fix(ci): build all 4 images in Gitea CI (GRO-1522)

- Upgrade lint-typecheck, test, build jobs to Node 22
- Add explicit target: runner for API image (matches GH workflow)
- Add migrate, seed, reset images to Gitea docker job
- Per-image cache refs for Gitea registry (git.farh.net/groombook/cache:{service})

Fixes: missing migrate/seed/reset images in Gitea registry.
Related: The Dogfather review comment on PR #44.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

.gitea/workflows/ci.yml

@@ -0,0 +1,161 @@
+name: CI
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main, dev]
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: "Branch or ref to run CI against"
+        required: false
+        default: "main"
+
+jobs:
+  lint-typecheck:
+    name: Lint & Typecheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: '9.15.4'
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Typecheck
+        run: pnpm typecheck
+
+      - name: Lint
+        run: pnpm lint
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: '9.15.4'
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run tests
+        run: pnpm test
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: [lint-typecheck, test]
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: '9.15.4'
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build
+        run: pnpm build
+
+  docker:
+    name: Build & Push Docker Images
+    runs-on: ubuntu-latest
+    needs: [build]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate image tag
+        id: version
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            TAG="pr-${{ github.event.pull_request.number }}-${GITHUB_SHA::7}"
+          else
+            TAG="$(date -u +%Y.%m.%d)-${GITHUB_SHA::7}"
+          fi
+          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
+          echo "Image tag: $TAG"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.farh.net
+          username: ${{ gitea.actor }}
+          password: ${{ gitea.token }}
+
+      - name: Build and push API image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          target: runner
+          push: true
+          tags: |
+            git.farh.net/groombook/api:${{ steps.version.outputs.tag }}
+            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/api:latest' || '' }}
+          cache-from: type=registry,ref=git.farh.net/groombook/cache:api
+          cache-to: type=registry,ref=git.farh.net/groombook/cache:api,mode=max
+
+      - name: Build and push Migrate image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          target: migrate
+          push: true
+          tags: |
+            git.farh.net/groombook/migrate:${{ steps.version.outputs.tag }}
+            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/migrate:latest' || '' }}
+          cache-from: type=registry,ref=git.farh.net/groombook/cache:migrate
+          cache-to: type=registry,ref=git.farh.net/groombook/cache:migrate,mode=max
+
+      - name: Build and push Seed image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          target: seed
+          push: true
+          tags: |
+            git.farh.net/groombook/seed:${{ steps.version.outputs.tag }}
+            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/seed:latest' || '' }}
+          cache-from: type=registry,ref=git.farh.net/groombook/cache:seed
+          cache-to: type=registry,ref=git.farh.net/groombook/cache:seed,mode=max
+
+      - name: Build and push Reset image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          target: reset
+          push: true
+          tags: |
+            git.farh.net/groombook/reset:${{ steps.version.outputs.tag }}
+            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/reset:latest' || '' }}
+          cache-from: type=registry,ref=git.farh.net/groombook/cache:reset
+          cache-to: type=registry,ref=git.farh.net/groombook/cache:reset,mode=max

.github/workflows/ci.yml

@@ -25,7 +25,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 22
           cache: pnpm
 
       - name: Install dependencies
@@ -49,7 +49,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 22
           cache: pnpm
 
       - name: Install dependencies
@@ -71,7 +71,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 22
           cache: pnpm
 
       - name: Install dependencies

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:20-alpine AS base
+FROM node:22-alpine AS base
 RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
 WORKDIR /app
 
@@ -12,7 +12,7 @@ RUN mkdir -p /home/node/.cache/node/corepack
 COPY apps/api/ apps/api/
 RUN pnpm --filter @groombook/api build
 
-FROM node:20-alpine AS runner
+FROM node:22-alpine AS runner
 RUN corepack enable && corepack prepare pnpm@9.15.4 --activate
 WORKDIR /app
 ENV NODE_ENV=production

UAT_PLAYBOOK.md

@@ -28,7 +28,6 @@ GroomBook API is a Hono-based REST service (TypeScript/Node.js) powering the pet
 | TC-API-1.1 | Login via OIDC | POST to OIDC provider callback, verify JWT token issued | 200 OK, JWT returned with valid claims |
 | TC-API-1.2 | Session persistence | Make authenticated request, verify session token valid | 200 OK, request succeeds |
 | TC-API-1.3 | Logout | Call logout endpoint, verify token invalidated | 200 OK, subsequent requests return 401 |
-| TC-API-1.4 | Auto-provision on first OIDC login | First login as a Better-Auth user with no existing staff record | 200 OK, access granted; groomer staff record auto-created with name/email from user table |
 
 ### 4.2 Client Management
 

apps/api/drizzle.config.ts

@@ -1,7 +1,7 @@
 import { defineConfig } from "drizzle-kit";
 
 export default defineConfig({
-  schema: "./src/schema.ts",
+  schema: "./src/db/schema.ts",
   out: "./migrations",
   dialect: "postgresql",
   dbCredentials: {

apps/api/migrations/0030_extended_pet_profile.sql

@@ -0,0 +1,12 @@
+-- Migration: 0030_extended_pet_profile
+-- Adds extended profile fields to the pets table
+
+BEGIN;
+
+ALTER TABLE pets ADD COLUMN coat_type text;
+ALTER TABLE pets ADD COLUMN temperament_score integer;
+ALTER TABLE pets ADD COLUMN temperament_flags jsonb DEFAULT '[]'::jsonb;
+ALTER TABLE pets ADD COLUMN medical_alerts jsonb DEFAULT '[]'::jsonb;
+ALTER TABLE pets ADD COLUMN preferred_cuts jsonb DEFAULT '[]'::jsonb;
+
+COMMIT;

apps/api/migrations/meta/0030_snapshot.json

@@ -0,0 +1,48 @@
+{
+  "id": "0030_extended_pet_profile",
+  "prevId": "0028_sms_reminders",
+  "version": "7",
+  "dialect": "postgresql",
+  "tables": {
+    "public.pets": {
+      "name": "pets",
+      "schema": "",
+      "columns": {
+        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
+        "client_id": { "name": "client_id", "type": "uuid", "isNullable": false },
+        "name": { "name": "name", "type": "text", "isNullable": false },
+        "species": { "name": "species", "type": "text", "isNullable": false },
+        "breed": { "name": "breed", "type": "text", "isNullable": true },
+        "weight_kg": { "name": "weight_kg", "type": "numeric(5, 2)", "isNullable": true },
+        "date_of_birth": { "name": "date_of_birth", "type": "timestamp", "isNullable": true },
+        "health_alerts": { "name": "health_alerts", "type": "text", "isNullable": true },
+        "grooming_notes": { "name": "grooming_notes", "type": "text", "isNullable": true },
+        "cut_style": { "name": "cut_style", "type": "text", "isNullable": true },
+        "shampoo_preference": { "name": "shampoo_preference", "type": "text", "isNullable": true },
+        "special_care_notes": { "name": "special_care_notes", "type": "text", "isNullable": true },
+        "custom_fields": { "name": "custom_fields", "type": "jsonb", "isNullable": false, "default": "'{}'::jsonb" },
+        "photo_key": { "name": "photo_key", "type": "text", "isNullable": true },
+        "photo_uploaded_at": { "name": "photo_uploaded_at", "type": "timestamp", "isNullable": true },
+        "image": { "name": "image", "type": "text", "isNullable": true },
+        "coat_type": { "name": "coat_type", "type": "text", "isNullable": true },
+        "temperament_score": { "name": "temperament_score", "type": "integer", "isNullable": true },
+        "temperament_flags": { "name": "temperament_flags", "type": "jsonb", "isNullable": true, "default": "'[]'::jsonb" },
+        "medical_alerts": { "name": "medical_alerts", "type": "jsonb", "isNullable": true, "default": "'[]'::jsonb" },
+        "preferred_cuts": { "name": "preferred_cuts", "type": "jsonb", "isNullable": true, "default": "'[]'::jsonb" },
+        "created_at": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
+        "updated_at": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
+      },
+      "indexes": { "idx_pets_client_id": { "name": "idx_pets_client_id", "columns": [{ "expression": "client_id", "isExpression": false, "asc": true, "nulls": "last" }], "isUnique": false } },
+      "foreignKeys": { "pets_client_id_clients_id_fk": { "name": "pets_client_id_clients_id_fk", "tableFrom": "pets", "tableTo": "clients", "columnsFrom": ["client_id"], "columnsTo": ["id"], "onDelete": "cascade" } },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {}
+    }
+  },
+  "enums": {},
+  "schemas": {},
+  "sequences": {},
+  "roles": {},
+  "policies": {},
+  "views": {},
+  "_meta": { "columns": {}, "schemas": {}, "tables": {} }
+}

apps/api/migrations/meta/_journal.json

@@ -204,6 +204,20 @@
       "when": 1775741667192,
       "tag": "0028_sms_reminders",
       "breakpoints": true
+    },
+    {
+      "idx": 29,
+      "version": "7",
+      "when": 1775828067192,
+      "tag": "0029_db_indexes_constraints",
+      "breakpoints": true
+    },
+    {
+      "idx": 30,
+      "version": "7",
+      "when": 1775914467192,
+      "tag": "0030_extended_pet_profile",
+      "breakpoints": true
     }
   ]
 }

apps/api/src/__tests__/petsExtendedFields.test.ts

@@ -0,0 +1,414 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { Hono } from "hono";
+import type { AppEnv, StaffRow } from "../middleware/rbac.js";
+import { petsRouter } from "../routes/pets.js";
+
+// ─── Mock staff fixtures ──────────────────────────────────────────────────────
+
+const MANAGER: StaffRow = {
+  id: "staff-manager-id",
+  oidcSub: "oidc-manager-sub",
+  userId: null,
+  role: "manager",
+  isSuperUser: true,
+  name: "Manager McManager",
+  email: "manager@example.com",
+  active: true,
+  icalToken: null,
+  createdAt: new Date(),
+  updatedAt: new Date(),
+};
+
+// ─── Mutable mock state ───────────────────────────────────────────────────────
+
+const CLIENT_ID = "550e8400-e29b-41d4-a716-446655440001";
+const PET_ID = "660e8400-e29b-41d4-a716-446655440002";
+
+let petRows: Record<string, unknown>[] = [];
+let appointmentRows: Record<string, unknown>[] = [];
+let insertedValues: Record<string, unknown>[] = [];
+let updatedValues: Record<string, unknown>[] = [];
+let deletedId: string | null = null;
+
+function resetMock() {
+  petRows = [{
+    id: PET_ID,
+    clientId: CLIENT_ID,
+    name: "Biscuit",
+    species: "dog",
+    breed: "Golden Retriever",
+    weightKg: "30.00",
+    dateOfBirth: null,
+    healthAlerts: null,
+    groomingNotes: null,
+    cutStyle: null,
+    shampooPreference: null,
+    specialCareNotes: null,
+    customFields: {},
+    photoKey: null,
+    photoUploadedAt: null,
+    image: null,
+    coatType: null,
+    temperamentScore: null,
+    temperamentFlags: [],
+    medicalAlerts: [],
+    preferredCuts: [],
+    createdAt: new Date(),
+    updatedAt: new Date(),
+  }];
+  appointmentRows = [];
+  insertedValues = [];
+  updatedValues = [];
+  deletedId = null;
+}
+
+function makeSelectChainable(rows: unknown[]): unknown {
+  const chain = new Proxy([...rows], {
+    get(target, prop) {
+      if (prop === "where" || prop === "orderBy" || prop === "limit") {
+        return () => chain;
+      }
+      // @ts-expect-error proxy
+      return target[prop];
+    },
+  });
+  return chain;
+}
+
+function makeInsertChainable(): unknown {
+  let vals: Record<string, unknown> = {};
+  const chain = new Proxy({}, {
+    get(target, prop) {
+      if (prop === "values") {
+        return (v: Record<string, unknown>) => { vals = v; return chain; };
+      }
+      if (prop === "returning") {
+        return () => {
+          insertedValues.push(vals);
+          return [vals.id ? { ...vals, id: vals.id ?? PET_ID } : { ...vals, id: PET_ID }];
+        };
+      }
+      return chain;
+    },
+  });
+  return chain;
+}
+
+function makeUpdateChainable(): unknown {
+  let vals: Record<string, unknown> = {};
+  let whereId: string | null = null;
+  const chain = new Proxy({}, {
+    get(target, prop) {
+      if (prop === "set") {
+        return (v: Record<string, unknown>) => { vals = v; return chain; };
+      }
+      if (prop === "where") {
+        return (cond: unknown) => {
+          // Extract id from condition if it's an eq call
+          if (whereId) vals = { ...vals };
+          return chain;
+        };
+      }
+      if (prop === "returning") {
+        return () => {
+          const merged = { ...petRows[0], ...vals };
+          updatedValues.push(vals);
+          return [merged];
+        };
+      }
+      return chain;
+    },
+  });
+  return chain;
+}
+
+function makeDeleteChainable(): unknown {
+  let whereId: string | null = null;
+  const chain = new Proxy({}, {
+    get(target, prop) {
+      if (prop === "where") {
+        return (cond: unknown) => {
+          whereId = PET_ID;
+          return chain;
+        };
+      }
+      if (prop === "returning") {
+        return () => {
+          const row = petRows[0]!;
+          deletedId = row.id as string;
+          return [row];
+        };
+      }
+      return chain;
+    },
+  });
+  return chain;
+}
+
+vi.mock("../db", () => {
+  const pets = new Proxy({ _name: "pets" }, { get: (t, p) => p === "_name" ? "pets" : {} });
+  const appointments = new Proxy({ _name: "appointments" }, { get: (t, p) => p === "_name" ? "appointments" : {} });
+  return {
+    getDb: () => ({
+      select: () => ({
+        from: (table: unknown) => {
+          const name = (table as { _name?: string })._name;
+          if (name === "appointments") return makeSelectChainable(appointmentRows);
+          return makeSelectChainable(petRows);
+        },
+      }),
+      insert: () => makeInsertChainable(),
+      update: () => makeUpdateChainable(),
+      delete: () => makeDeleteChainable(),
+    }),
+    pets,
+    appointments,
+    and: vi.fn(),
+    eq: vi.fn(),
+    exists: vi.fn(),
+    or: vi.fn(),
+  };
+});
+
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+
+function makeApp(staff: StaffRow = MANAGER) {
+  const app = new Hono<AppEnv>();
+  app.use("*", async (c, next) => {
+    c.set("staff", staff);
+    await next();
+  });
+  return app.route("/pets", petsRouter);
+}
+
+function createApp() {
+  const app = makeApp(MANAGER);
+  return app;
+}
+
+// ─── Tests ────────────────────────────────────────────────────────────────────
+
+describe("Extended pet profile fields — validation", () => {
+  beforeEach(resetMock);
+
+  it("rejects temperamentScore of 0 (below min)", async () => {
+    const app = createApp();
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ clientId: CLIENT_ID, name: "Test", species: "dog", temperamentScore: 0 }),
+    });
+    expect(res.status).toBe(400);
+    const body = await res.json();
+    expect(body.success).toBe(false);
+  });
+
+  it("rejects temperamentScore of 6 (above max)", async () => {
+    const app = createApp();
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ clientId: CLIENT_ID, name: "Test", species: "dog", temperamentScore: 6 }),
+    });
+    expect(res.status).toBe(400);
+    const body = await res.json();
+    expect(body.success).toBe(false);
+  });
+
+  it("rejects non-integer temperamentScore", async () => {
+    const app = createApp();
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ clientId: CLIENT_ID, name: "Test", species: "dog", temperamentScore: 3.5 }),
+    });
+    expect(res.status).toBe(400);
+  });
+
+  it("rejects invalid medicalAlert severity", async () => {
+    const app = createApp();
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        clientId: CLIENT_ID,
+        name: "Test",
+        species: "dog",
+        medicalAlerts: [{ type: "seizure", description: "xyz", severity: "critical" }],
+      }),
+    });
+    expect(res.status).toBe(400);
+  });
+
+  it("accepts valid temperamentScore 1–5", async () => {
+    const app = createApp();
+    for (const score of [1, 2, 3, 4, 5]) {
+      resetMock();
+      const res = await app.request("/pets", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ clientId: CLIENT_ID, name: "Test", species: "dog", temperamentScore: score }),
+      });
+      expect(res.status).toBe(201);
+    }
+  });
+
+  it("accepts all valid medicalAlert severity values", async () => {
+    const app = createApp();
+    for (const severity of ["low", "medium", "high"] as const) {
+      resetMock();
+      const res = await app.request("/pets", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          clientId: CLIENT_ID,
+          name: "Test",
+          species: "dog",
+          medicalAlerts: [{ type: "allergy", description: "Sensitive to chicken", severity }],
+        }),
+      });
+      expect(res.status).toBe(201);
+    }
+  });
+});
+
+describe("Extended pet profile fields — create", () => {
+  beforeEach(resetMock);
+
+  it("accepts all extended fields on create", async () => {
+    const app = createApp();
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        clientId: CLIENT_ID,
+        name: "Biscuit",
+        species: "dog",
+        breed: "Golden Retriever",
+        coatType: "double",
+        temperamentScore: 4,
+        temperamentFlags: ["anxious_with_dryers", "gentle"],
+        medicalAlerts: [
+          { type: "seizure", description: "Occasional episodes", severity: "medium" },
+        ],
+        preferredCuts: ["puppy cut", "teddy bear"],
+      }),
+    });
+    expect(res.status).toBe(201);
+    const body = await res.json();
+    expect(body.coatType).toBe("double");
+    expect(body.temperamentScore).toBe(4);
+    expect(body.temperamentFlags).toEqual(["anxious_with_dryers", "gentle"]);
+    expect(body.medicalAlerts).toEqual([{ type: "seizure", description: "Occasional episodes", severity: "medium" }]);
+    expect(body.preferredCuts).toEqual(["puppy cut", "teddy bear"]);
+  });
+
+  it("create without extended fields works (all optional)", async () => {
+    const app = createApp();
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ clientId: CLIENT_ID, name: "Basil", species: "cat" }),
+    });
+    expect(res.status).toBe(201);
+  });
+});
+
+describe("Extended pet profile fields — update", () => {
+  beforeEach(resetMock);
+
+  it("updates coatType", async () => {
+    const app = createApp();
+    const res = await app.request(`/pets/${PET_ID}`, {
+      method: "PATCH",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ coatType: "smooth" }),
+    });
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.coatType).toBe("smooth");
+  });
+
+  it("updates temperamentScore", async () => {
+    const app = createApp();
+    const res = await app.request(`/pets/${PET_ID}`, {
+      method: "PATCH",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ temperamentScore: 2 }),
+    });
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.temperamentScore).toBe(2);
+  });
+
+  it("rejects temperamentScore 0 on update", async () => {
+    const app = createApp();
+    const res = await app.request(`/pets/${PET_ID}`, {
+      method: "PATCH",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ temperamentScore: 0 }),
+    });
+    expect(res.status).toBe(400);
+  });
+
+  it("rejects invalid severity on update", async () => {
+    const app = createApp();
+    const res = await app.request(`/pets/${PET_ID}`, {
+      method: "PATCH",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        medicalAlerts: [{ type: "x", description: "y", severity: "urgent" }],
+      }),
+    });
+    expect(res.status).toBe(400);
+  });
+
+  it("rejects too many temperamentFlags (>20)", async () => {
+    const app = createApp();
+    const flags = Array.from({ length: 21 }, (_, i) => `flag_${i}`);
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ clientId: CLIENT_ID, name: "Test", species: "dog", temperamentFlags: flags }),
+    });
+    expect(res.status).toBe(400);
+  });
+
+  it("rejects too many preferredCuts (>20)", async () => {
+    const app = createApp();
+    const cuts = Array.from({ length: 21 }, (_, i) => `cut_${i}`);
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ clientId: CLIENT_ID, name: "Test", species: "dog", preferredCuts: cuts }),
+    });
+    expect(res.status).toBe(400);
+  });
+
+  it("rejects too many medicalAlerts (>50)", async () => {
+    const app = createApp();
+    const alerts = Array.from({ length: 51 }, (_, i) => ({
+      type: `type_${i}`,
+      description: `desc_${i}`,
+      severity: "low" as const,
+    }));
+    const res = await app.request("/pets", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ clientId: CLIENT_ID, name: "Test", species: "dog", medicalAlerts: alerts }),
+    });
+    expect(res.status).toBe(400);
+  });
+
+  it("returns extended fields in GET response", async () => {
+    petRows = [{ ...petRows[0], coatType: "wire", temperamentScore: 3, temperamentFlags: ["gentle"], medicalAlerts: [], preferredCuts: ["scissor cut"] }];
+    const app = createApp();
+    const res = await app.request(`/pets/${PET_ID}`);
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.coatType).toBe("wire");
+    expect(body.temperamentScore).toBe(3);
+    expect(body.temperamentFlags).toEqual(["gentle"]);
+    expect(body.preferredCuts).toEqual(["scissor cut"]);
+  });
+});

apps/api/src/__tests__/portal.test.ts

@@ -67,6 +67,11 @@ vi.mock("../db", () => {
     { get: (t, p) => (p === "_name" ? "impersonationSessions" : { table: "impersonationSessions", column: p }) }
   );
 
+  const impersonationAuditLogs = new Proxy(
+    { _name: "impersonationAuditLogs" },
+    { get: (t, p) => (p === "_name" ? "impersonationAuditLogs" : { table: "impersonationAuditLogs", column: p }) }
+  );
+
   const appointments = new Proxy(
     { _name: "appointments" },
     { get: (t, p) => (p === "_name" ? "appointments" : { table: "appointments", column: p }) }
@@ -99,8 +104,12 @@ vi.mock("../db", () => {
           }),
         }),
       }),
+      insert: () => ({
+        values: () => ({ returning: () => [{}] }),
+      }),
     }),
     impersonationSessions,
+    impersonationAuditLogs,
     appointments,
     eq: vi.fn(),
     and: vi.fn(),

apps/api/src/__tests__/rbac.test.ts

@@ -45,72 +45,40 @@ const GROOMER: StaffRow = {
 
 let staffLookupResult: StaffRow | null = null;
 let managerFallbackResult: StaffRow | null = MANAGER;
-let userLookupResult: { id: string; name: string | null; email: string | null } | null = null;
-let insertedStaff: StaffRow | null = null;
 
 vi.mock("../db", () => {
-  const makeTableProxy = (name: string) =>
+  const staff = new Proxy(
-    new Proxy(
+    { _name: "staff" },
-      { _name: name },
+    {
-      {
+      get(target, prop) {
-        get(target, prop) {
+        if (prop === "_name") return "staff";
-          if (prop === "_name") return name;
+        if (prop === "$inferSelect") return {};
-          if (prop === "$inferSelect") return {};
+        return { table: "staff", column: prop };
-          return { table: name, column: prop };
-        },
-      }
-    );
-
-  const staff = makeTableProxy("staff");
-  const user = makeTableProxy("user");
-
-  const buildQuery = (result: unknown, fallback: unknown) => ({
-    limit: () => ({
-      [Symbol.iterator]: function* () {
-        if (result) yield result;
       },
-      0: result,
+    }
-      length: result ? 1 : 0,
+  );
-    }),
-  });
 
   return {
     getDb: () => ({
       select: () => ({
-        from: (table: unknown) => ({
+        from: () => ({
-          where: () => buildQuery(
+          where: () => ({
-            table === staff ? staffLookupResult : userLookupResult,
+            limit: () => {
-            table === staff ? managerFallbackResult : null
+              // dev mode fallback to first manager
-          ),
+              return managerFallbackResult ? [managerFallbackResult] : [];
-        }),
+            },
-      }),
+            [Symbol.iterator]: function* () {
-      insert: (table: unknown) => ({
+              if (staffLookupResult) yield staffLookupResult;
-        values: (vals: Record<string, unknown>) => ({
+            },
-          returning: () => {
+            0: staffLookupResult,
-            const newStaff: StaffRow = {
+            length: staffLookupResult ? 1 : 0,
-              id: "new-staff-id",
+          }),
-              oidcSub: null,
-              userId: vals.userId as string,
-              role: vals.role as StaffRow["role"],
-              isSuperUser: false,
-              name: vals.name as string,
-              email: vals.email as string,
-              active: true,
-              icalToken: null,
-              createdAt: new Date(),
-              updatedAt: new Date(),
-            };
-            insertedStaff = newStaff;
-            return [newStaff];
-          },
         }),
       }),
     }),
     staff,
-    user,
     eq: vi.fn((_col: unknown, _val: unknown) => ({ col: _col, val: _val })),
     and: vi.fn((..._clauses: unknown[]) => ({})),
-    sql: vi.fn((..._args: unknown[]) => ({})),
   };
 });
 
@@ -119,8 +87,6 @@ vi.mock("../db", () => {
 function resetMocks() {
   staffLookupResult = null;
   managerFallbackResult = MANAGER;
-  userLookupResult = null;
-  insertedStaff = null;
 }
 
 /** Build a minimal Hono app with jwtPayload pre-set, then apply a middleware. */
@@ -236,50 +202,6 @@ describe("resolveStaffMiddleware", () => {
     const body = await res.json();
     expect(body.error).toMatch(/no staff records found/i);
   });
-
-  it("auto-provision: creates groomer staff record on first login when Better-Auth user exists", async () => {
-    staffLookupResult = null;
-    userLookupResult = { id: "ba-user-new", name: "New User", email: "newuser@example.com" };
-    let capturedStaff: StaffRow | null = null;
-    const app = buildApp(resolveStaffMiddleware, (c) => {
-      capturedStaff = c.get("staff");
-      return c.json({ ok: true });
-    });
-
-    const res = await app.request("/test");
-    expect(res.status).toBe(200);
-    expect(capturedStaff).not.toBeNull();
-    expect(capturedStaff!.role).toBe("groomer");
-    expect(capturedStaff!.userId).toBe("ba-user-new");
-    expect(capturedStaff!.name).toBe("New User");
-    expect(capturedStaff!.email).toBe("newuser@example.com");
-    expect(capturedStaff!.isSuperUser).toBe(false);
-  });
-
-  it("auto-provision: falls back to email prefix when user has no name", async () => {
-    staffLookupResult = null;
-    userLookupResult = { id: "ba-user-noname", name: null, email: "firstlogin@example.com" };
-    let capturedStaff: StaffRow | null = null;
-    const app = buildApp(resolveStaffMiddleware, (c) => {
-      capturedStaff = c.get("staff");
-      return c.json({ ok: true });
-    });
-
-    const res = await app.request("/test");
-    expect(res.status).toBe(200);
-    expect(capturedStaff!.name).toBe("firstlogin");
-  });
-
-  it("auto-provision: returns 403 when no staff record and no Better-Auth user exists", async () => {
-    staffLookupResult = null;
-    userLookupResult = null;
-    const app = buildApp(resolveStaffMiddleware);
-
-    const res = await app.request("/test");
-    expect(res.status).toBe(403);
-    const body = await res.json();
-    expect(body.error).toMatch(/no staff record found for authenticated user/i);
-  });
 });
 
 // ─── requireRole tests ────────────────────────────────────────────────────────

apps/api/src/db/factories.ts

@@ -103,6 +103,11 @@ export function buildPet(overrides: Partial<PetRow> & { clientId: string }): Pet
     photoKey: null,
     photoUploadedAt: null,
     image: null,
+    coatType: null,
+    temperamentScore: null,
+    temperamentFlags: [],
+    medicalAlerts: [],
+    preferredCuts: [],
     createdAt: new Date("2025-01-01T00:00:00Z"),
     updatedAt: new Date("2025-01-01T00:00:00Z"),
   };

apps/api/src/db/schema.ts

@@ -12,6 +12,16 @@ import {
   uuid,
 } from "drizzle-orm/pg-core";
 
+// ─── Shared types ───────────────────────────────────────────────────────────────
+
+export type MedicalAlertSeverity = "low" | "medium" | "high";
+
+export interface MedicalAlert {
+  type: string;
+  description: string;
+  severity: MedicalAlertSeverity;
+}
+
 // ─── Enums ────────────────────────────────────────────────────────────────────
 
 export const appointmentStatusEnum = pgEnum("appointment_status", [
@@ -146,6 +156,12 @@ export const pets = pgTable(
     photoKey: text("photo_key"),
     photoUploadedAt: timestamp("photo_uploaded_at"),
     image: text("image"),
+    // Extended profile fields
+    coatType: text("coat_type"),
+    temperamentScore: integer("temperament_score"),
+    temperamentFlags: jsonb("temperament_flags").$type<string[]>().default([]),
+    medicalAlerts: jsonb("medical_alerts").$type<MedicalAlert[]>().default([]),
+    preferredCuts: jsonb("preferred_cuts").$type<string[]>().default([]),
     createdAt: timestamp("created_at").notNull().defaultNow(),
     updatedAt: timestamp("updated_at").notNull().defaultNow(),
   },

apps/api/src/middleware/rbac.ts

@@ -1,5 +1,5 @@
 import type { MiddlewareHandler } from "hono";
-import { and, eq, getDb, sql, staff, user } from "../db/index.js";
+import { and, eq, getDb, sql, staff } from "../db/index.js";
 
 export type StaffRole = "groomer" | "receptionist" | "manager";
 export type StaffRow = typeof staff.$inferSelect;
@@ -110,30 +110,6 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
       return;
     }
   }
-  // Auto-provision: no staff record exists for this user at all, but a valid
-  // Better-Auth user session exists (jwt.sub = user.id from user table).
-  // Create a minimal groomer staff record on first login.
-  const [userRow] = await db
-    .select({ id: user.id, name: user.name, email: user.email })
-    .from(user)
-    .where(eq(user.id, jwt.sub))
-    .limit(1);
-  if (userRow) {
-    const [newStaff] = await db
-      .insert(staff)
-      .values({
-        name: userRow.name ?? jwt.email?.split("@")[0] ?? "Unknown",
-        email: userRow.email ?? jwt.email ?? "",
-        userId: jwt.sub,
-        role: "groomer",
-        isSuperUser: false,
-        active: true,
-      })
-      .returning();
-    c.set("staff", newStaff);
-    await next();
-    return;
-  }
   return c.json(
     { error: "Forbidden: no staff record found for authenticated user" },
     403

apps/api/src/routes/pets.ts

@@ -24,6 +24,15 @@ const createPetSchema = z.object({
   shampooPreference: z.string().max(500).optional(),
   specialCareNotes: z.string().max(2000).optional(),
   customFields: z.record(z.string(), z.string()).optional(),
+  coatType: z.string().max(100).optional(),
+  temperamentScore: z.number().int().min(1).max(5).optional(),
+  temperamentFlags: z.array(z.string().max(100)).max(20).optional(),
+  medicalAlerts: z.array(z.object({
+    type: z.string().max(100),
+    description: z.string().max(1000),
+    severity: z.enum(["low", "medium", "high"]),
+  })).max(50).optional(),
+  preferredCuts: z.array(z.string().max(200)).max(20).optional(),
 });
 
 const updatePetSchema = createPetSchema.partial().omit({ clientId: true });

apps/api/src/types/index.ts

@@ -42,10 +42,23 @@ export interface Pet {
   customFields: Record<string, string>;
   photoKey?: string;
   photoUploadedAt?: string;
+  coatType?: string | null;
+  temperamentScore?: number | null;
+  temperamentFlags?: string[];
+  medicalAlerts?: MedicalAlert[];
+  preferredCuts?: string[];
   createdAt: string;
   updatedAt: string;
 }
 
+export type MedicalAlertSeverity = "low" | "medium" | "high";
+
+export interface MedicalAlert {
+  type: string;
+  description: string;
+  severity: MedicalAlertSeverity;
+}
+
 export interface GroomingVisitLog {
   id: string;
   petId: string;

package.json

@@ -3,5 +3,6 @@
   "version": "0.0.1",
   "private": true,
   "type": "module",
+  "packageManager": "pnpm@9.15.4",
   "license": "AGPL-3.0-only"
 }