:00
Flea Flicker	e2eacbc9fe	Merge pull request 'dev → uat: GRO-2123 seed advisory lock' (#156 ) from dev-to-uat-gro-2123 into uat CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 40s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 39s Details	2026-06-04 11:32:06 +00:00
Flea Flicker	e639cc82d1	chore(uat): GRO-2100 promote uat-groomer seed-linkage ordering fix to uat (#154 ) CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Images (push) Successful in 27s Details Co-authored-by: Flea Flicker <flea@groombook.dev> Co-committed-by: Flea Flicker <flea@groombook.dev>	2026-06-02 20:23:54 +00:00
Flea Flicker	f2931d7be2	Merge pull request 'Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage' (#152 ) from promote/dev-to-uat-gro-2100 into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 26s Details Merge pull request #152 from groombook/promote/dev-to-uat-gro-2100 Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage	2026-06-02 19:11:46 +00:00
Paperclip	d4a4ddce37	ci: retrigger GRO-2100 PR #152 Build & Push Docker Images (Reset image build failed — docker registry flake) CI / Test (pull_request) Successful in 13s Details CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Build & Push Docker Images (pull_request) Successful in 40s Details	2026-06-02 18:28:17 +00:00
Paperclip	bd384bdf5c	docs(UAT_PLAYBOOK): add TC-UAT-2/3 for uat-groomer linked/unlinked pet profile-summary (GRO-2100) CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Test (pull_request) Successful in 2m20s Details CI / Build & Push Docker Images (pull_request) Failing after 36s Details Lint Roller review on PR #152 flagged that the GRO-2100 seed change produces new observable UAT API behavior that the playbook must reflect. Add two deterministic rows pinning the contract GRO-1987 TC-UAT-2/3 will exercise: - TC-UAT-2: uat-groomer + linked pet c0000001-...-002 (UAT Pup Alpha) → 200 - TC-UAT-3: uat-groomer + unlinked pet c0000001-...-003 (UAT Pup Beta) → 403 The 403-vs-404 note in TC-UAT-3 mirrors the verification note in the GRO-2100 issue body so the QA runner knows where to file if the API returns 404 (a separate RBAC defect, not against the seed).	2026-06-02 18:24:40 +00:00
The Dogfather	411c42b2c4	Merge pull request 'Promote dev→uat: GRO-2033 services_pkey seed fix (`fc6c6ef7`)' (#149 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 39s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-02 05:06:34 +00:00
The Dogfather	bf97849324	promote(dev→uat): owner-bypass read audit row (GRO-2063) (#147 ) CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Images (push) Successful in 41s Details Promote GRO-2063 defense-in-depth audit row to uat. CI green. QA + CTO approved on dev PR #146. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 04:21:43 +00:00
The Dogfather	7181d41b24	Merge pull request 'Promote dev→uat: rbac Better-Auth auto-provision (GRO-2052)' (#144 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Failing after 13s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details Promote dev→uat: rbac Better-Auth auto-provision (GRO-2052) Makes the pets.ts owner-bypass reachable for Better-Auth email/password customers by auto-provisioning a groomer staff row keyed on user.id. Unblocks GRO-2050 and GRO-2035. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 02:42:19 +00:00
The Dogfather	4e9c4c5e08	Merge pull request 'promote(uat): GRO-2013 owner-bypass + GRO-2033 idempotent migrations (dev→uat)' (#142 ) from dogfather/gro-2013-promote-uat into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-01 20:14:14 +00:00
The Dogfather	16c959434b	promote(uat): GRO-2013 owner-bypass + GRO-2033 idempotent migrations (dev→uat) CI / Test (pull_request) Successful in 11s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details Merge dev into uat. Resolves test-file/playbook conflicts created by PR #138's squash merge by taking dev's superset versions (verified: all GRO-2014 tests + TC ids preserved, plus GRO-2013 additions). No-ff merge so dev becomes an ancestor of uat, preventing future squash-divergence conflicts. Carries: - GRO-2013 deployed-tree owner-bypass (src/routes/pets.ts, reconciled 20-test file) - GRO-2033 idempotent migrations 0039/0040 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 20:10:51 +00:00
The Dogfather	23484dc90a	promote(uat): GRO-2014 profile-summary error-handling fix (dev→uat) (#138 ) CI / Test (push) Successful in 10s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-01 18:27:42 +00:00
The Dogfather	6a81a52a50	Merge pull request 'Promote dev → uat: UAT seed-password source-of-truth playbook (GRO-2000)' (#134 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Successful in 27s Details CI / Test (pull_request) Successful in 11s Details CI / Lint & Typecheck (pull_request) Successful in 13s Details CI / Build & Push Docker Images (pull_request) Successful in 1m10s Details	2026-06-01 17:41:47 +00:00
The Dogfather	5a4b9a98bd	Merge pull request 'promote(docker): bake pnpm via npm to remove Corepack runtime downloads (GRO-1981)' (#133 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 14s Details CI / Build & Push Docker Images (push) Successful in 40s Details Promote GRO-1985 (parent GRO-1981) dev->uat. cc @cpfarhood	2026-06-01 16:30:54 +00:00
The Dogfather	f7f88156e1	Merge pull request 'promote(db): register extra_large via migration 0038 to UAT (GRO-2004)' (#131 ) from dev into uat CI / Test (push) Successful in 11s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Successful in 35s Details	2026-06-01 14:52:13 +00:00
The Dogfather	8af5a49d14	Merge pull request 'Promote dev→uat: GRO-1982 pet_size_category extra_large enum migration' (#126 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 37s Details Promote dev→uat: GRO-1983 seed-job pnpm fix + GRO-1982 extra_large enum migration Carries the accumulated dev state into uat (PR #125 docker pnpm fix + 0037 migration). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 12:44:20 +00:00