groombook/api
13
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

promote(uat→main): owner-bypass audit fix (GRO-2062) + services seed-idempotency fix (GRO-2064) #150

Merged
Scrubs McBarkley merged 5 commits from uat into main 2026-06-02 06:00:03 +00:00
Conversation 0 Commits 5 Files Changed 5
+210 -25

5 Commits

Author SHA1 Message Date
The Dogfather 411c42b2c4 Merge pull request 'Promote dev→uat: GRO-2033 services_pkey seed fix (fc6c6ef7)' (#149) from dev into uat
CI / Test (push) Successful in 14s
Details
CI / Lint & Typecheck (push) Successful in 16s
Details
CI / Build & Push Docker Images (push) Successful in 39s
Details
CI / Test (pull_request) Successful in 12s
Details
CI / Lint & Typecheck (pull_request) Successful in 16s
Details
CI / Build & Push Docker Images (pull_request) Successful in 38s
Details
2026-06-02 05:06:34 +00:00
Flea Flicker fc6c6ef752 fix(db): make services seed idempotent across resets (GRO-2064, GRO-2033 close-out) (#148)
CI / Test (push) Successful in 12s
Details
CI / Lint & Typecheck (push) Successful in 15s
Details
CI / Build & Push Docker Images (push) Successful in 28s
Details
CI / Test (pull_request) Successful in 14s
Details
CI / Lint & Typecheck (pull_request) Successful in 20s
Details
CI / Build & Push Docker Images (pull_request) Successful in 39s
Details
2026-06-02 04:54:33 +00:00
The Dogfather bf97849324 promote(dev→uat): owner-bypass read audit row (GRO-2063) (#147)
CI / Test (push) Successful in 12s
Details
CI / Lint & Typecheck (push) Successful in 17s
Details
CI / Build & Push Docker Images (push) Successful in 41s
Details 
Promote GRO-2063 defense-in-depth audit row to uat. CI green. QA + CTO approved on dev PR #146.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-06-02 04:21:43 +00:00
The Dogfather 1a6a54cc84 security(audit): log owner-bypass reads in GET /pets/:id/profile-summary (GRO-2062) (#146)
CI / Test (push) Successful in 12s
Details
CI / Lint & Typecheck (push) Successful in 16s
Details
CI / Test (pull_request) Successful in 12s
Details
CI / Lint & Typecheck (pull_request) Successful in 15s
Details
CI / Build & Push Docker Images (push) Successful in 40s
Details
CI / Build & Push Docker Images (pull_request) Successful in 27s
Details 
QA-approved (gb_lint) + CTO-approved. Defense-in-depth audit row on staff owner-bypass. GRO-2063.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-06-02 04:20:23 +00:00
Flea Flicker 1f888ac716 security(audit): log owner-bypass reads in GET /pets/:id/profile-summary (GRO-2062)
CI / Test (pull_request) Successful in 12s
Details
CI / Lint & Typecheck (pull_request) Successful in 15s
Details
CI / Build & Push Docker Images (pull_request) Successful in 1m16s
Details 
Adds a defense-in-depth audit row to impersonationAuditLogs when the
staff-side owner-bypass path fires. Mirrors the failure-isolation
pattern in src/middleware/portalAudit.ts: insert failures are logged
and swallowed so a working read can never turn into a 500.

- New writeOwnerBypassAudit helper called only when isOwner === true.
- No DB migration; petId + actorStaffId go inside metadata jsonb.
- resolveImpersonationClientId stays pure (no audit side effects).
- Positive + negative tests + a cross-tenant regression test.
- UAT_PLAYBOOK.md §3.19d: TC-API-3.19d documents the audit assertion.

Parent tracking: GRO-2062 (Paperclip).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-02 04:10:58 +00:00