ci: promote dev→uat (GRO-1939 smoke + GRO-1953/1955/1949 seed/db) (#113)

Promotes 6 dev commits to uat. PR #111 (latest dev tip) QA-approved by Lint Roller. CI all-green.

Follow-up: Shedward UAT regression task to be created.

UAT_PLAYBOOK.md

@@ -114,9 +114,6 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet
 | TC-API-3.22 | Verify medicalAlerts shape | GET /api/pets/{id} for any pet with non-empty medicalAlerts | medicalAlerts is an array; each entry has type, description, severity |
 | TC-API-3.23 | Verify UAT test pet Charlie has behavioral alert | GET /api/pets/{id} where name = "TestCooper" (pet for uat-charlie@groombook.dev) | medicalAlerts includes an entry with type: "behavioral", severity: "low" or "high" |
 | TC-API-3.24 | Verify UAT test pet Delta has skin alert | GET /api/pets/{id} where name = "TestRocky" (pet for uat-delta@groombook.dev) | medicalAlerts includes an entry with type: "skin" |
-| TC-API-3.25 | Verify 30+ total pets in UAT DB | GET /api/pets then count total | 30+ pets returned (UAT seed creates 500 random-pool + 5 UAT test clients + 2 UAT customer = 507 total) |
-| TC-API-3.26 | Verify 25-35% medicalAlerts distribution | GET /api/pets (first 30 pets), count how many have non-empty medicalAlerts | Ratio is 25-35% (seed uses rand() < 0.3 for ~30% distribution) |
-| TC-API-3.27 | Verify coat_type enum has all seed values | After UAT seed completes, inspect the coat_type enum on the UAT DB — it must contain: short, medium, long, double, wire, silky, curly, hairless | UAT seed jobs (`reset-demo-data`, `seed-test-data`) complete 1/1 with no `enum_in` error; coat_type includes all 8 values used by seed.ts `coatTypePool` |
 
 ### 4.4 Appointment Scheduling
 

apps/api/src/__tests__/seed-uat-credentials.test.ts

@@ -173,10 +173,7 @@ async function seedUatCredentials(
     );
 
     if (existingAccount) {
-      // Re-hash and update the password (mirrors seed.ts behavior)
-      const { hashPassword } = await import("better-auth/crypto");
-      const passwordHash = await hashPassword(password);
-      existingAccount.password = passwordHash;
+      // skip — already has credential account
     } else {
       // Use Better-Auth's hashPassword so test helper matches production seed.ts
       const { hashPassword } = await import("better-auth/crypto");
@@ -354,49 +351,6 @@ describe("seedUatCredentials — credential provisioning logic", () => {
     expect(insertedAccounts).toHaveLength(0);
   });
 
-  // ── AC-8: existing account password IS updated (not frozen at first-seed) ──
-
-  it("AC-8: re-seeding with a changed password env var updates the stored hash", async () => {
-    const ORIGINAL_PASSWORD = "original-password";
-    const ROTATED_PASSWORD = "rotated-password-456";
-
-    process.env.SEED_UAT_CUSTOMER_PASSWORD = ROTATED_PASSWORD;
-
-    const preExistingUsers: UserRow[] = [
-      { id: "pre-existing-user", email: "uat-customer@groombook.dev", name: "UAT Customer", emailVerified: true },
-    ];
-    // Account was created with the original password on first seed
-    const originalHash = await hashPassword(ORIGINAL_PASSWORD);
-    const preExistingAccounts: AccountRow[] = [
-      {
-        id: "pre-existing-acct",
-        accountId: "pre-existing-user",
-        providerId: "credential",
-        userId: "pre-existing-user",
-        password: originalHash,
-      },
-    ];
-
-    // Re-seed with the rotated password env var
-    await seedUatCredentials([UAT_ACCOUNTS[2]!], {
-      users: preExistingUsers,
-      accounts: preExistingAccounts,
-      staff: [],
-    });
-
-    // No new user or account created
-    expect(insertedUsers).toHaveLength(0);
-    expect(insertedAccounts).toHaveLength(0);
-
-    // The pre-existing account's password WAS updated (not frozen at first-seed).
-    // hashPassword uses a random salt so we verify by format + that it is a new,
-    // different valid hash from the original.
-    const updatedAcct = preExistingAccounts[0]!;
-    expect(updatedAcct.password).toBeDefined();
-    expect(updatedAcct.password).toMatch(/^[a-f0-9]{32}:[a-f0-9]{128}$/);
-    expect(updatedAcct.password).not.toBe(originalHash); // it actually changed
-  });
-
   // ── AC-6: missing env var skips with warning ────────────────────────────────
 
   it("AC-6: missing SEED_UAT_*_PASSWORD env var skips that account (no error)", async () => {

apps/api/src/db/seed.ts

@@ -594,15 +594,7 @@ async function seedKnownUsers() {
       .limit(1);
 
     if (existingAccount) {
-      // Re-hash and update the password so that re-seeding rotates credentials
-      // when the env var changes (e.g. after a password rotation).  Previously
-      // this branch skipped entirely, freezing the hash at first-seed.
-      const { hashPassword } = await import("better-auth/crypto");
-      const passwordHash = await hashPassword(password);
-      await db.update(schema.account)
-        .set({ password: passwordHash })
-        .where(eq(schema.account.id, existingAccount.id));
-      console.log(`✓ Credential account for '${acct.email}' already exists — password updated`);
+      console.log(`✓ Credential account for '${acct.email}' already exists — skipping`);
     } else {
       // Use Better-Auth's own hashPassword to guarantee parameter/encoding match.
       // better-auth/crypto uses: N=16384, r=16, p=1, dkLen=64, salt as 16-byte random

packages/db/migrations/0035_add_missing_coat_type_values.sql

@@ -1,9 +0,0 @@
--- Migration: 0035_add_missing_coat_type_values.sql
--- Adds missing values to coat_type enum that seed.ts requires but which were
--- omitted from the 0031_buffer_rules.sql CREATE TYPE statement (migration drift).
--- 0031 created: 'smooth', 'double', 'wire', 'curly', 'long', 'hairless'
--- Missing (from schema.ts coatTypeEnum): 'short', 'medium', 'silky'
-
-ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'short';
-ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'medium';
-ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'silky';

packages/db/migrations/0036_add_missing_coat_type_values.sql

@@ -1,9 +0,0 @@
--- Migration: 0036_add_missing_coat_type_values.sql
--- Adds missing values to coat_type enum that seed.ts requires but which were
--- omitted from the 0031_buffer_rules.sql CREATE TYPE statement (migration drift).
--- 0031 created: 'smooth', 'double', 'wire', 'curly', 'long', 'hairless'
--- Missing (from schema.ts coatTypeEnum): 'short', 'medium', 'silky'
-
-ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'short';
-ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'medium';
-ALTER TYPE "coat_type" ADD VALUE IF NOT EXISTS 'silky';

packages/db/migrations/meta/_journal.json

@@ -248,10 +248,10 @@
       "breakpoints": true
     },
     {
-      "idx": 36,
+      "idx": 35,
       "version": "7",
-      "when": 1751480000000,
-      "tag": "0036_add_missing_coat_type_values",
+      "when": 1751140800000,
+      "tag": "0035_add_short_to_coat_type_enum",
       "breakpoints": true
     }
   ]

packages/db/src/seed.ts

@@ -609,45 +609,8 @@ async function seedUatStaffAccounts(db: ReturnType<typeof drizzle>) {
       .from(schema.pets)
       .where(eq(schema.pets.id, pet.id))
       .limit(1);
-
     if (existing) {
-      // Upsert so extended fields are always populated on re-runs
-      await db.insert(schema.pets)
-        .values({
-          id: pet.id,
-          clientId: uatCustomerClientId,
-          name: pet.name,
-          species: pet.species,
-          breed: pet.breed,
-          weightKg: pet.weight,
-          dateOfBirth: new Date(`${pet.dob}T00:00:00Z`),
-          image: pet.image,
-          temperamentScore: randInt(1, 5),
-          temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
-          medicalAlerts: [],
-          preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
-          coatType: pick(coatTypePool),
-          petSizeCategory: pick(petSizeCategoryPool),
-        })
-        .onConflictDoUpdate({
-          target: schema.pets.id,
-          set: {
-            clientId: uatCustomerClientId,
-            name: pet.name,
-            species: pet.species,
-            breed: pet.breed,
-            weightKg: pet.weight,
-            dateOfBirth: new Date(`${pet.dob}T00:00:00Z`),
-            image: pet.image,
-            temperamentScore: randInt(1, 5),
-            temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
-            medicalAlerts: [],
-            preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
-            coatType: pick(coatTypePool),
-            petSizeCategory: pick(petSizeCategoryPool),
-          },
-        });
-      console.log(`✓ Upserted UAT pet '${pet.name}' with extended fields`);
+      console.log(`✓ UAT Pet '${existing.name}' already exists — skipping`);
     } else {
       await db.insert(schema.pets).values({
         id: pet.id,
@@ -658,14 +621,8 @@ async function seedUatStaffAccounts(db: ReturnType<typeof drizzle>) {
         weightKg: pet.weight,
         dateOfBirth: new Date(`${pet.dob}T00:00:00Z`),
         image: pet.image,
-        temperamentScore: randInt(1, 5),
-        temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
-        medicalAlerts: [],
-        preferredCuts: pickN(preferredCutPool, randInt(1, 2)),
-        coatType: pick(coatTypePool),
-        petSizeCategory: pick(petSizeCategoryPool),
       });
-      console.log(`✓ Created UAT pet '${pet.name}' with extended fields`);
+      console.log(`✓ Created UAT pet '${pet.name}'`);
     }
   }
 }
@@ -1009,7 +966,6 @@ async function seed() {
           temperamentScore: randInt(1, 5),
           temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
           medicalAlerts: (() => {
-            // ~30% of random-pool pets have alerts — lands squarely in the 25–35% AC band
             if (rand() < 0.3) {
               const count = rand() < 0.7 ? 1 : 2;
               return pickN(medicalAlertPool, count).map((a) => ({ ...a, id: uuid() }));
@@ -1106,14 +1062,15 @@ async function seed() {
         temperamentScore: randInt(1, 5),
         temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
         medicalAlerts: (() => {
-          // ~30% of pets get alerts; TestCooper/TestRocky get deterministic types
+          // Deterministic alerts for UAT AC pets
+          if (uc.petName === "TestCooper") {
+            return pickN(medicalAlertPool.filter((a) => a.type === "behavioral"), 1).map((a) => ({ ...a, id: uuid() }));
+          }
+          if (uc.petName === "TestRocky") {
+            return pickN(medicalAlertPool.filter((a) => a.type === "skin"), 1).map((a) => ({ ...a, id: uuid() }));
+          }
+          // Other UAT pets: random
           if (rand() < 0.3) {
-            if (uc.petName === "TestCooper") {
-              return pickN(medicalAlertPool.filter((a) => a.type === "behavioral"), 1).map((a) => ({ ...a, id: uuid() }));
-            }
-            if (uc.petName === "TestRocky") {
-              return pickN(medicalAlertPool.filter((a) => a.type === "skin"), 1).map((a) => ({ ...a, id: uuid() }));
-            }
             const count = rand() < 0.7 ? 1 : 2;
             return pickN(medicalAlertPool, count).map((a) => ({ ...a, id: uuid() }));
           }
@@ -1136,14 +1093,7 @@ async function seed() {
           temperamentScore: randInt(1, 5),
           temperamentFlags: pickN(temperamentFlagPool, randInt(1, 3)),
           medicalAlerts: (() => {
-            // ~30% of pets get alerts; TestCooper/TestRocky get deterministic types
             if (rand() < 0.3) {
-              if (uc.petName === "TestCooper") {
-                return pickN(medicalAlertPool.filter((a) => a.type === "behavioral"), 1).map((a) => ({ ...a, id: uuid() }));
-              }
-              if (uc.petName === "TestRocky") {
-                return pickN(medicalAlertPool.filter((a) => a.type === "skin"), 1).map((a) => ({ ...a, id: uuid() }));
-              }
               const count = rand() < 0.7 ? 1 : 2;
               return pickN(medicalAlertPool, count).map((a) => ({ ...a, id: uuid() }));
             }