Merge pull request 'feat(GRO-2152): route optimization schema migration' (#164) from feat/gro-2152-route-optimization-schema-dev into dev

Add the database foundation for mobile groomer route optimization:

- clients: latitude/longitude (double precision) + geocodedAt
- groomer_routes: per-(staff, date) route with route_status enum,
  totals, optimizedAt; UNIQUE(staff_id, route_date)
- route_stops: ordered stops FK->groomer_routes (cascade) + appointments,
  lat/lng, per-leg travel mins/distance, bufferMins;
  UNIQUE(route_id, appointment_id) and UNIQUE(route_id, stop_order)
- business_settings: defaultTravelBufferMins (default 15),
  routeOptimizationProvider (default nominatim), googleMapsApiKey
  (encrypted at rest at the app layer)
- Idempotent hand-authored migration 0041 + journal entry (when=max+1)

Lands in packages/db (the deployed schema/migration source per the
Dockerfile migrate stage); apps/api is the legacy CI-only copy.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

UAT_PLAYBOOK.md

@@ -147,8 +147,6 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
 | TC-API-3.19b | Get pet profile summary — customer cross-tenant blocked (GRO-2013) | Sign in as `uat-customer@groombook.dev`; reuse the customer's sessionId from TC-API-3.19a; `GET /api/pets/{otherClientPetId}/profile-summary` for a pet owned by a different client (`c0000002-...` or any non-customer pet) | 403 Forbidden (owner-bypass requires session.clientId === pet.clientId) |
 | TC-API-3.19c | Get pet profile summary — customer without portal session header | Same as TC-API-3.19a but omit the `X-Impersonation-Session-Id` header | 403 Forbidden (no owner-bypass without valid portal session) |
 | TC-API-3.19d | Get pet profile summary — owner-bypass writes audit row (GRO-2063) | Same setup as TC-API-3.19a (sign in as `uat-customer@groombook.dev`, establish a portal session for the customer's own clientId, call `GET /api/pets/{ownPetId}/profile-summary` with `X-Impersonation-Session-Id: {sessionId}` and a 200 OK response). Then call `GET /api/impersonation/sessions/{sessionId}/audit-log` and confirm there is exactly one entry with `action === "read_profile_summary"`, `pageVisited` matching the profile-summary path, and `metadata` containing `petId` and `actorStaffId` for the customer. Repeat TC-API-3.19b (cross-tenant attempt) and confirm NO new `read_profile_summary` row was written for the cross-tenant attempt. | 200 OK on the profile-summary call AND an audit log entry is present with the correct shape (defense-in-depth audit row; bypass attempts against other clients must NOT log) |
-| TC-UAT-2 | Groomer accesses linked pet profile summary (GRO-2100) | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000002/profile-summary` (UAT Pup Alpha — linked via deterministic completed appointment `a0000001-0000-0000-0000-000000000001`, service `b0000001-…-0001` "Bath & Brush", `startTime` ~7 days ago) | 200 OK, `recentGroomingHistory[]` non-empty (>=1 entry), `visitCount >= 1`, `upcomingAppointment` null (the seeded appointment is in the past) |
-| TC-UAT-3 | Groomer blocked from unlinked pet profile summary (GRO-2100) | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000003/profile-summary` (UAT Pup Beta — intentionally UNLINKED; no appointment row references this pet's clientId+groomerId combo) | 403 Forbidden (RBAC `groomer` role lacks the appointment-linkage grant for this pet). NOTE: if 404 is returned instead of 403, file a separate RBAC defect (not against the seed) — see GRO-2100 verification note |
 | TC-API-3.29 | Get pet profile summary — unknown UUID returns 404 (GRO-2014) | GET /api/pets/00000000-0000-0000-0000-000000000001/profile-summary while authenticated (any role) | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014) |
 | TC-API-3.30 | Get pet profile summary — malformed UUID returns 404 (GRO-2014) | GET /api/pets/not-a-uuid/profile-summary while authenticated | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014 — Postgres uuid cast failure) |
 | TC-API-3.31 | Get pet profile summary — never empty-body 500 (GRO-2014) | GET /api/pets/{anyId}/profile-summary across the test sweep | No response has status 500 with an empty body. Any 500 must include a JSON body `{"error":"Internal Server Error"}` |
@@ -168,6 +166,7 @@ Expected: one row, `role = 'groomer'`. If zero rows return, the request hit the
 | TC-API-3.26 | Verify 25-35% medicalAlerts distribution | GET /api/pets (first 30 pets), count how many have non-empty medicalAlerts | Ratio is 25-35% (seed uses rand() < 0.3 for ~30% distribution) |
 | TC-API-3.27 | Verify coat_type enum has all seed values | After UAT seed completes, inspect the coat_type enum on the UAT DB — it must contain: short, medium, long, double, wire, silky, curly, hairless | UAT seed jobs (`reset-demo-data`, `seed-test-data`) complete 1/1 with no `enum_in` error; coat_type includes all 8 values used by seed.ts `coatTypePool` |
 | TC-API-3.28 | Verify pet_size_category enum has all seed values | After UAT seed completes, inspect the pet_size_category enum on the UAT DB — it must contain: small, medium, large, extra_large | UAT seed jobs (`reset-demo-data`, `seed-test-data`) complete 1/1 with no `enum_in` error; pet_size_category includes all 4 values used by seed.ts `petSizeCategoryPool` (regression for GRO-1999, mirrors TC-API-3.27) |
+| TC-API-3.29 | Verify `reset-demo-data` CronJob does not fail with FK 23503 on `invoice_tip_splits` (GRO-2123) | Trigger the CronJob manually: `kubectl create job --from=cronjob/reset-demo-data verify-gro2123 -n groombook-uat`. Wait for pod to terminate. Inspect logs: `kubectl logs -n groombook-uat -l job-name=verify-gro2123` | Pod reaches `Completed` state; logs show `✓ Acquired seed advisory lock` and `✓ Released seed advisory lock` from `seed.ts`; no `PostgresError: … violates foreign key constraint "invoice_tip_splits_invoice_id_invoices_id_fk"` (code 23503); final counts unchanged (500 clients, ~4000 invoices) |
 
 ### 4.4 Appointment Scheduling
 

apps/api/package.json

@@ -12,8 +12,8 @@
     "test": "vitest run",
     "db:generate": "drizzle-kit generate",
     "db:migrate": "drizzle-kit migrate",
-    "db:seed": "tsx src/db/seed.ts",
-    "db:reset": "tsx src/db/reset.ts && drizzle-kit migrate && tsx src/db/seed.ts",
+    "db:seed": "pnpm --filter @groombook/db seed",
+    "db:reset": "pnpm --filter @groombook/db reset",
     "db:studio": "drizzle-kit studio"
   },
   "dependencies": {

packages/db/migrations/0041_route_optimization.sql

@@ -0,0 +1,66 @@
+-- Migration: 0041_route_optimization.sql
+-- Route optimization schema: geocoding columns on clients, groomerRoutes +
+-- routeStops tables, and route settings on business_settings.
+-- Written idempotently so it is safe to re-run.
+
+-- ─── Enums ────────────────────────────────────────────────────────────────────
+
+DO $$ BEGIN
+  CREATE TYPE "route_status" AS ENUM ('draft', 'optimized', 'in_progress', 'completed');
+EXCEPTION WHEN duplicate_object THEN NULL;
+END $$;
+
+-- ─── Clients: geocoding columns ───────────────────────────────────────────────
+
+ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "latitude" double precision;
+ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "longitude" double precision;
+ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "geocoded_at" timestamp;
+
+-- ─── Business settings: route optimization config ─────────────────────────────
+
+ALTER TABLE "business_settings"
+  ADD COLUMN IF NOT EXISTS "default_travel_buffer_mins" integer NOT NULL DEFAULT 15;
+ALTER TABLE "business_settings"
+  ADD COLUMN IF NOT EXISTS "route_optimization_provider" text DEFAULT 'nominatim';
+-- Encrypted at rest at the application layer (AES-256-GCM).
+ALTER TABLE "business_settings"
+  ADD COLUMN IF NOT EXISTS "google_maps_api_key" text;
+
+-- ─── Groomer routes table ─────────────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS "groomer_routes" (
+  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  "staff_id" uuid NOT NULL REFERENCES "staff"("id") ON DELETE CASCADE,
+  "route_date" date NOT NULL,
+  "status" "route_status" NOT NULL DEFAULT 'draft',
+  "total_travel_mins" integer,
+  "total_distance_km" numeric(8, 2),
+  "optimized_at" timestamp,
+  "created_at" timestamp NOT NULL DEFAULT now(),
+  "updated_at" timestamp NOT NULL DEFAULT now(),
+  CONSTRAINT "uq_groomer_routes_staff_date" UNIQUE ("staff_id", "route_date")
+);
+
+CREATE INDEX IF NOT EXISTS "idx_groomer_routes_staff_id"
+  ON "groomer_routes"("staff_id");
+
+-- ─── Route stops table ────────────────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS "route_stops" (
+  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  "route_id" uuid NOT NULL REFERENCES "groomer_routes"("id") ON DELETE CASCADE,
+  "appointment_id" uuid NOT NULL REFERENCES "appointments"("id") ON DELETE CASCADE,
+  "stop_order" integer NOT NULL,
+  "latitude" double precision NOT NULL,
+  "longitude" double precision NOT NULL,
+  "travel_mins_from_prev" integer,
+  "travel_distance_km_from_prev" numeric(8, 2),
+  "buffer_mins" integer NOT NULL DEFAULT 15,
+  "created_at" timestamp NOT NULL DEFAULT now(),
+  "updated_at" timestamp NOT NULL DEFAULT now(),
+  CONSTRAINT "uq_route_stops_route_appointment" UNIQUE ("route_id", "appointment_id"),
+  CONSTRAINT "uq_route_stops_route_order" UNIQUE ("route_id", "stop_order")
+);
+
+CREATE INDEX IF NOT EXISTS "idx_route_stops_route_id"
+  ON "route_stops"("route_id");

packages/db/migrations/meta/_journal.json

@@ -281,6 +281,13 @@
       "when": 1780000000002,
       "tag": "0040_register_missing_coat_type_values",
       "breakpoints": true
+    },
+    {
+      "idx": 41,
+      "version": "7",
+      "when": 1780000000003,
+      "tag": "0041_route_optimization",
+      "breakpoints": true
     }
   ]
-}
+}

packages/db/src/factories.ts

@@ -78,6 +78,9 @@ export function buildClient(overrides: Partial<ClientRow> = {}): ClientRow {
     stripeCustomerId: null,
     status: "active",
     disabledAt: null,
+    latitude: null,
+    longitude: null,
+    geocodedAt: null,
     createdAt: new Date("2025-01-01T00:00:00Z"),
     updatedAt: new Date("2025-01-01T00:00:00Z"),
     ...overrides,

packages/db/src/schema.ts

@@ -1,5 +1,7 @@
 import {
   boolean,
+  date,
+  doublePrecision,
   index,
   integer,
   jsonb,
@@ -140,6 +142,10 @@ export const clients = pgTable(
     stripeCustomerId: text("stripe_customer_id"),
     status: clientStatusEnum("status").notNull().default("active"),
     disabledAt: timestamp("disabled_at"),
+    // Geocoded coordinates for route optimization; null until geocoded.
+    latitude: doublePrecision("latitude"),
+    longitude: doublePrecision("longitude"),
+    geocodedAt: timestamp("geocoded_at"),
     createdAt: timestamp("created_at").notNull().defaultNow(),
     updatedAt: timestamp("updated_at").notNull().defaultNow(),
   },
@@ -555,6 +561,16 @@ export const businessSettings = pgTable("business_settings", {
   accentColor: text("accent_color").notNull().default("#8b7355"),
   messagingPhoneNumber: text("messaging_phone_number"),
   telnyxMessagingProfileId: text("telnyx_messaging_profile_id"),
+  // Route optimization settings.
+  defaultTravelBufferMins: integer("default_travel_buffer_mins")
+    .notNull()
+    .default(15),
+  routeOptimizationProvider: text("route_optimization_provider").default(
+    "nominatim"
+  ),
+  // Encrypted at rest at the application layer (AES-256-GCM), mirroring
+  // the handling of authProviderConfigs.clientSecret.
+  googleMapsApiKey: text("google_maps_api_key"),
   createdAt: timestamp("created_at").notNull().defaultNow(),
   updatedAt: timestamp("updated_at").notNull().defaultNow(),
 });
@@ -658,3 +674,69 @@ export const bufferRules = pgTable(
     index("idx_buffer_rules_service_id").on(t.serviceId),
   ]
 );
+
+// ─── Route Optimization ───────────────────────────────────────────────────────
+
+export const routeStatusEnum = pgEnum("route_status", [
+  "draft",
+  "optimized",
+  "in_progress",
+  "completed",
+]);
+
+// A groomer's optimized route for a single day. One row per (staff, date).
+export const groomerRoutes = pgTable(
+  "groomer_routes",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    staffId: uuid("staff_id")
+      .notNull()
+      .references(() => staff.id, { onDelete: "cascade" }),
+    routeDate: date("route_date", { mode: "string" }).notNull(),
+    status: routeStatusEnum("status").notNull().default("draft"),
+    // Populated once the route is optimized.
+    totalTravelMins: integer("total_travel_mins"),
+    totalDistanceKm: numeric("total_distance_km", { precision: 8, scale: 2 }),
+    optimizedAt: timestamp("optimized_at"),
+    createdAt: timestamp("created_at").notNull().defaultNow(),
+    updatedAt: timestamp("updated_at").notNull().defaultNow(),
+  },
+  (t) => [
+    // One route per groomer per day.
+    unique("uq_groomer_routes_staff_date").on(t.staffId, t.routeDate),
+    index("idx_groomer_routes_staff_id").on(t.staffId),
+  ]
+);
+
+// An ordered stop within a groomer's route, tied to an appointment.
+export const routeStops = pgTable(
+  "route_stops",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    routeId: uuid("route_id")
+      .notNull()
+      .references(() => groomerRoutes.id, { onDelete: "cascade" }),
+    appointmentId: uuid("appointment_id")
+      .notNull()
+      .references(() => appointments.id, { onDelete: "cascade" }),
+    stopOrder: integer("stop_order").notNull(),
+    latitude: doublePrecision("latitude").notNull(),
+    longitude: doublePrecision("longitude").notNull(),
+    // Null for the first stop in the route.
+    travelMinsFromPrev: integer("travel_mins_from_prev"),
+    travelDistanceKmFromPrev: numeric("travel_distance_km_from_prev", {
+      precision: 8,
+      scale: 2,
+    }),
+    bufferMins: integer("buffer_mins").notNull().default(15),
+    createdAt: timestamp("created_at").notNull().defaultNow(),
+    updatedAt: timestamp("updated_at").notNull().defaultNow(),
+  },
+  (t) => [
+    // An appointment appears at most once per route.
+    unique("uq_route_stops_route_appointment").on(t.routeId, t.appointmentId),
+    // Stop order is unique within a route.
+    unique("uq_route_stops_route_order").on(t.routeId, t.stopOrder),
+    index("idx_route_stops_route_id").on(t.routeId),
+  ]
+);

packages/db/src/seed.ts

@@ -401,7 +401,9 @@ const servicesDef = [
  *
  * In seedKnownUsers() this replaces the inline UAT-staff block.
  */
-async function seedUatStaffAccounts(db: ReturnType<typeof drizzle>) {
+async function seedUatStaffAccounts(
+  db: ReturnType<typeof drizzle>,
+): Promise<string | null> {
   // ── Staff: UAT Super User (oidcSub from SEED_UAT_SUPER_OIDC_SUB env var) ──
   const uatSuperOidcSub = process.env.SEED_UAT_SUPER_OIDC_SUB;
   if (uatSuperOidcSub) {
@@ -677,7 +679,12 @@ async function seedUatStaffAccounts(db: ReturnType<typeof drizzle>) {
   // We deterministically link the UAT groomer to the UAT customer's first pet
   // ("UAT Pup Alpha") and leave the second pet ("UAT Pup Beta") UNLINKED so
   // TC-UAT-2 (200) and TC-UAT-3 (403) can both hardcode the stable petIds.
-  await seedUatGroomerLinkage(db, uatCustomerClientId);
+  //
+  // The linkage call itself is performed by the caller AFTER the `services`
+  // catalogue has been seeded (this helper runs before services exist,
+  // which previously caused the linkage to be silently skipped on every
+  // reset). GRO-2100 follow-up.
+  return uatCustomerClientId;
 }
 
 /**
@@ -692,12 +699,18 @@ async function seedUatStaffAccounts(db: ReturnType<typeof drizzle>) {
  */
 async function seedUatGroomerLinkage(
   db: ReturnType<typeof drizzle>,
-  customerClientId: string,
+  customerClientId: string | null,
 ): Promise<void> {
   const uatGroomerEmail = "uat-groomer@groombook.dev";
   const LINKED_PET_ID = "c0000001-0000-0000-0000-000000000002"; // UAT Pup Alpha
   const APPT_ID = "a0000001-0000-0000-0000-000000000001";
 
+  // Skip silently if the UAT Customer client wasn't created (non-UAT seed
+  // profile, e.g. seedKnownUsers() in an env without the UAT personas).
+  if (!customerClientId) {
+    return;
+  }
+
   // Only run if the UAT groomer staff record actually exists — dev/test seeds
   // that don't set SEED_UAT_STAFF_OIDC_SUB should not crash.
   const [uatGroomerStaff] = await db
@@ -720,6 +733,19 @@ async function seedUatGroomerLinkage(
     return;
   }
 
+  // Skip if the linked pet hasn't been seeded yet (defensive: caller should
+  // ensure pets exist; if the helper is re-ordered later we don't want to
+  // crash here).
+  const [linkedPet] = await db
+    .select({ id: schema.pets.id })
+    .from(schema.pets)
+    .where(eq(schema.pets.id, LINKED_PET_ID))
+    .limit(1);
+  if (!linkedPet) {
+    console.warn(`⚠ GRO-2100: UAT Pup Alpha (${LINKED_PET_ID}) not found — skipping uat-groomer linkage`);
+    return;
+  }
+
   // The "Bath & Brush" service id is stable across the reset; falls back to
   // any active service if it has not been seeded yet (e.g. seedKnownUsers
   // runs in isolation).
@@ -847,7 +873,7 @@ async function seedKnownUsers() {
   // ── UAT staff accounts + Better Auth credentials (shared impl) ──────────────
   // Extracted into seedUatStaffAccounts() so it runs in both seedKnownUsers()
   // and the full seed() UAT branch.
-  await seedUatStaffAccounts(db);
+  const uatCustomerClientId = await seedUatStaffAccounts(db);
 
   // ── Services: idempotent upsert keyed on `id` ─────────────────────────────
   // GRO-2064: previously keyed on `services.name` while writing a
@@ -875,6 +901,12 @@ async function seedKnownUsers() {
   }
   console.log(`✓ Seeded ${demoSvcs.length} services`);
 
+  // GRO-2100: deterministic uat-groomer ↔ UAT Pup Alpha linkage. Must run
+  // AFTER services are seeded (this helper looks up an active service id
+  // to attach to the appointment; on a fresh reset there are none yet at
+  // the time seedUatStaffAccounts() returns).
+  await seedUatGroomerLinkage(db, uatCustomerClientId);
+
   // ── Client: Demo Client ──
   const [existingClient] = await db
     .select()
@@ -944,6 +976,63 @@ async function seedKnownUsers() {
 
 // ── Main seed ────────────────────────────────────────────────────────────────
 
+// ── GRO-2123: serialize reset+seed with a Postgres advisory lock ────────
+// The reset-demo-data CronJob runs on an hourly schedule. With
+// concurrencyPolicy=Replace, a new pod can start while the previous one
+// is still mid-seed; the new pod's TRUNCATE then deletes rows the old pod
+// is still inserting, producing FK 23503 errors non-deterministically
+// (see GRO-2123: invoice_tip_splits → invoices).
+//
+// We hold a session-level advisory lock for the full duration of the
+// seed so that overlapping invocations block then proceed in order —
+// not skip. The key is a stable 32-bit constant so it can be referenced
+// from runbooks without ambiguity and binds to the single-argument
+// `pg_advisory_lock(int)` form, which postgres-js serializes as a plain
+// number (no bigint type plumbing required).
+const SEED_ADVISORY_LOCK_KEY = 0x47524f4f; // "GROO" in ASCII — arbitrary, stable
+
+/**
+ * Reserve a dedicated connection from `pool`, take the seed advisory lock
+ * on it, run `fn`, and release the lock + connection in a try/finally.
+ *
+ * CRITICAL: with postgres-js connection pooling, a session-level
+ * `pg_advisory_lock(KEY)` acquired on one pooled connection and released
+ * on a *different* one is a no-op (the lock is bound to the session /
+ * pg-backend that took it). We therefore reserve a dedicated connection
+ * for the lock and release it from the same reserved connection. The
+ * seed work itself still runs on the pooled connections.
+ */
+async function withSeedAdvisoryLock<T>(
+  pool: ReturnType<typeof postgres>,
+  fn: () => Promise<T>,
+): Promise<T> {
+  const lockConnection = await pool.reserve();
+  let lockHeld = false;
+  try {
+    await lockConnection`SELECT pg_advisory_lock(${SEED_ADVISORY_LOCK_KEY})`;
+    lockHeld = true;
+    console.log(`✓ Acquired seed advisory lock (key=${SEED_ADVISORY_LOCK_KEY})`);
+    const result = await fn();
+    await lockConnection`SELECT pg_advisory_unlock(${SEED_ADVISORY_LOCK_KEY})`;
+    lockHeld = false;
+    console.log(`✓ Released seed advisory lock`);
+    return result;
+  } finally {
+    if (lockHeld) {
+      try {
+        await lockConnection`SELECT pg_advisory_unlock(${SEED_ADVISORY_LOCK_KEY})`;
+      } catch (err) {
+        console.error("Failed to release seed advisory lock during cleanup:", err);
+      }
+    }
+    try {
+      lockConnection.release();
+    } catch (err) {
+      console.error("Failed to release reserved lock connection:", err);
+    }
+  }
+}
+
 async function seed() {
   const url = process.env.DATABASE_URL;
   if (!url) {
@@ -961,6 +1050,22 @@ async function seed() {
   const client = postgres(url, { max: 5 });
   const db = drizzle(client, { schema });
 
+  // GRO-2123: hold the seed advisory lock for the full body of runSeedBody.
+  // See the withSeedAdvisoryLock comment for why a reserved connection is
+  // required (postgres-js pooling would silently drop the lock otherwise).
+  await withSeedAdvisoryLock(client, async () => {
+    return await runSeedBody(client, db, profile, cfg);
+  });
+
+  await client.end();
+}
+
+async function runSeedBody(
+  client: ReturnType<typeof postgres>,
+  db: ReturnType<typeof drizzle>,
+  profile: SeedProfile,
+  cfg: ProfileConfig,
+): Promise<void> {
   console.log(`Seeding Groom Book database (profile: ${profile})...\n`);
 
   // ── Staff ──
@@ -1031,7 +1136,7 @@ async function seed() {
   // ── UAT staff accounts + Better Auth credentials (shared impl) ──────────────
   // Seeds deterministic UAT staff with numeric OIDC subs and Better Auth credentials.
   // Must run AFTER random staff are created so upserts land correctly.
-  await seedUatStaffAccounts(db);
+  const uatCustomerClientId = await seedUatStaffAccounts(db);
 
   // ── Services ──
   // GRO-2064: key the upsert on `services.id` (not `name`) so deterministic
@@ -1058,6 +1163,12 @@ async function seed() {
   }
   console.log(`✓ Created ${servicesDef.length} services`);
 
+  // GRO-2100: deterministic uat-groomer ↔ UAT Pup Alpha linkage. Must run
+  // AFTER services are seeded (this helper looks up an active service id
+  // to attach to the appointment; on a fresh reset there are none yet at
+  // the time seedUatStaffAccounts() returns).
+  await seedUatGroomerLinkage(db, uatCustomerClientId);
+
   // ── Clients & Pets ──
   const now = new Date();
   const appointmentsBackDate = new Date(now);
@@ -1576,8 +1687,6 @@ async function seed() {
   }
   console.log(`✓ Created ${visitLogCount} grooming visit logs`);
   console.log("\nSeed complete!");
-
-  await client.end();
 }
 
 seed().catch((err) => {