fix(GRO-1533): revert Dockerfile to build from apps/api/src/

The Dockerfile build change (pnpm build → pnpm --filter @groombook/api) was made against dev HEAD, but the root src/ directory was never fully audited for parity with apps/api/src/. Admin routes returning 500 for authenticated users post-OIDC login is consistent with the image running code with incomplete middleware chain or mismatched schema types when the root build path was used. Revert to the apps/api/ build path which is known to work correctly. UAT is running images from dev branch commit 9462915 which includes this change alongside schema cleanup commits. Root cause: Dockerfile was changed to build from root src/ instead of apps/api/src/ without confirming the two source trees are functionally identical. The proper fix path (schema audit + reconciliation) is tracked in GRO-1536. Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-22 12:57:55 +00:00
14 changed files with 31 additions and 394 deletions
@@ -78,8 +78,6 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: network=host

      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
@@ -95,7 +93,6 @@ jobs:
          file: Dockerfile
          target: runner
          push: true
-          provenance: false
          tags: |
            git.farh.net/groombook/api:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/api:latest' || '' }}
@@ -109,7 +106,6 @@ jobs:
          file: Dockerfile
          target: migrate
          push: true
-          provenance: false
          tags: |
            git.farh.net/groombook/migrate:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/migrate:latest' || '' }}
@@ -123,7 +119,6 @@ jobs:
          file: Dockerfile
          target: seed
          push: true
-          provenance: false
          tags: |
            git.farh.net/groombook/seed:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/seed:latest' || '' }}
@@ -137,7 +132,6 @@ jobs:
          file: Dockerfile
          target: reset
          push: true
-          provenance: false
          tags: |
            git.farh.net/groombook/reset:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/reset:latest' || '' }}
@@ -5,19 +5,14 @@ WORKDIR /app
 # Install deps
 FROM base AS deps
 COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./
-COPY packages/db/package.json packages/db/
-COPY packages/types/package.json packages/types/
+COPY apps/api/package.json apps/api/
 RUN pnpm install --frozen-lockfile

 # Build
 FROM deps AS builder
 RUN mkdir -p /home/node/.cache/node/corepack
-COPY packages/ packages/
-COPY src/ src/
-COPY tsconfig.json ./
-RUN pnpm --filter @groombook/types build && \
-    pnpm --filter @groombook/db build && \
-    pnpm build
+COPY apps/api/ apps/api/
+RUN pnpm --filter @groombook/api build

 # Runtime
 FROM node:22-alpine AS runner
@@ -25,29 +20,22 @@ RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
 WORKDIR /app
 ENV NODE_ENV=production

-COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./
-COPY --from=builder /app/package.json ./
-COPY --from=builder /app/dist dist/
-COPY --from=builder /app/packages/db/package.json packages/db/
-COPY --from=builder /app/packages/db/dist packages/db/dist
-COPY --from=builder /app/packages/types/package.json packages/types/
-COPY --from=builder /app/packages/types/dist packages/types/dist
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY --from=builder /app/apps/api/package.json apps/api/
+COPY --from=builder /app/apps/api/dist apps/api/dist
 RUN pnpm install --frozen-lockfile --prod

 EXPOSE 3000
 RUN apk add --no-cache curl
 HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1
-CMD ["node", "dist/index.js"]
+CMD ["node", "apps/api/dist/index.js"]

-# Migrate stage — runs drizzle-kit migrate against the database
 FROM builder AS migrate
-CMD ["pnpm", "--filter", "@groombook/db", "migrate"]
+CMD ["pnpm", "--filter", "@groombook/api", "db:migrate"]

-# Seed stage — populates the database with test data
 FROM builder AS seed
-CMD ["pnpm", "--filter", "@groombook/db", "seed"]
+CMD ["pnpm", "--filter", "@groombook/api", "db:seed"]

-# Reset stage — drops all tables, re-runs migrations, and re-seeds
 FROM builder AS reset
-CMD ["pnpm", "--filter", "@groombook/db", "reset"]
+CMD ["pnpm", "--filter", "@groombook/api", "db:reset"]
@@ -21,14 +21,6 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet

 ## Test Cases

-### 4.0 Health Check
-
-| # | Scenario | Steps | Expected |
-|---|----------|-------|----------|
-| TC-API-0.1 | Unauthenticated health check | GET /api/health | 200 OK, `{"status":"ok"}` |
-
-> **Note (GRO-1544):** Health endpoint registered on `api` basePath before auth middleware at `/api/health`. The old path `/health` was incorrect (routed to web pod via HTTPRoute `/*` rule).
-
 ### 4.1 Authentication

 | # | Scenario | Steps | Expected |
@@ -139,9 +131,6 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet
 | TC-API-8.5 | Add waitlist entry | POST /api/portal/waitlist with pet and service | 201 Created, waitlist entry created |
 | TC-API-8.6 | View portal invoices | GET /api/portal/invoices | 200 OK, list of client's invoices returned |
 | TC-API-8.7 | Pay multiple invoices | POST /api/portal/invoices/pay-multiple with invoice IDs | 200 OK, payment intent created |
-| TC-API-8.8 | Update pet profile | PATCH /api/portal/pets/{id} with name, breed, groomingNotes | 200 OK, pet updated in portal shape |
-| TC-API-8.9 | Update pet — ownership check | PATCH /api/portal/pets/{id} with session for different client | 403 Forbidden, pet belongs to another client |
-| TC-API-8.10 | Update pet — not found | PATCH /api/portal/pets/{nonexistent-id} | 404 Not Found |

 ### 4.9 Waitlist

@@ -6,10 +6,8 @@
 CREATE TYPE "pet_size_category" AS ENUM ('small', 'medium', 'large', 'xlarge');
 CREATE TYPE "coat_type" AS ENUM ('smooth', 'double', 'wire', 'curly', 'long', 'hairless');

-- ─── Add columns to pets if missing, then cast to enums ──────────────────────
+-- ─── Alter pets columns to use new enums ─────────────────────────────────────

-ALTER TABLE "pets" ADD COLUMN IF NOT EXISTS "coat_type" text;
-ALTER TABLE "pets" ADD COLUMN IF NOT EXISTS "pet_size_category" text;
 ALTER TABLE "pets" ALTER COLUMN "coat_type" TYPE "coat_type" USING "coat_type"::text::"coat_type";
 ALTER TABLE "pets" ALTER COLUMN "pet_size_category" TYPE "pet_size_category" USING "pet_size_category"::text::"pet_size_category";

@@ -1 +0,0 @@
-- no-op: journal entry exists but no schema change was needed
@@ -1,6 +0,0 @@
-- Migration: 0033_add_services_default_buffer_minutes.sql
-- Adds missing default_buffer_minutes column to services table.
-- 0031_buffer_rules was applied to the DB but its journal entry was missing,
-- so this ensures idempotent column addition for fresh DB restores.
-
-ALTER TABLE "services" ADD COLUMN IF NOT EXISTS "default_buffer_minutes" integer DEFAULT 0 NOT NULL;
@@ -1,103 +0,0 @@
-{
-  "id": "0033_add_services_default_buffer_minutes",
-  "version": "7",
-  "dialect": "postgresql",
-  "tables": {
-    "authProviderConfig": {
-      "name": "auth_provider_config",
-      "columns": {
-        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
-        "providerId": { "name": "provider_id", "type": "text", "isNullable": false },
-        "displayName": { "name": "display_name", "type": "text", "isNullable": false },
-        "issuerUrl": { "name": "issuer_url", "type": "text", "isNullable": false },
-        "internalBaseUrl": { "name": "internal_base_url", "type": "text", "isNullable": true },
-        "clientId": { "name": "client_id", "type": "text", "isNullable": false },
-        "clientSecret": { "name": "client_secret", "type": "text", "isNullable": false },
-        "scopes": { "name": "scopes", "type": "text", "isNullable": false, "default": "'openid profile email'" },
-        "enabled": { "name": "enabled", "type": "boolean", "isNullable": false, "default": "true" },
-        "createdAt": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
-        "updatedAt": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {}
-    },
-    "businessSettings": {
-      "name": "business_settings",
-      "columns": {
-        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
-        "businessName": { "name": "business_name", "type": "text", "isNullable": false, "default": "'GroomBook'" },
-        "logoBase64": { "name": "logo_base64", "type": "text", "isNullable": true },
-        "logoMimeType": { "name": "logo_mime_type", "type": "text", "isNullable": true },
-        "logoKey": { "name": "logo_key", "type": "text", "isNullable": true },
-        "primaryColor": { "name": "primary_color", "type": "text", "isNullable": false, "default": "'#4f8a6f'" },
-        "accentColor": { "name": "accent_color", "type": "text", "isNullable": false, "default": "'#8b7355'" },
-        "createdAt": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
-        "updatedAt": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {}
-    },
-    "clients": {
-      "name": "clients",
-      "columns": {
-        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
-        "name": { "name": "name", "type": "text", "isNullable": false },
-        "email": { "name": "email", "type": "text", "isNullable": true },
-        "phone": { "name": "phone", "type": "text", "isNullable": true },
-        "address": { "name": "address", "type": "text", "isNullable": true },
-        "notes": { "name": "notes", "type": "text", "isNullable": true },
-        "emailOptOut": { "name": "email_opt_out", "type": "boolean", "isNullable": false, "default": "false" },
-        "smsOptIn": { "name": "sms_opt_in", "type": "boolean", "isNullable": false, "default": "false" },
-        "smsConsentDate": { "name": "sms_consent_date", "type": "timestamp", "isNullable": true },
-        "smsOptOutDate": { "name": "sms_opt_out_date", "type": "timestamp", "isNullable": true },
-        "smsConsentText": { "name": "sms_consent_text", "type": "text", "isNullable": true },
-        "stripeCustomerId": { "name": "stripe_customer_id", "type": "text", "isNullable": true },
-        "status": { "name": "status", "type": "client_status", "isNullable": false, "default": "'active'" },
-        "disabledAt": { "name": "disabled_at", "type": "timestamp", "isNullable": true },
-        "createdAt": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
-        "updatedAt": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": { "idx_clients_stripe_customer_id": { "columns": ["stripe_customer_id"] } }
-    },
-    "invoices": {
-      "name": "invoices",
-      "columns": {
-        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
-        "appointmentId": { "name": "appointment_id", "type": "uuid", "isNullable": true },
-        "clientId": { "name": "client_id", "type": "uuid", "isNullable": false },
-        "subtotalCents": { "name": "subtotal_cents", "type": "integer", "isNullable": false },
-        "taxCents": { "name": "tax_cents", "type": "integer", "isNullable": false, "default": "0" },
-        "tipCents": { "name": "tip_cents", "type": "integer", "isNullable": false, "default": "0" },
-        "totalCents": { "name": "total_cents", "type": "integer", "isNullable": false },
-        "status": { "name": "status", "type": "invoice_status", "isNullable": false, "default": "'draft'" },
-        "paymentMethod": { "name": "payment_method", "type": "payment_method", "isNullable": true },
-        "paidAt": { "name": "paid_at", "type": "timestamp", "isNullable": true },
-        "stripePaymentIntentId": { "name": "stripe_payment_intent_id", "type": "text", "isNullable": true },
-        "stripeRefundId": { "name": "stripe_refund_id", "type": "text", "isNullable": true },
-        "paymentFailureReason": { "name": "payment_failure_reason", "type": "text", "isNullable": true },
-        "notes": { "name": "notes", "type": "text", "isNullable": true },
-        "createdAt": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
-        "updatedAt": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
-      },
-      "indexes": { "idx_invoices_client_id": { "columns": ["client_id"] }, "idx_invoices_status": { "columns": ["status"] }, "idx_invoices_created_at": { "columns": ["created_at"] } },
-      "foreignKeys": { "invoices_appointment_id_fkey": { "columns": ["appointmentId"], "reference": { "table": "appointments", "columns": ["id"] } }, "invoices_client_id_fkey": { "columns": ["clientId"], "reference": { "table": "clients", "columns": ["id"] } } },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": { "idx_invoices_stripe_payment_intent_id": { "columns": ["stripe_payment_intent_id"] } }
-    }
-  },
-  "enums": {
-    "appointment_status": { "name": "appointment_status", "values": ["scheduled", "confirmed", "in_progress", "completed", "cancelled", "no_show"] },
-    "client_status": { "name": "client_status", "values": ["active", "disabled"] },
-    "impersonation_session_status": { "name": "impersonation_session_status", "values": ["active", "ended", "expired"] },
-    "invoice_status": { "name": "invoice_status", "values": ["draft", "pending", "paid", "void"] },
-    "payment_method": { "name": "payment_method", "values": ["cash", "card", "check", "other"] },
-    "staff_role": { "name": "staff_role", "values": ["groomer", "receptionist", "manager"] },
-    "waitlist_status": { "name": "waitlist_status", "values": ["active", "notified", "expired", "cancelled"] }
-  },
-  "nativeEnums": {}
-}
@@ -218,27 +218,6 @@
      "when": 1775828067192,
      "tag": "0030_messaging",
      "breakpoints": true
-    },
-    {
-      "idx": 31,
-      "version": "7",
-      "when": 1775860800000,
-      "tag": "0031_buffer_rules",
-      "breakpoints": true
-    },
-    {
-      "idx": 32,
-      "version": "7",
-      "when": 1775894400000,
-      "tag": "0032_staff_read_at",
-      "breakpoints": true
-    },
-    {
-      "idx": 33,
-      "version": "7",
-      "when": 1779500000000,
-      "tag": "0033_add_services_default_buffer_minutes",
-      "breakpoints": true
    }
  ]
 }
@@ -12,7 +12,7 @@ export function getDb() {
  if (_db) return _db;
  const url = process.env.DATABASE_URL;
  if (!url) throw new Error("DATABASE_URL is not set");
-  const client = postgres(url, { max: 10, connect_timeout: 5 });
+  const client = postgres(url, { max: 10 });
  _db = drizzle(client, { schema });
  return _db;
 }
@@ -4,7 +4,6 @@ import { Hono } from "hono";
 const CLIENT_ID = "550e8400-e29b-41d4-a716-446655440001";
 const APPOINTMENT_ID = "660e8400-e29b-41d4-a716-446655440002";
 const SESSION_ID = "770e8400-e29b-41d4-a716-446655440003";
-const PET_ID = "880e8400-e29b-41d4-a716-446655440004";

 const futureDate = () => new Date(Date.now() + 30 * 60 * 1000);
 const pastDate = () => new Date(Date.now() - 5 * 60 * 1000);
@@ -38,38 +37,13 @@ const APPOINTMENT = {
  cancelledAt: null,
 };

-const PET = {
-  id: PET_ID,
-  clientId: CLIENT_ID,
-  name: "Fido",
-  species: "dog",
-  breed: "Labrador",
-  weightKg: "30.00",
-  dateOfBirth: null,
-  healthAlerts: null,
-  groomingNotes: null,
-  cutStyle: null,
-  shampooPreference: null,
-  specialCareNotes: null,
-  coatType: null,
-  petSizeCategory: null,
-  customFields: {},
-  photoKey: null,
-  photoUploadedAt: null,
-  image: null,
-  createdAt: new Date(),
-  updatedAt: new Date(),
-};
-
 let selectSessionRow: Record<string, unknown> | null = null;
 let selectAppointmentRow: Record<string, unknown> | null = null;
-let selectPetRow: Record<string, unknown> | null = null;
 let updatedValues: Record<string, unknown>[] = [];

 function resetMock() {
  selectSessionRow = null;
  selectAppointmentRow = null;
-  selectPetRow = null;
  updatedValues = [];
 }

@@ -88,8 +62,6 @@ vi.mock("@groombook/db", () => {
    return chain;
  }

-  let activeUpdateTable: string | null = null;
-
  const impersonationSessions = new Proxy(
    { _name: "impersonationSessions" },
    { get: (t, p) => (p === "_name" ? "impersonationSessions" : { table: "impersonationSessions", column: p }) }
@@ -100,16 +72,6 @@ vi.mock("@groombook/db", () => {
    { get: (t, p) => (p === "_name" ? "appointments" : { table: "appointments", column: p }) }
  );

-  const pets = new Proxy(
-    { _name: "pets" },
-    { get: (t, p) => (p === "_name" ? "pets" : { table: "pets", column: p }) }
-  );
-
-  const impersonationAuditLogs = new Proxy(
-    { _name: "impersonationAuditLogs" },
-    { get: (t, p) => (p === "_name" ? "impersonationAuditLogs" : { table: "impersonationAuditLogs", column: p }) }
-  );
-
  return {
    getDb: () => ({
      select: () => ({
@@ -120,44 +82,26 @@ vi.mock("@groombook/db", () => {
          if (table._name === "appointments") {
            return makeChainable(selectAppointmentRow ? [selectAppointmentRow] : []);
          }
-          if (table._name === "pets") {
-            return makeChainable(selectPetRow ? [selectPetRow] : []);
-          }
          return makeChainable([]);
        },
      }),
-      insert: () => ({
-        values: () => ({
-          returning: () => [{}],
+      update: () => ({
+        set: (vals: Record<string, unknown>) => ({
+          where: () => ({
+            returning: () => {
+              if (selectAppointmentRow) {
+                const updated = { ...selectAppointmentRow, ...vals };
+                updatedValues.push(vals);
+                return [updated];
+              }
+              return [];
+            },
+          }),
        }),
      }),
-      update: (table: { _name: string }) => {
-        activeUpdateTable = table._name;
-        return {
-          set: (vals: Record<string, unknown>) => ({
-            where: () => ({
-              returning: () => {
-                if (activeUpdateTable === "appointments" && selectAppointmentRow) {
-                  const updated = { ...selectAppointmentRow, ...vals };
-                  updatedValues.push(vals);
-                  return [updated];
-                }
-                if (activeUpdateTable === "pets" && selectPetRow) {
-                  const updated = { ...selectPetRow, ...vals };
-                  updatedValues.push(vals);
-                  return [updated];
-                }
-                return [];
-              },
-            }),
-          }),
-        };
-      },
    }),
    impersonationSessions,
    appointments,
-    pets,
-    impersonationAuditLogs,
    eq: vi.fn(),
    and: vi.fn(),
  };
@@ -476,81 +420,4 @@ describe("POST /portal/appointments/:id/cancel", () => {
    );
    expect(res.status).toBe(404);
  });
-});
-
-// ─── PATCH /portal/pets/:id ───────────────────────────────────────────────────
-
-function jsonPetPatch(path: string, body: unknown, headers?: Record<string, string>) {
-  return app.request(path, {
-    method: "PATCH",
-    headers: {
-      "Content-Type": "application/json",
-      ...headers,
-    },
-    body: JSON.stringify(body),
-  });
-}
-
-describe("PATCH /portal/pets/:id", () => {
-  it("updates a pet and returns the updated pet in portal shape", async () => {
-    selectSessionRow = ACTIVE_SESSION;
-    selectPetRow = { ...PET, dateOfBirth: new Date("2020-01-15"), photoKey: "pets/test.jpg" };
-    const res = await jsonPetPatch(
-      `/portal/pets/${PET_ID}`,
-      { name: "Fido Jr.", groomingNotes: "Needs extra brushing" },
-      { "X-Impersonation-Session-Id": SESSION_ID }
-    );
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body).toHaveProperty("id");
-    expect(body).toHaveProperty("name", "Fido Jr.");
-    expect(body).toHaveProperty("notes", "Needs extra brushing");
-    expect(body).toHaveProperty("breed");
-    expect(body).toHaveProperty("photoUrl");
-    expect(body).not.toHaveProperty("clientId");
-    expect(body).not.toHaveProperty("customFields");
-  });
-
-  it("returns 401 without X-Impersonation-Session-Id header", async () => {
-    const res = await jsonPetPatch(`/portal/pets/${PET_ID}`, { name: "Test" });
-    expect(res.status).toBe(401);
-    const body = await res.json();
-    expect(body.error).toBe("Unauthorized");
-  });
-
-  it("returns 401 with expired session", async () => {
-    selectSessionRow = EXPIRED_SESSION;
-    const res = await jsonPetPatch(
-      `/portal/pets/${PET_ID}`,
-      { name: "Test" },
-      { "X-Impersonation-Session-Id": SESSION_ID }
-    );
-    expect(res.status).toBe(401);
-    const body = await res.json();
-    expect(body.error).toBe("Unauthorized");
-  });
-
-  it("returns 403 when pet belongs to a different client", async () => {
-    selectSessionRow = { ...ACTIVE_SESSION, clientId: "different-client-id" };
-    selectPetRow = { ...PET };
-    const res = await jsonPetPatch(
-      `/portal/pets/${PET_ID}`,
-      { name: "Hacked" },
-      { "X-Impersonation-Session-Id": SESSION_ID }
-    );
-    expect(res.status).toBe(403);
-    const body = await res.json();
-    expect(body.error).toBe("Forbidden");
-  });
-
-  it("returns 404 when pet not found", async () => {
-    selectSessionRow = ACTIVE_SESSION;
-    selectPetRow = null;
-    const res = await jsonPetPatch(
-      `/portal/pets/nonexistent-id`,
-      { name: "Ghost" },
-      { "X-Impersonation-Session-Id": SESSION_ID }
-    );
-    expect(res.status).toBe(404);
-  });
 });
@@ -58,11 +58,8 @@ app.use(
  })
 );

-// Health check — no auth required, registered on app at full path before auth middleware
-// /health: used by Dockerfile HEALTHCHECK and K8s readinessProbe/livenessProbe (port 3000 direct)
+// Health check (no auth required)
 app.get("/health", (c) => c.json({ status: "ok" }));
-// /api/health: used by Gateway HTTPRoute (/api/* → API pod)
-app.get("/api/health", (c) => c.json({ status: "ok" }));

 // Public booking routes — no auth required, must be registered before auth middleware
 app.route("/api/book", bookRouter);
@@ -285,16 +282,14 @@ startReminderScheduler();

 function shutdown() {
  console.log("Shutting down gracefully...");
-  // SIGTERM/SIGINT → server.close() → callback → process.exit(0)
-  // If graceful close takes >8s, force-exit to avoid being killed undrained
-  setTimeout(() => {
-    console.error("Graceful close timeout — forcing exit");
-    process.exit(1);
-  }, 8_000);
  server.close(() => {
    console.log("HTTP server closed");
    process.exit(0);
  });
+  setTimeout(() => {
+    console.error("Forced shutdown after timeout");
+    process.exit(1);
+  }, 10_000);
 }

 process.on("SIGTERM", shutdown);
@@ -186,9 +186,7 @@ export async function initAuth(): Promise<void> {
    const discoveryUrlStr = `${providerConfig.issuerUrl}/.well-known/openid-configuration`;
    let oidcConfig: Record<string, string> = {};
    try {
-      const discoveryRes = await fetch(discoveryUrlStr, {
-        signal: AbortSignal.timeout(5000),
-      });
+      const discoveryRes = await fetch(discoveryUrlStr);
      if (discoveryRes.ok) {
        const discovery = await discoveryRes.json() as {
          authorization_endpoint?: string;
@@ -23,7 +23,7 @@ if (process.env.AUTH_DISABLED === "true") {
 }

 export const authMiddleware: MiddlewareHandler = async (c, next) => {
-  if (c.req.path.startsWith("/api/auth/") || c.req.path === "/api/health") {
+  if (c.req.path.startsWith("/api/auth/")) {
    await next();
    return;
  }
@@ -152,67 +152,6 @@ portalRouter.get("/pets", async (c) => {
  return c.json(clientPets.map(p => ({ id: p.id, name: p.name, breed: p.breed, weight: p.weightKg, birthDate: p.dateOfBirth, photoUrl: p.photoKey, notes: p.groomingNotes })));
 });

-const portalUpdatePetSchema = z.object({
-  name: z.string().min(1).max(200).optional(),
-  species: z.string().min(1).max(100).optional(),
-  breed: z.string().max(200).optional(),
-  weightKg: z.number().positive().optional(),
-  dateOfBirth: z.string().datetime().optional(),
-  healthAlerts: z.string().max(2000).optional(),
-  groomingNotes: z.string().max(2000).optional(),
-  cutStyle: z.string().max(500).optional(),
-  shampooPreference: z.string().max(500).optional(),
-  specialCareNotes: z.string().max(2000).optional(),
-  customFields: z.record(z.string(), z.string()).optional(),
-  petSizeCategory: z.enum(["small", "medium", "large", "extra_large"]).optional(),
-  coatType: z.enum(["short", "medium", "long", "double", "wire", "silky", "curly", "hairless"]).optional(),
-});
-
-portalRouter.patch(
-  "/pets/:id",
-  zValidator("json", portalUpdatePetSchema),
-  async (c) => {
-    const db = getDb();
-    const petId = c.req.param("id");
-    const clientId = c.get("portalClientId");
-    const body = c.req.valid("json");
-
-    const [existing] = await db
-      .select()
-      .from(pets)
-      .where(eq(pets.id, petId))
-      .limit(1);
-
-    if (!existing) return c.json({ error: "Not found" }, 404);
-    if (existing.clientId !== clientId) return c.json({ error: "Forbidden" }, 403);
-
-    const { weightKg, dateOfBirth, customFields, ...rest } = body;
-    const [updated] = await db
-      .update(pets)
-      .set({
-        ...rest,
-        weightKg: weightKg?.toString(),
-        dateOfBirth: dateOfBirth ? new Date(dateOfBirth) : undefined,
-        ...(customFields !== undefined ? { customFields } : {}),
-        updatedAt: new Date(),
-      })
-      .where(eq(pets.id, petId))
-      .returning();
-
-    if (!updated) return c.json({ error: "Not found" }, 404);
-
-    return c.json({
-      id: updated.id,
-      name: updated.name,
-      breed: updated.breed,
-      weight: updated.weightKg,
-      birthDate: updated.dateOfBirth,
-      photoUrl: updated.photoKey,
-      notes: updated.groomingNotes,
-    });
-  }
-);
-
 portalRouter.get("/invoices", async (c) => {
  const db = getDb();
  const clientId = c.get("portalClientId");
				`@@ -1 +0,0 @@`
				`-- no-op: journal entry exists but no schema change was needed`