Merge pull request 'Promote dev → uat: GRO-2359 clients-from-auth endpoint' (#213 ) from promote/GRO-2359-dev-to-uat into uat

Promote dev → uat: GRO-2359 clients-from-auth endpoint (#213)
feat(GRO-2359): add POST /api/portal/clients-from-auth for OOBE (web)
2026-06-11 16:44:52 +00:00 · 2026-06-11 16:35:26 +00:00 · 2026-06-10 09:24:53 +00:00 · 2026-06-10 09:17:15 +00:00 · 2026-06-09 11:04:16 +00:00 · 2026-06-09 09:56:34 +00:00
2 changed files with 2 additions and 6 deletions
@@ -108,8 +108,6 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
 | TC-API-1.24 | Complete setup creates super user | POST /api/setup with business name (after TC-API-1.23) | First user becomes super user, setup completes | Setup errors, 403 on admin endpoints |
 | TC-API-1.25 | Super user accesses admin features | After TC-API-1.24, GET /api/staff/me and verify isSuperUser: true | isSuperUser: true, admin endpoints accessible | 403 on admin, isSuperUser: false |
 | TC-API-1.26 | Auto-provision skipped during OOBE | During fresh setup (needsSetup: true), complete OIDC login — verify no duplicate staff record created before setup completes | No duplicate staff, OOBE completes successfully | Duplicate staff record, 403 before setup, auto-provision interferes with OOBE |
 | TC-API-1.27 | Multi-origin CORS — demo host sign-in | `POST /api/auth/sign-in/social` with `callbackURL=https://demo.groombook.dev` | 200 OK, no origin-mismatch error | 400/403 "Origin mismatch" |
 | TC-API-1.28 | Multi-origin CORS — farh.net host sign-in | `POST /api/auth/sign-in/social` with `callbackURL=https://groombook.farh.net` | 200 OK, no origin-mismatch error | 400/403 "Origin mismatch" |
 ### 4.2 Client Management
@@ -118,8 +118,7 @@ export async function initAuth(): Promise<void> {
          updateAge: 60 * 60 * 24,
          cookieCache: { enabled: false },
        },
-        trustedOrigins: (process.env.CORS_ORIGIN ?? "http://localhost:5173")
+        trustedOrigins: [process.env.CORS_ORIGIN ?? "http://localhost:5173"],
          .split(",").map((s) => s.trim()).filter(Boolean),
      });
      return;
    }
@@ -309,8 +308,7 @@ export async function initAuth(): Promise<void> {
          maxAge: 5 * 60, // 5 minutes
        },
      },
-      trustedOrigins: (process.env.CORS_ORIGIN ?? "http://localhost:5173")
+      trustedOrigins: [process.env.CORS_ORIGIN ?? "http://localhost:5173"],
        .split(",").map((s) => s.trim()).filter(Boolean),
    });
  })();
Author	SHA1	Message	Date
Flea Flicker	a629331a04	Merge pull request 'Promote dev → uat: GRO-2359 clients-from-auth endpoint' (#213 ) from promote/GRO-2359-dev-to-uat into uat CI / Test (push) Successful in 27s Details CI / Lint & Typecheck (push) Successful in 34s Details CI / Build & Push Docker Images (push) Successful in 38s Details Promote dev → uat: GRO-2359 clients-from-auth endpoint (#213)	2026-06-11 16:44:52 +00:00
Flea Flicker	5363e1d5dc	feat(GRO-2359): add POST /api/portal/clients-from-auth for OOBE (web) CI / Test (pull_request) Successful in 28s Details CI / Lint & Typecheck (pull_request) Successful in 34s Details CI / Build & Push Docker Images (pull_request) Successful in 42s Details The OOBE flow on the web portal calls this endpoint to create a fresh `clients` row bound to the Better Auth user's email when the SSO bridge returns 404. Returns 201 on success, 409 if a client with that email already exists (portal-selection case), 401/503 on auth issues, 400 on invalid body. The OOBE success path navigates the user back to `/` and lets the existing `session-from-auth` re-bridge; the new client is now resolvable by email, so the bridge mints a real portal session. Tests cover: 401 (no session), 400 (zod), 201 + persisted values (name trimmed, optional fields normalized to null), 409 (existing client or unique-constraint race), 503 (auth not configured). Paired with the web PR on `feature/2357-p2-sso-to-oobe-routing`. Co-Authored-By: Paperclip <noreply@paperclip.ing> (cherry picked from commit `cdeebec021`)	2026-06-11 16:35:26 +00:00
Flea Flicker	4cc51b32d3	Merge pull request 'Promote dev → uat: GRO-2342 portal waitlist service {id, name}' (#209 ) from promote/dev-to-uat-gro-2342 into uat CI / Test (push) Successful in 27s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Build & Push Docker Images (push) Successful in 26s Details CI / Test (pull_request) Successful in 24s Details CI / Lint & Typecheck (pull_request) Failing after 10m19s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details	2026-06-10 09:24:53 +00:00
Flea Flicker	e932050b45	Promote dev → uat: GRO-2342 portal waitlist service {id, name} CI / Test (pull_request) Successful in 25s Details CI / Lint & Typecheck (pull_request) Successful in 25s Details CI / Build & Push Docker Images (pull_request) Successful in 33s Details Resolves conflicts in UAT_PLAYBOOK.md, src/routes/portal.ts, and src/__tests__/portal.test.ts (dev side wins — GRO-2342 changes are the only diff in scope). Carries forward GRO-2139 reset.ts advisory lock + GRO-2294 infra mcp trigger that were merged to dev but not yet promoted to uat. - src/routes/portal.ts: GET /portal/appointments now populates service: {id, name} on both the synthetic waitlist card and the appointment card (was {id} only). Same shape, no portal change required. - src/__tests__/portal.test.ts: services mock + TC-API-8.20 GRO-2342 assertions on the synthetic waitlist card service name. - UAT_PLAYBOOK.md: TC-API-8.20 (GRO-2342) appended; TC-API-8.19 (GRO-2319) retained verbatim. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-10 09:17:15 +00:00
Flea Flicker	18640908ed	feat(GRO-2319): dev→uat — portal waitlist surfacing + seed (api) (#205 ) CI / Test (push) Successful in 30s Details CI / Lint & Typecheck (push) Successful in 36s Details CI / Build & Push Docker Images (push) Successful in 1m15s Details	2026-06-09 11:04:16 +00:00
Flea Flicker	807ccb455f	dev → uat: GRO-2311 seed portal StatusBadge appointments (#201 ) (#202 ) CI / Lint & Typecheck (push) Successful in 28s Details CI / Test (push) Successful in 24s Details CI / Build & Push Docker Images (push) Successful in 1m23s Details	2026-06-09 09:56:34 +00:00
Flea Flicker	c4385617c6	dev → uat: GRO-2172 extended pet fields (#200 ) CI / Test (push) Successful in 23s Details CI / Lint & Typecheck (push) Successful in 24s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-09 09:22:12 +00:00
Flea Flicker	8cd5a2ef4d	dev → uat: GRO-2299 redact googleMapsApiKey from PATCH /api/admin/settings (#196 ) CI / Test (push) Failing after 10m55s Details CI / Lint & Typecheck (push) Failing after 10m55s Details CI / Build & Push Docker Images (push) Has been skipped Details	2026-06-09 06:58:39 +00:00
Flea Flicker	2566fb8f20	Promote GRO-2294 to UAT: Route Optimization security hardening (#194 ) CI / Lint & Typecheck (push) Successful in 28s Details CI / Test (push) Successful in 29s Details CI / Build & Push Docker Images (push) Successful in 39s Details CI / Test (pull_request) Successful in 25s Details CI / Lint & Typecheck (pull_request) Successful in 37s Details CI / Build & Push Docker Images (pull_request) Successful in 1m8s Details	2026-06-09 06:27:17 +00:00
Lint Roller	4868f18dfd	Merge pull request 'Promote dev→uat: GRO-2225 + GRO-2235 + GRO-2157 (atomic)' (#188 ) from promote/dev-to-uat-gro-2225 into uat CI / Test (push) Successful in 29s Details CI / Lint & Typecheck (push) Successful in 36s Details CI / Build & Push Docker Images (push) Successful in 41s Details CI / Test (pull_request) Successful in 28s Details CI / Lint & Typecheck (pull_request) Successful in 31s Details CI / Build & Push Docker Images (pull_request) Successful in 1m17s Details Promote dev→uat: GRO-2225 + GRO-2235 + GRO-2157 (atomic) QA-approved on `37e42b3`. CI green (Test, Lint & Typecheck, Build & Push).	2026-06-09 00:26:18 +00:00
Flea Flicker	37e42b3104	ci: re-trigger checks (transient pnpm/action-setup runner flake) CI / Test (pull_request) Successful in 26s Details CI / Lint & Typecheck (pull_request) Successful in 30s Details CI / Build & Push Docker Images (pull_request) Successful in 27s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-09 00:21:03 +00:00
Flea Flicker	d617c69571	Merge remote-tracking branch 'origin/dev' into promote/dev-to-uat-gro-2225 CI / Test (pull_request) Failing after 5s Details CI / Lint & Typecheck (pull_request) Successful in 28s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details	2026-06-09 00:18:24 +00:00
Flea Flicker	76d9850464	Promote dev→uat: GRO-2225 UAT seed route cohort + receptionist credential CI / Test (pull_request) Successful in 30s Details CI / Lint & Typecheck (pull_request) Successful in 31s Details CI / Build & Push Docker Images (pull_request) Failing after 15s Details	2026-06-08 23:16:51 +00:00
Flea Flicker	96dbb8c41d	Merge pull request 'Promote dev → uat: GRO-2155/2156/2203/2211/2163 + GRO-2234 (cumulative batch)' (#182 ) from flea/dev-to-uat-gro-2156 into uat CI / Test (push) Successful in 25s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Build & Push Docker Images (push) Successful in 1m24s Details CI / Test (pull_request) Successful in 27s Details CI / Lint & Typecheck (pull_request) Successful in 30s Details CI / Build & Push Docker Images (pull_request) Successful in 1m11s Details	2026-06-08 19:42:25 +00:00
Flea Flicker	636fa713e1	Merge dev into uat: add GRO-2234 portal session sliding TTL + re-mint to dev→uat batch CI / Test (pull_request) Successful in 28s Details CI / Lint & Typecheck (pull_request) Successful in 28s Details CI / Build & Push Docker Images (pull_request) Successful in 27s Details	2026-06-08 19:17:15 +00:00
Flea Flicker	6120b96c7c	Merge dev into uat: promote GRO-2156 route travel buffer + reorder (Phase 2.2) CI / Test (pull_request) Successful in 26s Details CI / Lint & Typecheck (pull_request) Successful in 28s Details CI / Build & Push Docker Images (pull_request) Successful in 1m2s Details Resolves UAT_PLAYBOOK.md conflict by unioning uat-only TC-UAT-2/3 (GRO-2100) with dev's §4.16 update + new §4.17. Code files taken from dev (superset). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-08 18:11:05 +00:00
Flea Flicker	eb92f99c4a	dev → uat: GRO-2203 portal pet PATCH malformed-petId 500→404 (#178 ) CI / Test (push) Successful in 27s Details CI / Lint & Typecheck (push) Successful in 32s Details CI / Build & Push Docker Images (push) Successful in 1m1s Details CI / Test (pull_request) Successful in 27s Details CI / Lint & Typecheck (pull_request) Successful in 31s Details CI / Build & Push Docker Images (pull_request) Successful in 1m4s Details	2026-06-08 17:53:01 +00:00
Flea Flicker	587fd4ec95	dev → uat: GRO-2155 route optimization endpoints (carries GRO-2163) (#176 ) CI / Test (push) Successful in 26s Details CI / Lint & Typecheck (push) Successful in 27s Details CI / Build & Push Docker Images (push) Successful in 25s Details	2026-06-08 16:45:44 +00:00
Flea Flicker	8cf72d926d	dev → uat: portal photoKey S3 key-hijack fix (GRO-2187/GRO-2198) (#173 ) CI / Test (push) Successful in 22s Details CI / Lint & Typecheck (push) Successful in 27s Details CI / Build & Push Docker Images (push) Successful in 43s Details CI / Test (pull_request) Successful in 27s Details CI / Lint & Typecheck (pull_request) Successful in 32s Details CI / Build & Push Docker Images (pull_request) Successful in 39s Details	2026-06-08 12:39:52 +00:00
Flea Flicker	8721f0b63c	dev → uat: GRO-2154 geocoding endpoints (Phase 1.3) (#171 ) CI / Test (push) Successful in 24s Details CI / Lint & Typecheck (push) Successful in 27s Details CI / Build & Push Docker Images (push) Successful in 35s Details	2026-06-08 12:06:43 +00:00
Flea Flicker	027e012a58	Merge pull request 'dev → uat: GRO-2153 abstracted geocoding service' (#168 ) from dev-to-uat-gro-2153 into uat CI / Test (push) Successful in 1m5s Details CI / Lint & Typecheck (push) Successful in 43m29s Details CI / Build & Push Docker Images (push) Successful in 1m7s Details	2026-06-08 10:51:17 +00:00
Flea Flicker	b3db206588	Merge pull request 'dev → uat: GRO-2187 portal pet PATCH + GET enrichment (carries GRO-2152)' (#166 ) from dev-to-uat-gro-2187 into uat CI / Test (push) Successful in 1m19s Details CI / Lint & Typecheck (push) Successful in 1m25s Details CI / Build & Push Docker Images (push) Successful in 3m58s Details	2026-06-08 10:02:17 +00:00
Flea Flicker	6538406db2	Merge pull request 'chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129)' (#158 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 38s Details CI / Test (pull_request) Successful in 22s Details CI / Lint & Typecheck (pull_request) Successful in 25s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-04 12:45:24 +00:00
Flea Flicker	e2eacbc9fe	Merge pull request 'dev → uat: GRO-2123 seed advisory lock' (#156 ) from dev-to-uat-gro-2123 into uat CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 40s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 39s Details	2026-06-04 11:32:06 +00:00
Flea Flicker	e639cc82d1	chore(uat): GRO-2100 promote uat-groomer seed-linkage ordering fix to uat (#154 ) CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Images (push) Successful in 27s Details Co-authored-by: Flea Flicker <flea@groombook.dev> Co-committed-by: Flea Flicker <flea@groombook.dev>	2026-06-02 20:23:54 +00:00
Flea Flicker	f2931d7be2	Merge pull request 'Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage' (#152 ) from promote/dev-to-uat-gro-2100 into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 26s Details Merge pull request #152 from groombook/promote/dev-to-uat-gro-2100 Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage	2026-06-02 19:11:46 +00:00
Paperclip	d4a4ddce37	ci: retrigger GRO-2100 PR #152 Build & Push Docker Images (Reset image build failed — docker registry flake) CI / Test (pull_request) Successful in 13s Details CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Build & Push Docker Images (pull_request) Successful in 40s Details	2026-06-02 18:28:17 +00:00
Paperclip	bd384bdf5c	docs(UAT_PLAYBOOK): add TC-UAT-2/3 for uat-groomer linked/unlinked pet profile-summary (GRO-2100) CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Test (pull_request) Successful in 2m20s Details CI / Build & Push Docker Images (pull_request) Failing after 36s Details Lint Roller review on PR #152 flagged that the GRO-2100 seed change produces new observable UAT API behavior that the playbook must reflect. Add two deterministic rows pinning the contract GRO-1987 TC-UAT-2/3 will exercise: - TC-UAT-2: uat-groomer + linked pet c0000001-...-002 (UAT Pup Alpha) → 200 - TC-UAT-3: uat-groomer + unlinked pet c0000001-...-003 (UAT Pup Beta) → 403 The 403-vs-404 note in TC-UAT-3 mirrors the verification note in the GRO-2100 issue body so the QA runner knows where to file if the API returns 404 (a separate RBAC defect, not against the seed).	2026-06-02 18:24:40 +00:00
The Dogfather	411c42b2c4	Merge pull request 'Promote dev→uat: GRO-2033 services_pkey seed fix (`fc6c6ef7`)' (#149 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 39s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-02 05:06:34 +00:00
The Dogfather	bf97849324	promote(dev→uat): owner-bypass read audit row (GRO-2063) (#147 ) CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Images (push) Successful in 41s Details Promote GRO-2063 defense-in-depth audit row to uat. CI green. QA + CTO approved on dev PR #146. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 04:21:43 +00:00
The Dogfather	7181d41b24	Merge pull request 'Promote dev→uat: rbac Better-Auth auto-provision (GRO-2052)' (#144 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Failing after 13s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details Promote dev→uat: rbac Better-Auth auto-provision (GRO-2052) Makes the pets.ts owner-bypass reachable for Better-Auth email/password customers by auto-provisioning a groomer staff row keyed on user.id. Unblocks GRO-2050 and GRO-2035. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 02:42:19 +00:00
The Dogfather	4e9c4c5e08	Merge pull request 'promote(uat): GRO-2013 owner-bypass + GRO-2033 idempotent migrations (dev→uat)' (#142 ) from dogfather/gro-2013-promote-uat into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-01 20:14:14 +00:00
The Dogfather	16c959434b	promote(uat): GRO-2013 owner-bypass + GRO-2033 idempotent migrations (dev→uat) CI / Test (pull_request) Successful in 11s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details Merge dev into uat. Resolves test-file/playbook conflicts created by PR #138's squash merge by taking dev's superset versions (verified: all GRO-2014 tests + TC ids preserved, plus GRO-2013 additions). No-ff merge so dev becomes an ancestor of uat, preventing future squash-divergence conflicts. Carries: - GRO-2013 deployed-tree owner-bypass (src/routes/pets.ts, reconciled 20-test file) - GRO-2033 idempotent migrations 0039/0040 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 20:10:51 +00:00
The Dogfather	23484dc90a	promote(uat): GRO-2014 profile-summary error-handling fix (dev→uat) (#138 ) CI / Test (push) Successful in 10s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-01 18:27:42 +00:00
The Dogfather	6a81a52a50	Merge pull request 'Promote dev → uat: UAT seed-password source-of-truth playbook (GRO-2000)' (#134 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Successful in 27s Details CI / Test (pull_request) Successful in 11s Details CI / Lint & Typecheck (pull_request) Successful in 13s Details CI / Build & Push Docker Images (pull_request) Successful in 1m10s Details	2026-06-01 17:41:47 +00:00
The Dogfather	5a4b9a98bd	Merge pull request 'promote(docker): bake pnpm via npm to remove Corepack runtime downloads (GRO-1981)' (#133 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 14s Details CI / Build & Push Docker Images (push) Successful in 40s Details Promote GRO-1985 (parent GRO-1981) dev->uat. cc @cpfarhood	2026-06-01 16:30:54 +00:00
The Dogfather	f7f88156e1	Merge pull request 'promote(db): register extra_large via migration 0038 to UAT (GRO-2004)' (#131 ) from dev into uat CI / Test (push) Successful in 11s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Successful in 35s Details	2026-06-01 14:52:13 +00:00
The Dogfather	8af5a49d14	Merge pull request 'Promote dev→uat: GRO-1982 pet_size_category extra_large enum migration' (#126 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 37s Details Promote dev→uat: GRO-1983 seed-job pnpm fix + GRO-1982 extra_large enum migration Carries the accumulated dev state into uat (PR #125 docker pnpm fix + 0037 migration). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 12:44:20 +00:00