fix(GRO-2586): enforce trusted-origins allowlist on Better Auth CORS responses (#219 )

fix(GRO-2586): enforce trusted-origins allowlist on Better Auth CORS responses Co-Authored-By: Paperclip <noreply@paperclip.ing>
chore: promote dev → uat (GRO-2425 comma-split CORS_ORIGIN) (#217 )
2026-06-26 13:36:45 +00:00 · 2026-06-18 01:30:43 +00:00 · 2026-06-11 16:44:52 +00:00 · 2026-06-11 16:35:26 +00:00 · 2026-06-10 09:24:53 +00:00 · 2026-06-10 09:17:15 +00:00
4 changed files with 89 additions and 2 deletions
@@ -110,6 +110,9 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
 | TC-API-1.26 | Auto-provision skipped during OOBE | During fresh setup (needsSetup: true), complete OIDC login — verify no duplicate staff record created before setup completes | No duplicate staff, OOBE completes successfully | Duplicate staff record, 403 before setup, auto-provision interferes with OOBE |
 | TC-API-1.27 | Multi-origin CORS — demo host sign-in | `POST /api/auth/sign-in/social` with `callbackURL=https://demo.groombook.dev` | 200 OK, no origin-mismatch error | 400/403 "Origin mismatch" |
 | TC-API-1.28 | Multi-origin CORS — farh.net host sign-in | `POST /api/auth/sign-in/social` with `callbackURL=https://groombook.farh.net` | 200 OK, no origin-mismatch error | 400/403 "Origin mismatch" |
+| TC-API-1.29 | CORS — untrusted origin blocked (GRO-2586) | POST /api/auth/sign-in/social with `Origin: https://evil.example.com` header | Response has **no** `Access-Control-Allow-Origin` header — attacker origin is not reflected | `Access-Control-Allow-Origin: https://evil.example.com` present in response |
+| TC-API-1.30 | CORS — trusted origin allowed (GRO-2586) | POST /api/auth/sign-in/social with `Origin: https://uat.groombook.dev` header | `Access-Control-Allow-Origin: https://uat.groombook.dev` + `Access-Control-Allow-Credentials: true` | CORS header absent or trusted origin rejected |
+| TC-API-1.31 | CORS — untrusted preflight blocked (GRO-2586) | `curl -i -X OPTIONS https://uat.groombook.dev/api/auth/sign-in/social -H 'Origin: https://evil.example.com' -H 'Access-Control-Request-Method: POST'` | Response has **no** `Access-Control-Allow-Origin: https://evil.example.com` | Preflight reflects attacker origin |

 ### 4.2 Client Management

@@ -0,0 +1,60 @@
+import { describe, it, expect } from "vitest";
+import { enforceAuthCors } from "../lib/auth-cors.js";
+
+const TRUSTED = ["https://uat.groombook.dev", "https://dev.groombook.dev"];
+
+/** Simulates Better Auth reflecting the request Origin (the pre-fix bug). */
+function makeReflectedResponse(origin: string | null): Response {
+  return new Response('{"ok":true}', {
+    status: 200,
+    headers: {
+      "Content-Type": "application/json",
+      ...(origin
+        ? {
+            "Access-Control-Allow-Origin": origin,
+            "Access-Control-Allow-Credentials": "true",
+          }
+        : {}),
+    },
+  });
+}
+
+describe("enforceAuthCors (GRO-2586)", () => {
+  it("passes trusted origin through with credentials", () => {
+    const origin = "https://uat.groombook.dev";
+    const res = enforceAuthCors(origin, TRUSTED, makeReflectedResponse(origin));
+    expect(res.headers.get("Access-Control-Allow-Origin")).toBe(origin);
+    expect(res.headers.get("Access-Control-Allow-Credentials")).toBe("true");
+  });
+
+  it("strips ACAO for attacker origin (credentialed cross-origin read blocked)", () => {
+    const origin = "https://evil.example.com";
+    const res = enforceAuthCors(origin, TRUSTED, makeReflectedResponse(origin));
+    expect(res.headers.get("Access-Control-Allow-Origin")).toBeNull();
+    expect(res.headers.get("Access-Control-Allow-Credentials")).toBeNull();
+  });
+
+  it("strips ACAO when no Origin header (undefined)", () => {
+    const res = enforceAuthCors(undefined, TRUSTED, makeReflectedResponse(null));
+    expect(res.headers.get("Access-Control-Allow-Origin")).toBeNull();
+    expect(res.headers.get("Access-Control-Allow-Credentials")).toBeNull();
+  });
+
+  it("preserves non-CORS response headers and status from Better Auth", () => {
+    const origin = "https://evil.example.com";
+    const res = enforceAuthCors(origin, TRUSTED, makeReflectedResponse(origin));
+    expect(res.headers.get("Content-Type")).toBe("application/json");
+    expect(res.status).toBe(200);
+  });
+
+  it("second trusted origin is also allowed", () => {
+    const origin = "https://dev.groombook.dev";
+    const res = enforceAuthCors(origin, TRUSTED, makeReflectedResponse(origin));
+    expect(res.headers.get("Access-Control-Allow-Origin")).toBe(origin);
+  });
+
+  it("empty string origin is treated as untrusted", () => {
+    const res = enforceAuthCors("", TRUSTED, makeReflectedResponse(""));
+    expect(res.headers.get("Access-Control-Allow-Origin")).toBeNull();
+  });
+});
@@ -3,6 +3,7 @@ import { Hono } from "hono";
 import { logger } from "hono/logger";
 import { cors } from "hono/cors";
 import { getAuth, initAuth, getActiveProviders } from "./lib/auth.js";
+import { enforceAuthCors } from "./lib/auth-cors.js";
 import { clientsRouter } from "./routes/clients.js";
 import { petsRouter } from "./routes/pets.js";
 import { servicesRouter } from "./routes/services.js";
@@ -200,9 +201,10 @@ api.use("*", resolveStaffMiddleware);
 // Better-Auth handler — mounted as sub-app to handle all /api/auth/* routes
 // authMiddleware and resolveStaffMiddleware both skip /api/auth/ paths
 const authRouter = new Hono();
-authRouter.all("/*", (c) => {
+authRouter.all("/*", async (c) => {
  try {
-    return getAuth().handler(c.req.raw);
+    const res = await getAuth().handler(c.req.raw);
+    return enforceAuthCors(c.req.header("origin"), TRUSTED_ORIGINS, res);
  } catch {
    return c.json({ error: "Authentication not configured" }, 503);
  }
@@ -0,0 +1,22 @@
+/**
+ * Enforces the trusted-origins CORS allowlist on a raw Response from Better Auth.
+ * Better Auth reflects the request Origin into Access-Control-Allow-Origin
+ * regardless of the trustedOrigins config, allowing credentialed cross-origin reads
+ * from arbitrary attacker origins. This wrapper strips CORS headers for any origin
+ * not in the allowlist. (GRO-2586)
+ */
+export function enforceAuthCors(
+  requestOrigin: string | undefined,
+  trustedOrigins: string[],
+  res: Response
+): Response {
+  const headers = new Headers(res.headers);
+  if (requestOrigin && trustedOrigins.includes(requestOrigin)) {
+    headers.set("Access-Control-Allow-Origin", requestOrigin);
+    headers.set("Access-Control-Allow-Credentials", "true");
+  } else {
+    headers.delete("Access-Control-Allow-Origin");
+    headers.delete("Access-Control-Allow-Credentials");
+  }
+  return new Response(res.body, { status: res.status, statusText: res.statusText, headers });
+}
Author	SHA1	Message	Date
Flea Flicker	e09490babe	fix(GRO-2586): enforce trusted-origins allowlist on Better Auth CORS responses (#219 ) CI / Test (pull_request) Successful in 24s Details CI / Lint & Typecheck (pull_request) Successful in 32s Details CI / Build & Push Docker Images (pull_request) Successful in 28s Details fix(GRO-2586): enforce trusted-origins allowlist on Better Auth CORS responses Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-26 13:36:45 +00:00
Flea Flicker	63d7aaa8c2	chore: promote dev → uat (GRO-2425 comma-split CORS_ORIGIN) (#217 ) CI / Test (push) Successful in 26s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Build & Push Docker Images (push) Successful in 47s Details chore: promote dev → uat (GRO-2425 comma-split CORS_ORIGIN) Co-authored-by: Flea Flicker <flea@groombook.dev> Co-committed-by: Flea Flicker <flea@groombook.dev>	2026-06-18 01:30:43 +00:00
Flea Flicker	a629331a04	Merge pull request 'Promote dev → uat: GRO-2359 clients-from-auth endpoint' (#213 ) from promote/GRO-2359-dev-to-uat into uat CI / Test (push) Successful in 27s Details CI / Lint & Typecheck (push) Successful in 34s Details CI / Build & Push Docker Images (push) Successful in 38s Details Promote dev → uat: GRO-2359 clients-from-auth endpoint (#213)	2026-06-11 16:44:52 +00:00
Flea Flicker	5363e1d5dc	feat(GRO-2359): add POST /api/portal/clients-from-auth for OOBE (web) CI / Test (pull_request) Successful in 28s Details CI / Lint & Typecheck (pull_request) Successful in 34s Details CI / Build & Push Docker Images (pull_request) Successful in 42s Details The OOBE flow on the web portal calls this endpoint to create a fresh `clients` row bound to the Better Auth user's email when the SSO bridge returns 404. Returns 201 on success, 409 if a client with that email already exists (portal-selection case), 401/503 on auth issues, 400 on invalid body. The OOBE success path navigates the user back to `/` and lets the existing `session-from-auth` re-bridge; the new client is now resolvable by email, so the bridge mints a real portal session. Tests cover: 401 (no session), 400 (zod), 201 + persisted values (name trimmed, optional fields normalized to null), 409 (existing client or unique-constraint race), 503 (auth not configured). Paired with the web PR on `feature/2357-p2-sso-to-oobe-routing`. Co-Authored-By: Paperclip <noreply@paperclip.ing> (cherry picked from commit `cdeebec021`)	2026-06-11 16:35:26 +00:00
Flea Flicker	4cc51b32d3	Merge pull request 'Promote dev → uat: GRO-2342 portal waitlist service {id, name}' (#209 ) from promote/dev-to-uat-gro-2342 into uat CI / Test (push) Successful in 27s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Build & Push Docker Images (push) Successful in 26s Details CI / Test (pull_request) Successful in 24s Details CI / Lint & Typecheck (pull_request) Failing after 10m19s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details	2026-06-10 09:24:53 +00:00
Flea Flicker	e932050b45	Promote dev → uat: GRO-2342 portal waitlist service {id, name} CI / Test (pull_request) Successful in 25s Details CI / Lint & Typecheck (pull_request) Successful in 25s Details CI / Build & Push Docker Images (pull_request) Successful in 33s Details Resolves conflicts in UAT_PLAYBOOK.md, src/routes/portal.ts, and src/__tests__/portal.test.ts (dev side wins — GRO-2342 changes are the only diff in scope). Carries forward GRO-2139 reset.ts advisory lock + GRO-2294 infra mcp trigger that were merged to dev but not yet promoted to uat. - src/routes/portal.ts: GET /portal/appointments now populates service: {id, name} on both the synthetic waitlist card and the appointment card (was {id} only). Same shape, no portal change required. - src/__tests__/portal.test.ts: services mock + TC-API-8.20 GRO-2342 assertions on the synthetic waitlist card service name. - UAT_PLAYBOOK.md: TC-API-8.20 (GRO-2342) appended; TC-API-8.19 (GRO-2319) retained verbatim. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-10 09:17:15 +00:00
Flea Flicker	18640908ed	feat(GRO-2319): dev→uat — portal waitlist surfacing + seed (api) (#205 ) CI / Test (push) Successful in 30s Details CI / Lint & Typecheck (push) Successful in 36s Details CI / Build & Push Docker Images (push) Successful in 1m15s Details	2026-06-09 11:04:16 +00:00
Flea Flicker	807ccb455f	dev → uat: GRO-2311 seed portal StatusBadge appointments (#201 ) (#202 ) CI / Lint & Typecheck (push) Successful in 28s Details CI / Test (push) Successful in 24s Details CI / Build & Push Docker Images (push) Successful in 1m23s Details	2026-06-09 09:56:34 +00:00
Flea Flicker	c4385617c6	dev → uat: GRO-2172 extended pet fields (#200 ) CI / Test (push) Successful in 23s Details CI / Lint & Typecheck (push) Successful in 24s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-09 09:22:12 +00:00
Flea Flicker	8cd5a2ef4d	dev → uat: GRO-2299 redact googleMapsApiKey from PATCH /api/admin/settings (#196 ) CI / Test (push) Failing after 10m55s Details CI / Lint & Typecheck (push) Failing after 10m55s Details CI / Build & Push Docker Images (push) Has been skipped Details	2026-06-09 06:58:39 +00:00
Flea Flicker	2566fb8f20	Promote GRO-2294 to UAT: Route Optimization security hardening (#194 ) CI / Lint & Typecheck (push) Successful in 28s Details CI / Test (push) Successful in 29s Details CI / Build & Push Docker Images (push) Successful in 39s Details CI / Test (pull_request) Successful in 25s Details CI / Lint & Typecheck (pull_request) Successful in 37s Details CI / Build & Push Docker Images (pull_request) Successful in 1m8s Details	2026-06-09 06:27:17 +00:00
Lint Roller	4868f18dfd	Merge pull request 'Promote dev→uat: GRO-2225 + GRO-2235 + GRO-2157 (atomic)' (#188 ) from promote/dev-to-uat-gro-2225 into uat CI / Test (push) Successful in 29s Details CI / Lint & Typecheck (push) Successful in 36s Details CI / Build & Push Docker Images (push) Successful in 41s Details CI / Test (pull_request) Successful in 28s Details CI / Lint & Typecheck (pull_request) Successful in 31s Details CI / Build & Push Docker Images (pull_request) Successful in 1m17s Details Promote dev→uat: GRO-2225 + GRO-2235 + GRO-2157 (atomic) QA-approved on `37e42b3`. CI green (Test, Lint & Typecheck, Build & Push).	2026-06-09 00:26:18 +00:00
Flea Flicker	37e42b3104	ci: re-trigger checks (transient pnpm/action-setup runner flake) CI / Test (pull_request) Successful in 26s Details CI / Lint & Typecheck (pull_request) Successful in 30s Details CI / Build & Push Docker Images (pull_request) Successful in 27s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-09 00:21:03 +00:00
Flea Flicker	d617c69571	Merge remote-tracking branch 'origin/dev' into promote/dev-to-uat-gro-2225 CI / Test (pull_request) Failing after 5s Details CI / Lint & Typecheck (pull_request) Successful in 28s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details	2026-06-09 00:18:24 +00:00
Flea Flicker	76d9850464	Promote dev→uat: GRO-2225 UAT seed route cohort + receptionist credential CI / Test (pull_request) Successful in 30s Details CI / Lint & Typecheck (pull_request) Successful in 31s Details CI / Build & Push Docker Images (pull_request) Failing after 15s Details	2026-06-08 23:16:51 +00:00
Flea Flicker	96dbb8c41d	Merge pull request 'Promote dev → uat: GRO-2155/2156/2203/2211/2163 + GRO-2234 (cumulative batch)' (#182 ) from flea/dev-to-uat-gro-2156 into uat CI / Test (push) Successful in 25s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Build & Push Docker Images (push) Successful in 1m24s Details CI / Test (pull_request) Successful in 27s Details CI / Lint & Typecheck (pull_request) Successful in 30s Details CI / Build & Push Docker Images (pull_request) Successful in 1m11s Details	2026-06-08 19:42:25 +00:00
Flea Flicker	636fa713e1	Merge dev into uat: add GRO-2234 portal session sliding TTL + re-mint to dev→uat batch CI / Test (pull_request) Successful in 28s Details CI / Lint & Typecheck (pull_request) Successful in 28s Details CI / Build & Push Docker Images (pull_request) Successful in 27s Details	2026-06-08 19:17:15 +00:00
Flea Flicker	6120b96c7c	Merge dev into uat: promote GRO-2156 route travel buffer + reorder (Phase 2.2) CI / Test (pull_request) Successful in 26s Details CI / Lint & Typecheck (pull_request) Successful in 28s Details CI / Build & Push Docker Images (pull_request) Successful in 1m2s Details Resolves UAT_PLAYBOOK.md conflict by unioning uat-only TC-UAT-2/3 (GRO-2100) with dev's §4.16 update + new §4.17. Code files taken from dev (superset). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-08 18:11:05 +00:00
Flea Flicker	eb92f99c4a	dev → uat: GRO-2203 portal pet PATCH malformed-petId 500→404 (#178 ) CI / Test (push) Successful in 27s Details CI / Lint & Typecheck (push) Successful in 32s Details CI / Build & Push Docker Images (push) Successful in 1m1s Details CI / Test (pull_request) Successful in 27s Details CI / Lint & Typecheck (pull_request) Successful in 31s Details CI / Build & Push Docker Images (pull_request) Successful in 1m4s Details	2026-06-08 17:53:01 +00:00
Flea Flicker	587fd4ec95	dev → uat: GRO-2155 route optimization endpoints (carries GRO-2163) (#176 ) CI / Test (push) Successful in 26s Details CI / Lint & Typecheck (push) Successful in 27s Details CI / Build & Push Docker Images (push) Successful in 25s Details	2026-06-08 16:45:44 +00:00
Flea Flicker	8cf72d926d	dev → uat: portal photoKey S3 key-hijack fix (GRO-2187/GRO-2198) (#173 ) CI / Test (push) Successful in 22s Details CI / Lint & Typecheck (push) Successful in 27s Details CI / Build & Push Docker Images (push) Successful in 43s Details CI / Test (pull_request) Successful in 27s Details CI / Lint & Typecheck (pull_request) Successful in 32s Details CI / Build & Push Docker Images (pull_request) Successful in 39s Details	2026-06-08 12:39:52 +00:00
Flea Flicker	8721f0b63c	dev → uat: GRO-2154 geocoding endpoints (Phase 1.3) (#171 ) CI / Test (push) Successful in 24s Details CI / Lint & Typecheck (push) Successful in 27s Details CI / Build & Push Docker Images (push) Successful in 35s Details	2026-06-08 12:06:43 +00:00
Flea Flicker	027e012a58	Merge pull request 'dev → uat: GRO-2153 abstracted geocoding service' (#168 ) from dev-to-uat-gro-2153 into uat CI / Test (push) Successful in 1m5s Details CI / Lint & Typecheck (push) Successful in 43m29s Details CI / Build & Push Docker Images (push) Successful in 1m7s Details	2026-06-08 10:51:17 +00:00
Flea Flicker	b3db206588	Merge pull request 'dev → uat: GRO-2187 portal pet PATCH + GET enrichment (carries GRO-2152)' (#166 ) from dev-to-uat-gro-2187 into uat CI / Test (push) Successful in 1m19s Details CI / Lint & Typecheck (push) Successful in 1m25s Details CI / Build & Push Docker Images (push) Successful in 3m58s Details	2026-06-08 10:02:17 +00:00
Flea Flicker	6538406db2	Merge pull request 'chore: delete stale apps/api/src/db/seed.ts duplicate (GRO-2129)' (#158 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 38s Details CI / Test (pull_request) Successful in 22s Details CI / Lint & Typecheck (pull_request) Successful in 25s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-04 12:45:24 +00:00
Flea Flicker	e2eacbc9fe	Merge pull request 'dev → uat: GRO-2123 seed advisory lock' (#156 ) from dev-to-uat-gro-2123 into uat CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 40s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 39s Details	2026-06-04 11:32:06 +00:00
Flea Flicker	e639cc82d1	chore(uat): GRO-2100 promote uat-groomer seed-linkage ordering fix to uat (#154 ) CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Images (push) Successful in 27s Details Co-authored-by: Flea Flicker <flea@groombook.dev> Co-committed-by: Flea Flicker <flea@groombook.dev>	2026-06-02 20:23:54 +00:00
Flea Flicker	f2931d7be2	Merge pull request 'Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage' (#152 ) from promote/dev-to-uat-gro-2100 into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 26s Details Merge pull request #152 from groombook/promote/dev-to-uat-gro-2100 Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage	2026-06-02 19:11:46 +00:00
Paperclip	d4a4ddce37	ci: retrigger GRO-2100 PR #152 Build & Push Docker Images (Reset image build failed — docker registry flake) CI / Test (pull_request) Successful in 13s Details CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Build & Push Docker Images (pull_request) Successful in 40s Details	2026-06-02 18:28:17 +00:00
Paperclip	bd384bdf5c	docs(UAT_PLAYBOOK): add TC-UAT-2/3 for uat-groomer linked/unlinked pet profile-summary (GRO-2100) CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Test (pull_request) Successful in 2m20s Details CI / Build & Push Docker Images (pull_request) Failing after 36s Details Lint Roller review on PR #152 flagged that the GRO-2100 seed change produces new observable UAT API behavior that the playbook must reflect. Add two deterministic rows pinning the contract GRO-1987 TC-UAT-2/3 will exercise: - TC-UAT-2: uat-groomer + linked pet c0000001-...-002 (UAT Pup Alpha) → 200 - TC-UAT-3: uat-groomer + unlinked pet c0000001-...-003 (UAT Pup Beta) → 403 The 403-vs-404 note in TC-UAT-3 mirrors the verification note in the GRO-2100 issue body so the QA runner knows where to file if the API returns 404 (a separate RBAC defect, not against the seed).	2026-06-02 18:24:40 +00:00
The Dogfather	411c42b2c4	Merge pull request 'Promote dev→uat: GRO-2033 services_pkey seed fix (`fc6c6ef7`)' (#149 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 39s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Images (pull_request) Successful in 38s Details	2026-06-02 05:06:34 +00:00
The Dogfather	bf97849324	promote(dev→uat): owner-bypass read audit row (GRO-2063) (#147 ) CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Images (push) Successful in 41s Details Promote GRO-2063 defense-in-depth audit row to uat. CI green. QA + CTO approved on dev PR #146. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 04:21:43 +00:00
The Dogfather	7181d41b24	Merge pull request 'Promote dev→uat: rbac Better-Auth auto-provision (GRO-2052)' (#144 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Failing after 13s Details CI / Test (pull_request) Successful in 12s Details CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details Promote dev→uat: rbac Better-Auth auto-provision (GRO-2052) Makes the pets.ts owner-bypass reachable for Better-Auth email/password customers by auto-provisioning a groomer staff row keyed on user.id. Unblocks GRO-2050 and GRO-2035. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 02:42:19 +00:00
The Dogfather	4e9c4c5e08	Merge pull request 'promote(uat): GRO-2013 owner-bypass + GRO-2033 idempotent migrations (dev→uat)' (#142 ) from dogfather/gro-2013-promote-uat into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-01 20:14:14 +00:00
The Dogfather	16c959434b	promote(uat): GRO-2013 owner-bypass + GRO-2033 idempotent migrations (dev→uat) CI / Test (pull_request) Successful in 11s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Images (pull_request) Successful in 41s Details Merge dev into uat. Resolves test-file/playbook conflicts created by PR #138's squash merge by taking dev's superset versions (verified: all GRO-2014 tests + TC ids preserved, plus GRO-2013 additions). No-ff merge so dev becomes an ancestor of uat, preventing future squash-divergence conflicts. Carries: - GRO-2013 deployed-tree owner-bypass (src/routes/pets.ts, reconciled 20-test file) - GRO-2033 idempotent migrations 0039/0040 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 20:10:51 +00:00
The Dogfather	23484dc90a	promote(uat): GRO-2014 profile-summary error-handling fix (dev→uat) (#138 ) CI / Test (push) Successful in 10s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 39s Details	2026-06-01 18:27:42 +00:00
The Dogfather	6a81a52a50	Merge pull request 'Promote dev → uat: UAT seed-password source-of-truth playbook (GRO-2000)' (#134 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Successful in 27s Details CI / Test (pull_request) Successful in 11s Details CI / Lint & Typecheck (pull_request) Successful in 13s Details CI / Build & Push Docker Images (pull_request) Successful in 1m10s Details	2026-06-01 17:41:47 +00:00
The Dogfather	5a4b9a98bd	Merge pull request 'promote(docker): bake pnpm via npm to remove Corepack runtime downloads (GRO-1981)' (#133 ) from dev into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 14s Details CI / Build & Push Docker Images (push) Successful in 40s Details Promote GRO-1985 (parent GRO-1981) dev->uat. cc @cpfarhood	2026-06-01 16:30:54 +00:00
The Dogfather	f7f88156e1	Merge pull request 'promote(db): register extra_large via migration 0038 to UAT (GRO-2004)' (#131 ) from dev into uat CI / Test (push) Successful in 11s Details CI / Lint & Typecheck (push) Successful in 15s Details CI / Build & Push Docker Images (push) Successful in 35s Details	2026-06-01 14:52:13 +00:00
The Dogfather	8af5a49d14	Merge pull request 'Promote dev→uat: GRO-1982 pet_size_category extra_large enum migration' (#126 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Images (push) Successful in 37s Details Promote dev→uat: GRO-1983 seed-job pnpm fix + GRO-1982 extra_large enum migration Carries the accumulated dev state into uat (PR #125 docker pnpm fix + 0037 migration). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 12:44:20 +00:00