fix(GRO-607): Remove unused attachPaymentMethod import from portal

Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix(GRO-607): Stripe Elements payment UI - lint/type fixes
2026-04-13 19:17:28 +00:00 · 2026-04-13 19:17:15 +00:00 · 2026-04-13 19:11:59 +00:00 · 2026-04-13 19:11:59 +00:00 · 2026-04-13 19:11:59 +00:00 · 2026-04-13 19:11:59 +00:00
92 changed files with 6910 additions and 1933 deletions
@@ -7,5 +7,3 @@ apps/web/dist
 apps/api/dist
 packages/db/dist
 packages/types/dist
 .turbo
 screenshots/
@@ -20,8 +20,6 @@ jobs:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: '9.15.4'
      - uses: actions/setup-node@v4
        with:
@@ -44,8 +42,6 @@ jobs:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: '9.15.4'
      - uses: actions/setup-node@v4
        with:
@@ -66,8 +62,6 @@ jobs:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: '9.15.4'
      - uses: actions/setup-node@v4
        with:
@@ -107,8 +101,6 @@ jobs:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: '9.15.4'
      - uses: actions/setup-node@v4
        with:
@@ -246,6 +238,7 @@ jobs:
          echo "Deploying images tagged $TAG to groombook-dev..."
          # Run migration with PR image
          kubectl delete job migrate-schema -n groombook-dev --ignore-not-found
          kubectl delete job "migrate-pr-$PR_NUM" -n groombook-dev --ignore-not-found
          cat <<EOF | kubectl apply -n groombook-dev -f -
          apiVersion: batch/v1
@@ -310,8 +303,6 @@ jobs:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: '9.15.4'
      - uses: actions/setup-node@v4
        with:
@@ -418,17 +409,11 @@ jobs:
          git push -u origin "chore/update-image-tags-${TAG}"
-          # Check if PR already exists for this branch
+          # Create PR and merge immediately (no required checks on groombook/infra)
-          EXISTING_PR=$(gh pr list --repo groombook/infra --head "chore/update-image-tags-${TAG}" --state open --json number -q '.[0].number' || true)
+          PR_URL=$(gh pr create \
-          if [ -n "$EXISTING_PR" ]; then
+            --repo groombook/infra \
-            echo "PR #$EXISTING_PR already exists for this tag, merging existing PR"
+            --base main \
-            gh pr merge "$EXISTING_PR" --repo groombook/infra --merge
+            --head "chore/update-image-tags-${TAG}" \
-          else
+            --title "chore: deploy ${TAG} to dev" \
-            PR_URL=$(gh pr create \
+            --body "[GRO-178](/GRO/issues/GRO-178) — automated image tag update from main merge")
-              --repo groombook/infra \
+          gh pr merge "$PR_URL" --merge
              --base main \
              --head "chore/update-image-tags-${TAG}" \
              --title "chore: deploy ${TAG} to dev" \
              --body "[GRO-178](/GRO/issues/GRO-178) — automated image tag update from main merge")
            gh pr merge "$PR_URL" --merge
          fi
@@ -14,29 +14,7 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: read
    steps:
      - name: Validate tag format
        run: |
          TAG="${{ inputs.tag }}"
          if ! echo "$TAG" | grep -qE '^[0-9]{4}\.[0-9]{2}\.[0-9]{2}-[a-f0-9]{7}$'; then
            echo "::error::Invalid tag format: '$TAG'. Expected format: YYYY.MM.DD-sha7 (e.g. 2026.03.28-f1b85bf)"
            exit 1
          fi
          echo "Tag format valid: $TAG"
      - name: Verify image exists in GHCR
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          TAG="${{ inputs.tag }}"
          # Check that the API image exists — if API was pushed, web/migrate were too
          if ! gh api "/orgs/groombook/packages/container/api/versions" --jq ".[].metadata.container.tags[]" 2>/dev/null | grep -qF "$TAG"; then
            echo "::error::Image ghcr.io/groombook/api:$TAG not found in GHCR. Verify the tag was built and pushed."
            exit 1
          fi
          echo "Image verified: ghcr.io/groombook/api:$TAG exists"
      - name: Generate infra repo token
        id: infra-token
        uses: tibdex/github-app-token@v2
@@ -12,7 +12,6 @@ RUN pnpm install --frozen-lockfile
 # Build
 FROM deps AS builder
 RUN mkdir -p /home/node/.cache/node/corepack
 COPY packages/ packages/
 COPY apps/api/ apps/api/
 RUN pnpm --filter @groombook/types build && \
@@ -35,9 +34,6 @@ COPY --from=builder /app/packages/types/dist packages/types/dist
 RUN pnpm install --frozen-lockfile --prod
 EXPOSE 3000
 RUN apk add --no-cache curl
 HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1
 CMD ["node", "apps/api/dist/index.js"]
 # Migrate stage — runs drizzle-kit migrate against the database
@@ -23,8 +23,7 @@
    "node-cron": "^3.0.3",
    "nodemailer": "^6.9.16",
    "stripe": "^22.0.0",
-    "telnyx": "^1.23.0",
+    "telnyx": "^6.41.0",
    "zod": "^4.3.6"
  },
  "devDependencies": {
@@ -27,14 +27,12 @@ const DISABLED_CLIENT = {
 // ─── Queue-based mock DB ──────────────────────────────────────────────────────
 let selectRows: Record<string, unknown>[] = [];
 let appointmentRows: Record<string, unknown>[] = [];
 let insertedValues: Record<string, unknown>[] = [];
 let updatedValues: Record<string, unknown>[] = [];
 let deletedId: string | null = null;
 function resetMock() {
  selectRows = [];
  appointmentRows = [];
  insertedValues = [];
  updatedValues = [];
  deletedId = null;
@@ -60,19 +58,10 @@ vi.mock("@groombook/db", () => {
    { get: (t, p) => (p === "_name" ? "clients" : { table: "clients", column: p }) }
  );
  const appointments = new Proxy(
    { _name: "appointments" },
    { get: (t, p) => (p === "_name" ? "appointments" : { table: "appointments", column: p }) }
  );
  return {
    getDb: () => ({
      select: () => ({
-        from: (table: unknown) => {
+        from: () => makeChainable(selectRows),
          const tableName = (table as { _name?: string })._name;
          const rows = tableName === "appointments" ? appointmentRows : selectRows;
          return makeChainable(rows);
        },
      }),
      insert: () => ({
        values: (vals: Record<string, unknown>) => {
@@ -106,10 +95,8 @@ vi.mock("@groombook/db", () => {
      }),
    }),
    clients,
    appointments,
    eq: vi.fn(),
    and: vi.fn(),
    or: vi.fn(),
  };
 });
@@ -195,11 +182,10 @@ describe("POST /clients", () => {
    expect(insertedValues[0]!.name).toBe("Charlie");
  });
-  it("creates a client with name and email", async () => {
+  it("creates a client with only required name field", async () => {
-    const res = await jsonRequest("POST", "/clients", { name: "Dana", email: "dana@example.com" });
+    const res = await jsonRequest("POST", "/clients", { name: "Dana" });
    expect(res.status).toBe(201);
    expect(insertedValues[0]!.name).toBe("Dana");
    expect(insertedValues[0]!.email).toBe("dana@example.com");
  });
  it("rejects empty name", async () => {
@@ -68,7 +68,6 @@ vi.mock("@groombook/db", () => {
    }),
    appointments,
    eq: () => ({}),
    and: (..._clauses: unknown[]) => ({}),
  };
 });
@@ -78,7 +78,6 @@ vi.mock("@groombook/db", () => {
    }),
    staff,
    eq: vi.fn((_col: unknown, _val: unknown) => ({ col: _col, val: _val })),
    and: vi.fn((..._clauses: unknown[]) => ({})),
  };
 });
@@ -363,7 +362,7 @@ describe("requireRoleOrSuperUser", () => {
    const res = await app.request("/test");
    expect(res.status).toBe(403);
    const body = await res.json();
-    expect(body.error).toMatch(/role.*not permitted/i);
+    expect(body.error).toMatch(/super user privileges required/i);
  });
  it("blocks a non-super-user groomer from manager-only routes", async () => {
@@ -371,7 +370,7 @@ describe("requireRoleOrSuperUser", () => {
    const res = await app.request("/test");
    expect(res.status).toBe(403);
    const body = await res.json();
-    expect(body.error).toMatch(/role.*not permitted/i);
+    expect(body.error).toMatch(/super user privileges required/i);
  });
  it("allows a manager with multiple allowed roles", async () => {
@@ -28,31 +28,15 @@ import { resolveStaffMiddleware, requireRole, requireRoleOrSuperUser, requireSup
 import { devRouter } from "./routes/dev.js";
 import { adminSeedRouter } from "./routes/admin/seed.js";
 import { startReminderScheduler } from "./services/reminders.js";
 import { webhooksRouter } from "./routes/stripe-webhooks.js";
 const app = new Hono();
 // Global middleware
 const TRUSTED_ORIGINS = (process.env.CORS_ORIGIN ?? "http://localhost:5173")
  .split(",")
  .map((o) => o.trim());
 const ALLOWED_ORIGIN = process.env.CORS_ORIGIN ?? "http://localhost:5173";
 app.use("*", logger());
 app.use(
  "/api/*",
  cors({
-    origin: (origin, ctx) => {
+    origin: process.env.CORS_ORIGIN ?? "http://localhost:5173",
      if (!origin) {
        return ALLOWED_ORIGIN;
      }
      if (TRUSTED_ORIGINS.includes(origin)) {
        return origin;
      }
      ctx.status(403);
      return null;
    },
    credentials: true,
  })
 );
@@ -66,9 +50,6 @@ app.route("/api/book", bookRouter);
 // Public portal routes — client-facing, authenticated via impersonation session header
 app.route("/api/portal", portalRouter);
 // Public Stripe webhook endpoint — signature-verified, no auth required
 app.route("/api/webhooks/stripe", webhooksRouter);
 // Dev/demo routes — config is always public, users endpoint is guarded internally
 app.route("/api/dev", devRouter);
@@ -202,24 +183,9 @@ api.route("/search", searchRouter);
 const port = Number(process.env.PORT ?? 3000);
 await initAuth();
 console.log(`API server listening on port ${port}`);
-const server = serve({ fetch: app.fetch, port });
+serve({ fetch: app.fetch, port });
 // Start background reminder scheduler (runs every minute to check for upcoming appointments)
 startReminderScheduler();
 function shutdown() {
  console.log("Shutting down gracefully...");
  server.close(() => {
    console.log("HTTP server closed");
    process.exit(0);
  });
  setTimeout(() => {
    console.error("Forced shutdown after timeout");
    process.exit(1);
  }, 10_000);
 }
 process.on("SIGTERM", shutdown);
 process.on("SIGINT", shutdown);
 export default app;
@@ -89,7 +89,7 @@ export async function initAuth(): Promise<void> {
      console.warn("[auth] AUTH_DISABLED=true — building placeholder auth instance");
      authInstance = betterAuth({
        database: drizzleAdapter(getDb(), { provider: "pg" }),
-        secret: BETTER_AUTH_SECRET!,
+        secret: BETTER_AUTH_SECRET ?? "placeholder-secret-do-not-use-in-prod",
        baseURL: BETTER_AUTH_URL,
        rateLimit: {
          enabled: true,
@@ -177,9 +177,9 @@ export async function initAuth(): Promise<void> {
    const hasGoogle = !!(process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET);
    const hasGitHub = !!(process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET);
-    const issuerUrlObj = new URL(providerConfig.issuerUrl);
+    // Fetch OIDC discovery document to derive canonical provider URLs.
-    const issuerHostname = issuerUrlObj.hostname;
+    // Replace the host of token/userinfo endpoints with internalBaseUrl when set,
-
+    // while keeping authorizationUrl public for browser redirects.
    const discoveryUrlStr = `${providerConfig.issuerUrl}/.well-known/openid-configuration`;
    let oidcConfig: Record<string, string> = {};
    try {
@@ -203,14 +203,6 @@ export async function initAuth(): Promise<void> {
        const tokenUrl = discovery.token_endpoint;
        const userInfoUrl = discovery.userinfo_endpoint;
        if (authzUrl && tokenUrl && userInfoUrl) {
          const authzUrlObj = new URL(authzUrl);
          // Only validate authorizationUrl hostname against issuer — token/userinfo
          // may legitimately use internal hostnames (OIDC_INTERNAL_BASE) for server-to-server calls.
          if (authzUrlObj.hostname !== issuerHostname) {
            throw new Error(
              `[FATAL] OIDC discovery URL hostname mismatch: expected '${issuerHostname}' but got '${authzUrlObj.hostname}'. This may indicate a man-in-the-middle attack.`
            );
          }
          oidcConfig = {
            authorizationUrl: authzUrl,
            tokenUrl: providerConfig.internalBaseUrl
@@ -1,45 +0,0 @@
 import type { MiddlewareHandler } from "hono";
 import { getDb, impersonationAuditLogs } from "@groombook/db";
 import type { PortalEnv } from "./portalSession.js";
 /**
 * Server-side audit logging middleware for portal routes.
 * Applied after validatePortalSession in the middleware chain.
 *
 * After the route handler completes (await next()), inserts an audit log entry
 * into impersonationAuditLogs:
 *   - sessionId: from c.get("portalSessionId")
 *   - action: "{METHOD} {routePath}" (e.g., "GET /portal/appointments")
 *   - pageVisited: c.req.path
 *   - metadata: { method, statusCode: c.res.status }
 *
 * Log entries are written for both success and error responses.
 * Does NOT throw if audit logging fails — errors are logged but the user's
 * request is not affected.
 */
 export const portalAudit: MiddlewareHandler<PortalEnv> = async (c, next) => {
  await next();
  const sessionId = c.get("portalSessionId");
  if (!sessionId) return;
  const method = c.req.method;
  const routePath = c.req.path;
  const pageVisited = c.req.path;
  const statusCode = c.res.status;
  try {
    const db = getDb();
    await db
      .insert(impersonationAuditLogs)
      .values({
        sessionId,
        action: `${method} ${routePath}`,
        pageVisited,
        metadata: { method, statusCode },
      })
      .returning();
  } catch (err) {
    console.error("[portalAudit] Failed to write audit log:", err);
  }
 };
@@ -1,40 +0,0 @@
 import type { MiddlewareHandler } from "hono";
 import { and, eq, getDb, impersonationSessions } from "@groombook/db";
 export interface PortalEnv {
  Variables: {
    portalClientId: string;
    portalSessionId: string;
  };
 }
 /**
 * Validates the X-Impersonation-Session-Id header against the impersonationSessions table.
 * Must be applied to all portal routes.
 *
 * Reads x-session-id from request headers, queries impersonationSessions for a row where
 * id = sessionId AND status = 'active', and checks session.expiresAt > new Date().
 * Returns 401 if session is invalid/missing/expired.
 * On success, sets c.set("portalClientId", session.clientId) and c.set("portalSessionId", session.id).
 */
 export const validatePortalSession: MiddlewareHandler<PortalEnv> = async (c, next) => {
  const sessionId = c.req.header("X-Impersonation-Session-Id");
  if (!sessionId) {
    return c.json({ error: "Unauthorized" }, 401);
  }
  const db = getDb();
  const [session] = await db
    .select()
    .from(impersonationSessions)
    .where(and(eq(impersonationSessions.id, sessionId), eq(impersonationSessions.status, "active")))
    .limit(1);
  if (!session || session.expiresAt <= new Date()) {
    return c.json({ error: "Unauthorized" }, 401);
  }
  c.set("portalClientId", session.clientId);
  c.set("portalSessionId", session.id);
  await next();
 };
@@ -1,5 +1,5 @@
 import type { MiddlewareHandler } from "hono";
-import { and, eq, getDb, sql, staff } from "@groombook/db";
+import { eq, getDb, staff } from "@groombook/db";
 export type StaffRole = "groomer" | "receptionist" | "manager";
 export type StaffRow = typeof staff.$inferSelect;
@@ -89,31 +89,14 @@ export const resolveStaffMiddleware: MiddlewareHandler<AppEnv> = async (
    .select()
    .from(staff)
    .where(eq(staff.oidcSub, jwt.sub));
-  if (fallbackRow) {
+  if (!fallbackRow) {
-    c.set("staff", fallbackRow);
+    return c.json(
-    await next();
+      { error: "Forbidden: no staff record found for authenticated user" },
-    return;
+      403
    );
  }
-  // Auto-link by email: staff record exists with matching email but no userId
+  c.set("staff", fallbackRow);
-  if (jwt.email) {
+  await next();
    const [byEmail] = await db
      .select()
      .from(staff)
      .where(and(eq(staff.email, jwt.email), sql`${staff.userId} IS NULL`));
    if (byEmail) {
      await db
        .update(staff)
        .set({ userId: jwt.sub, updatedAt: new Date() })
        .where(eq(staff.id, byEmail.id));
      c.set("staff", { ...byEmail, userId: jwt.sub });
      await next();
      return;
    }
  }
  return c.json(
    { error: "Forbidden: no staff record found for authenticated user" },
    403
  );
 };
 /**
@@ -166,9 +149,9 @@ export function requireRoleOrSuperUser(
    }
    return c.json(
      {
-        error: hasAllowedRole
+        error: staffRow.isSuperUser
-          ? "Forbidden: super user privileges required"
+          ? `Forbidden: role '${staffRow.role}' is not permitted`
-          : `Forbidden: role '${staffRow.role}' is not permitted`,
+          : "Forbidden: super user privileges required",
      },
      403
    );
@@ -0,0 +1,51 @@
 import { Hono } from "hono";
 import { getDb, businessSettings, reminderLogs, eq, sql, and, gte, lt } from "@groombook/db";
 import { requireRole } from "../middleware/rbac.js";
 import { createSmsProvider } from "../services/sms.js";
 export const adminSmsRouter = new Hono();
 adminSmsRouter.get("/status", requireManager(), async (c) => {
  const db = getDb();
  const [settings] = await db.select().from(businessSettings).limit(1);
  const provider = createSmsProvider();
  const smsEnabled = process.env.SMS_ENABLED === "true";
  const providerName = process.env.SMS_PROVIDER ?? "none";
  const fromNumber = process.env.TELNYX_FROM_NUMBER ?? null;
  const connectionStatus = provider ? "connected" : "disconnected";
  const now = new Date();
  const startOfMonth = new Date(now.getFullYear(), now.getMonth(), 1);
  const statsRows = await db
    .select({
      status: reminderLogs.deliveryStatus,
      count: sql<number>`count(*)::int`,
    })
    .from(reminderLogs)
    .where(
      and(
        eq(reminderLogs.channel, "sms"),
        gte(reminderLogs.sentAt, startOfMonth)
      )
    )
    .groupBy(reminderLogs.deliveryStatus);
  const totals = { sent: 0, delivered: 0, failed: 0 };
  for (const row of statsRows) {
    if (row.status === "delivered") totals.delivered = row.count;
    else if (row.status === "failed") totals.failed = row.count;
    else totals.sent += row.count;
  }
  return c.json({
    providerName,
    fromNumber,
    connectionStatus,
    smsEnabled,
    businessSmsEnabled: settings?.smsEnabled ?? false,
    stats: totals,
  });
 });
@@ -16,9 +16,8 @@ import {
  services,
  staff,
 } from "@groombook/db";
 import type { AppEnv } from "../middleware/rbac.js";
-export const appointmentGroupsRouter = new Hono<AppEnv>();
+export const appointmentGroupsRouter = new Hono();
 // ─── Schemas ──────────────────────────────────────────────────────────────────
@@ -50,8 +49,6 @@ appointmentGroupsRouter.get("/", async (c) => {
  const clientId = c.req.query("clientId");
  const from = c.req.query("from");
  const to = c.req.query("to");
  const staffRow = c.get("staff");
  const isGroomer = staffRow?.role === "groomer";
  const groupConditions = clientId
    ? [eq(appointmentGroups.clientId, clientId)]
@@ -91,16 +88,6 @@ appointmentGroupsRouter.get("/", async (c) => {
    }))
    .filter((g) => !from || g.appointments.length > 0);
  if (isGroomer) {
    return c.json(
      result.filter((g) =>
        g.appointments.some(
          (a) => a.staffId === staffRow.id || a.batherStaffId === staffRow.id
        )
      )
    );
  }
  return c.json(result);
 });
@@ -109,8 +96,6 @@ appointmentGroupsRouter.get("/", async (c) => {
 appointmentGroupsRouter.get("/:id", async (c) => {
  const db = getDb();
  const id = c.req.param("id");
  const staffRow = c.get("staff");
  const isGroomer = staffRow?.role === "groomer";
  const [group] = await db
    .select()
@@ -126,7 +111,6 @@ appointmentGroupsRouter.get("/:id", async (c) => {
      serviceId: appointments.serviceId,
      serviceName: services.name,
      staffId: appointments.staffId,
      batherStaffId: appointments.batherStaffId,
      staffName: staff.name,
      status: appointments.status,
      startTime: appointments.startTime,
@@ -141,15 +125,6 @@ appointmentGroupsRouter.get("/:id", async (c) => {
    .where(eq(appointments.groupId, id))
    .orderBy(appointments.startTime);
  if (
    isGroomer &&
    !groupAppts.some(
      (a) => a.staffId === staffRow.id || a.batherStaffId === staffRow.id
    )
  ) {
    return c.json({ error: "Forbidden" }, 403);
  }
  const [client] = await db
    .select({ name: clients.name, email: clients.email })
    .from(clients)
@@ -165,13 +140,6 @@ appointmentGroupsRouter.post(
  zValidator("json", createGroupSchema),
  async (c) => {
    const db = getDb();
    const staffRow = c.get("staff");
    if (staffRow?.role === "groomer") {
      return c.json(
        { error: "Forbidden: groomers cannot create group bookings" },
        403
      );
    }
    const body = c.req.valid("json");
    const startTime = new Date(body.startTime);
@@ -276,28 +244,6 @@ appointmentGroupsRouter.patch(
    const db = getDb();
    const id = c.req.param("id");
    const body = c.req.valid("json");
    const staffRow = c.get("staff");
    const isGroomer = staffRow?.role === "groomer";
    const [group] = await db
      .select({ id: appointmentGroups.id })
      .from(appointmentGroups)
      .where(eq(appointmentGroups.id, id));
    if (!group) return c.json({ error: "Not found" }, 404);
    if (isGroomer) {
      const groupAppts = await db
        .select({ staffId: appointments.staffId, batherStaffId: appointments.batherStaffId })
        .from(appointments)
        .where(eq(appointments.groupId, id));
      if (
        !groupAppts.some(
          (a) => a.staffId === staffRow.id || a.batherStaffId === staffRow.id
        )
      ) {
        return c.json({ error: "Forbidden" }, 403);
      }
    }
    const [updated] = await db
      .update(appointmentGroups)
@@ -315,8 +261,6 @@ appointmentGroupsRouter.patch(
 appointmentGroupsRouter.delete("/:id", async (c) => {
  const db = getDb();
  const id = c.req.param("id");
  const staffRow = c.get("staff");
  const isGroomer = staffRow?.role === "groomer";
  const [group] = await db
    .select({ id: appointmentGroups.id })
@@ -324,20 +268,6 @@ appointmentGroupsRouter.delete("/:id", async (c) => {
    .where(eq(appointmentGroups.id, id));
  if (!group) return c.json({ error: "Not found" }, 404);
  if (isGroomer) {
    const groupAppts = await db
      .select({ staffId: appointments.staffId, batherStaffId: appointments.batherStaffId })
      .from(appointments)
      .where(eq(appointments.groupId, id));
    if (
      !groupAppts.some(
        (a) => a.staffId === staffRow.id || a.batherStaffId === staffRow.id
      )
    ) {
      return c.json({ error: "Forbidden" }, 403);
    }
  }
  await db
    .update(appointments)
    .set({ status: "cancelled", updatedAt: new Date() })
@@ -23,27 +23,6 @@ import { buildConfirmationEmail, sendEmail } from "../services/email.js";
 import { notifyWaitlistForAppointment } from "../services/waitlistNotify.js";
 import type { AppEnv } from "../middleware/rbac.js";
 async function withRetry<T>(
  fn: () => Promise<T>,
  maxRetries: number,
  delayMs: number,
  context: string
 ): Promise<void> {
  let lastError: unknown;
  for (let attempt = 0; attempt <= maxRetries; attempt++) {
    try {
      await fn();
      return;
    } catch (err) {
      lastError = err;
      if (attempt < maxRetries) {
        await new Promise((resolve) => setTimeout(resolve, delayMs));
      }
    }
  }
  console.error(`[appointments] ${context}: ${lastError}`);
 }
 export const appointmentsRouter = new Hono<AppEnv>();
 const createAppointmentSchema = z.object({
@@ -62,10 +41,6 @@ const createAppointmentSchema = z.object({
      frequencyWeeks: z.number().int().min(1).max(52),
      count: z.number().int().min(2).max(52),
    })
    .refine(
      (r) => r.frequencyWeeks * r.count <= 52,
      { message: "Recurrence series must not exceed 1 year" }
    )
    .optional(),
 });
@@ -188,28 +163,6 @@ appointmentsRouter.post(
          }
        }
        if (apptFields.batherStaffId) {
          const bathConflicts = await tx
            .select({ id: appointments.id })
            .from(appointments)
            .where(
              and(
                or(
                  eq(appointments.staffId, apptFields.batherStaffId),
                  eq(appointments.batherStaffId, apptFields.batherStaffId)
                ),
                lt(appointments.startTime, end),
                gte(appointments.endTime, start),
                ne(appointments.status, "cancelled"),
                ne(appointments.status, "no_show"),
              )
            )
            .limit(1);
          if (bathConflicts.length > 0) {
            throw Object.assign(new Error("conflict"), { statusCode: 409 });
          }
        }
        if (!recurrence) {
          // Single appointment
          const [inserted] = await tx
@@ -233,54 +186,11 @@ appointmentsRouter.post(
          recurrence.frequencyWeeks * 7 * 24 * 60 * 60 * 1000;
        let first: typeof appointments.$inferSelect | undefined;
        const conflictingInstances: number[] = [];
        for (let i = 0; i < recurrence.count; i++) {
          const instanceStart = new Date(start.getTime() + i * intervalMs);
          const instanceEnd = new Date(
            instanceStart.getTime() + durationMs
          );
          if (apptFields.staffId) {
            const conflicts = await tx
              .select({ id: appointments.id })
              .from(appointments)
              .where(
                and(
                  eq(appointments.staffId, apptFields.staffId),
                  lt(appointments.startTime, instanceEnd),
                  gte(appointments.endTime, instanceStart),
                  ne(appointments.status, "cancelled"),
                  ne(appointments.status, "no_show"),
                )
              )
              .limit(1);
            if (conflicts.length > 0) {
              conflictingInstances.push(i);
            }
          }
          if (apptFields.batherStaffId) {
            const conflicts = await tx
              .select({ id: appointments.id })
              .from(appointments)
              .where(
                and(
                  or(
                    eq(appointments.staffId, apptFields.batherStaffId),
                    eq(appointments.batherStaffId, apptFields.batherStaffId)
                  ),
                  lt(appointments.startTime, instanceEnd),
                  gte(appointments.endTime, instanceStart),
                  ne(appointments.status, "cancelled"),
                  ne(appointments.status, "no_show"),
                )
              )
              .limit(1);
            if (conflicts.length > 0) {
              conflictingInstances.push(i);
            }
          }
          const [inserted] = await tx
            .insert(appointments)
            .values({
@@ -291,19 +201,9 @@ appointmentsRouter.post(
              seriesIndex: i,
            })
            .returning();
          if (!inserted) throw new Error(`Insert failed for occurrence ${i}`);
          if (i === 0) first = inserted;
        }
        if (conflictingInstances.length > 0) {
          throw Object.assign(
            new Error(
              `Conflicts detected at occurrence(s): ${conflictingInstances.join(", ")}`
            ),
            { statusCode: 409 }
          );
        }
        if (!first) throw new Error("No appointments created");
        return first;
      });
@@ -321,12 +221,9 @@ appointmentsRouter.post(
    }
    // Send confirmation email (fire-and-forget — never fails the request)
-    withRetry(
+    sendConfirmationEmail(db, firstRow).catch((err) => {
-      () => sendConfirmationEmail(db, firstRow),
+      console.error("[appointments] Failed to send confirmation email:", err);
-      2,
+    });
      1000,
      `Failed to send confirmation email for appointment ${firstRow.id}`
    );
    return c.json(firstRow, 201);
  }
@@ -338,35 +235,44 @@ async function sendConfirmationEmail(
  db: ReturnType<typeof getDb>,
  appt: typeof appointments.$inferSelect
 ): Promise<void> {
-  const [row] = await db
+  const [client] = await db
-    .select({
+    .select({ name: clients.name, email: clients.email, emailOptOut: clients.emailOptOut })
-      clientName: clients.name,
+    .from(clients)
-      clientEmail: clients.email,
+    .where(eq(clients.id, appt.clientId))
      clientEmailOptOut: clients.emailOptOut,
      petName: pets.name,
      serviceName: services.name,
      groomerName: staff.name,
    })
    .from(appointments)
    .innerJoin(clients, eq(clients.id, appointments.clientId))
    .innerJoin(pets, eq(pets.id, appointments.petId))
    .innerJoin(services, eq(services.id, appointments.serviceId))
    .leftJoin(staff, eq(staff.id, appointments.staffId))
    .where(eq(appointments.id, appt.id))
    .limit(1);
-  if (!row) return;
+  if (!client || !client.email || client.emailOptOut) return;
  const { clientName, clientEmail, clientEmailOptOut, petName, serviceName, groomerName } = row;
-  if (!clientEmail || clientEmailOptOut) return;
+  const [pet] = await db
-  if (!petName || !serviceName) return;
+    .select({ name: pets.name })
    .from(pets)
    .where(eq(pets.id, appt.petId))
    .limit(1);
  const [service] = await db
    .select({ name: services.name })
    .from(services)
    .where(eq(services.id, appt.serviceId))
    .limit(1);
  let groomerName: string | null = null;
  if (appt.staffId) {
    const [groomer] = await db
      .select({ name: staff.name })
      .from(staff)
      .where(eq(staff.id, appt.staffId))
      .limit(1);
    groomerName = groomer?.name ?? null;
  }
  if (!pet || !service) return;
  const sent = await sendEmail(
-    buildConfirmationEmail(clientEmail, {
+    buildConfirmationEmail(client.email, {
-      clientName,
+      clientName: client.name,
-      petName,
+      petName: pet.name,
-      serviceName,
+      serviceName: service.name,
-      groomerName: groomerName ?? null,
+      groomerName,
      startTime: appt.startTime,
    })
  );
@@ -446,76 +352,6 @@ appointmentsRouter.patch(
          let firstUpdated: typeof appointments.$inferSelect | undefined;
          for (const appt of affected) {
            const newStart =
              startDeltaMs !== 0
                ? new Date(appt.startTime.getTime() + startDeltaMs)
                : appt.startTime;
            const newEnd =
              endDeltaMs !== 0
                ? new Date(appt.endTime.getTime() + endDeltaMs)
                : appt.endTime;
            const newStaffId =
              updateFields.staffId !== undefined
                ? updateFields.staffId
                : appt.staffId;
            const newBatherStaffId =
              updateFields.batherStaffId !== undefined
                ? updateFields.batherStaffId
                : appt.batherStaffId;
            if (
              newStaffId &&
              (startDeltaMs !== 0 ||
                endDeltaMs !== 0 ||
                updateFields.staffId !== undefined)
            ) {
              const conflicts = await tx
                .select({ id: appointments.id })
                .from(appointments)
                .where(
                  and(
                    eq(appointments.staffId, newStaffId),
                    lt(appointments.startTime, newEnd),
                    gte(appointments.endTime, newStart),
                    ne(appointments.status, "cancelled"),
                    ne(appointments.status, "no_show"),
                    ne(appointments.id, appt.id),
                  )
                )
                .limit(1);
              if (conflicts.length > 0) {
                throw Object.assign(new Error("conflict"), { statusCode: 409 });
              }
            }
            if (
              newBatherStaffId &&
              (startDeltaMs !== 0 ||
                endDeltaMs !== 0 ||
                updateFields.batherStaffId !== undefined)
            ) {
              const conflicts = await tx
                .select({ id: appointments.id })
                .from(appointments)
                .where(
                  and(
                    or(
                      eq(appointments.staffId, newBatherStaffId),
                      eq(appointments.batherStaffId, newBatherStaffId)
                    ),
                    lt(appointments.startTime, newEnd),
                    gte(appointments.endTime, newStart),
                    ne(appointments.status, "cancelled"),
                    ne(appointments.status, "no_show"),
                    ne(appointments.id, appt.id),
                  )
                )
                .limit(1);
              if (conflicts.length > 0) {
                throw Object.assign(new Error("conflict"), { statusCode: 409 });
              }
            }
            const apptUpdate: Record<string, unknown> = {
              updatedAt: new Date(),
            };
@@ -551,13 +387,6 @@ appointmentsRouter.patch(
        if (statusCode === 404) return c.json({ error: "Not found" }, 404);
        if (statusCode === 422)
          return c.json({ error: "endTime must be after startTime" }, 422);
        if (statusCode === 409)
          return c.json(
            {
              error: "Staff member has a conflicting appointment at this time",
            },
            409
          );
        throw err;
      }
@@ -569,8 +398,7 @@ appointmentsRouter.patch(
    const needsConflictCheck =
      updateFields.startTime !== undefined ||
      updateFields.endTime !== undefined ||
-      updateFields.staffId !== undefined ||
+      updateFields.staffId !== undefined;
      updateFields.batherStaffId !== undefined;
    const update: Record<string, unknown> = {
      ...updateFields,
@@ -606,11 +434,6 @@ appointmentsRouter.patch(
            updateFields.staffId !== undefined
              ? updateFields.staffId
              : current.staffId;
          // Use provided batherStaffId (may be null to unassign); fall back to existing
          const batherStaffId =
            updateFields.batherStaffId !== undefined
              ? updateFields.batherStaffId
              : current.batherStaffId;
          if (end <= start) {
            throw Object.assign(new Error("end before start"), {
@@ -638,29 +461,6 @@ appointmentsRouter.patch(
            }
          }
          if (batherStaffId) {
            const bathConflicts = await tx
              .select({ id: appointments.id })
              .from(appointments)
              .where(
                and(
                  or(
                    eq(appointments.staffId, batherStaffId),
                    eq(appointments.batherStaffId, batherStaffId)
                  ),
                  lt(appointments.startTime, end),
                  gte(appointments.endTime, start),
                  ne(appointments.status, "cancelled"),
                  ne(appointments.status, "no_show"),
                  ne(appointments.id, id),
                )
              )
              .limit(1);
            if (bathConflicts.length > 0) {
              throw Object.assign(new Error("conflict"), { statusCode: 409 });
            }
          }
          const [updated] = await tx
            .update(appointments)
            .set(update)
@@ -735,12 +535,9 @@ appointmentsRouter.delete("/:id", async (c) => {
    const apptDate = current.startTime.toISOString().slice(0, 10);
    const apptTime = current.startTime.toLocaleTimeString("en-US", { hour: "2-digit", minute: "2-digit", hour12: true });
-    withRetry(
+    notifyWaitlistForAppointment(id, apptDate, apptTime, current.serviceId).catch((err) => {
-      () => notifyWaitlistForAppointment(id, apptDate, apptTime, current.serviceId),
+      console.error("[appointments] Failed to notify waitlist:", err);
-      2,
+    });
      1000,
      `Failed to notify waitlist for appointment ${id}`
    );
    return c.json({ ok: true });
  }
@@ -763,12 +560,9 @@ appointmentsRouter.delete("/:id", async (c) => {
    .returning();
  if (!row) return c.json({ error: "Not found" }, 404);
-  withRetry(
+  notifyWaitlistForAppointment(id, apptDate, apptTime, current.serviceId).catch((err) => {
-    () => notifyWaitlistForAppointment(id, apptDate, apptTime, current.serviceId),
+    console.error("[appointments] Failed to notify waitlist:", err);
-    2,
+  });
    1000,
    `Failed to notify waitlist for appointment ${id}`
  );
  return c.json({ ok: true });
 });
@@ -102,10 +102,7 @@ bookRouter.get("/availability", async (c) => {
 const bookingSchema = z.object({
  serviceId: z.string().uuid(),
-  startTime: z.string().datetime().refine(
+  startTime: z.string().datetime(),
    (dt) => new Date(dt) > new Date(),
    { message: "Appointment must be in the future" }
  ),
  clientName: z.string().min(1).max(200),
  clientEmail: z.string().email(),
  clientPhone: z.string().max(50).optional(),
@@ -268,36 +265,29 @@ bookRouter.get("/confirm/:token", async (c) => {
    return c.redirect(`${BASE_URL()}/booking/error`);
  }
  // Reject if appointment is in the past
  if (appt.startTime < new Date()) {
    return c.redirect(`${BASE_URL()}/booking/error`);
  }
  // Idempotent confirm: if already confirmed, redirect to success
  if (appt.confirmationStatus === "confirmed") {
    return c.redirect(`${BASE_URL()}/booking/confirmed`);
  }
  // Reject if already cancelled
  if (appt.confirmationStatus === "cancelled") {
    return c.redirect(`${BASE_URL()}/booking/error`);
  }
-  const updated = await db
+  await db
    .update(appointments)
    .set({
      confirmationStatus: "confirmed",
      confirmedAt: new Date(),
      updatedAt: new Date(),
    })
-    .where(
+    .where(eq(appointments.id, appt.id));
      and(
        eq(appointments.confirmationToken, token),
        eq(appointments.confirmationStatus, "pending")
      )
    )
    .returning();
  if (updated.length === 0) {
    return c.redirect(`${BASE_URL()}/booking/error`);
  }
  return c.redirect(`${BASE_URL()}/booking/confirmed`);
 });
@@ -319,15 +309,19 @@ bookRouter.get("/cancel/:token", async (c) => {
    return c.redirect(`${BASE_URL()}/booking/error`);
  }
  // Reject if appointment is in the past
  if (appt.startTime < new Date()) {
    return c.redirect(`${BASE_URL()}/booking/error`);
  }
  // Reject if already cancelled (token was nullified — this path won't normally hit,
  // but guard against edge cases where token lookup still works)
  if (appt.confirmationStatus === "cancelled") {
    return c.redirect(`${BASE_URL()}/booking/error`);
  }
-  const updated = await db
+  // Single-use cancellation: nullify token after use
  await db
    .update(appointments)
    .set({
      confirmationStatus: "cancelled",
@@ -335,17 +329,7 @@ bookRouter.get("/cancel/:token", async (c) => {
      confirmationToken: null,
      updatedAt: new Date(),
    })
-    .where(
+    .where(eq(appointments.id, appt.id));
      and(
        eq(appointments.confirmationToken, token),
        eq(appointments.confirmationStatus, "pending")
      )
    )
    .returning();
  if (updated.length === 0) {
    return c.redirect(`${BASE_URL()}/booking/error`);
  }
  return c.redirect(`${BASE_URL()}/booking/cancelled`);
 });
@@ -1,5 +1,5 @@
 import { Hono } from "hono";
-import { randomBytes, timingSafeEqual } from "node:crypto";
+import { randomBytes } from "node:crypto";
 import {
  and,
  eq,
@@ -84,18 +84,7 @@ calendarRouter.get("/:staffId.ics", async (c) => {
    .where(eq(staff.id, staffId))
    .limit(1);
-  if (!staffMember || !staffMember.icalToken) {
+  if (!staffMember || staffMember.icalToken !== token) {
    return c.text("Unauthorized", 401);
  }
  const storedToken = staffMember.icalToken;
  const incomingToken = token;
  const storedBuf = Buffer.from(storedToken, "utf8");
  const incomingBuf = Buffer.from(incomingToken, "utf8");
  if (
    storedBuf.length !== incomingBuf.length ||
    !timingSafeEqual(storedBuf, incomingBuf)
  ) {
    return c.text("Unauthorized", 401);
  }
@@ -4,16 +4,37 @@ import { z } from "zod/v3";
 import { and, eq, exists, getDb, or, clients, appointments } from "@groombook/db";
 import type { AppEnv } from "../middleware/rbac.js";
 function normalizeE164(phone: string): string | null {
  const digits = phone.replace(/\D/g, "");
  if (digits.length === 10) return `+1${digits}`;
  if (digits.length === 11 && digits.startsWith("1")) return `+${digits}`;
  if (digits.length > 11 && digits.startsWith("1")) return `+${digits.slice(0, 11)}`;
  return null;
 }
 function e164String() {
  return z.string().transform((v, ctx) => {
    if (!v) return v as unknown as undefined;
    const normalized = normalizeE164(v);
    if (!normalized) {
      ctx.addIssue({
        code: z.ZodIssueCode.custom,
        message: "Invalid phone number. Must be a valid E.164 number (e.g. +12125551234).",
      });
      return z.NEVER;
    }
    return normalized;
  });
 }
 export const clientsRouter = new Hono<AppEnv>();
 const createClientSchema = z.object({
  name: z.string().min(1).max(200),
-  email: z.string().email(),
+  email: z.string().email().optional(),
-  phone: z.string().max(50).optional(),
+  phone: e164String().optional(),
  address: z.string().max(500).optional(),
  notes: z.string().max(2000).optional(),
  smsOptIn: z.boolean().optional(),
  smsConsentText: z.string().max(1000).optional(),
 });
@@ -97,7 +118,6 @@ clientsRouter.post("/", zValidator("json", createClientSchema), async (c) => {
 // Update a client (including status changes)
 const patchClientSchema = createClientSchema.partial().extend({
  status: z.enum(["active", "disabled"]).optional(),
  smsOptOut: z.boolean().optional(),
 });
 clientsRouter.patch(
@@ -110,19 +130,13 @@ clientsRouter.patch(
    const setValues: Record<string, unknown> = { ...body, updatedAt: now };
    // When disabling, set disabledAt; when re-enabling, clear it
    if (body.status === "disabled") {
      setValues.disabledAt = now;
    } else if (body.status === "active") {
      setValues.disabledAt = null;
    }
    if (body.smsOptOut === true) {
      setValues.smsOptIn = false;
      setValues.smsOptOutDate = now;
      delete setValues.smsOptOut;
    }
    delete setValues.smsOptOut;
    const [row] = await db
      .update(clients)
      .set(setValues)
@@ -144,24 +158,9 @@ clientsRouter.delete("/:id", async (c) => {
  }
  const db = getDb();
  const clientId = c.req.param("id");
  const [existingAppt] = await db
    .select({ id: appointments.id })
    .from(appointments)
    .where(eq(appointments.clientId, clientId))
    .limit(1);
  if (existingAppt) {
    return c.json(
      { error: "Cannot delete client with existing appointments. Cancel or reassign appointments first." },
      409
    );
  }
  const [row] = await db
    .delete(clients)
-    .where(eq(clients.id, clientId))
+    .where(eq(clients.id, c.req.param("id")))
    .returning();
  if (!row) return c.json({ error: "Not found" }, 404);
  return c.json({ ok: true });
@@ -1,10 +1,9 @@
 import { Hono } from "hono";
 import { zValidator } from "@hono/zod-validator";
 import { z } from "zod/v3";
-import { and, desc, eq, getDb, groomingVisitLogs, appointments, or } from "@groombook/db";
+import { desc, eq, getDb, groomingVisitLogs } from "@groombook/db";
 import type { AppEnv } from "../middleware/rbac.js";
-export const groomingLogsRouter = new Hono<AppEnv>();
+export const groomingLogsRouter = new Hono();
 const createLogSchema = z.object({
  petId: z.string().uuid(),
@@ -21,26 +20,6 @@ groomingLogsRouter.get("/", async (c) => {
  const db = getDb();
  const petId = c.req.query("petId");
  if (!petId) return c.json({ error: "petId is required" }, 400);
  const staffRow = c.get("staff");
  const isGroomer = staffRow?.role === "groomer";
  if (isGroomer) {
    const [appt] = await db
      .select({ id: appointments.id })
      .from(appointments)
      .where(
        and(
          eq(appointments.petId, petId),
          or(
            eq(appointments.staffId, staffRow.id),
            eq(appointments.batherStaffId, staffRow.id)
          )
        )
      )
      .limit(1);
    if (!appt) return c.json({ error: "Forbidden" }, 403);
  }
  const rows = await db
    .select()
    .from(groomingVisitLogs)
@@ -54,50 +33,11 @@ groomingLogsRouter.post(
  zValidator("json", createLogSchema),
  async (c) => {
    const db = getDb();
-    const { groomedAt, petId, appointmentId, ...rest } = c.req.valid("json");
+    const { groomedAt, ...rest } = c.req.valid("json");
    const staffRow = c.get("staff");
    const isGroomer = staffRow?.role === "groomer";
    if (isGroomer) {
      if (appointmentId) {
        const [appt] = await db
          .select({ id: appointments.id })
          .from(appointments)
          .where(
            and(
              eq(appointments.id, appointmentId),
              or(
                eq(appointments.staffId, staffRow.id),
                eq(appointments.batherStaffId, staffRow.id)
              )
            )
          )
          .limit(1);
        if (!appt) return c.json({ error: "Forbidden" }, 403);
      } else {
        const [appt] = await db
          .select({ id: appointments.id })
          .from(appointments)
          .where(
            and(
              eq(appointments.petId, petId),
              or(
                eq(appointments.staffId, staffRow.id),
                eq(appointments.batherStaffId, staffRow.id)
              )
            )
          )
          .limit(1);
        if (!appt) return c.json({ error: "Forbidden" }, 403);
      }
    }
    const [row] = await db
      .insert(groomingVisitLogs)
      .values({
        ...rest,
        petId,
        appointmentId: appointmentId ?? null,
        groomedAt: groomedAt ? new Date(groomedAt) : new Date(),
      })
      .returning();
@@ -107,37 +47,10 @@ groomingLogsRouter.post(
 groomingLogsRouter.delete("/:id", async (c) => {
  const db = getDb();
-  const id = c.req.param("id");
+  const [row] = await db
  const staffRow = c.get("staff");
  const isGroomer = staffRow?.role === "groomer";
  const [log] = await db
    .select()
    .from(groomingVisitLogs)
    .where(eq(groomingVisitLogs.id, id))
    .limit(1);
  if (!log) return c.json({ error: "Not found" }, 404);
  if (isGroomer) {
    const [appt] = await db
      .select({ id: appointments.id })
      .from(appointments)
      .where(
        and(
          eq(appointments.petId, log.petId),
          or(
            eq(appointments.staffId, staffRow.id),
            eq(appointments.batherStaffId, staffRow.id)
          )
        )
      )
      .limit(1);
    if (!appt) return c.json({ error: "Forbidden" }, 403);
  }
  await db
    .delete(groomingVisitLogs)
-    .where(eq(groomingVisitLogs.id, id))
+    .where(eq(groomingVisitLogs.id, c.req.param("id")))
    .returning();
  if (!row) return c.json({ error: "Not found" }, 404);
  return c.json({ ok: true });
 });
@@ -8,15 +8,13 @@ import {
  invoices,
  invoiceLineItems,
  invoiceTipSplits,
  refunds,
  appointments,
  services,
  clients,
  sql,
 } from "@groombook/db";
 import type { AppEnv } from "../middleware/rbac.js";
-export const invoicesRouter = new Hono<AppEnv>();
+export const invoicesRouter = new Hono();
 const createInvoiceSchema = z.object({
  appointmentId: z.string().uuid().optional(),
@@ -45,61 +43,53 @@ const updateInvoiceSchema = z.object({
 });
 // List invoices
-const listInvoicesQuerySchema = z.object({
+invoicesRouter.get("/", async (c) => {
-  clientId: z.string().uuid().optional(),
+  const db = getDb();
-  appointmentId: z.string().uuid().optional(),
+  const clientId = c.req.query("clientId");
-  status: z.enum(["draft", "pending", "paid", "void"]).optional(),
+  const appointmentId = c.req.query("appointmentId");
-  limit: z.coerce.number().int().min(1).max(200).default(50),
+  const status = c.req.query("status");
-  offset: z.coerce.number().int().min(0).default(0),
+  const limit = Math.min(parseInt(c.req.query("limit") || "50", 10), 200);
  const offset = parseInt(c.req.query("offset") || "0", 10);
  const conditions = [];
  if (clientId) conditions.push(eq(invoices.clientId, clientId));
  if (appointmentId) conditions.push(eq(invoices.appointmentId, appointmentId));
  if (status) conditions.push(eq(invoices.status, status as "draft" | "pending" | "paid" | "void"));
  const whereClause = conditions.length > 0 ? and(...conditions) : undefined;
  const [totalResult] = await db
    .select({ count: sql<number>`count(*)` })
    .from(invoices)
    .where(whereClause);
  const rows = await db
    .select({
      id: invoices.id,
      appointmentId: invoices.appointmentId,
      clientId: invoices.clientId,
      clientName: clients.name,
      subtotalCents: invoices.subtotalCents,
      taxCents: invoices.taxCents,
      tipCents: invoices.tipCents,
      totalCents: invoices.totalCents,
      status: invoices.status,
      paymentMethod: invoices.paymentMethod,
      paidAt: invoices.paidAt,
      notes: invoices.notes,
      createdAt: invoices.createdAt,
      updatedAt: invoices.updatedAt,
    })
    .from(invoices)
    .leftJoin(clients, eq(invoices.clientId, clients.id))
    .where(whereClause)
    .orderBy(invoices.createdAt)
    .limit(limit)
    .offset(offset);
  return c.json({ data: rows, total: totalResult?.count ?? 0 });
 });
 invoicesRouter.get(
  "/",
  zValidator("query", listInvoicesQuerySchema),
  async (c) => {
    const db = getDb();
    const { clientId, appointmentId, status, limit, offset } = c.req.valid("query");
    const conditions = [];
    if (clientId) conditions.push(eq(invoices.clientId, clientId));
    if (appointmentId) conditions.push(eq(invoices.appointmentId, appointmentId));
    if (status) conditions.push(eq(invoices.status, status as "draft" | "pending" | "paid" | "void"));
    const whereClause = conditions.length > 0 ? and(...conditions) : undefined;
    const [totalResult] = await db
      .select({ count: sql<number>`count(*)` })
      .from(invoices)
      .where(whereClause);
    const rows = await db
      .select({
        id: invoices.id,
        appointmentId: invoices.appointmentId,
        clientId: invoices.clientId,
        clientName: clients.name,
        subtotalCents: invoices.subtotalCents,
        taxCents: invoices.taxCents,
        tipCents: invoices.tipCents,
        totalCents: invoices.totalCents,
        status: invoices.status,
        paymentMethod: invoices.paymentMethod,
        paidAt: invoices.paidAt,
        notes: invoices.notes,
        createdAt: invoices.createdAt,
        updatedAt: invoices.updatedAt,
      })
      .from(invoices)
      .leftJoin(clients, eq(invoices.clientId, clients.id))
      .where(whereClause)
      .orderBy(invoices.createdAt)
      .limit(limit)
      .offset(offset);
    return c.json({ data: rows, total: totalResult?.count ?? 0 });
  }
 );
 // Get single invoice with line items and tip splits
 invoicesRouter.get("/:id", async (c) => {
  const db = getDb();
@@ -126,8 +116,8 @@ const tipSplitSchema = z.object({
    })
  ).min(1).refine(
    (splits) => {
-      const totalBps = splits.reduce((sum, s) => sum + Math.round(s.sharePct * 100), 0);
+      const total = splits.reduce((sum, s) => sum + s.sharePct, 0);
-      return totalBps === 10000;
+      return Math.abs(total - 100) < 0.01;
    },
    { message: "Split percentages must sum to 100" }
  ),
@@ -171,13 +161,12 @@ invoicesRouter.post(
      }
    });
-    const [updatedInvoice] = await db.select().from(invoices).where(eq(invoices.id, id));
+    const splits = await db
-    const [lineItems, tipSplits] = await Promise.all([
+      .select()
-      db.select().from(invoiceLineItems).where(eq(invoiceLineItems.invoiceId, id)),
+      .from(invoiceTipSplits)
-      db.select().from(invoiceTipSplits).where(eq(invoiceTipSplits.invoiceId, id)),
+      .where(eq(invoiceTipSplits.invoiceId, id));
    ]);
-    return c.json({ ...updatedInvoice, lineItems, tipSplits }, 201);
+    return c.json(splits, 201);
  }
 );
@@ -302,13 +291,6 @@ invoicesRouter.post("/from-appointment/:appointmentId", async (c) => {
  return c.json({ ...invoice, lineItems: [lineItem] }, 201);
 });
 const ALLOWED_TRANSITIONS: Record<string, string[]> = {
  draft: ["pending", "void"],
  pending: ["draft", "paid", "void"],
  paid: ["void"],
  void: [],
 };
 // Update invoice
 invoicesRouter.patch(
  "/:id",
@@ -324,14 +306,8 @@ invoicesRouter.patch(
      .where(eq(invoices.id, id));
    if (!current) return c.json({ error: "Not found" }, 404);
-    if (body.status !== undefined) {
+    if (current.status === "void") {
-      const allowed = ALLOWED_TRANSITIONS[current.status] ?? [];
+      return c.json({ error: "Cannot modify a voided invoice" }, 422);
      if (!allowed.includes(body.status)) {
        return c.json(
          { error: `Invalid status transition from ${current.status} to ${body.status}` },
          422
        );
      }
    }
    const update: Record<string, unknown> = { ...body, updatedAt: new Date() };
@@ -369,7 +345,6 @@ import { processRefund } from "../services/payment.js";
 const refundSchema = z.object({
  amountCents: z.number().int().nonnegative().optional(),
  idempotencyKey: z.string().max(255).optional(),
 });
 invoicesRouter.post(
@@ -395,28 +370,9 @@ invoicesRouter.post(
      return c.json({ error: "No Stripe payment intent found for this invoice" }, 422);
    }
-    return await db.transaction(async (tx) => {
+    const result = await processRefund(id, body.amountCents);
-      if (body.idempotencyKey) {
+    if (!result) return c.json({ error: "Refund failed" }, 500);
        const [existing] = await tx
          .select()
          .from(refunds)
          .where(eq(refunds.idempotencyKey, body.idempotencyKey));
        if (existing) {
          return c.json({ refundId: existing.stripeRefundId });
        }
      }
-      const result = await processRefund(id, body.amountCents);
+    return c.json({ refundId: result.refundId });
      if (!result) return c.json({ error: "Refund failed" }, 500);
      await tx.insert(refunds).values({
        invoiceId: id,
        stripeRefundId: result.refundId,
        idempotencyKey: body.idempotencyKey ?? null,
        amountCents: body.amountCents ?? null,
      });
      return c.json({ refundId: result.refundId });
    });
  }
 );
@@ -1,22 +1,33 @@
 import { Hono } from "hono";
 import { zValidator } from "@hono/zod-validator";
 import { z } from "zod/v3";
-import { eq, inArray } from "@groombook/db";
+import { and, eq, inArray } from "@groombook/db";
 import { getDb, appointments, impersonationSessions, waitlistEntries, clients, pets, services, staff, invoices, invoiceLineItems } from "@groombook/db";
-import { validatePortalSession } from "../middleware/portalSession.js";
+import type { AppEnv } from "../middleware/rbac.js";
 import { portalAudit } from "../middleware/portalAudit.js";
 import type { PortalEnv } from "../middleware/portalSession.js";
-export const portalRouter = new Hono<PortalEnv>();
+export const portalRouter = new Hono<AppEnv>();
-// Apply middleware to all portal routes
+// ─── Session helper ───────────────────────────────────────────────────────────
-portalRouter.use("/*", validatePortalSession, portalAudit);
+
 async function getClientIdFromSession(sessionId: string | null | undefined): Promise<string | null> {
  if (!sessionId) return null;
  const db = getDb();
  const [session] = await db
    .select()
    .from(impersonationSessions)
    .where(and(eq(impersonationSessions.id, sessionId), eq(impersonationSessions.status, "active")))
    .limit(1);
  if (!session || session.expiresAt <= new Date()) return null;
  return session.clientId;
 }
 // ─── GET routes ──────────────────────────────────────────────────────────────
 portalRouter.get("/me", async (c) => {
  const db = getDb();
-  const clientId = c.get("portalClientId");
+  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) return c.json({ error: "Unauthorized" }, 401);
  const [client] = await db.select().from(clients).where(eq(clients.id, clientId)).limit(1);
  if (!client) return c.json({ error: "Not found" }, 404);
@@ -38,7 +49,9 @@ portalRouter.get("/services", async (c) => {
 portalRouter.get("/appointments", async (c) => {
  const db = getDb();
-  const clientId = c.get("portalClientId");
+  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) return c.json({ error: "Unauthorized" }, 401);
  const now = new Date();
  const allAppts = await db
@@ -88,7 +101,9 @@ portalRouter.get("/appointments", async (c) => {
 portalRouter.get("/pets", async (c) => {
  const db = getDb();
-  const clientId = c.get("portalClientId");
+  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) return c.json({ error: "Unauthorized" }, 401);
  const clientPets = await db.select().from(pets).where(eq(pets.clientId, clientId));
  return c.json(clientPets.map(p => ({ id: p.id, name: p.name, breed: p.breed, weightKg: p.weightKg, dateOfBirth: p.dateOfBirth, photoKey: p.photoKey, groomingNotes: p.groomingNotes })));
@@ -96,7 +111,9 @@ portalRouter.get("/pets", async (c) => {
 portalRouter.get("/invoices", async (c) => {
  const db = getDb();
-  const clientId = c.get("portalClientId");
+  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) return c.json({ error: "Unauthorized" }, 401);
  const clientInvoices = await db.select().from(invoices).where(eq(invoices.clientId, clientId));
  const invoiceIds = clientInvoices.map(i => i.id);
@@ -131,7 +148,12 @@ portalRouter.patch(
    const db = getDb();
    const id = c.req.param("id");
    const body = c.req.valid("json");
-    const clientId = c.get("portalClientId");
+
    const sessionId = c.req.header("X-Impersonation-Session-Id");
    const clientId = await getClientIdFromSession(sessionId);
    if (!clientId) {
      return c.json({ error: "Unauthorized" }, 401);
    }
    const [appt] = await db
      .select()
@@ -174,7 +196,12 @@ portalRouter.patch(
 portalRouter.post("/appointments/:id/confirm", async (c) => {
  const db = getDb();
  const id = c.req.param("id");
-  const clientId = c.get("portalClientId");
+
  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) {
    return c.json({ error: "Unauthorized" }, 401);
  }
  const [appt] = await db
    .select()
@@ -223,7 +250,12 @@ portalRouter.post("/appointments/:id/confirm", async (c) => {
 portalRouter.post("/appointments/:id/cancel", async (c) => {
  const db = getDb();
  const id = c.req.param("id");
-  const clientId = c.get("portalClientId");
+
  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) {
    return c.json({ error: "Unauthorized" }, 401);
  }
  const [appt] = await db
    .select()
@@ -287,7 +319,28 @@ portalRouter.post(
  async (c) => {
    const db = getDb();
    const body = c.req.valid("json");
-    const clientId = c.get("portalClientId");
+    const sessionId = c.req.header("X-Impersonation-Session-Id");
    let clientId: string | null = null;
    if (sessionId) {
      const [session] = await db
        .select()
        .from(impersonationSessions)
        .where(
          and(
            eq(impersonationSessions.id, sessionId),
            eq(impersonationSessions.status, "active")
          )
        )
        .limit(1);
      if (session && session.expiresAt > new Date()) {
        clientId = session.clientId;
      }
    }
    if (!clientId) {
      return c.json({ error: "Unauthorized" }, 401);
    }
    const [entry] = await db
      .insert(waitlistEntries)
@@ -311,7 +364,26 @@ portalRouter.patch(
    const db = getDb();
    const id = c.req.param("id");
    const body = c.req.valid("json");
-    const clientId = c.get("portalClientId");
+    const sessionId = c.req.header("X-Impersonation-Session-Id");
    if (!sessionId) {
      return c.json({ error: "Unauthorized" }, 401);
    }
    const [session] = await db
      .select()
      .from(impersonationSessions)
      .where(
        and(
          eq(impersonationSessions.id, sessionId),
          eq(impersonationSessions.status, "active")
        )
      )
      .limit(1);
    if (!session || session.expiresAt <= new Date()) {
      return c.json({ error: "Unauthorized" }, 401);
    }
    const [existing] = await db
      .select()
@@ -320,7 +392,7 @@ portalRouter.patch(
      .limit(1);
    if (!existing) return c.json({ error: "Not found" }, 404);
-    if (existing.clientId !== clientId) {
+    if (existing.clientId !== session.clientId) {
      return c.json({ error: "Forbidden" }, 403);
    }
@@ -342,7 +414,26 @@ portalRouter.patch(
 portalRouter.delete("/waitlist/:id", async (c) => {
  const db = getDb();
  const id = c.req.param("id");
-  const clientId = c.get("portalClientId");
+  const sessionId = c.req.header("X-Impersonation-Session-Id");
  if (!sessionId) {
    return c.json({ error: "Unauthorized" }, 401);
  }
  const [session] = await db
    .select()
    .from(impersonationSessions)
    .where(
      and(
        eq(impersonationSessions.id, sessionId),
        eq(impersonationSessions.status, "active")
      )
    )
    .limit(1);
  if (!session || session.expiresAt <= new Date()) {
    return c.json({ error: "Unauthorized" }, 401);
  }
  const [entry] = await db
    .select()
@@ -351,7 +442,7 @@ portalRouter.delete("/waitlist/:id", async (c) => {
    .limit(1);
  if (!entry) return c.json({ error: "Not found" }, 404);
-  if (entry.clientId !== clientId) {
+  if (entry.clientId !== session.clientId) {
    return c.json({ error: "Forbidden" }, 403);
  }
@@ -371,9 +462,45 @@ import {
  detachPaymentMethod,
  createSetupIntent,
  getOrCreateStripeCustomer,
  getStripeClient,
 } from "../services/payment.js";
 const payInvoiceSchema = z.object({
  invoiceId: z.string().uuid(),
 });
 portalRouter.post(
  "/invoices/:id/pay",
  zValidator("json", payInvoiceSchema),
  async (c) => {
    const db = getDb();
    const invoiceId = c.req.param("id");
    const sessionId = c.req.header("X-Impersonation-Session-Id");
    const clientId = await getClientIdFromSession(sessionId);
    if (!clientId) return c.json({ error: "Unauthorized" }, 401);
    const [invoice] = await db
      .select()
      .from(invoices)
      .where(eq(invoices.id, invoiceId))
      .limit(1);
    if (!invoice) return c.json({ error: "Not found" }, 404);
    if (invoice.clientId !== clientId) return c.json({ error: "Forbidden" }, 403);
    if (invoice.status === "draft" || invoice.status === "void") {
      return c.json({ error: "Cannot pay a draft or void invoice" }, 422);
    }
    if (invoice.status === "paid") {
      return c.json({ error: "Invoice is already paid" }, 422);
    }
    const stripePublishableKey = process.env.STRIPE_PUBLISHABLE_KEY ?? "";
    const result = await createPaymentIntent(invoiceId, clientId);
    if (!result) return c.json({ error: "Payment service unavailable" }, 503);
    return c.json({ clientSecret: result.clientSecret, publishableKey: stripePublishableKey });
  }
 );
 const payMultipleSchema = z.object({
  invoiceIds: z.array(z.string().uuid()).min(1),
 });
@@ -384,7 +511,9 @@ portalRouter.post(
  async (c) => {
    const db = getDb();
    const body = c.req.valid("json");
-    const clientId = c.get("portalClientId");
+    const sessionId = c.req.header("X-Impersonation-Session-Id");
    const clientId = await getClientIdFromSession(sessionId);
    if (!clientId) return c.json({ error: "Unauthorized" }, 401);
    const invoiceRows = await db
      .select()
@@ -406,7 +535,6 @@ portalRouter.post(
    }
    const firstInvoice = invoiceRows[0];
    if (!firstInvoice) return c.json({ error: "No invoices found" }, 400);
    const allSameClient = invoiceRows.every(inv => inv.clientId === firstInvoice.clientId);
    if (!allSameClient) {
      return c.json({ error: "All invoices must belong to the same client" }, 422);
@@ -421,7 +549,9 @@ portalRouter.post(
 );
 portalRouter.get("/payment-methods", async (c) => {
-  const clientId = c.get("portalClientId");
+  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) return c.json({ error: "Unauthorized" }, 401);
  const methods = await listPaymentMethods(clientId);
  if (methods === null) return c.json({ error: "Payment service unavailable" }, 503);
@@ -429,7 +559,9 @@ portalRouter.get("/payment-methods", async (c) => {
 });
 portalRouter.post("/payment-methods", async (c) => {
-  const clientId = c.get("portalClientId");
+  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) return c.json({ error: "Unauthorized" }, 401);
  const stripePublishableKey = process.env.STRIPE_PUBLISHABLE_KEY ?? "";
  const customerId = await getOrCreateStripeCustomer(clientId);
@@ -442,26 +574,24 @@ portalRouter.post("/payment-methods", async (c) => {
 });
 portalRouter.delete("/payment-methods/:id", async (c) => {
-  const clientId = c.get("portalClientId");
+  const sessionId = c.req.header("X-Impersonation-Session-Id");
  const clientId = await getClientIdFromSession(sessionId);
  if (!clientId) return c.json({ error: "Unauthorized" }, 401);
  const paymentMethodId = c.req.param("id");
  const stripeCustomerId = await getOrCreateStripeCustomer(clientId);
  if (!stripeCustomerId) return c.json({ error: "No payment method found" }, 404);
  const stripe = getStripeClient();
  if (!stripe) return c.json({ error: "Payment service unavailable" }, 503);
  const paymentMethod = await stripe.paymentMethods.retrieve(paymentMethodId);
  if (!paymentMethod || paymentMethod.customer !== stripeCustomerId) {
    return c.json({ error: "Payment method not found" }, 404);
  }
  const ok = await detachPaymentMethod(paymentMethodId);
  if (!ok) return c.json({ error: "Failed to detach payment method" }, 500);
  return c.json({ ok: true });
 });
 // ─── Config endpoint ─────────────────────────────────────────────────────────
 portalRouter.get("/config", (c) => {
  return c.json({
    stripePublishableKey: process.env.STRIPE_PUBLISHABLE_KEY ?? "",
  });
 });
 // ─── Dev-mode session creation ──────────────────────────────────────────────
 // Allows the dev login selector to vend an impersonation session for a client
 // without requiring manager auth. Only available when AUTH_DISABLED=true.
@@ -286,10 +286,6 @@ reportsRouter.get("/clients", async (c) => {
  ninetyDaysAgo.setUTCDate(ninetyDaysAgo.getUTCDate() - 90);
  const ninetyDaysAgoISO = ninetyDaysAgo.toISOString();
  const page = Math.max(1, parseInt(c.req.query("page") ?? "1", 10) || 1);
  const limit = Math.min(100, Math.max(1, parseInt(c.req.query("limit") ?? "20", 10) || 20));
  const offset = (page - 1) * limit;
  const churnRisk = await db
    .select({
      clientId: clients.id,
@@ -302,34 +298,15 @@ reportsRouter.get("/clients", async (c) => {
    .having(
      sql`MAX(${appointments.startTime}) < ${ninetyDaysAgoISO}::timestamptz OR MAX(${appointments.startTime}) IS NULL`
    )
-    .orderBy(sql`MAX(${appointments.startTime}) ASC NULLS FIRST`)
+    .orderBy(sql`MAX(${appointments.startTime}) ASC NULLS FIRST`);
    .limit(limit)
    .offset(offset);
  const [churnCountRow] = await db
    .select({ total: sql<number>`count(*)::int` })
    .from(
      db
        .select({ id: clients.id })
        .from(clients)
        .leftJoin(appointments, eq(appointments.clientId, clients.id))
        .groupBy(clients.id)
        .having(
          sql`MAX(${appointments.startTime}) < ${ninetyDaysAgoISO}::timestamptz OR MAX(${appointments.startTime}) IS NULL`
        )
        .as("churn_count")
    );
  const churnRiskTotal = churnCountRow?.total ?? 0;
  return c.json({
    from: from.toISOString(),
    to: to.toISOString(),
    newClients,
    activeInPeriodCount: activeInPeriod.length,
-    churnRisk,
+    churnRisk: churnRisk.slice(0, 20), // top 20 at-risk clients
-    churnRiskTotal,
+    churnRiskTotal: churnRisk.length,
    page,
    limit,
  });
 });
@@ -9,7 +9,7 @@ const createServiceSchema = z.object({
  name: z.string().min(1).max(200),
  description: z.string().max(2000).optional(),
  basePriceCents: z.number().int().positive(),
-  durationMinutes: z.number().int().positive().max(480),
+  durationMinutes: z.number().int().positive(),
  active: z.boolean().default(true),
 });
@@ -4,24 +4,6 @@ import { z } from "zod/v3";
 import { and, eq, getDb, sql, staff, businessSettings, authProviderConfig, encryptSecret } from "@groombook/db";
 import type { AppEnv } from "../middleware/rbac.js";
 const RATE_LIMIT_WINDOW_MS = 60_000;
 const RATE_LIMIT_MAX = 10;
 const rateLimitMap = new Map<string, { count: number; resetAt: number }>();
 function rateLimitByIp(ip: string): { allowed: boolean; remaining: number } {
  const now = Date.now();
  const entry = rateLimitMap.get(ip);
  if (!entry || now > entry.resetAt) {
    rateLimitMap.set(ip, { count: 1, resetAt: now + RATE_LIMIT_WINDOW_MS });
    return { allowed: true, remaining: RATE_LIMIT_MAX - 1 };
  }
  if (entry.count >= RATE_LIMIT_MAX) {
    return { allowed: false, remaining: 0 };
  }
  entry.count++;
  return { allowed: true, remaining: RATE_LIMIT_MAX - entry.count };
 }
 export const setupRouter = new Hono<AppEnv>();
 // GET /api/setup/status — public (no auth), returns whether setup is needed
@@ -203,74 +185,52 @@ const authProviderTestSchema = z.object({
 * After setup completes, this endpoint permanently returns 403.
 */
 setupRouter.post("/auth-provider", async (c) => {
  const ip = c.req.header("x-forwarded-for")?.split(",")[0]?.trim() ?? "unknown";
  const { allowed, remaining } = rateLimitByIp(ip);
  c.res.headers.set("x-rate-limit-remaining", String(remaining));
  if (!allowed) {
    return c.json({ error: "Too many requests. Please try again later." }, 429);
  }
  const db = getDb();
-  let row: typeof authProviderConfig.$inferSelect;
+  // Guard: only allow during fresh install (no super user yet)
-  try {
+  const [superUser] = await db
-    row = await db.transaction(async (tx) => {
+    .select({ id: staff.id })
-      const [superUser] = await tx
+    .from(staff)
-        .select({ id: staff.id })
+    .where(eq(staff.isSuperUser, true))
-        .from(staff)
+    .limit(1);
        .where(eq(staff.isSuperUser, true))
        .limit(1);
-      if (superUser) {
+  if (superUser) {
-        throw Object.assign(new Error("setup-complete"), { code: 403 });
+    // Setup already completed — lock this endpoint permanently
-      }
+    return c.json({ error: "Setup has already been completed. This endpoint is no longer available." }, 403);
  }
-      const [existingConfig] = await tx
+  // Guard: ensure no DB config already exists (should be redundant with status check but defensive)
-        .select({ id: authProviderConfig.id })
+  const [existingConfig] = await db
-        .from(authProviderConfig)
+    .select({ id: authProviderConfig.id })
-        .where(eq(authProviderConfig.enabled, true))
+    .from(authProviderConfig)
-        .limit(1);
+    .where(eq(authProviderConfig.enabled, true))
    .limit(1);
-      if (existingConfig) {
+  if (existingConfig) {
-        throw Object.assign(new Error("config-exists"), { code: 409 });
+    return c.json({ error: "Auth provider is already configured." }, 409);
-      }
+  }
-      const body = authProviderBootstrapSchema.parse(await c.req.json());
+  const body = authProviderBootstrapSchema.parse(await c.req.json());
-      const encryptedSecret = encryptSecret(body.clientSecret);
+  // Encrypt clientSecret before storing
  const encryptedSecret = encryptSecret(body.clientSecret);
-      const [configRow] = await tx
+  const [row] = await db
-        .insert(authProviderConfig)
+    .insert(authProviderConfig)
-        .values({
+    .values({
-          providerId: body.providerId,
+      providerId: body.providerId,
-          displayName: body.displayName,
+      displayName: body.displayName,
-          issuerUrl: body.issuerUrl,
+      issuerUrl: body.issuerUrl,
-          internalBaseUrl: body.internalBaseUrl ?? null,
+      internalBaseUrl: body.internalBaseUrl ?? null,
-          clientId: body.clientId,
+      clientId: body.clientId,
-          clientSecret: encryptedSecret,
+      clientSecret: encryptedSecret,
-          scopes: body.scopes,
+      scopes: body.scopes,
-          enabled: true,
+      enabled: true,
-        })
+    })
-        .returning();
+    .returning();
-      if (!configRow) {
+  if (!row) {
-        throw Object.assign(new Error("insert-failed"), { code: 500 });
+    return c.json({ error: "Failed to save auth provider configuration." }, 500);
      }
      return configRow;
    });
  } catch (err: unknown) {
    const e = err as Error & { code?: number };
    if (e.message === "setup-complete") {
      return c.json({ error: "Setup has already been completed. This endpoint is no longer available." }, e.code as 403);
    }
    if (e.message === "config-exists") {
      return c.json({ error: "Auth provider is already configured." }, e.code as 409);
    }
    if (e.message === "insert-failed") {
      return c.json({ error: "Failed to save auth provider configuration." }, e.code as 500);
    }
    throw err;
  }
  return c.json({
@@ -294,13 +254,6 @@ setupRouter.post("/auth-provider", async (c) => {
 * Only available when needsSetup is true (no super user = fresh install).
 */
 setupRouter.post("/auth-provider/test", async (c) => {
  const ip = c.req.header("x-forwarded-for")?.split(",")[0]?.trim() ?? "unknown";
  const { allowed, remaining } = rateLimitByIp(ip);
  c.res.headers.set("x-rate-limit-remaining", String(remaining));
  if (!allowed) {
    return c.json({ ok: false, error: "Too many requests. Please try again later." }, 429);
  }
  const db = getDb();
  // Guard: only allow during fresh install (no super user yet)
@@ -1,119 +0,0 @@
 import { Hono } from "hono";
 import Stripe from "stripe";
 import { z } from "zod/v3";
 import { eq, getDb, invoices } from "@groombook/db";
 import { getStripeClient } from "../services/payment.js";
 export const webhooksRouter = new Hono();
 webhooksRouter.post("/stripe", async (c) => {
  const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
  if (!webhookSecret) {
    return c.json({ error: "Webhook secret not configured" }, 503);
  }
  const signature = c.req.header("stripe-signature");
  if (!signature) {
    return c.json({ error: "Missing signature" }, 401);
  }
  let rawBody: string;
  try {
    rawBody = await c.req.text();
  } catch {
    return c.json({ error: "Could not read body" }, 400);
  }
  const stripe = getStripeClient();
  if (!stripe) {
    return c.json({ error: "Stripe not configured" }, 503);
  }
  let event: Stripe.Event;
  try {
    event = stripe.webhooks.constructEvent(rawBody, signature, webhookSecret);
  } catch (err) {
    const message = err instanceof Error ? err.message : "Invalid signature";
    return c.json({ error: message }, 401);
  }
  const db = getDb();
  if (event.type === "payment_intent.succeeded") {
    const pi = event.data.object as Stripe.PaymentIntent;
    if (pi.metadata?.groombook_invoice_ids) {
      const invoiceIds = pi.metadata.groombook_invoice_ids.split(",");
      for (const invoiceId of invoiceIds) {
        if (!invoiceId) continue;
        const parsed = z.string().uuid().safeParse(invoiceId.trim());
        if (!parsed.success) continue;
        const invoiceIdTrimmed = invoiceId.trim();
        const [inv] = await db
          .select()
          .from(invoices)
          .where(eq(invoices.id, invoiceIdTrimmed))
          .limit(1);
        if (!inv) continue;
        if (inv.stripePaymentIntentId && inv.stripePaymentIntentId !== pi.id) continue;
        await db
          .update(invoices)
          .set({
            status: "paid",
            paymentMethod: "card",
            paidAt: new Date(),
            stripePaymentIntentId: pi.id,
            updatedAt: new Date(),
          })
          .where(eq(invoices.id, invoiceIdTrimmed));
      }
    }
  } else if (event.type === "payment_intent.payment_failed") {
    const pi = event.data.object as Stripe.PaymentIntent;
    if (pi.metadata?.groombook_invoice_ids) {
      const invoiceIds = pi.metadata.groombook_invoice_ids.split(",");
      for (const invoiceId of invoiceIds) {
        if (!invoiceId) continue;
        const parsed = z.string().uuid().safeParse(invoiceId.trim());
        if (!parsed.success) continue;
        const invoiceIdTrimmed = invoiceId.trim();
        await db
          .update(invoices)
          .set({
            paymentFailureReason: pi.last_payment_error?.message ?? "Payment failed",
            updatedAt: new Date(),
          })
          .where(eq(invoices.id, invoiceIdTrimmed));
      }
    }
  } else if (event.type === "charge.refunded") {
    const charge = event.data.object as Stripe.Charge;
    if (typeof charge.payment_intent === "string" && charge.payment_intent) {
      const [inv] = await db
        .select({ id: invoices.id })
        .from(invoices)
        .where(eq(invoices.stripePaymentIntentId, charge.payment_intent))
        .limit(1);
      if (inv) {
        const refundId =
          typeof charge.refunded === "boolean" && charge.refunded
            ? `ch_${charge.id}_refund`
            : null;
        await db
          .update(invoices)
          .set({
            status: "void",
            stripeRefundId: refundId,
            updatedAt: new Date(),
          })
          .where(eq(invoices.id, inv.id));
      }
    }
  } else if (event.type === "charge.dispute.created") {
    const dispute = event.data.object as Stripe.Dispute;
    console.error(
      `[Stripe Webhook] Dispute created for payment intent: ${dispute.payment_intent}`
    );
  }
  return c.json({ received: true });
 });
@@ -0,0 +1,137 @@
 import { Hono } from "hono";
 import {
  and,
  eq,
  getDb,
  clients,
  reminderLogs,
  smsSend,
 } from "@groombook/db";
 import { TelnyxProvider } from "../services/sms.js";
 export const webhooksRouter = new Hono();
 const telnyxProvider = new TelnyxProvider();
 const STOP_KEYWORDS = new Set(["STOP", "STOPALL", "UNSUBSCRIBE", "CANCEL", "END", "QUIT"]);
 const START_KEYWORDS = new Set(["START", "YES", "UNSTOP"]);
 webhooksRouter.post("/sms/inbound", async (c) => {
  if (!telnyxProvider.validateWebhookSignature(c.req.raw)) {
    return c.json({ error: "Invalid signature" }, 401);
  }
  let body: Record<string, unknown>;
  try {
    body = await c.req.json();
  } catch {
    return c.json({ error: "Invalid JSON" }, 400);
  }
  const event = (body.data as Record<string, unknown>)?.event_type ?? body.event_type;
  const payload = (body.data as Record<string, unknown>) ?? body;
  if (event === "message.received") {
    const fromField = payload.from;
    const from = typeof fromField === "object" && fromField !== null
      ? (fromField as Record<string, unknown>).phone_number as string ?? (fromField as Record<string, unknown>).toString()
      : String(fromField ?? "");
    const text = String(payload.text ?? payload.body ?? "").trim().toUpperCase();
    if (!from || !text) {
      return c.json({ error: "Missing from or text" }, 400);
    }
    const db = getDb();
    const [client] = await db
      .select({ id: clients.id, smsOptIn: clients.smsOptIn })
      .from(clients)
      .where(eq(clients.phone, from))
      .limit(1);
    if (!client) {
      return c.json({ received: true });
    }
    if (STOP_KEYWORDS.has(text)) {
      await db
        .update(clients)
        .set({
          smsOptIn: false,
          smsOptOutDate: new Date(),
          updatedAt: new Date(),
        })
        .where(eq(clients.id, client.id));
      return c.json({ received: true });
    }
    if (START_KEYWORDS.has(text)) {
      await db
        .update(clients)
        .set({
          smsOptIn: true,
          smsConsentDate: new Date(),
          updatedAt: new Date(),
        })
        .where(eq(clients.id, client.id));
      return c.json({ received: true });
    }
    if (text === "HELP") {
      const supportUrl = process.env.SUPPORT_URL ?? "https://groombook.app/support";
      await smsSend(from, `GroomBook appointment reminders. Reply STOP to opt out. For help, visit ${supportUrl}.`);
      return c.json({ received: true });
    }
    return c.json({ received: true });
  }
  if (event === "message.finalized" || event === "message.status") {
    const status = String(payload.status ?? "");
    const toField = payload.to;
    const toNumber = typeof toField === "object" && toField !== null
      ? (toField as Record<string, unknown>).phone_number as string ?? (toField as Record<string, unknown>).toString()
      : String(toField ?? "");
    if (!status || !toNumber) {
      return c.json({ received: true });
    }
    const validDelivery = ["delivered", "sent", "failed", "sending", "queued"];
    if (!validDelivery.includes(status)) {
      return c.json({ received: true });
    }
    const db = getDb();
    const [client] = await db
      .select({ id: clients.id })
      .from(clients)
      .where(eq(clients.phone, toNumber))
      .limit(1);
    if (client) {
      const [log] = await db
        .select({ id: reminderLogs.id })
        .from(reminderLogs)
        .where(
          and(
            eq(reminderLogs.channel, "sms")
          )
        )
        .limit(1);
      if (log) {
        await db
          .update(reminderLogs)
          .set({ deliveryStatus: status })
          .where(eq(reminderLogs.id, log.id));
      }
    }
    return c.json({ received: true });
  }
  return c.json({ received: true });
 });
@@ -1,9 +1,9 @@
 import Stripe from "stripe";
-import { getDb, clients, eq, inArray, invoices } from "@groombook/db";
+import { getDb, clients, eq, invoices } from "@groombook/db";
 let _stripe: Stripe | null | undefined;
-export function getStripeClient(): Stripe | null {
+function getStripeClient(): Stripe | null {
  if (_stripe === undefined) {
    const secretKey = process.env.STRIPE_SECRET_KEY;
    if (!secretKey) return null;
@@ -43,13 +43,11 @@ export async function createPaymentIntent(
  const db = getDb();
  const invoiceIds = Array.isArray(invoiceIdOrIds) ? invoiceIdOrIds : [invoiceIdOrIds];
  const firstInvoiceId = invoiceIds[0];
  if (!firstInvoiceId) return null;
  const invoiceRows = await db
    .select()
    .from(invoices)
-    .where(eq(invoices.id, firstInvoiceId));
+    .where(eq(invoices.id, invoiceIds[0]));
  const [invoice] = invoiceRows;
  if (!invoice) return null;
@@ -59,8 +57,8 @@ export async function createPaymentIntent(
    const allInvoices = await db
      .select({ totalCents: invoices.totalCents })
      .from(invoices)
-      .where(inArray(invoices.id, invoiceIds));
+      .where(eq(invoices.id, invoiceIds[0]));
-    totalCents = allInvoices.reduce((sum, inv) => sum + inv.totalCents, 0);
+    totalCents = allInvoices.reduce((sum, inv) => sum + inv.totalCents, totalCents);
  }
  const stripeCustomerId = await getOrCreateStripeCustomer(clientId);
@@ -84,10 +82,10 @@ export async function createPaymentIntent(
      .where(eq(invoices.id, invId));
  }
-  const clientSecret = paymentIntent.client_secret;
+  return {
-  if (!clientSecret) return null;
+    clientSecret: paymentIntent.client_secret!,
-
+    paymentIntentId: paymentIntent.id,
-  return { clientSecret, paymentIntentId: paymentIntent.id };
+  };
 }
 export async function processRefund(
@@ -20,8 +20,8 @@ import {
 } from "./email.js";
 import { smsSend } from "./sms.js";
 // TCPA-required opt-out text appended to every SMS reminder
 const TCPA_OPT_OUT = "Reply STOP to opt out. Msg & data rates may apply.";
 function getReminderWindows(): { label: string; hours: number }[] {
  const early = Number(process.env.REMINDER_HOURS_EARLY ?? 24);
  const late = Number(process.env.REMINDER_HOURS_LATE ?? 2);
@@ -31,14 +31,20 @@ function getReminderWindows(): { label: string; hours: number }[] {
  ];
 }
 // Checks for upcoming appointments that need reminders and sends them.
 // Runs every minute — idempotent via reminder_logs unique constraint.
 export async function runReminderCheck(): Promise<void> {
  const db = getDb();
  const now = new Date();
  for (const window of getReminderWindows()) {
    // Target window: appointments starting between (hours - 1) and hours from now.
    // Running every minute means we check a 1-minute slice; the 1-hour window
    // ensures we catch appointments that started between heartbeats.
    const windowStart = new Date(now.getTime() + (window.hours - 1) * 3600_000);
    const windowEnd = new Date(now.getTime() + window.hours * 3600_000);
    // Find upcoming appointments in this time window that haven't been cancelled/completed
    const upcoming = await db
      .select({
        id: appointments.id,
@@ -84,13 +90,14 @@ export async function runReminderCheck(): Promise<void> {
        )
        .limit(1);
      // Fetch related records for the email
      const [client] = await db
        .select({
          name: clients.name,
          email: clients.email,
          emailOptOut: clients.emailOptOut,
          smsOptIn: clients.smsOptIn,
-          phone: clients.phone,
+          phoneE164: clients.phoneE164,
        })
        .from(clients)
        .where(eq(clients.id, appt.clientId))
@@ -155,7 +162,7 @@ export async function runReminderCheck(): Promise<void> {
        }
      }
-      if (!smsLog && client.smsOptIn && client.phone) {
+      if (!smsLog && client.smsOptIn && client.phoneE164) {
        const apiUrl = process.env.API_URL ?? "http://localhost:3000";
        const confirmUrl = `${apiUrl}/api/book/confirm/${confirmationToken}`;
        const cancelUrl = `${apiUrl}/api/book/cancel/${confirmationToken}`;
@@ -168,7 +175,7 @@ export async function runReminderCheck(): Promise<void> {
          TCPA_OPT_OUT,
        ].join(". ");
        try {
-          const smsOk = await smsSend(client.phone, smsBody);
+          const smsOk = await smsSend(client.phoneE164, smsBody);
          if (smsOk) {
            await db
              .insert(reminderLogs)
@@ -183,7 +190,9 @@ export async function runReminderCheck(): Promise<void> {
  }
 }
 // Starts the cron scheduler. Call once at server startup.
 export function startReminderScheduler(): void {
  // Run every minute
  cron.schedule("* * * * *", () => {
    runReminderCheck().catch((err) => {
      console.error("[reminders] Error during reminder check:", err);
@@ -195,6 +204,8 @@ export function startReminderScheduler(): void {
  console.log("[reminders] Reminder scheduler started");
 }
 // Deletes expired sessions from the database.
 // Runs every minute alongside reminder checks.
 export async function runSessionCleanup(): Promise<void> {
  const db = getDb();
  const now = new Date();
@@ -1,5 +1,4 @@
 import { Telnyx } from "telnyx";
 import { createHmac } from "crypto";
 export interface SmsProvider {
  sendSms(to: string, body: string, mediaUrls?: string[]): Promise<{ messageId: string; status: string }>;
@@ -83,6 +82,7 @@ export class TelnyxProvider implements SmsProvider {
    const payload = JSON.stringify(req.body);
    try {
      const { createHmac } = await import("crypto");
      const hmac = createHmac("sha256", secret);
      const expected = `sha256=${hmac.update(payload).digest("hex")}`;
@@ -93,9 +93,7 @@ export class TelnyxProvider implements SmsProvider {
      let diff = 0;
      for (let i = 0; i < sigBuf.length; i++) {
-        const sigByte = sigBuf[i] ?? 0;
+        diff |= sigBuf[i] ^ expBuf[i];
        const expByte = expBuf[i] ?? 0;
        diff |= sigByte ^ expByte;
      }
      return diff === 0;
    } catch {
@@ -1,19 +0,0 @@
 declare module "telnyx" {
  export interface MessageResult {
    data: unknown;
  }
  export interface MessagesCreateParams {
    from: string;
    to: string;
    body: string;
    media_urls?: string[];
  }
  export class Telnyx {
    constructor(apiKey: string);
    messages: {
      create(params: Record<string, string | string[]>): Promise<MessageResult>;
    };
  }
 }
@@ -20,5 +20,3 @@ FROM nginx:alpine AS runner
 COPY apps/web/nginx.conf /etc/nginx/conf.d/default.conf
 COPY --from=builder /app/apps/web/dist /usr/share/nginx/html
 EXPOSE 80
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:80/ || exit 1
@@ -3,22 +3,10 @@ server {
    root /usr/share/nginx/html;
    index index.html;
    # Security headers
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
    # Cache static assets
    location ~* \.(js|css|png|svg|ico|woff2)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
    }
    # Proxy API calls to the API service
@@ -226,6 +226,7 @@ export function CustomerPortal() {
      )}
      {showReschedule && rescheduleAppointment && (
        // eslint-disable-next-line @typescript-eslint/no-explicit-any
        <RescheduleFlow
          appointment={rescheduleAppointment as any}
          onClose={() => { setShowReschedule(false); setRescheduleAppointment(null); }}
@@ -398,10 +398,10 @@ function PaymentModal({ sessionId, pending, onClose, onSuccess }: PaymentModalPr
      const { error: stripeError } = await stripe.confirmPayment({
        elements,
        clientSecret,
-        confirmParams: saveCard
+        confirmParams: {
-          ? { setup_future_usage: "off_session" }
+          return_url: `${window.location.origin}/portal/billing`,
-          : undefined,
+          ...(saveCard ? { setup_future_usage: "off_session" } : {}),
-        redirect: "if_required",
+        },
      });
      if (stripeError) {
@@ -0,0 +1,65 @@
 #!/bin/bash
 API_HOST="https://api.minimax.io"
 API_KEY="$MINIMAX_API_KEY"
 OUTPUT_DIR="minimax-output"
 mkdir -p "$OUTPUT_DIR"
 # Diverse dog image prompts
 declare -a PROMPTS=(
  "A beautiful red Irish Setter with long flowing silky coat, standing proudly in golden hour sunlight, professional pet portrait photography, warm tones"
  "A fluffy white Pomeranian puppy with thick fluffy coat, sitting alert with bright expression, studio white background, cute grooming"
  "A black Schnauzer with distinctive full beard and mustache, freshly groomed with neat styling, professional grooming salon setting"
  "A cream and white Cavalier King Charles Spaniel with silky coat, gentle sad eyes, soft warm indoor lighting, elegant pose"
  "A brown and white Basset Hound with long droopy ears, lying down in relaxed pose, natural outdoor setting, peaceful expression"
  "A black and tan miniature Dachshund with glossy coat, alert standing pose, warm studio lighting, detailed paws visible"
  "A white fluffy Bichon Frise after professional grooming with rounded topknot, happy bouncy expression, bright cheerful background"
  "A muscular fawn Boxer dog, athletic build, standing confidently outdoors in park, energetic expression, natural lighting"
  "A blue merle Shetland Sheepdog with alert ears and fluffy coat, running happily, green grass field background, vibrant"
  "A buff colored Cocker Spaniel with beautiful silky coat, friendly gentle expression, warm natural window lighting, indoor"
 )
 declare -a FILENAMES=(
  "dog-setter-red-sunlit.png"
  "dog-pomeranian-white-studio.png"
  "dog-schnauzer-black-groomed.png"
  "dog-cavalier-cream-gentle.png"
  "dog-basset-brown-white.png"
  "dog-dachshund-black-tan.png"
  "dog-bichon-white-groomed.png"
  "dog-boxer-fawn-athletic.png"
  "dog-sheepdog-merle-running.png"
  "dog-cocker-buff-friendly.png"
 )
 echo "Generating ${#PROMPTS[@]} diverse dog images..."
 for i in "${!PROMPTS[@]}"; do
  PROMPT="${PROMPTS[$i]}"
  FILENAME="${FILENAMES[$i]}"
  echo -n "[$((i+1))/${#PROMPTS[@]}] $FILENAME... "
  RESPONSE=$(curl -s -X POST "${API_HOST}/v1/image_generation" \
    -H "Authorization: Bearer ${API_KEY}" \
    -H "Content-Type: application/json" \
    -d "{\"model\":\"image-01\",\"prompt\":\"${PROMPT}\",\"image_count\":1}")
  # Extract image URL from response
  IMAGE_URL=$(echo "$RESPONSE" | grep -o '"image_urls":\["\([^"]*\)' | cut -d'"' -f4)
  if [ -n "$IMAGE_URL" ]; then
    curl -s "$IMAGE_URL" -o "$OUTPUT_DIR/$FILENAME" 2>/dev/null
    if [ -f "$OUTPUT_DIR/$FILENAME" ] && [ -s "$OUTPUT_DIR/$FILENAME" ]; then
      echo "✓"
    else
      echo "✗ (download failed)"
    fi
  else
    echo "✗ (no URL)"
  fi
 done
 echo "Done! Generated images in $OUTPUT_DIR/"
 ls -lh "$OUTPUT_DIR"/dog-*.png 2>/dev/null | wc -l
@@ -0,0 +1,80 @@
 #!/bin/bash
 # Use the configured MiniMax API host
 API_HOST="${MINIMAX_API_HOST:-https://api.minimax.io}"
 API_KEY="$MINIMAX_API_KEY"
 # Test endpoint - check which one works
 echo "Testing API endpoints..."
 echo "API_HOST: $API_HOST"
 echo "API_KEY: ${API_KEY:0:15}..."
 # Array of diverse dog images to generate
 declare -a PROMPTS=(
  "A beautiful red Irish Setter with flowing silky coat, standing proudly in a sunny garden, warm natural lighting, professional pet photography"
  "A fluffy white Pomeranian with thick coat, sitting alert, bright studio background, cute expression"
  "A black Schnauzer with distinctive beard, freshly groomed, professional salon setting, dignified pose"
  "A cream-colored Cavalier King Charles Spaniel, silky coat, gentle expression, soft warm lighting"
  "A brown and white Basset Hound, long ears, relaxed sitting pose, natural outdoor background"
  "A black and tan Dachshund, elongated body, alert posture, warm studio lighting"
  "A white Bichon Frise, fluffy groomed coat, happy expression, bright cheerful background"
  "A fawn Boxer with muscular build, athletic posture, outdoor park setting, energetic expression"
  "A merle Shetland Sheepdog, alert ears, running pose, green garden background"
  "A buff-colored Cocker Spaniel, silky coat, friendly expression, warm natural light"
 )
 declare -a FILENAMES=(
  "dog-setter-red-sunny.png"
  "dog-pomeranian-white-alert.png"
  "dog-schnauzer-groomed.png"
  "dog-cavalier-cream.png"
  "dog-basset-hound-outdoor.png"
  "dog-dachshund-alert.png"
  "dog-bichon-frise-happy.png"
  "dog-boxer-athletic.png"
  "dog-sheepdog-merle.png"
  "dog-cocker-spaniel-buff.png"
 )
 mkdir -p minimax-output
 echo "Generating ${#PROMPTS[@]} diverse dog images..."
 for i in "${!PROMPTS[@]}"; do
  PROMPT="${PROMPTS[$i]}"
  FILENAME="${FILENAMES[$i]}"
  echo "[$((i+1))/${#PROMPTS[@]}] Generating: $FILENAME"
  # Make API request
  RESPONSE=$(curl -s -X POST "${API_HOST}/v1/image_generation" \
    -H "Authorization: Bearer ${API_KEY}" \
    -H "Content-Type: application/json" \
    -d "{
      \"model\": \"image-01\",
      \"prompt\": \"${PROMPT}\",
      \"image_count\": 1
    }")
  # Check if response contains image data
  if echo "$RESPONSE" | grep -q "data\|image_url\|file_content"; then
    echo "  ✓ Response received"
    # Try to extract and save image data
    # Different APIs format responses differently
    IMAGE_DATA=$(echo "$RESPONSE" | grep -o '"file_content":"[^"]*' | head -1 | cut -d'"' -f4)
    if [ -n "$IMAGE_DATA" ]; then
      echo "$IMAGE_DATA" | base64 -d > "minimax-output/$FILENAME"
      echo "  ✓ Image saved to minimax-output/$FILENAME"
    else
      echo "  ✗ Could not extract image data"
    fi
  else
    echo "  ✗ API response: ${RESPONSE:0:100}"
  fi
  sleep 1
 done
 echo "Image generation complete!"
@@ -0,0 +1,78 @@
 #!/usr/bin/env python3
 import base64
 import requests
 import os
 import json
 api_key = os.environ.get("MINIMAX_API_KEY")
 if not api_key:
    raise ValueError("MINIMAX_API_KEY environment variable not set")
 url = "https://api.minimax.io/v1/image_generation"
 headers = {"Authorization": f"Bearer {api_key}"}
 # Ensure output directory exists
 os.makedirs("minimax-output", exist_ok=True)
 prompts = [
    {
        "filename": "dog-puggle-fawn-playful.png",
        "prompt": "Adorable fawn Puggle puppy with playful expression, compact muscular build, professional pet photography, studio lighting, photorealistic"
    },
    {
        "filename": "dog-puggle-black-sitting.png",
        "prompt": "Black and tan Puggle with alert sitting posture, pointed beagle-like ears, gentle eyes, professional studio lighting, photorealistic"
    },
    {
        "filename": "dog-puggle-cream-groomed.png",
        "prompt": "Cream Puggle freshly groomed with fluffy coat, happy expression, lying down comfortably, natural daylight, photorealistic"
    },
    {
        "filename": "dog-puggle-tricolor-outdoor.png",
        "prompt": "Tricolor Puggle in outdoor garden setting, alert playful pose, natural sunlight, professional pet photography, photorealistic"
    },
    {
        "filename": "dog-puggle-fawn-grooming.png",
        "prompt": "Fawn Puggle at grooming salon, gentle expression, compact muscular build with beagle-like features, professional grooming setup, warm lighting, photorealistic"
    }
 ]
 print(f"Generating {len(prompts)} Puggle images...")
 for item in prompts:
    filename = item["filename"]
    prompt = item["prompt"]
    print(f"\nGenerating {filename}...")
    payload = {
        "model": "image-01",
        "prompt": prompt,
        "aspect_ratio": "1:1",
        "response_format": "base64",
    }
    try:
        response = requests.post(url, headers=headers, json=payload, timeout=60)
        response.raise_for_status()
        data = response.json()
        if "data" in data and "image_base64" in data["data"]:
            images = data["data"]["image_base64"]
            # Save the first (and usually only) image
            output_path = f"minimax-output/{filename}"
            with open(output_path, "wb") as f:
                f.write(base64.b64decode(images[0]))
            file_size = os.path.getsize(output_path)
            print(f"✓ Saved {filename} ({file_size} bytes)")
        else:
            print(f"✗ Unexpected response format: {json.dumps(data, indent=2)}")
    except requests.exceptions.RequestException as e:
        print(f"✗ Error generating {filename}: {e}")
    except Exception as e:
        print(f"✗ Unexpected error for {filename}: {e}")
 print("\n✓ Image generation complete!")
 print("Files saved to minimax-output/")
@@ -0,0 +1,9 @@
 ALTER TABLE "reminder_logs" DROP CONSTRAINT "reminder_logs_appointment_id_reminder_type_unique";--> statement-breakpoint
 ALTER TABLE "business_settings" ADD COLUMN "logo_key" text;--> statement-breakpoint
 ALTER TABLE "clients" ADD COLUMN "sms_opt_in" boolean DEFAULT false NOT NULL;--> statement-breakpoint
 ALTER TABLE "clients" ADD COLUMN "sms_consent_date" timestamp;--> statement-breakpoint
 ALTER TABLE "clients" ADD COLUMN "sms_opt_out_date" timestamp;--> statement-breakpoint
 ALTER TABLE "clients" ADD COLUMN "sms_consent_text" text;--> statement-breakpoint
 ALTER TABLE "pets" ADD COLUMN "image" text;--> statement-breakpoint
 ALTER TABLE "reminder_logs" ADD COLUMN "channel" text DEFAULT 'email' NOT NULL;--> statement-breakpoint
 ALTER TABLE "reminder_logs" ADD CONSTRAINT "reminder_logs_appointment_id_reminder_type_channel_unique" UNIQUE("appointment_id","reminder_type","channel");
@@ -1,6 +0,0 @@
 ALTER TABLE "clients" ADD COLUMN "stripe_customer_id" text;
 ALTER TABLE "clients" ADD CONSTRAINT "idx_clients_stripe_customer_id" UNIQUE("stripe_customer_id");
 ALTER TABLE "invoices" ADD COLUMN "stripe_payment_intent_id" text;
 ALTER TABLE "invoices" ADD COLUMN "stripe_refund_id" text;
 ALTER TABLE "invoices" ADD COLUMN "payment_failure_reason" text;
 ALTER TABLE "invoices" ADD CONSTRAINT "idx_invoices_stripe_payment_intent_id" UNIQUE("stripe_payment_intent_id");
@@ -1,11 +0,0 @@
 CREATE TABLE "refunds" (
  "id" uuid PRIMARY KEY DEFAULT gen_random_uuid(),
  "invoice_id" uuid NOT NULL REFERENCES "invoices"("id") ON DELETE RESTRICT,
  "stripe_refund_id" text NOT NULL,
  "idempotency_key" text UNIQUE,
  "amount_cents" integer,
  "created_at" timestamp NOT NULL DEFAULT NOW()
 );
 CREATE INDEX "idx_refunds_invoice_id" ON "refunds"("invoice_id");
 CREATE INDEX "idx_refunds_idempotency_key" ON "refunds"("idempotency_key");
@@ -0,0 +1,6 @@
 ALTER TABLE "clients" ADD COLUMN "stripe_customer_id" text;--> statement-breakpoint
 ALTER TABLE "clients" ADD CONSTRAINT "idx_clients_stripe_customer_id" UNIQUE("stripe_customer_id");--> statement-breakpoint
 ALTER TABLE "invoices" ADD COLUMN "stripe_payment_intent_id" text;--> statement-breakpoint
 ALTER TABLE "invoices" ADD COLUMN "stripe_refund_id" text;--> statement-breakpoint
 ALTER TABLE "invoices" ADD COLUMN "payment_failure_reason" text;--> statement-breakpoint
 ALTER TABLE "invoices" ADD CONSTRAINT "idx_invoices_stripe_payment_intent_id" UNIQUE("stripe_payment_intent_id");
@@ -0,0 +1 @@
 ALTER TABLE "business_settings" ADD COLUMN "sms_enabled" boolean NOT NULL DEFAULT false;
@@ -1,15 +0,0 @@
 -- SMS opt-in fields for clients (idempotent)
 ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "sms_opt_in" boolean NOT NULL DEFAULT false;
 ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "sms_consent_date" timestamp;
 ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "sms_opt_out_date" timestamp;
 ALTER TABLE "clients" ADD COLUMN IF NOT EXISTS "sms_consent_text" text;
 -- Add channel column to reminder_logs with default 'email' (idempotent)
 ALTER TABLE "reminder_logs" ADD COLUMN IF NOT EXISTS "channel" text NOT NULL DEFAULT 'email';
 -- Drop old unique constraints if they exist (idempotent)
 ALTER TABLE "reminder_logs" DROP CONSTRAINT IF EXISTS "reminder_logs_appointment_id_reminder_type_key";
 ALTER TABLE "reminder_logs" DROP CONSTRAINT IF EXISTS "reminder_logs_appointment_id_reminder_type_unique";
 -- Add new unique constraint with channel
 ALTER TABLE "reminder_logs" ADD CONSTRAINT "reminder_logs_appointment_id_reminder_type_channel_unique" UNIQUE ("appointment_id", "reminder_type", "channel");
@@ -1,20 +0,0 @@
 -- Migration: 0029_db_indexes_constraints.sql
 -- Add missing indexes on appointments, pets, clients tables and NOT NULL constraint on clients.email
 -- Backfill NULL emails before setting NOT NULL
 UPDATE clients SET email = concat('unknown-', id::text, '@placeholder.local') WHERE email IS NULL;
 -- Add indexes on appointments table
 CREATE INDEX idx_appointments_client_id ON appointments(client_id);
 CREATE INDEX idx_appointments_staff_id ON appointments(staff_id);
 CREATE INDEX idx_appointments_start_time ON appointments(start_time);
 CREATE INDEX idx_appointments_status ON appointments(status);
 -- Add index on pets table
 CREATE INDEX idx_pets_client_id ON pets(client_id);
 -- Add index on clients table
 CREATE INDEX idx_clients_email ON clients(email);
 -- Set NOT NULL on clients.email (after backfill)
 ALTER TABLE clients ALTER COLUMN email SET NOT NULL;
@@ -0,0 +1,103 @@
 {
  "id": "0027_stripe_identifiers",
  "version": "7",
  "dialect": "postgresql",
  "tables": {
    "authProviderConfig": {
      "name": "auth_provider_config",
      "columns": {
        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
        "providerId": { "name": "provider_id", "type": "text", "isNullable": false },
        "displayName": { "name": "display_name", "type": "text", "isNullable": false },
        "issuerUrl": { "name": "issuer_url", "type": "text", "isNullable": false },
        "internalBaseUrl": { "name": "internal_base_url", "type": "text", "isNullable": true },
        "clientId": { "name": "client_id", "type": "text", "isNullable": false },
        "clientSecret": { "name": "client_secret", "type": "text", "isNullable": false },
        "scopes": { "name": "scopes", "type": "text", "isNullable": false, "default": "'openid profile email'" },
        "enabled": { "name": "enabled", "type": "boolean", "isNullable": false, "default": "true" },
        "createdAt": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
        "updatedAt": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
      },
      "indexes": {},
      "foreignKeys": {},
      "compositePrimaryKeys": {}
    },
    "businessSettings": {
      "name": "business_settings",
      "columns": {
        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
        "businessName": { "name": "business_name", "type": "text", "isNullable": false, "default": "'GroomBook'" },
        "logoBase64": { "name": "logo_base64", "type": "text", "isNullable": true },
        "logoMimeType": { "name": "logo_mime_type", "type": "text", "isNullable": true },
        "logoKey": { "name": "logo_key", "type": "text", "isNullable": true },
        "primaryColor": { "name": "primary_color", "type": "text", "isNullable": false, "default": "'#4f8a6f'" },
        "accentColor": { "name": "accent_color", "type": "text", "isNullable": false, "default": "'#8b7355'" },
        "createdAt": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
        "updatedAt": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
      },
      "indexes": {},
      "foreignKeys": {},
      "compositePrimaryKeys": {}
    },
    "clients": {
      "name": "clients",
      "columns": {
        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
        "name": { "name": "name", "type": "text", "isNullable": false },
        "email": { "name": "email", "type": "text", "isNullable": true },
        "phone": { "name": "phone", "type": "text", "isNullable": true },
        "address": { "name": "address", "type": "text", "isNullable": true },
        "notes": { "name": "notes", "type": "text", "isNullable": true },
        "emailOptOut": { "name": "email_opt_out", "type": "boolean", "isNullable": false, "default": "false" },
        "smsOptIn": { "name": "sms_opt_in", "type": "boolean", "isNullable": false, "default": "false" },
        "smsConsentDate": { "name": "sms_consent_date", "type": "timestamp", "isNullable": true },
        "smsOptOutDate": { "name": "sms_opt_out_date", "type": "timestamp", "isNullable": true },
        "smsConsentText": { "name": "sms_consent_text", "type": "text", "isNullable": true },
        "stripeCustomerId": { "name": "stripe_customer_id", "type": "text", "isNullable": true },
        "status": { "name": "status", "type": "client_status", "isNullable": false, "default": "'active'" },
        "disabledAt": { "name": "disabled_at", "type": "timestamp", "isNullable": true },
        "createdAt": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
        "updatedAt": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
      },
      "indexes": {},
      "foreignKeys": {},
      "compositePrimaryKeys": {},
      "uniqueConstraints": { "idx_clients_stripe_customer_id": { "columns": ["stripe_customer_id"] } }
    },
    "invoices": {
      "name": "invoices",
      "columns": {
        "id": { "name": "id", "type": "uuid", "primaryKey": true, "default": "gen_random_uuid()", "isNullable": false },
        "appointmentId": { "name": "appointment_id", "type": "uuid", "isNullable": true },
        "clientId": { "name": "client_id", "type": "uuid", "isNullable": false },
        "subtotalCents": { "name": "subtotal_cents", "type": "integer", "isNullable": false },
        "taxCents": { "name": "tax_cents", "type": "integer", "isNullable": false, "default": "0" },
        "tipCents": { "name": "tip_cents", "type": "integer", "isNullable": false, "default": "0" },
        "totalCents": { "name": "total_cents", "type": "integer", "isNullable": false },
        "status": { "name": "status", "type": "invoice_status", "isNullable": false, "default": "'draft'" },
        "paymentMethod": { "name": "payment_method", "type": "payment_method", "isNullable": true },
        "paidAt": { "name": "paid_at", "type": "timestamp", "isNullable": true },
        "stripePaymentIntentId": { "name": "stripe_payment_intent_id", "type": "text", "isNullable": true },
        "stripeRefundId": { "name": "stripe_refund_id", "type": "text", "isNullable": true },
        "paymentFailureReason": { "name": "payment_failure_reason", "type": "text", "isNullable": true },
        "notes": { "name": "notes", "type": "text", "isNullable": true },
        "createdAt": { "name": "created_at", "type": "timestamp", "isNullable": false, "default": "now()" },
        "updatedAt": { "name": "updated_at", "type": "timestamp", "isNullable": false, "default": "now()" }
      },
      "indexes": { "idx_invoices_client_id": { "columns": ["client_id"] }, "idx_invoices_status": { "columns": ["status"] }, "idx_invoices_created_at": { "columns": ["created_at"] } },
      "foreignKeys": { "invoices_appointment_id_fkey": { "columns": ["appointmentId"], "reference": { "table": "appointments", "columns": ["id"] } }, "invoices_client_id_fkey": { "columns": ["clientId"], "reference": { "table": "clients", "columns": ["id"] } } },
      "compositePrimaryKeys": {},
      "uniqueConstraints": { "idx_invoices_stripe_payment_intent_id": { "columns": ["stripe_payment_intent_id"] } }
    }
  },
  "enums": {
    "appointment_status": { "name": "appointment_status", "values": ["scheduled", "confirmed", "in_progress", "completed", "cancelled", "no_show"] },
    "client_status": { "name": "client_status", "values": ["active", "disabled"] },
    "impersonation_session_status": { "name": "impersonation_session_status", "values": ["active", "ended", "expired"] },
    "invoice_status": { "name": "invoice_status", "values": ["draft", "pending", "paid", "void"] },
    "payment_method": { "name": "payment_method", "values": ["cash", "card", "check", "other"] },
    "staff_role": { "name": "staff_role", "values": ["groomer", "receptionist", "manager"] },
    "waitlist_status": { "name": "waitlist_status", "values": ["active", "notified", "expired", "cancelled"] }
  },
  "nativeEnums": {}
 }
@@ -187,22 +187,8 @@
    {
      "idx": 26,
      "version": "7",
-      "when": 1775568867192,
+      "when": 1776035812477,
-      "tag": "0026_stripe_payment",
+      "tag": "0026_boring_storm",
      "breakpoints": true
    },
    {
      "idx": 27,
      "version": "7",
      "when": 1775655267192,
      "tag": "0027_refunds",
      "breakpoints": true
    },
    {
      "idx": 28,
      "version": "7",
      "when": 1775741667192,
      "tag": "0028_sms_reminders",
      "breakpoints": true
    }
  ]
@@ -75,7 +75,6 @@ export function buildClient(overrides: Partial<ClientRow> = {}): ClientRow {
    smsConsentDate: null,
    smsOptOutDate: null,
    smsConsentText: null,
    stripeCustomerId: null,
    status: "active",
    disabledAt: null,
    createdAt: new Date("2025-01-01T00:00:00Z"),
@@ -102,55 +102,46 @@ export const verification = pgTable("verification", {
 // ─── Tables ───────────────────────────────────────────────────────────────────
-export const clients = pgTable(
+export const clients = pgTable("clients", {
-  "clients",
+  id: uuid("id").primaryKey().defaultRandom(),
-  {
+  name: text("name").notNull(),
-    id: uuid("id").primaryKey().defaultRandom(),
+  email: text("email"),
-    name: text("name").notNull(),
+  phone: text("phone"),
-    email: text("email").notNull(),
+  address: text("address"),
-    phone: text("phone"),
+  notes: text("notes"),
-    address: text("address"),
+  emailOptOut: boolean("email_opt_out").notNull().default(false),
-    notes: text("notes"),
+  smsOptIn: boolean("sms_opt_in").notNull().default(false),
-    emailOptOut: boolean("email_opt_out").notNull().default(false),
+  smsConsentDate: timestamp("sms_consent_date"),
-    smsOptIn: boolean("sms_opt_in").notNull().default(false),
+  smsOptOutDate: timestamp("sms_opt_out_date"),
-    smsConsentDate: timestamp("sms_consent_date"),
+  smsConsentText: text("sms_consent_text"),
-    smsOptOutDate: timestamp("sms_opt_out_date"),
+  status: clientStatusEnum("status").notNull().default("active"),
-    smsConsentText: text("sms_consent_text"),
+  disabledAt: timestamp("disabled_at"),
-    stripeCustomerId: text("stripe_customer_id"),
+  createdAt: timestamp("created_at").notNull().defaultNow(),
-    status: clientStatusEnum("status").notNull().default("active"),
+  updatedAt: timestamp("updated_at").notNull().defaultNow(),
-    disabledAt: timestamp("disabled_at"),
+});
    createdAt: timestamp("created_at").notNull().defaultNow(),
    updatedAt: timestamp("updated_at").notNull().defaultNow(),
  },
  (t) => [index("idx_clients_email").on(t.email)]
 );
-export const pets = pgTable(
+export const pets = pgTable("pets", {
-  "pets",
+  id: uuid("id").primaryKey().defaultRandom(),
-  {
+  clientId: uuid("client_id")
-    id: uuid("id").primaryKey().defaultRandom(),
+    .notNull()
-    clientId: uuid("client_id")
+    .references(() => clients.id, { onDelete: "cascade" }),
-      .notNull()
+  name: text("name").notNull(),
-      .references(() => clients.id, { onDelete: "cascade" }),
+  species: text("species").notNull(),
-    name: text("name").notNull(),
+  breed: text("breed"),
-    species: text("species").notNull(),
+  weightKg: numeric("weight_kg", { precision: 5, scale: 2 }),
-    breed: text("breed"),
+  dateOfBirth: timestamp("date_of_birth"),
-    weightKg: numeric("weight_kg", { precision: 5, scale: 2 }),
+  healthAlerts: text("health_alerts"),
-    dateOfBirth: timestamp("date_of_birth"),
+  groomingNotes: text("grooming_notes"),
-    healthAlerts: text("health_alerts"),
+  cutStyle: text("cut_style"),
-    groomingNotes: text("grooming_notes"),
+  shampooPreference: text("shampoo_preference"),
-    cutStyle: text("cut_style"),
+  specialCareNotes: text("special_care_notes"),
-    shampooPreference: text("shampoo_preference"),
+  customFields: jsonb("custom_fields").$type<Record<string, string>>().notNull().default({}),
-    specialCareNotes: text("special_care_notes"),
+  photoKey: text("photo_key"),
-    customFields: jsonb("custom_fields").$type<Record<string, string>>().notNull().default({}),
+  photoUploadedAt: timestamp("photo_uploaded_at"),
-    photoKey: text("photo_key"),
+  image: text("image"),
-    photoUploadedAt: timestamp("photo_uploaded_at"),
+  createdAt: timestamp("created_at").notNull().defaultNow(),
-    image: text("image"),
+  updatedAt: timestamp("updated_at").notNull().defaultNow(),
-    createdAt: timestamp("created_at").notNull().defaultNow(),
+});
    updatedAt: timestamp("updated_at").notNull().defaultNow(),
  },
  (t) => [index("idx_pets_client_id").on(t.clientId)]
 );
 export const services = pgTable("services", {
  id: uuid("id").primaryKey().defaultRandom(),
@@ -263,9 +254,6 @@ export const invoices = pgTable(
    status: invoiceStatusEnum("status").notNull().default("draft"),
    paymentMethod: paymentMethodEnum("payment_method"),
    paidAt: timestamp("paid_at"),
    stripePaymentIntentId: text("stripe_payment_intent_id"),
    stripeRefundId: text("stripe_refund_id"),
    paymentFailureReason: text("payment_failure_reason"),
    notes: text("notes"),
    createdAt: timestamp("created_at").notNull().defaultNow(),
    updatedAt: timestamp("updated_at").notNull().defaultNow(),
@@ -274,7 +262,6 @@ export const invoices = pgTable(
    index("idx_invoices_client_id").on(t.clientId),
    index("idx_invoices_status").on(t.status),
    index("idx_invoices_created_at").on(t.createdAt),
    index("idx_invoices_stripe_payment_intent_id").on(t.stripePaymentIntentId),
  ]
 );
@@ -312,28 +299,8 @@ export const invoiceTipSplits = pgTable(
  (t) => [index("idx_invoice_tip_splits_invoice_id").on(t.invoiceId)]
 );
 // Refund records with idempotency key support
 export const refunds = pgTable(
  "refunds",
  {
    id: uuid("id").primaryKey().defaultRandom(),
    invoiceId: uuid("invoice_id")
      .notNull()
      .references(() => invoices.id, { onDelete: "restrict" }),
    stripeRefundId: text("stripe_refund_id").notNull(),
    idempotencyKey: text("idempotency_key").unique(),
    amountCents: integer("amount_cents"),
    createdAt: timestamp("created_at").notNull().defaultNow(),
  },
  (t) => [
    index("idx_refunds_invoice_id").on(t.invoiceId),
    index("idx_refunds_idempotency_key").on(t.idempotencyKey),
  ]
 );
 // Tracks which reminder emails have been sent per appointment (prevents duplicates).
 // reminder_type values: "confirmation", "24h", "2h"
 // channel values: "email", "sms"
 export const reminderLogs = pgTable(
  "reminder_logs",
  {
@@ -341,9 +308,7 @@ export const reminderLogs = pgTable(
    appointmentId: uuid("appointment_id")
      .notNull()
      .references(() => appointments.id, { onDelete: "cascade" }),
    // "confirmation" | "24h" | "2h"
    reminderType: text("reminder_type").notNull(),
    // "email" | "sms"
    channel: text("channel").notNull().default("email"),
    sentAt: timestamp("sent_at").notNull().defaultNow(),
  },
@@ -398,8 +398,6 @@ async function seedKnownUsers() {
        id: ADMIN_STAFF_ID,
        name: adminName,
        email: adminEmail,
        oidcSub: adminEmail,
        userId: adminEmail,
        role: "manager",
        isSuperUser: true,
        active: true,
@@ -426,7 +424,6 @@ async function seedKnownUsers() {
        name: "UAT Super User",
        email: "uat-super@groombook.dev",
        oidcSub: uatSuperOidcSub,
        userId: uatSuperOidcSub,
        role: "manager",
        isSuperUser: true,
        active: true,
@@ -453,7 +450,6 @@ async function seedKnownUsers() {
        name: "UAT Staff Groomer",
        email: "uat-groomer@groombook.dev",
        oidcSub: uatStaffOidcSub,
        userId: uatStaffOidcSub,
        role: "groomer",
        isSuperUser: false,
        active: true,
@@ -462,37 +458,6 @@ async function seedKnownUsers() {
    }
  }
  // ── Staff: UAT Groomer Personas (SEED_UAT_GROOMER_EMAILS + SEED_UAT_GROOMER_NAMES) ──
  const groomerEmails = process.env.SEED_UAT_GROOMER_EMAILS?.split(",").map((e) => e.trim()).filter(Boolean) ?? [];
  const groomerNames = process.env.SEED_UAT_GROOMER_NAMES?.split(",").map((n) => n.trim()).filter(Boolean) ?? [];
  const groomerCount = Math.min(groomerEmails.length, groomerNames.length);
  for (let i = 0; i < groomerCount; i++) {
    const email = groomerEmails[i]!;
    const name = groomerNames[i]!;
    // Use deterministic IDs in the 00000000-0000-0000-0000-000000000005+ range
    const staffId = `00000000-0000-0000-0000-${String(5 + i).padStart(12, "0")}`;
    const [existingGroomer] = await db
      .select()
      .from(schema.staff)
      .where(eq(schema.staff.email, email))
      .limit(1);
    if (existingGroomer) {
      console.log(`✓ Staff groomer '${existingGroomer.name}' already exists — skipping`);
    } else {
      await db.insert(schema.staff).values({
        id: staffId,
        name,
        email,
        oidcSub: email,
        role: "groomer",
        isSuperUser: false,
        active: true,
      });
      console.log(`✓ Created staff groomer '${name}' (${email})`);
    }
  }
  // ── Services: idempotent upsert using name as unique key ─────────────────────
  // UNIQUE constraint on services.name (migration 0020) must exist first.
  // Uses b0000001-... IDs to match main seed servicesDef for same-named services.
@@ -602,7 +567,7 @@ async function seed() {
  // ── Staff ──
  const managerStaff = Array.from({ length: cfg.staffCount.manager }, (_, i) =>
-    ({ id: uuid(), name: `Manager ${i + 1}`, email: `manager${i + 1}@groombook.dev`, role: "manager" as const, isSuperUser: profile === "uat" && i === 0 })
+    ({ id: uuid(), name: `Manager ${i + 1}`, email: `manager${i + 1}@groombook.dev`, role: "manager" as const, isSuperUser: false })
  );
  const receptionistStaff = Array.from({ length: cfg.staffCount.receptionist }, (_, i) =>
    ({ id: uuid(), name: `Receptionist ${i + 1}`, email: `receptionist${i + 1}@groombook.dev`, role: "receptionist" as const, isSuperUser: false })
@@ -647,8 +612,6 @@ async function seed() {
        id: ADMIN_STAFF_ID,
        name: adminName,
        email: adminEmail,
        oidcSub: adminEmail,
        userId: adminEmail,
        role: "manager",
        isSuperUser: true,
        active: true,
@@ -660,31 +623,6 @@ async function seed() {
    console.log(`✓ Upserted admin staff '${adminName}' (${adminEmail})`);
  }
  // ── UAT Groomer Personas (SEED_UAT_GROOMER_EMAILS + SEED_UAT_GROOMER_NAMES) ──
  const groomerEmails = process.env.SEED_UAT_GROOMER_EMAILS?.split(",").map((e) => e.trim()).filter(Boolean) ?? [];
  const groomerNames = process.env.SEED_UAT_GROOMER_NAMES?.split(",").map((n) => n.trim()).filter(Boolean) ?? [];
  const groomerCount = Math.min(groomerEmails.length, groomerNames.length);
  for (let i = 0; i < groomerCount; i++) {
    const email = groomerEmails[i]!;
    const name = groomerNames[i]!;
    const staffId = `00000000-0000-0000-0000-${String(5 + i).padStart(12, "0")}`;
    await db.insert(schema.staff)
      .values({
        id: staffId,
        name,
        email,
        oidcSub: email,
        role: "groomer",
        isSuperUser: false,
        active: true,
      })
      .onConflictDoUpdate({
        target: schema.staff.email,
        set: { id: staffId, name, role: "groomer", isSuperUser: false, active: true },
      });
    console.log(`✓ Upserted groomer '${name}' (${email})`);
  }
  // ── Services ──
  // Upsert services using name as unique key. With deterministic IDs in
  // servicesDef and TRUNCATE clearing downstream tables first, this is
@@ -44,8 +44,8 @@ importers:
        specifier: ^22.0.0
        version: 22.0.1(@types/node@22.19.15)
      telnyx:
-        specifier: ^1.23.0
+        specifier: ^6.41.0
-        version: 1.27.0
+        version: 6.41.0(ws@8.19.0)
      zod:
        specifier: ^4.3.6
        version: 4.3.6
@@ -180,7 +180,7 @@ importers:
        version: 22.19.15
      drizzle-kit:
        specifier: ^0.30.4
-        version: 0.30.4
+        version: 0.30.6
      tsx:
        specifier: ^4.19.0
        version: 4.21.0
@@ -1699,6 +1699,9 @@ packages:
    resolution: {integrity: sha512-cifvXDhcqMwwTlTK04GBNeIe7yyo28Mfby85QXFe1Yk8nmi36Ab/5UQwptOx84SsoGNRg+EVSjwzfSZMy6pmlw==}
    engines: {node: '>=14'}
  '@petamoriken/float16@3.9.3':
    resolution: {integrity: sha512-8awtpHXCx/bNpFt4mt2xdkgtgVvKqty8VbjHI/WWWQuEw+KLzFot3f4+LkQY9YmOtq7A5GdOnqoIC8Pdygjk2g==}
  '@pkgjs/parseargs@0.11.0':
    resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
    engines: {node: '>=14'}
@@ -2112,6 +2115,9 @@ packages:
    resolution: {integrity: sha512-O/IEdcCUKkubz60tFbGA7ceITTAJsty+lBjNoorP4Z6XRqaFb/OjQjZODophEcuq68nKm6/0r+6/lLQ+XVpk8g==}
    engines: {node: '>=18.0.0'}
  '@stablelib/base64@1.0.1':
    resolution: {integrity: sha512-1bnPQqSxSuc3Ii6MhBysoWCg58j97aUjuCSZrGSmDxNqtytIi0k8utUenAwTZN4V5mXXYGsVUI9zeBqy+jBOSQ==}
  '@standard-schema/spec@1.1.0':
    resolution: {integrity: sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==}
@@ -2830,8 +2836,8 @@ packages:
  dom-accessibility-api@0.6.3:
    resolution: {integrity: sha512-7ZgogeTnjuHbo+ct10G9Ffp0mif17idi0IyWNVA/wcwcm7NPOD/WEHVP3n7n3MhXqxoIYm8d6MuZohYWIZ4T3w==}
-  drizzle-kit@0.30.4:
+  drizzle-kit@0.30.6:
-    resolution: {integrity: sha512-B2oJN5UkvwwNHscPWXDG5KqAixu7AUzZ3qbe++KU9SsQ+cZWR4DXEPYcvWplyFAno0dhRJECNEhNxiDmFaPGyQ==}
+    resolution: {integrity: sha512-U4wWit0fyZuGuP7iNmRleQyK2V8wCuv57vf5l3MnG4z4fzNTjY/U13M8owyQ5RavqvqxBifWORaR3wIUzlN64g==}
    hasBin: true
  drizzle-orm@0.38.4:
@@ -2955,6 +2961,10 @@ packages:
    resolution: {integrity: sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==}
    engines: {node: '>=0.12'}
  env-paths@3.0.0:
    resolution: {integrity: sha512-dtJUTepzMW3Lm/NPxRf3wP4642UWhjL2sQxc+ym2YMj1m/H2zDNQOlezafzkHwn6sMstjHTwG6iQQsctDW/b1A==}
    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
  es-abstract@1.24.1:
    resolution: {integrity: sha512-zHXBLhP+QehSSbsS9Pt23Gg964240DPd6QCf8WpkqEXxQ7fhdZzYsocOr5u7apWonsS5EjZDmTF+/slGMyasvw==}
    engines: {node: '>= 0.4'}
@@ -3089,6 +3099,9 @@ packages:
  fast-levenshtein@2.0.6:
    resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
  fast-sha256@1.3.0:
    resolution: {integrity: sha512-n11RGP/lrWEFI/bWdygLxhI+pVeo1ZYIVwvvPkW7azl/rOy+F3HYRZ2K5zeE9mmkhQppyv9sQFx0JM9UabnpPQ==}
  fast-uri@3.1.0:
    resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==}
@@ -3158,6 +3171,11 @@ packages:
  functions-have-names@1.2.3:
    resolution: {integrity: sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==}
  gel@2.2.0:
    resolution: {integrity: sha512-q0ma7z2swmoamHQusey8ayo8+ilVdzDt4WTxSPzq/yRqvucWRfymRVMvNgmSC0XK7eNjjEZEcplxpgaNojKdmQ==}
    engines: {node: '>= 18.0.0'}
    hasBin: true
  generator-function@2.0.1:
    resolution: {integrity: sha512-SFdFmIJi+ybC0vjlHN0ZGVGHc3lgE0DxPAT0djjVg+kjOnSqclqmj0KQ7ykTOLP6YxoqOvuAODGdcHJn+43q3g==}
    engines: {node: '>= 0.4'}
@@ -3425,6 +3443,10 @@ packages:
  isexe@2.0.0:
    resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
  isexe@3.1.5:
    resolution: {integrity: sha512-6B3tLtFqtQS4ekarvLVMZ+X+VlvQekbe4taUkf/rhVO3d/h0M2rfARm/pXLcPEsjjMsFgrFgSrhQIxcSVrBz8w==}
    engines: {node: '>=18'}
  istanbul-lib-coverage@3.2.2:
    resolution: {integrity: sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==}
    engines: {node: '>=8'}
@@ -3606,9 +3628,6 @@ packages:
  lodash.debounce@4.0.8:
    resolution: {integrity: sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==}
  lodash.isplainobject@4.0.6:
    resolution: {integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==}
  lodash.merge@4.6.2:
    resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
@@ -3841,10 +3860,6 @@ packages:
    resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
    engines: {node: '>=6'}
  qs@6.15.1:
    resolution: {integrity: sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==}
    engines: {node: '>=0.6'}
  randombytes@2.1.0:
    resolution: {integrity: sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==}
@@ -4040,6 +4055,10 @@ packages:
    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
    engines: {node: '>=8'}
  shell-quote@1.8.3:
    resolution: {integrity: sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==}
    engines: {node: '>= 0.4'}
  side-channel-list@1.0.0:
    resolution: {integrity: sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==}
    engines: {node: '>= 0.4'}
@@ -4090,6 +4109,9 @@ packages:
  stackback@0.0.2:
    resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==}
  standardwebhooks@1.0.0:
    resolution: {integrity: sha512-BbHGOQK9olHPMvQNHWul6MYlrRTAOKn03rOe4A8O3CLWhNf4YHBqq2HJKKC+sfqpxiBY52pNeesD6jIiLDz8jg==}
  std-env@3.10.0:
    resolution: {integrity: sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==}
@@ -4178,9 +4200,13 @@ packages:
    resolution: {integrity: sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==}
    engines: {node: '>=6'}
-  telnyx@1.27.0:
+  telnyx@6.41.0:
-    resolution: {integrity: sha512-cVbP3jEW4TbmNL5U0UbZc3OkLg+6dHRnMYByYfJnrGw5ZRn0XKb17Hx3fLMWmGgRFow7eqVP4hlCogbIB6T3+w==}
+    resolution: {integrity: sha512-93eKksI6HnLYp8e4DGlpC3SkBAfagblE+uug0FNDLT/+mix3PP0RveoQ/YZeRdxDhjMcoXVgeusJsgFP6PvUdw==}
-    engines: {node: ^6 || >=8}
+    peerDependencies:
      ws: ^8.18.0
    peerDependenciesMeta:
      ws:
        optional: true
  temp-dir@2.0.0:
    resolution: {integrity: sha512-aoBAniQmmwtcKp/7BzsH8Cxzv8OL736p7v1ihGb5e9DJ9kTwGWHrQrVB5+lfVDzfGrdRzXch+ig7LHaY1JTOrg==}
@@ -4256,9 +4282,6 @@ packages:
    engines: {node: '>=18.0.0'}
    hasBin: true
  tweetnacl@1.0.3:
    resolution: {integrity: sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==}
  type-check@0.4.0:
    resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==}
    engines: {node: '>= 0.8.0'}
@@ -4348,10 +4371,6 @@ packages:
    resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==}
    hasBin: true
  uuid@9.0.1:
    resolution: {integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==}
    hasBin: true
  victory-vendor@37.3.6:
    resolution: {integrity: sha512-SbPDPdDBYp+5MJHhBCAyI7wKM3d5ivekigc2Dk2s7pgbZ9wIgIBYGVw4zGHBml/qTFbexrofXW6Gu4noGxrOwQ==}
@@ -4488,6 +4507,11 @@ packages:
    engines: {node: '>= 8'}
    hasBin: true
  which@4.0.0:
    resolution: {integrity: sha512-GlaYyEb07DPxYCKhKzplCWBJtvxZcZMrL+4UkrTSJHHPyZU4mYYTv3qaOe77H7EODLSSopAUFAc6W8U4yqvscg==}
    engines: {node: ^16.13.0 || >=18.0.0}
    hasBin: true
  why-is-node-running@2.3.0:
    resolution: {integrity: sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==}
    engines: {node: '>=8'}
@@ -6219,6 +6243,8 @@ snapshots:
  '@opentelemetry/semantic-conventions@1.40.0': {}
  '@petamoriken/float16@3.9.3': {}
  '@pkgjs/parseargs@0.11.0':
    optional: true
@@ -6704,6 +6730,8 @@ snapshots:
    dependencies:
      tslib: 2.8.1
  '@stablelib/base64@1.0.1': {}
  '@standard-schema/spec@1.1.0': {}
  '@standard-schema/utils@0.3.0': {}
@@ -7414,12 +7442,13 @@ snapshots:
  dom-accessibility-api@0.6.3: {}
-  drizzle-kit@0.30.4:
+  drizzle-kit@0.30.6:
    dependencies:
      '@drizzle-team/brocli': 0.10.2
      '@esbuild-kit/esm-loader': 2.6.5
      esbuild: 0.19.12
      esbuild-register: 3.6.0(esbuild@0.19.12)
      gel: 2.2.0
    transitivePeerDependencies:
      - supports-color
@@ -7456,6 +7485,8 @@ snapshots:
  entities@6.0.1: {}
  env-paths@3.0.0: {}
  es-abstract@1.24.1:
    dependencies:
      array-buffer-byte-length: 1.0.2
@@ -7746,6 +7777,8 @@ snapshots:
  fast-levenshtein@2.0.6: {}
  fast-sha256@1.3.0: {}
  fast-uri@3.1.0: {}
  fast-xml-builder@1.1.4:
@@ -7817,6 +7850,17 @@ snapshots:
  functions-have-names@1.2.3: {}
  gel@2.2.0:
    dependencies:
      '@petamoriken/float16': 3.9.3
      debug: 4.4.3
      env-paths: 3.0.0
      semver: 7.7.4
      shell-quote: 1.8.3
      which: 4.0.0
    transitivePeerDependencies:
      - supports-color
  generator-function@2.0.1: {}
  gensync@1.0.0-beta.2: {}
@@ -8081,6 +8125,8 @@ snapshots:
  isexe@2.0.0: {}
  isexe@3.1.5: {}
  istanbul-lib-coverage@3.2.2: {}
  istanbul-lib-report@3.0.1:
@@ -8249,8 +8295,6 @@ snapshots:
  lodash.debounce@4.0.8: {}
  lodash.isplainobject@4.0.6: {}
  lodash.merge@4.6.2: {}
  lodash.sortby@4.7.0: {}
@@ -8449,10 +8493,6 @@ snapshots:
  punycode@2.3.1: {}
  qs@6.15.1:
    dependencies:
      side-channel: 1.1.0
  randombytes@2.1.0:
    dependencies:
      safe-buffer: 5.2.1
@@ -8687,6 +8727,8 @@ snapshots:
  shebang-regex@3.0.0: {}
  shell-quote@1.8.3: {}
  side-channel-list@1.0.0:
    dependencies:
      es-errors: 1.3.0
@@ -8738,6 +8780,11 @@ snapshots:
  stackback@0.0.2: {}
  standardwebhooks@1.0.0:
    dependencies:
      '@stablelib/base64': 1.0.1
      fast-sha256: 1.3.0
  std-env@3.10.0: {}
  stop-iteration-iterator@1.1.0:
@@ -8840,13 +8887,11 @@ snapshots:
  tapable@2.3.0: {}
-  telnyx@1.27.0:
+  telnyx@6.41.0(ws@8.19.0):
    dependencies:
-      lodash.isplainobject: 4.0.6
+      standardwebhooks: 1.0.0
-      qs: 6.15.1
+    optionalDependencies:
-      safe-buffer: 5.2.1
+      ws: 8.19.0
      tweetnacl: 1.0.3
      uuid: 9.0.1
  temp-dir@2.0.0: {}
@@ -8918,8 +8963,6 @@ snapshots:
    optionalDependencies:
      fsevents: 2.3.3
  tweetnacl@1.0.3: {}
  type-check@0.4.0:
    dependencies:
      prelude-ls: 1.2.1
@@ -9016,8 +9059,6 @@ snapshots:
  uuid@8.3.2: {}
  uuid@9.0.1: {}
  victory-vendor@37.3.6:
    dependencies:
      '@types/d3-array': 3.2.2
@@ -9195,6 +9236,10 @@ snapshots:
    dependencies:
      isexe: 2.0.0
  which@4.0.0:
    dependencies:
      isexe: 3.1.5
  why-is-node-running@2.3.0:
    dependencies:
      siginfo: 2.0.0
Author	SHA1	Message	Date
Paperclip	2db922bb14	fix(GRO-607): Remove unused attachPaymentMethod import from portal Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:17:28 +00:00
Paperclip	5aec436fb7	fix(GRO-607): Stripe Elements payment UI - lint/type fixes - Remove unused Stripe type import - Remove unused setPackages setter - Fix confirmPayment return_url requirement - Fix Stripe import in BillingPayments Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:17:15 +00:00
Paperclip	0aabb866c2	GRO-607: Add /portal/config endpoint + rename date field - Add GET /portal/config returning stripePublishableKey from env - Rename createdAt→date in invoice response to match BillingPayments interface Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:11:59 +00:00
Paperclip	37fc33877c	GRO-607: Replace mock payment flow with real Stripe Elements - Install @stripe/stripe-js and @stripe/react-stripe-js - Replace BillingPayments mock delay with real Stripe Elements: - Fetch publishableKey from GET /api/portal/config - Lazy load Stripe via loadStripe() - Wrap payment modal in <Elements> with PaymentElement - Use stripe.confirmPayment() with clientSecret from pay/pay-multiple endpoints - Support multi-invoice selection and single invoice payment - Add "Save card for future payments" checkbox (setup_future_usage) - Add payment method management: list saved cards, delete via DELETE endpoint - Proper error handling for payment failures - Autopay toggle (UI-only, Phase 2 backend pending) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:11:59 +00:00
Paperclip	00619a07e0	GRO-606: Add payment API endpoints (pay invoice, payment methods, refunds) Portal routes (client-facing): - POST /api/portal/invoices/:id/pay - create PaymentIntent for single invoice - POST /api/portal/invoices/pay-multiple - create PaymentIntent for multiple invoices - GET /api/portal/payment-methods - list saved payment methods - POST /api/portal/payment-methods - create SetupIntent for saving new card - DELETE /api/portal/payment-methods/:id - detach payment method - GET /api/portal/config - return Stripe publishable key Admin routes: - POST /api/invoices/:id/refund - manager-only refund endpoint Validation: - Cannot pay draft, void, or already-paid invoices - Multi-invoice: all must belong to same client and be pending - Refund requires invoice to be paid with stripePaymentIntentId Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:11:59 +00:00
Paperclip	d76e055962	GRO-605: Stripe SDK integration + payment service - Add stripe dependency to @groombook/api - Implement payment.ts service with: - getOrCreateStripeCustomer: look up or create Stripe customer - createPaymentIntent: create payment intent for invoice(s) - processRefund: full or partial refund - listPaymentMethods: list saved cards - attachPaymentMethod / detachPaymentMethod: manage saved cards - Lazy Stripe client initialization; graceful null return when keys not set Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:11:59 +00:00
Paperclip	c1e8d9830d	GRO-600: Extend reminder scheduler to send SMS alongside email - Import smsSend from ./sms.js - Add TCPA opt-out constant - Check email+SMS logs separately to allow independent sends - Add smsOptIn and phoneE164 to client query - Conditionally send SMS for opted-in clients with valid E.164 phone - SMS message: pet name, service, groomer, confirm/cancel links, TCPA text - SMS failures logged but don't block email delivery - Feature flag: only attempts SMS when SMS service is initialized - Idempotency: per-channel reminder log prevents duplicate sends Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:11:59 +00:00
Paperclip	dd0a57dcf9	feat(gro-194): SMS provider service with Telnyx SDK integration - Added telnyx npm package - Created sms.ts with SmsProvider interface - Implemented TelnyxProvider with sendSms() and validateWebhookSignature() - Added createSmsProvider() factory function - Added smsSend() convenience function that skips when SMS_ENABLED=false - Provider abstraction allows future Twilio or other providers - E.164 phone validation on send - Webhook signature verification using HMAC-SHA256 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:11:59 +00:00
Paperclip	ce5a5c5a02	GRO-598/GRO-194 Phase 1.1: SMS schema - add consent fields to clients, channel to reminderLogs, E.164 phone validation Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-13 19:11:59 +00:00
Paperclip	1a0bbb5c01	GRO-607: Install Stripe frontend packages Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-12 23:53:55 +00:00
		`@@ -0,0 +1 @@`
							`ALTER TABLE "business_settings" ADD COLUMN "sms_enabled" boolean NOT NULL DEFAULT false;`