feat(gro-1743): add UAT customer and pets to admin seed endpoint

Add UAT Customer (uat-customer@groombook.dev) with two pets (Bella and Max) to the idempotent admin seed endpoint for portal UAT testing. - Client: UAT Customer, email: uat-customer@groombook.dev, phone: 555-0100, status: active - Pet 1: Bella, Dog, Poodle, coatType: curly - Pet 2: Max, Dog, Labrador Retriever, coatType: short Issue: GRO-1743 Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix(api): add timeouts for OIDC discovery fetch and DB connection (#66 )
2026-05-25 15:29:36 +00:00 · 2026-05-24 20:11:44 +00:00 · 2026-05-23 18:31:01 +00:00 · 2026-05-23 18:30:57 +00:00 · 2026-05-23 01:40:07 +00:00 · 2026-05-23 01:30:16 +00:00
9 changed files with 88 additions and 9 deletions
@@ -78,6 +78,8 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host

      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
@@ -93,6 +95,7 @@ jobs:
          file: Dockerfile
          target: runner
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/api:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/api:latest' || '' }}
@@ -106,6 +109,7 @@ jobs:
          file: Dockerfile
          target: migrate
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/migrate:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/migrate:latest' || '' }}
@@ -119,6 +123,7 @@ jobs:
          file: Dockerfile
          target: seed
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/seed:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/seed:latest' || '' }}
@@ -132,6 +137,7 @@ jobs:
          file: Dockerfile
          target: reset
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/reset:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/reset:latest' || '' }}
@@ -21,6 +21,14 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet

 ## Test Cases

+### 4.0 Health Check
+
+| # | Scenario | Steps | Expected |
+|---|----------|-------|----------|
+| TC-API-0.1 | Unauthenticated health check | GET /api/health | 200 OK, `{"status":"ok"}` |
+
+> **Note (GRO-1544):** Health endpoint registered on `api` basePath before auth middleware at `/api/health`. The old path `/health` was incorrect (routed to web pod via HTTPRoute `/*` rule).
+
 ### 4.1 Authentication

 | # | Scenario | Steps | Expected |
@@ -36,6 +36,18 @@ const DEMO_PET = {
  weightKg: "30.00",
 };

+const UAT_CLIENT = {
+  name: "UAT Customer",
+  email: "uat-customer@groombook.dev",
+  phone: "555-0100",
+  status: "active" as const,
+};
+
+const UAT_PETS = [
+  { name: "Bella", species: "Dog", breed: "Poodle", coatType: "curly" as const },
+  { name: "Max", species: "Dog", breed: "Labrador Retriever", coatType: "short" as const },
+];
+
 const DEMO_SERVICES = [
  { id: "b0000001-0000-0000-0000-000000000001", name: "Bath & Brush", description: "Full bath, blow-dry, brush out, and ear cleaning", basePriceCents: 4500, durationMinutes: 45 },
  { id: "b0000001-0000-0000-0000-000000000002", name: "Full Groom — Small", description: "Complete grooming for dogs under 25 lbs", basePriceCents: 6500, durationMinutes: 60 },
@@ -128,6 +140,49 @@ adminSeedRouter.post("/seed", async (c) => {
    results.push(`Created pet '${DEMO_PET.name}' for Demo Client (id: ${created!.id})`);
  }

+  // ── Client: UAT Customer ──────────────────────────────────────────────────
+  const [existingUatClient] = await db
+    .select()
+    .from(clients)
+    .where(eq(clients.email, UAT_CLIENT.email));
+
+  let uatClientId: string;
+  if (existingUatClient) {
+    uatClientId = existingUatClient.id;
+    results.push(`Client '${UAT_CLIENT.name}' already exists (id: ${uatClientId})`);
+  } else {
+    const [created] = await db.insert(clients).values(UAT_CLIENT).returning();
+    uatClientId = created!.id;
+    results.push(`Created client '${UAT_CLIENT.name}' (id: ${uatClientId})`);
+  }
+
+  // ── Pets: UAT Customer Pets ───────────────────────────────────────────────
+  const existingUatPets = await db
+    .select()
+    .from(pets)
+    .where(eq(pets.clientId, uatClientId));
+
+  for (const uatPet of UAT_PETS) {
+    const existingPet = existingUatPets.find(
+      (p) => p.name === uatPet.name && p.species === uatPet.species
+    );
+    if (existingPet) {
+      results.push(`Pet '${uatPet.name}' already exists for UAT Customer (id: ${existingPet.id})`);
+    } else {
+      const [created] = await db
+        .insert(pets)
+        .values({
+          clientId: uatClientId,
+          name: uatPet.name,
+          species: uatPet.species,
+          breed: uatPet.breed,
+          coatType: uatPet.coatType,
+        })
+        .returning();
+      results.push(`Created pet '${uatPet.name}' for UAT Customer (id: ${created!.id})`);
+    }
+  }
+
  return c.json({
    message: "Seed complete",
    details: results,
@@ -6,8 +6,10 @@
 CREATE TYPE "pet_size_category" AS ENUM ('small', 'medium', 'large', 'xlarge');
 CREATE TYPE "coat_type" AS ENUM ('smooth', 'double', 'wire', 'curly', 'long', 'hairless');

-- ─── Alter pets columns to use new enums ─────────────────────────────────────
+-- ─── Add columns to pets if missing, then cast to enums ──────────────────────

+ALTER TABLE "pets" ADD COLUMN IF NOT EXISTS "coat_type" text;
+ALTER TABLE "pets" ADD COLUMN IF NOT EXISTS "pet_size_category" text;
 ALTER TABLE "pets" ALTER COLUMN "coat_type" TYPE "coat_type" USING "coat_type"::text::"coat_type";
 ALTER TABLE "pets" ALTER COLUMN "pet_size_category" TYPE "pet_size_category" USING "pet_size_category"::text::"pet_size_category";

@@ -0,0 +1 @@
+-- no-op: journal entry exists but no schema change was needed
@@ -12,7 +12,7 @@ export function getDb() {
  if (_db) return _db;
  const url = process.env.DATABASE_URL;
  if (!url) throw new Error("DATABASE_URL is not set");
-  const client = postgres(url, { max: 10 });
+  const client = postgres(url, { max: 10, connect_timeout: 5 });
  _db = drizzle(client, { schema });
  return _db;
 }
@@ -58,8 +58,11 @@ app.use(
  })
 );

-// Health check (no auth required)
+// Health check — no auth required, registered on app at full path before auth middleware
+// /health: used by Dockerfile HEALTHCHECK and K8s readinessProbe/livenessProbe (port 3000 direct)
 app.get("/health", (c) => c.json({ status: "ok" }));
+// /api/health: used by Gateway HTTPRoute (/api/* → API pod)
+app.get("/api/health", (c) => c.json({ status: "ok" }));

 // Public booking routes — no auth required, must be registered before auth middleware
 app.route("/api/book", bookRouter);
@@ -282,14 +285,16 @@ startReminderScheduler();

 function shutdown() {
  console.log("Shutting down gracefully...");
+  // SIGTERM/SIGINT → server.close() → callback → process.exit(0)
+  // If graceful close takes >8s, force-exit to avoid being killed undrained
+  setTimeout(() => {
+    console.error("Graceful close timeout — forcing exit");
+    process.exit(1);
+  }, 8_000);
  server.close(() => {
    console.log("HTTP server closed");
    process.exit(0);
  });
-  setTimeout(() => {
-    console.error("Forced shutdown after timeout");
-    process.exit(1);
-  }, 10_000);
 }

 process.on("SIGTERM", shutdown);
@@ -186,7 +186,9 @@ export async function initAuth(): Promise<void> {
    const discoveryUrlStr = `${providerConfig.issuerUrl}/.well-known/openid-configuration`;
    let oidcConfig: Record<string, string> = {};
    try {
-      const discoveryRes = await fetch(discoveryUrlStr);
+      const discoveryRes = await fetch(discoveryUrlStr, {
+        signal: AbortSignal.timeout(5000),
+      });
      if (discoveryRes.ok) {
        const discovery = await discoveryRes.json() as {
          authorization_endpoint?: string;
@@ -23,7 +23,7 @@ if (process.env.AUTH_DISABLED === "true") {
 }

 export const authMiddleware: MiddlewareHandler = async (c, next) => {
-  if (c.req.path.startsWith("/api/auth/")) {
+  if (c.req.path.startsWith("/api/auth/") || c.req.path === "/api/health") {
    await next();
    return;
  }
Author	SHA1	Message	Date
Flea Flicker	a1466b44c9	feat(gro-1743): add UAT customer and pets to admin seed endpoint CI / Lint & Typecheck (pull_request) Successful in 12s Details CI / Test (pull_request) Successful in 12s Details CI / Build & Push Docker Images (pull_request) Successful in 1m12s Details Add UAT Customer (uat-customer@groombook.dev) with two pets (Bella and Max) to the idempotent admin seed endpoint for portal UAT testing. - Client: UAT Customer, email: uat-customer@groombook.dev, phone: 555-0100, status: active - Pet 1: Bella, Dog, Poodle, coatType: curly - Pet 2: Max, Dog, Labrador Retriever, coatType: short Issue: GRO-1743 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-25 15:29:36 +00:00
Scrubs McBarkley	b486c44a82	fix(api): add timeouts for OIDC discovery fetch and DB connection (#66 ) CI / Lint & Typecheck (push) Successful in 10s Details CI / Test (push) Successful in 9s Details CI / Build & Push Docker Images (push) Successful in 45s Details	2026-05-24 20:11:44 +00:00
The Dogfather	b5a08a2c7e	Merge pull request 'fix(GRO-1441): remove duplicate coatType/petSizeCategory from buildPet' (#35 ) from fix/gro-1441-remove-duplicate-coat-props into dev CI / Lint & Typecheck (push) Successful in 47s Details CI / Test (push) Successful in 48s Details CI / Build & Push Docker Images (push) Failing after 2m41s Details fix(GRO-1441): remove duplicate coatType/petSizeCategory from buildPet (#35)	2026-05-23 18:31:01 +00:00
The Dogfather	06d72b5baf	Merge pull request 'fix(GRO-1544): restore /health alongside /api/health endpoint' (#60 ) from fix/gro-1544-api-health-endpoint into dev CI / Lint & Typecheck (push) Successful in 45s Details CI / Test (push) Successful in 46s Details CI / Build & Push Docker Images (push) Successful in 2m45s Details fix(GRO-1544): restore /health alongside /api/health endpoint (#60)	2026-05-23 18:30:57 +00:00
The Dogfather	33aa63b10f	Merge pull request 'fix(GRO-1576): add provenance: false to all build-push-action steps' (#64 ) from fix/gro-1576-ci-provenance-false into dev CI / Lint & Typecheck (push) Successful in 10s Details CI / Test (push) Successful in 11s Details CI / Build & Push Docker Images (push) Successful in 20s Details fix(GRO-1576): add provenance: false to all build-push-action steps (#64) Disables OCI attestation manifest generation that was hitting a Gitea registry bug when image layers are pre-existing. Reviewed-by: Lint Roller (QA) Approved-by: The Dogfather (CTO)	2026-05-23 01:40:07 +00:00
Flea Flicker	e26d960046	fix(GRO-1576): add provenance: false to all build-push-action steps CI / Lint & Typecheck (pull_request) Successful in 11s Details CI / Test (pull_request) Successful in 11s Details CI / Build & Push Docker Images (pull_request) Failing after 2m28s Details Docker Buildx v6 defaults to OCI attestation manifests (--attest type=provenance,mode=max). These hit a Gitea registry bug when image layers are pre-existing (blob mount), causing "unknown" errors on manifest list push. API image succeeds because it pushes new layers; migrate/seed/ reset fail because their layers already exist. Disabling provenance attestation on all four build-push-action steps resolves the push failures. Addresses GRO-1575. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 01:30:16 +00:00
The Dogfather	4e8c66f3ca	fix: add network=host to buildx driver-opts for DinD DNS resolution CI / Test (push) Successful in 43s Details CI / Lint & Typecheck (push) Successful in 44s Details CI / Build & Push Docker Images (push) Failing after 39s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 00:52:59 +00:00
The Dogfather	ea28095434	Merge pull request 'fix(GRO-1566): bypass auth for /api/health endpoint on UAT' (#61 ) from fix/gro-1566-api-health-auth-bypass into dev CI / Test (push) Failing after 1m33s Details CI / Lint & Typecheck (push) Failing after 1m39s Details CI / Build & Push Docker Images (push) Has been skipped Details	2026-05-22 22:39:41 +00:00
Flea Flicker	3b9c72c2c4	fix(GRO-1566): bypass auth for /api/health endpoint on UAT CI / Lint & Typecheck (pull_request) Failing after 1m27s Details CI / Test (pull_request) Failing after 1m38s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details The /api/health endpoint returns 401 on UAT because authMiddleware was not skipping it — the health check was registered on the Hono app instance (not the api sub-router), placing it below authMiddleware on the base app. The fix adds /api/health to the auth skip list alongside /api/auth/. The /health endpoint (registered at app level, above all middleware) correctly returns 200. The /api/health endpoint must also be public since the task requires confirming it returns 200. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-22 22:36:15 +00:00
Flea Flicker	49f70eb74b	fix(GRO-1544): restore /health alongside /api/health endpoint CI / Lint & Typecheck (pull_request) Failing after 1m34s Details CI / Test (pull_request) Failing after 1m38s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details The previous GRO-1544 PR changed /health to /api/health but removed the /health endpoint entirely. This breaks: - Dockerfile HEALTHCHECK (curl -f http://localhost:3000/health) - K8s readinessProbe/livenessProbe (httpGet: path: /health, port: 3000) Both paths are registered before auth middleware so both remain publicly accessible without authentication. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 22:18:52 +00:00
The Dogfather	62dfc7776b	Merge pull request 'fix(GRO-1544): register health endpoint at /api/health not /health' (#52 ) from fix/gro-1544-api-health-endpoint into dev CI / Lint & Typecheck (push) Failing after 1m29s Details CI / Test (push) Failing after 1m29s Details CI / Build & Push Docker Images (push) Has been skipped Details fix(GRO-1544): register health endpoint at /api/health not /health Merge PR #52 to dev. Unblocks GRO-1485 UAT regression chain.	2026-05-22 21:49:55 +00:00
The Dogfather	68df697cf3	Merge pull request 'fix(GRO-1533): fix migration 0031 for empty databases' (#57 ) from fix/gro-1533-migration-0031-coat-type into dev CI / Test (push) Successful in 16s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Images (push) Successful in 30s Details fix(GRO-1533): fix migration 0031 for empty databases (#57) Adds ADD COLUMN IF NOT EXISTS for coat_type and pet_size_category before ALTER TYPE casts, making migration safe for both fresh and existing databases. Reviewed-by: gb_lint (QA) Approved-by: CTO	2026-05-22 15:20:50 +00:00
Chris Farhood	174d1c667b	fix(GRO-1533): add missing coat_type/pet_size_category columns in migration 0031 CI / Lint & Typecheck (pull_request) Successful in 10s Details CI / Test (pull_request) Successful in 10s Details CI / Build & Push Docker Images (pull_request) Successful in 40s Details Migration 0031 tries to ALTER the coat_type and pet_size_category columns on the pets table to use new enum types, but no prior migration adds these columns. On a fresh DB (after the reset CronJob wiped all tables), this causes the entire migration chain to fail and roll back. Added ADD COLUMN IF NOT EXISTS before the ALTER TYPE so the migration works both on fresh databases and existing ones with the columns. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-22 15:12:07 +00:00
The Dogfather	9fe6e15012	Merge pull request 'fix(GRO-1533): add missing 0032_staff_read_at.sql migration file' (#55 ) from fix/gro-1533-missing-migration-0032 into dev CI / Lint & Typecheck (push) Successful in 9s Details CI / Test (push) Successful in 10s Details CI / Build & Push Docker Images (push) Successful in 21s Details fix(GRO-1533): add missing 0032_staff_read_at.sql migration file Merged by CTO after QA approval (Review #3513). Unblocks UAT migration pipeline.	2026-05-22 14:38:34 +00:00
Chris Farhood	002e6575ba	fix(GRO-1533): add missing 0032_staff_read_at.sql migration file CI / Test (pull_request) Successful in 2m30s Details CI / Lint & Typecheck (pull_request) Successful in 2m32s Details CI / Build & Push Docker Images (pull_request) Successful in 4m6s Details The migration journal references 0032_staff_read_at but the SQL file was never committed. drizzle-kit migrate fails with "No file ./migrations/0032_staff_read_at.sql found" which blocks all subsequent migrations including the 0033 default_buffer_minutes fix. Added as a no-op since the staff table schema has no readAt column. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-22 14:28:48 +00:00
The Dogfather	f9c679b392	Merge pull request 'fix(GRO-1533): add missing default_buffer_minutes migration' (#53 ) from fix/gro-1533-missing-migration-journal into dev CI / Lint & Typecheck (push) Failing after 3s Details CI / Test (push) Successful in 9s Details CI / Build & Push Docker Images (push) Has been skipped Details Merge fix/gro-1533-missing-migration-journal into dev: add missing default_buffer_minutes migration (GRO-1533)	2026-05-22 14:08:55 +00:00
Flea Flicker	7b2b533c16	docs(api): update UAT_PLAYBOOK.md §4.0 — new health endpoint path CI / Test (pull_request) Successful in 9s Details CI / Lint & Typecheck (pull_request) Successful in 10s Details CI / Build & Push Docker Images (pull_request) Failing after 46s Details Added TC-API-0.1 for GET /api/health (unauthenticated). Corrected path from /health to /api/health (GRO-1544). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 13:49:15 +00:00
Flea Flicker	55894c6ff2	fix(GRO-1544): register health endpoint at /api/health not /health The health check was registered on `app` at `/health`, but the HTTPRoute routes `/api/*` to the API pod. Since auth middleware protects the /api basePath, GET /api/health fell through to authMiddleware → 401. Now registered on `api` before auth middleware at /api/health. Updated UAT_PLAYBOOK.md §GRO-1485 — new health endpoint path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 13:49:15 +00:00
Flea Flicker	9f2809e89b	fix(GRO-1441): remove duplicate coatType/petSizeCategory from buildPet CI / Lint & Typecheck (pull_request) Successful in 15s Details CI / Test (pull_request) Successful in 20s Details CI / Build & Push Docker Image (pull_request) Successful in 25s Details Lines 108-109 were duplicates of lines 102-103 from the PR #12 merge. Removing the duplicate pair resolves the TS1117 error on dev. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 10:31:43 +00:00
				`@@ -0,0 +1 @@`
				`-- no-op: journal entry exists but no schema change was needed`