Merge pull request 'promote(uat→main): GRO-2123 seed advisory lock + GRO-2100 uat-groomer linkage ordering' (#157 ) from uat into main

Merge pull request 'chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129)' (#158 ) from dev into uat
chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129) (#158 )
2026-06-04 12:53:06 +00:00 · 2026-06-04 12:45:24 +00:00 · 2026-06-04 12:44:46 +00:00 · 2026-06-04 11:32:06 +00:00 · 2026-06-02 20:23:54 +00:00 · 2026-06-02 19:11:46 +00:00
5 changed files with 15 additions and 1351 deletions
@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "gitea": {
+      "type": "http",
+      "url": "https://git-mcp.farh.net/mcp",
+      "headers": {
+        "Authorization": "Bearer ${GITEA_TOKEN}"
+      }
+    }
+  }
+}
@@ -147,6 +147,8 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
 | TC-API-3.19b | Get pet profile summary — customer cross-tenant blocked (GRO-2013) | Sign in as `uat-customer@groombook.dev`; reuse the customer's sessionId from TC-API-3.19a; `GET /api/pets/{otherClientPetId}/profile-summary` for a pet owned by a different client (`c0000002-...` or any non-customer pet) | 403 Forbidden (owner-bypass requires session.clientId === pet.clientId) |
 | TC-API-3.19c | Get pet profile summary — customer without portal session header | Same as TC-API-3.19a but omit the `X-Impersonation-Session-Id` header | 403 Forbidden (no owner-bypass without valid portal session) |
 | TC-API-3.19d | Get pet profile summary — owner-bypass writes audit row (GRO-2063) | Same setup as TC-API-3.19a (sign in as `uat-customer@groombook.dev`, establish a portal session for the customer's own clientId, call `GET /api/pets/{ownPetId}/profile-summary` with `X-Impersonation-Session-Id: {sessionId}` and a 200 OK response). Then call `GET /api/impersonation/sessions/{sessionId}/audit-log` and confirm there is exactly one entry with `action === "read_profile_summary"`, `pageVisited` matching the profile-summary path, and `metadata` containing `petId` and `actorStaffId` for the customer. Repeat TC-API-3.19b (cross-tenant attempt) and confirm NO new `read_profile_summary` row was written for the cross-tenant attempt. | 200 OK on the profile-summary call AND an audit log entry is present with the correct shape (defense-in-depth audit row; bypass attempts against other clients must NOT log) |
+| TC-UAT-2 | Groomer accesses linked pet profile summary (GRO-2100) | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000002/profile-summary` (UAT Pup Alpha — linked via deterministic completed appointment `a0000001-0000-0000-0000-000000000001`, service `b0000001-…-0001` "Bath & Brush", `startTime` ~7 days ago) | 200 OK, `recentGroomingHistory[]` non-empty (>=1 entry), `visitCount >= 1`, `upcomingAppointment` null (the seeded appointment is in the past) |
+| TC-UAT-3 | Groomer blocked from unlinked pet profile summary (GRO-2100) | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000003/profile-summary` (UAT Pup Beta — intentionally UNLINKED; no appointment row references this pet's clientId+groomerId combo) | 403 Forbidden (RBAC `groomer` role lacks the appointment-linkage grant for this pet). NOTE: if 404 is returned instead of 403, file a separate RBAC defect (not against the seed) — see GRO-2100 verification note |
 | TC-API-3.29 | Get pet profile summary — unknown UUID returns 404 (GRO-2014) | GET /api/pets/00000000-0000-0000-0000-000000000001/profile-summary while authenticated (any role) | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014) |
 | TC-API-3.30 | Get pet profile summary — malformed UUID returns 404 (GRO-2014) | GET /api/pets/not-a-uuid/profile-summary while authenticated | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014 — Postgres uuid cast failure) |
 | TC-API-3.31 | Get pet profile summary — never empty-body 500 (GRO-2014) | GET /api/pets/{anyId}/profile-summary across the test sweep | No response has status 500 with an empty body. Any 500 must include a JSON body `{"error":"Internal Server Error"}` |
@@ -12,8 +12,8 @@
    "test": "vitest run",
    "db:generate": "drizzle-kit generate",
    "db:migrate": "drizzle-kit migrate",
-    "db:seed": "tsx src/db/seed.ts",
-    "db:reset": "tsx src/db/reset.ts && drizzle-kit migrate && tsx src/db/seed.ts",
+    "db:seed": "pnpm --filter @groombook/db seed",
+    "db:reset": "pnpm --filter @groombook/db reset",
    "db:studio": "drizzle-kit studio"
  },
  "dependencies": {
Author	SHA1	Message	Date
Flea Flicker	fc072d51f4	Merge pull request 'promote(uat→main): GRO-2123 seed advisory lock + GRO-2100 uat-groomer linkage ordering' (#157 ) from uat into main CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Images (push) Successful in 41s Details	2026-06-04 12:53:06 +00:00
Flea Flicker	6538406db2	Merge pull request 'chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129)' (#158 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 38s Details CI / Test (pull_request) Successful in 22s Details CI / Lint & Typecheck (pull_request) Successful in 25s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-04 12:45:24 +00:00
Flea Flicker	93be4d8f72	chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129) (#158 ) CI / Test (push) Successful in 15s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 38s Details chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129) (#158)	2026-06-04 12:44:46 +00:00
Flea Flicker	e2eacbc9fe	Merge pull request 'dev → uat: GRO-2123 seed advisory lock' (#156 ) from dev-to-uat-gro-2123 into uat CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 40s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 39s Details	2026-06-04 11:32:06 +00:00
Flea Flicker	e639cc82d1	chore(uat): GRO-2100 promote uat-groomer seed-linkage ordering fix to uat (#154 ) CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Images (push) Successful in 27s Details Co-authored-by: Flea Flicker <flea@groombook.dev> Co-committed-by: Flea Flicker <flea@groombook.dev>	2026-06-02 20:23:54 +00:00
Flea Flicker	f2931d7be2	Merge pull request 'Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage' (#152 ) from promote/dev-to-uat-gro-2100 into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 26s Details Merge pull request #152 from groombook/promote/dev-to-uat-gro-2100 Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage	2026-06-02 19:11:46 +00:00
Paperclip	d4a4ddce37	ci: retrigger GRO-2100 PR #152 Build & Push Docker Images (Reset image build failed — docker registry flake) CI / Test (pull_request) Successful in 13s Details CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Build & Push Docker Images (pull_request) Successful in 40s Details	2026-06-02 18:28:17 +00:00
Paperclip	bd384bdf5c	docs(UAT_PLAYBOOK): add TC-UAT-2/3 for uat-groomer linked/unlinked pet profile-summary (GRO-2100) CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Test (pull_request) Successful in 2m20s Details CI / Build & Push Docker Images (pull_request) Failing after 36s Details Lint Roller review on PR #152 flagged that the GRO-2100 seed change produces new observable UAT API behavior that the playbook must reflect. Add two deterministic rows pinning the contract GRO-1987 TC-UAT-2/3 will exercise: - TC-UAT-2: uat-groomer + linked pet c0000001-...-002 (UAT Pup Alpha) → 200 - TC-UAT-3: uat-groomer + unlinked pet c0000001-...-003 (UAT Pup Beta) → 403 The 403-vs-404 note in TC-UAT-3 mirrors the verification note in the GRO-2100 issue body so the QA runner knows where to file if the API returns 404 (a separate RBAC defect, not against the seed).	2026-06-02 18:24:40 +00:00
Scrubs McBarkley	c92fb2539d	promote(uat→main): owner-bypass audit fix (GRO-2062) + services seed-idempotency fix (GRO-2064) CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 25s Details	2026-06-02 06:00:02 +00:00
The Dogfather	411c42b2c4	Merge pull request 'Promote dev→uat: GRO-2033 services_pkey seed fix (`fc6c6ef7`)' (#149 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 39s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-02 05:06:34 +00:00
The Dogfather	bf97849324	promote(dev→uat): owner-bypass read audit row (GRO-2063) (#147 ) CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Images (push) Successful in 41s Details Promote GRO-2063 defense-in-depth audit row to uat. CI green. QA + CTO approved on dev PR #146. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 04:21:43 +00:00
Scrubs McBarkley	2a6242d3de	Merge pull request 'promote(main): GRO-2033 prod migration fix + GRO-2013/2014 + rbac auto-provision (uat→main)' (#145 ) from uat into main CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 30s Details promote(main): GRO-2033 prod migration fix + GRO-2013/2014 + rbac auto-provision (uat→main) CI green. UAT regression GRO-2035 PASS. Migrations 0039/0040 idempotent — signed off by CEO. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 03:22:21 +00:00
The Dogfather	7181d41b24	Merge pull request 'Promote dev→uat: rbac Better-Auth auto-provision (GRO-2052)' (#144 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Failing after 13s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details Promote dev→uat: rbac Better-Auth auto-provision (GRO-2052) Makes the pets.ts owner-bypass reachable for Better-Auth email/password customers by auto-provisioning a groomer staff row keyed on user.id. Unblocks GRO-2050 and GRO-2035. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 02:42:19 +00:00
The Dogfather	4e9c4c5e08	Merge pull request 'promote(uat): GRO-2013 owner-bypass + GRO-2033 idempotent migrations (dev→uat)' (#142 ) from dogfather/gro-2013-promote-uat into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-01 20:14:14 +00:00
The Dogfather	16c959434b	promote(uat): GRO-2013 owner-bypass + GRO-2033 idempotent migrations (dev→uat) CI / Test (pull_request) Successful in 11s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details Merge dev into uat. Resolves test-file/playbook conflicts created by PR #138's squash merge by taking dev's superset versions (verified: all GRO-2014 tests + TC ids preserved, plus GRO-2013 additions). No-ff merge so dev becomes an ancestor of uat, preventing future squash-divergence conflicts. Carries: - GRO-2013 deployed-tree owner-bypass (src/routes/pets.ts, reconciled 20-test file) - GRO-2033 idempotent migrations 0039/0040 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 20:10:51 +00:00
The Dogfather	23484dc90a	promote(uat): GRO-2014 profile-summary error-handling fix (dev→uat) (#138 ) CI / Test (push) Successful in 10s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-01 18:27:42 +00:00
Scrubs McBarkley	766728865e	Merge pull request 'promote: uat → main — pnpm-offline Docker hardening + accumulated UAT fixes (GRO-1985)' (#136 ) from uat into main CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 14s Details CI / Build & Push Docker Images (push) Successful in 1m19s Details promote: uat → main — pnpm-offline Docker hardening + accumulated UAT fixes (GRO-1985) UAT PASS: GRO-2015 Security PASS: GRO-2024 (Barkley Trimsworth) UAT CI: run #2313 — 3/3 jobs green (incl. offline pnpm smoke tests)	2026-06-01 18:07:30 +00:00
The Dogfather	6a81a52a50	Merge pull request 'Promote dev → uat: UAT seed-password source-of-truth playbook (GRO-2000)' (#134 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Successful in 27s Details CI / Test (pull_request) Successful in 11s Details CI / Lint & Typecheck (pull_request) Successful in 13s Details CI / Build & Push Docker Images (pull_request) Successful in 1m10s Details	2026-06-01 17:41:47 +00:00
The Dogfather	5a4b9a98bd	Merge pull request 'promote(docker): bake pnpm via npm to remove Corepack runtime downloads (GRO-1981)' (#133 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 14s Details CI / Build & Push Docker Images (push) Successful in 40s Details Promote GRO-1985 (parent GRO-1981) dev->uat. cc @cpfarhood	2026-06-01 16:30:54 +00:00
The Dogfather	f7f88156e1	Merge pull request 'promote(db): register extra_large via migration 0038 to UAT (GRO-2004)' (#131 ) from dev into uat CI / Test (push) Successful in 11s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Successful in 35s Details	2026-06-01 14:52:13 +00:00
The Dogfather	8af5a49d14	Merge pull request 'Promote dev→uat: GRO-1982 pet_size_category extra_large enum migration' (#126 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 37s Details Promote dev→uat: GRO-1983 seed-job pnpm fix + GRO-1982 extra_large enum migration Carries the accumulated dev state into uat (PR #125 docker pnpm fix + 0037 migration). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 12:44:20 +00:00
Scrubs McBarkley	403634eb96	Merge pull request 'promote: uat → main (GRO-1757 SSO auto-provision fix)' (#89 ) from uat into main CI / Lint & Typecheck (push) Successful in 9s Details CI / Test (push) Successful in 9s Details CI / Build & Push Docker Images (push) Successful in 50s Details	2026-05-26 02:15:57 +00:00
The Dogfather	152abfc4d5	fix(ci): remove duplicate provenance keys causing YAML parse error CI / Test (push) Successful in 9s Details CI / Lint & Typecheck (push) Successful in 12s Details CI / Build & Push Docker Images (push) Successful in 1m10s Details Duplicate 'provenance: false' in each docker/build-push-action step caused Gitea to reject the workflow file, breaking push CI and workflow_dispatch. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-26 01:26:05 +00:00
Flea Flicker	c8bbb12edb	Merge pull request 'promote(dev→main): GRO-1752 schema fix for UAT (CI trigger)' (#82 ) from dev into main	2026-05-25 23:28:27 +00:00
Flea Flicker	ba95088653	Merge pull request 'chore: trigger CI from uat for GRO-1754' (#81 ) from fix/gro-1754-uat-ci into main	2026-05-25 23:23:15 +00:00
Flea Flicker	dd83f29736	chore: trigger CI from uat for GRO-1754	2026-05-25 23:22:04 +00:00
Chris Farhood	185fce8e17	Add .mcp.json CI / Lint & Typecheck (push) Successful in 15s Details CI / Test (push) Successful in 13s Details CI / Build & Push Docker Images (push) Successful in 2m44s Details	2026-05-24 18:14:57 +00:00
Scrubs McBarkley	081379c189	Merge pull request 'promote: uat → main (GRO-1509 OIDC accountLinking fix)' (#46 ) from uat into main CI / Test (push) Successful in 9s Details CI / Lint & Typecheck (push) Successful in 12s Details CI / Build & Push Docker Images (push) Successful in 50s Details Merge uat → main: GRO-1509 OIDC accountLinking fix Sign-offs cleared: - QA: GRO-1510 ✓ - UAT: GRO-1515 ✓ - Security: GRO-1516 ✓ - Infra: groombook/infra PR #413 ✓	2026-05-22 14:03:43 +00:00
The Dogfather	e01c12a316	Merge pull request 'chore: migrate .github/workflows to .gitea/workflows' (#22 ) from gitea/migrate-workflows into main CI / Lint & Typecheck (push) Successful in 15s Details CI / Test (push) Successful in 20s Details CI / Build & Push Docker Image (push) Failing after 1m47s Details chore: migrate .github/workflows to .gitea/workflows Migrate CI workflow from GitHub Actions to Gitea Actions. - Registry: ghcr.io → git.farh.net - Auth: secrets.GITHUB_TOKEN → gitea.token - Cache: type=gha → type=registry Part of GRO-1315.	2026-05-20 01:34:04 +00:00