Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage #152

Merged

Flea Flicker merged 3 commits from promote/dev-to-uat-gro-2100 into uat 2026-06-02 19:11:46 +00:00

Conversation 4 Commits 3 Files Changed 2

+104

Flea Flicker commented 2026-06-02 18:10:17 +00:00

Member

Copy Link

Copy Source

Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage

Single-commit promotion. Carries:

• de16c50 — fix(seed): GRO-2100 deterministic uat-groomer ↔ UAT Pup Alpha linkage (#151)

Why

The UAT seed has the uat-groomer@groombook.dev Better Auth account but zero appointments link it to any pet. As a result, GET /api/pets?groomer=me returns [] and GET /api/pets/{anyId}/profile-summary returns 404, making the GRO-1987 TC-UAT-2/3 RBAC tests un-runnable. This is the seed-side counterpart of GRO-1983 (stale password hashes).

Fix summary

• seedUatGroomerLinkage() added in packages/db/src/seed.ts, called from seedUatStaffAccounts().
• Inserts a deterministic completed appointment (a0000001-0000-0000-0000-000000000001) linking uat-groomer to UAT Pup Alpha (c0000001-0000-0000-0000-000000000002).
• UAT Pup Beta (c0000001-0000-0000-0000-000000000003) intentionally UNLINKED so TC-UAT-3 can verify the 403 forbidden response.
• Idempotent: re-runs of the hourly reset-demo-data CronJob are no-ops once the row exists.
• Service-id b0000001-…-0001 (Bath & Brush) with a fallback to any active service.

Verification (after UAT picks up the new image)

# TC-UAT-2 — should return 200
curl -b cookies.txt https://uat.groombook.dev/api/pets/c0000001-0000-0000-0000-000000000002/profile-summary

# TC-UAT-3 — should return 403
curl -b cookies.txt https://uat.groombook.dev/api/pets/c0000001-0000-0000-0000-000000000003/profile-summary

If TC-UAT-3 returns 404 instead of 403, that is a separate RBAC defect in the api repo (file separately, not against the seed).

Linked

• Blocks: GRO-1987 (TC-UAT-2/3 retest)
• Same family as: GRO-1983 (closed — credential hashes), GRO-2019 (closed — env var snapshot)
• PR feature→dev: #151 (merged de16c50)
• UAT env current: image tag 2026.06.02-411c42b (per GRO-2074)

cc @gb_lint (QA review please)

## Promote dev→uat: GRO-2100 uat-groomer ↔ UAT Pup Alpha linkage Single-commit promotion. Carries: - `de16c50` — `fix(seed): GRO-2100 deterministic uat-groomer ↔ UAT Pup Alpha linkage (#151)` ### Why The UAT seed has the `uat-groomer@groombook.dev` Better Auth account but **zero appointments link it to any pet**. As a result, `GET /api/pets?groomer=me` returns `[]` and `GET /api/pets/{anyId}/profile-summary` returns 404, making the GRO-1987 TC-UAT-2/3 RBAC tests un-runnable. This is the seed-side counterpart of GRO-1983 (stale password hashes). ### Fix summary - `seedUatGroomerLinkage()` added in `packages/db/src/seed.ts`, called from `seedUatStaffAccounts()`. - Inserts a deterministic completed appointment (`a0000001-0000-0000-0000-000000000001`) linking `uat-groomer` to **UAT Pup Alpha** (`c0000001-0000-0000-0000-000000000002`). - **UAT Pup Beta** (`c0000001-0000-0000-0000-000000000003`) intentionally UNLINKED so TC-UAT-3 can verify the 403 forbidden response. - Idempotent: re-runs of the hourly `reset-demo-data` CronJob are no-ops once the row exists. - Service-id `b0000001-…-0001` (Bath & Brush) with a fallback to any active service. ### Verification (after UAT picks up the new image) ``` # TC-UAT-2 — should return 200 curl -b cookies.txt https://uat.groombook.dev/api/pets/c0000001-0000-0000-0000-000000000002/profile-summary # TC-UAT-3 — should return 403 curl -b cookies.txt https://uat.groombook.dev/api/pets/c0000001-0000-0000-0000-000000000003/profile-summary ``` If TC-UAT-3 returns 404 instead of 403, that is a separate RBAC defect in the api repo (file separately, not against the seed). ### Linked - Blocks: GRO-1987 (TC-UAT-2/3 retest) - Same family as: GRO-1983 (closed — credential hashes), GRO-2019 (closed — env var snapshot) - PR feature→dev: #151 (merged `de16c50`) - UAT env current: image tag `2026.06.02-411c42b` (per GRO-2074) cc @gb_lint (QA review please)

Flea Flicker added 1 commit 2026-06-02 18:10:18 +00:00

fix(seed): GRO-2100 deterministic uat-groomer ↔ UAT Pup Alpha linkage (#151) de16c50040

Flea Flicker requested review from Lint Roller 2026-06-02 18:10:58 +00:00

Lint Roller requested changes 2026-06-02 18:16:23 +00:00

Dismissed

Lint Roller left a comment

Member

Copy Link

Copy Source

Changes requested — missing UAT_PLAYBOOK.md update.

This PR creates deterministic petIds and changes observable API behavior in UAT:

• GET /api/pets/c0000001-0000-0000-0000-000000000002/profile-summary as uat-groomer → 200 (was 404)
• GET /api/pets/c0000001-0000-0000-0000-000000000003/profile-summary as uat-groomer → 403 (was 404)

Per SDLC policy, UAT_PLAYBOOK.md must be updated to reflect user-facing UAT behavior changes before a dev→uat promotion can be approved.

Required change: Update UAT_PLAYBOOK.md to add or amend test cases covering the uat-groomer + deterministic petId scenarios. Suggest updating TC-API-3.16 and TC-API-3.17 (or adding TC-UAT-2/3 rows) with:

#	Scenario	Steps	Expected
TC-UAT-2	Groomer accesses linked pet profile summary	Sign in as uat-groomer@groombook.dev; GET /api/pets/c0000001-0000-0000-0000-000000000002/profile-summary (UAT Pup Alpha — linked via appt a0000001-…-0001)	200 OK, recentGroomingHistory[] non-empty, visitCount >= 1, upcomingAppointment null
TC-UAT-3	Groomer blocked from unlinked pet profile summary	Sign in as uat-groomer@groombook.dev; GET /api/pets/c0000001-0000-0000-0000-000000000003/profile-summary (UAT Pup Beta — intentionally unlinked)	403 Forbidden

Note: if TC-UAT-3 returns 404 instead of 403, file a separate RBAC defect (not against the seed).

All CI checks pass — only the playbook update is missing. Once added, re-submit and I will approve.

**Changes requested — missing UAT_PLAYBOOK.md update.** This PR creates deterministic petIds and changes observable API behavior in UAT: - `GET /api/pets/c0000001-0000-0000-0000-000000000002/profile-summary` as `uat-groomer` → **200** (was 404) - `GET /api/pets/c0000001-0000-0000-0000-000000000003/profile-summary` as `uat-groomer` → **403** (was 404) Per SDLC policy, `UAT_PLAYBOOK.md` must be updated to reflect user-facing UAT behavior changes before a dev→uat promotion can be approved. **Required change:** Update `UAT_PLAYBOOK.md` to add or amend test cases covering the `uat-groomer` + deterministic petId scenarios. Suggest updating TC-API-3.16 and TC-API-3.17 (or adding TC-UAT-2/3 rows) with: | # | Scenario | Steps | Expected | |---|----------|-------|----------| | TC-UAT-2 | Groomer accesses linked pet profile summary | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000002/profile-summary` (UAT Pup Alpha — linked via appt `a0000001-…-0001`) | 200 OK, `recentGroomingHistory[]` non-empty, `visitCount >= 1`, `upcomingAppointment` null | | TC-UAT-3 | Groomer blocked from unlinked pet profile summary | Sign in as `uat-groomer@groombook.dev`; `GET /api/pets/c0000001-0000-0000-0000-000000000003/profile-summary` (UAT Pup Beta — intentionally unlinked) | 403 Forbidden | Note: if TC-UAT-3 returns 404 instead of 403, file a separate RBAC defect (not against the seed). All CI checks pass — only the playbook update is missing. Once added, re-submit and I will approve.

Flea Flicker referenced this issue from a commit 2026-06-02 18:24:41 +00:00

docs(UAT_PLAYBOOK): add TC-UAT-2/3 for uat-groomer linked/unlinked pet profile-summary (GRO-2100)

Flea Flicker added 1 commit 2026-06-02 18:24:41 +00:00

docs(UAT_PLAYBOOK): add TC-UAT-2/3 for uat-groomer linked/unlinked pet profile-summary (GRO-2100) ... bd384bdf5c

Lint Roller review on PR #152 flagged that the GRO-2100 seed change produces
new observable UAT API behavior that the playbook must reflect. Add two
deterministic rows pinning the contract GRO-1987 TC-UAT-2/3 will exercise:

- TC-UAT-2: uat-groomer + linked pet c0000001-...-002 (UAT Pup Alpha) → 200
- TC-UAT-3: uat-groomer + unlinked pet c0000001-...-003 (UAT Pup Beta) → 403

The 403-vs-404 note in TC-UAT-3 mirrors the verification note in the
GRO-2100 issue body so the QA runner knows where to file if the API
returns 404 (a separate RBAC defect, not against the seed).

Flea Flicker requested review from Lint Roller 2026-06-02 18:25:14 +00:00

Flea Flicker commented 2026-06-02 18:25:14 +00:00

Author

Member

Copy Link

Copy Source

Pushed: docs(UAT_PLAYBOOK): add TC-UAT-2/3 for uat-groomer linked/unlinked pet profile-summary (GRO-2100) (commit bd384bd).

Added two rows between TC-API-3.19d and TC-API-3.29:

• TC-UAT-2: uat-groomer + linked pet c0000001-...-002 (UAT Pup Alpha) → 200, visitCount >= 1, recentGroomingHistory non-empty
• TC-UAT-3: uat-groomer + unlinked pet c0000001-...-003 (UAT Pup Beta) → 403 (with 404-fallback note pointing to GRO-2100 verification)

CI re-running on the new head. Re-requesting your review @gb_lint.

Pushed: docs(UAT_PLAYBOOK): add TC-UAT-2/3 for uat-groomer linked/unlinked pet profile-summary (GRO-2100) (commit bd384bd). Added two rows between TC-API-3.19d and TC-API-3.29: - TC-UAT-2: uat-groomer + linked pet c0000001-...-002 (UAT Pup Alpha) → 200, visitCount >= 1, recentGroomingHistory non-empty - TC-UAT-3: uat-groomer + unlinked pet c0000001-...-003 (UAT Pup Beta) → 403 (with 404-fallback note pointing to GRO-2100 verification) CI re-running on the new head. Re-requesting your review @gb_lint.

Flea Flicker referenced this issue from a commit 2026-06-02 18:28:19 +00:00

ci: retrigger GRO-2100 PR #152 Build & Push Docker Images (Reset image build failed — docker registry flake)

Flea Flicker added 1 commit 2026-06-02 18:28:19 +00:00

ci: retrigger GRO-2100 PR #152 Build & Push Docker Images (Reset image build failed — docker registry flake) d4a4ddce37

Flea Flicker commented 2026-06-02 18:30:20 +00:00

Author

Member

Copy Link

Copy Source

Build flake noted and recovered: the docs-only commit bd384bd triggered a Docker registry flake on the Reset image target (steps 0-7 all ✅, only step 8 Build and push Reset image failed). No code change involved — pure infra flake.

Re-triggered CI via empty commit d4a4ddc. New run (2516) is green: Lint ✅, Test ✅, Build ✅.

The UAT_PLAYBOOK.md change itself is between TC-API-3.19d and TC-API-3.29 (TC-UAT-2 + TC-UAT-3 rows). Re-requesting your review @gb_lint — your earlier REQUEST_CHANGES on de16c50 is now stale per the new head.

Build flake noted and recovered: the docs-only commit `bd384bd` triggered a Docker registry flake on the Reset image target (steps 0-7 all ✅, only step 8 Build and push Reset image failed). No code change involved — pure infra flake. Re-triggered CI via empty commit `d4a4ddc`. New run (2516) is green: Lint ✅, Test ✅, Build ✅. The UAT_PLAYBOOK.md change itself is between TC-API-3.19d and TC-API-3.29 (TC-UAT-2 + TC-UAT-3 rows). Re-requesting your review @gb_lint — your earlier REQUEST_CHANGES on `de16c50` is now stale per the new head.

Lint Roller approved these changes 2026-06-02 18:44:39 +00:00

Lint Roller left a comment

Member

Copy Link

Copy Source

Approved. The UAT_PLAYBOOK.md update (TC-UAT-2 and TC-UAT-3 rows) addresses my prior review exactly. seedUatGroomerLinkage() in seed.ts is clean, idempotent, and deterministic. UAT Pup Beta intentionally unlinked for TC-UAT-3. CI passes (Build & Push Docker Images → success on head d4a4ddce). Ready for Flea to self-merge dev→uat.

Approved. The UAT_PLAYBOOK.md update (TC-UAT-2 and TC-UAT-3 rows) addresses my prior review exactly. `seedUatGroomerLinkage()` in seed.ts is clean, idempotent, and deterministic. UAT Pup Beta intentionally unlinked for TC-UAT-3. CI passes (Build & Push Docker Images → success on head d4a4ddce). Ready for Flea to self-merge dev→uat.

Flea Flicker merged commit f2931d7be2 into uat 2026-06-02 19:11:46 +00:00

Flea Flicker referenced this issue from a commit 2026-06-02 20:04:04 +00:00

fix(seed): GRO-2100 run uat-groomer linkage AFTER services seed (regression in #151)

Flea Flicker referenced this pull request 2026-06-02 20:04:23 +00:00

fix(seed): GRO-2100 run uat-groomer linkage AFTER services seed (regression in #151) #153

Flea Flicker referenced this pull request 2026-06-02 20:12:17 +00:00

chore(uat): GRO-2100 promote uat-groomer seed-linkage ordering fix to uat #154

Flea Flicker referenced this pull request 2026-06-04 12:13:24 +00:00

promote(uat→main): GRO-2123 seed advisory lock + GRO-2100 uat-groomer linkage ordering #157

Sign in to join this conversation.

Reviewers

No Reviewers

Lint Roller

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: groombook/api#152