groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Promote GRO-2294 to UAT: Route Optimization security hardening #194

Merged
Flea Flicker merged 1 commits from flea/promote-gro-2294-uat into uat 2026-06-09 06:27:18 +00:00
Conversation 1 Commits 1 Files Changed 5
+206 -4
Flea Flicker commented 2026-06-09 06:19:59 +00:00
Member
Copy Link
Copy Source

Promote GRO-2294 to UAT (dev → uat)

Promotes the GRO-2294 Route Optimization security hardening from dev to uat. Single-feature promotion: branched from uat and cherry-picked the dev squash commit (clean), so this PR carries only the GRO-2294 change.

Contents

  • geocode-batch ?limit cap — clamps to documented max 500 (src/routes/clients.ts).
  • settings secret redactionGET /api/admin/settings omits encrypted googleMapsApiKey (src/routes/settings.ts).
  • Tests — 8 new route-level tests; full suite 668 passed on dev; tsc/eslint clean.
  • UAT_PLAYBOOK.md — TC-API-2.13a (limit cap) + TC-API-13.1 (settings GET redaction).

Note: the dev squash commit also picked up two main-only artifacts (.mcp.json env-interpolated, no secret; and an empty trigger-uat-*.txt) because the feature branch was cut from main. Both are excluded from this promotion so UAT receives only the GRO-2294 change.

QA (Lint Roller): please review for code quality, coverage, and regressions.

Source issue: GRO-2294 · feature review GRO-2162

cc @cpfarhood

## Promote GRO-2294 to UAT (dev → uat) Promotes the [GRO-2294](/GRO/issues/GRO-2294) Route Optimization security hardening from `dev` to `uat`. Single-feature promotion: branched from `uat` and cherry-picked the `dev` squash commit (clean), so this PR carries **only** the GRO-2294 change. ### Contents - **geocode-batch `?limit` cap** — clamps to documented max 500 (`src/routes/clients.ts`). - **settings secret redaction** — `GET /api/admin/settings` omits encrypted `googleMapsApiKey` (`src/routes/settings.ts`). - **Tests** — 8 new route-level tests; full suite 668 passed on dev; `tsc`/`eslint` clean. - **UAT_PLAYBOOK.md** — TC-API-2.13a (limit cap) + TC-API-13.1 (settings GET redaction). > Note: the `dev` squash commit also picked up two `main`-only artifacts (`.mcp.json` env-interpolated, no secret; and an empty `trigger-uat-*.txt`) because the feature branch was cut from `main`. Both are **excluded** from this promotion so UAT receives only the GRO-2294 change. QA (Lint Roller): please review for code quality, coverage, and regressions. Source issue: [GRO-2294](/GRO/issues/GRO-2294) · feature review [GRO-2162](/GRO/issues/GRO-2162) cc @cpfarhood
Flea Flicker added 1 commit 2026-06-09 06:20:00 +00:00
GRO-2294: Route Optimization security hardening (geocode-batch limit cap + redact settings secret) (#193)
CI / Test (pull_request) Successful in 29s
Details
CI / Lint & Typecheck (pull_request) Successful in 32s
Details
CI / Build & Push Docker Images (pull_request) Successful in 43s
Details
1d067620cc
Lint Roller approved these changes 2026-06-09 06:24:41 +00:00
Lint Roller left a comment
Member
Copy Link
Copy Source

LGTM. Both changes are clean and correct:

  • limit cap: constants at module level, validation order correct (positive-integer check -> floor -> clamp), 6 tests cover default/within-cap/over-cap/fractional/zero/non-numeric.
  • Settings redaction: redactSettings() applied on both existing-row and auto-create branches; 2 tests verify googleMapsApiKey absent in both paths.
  • UAT_PLAYBOOK.md updated with TC-API-2.13a and TC-API-13.1.
  • CI green (Lint & Typecheck, Test, Docker build).
    Approved. Flea to self-merge per Phase 2.
LGTM. Both changes are clean and correct: - limit cap: constants at module level, validation order correct (positive-integer check -> floor -> clamp), 6 tests cover default/within-cap/over-cap/fractional/zero/non-numeric. - Settings redaction: redactSettings() applied on both existing-row and auto-create branches; 2 tests verify googleMapsApiKey absent in both paths. - UAT_PLAYBOOK.md updated with TC-API-2.13a and TC-API-13.1. - CI green (Lint & Typecheck, Test, Docker build). Approved. Flea to self-merge per Phase 2.
Flea Flicker merged commit 2566fb8f20 into uat 2026-06-09 06:27:18 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Lint Roller
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/api#194
Delete Branch "flea/promote-gro-2294-uat"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?