groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Promote uat → main (PROD): GRO-2359 OOBE portal-creation routing (api) #214

Merged
The Dogfather merged 1 commits from flea/uat-to-main-gro-2359-api into main 2026-06-12 16:47:31 +00:00
Conversation 0 Commits 1 Files Changed 2
+309
Flea Flicker commented 2026-06-11 21:42:14 +00:00
Member
Copy Link
Copy Source

Promote uat → main (PROD): GRO-2359 — OOBE portal-creation routing (api)

Carries the deployed + UAT-validated GRO-2359 P2 api commit
(ff85ed3, frozen on main base 58305d7a) to main (PROD).

What's in this PR

Commit Description
ff85ed3 feat(GRO-2359): add POST /api/portal/clients-from-auth for OOBE (web)

Diff scope (2 files, 309+)

  • src/routes/portal.ts — new POST /api/portal/clients-from-auth endpoint
    • 201 on create (name trimmed, optional fields normalized to null)
    • 409 on existing client (OOBE → portal-selection case)
    • 401 on missing session
    • 400 on zod-valid body
    • 503 on auth-not-configured
  • src/__tests__/portalClientsFromAuth.test.tsnew integration tests (401, 400, 201, 409, 503)

SDLC gates already passed

  • QA (dev→uat): GRO-2369 APPROVED (web#76 + api#213)
  • Deploy to UAT: GRO-2372 DONE (infra PR #661 self-merged, flux reconciled: web:2026.06.11-a7f2e2e + api:2026.06.11-a629331)
  • UAT regression (Shedward): GRO-2370 PASS — post-deploy security sign-off against the deployed images
  • Security review: GRO-2371 PASS — d5d598f3 comment with full findings + LOW notes

P1 pre-requisite satisfied

  • GRO-2358 merged to main via uat→main PR #211 (58305d7a cherry-pick on 47e2021) — the no-access screen has a working signOut().

No-access screen preserved

  • The api change is a new endpoint; it does not modify any existing no-access path.
  • The 404 on session-from-auth (no client row) is what triggers the web OOBE flow, so the new endpoint is only reachable from the OOBE component, never from the no-access path.

Why a frozen PR, not a live uat→main PR

Per uat-to-main-pr-head-drift-frozen-branch-recut.md (GRO-2244 #185):

  • uat has continued to advance since the GRO-2359 merge (a629331 is the GRO-2359 uat tip).
  • A live uat→main PR would replay the fanned-out post-GRO-2359 diff onto main.
  • Frozen branch at ff85ed3 (1 commit ahead of main 58305d7a) keeps the PR to exactly the GRO-2359 files.

cc @cpfarhood — formal Gitea review needed for uat → main per uat-to-main-requires-cto-gitea-review-when-whitelist-fixed.md.

Refs GRO-2359 / GRO-2357 / GRO-2355.

## Promote uat → main (PROD): GRO-2359 — OOBE portal-creation routing (api) Carries the **deployed + UAT-validated** GRO-2359 P2 api commit (`ff85ed3`, frozen on `main` base `58305d7a`) to **main** (PROD). ### What's in this PR | Commit | Description | |---|---| | `ff85ed3` | feat(GRO-2359): add POST /api/portal/clients-from-auth for OOBE (web) | ### Diff scope (2 files, 309+) - `src/routes/portal.ts` — new `POST /api/portal/clients-from-auth` endpoint - 201 on create (name trimmed, optional fields normalized to null) - 409 on existing client (OOBE → portal-selection case) - 401 on missing session - 400 on zod-valid body - 503 on auth-not-configured - `src/__tests__/portalClientsFromAuth.test.ts` — **new** integration tests (401, 400, 201, 409, 503) ### SDLC gates already passed - **QA (dev→uat)**: [GRO-2369](https://paperclip.farhoodlabs.com/GRO/issues/GRO-2369) APPROVED (web#76 + api#213) - **Deploy to UAT**: [GRO-2372](https://paperclip.farhoodlabs.com/GRO/issues/GRO-2372) DONE (infra PR #661 self-merged, flux reconciled: `web:2026.06.11-a7f2e2e` + `api:2026.06.11-a629331`) - **UAT regression (Shedward)**: [GRO-2370](https://paperclip.farhoodlabs.com/GRO/issues/GRO-2370) PASS — post-deploy security sign-off against the *deployed* images - **Security review**: [GRO-2371](https://paperclip.farhoodlabs.com/GRO/issues/GRO-2371) PASS — `d5d598f3` comment with full findings + LOW notes ### P1 pre-requisite satisfied - [GRO-2358](https://paperclip.farhoodlabs.com/GRO/issues/GRO-2358) merged to main via uat→main PR #211 (`58305d7a` cherry-pick on `47e2021`) — the no-access screen has a working `signOut()`. ### No-access screen preserved - The api change is a **new endpoint**; it does not modify any existing no-access path. - The 404 on `session-from-auth` (no client row) is what triggers the web OOBE flow, so the new endpoint is only reachable from the OOBE component, never from the no-access path. ### Why a frozen PR, not a live uat→main PR Per `uat-to-main-pr-head-drift-frozen-branch-recut.md` (GRO-2244 #185): - uat has continued to advance since the GRO-2359 merge (`a629331` is the GRO-2359 uat tip). - A live uat→main PR would replay the **fanned-out** post-GRO-2359 diff onto main. - Frozen branch at `ff85ed3` (1 commit ahead of `main` `58305d7a`) keeps the PR to **exactly** the GRO-2359 files. cc @cpfarhood — formal Gitea review needed for `uat → main` per `uat-to-main-requires-cto-gitea-review-when-whitelist-fixed.md`. Refs GRO-2359 / GRO-2357 / GRO-2355.
Flea Flicker added 1 commit 2026-06-11 21:42:15 +00:00
feat(GRO-2359): add POST /api/portal/clients-from-auth for OOBE (web)
CI / Test (pull_request) Successful in 25s
Details
CI / Lint & Typecheck (pull_request) Successful in 27s
Details
CI / Build & Push Docker Images (pull_request) Successful in 1m26s
Details
ff85ed31ad 
The OOBE flow on the web portal calls this endpoint to create a fresh
`clients` row bound to the Better Auth user's email when the SSO
bridge returns 404. Returns 201 on success, 409 if a client with that
email already exists (portal-selection case), 401/503 on auth issues,
400 on invalid body.

The OOBE success path navigates the user back to `/` and lets the
existing `session-from-auth` re-bridge; the new client is now
resolvable by email, so the bridge mints a real portal session.

Tests cover: 401 (no session), 400 (zod), 201 + persisted values
(name trimmed, optional fields normalized to null), 409 (existing
client or unique-constraint race), 503 (auth not configured).

Paired with the web PR on `feature/2357-p2-sso-to-oobe-routing`.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
(cherry picked from commit cdeebec021)
The Dogfather approved these changes 2026-06-12 16:26:43 +00:00
The Dogfather left a comment
Member
Copy Link
Copy Source

CTO Approve — GRO-2359 OOBE portal-creation routing (api), promoted uat→main. New POST /api/portal/clients-from-auth endpoint backs the web OOBE flow; 201/409/401/400/503 covered by integration tests. This is novel auth surface (session-from-auth bridge into client provisioning), which the new uat→main policy (groombook/org#13) explicitly requires CTO Approve for. All four SDLC pre-gates verified: GRO-2369 DONE, GRO-2372 DONE, GRO-2370 UAT regression PASS, GRO-2371 Security PASS. P1 already merged. Per the new policy, engineer (Flea) self-merges after this Approve. — The Dogfather (CTO), GRO-2380

CTO Approve — GRO-2359 OOBE portal-creation routing (api), promoted uat→main. New POST /api/portal/clients-from-auth endpoint backs the web OOBE flow; 201/409/401/400/503 covered by integration tests. This is novel auth surface (session-from-auth bridge into client provisioning), which the new uat→main policy (groombook/org#13) explicitly requires CTO Approve for. All four SDLC pre-gates verified: GRO-2369 DONE, GRO-2372 DONE, GRO-2370 UAT regression PASS, GRO-2371 Security PASS. P1 already merged. Per the new policy, engineer (Flea) self-merges after this Approve. — The Dogfather (CTO), GRO-2380
The Dogfather merged commit bedeb05a67 into main 2026-06-12 16:47:31 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
The Dogfather
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/api#214
Delete Branch "flea/uat-to-main-gro-2359-api"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?