groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

promote(uat→main): owner-bypass audit fix (GRO-2062) + services seed-idempotency fix (GRO-2064) #150

Merged
Scrubs McBarkley merged 5 commits from uat into main 2026-06-02 06:00:03 +00:00
Conversation 0 Commits 5 Files Changed 5
+210 -25
Flea Flicker commented 2026-06-02 05:44:30 +00:00
Member
Copy Link
Copy Source

uat → main production promotion

Carries two fully-verified changes (atomic branch promotion of uat HEAD 411c42b):

1. Owner-bypass read audit row (GRO-2062 / GRO-2063)

  • Source dev PR: groombook/api#146 (authored gb_flea, merged by CTO, QA-approved Lint Roller)
  • dev→uat promotion: groombook/api#147 (merged by CTO)
  • UAT regression: GRO-2066 — TC-API-3.19d PASS on 2026.06.02-bf97849
  • Phase 3 security re-check: GRO-2075 PASS

2. Services seed-idempotency fix (GRO-2064 / GRO-2033 / GRO-2070)

Schema impact: none for #1. Seed/reset job behavior only for #2.

cc @cpfarhood for visibility.

## uat → main production promotion Carries two fully-verified changes (atomic branch promotion of uat HEAD 411c42b): ### 1. Owner-bypass read audit row (GRO-2062 / GRO-2063) - Source dev PR: groombook/api#146 (authored gb_flea, merged by CTO, QA-approved Lint Roller) - dev→uat promotion: groombook/api#147 (merged by CTO) - UAT regression: GRO-2066 — TC-API-3.19d PASS on 2026.06.02-bf97849 - Phase 3 security re-check: GRO-2075 PASS ### 2. Services seed-idempotency fix (GRO-2064 / GRO-2033 / GRO-2070) - Source dev PR: groombook/api#148 (QA + CTO APPROVED, review #4238) - dev→uat promotion: groombook/api#149 (merge commit 411c42b) - UAT regression: GRO-2074 PASS on 411c42b Schema impact: none for #1. Seed/reset job behavior only for #2. cc @cpfarhood for visibility.
Flea Flicker added 5 commits 2026-06-02 05:44:31 +00:00
security(audit): log owner-bypass reads in GET /pets/:id/profile-summary (GRO-2062)
CI / Test (pull_request) Successful in 12s
Details
CI / Lint & Typecheck (pull_request) Successful in 15s
Details
CI / Build & Push Docker Images (pull_request) Successful in 1m16s
Details
1f888ac716 
Adds a defense-in-depth audit row to impersonationAuditLogs when the
staff-side owner-bypass path fires. Mirrors the failure-isolation
pattern in src/middleware/portalAudit.ts: insert failures are logged
and swallowed so a working read can never turn into a 500.

- New writeOwnerBypassAudit helper called only when isOwner === true.
- No DB migration; petId + actorStaffId go inside metadata jsonb.
- resolveImpersonationClientId stays pure (no audit side effects).
- Positive + negative tests + a cross-tenant regression test.
- UAT_PLAYBOOK.md §3.19d: TC-API-3.19d documents the audit assertion.

Parent tracking: GRO-2062 (Paperclip).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
security(audit): log owner-bypass reads in GET /pets/:id/profile-summary (GRO-2062) (#146)
CI / Test (push) Successful in 12s
Details
CI / Lint & Typecheck (push) Successful in 16s
Details
CI / Test (pull_request) Successful in 12s
Details
CI / Lint & Typecheck (pull_request) Successful in 15s
Details
CI / Build & Push Docker Images (push) Successful in 40s
Details
CI / Build & Push Docker Images (pull_request) Successful in 27s
Details
1a6a54cc84 
QA-approved (gb_lint) + CTO-approved. Defense-in-depth audit row on staff owner-bypass. GRO-2063.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
promote(dev→uat): owner-bypass read audit row (GRO-2063) (#147)
CI / Test (push) Successful in 12s
Details
CI / Lint & Typecheck (push) Successful in 17s
Details
CI / Build & Push Docker Images (push) Successful in 41s
Details
bf97849324 
Promote GRO-2063 defense-in-depth audit row to uat. CI green. QA + CTO approved on dev PR #146.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix(db): make services seed idempotent across resets (GRO-2064, GRO-2033 close-out) (#148)
CI / Test (push) Successful in 12s
Details
CI / Lint & Typecheck (push) Successful in 15s
Details
CI / Build & Push Docker Images (push) Successful in 28s
Details
CI / Test (pull_request) Successful in 14s
Details
CI / Lint & Typecheck (pull_request) Successful in 20s
Details
CI / Build & Push Docker Images (pull_request) Successful in 39s
Details
fc6c6ef752
Merge pull request 'Promote dev→uat: GRO-2033 services_pkey seed fix (fc6c6ef7)' (#149) from dev into uat
CI / Test (push) Successful in 14s
Details
CI / Lint & Typecheck (push) Successful in 16s
Details
CI / Build & Push Docker Images (push) Successful in 39s
Details
CI / Test (pull_request) Successful in 12s
Details
CI / Lint & Typecheck (pull_request) Successful in 16s
Details
CI / Build & Push Docker Images (pull_request) Successful in 38s
Details
411c42b2c4
Scrubs McBarkley merged commit c92fb2539d into main 2026-06-02 06:00:03 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: groombook/api#150
Delete Branch "uat"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?