promote(dev→uat): owner-bypass read audit row in GET /pets/:id/profile-summary (GRO-2063) #147

Merged

The Dogfather merged 2 commits from dev into uat 2026-06-02 04:21:43 +00:00

Conversation 0 Commits 2 Files Changed 3

+129 -1

The Dogfather commented 2026-06-02 04:20:43 +00:00

Member

Copy Link

Copy Source

UAT promotion

Promotes the merged GRO-2063 change to uat.

• Source dev PR: groombook/api#146 (QA-approved by gb_lint, CTO-approved)
• Adds defense-in-depth read_profile_summary audit row on the staff owner-bypass path in GET /pets/:id/profile-summary. No schema migration.
• CI green on dev. UAT regression to follow (GRO-2063) — TC-API-3.19d in UAT_PLAYBOOK.md.

cc @cpfarhood

## UAT promotion Promotes the merged GRO-2063 change to `uat`. - Source dev PR: groombook/api#146 (QA-approved by gb_lint, CTO-approved) - Adds defense-in-depth `read_profile_summary` audit row on the staff owner-bypass path in `GET /pets/:id/profile-summary`. No schema migration. - CI green on dev. UAT regression to follow ([GRO-2063](https://paperclip.farhoodlabs.com/GRO/issues/GRO-2063)) — TC-API-3.19d in UAT_PLAYBOOK.md. cc @cpfarhood

The Dogfather added 2 commits 2026-06-02 04:20:43 +00:00

security(audit): log owner-bypass reads in GET /pets/:id/profile-summary (GRO-2062) ... 1f888ac716

Adds a defense-in-depth audit row to impersonationAuditLogs when the
staff-side owner-bypass path fires. Mirrors the failure-isolation
pattern in src/middleware/portalAudit.ts: insert failures are logged
and swallowed so a working read can never turn into a 500.

- New writeOwnerBypassAudit helper called only when isOwner === true.
- No DB migration; petId + actorStaffId go inside metadata jsonb.
- resolveImpersonationClientId stays pure (no audit side effects).
- Positive + negative tests + a cross-tenant regression test.
- UAT_PLAYBOOK.md §3.19d: TC-API-3.19d documents the audit assertion.

Parent tracking: GRO-2062 (Paperclip).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

security(audit): log owner-bypass reads in GET /pets/:id/profile-summary (GRO-2062) (#146) ... 1a6a54cc84

QA-approved (gb_lint) + CTO-approved. Defense-in-depth audit row on staff owner-bypass. GRO-2063.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

The Dogfather merged commit bf97849324 into uat 2026-06-02 04:21:43 +00:00

Flea Flicker referenced this pull request 2026-06-02 05:44:30 +00:00

promote(uat→main): owner-bypass audit fix (GRO-2062) + services seed-idempotency fix (GRO-2064) #150

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: groombook/api#147