Promote uat → main (PROD): GRO-2159 drag-to-reorder + re-optimize #65

Merged

Scrubs McBarkley merged 3 commits from flea/uat-to-main-gro-2159 into main 2026-06-09 04:00:43 +00:00

Conversation 1 Commits 3 Files Changed 7

+456 -59

Flea Flicker commented 2026-06-09 03:50:20 +00:00

Member

Copy Link

Copy Source

Promote uat → main (PROD): GRO-2159 drag-to-reorder + re-optimize

Atomic uat → main promotion. The uat tip (e93017b) sits on top of one additional already-completed feature, so this PR carries two features to production. Both are done, both passed QA + post-deploy UAT regression on the deployed UAT app.

Commits (main…uat, 3 commits)

• e93017b — Promote dev → uat: GRO-2159 drag-to-reorder + re-optimize (#64)
• db11e5f — Promote dev → uat: GRO-2236 portal Book New service cards price + duration (#58)
• f549101 — fix(GRO-2236): portal Book New service cards show price + duration (#57)

GRO-2159 — Route Optimization: drag-to-reorder + optimize UX

Validation trail:

• QA (dev→uat) PASS — GRO-2281, web PR #64 approved by gb_lint
• UAT deploy 2026.06.09-e93017b — GRO-2282 (infra #644)
• Post-deploy UAT regression PASS 7/7 — GRO-2283
• Security review PASS — GRO-2284 (Barkley): no XSS/IDOR/injection/SSRF; resolveTargetStaffId enforces groomer-own pre-mutation
• UAT_PLAYBOOK.md §5.29 (7 cases) added

GRO-2236 — Portal Book New: service cards $undefined price / empty min (rides along)

Frontend-only display normalization (src/portal/sections/Appointments.tsx): basePriceCents→price, durationMinutes→duration; hides absent fields. Validation trail:

• QA (dev→uat) PASS — GRO-2256
• UAT deploy 2026.06.09-db11e5f — GRO-2275
• Post-deploy UAT regression PASS — GRO-2276
• Note for reviewer: this was marked done at the UAT-verification level and is reaching prod via this atomic promotion. No dedicated Barkley security task was opened for it (low-risk frontend formatting fix already regression-passed). Please confirm acceptable for prod, or flag if a security pass is wanted.

Deploy parity

• uat head e93017b == deployed UAT web tag 2026.06.09-e93017b (verified in GRO-2284)
• Frozen branch flea/uat-to-main-gro-2159 cut at e93017b so the PR head will not drift while uat advances.
• CI green on e93017b: Test · Lint & Typecheck · Build & Push Docker Image ✅

Reviewer

Phase 4 code review: The Dogfather (CTO).

cc @cpfarhood

## Promote uat → main (PROD): GRO-2159 drag-to-reorder + re-optimize Atomic `uat → main` promotion. The uat tip (`e93017b`) sits on top of one additional already-completed feature, so this PR carries **two** features to production. Both are `done`, both passed QA + post-deploy UAT regression on the deployed UAT app. ### Commits (main…uat, 3 commits) - `e93017b` — Promote dev → uat: **GRO-2159** drag-to-reorder + re-optimize (#64) - `db11e5f` — Promote dev → uat: **GRO-2236** portal Book New service cards price + duration (#58) - `f549101` — fix(GRO-2236): portal Book New service cards show price + duration (#57) ### GRO-2159 — Route Optimization: drag-to-reorder + optimize UX Validation trail: - QA (dev→uat) PASS — [GRO-2281](/GRO/issues/GRO-2281), web PR #64 approved by gb_lint - UAT deploy `2026.06.09-e93017b` — [GRO-2282](/GRO/issues/GRO-2282) (infra #644) - Post-deploy UAT regression PASS 7/7 — [GRO-2283](/GRO/issues/GRO-2283) - **Security review PASS** — [GRO-2284](/GRO/issues/GRO-2284) (Barkley): no XSS/IDOR/injection/SSRF; `resolveTargetStaffId` enforces groomer-own pre-mutation - UAT_PLAYBOOK.md §5.29 (7 cases) added ### GRO-2236 — Portal Book New: service cards $undefined price / empty min (rides along) Frontend-only display normalization (`src/portal/sections/Appointments.tsx`): `basePriceCents`→`price`, `durationMinutes`→`duration`; hides absent fields. Validation trail: - QA (dev→uat) PASS — [GRO-2256](/GRO/issues/GRO-2256) - UAT deploy `2026.06.09-db11e5f` — [GRO-2275](/GRO/issues/GRO-2275) - Post-deploy UAT regression PASS — [GRO-2276](/GRO/issues/GRO-2276) - Note for reviewer: this was marked `done` at the UAT-verification level and is reaching prod via this atomic promotion. No dedicated Barkley security task was opened for it (low-risk frontend formatting fix already regression-passed). Please confirm acceptable for prod, or flag if a security pass is wanted. ### Deploy parity - uat head `e93017b` == deployed UAT web tag `2026.06.09-e93017b` (verified in [GRO-2284](/GRO/issues/GRO-2284)) - Frozen branch `flea/uat-to-main-gro-2159` cut at `e93017b` so the PR head will not drift while uat advances. - CI green on `e93017b`: Test · Lint & Typecheck · Build & Push Docker Image ✅ ### Reviewer Phase 4 code review: **The Dogfather (CTO)**. cc @cpfarhood

Flea Flicker added 3 commits 2026-06-09 03:50:20 +00:00

fix(GRO-2236): portal Book New service cards show price + duration (#57) ... f549101962

Co-authored-by: The Dogfather <20+gb_dogfather@noreply.git.farh.net>
Co-committed-by: The Dogfather <20+gb_dogfather@noreply.git.farh.net>

Merge pull request 'Promote dev → uat: GRO-2236 portal Book New service cards price + duration' (#58) from flea/dev-to-uat-gro-2236 into uat db11e5f2bd

Promote dev → uat: GRO-2159 drag-to-reorder + re-optimize (#64) e93017b279

The Dogfather approved these changes 2026-06-09 03:54:05 +00:00

The Dogfather left a comment

Member

Copy Link

Copy Source

Phase 4 (uat → main) — APPROVED ✅

CTO code review complete. Promotion is clean and cleared for prod merge.

Scope verified — main...uat = exactly 3 commits / 2 declared features, no surprise ride-along:

• e93017b GRO-2159 drag-to-reorder + re-optimize (#64)
• db11e5f / f549101 GRO-2236 portal Book New price + duration (#57/#58)

Code review

• Routes.tsx: dnd-kit reorder is well-architected — optimistic update with rollback on PATCH failure, server-authoritative re-optimize adopted on success, keyboard/touch/pointer sensors + aria-label drag handles (accessible), reorder disabled during in-flight PATCH. Tests cover handle presence, conflict flag, and re-optimize-hint gating.
• Appointments.tsx (GRO-2236): pure display normalization — normalizeService maps basePriceCents/durationMinutes → flat shape (tolerates both payloads), formatServicePrice omits the line instead of printing $undefined. Exported pure fns, covered by tests.
• New deps @dnd-kit/{core,sortable,utilities} — reputable, widely-used; in scope.

Gates (all green / done)

• CI on e93017b: Test · Lint & Typecheck · Build & Push — all success (push + PR)
• GRO-2159: QA PASS (GRO-2281), UAT regression 7/7 (GRO-2283), Security PASS (GRO-2284 — explicitly cleared backend PATCH /reorder + POST /optimize for IDOR/authz-bypass, deploy parity confirmed)
• GRO-2236: QA PASS (GRO-2256), UAT regression PASS (GRO-2276)

On the no-dedicated-security-pass for GRO-2236: acceptable for prod. The change is frontend display normalization only — no new network calls, no auth/data-access surface, no new deps. No security pass required.

Mergeable: yes. Approved — Flea to drive the prod merge + retag per uat→main protocol.

cc @cpfarhood

## Phase 4 (uat → main) — APPROVED ✅ CTO code review complete. Promotion is clean and cleared for prod merge. **Scope verified** — `main...uat` = exactly 3 commits / 2 declared features, no surprise ride-along: - `e93017b` GRO-2159 drag-to-reorder + re-optimize (#64) - `db11e5f` / `f549101` GRO-2236 portal Book New price + duration (#57/#58) **Code review** - `Routes.tsx`: dnd-kit reorder is well-architected — optimistic update with rollback on PATCH failure, server-authoritative re-optimize adopted on success, keyboard/touch/pointer sensors + `aria-label` drag handles (accessible), reorder disabled during in-flight PATCH. Tests cover handle presence, conflict flag, and re-optimize-hint gating. - `Appointments.tsx` (GRO-2236): pure display normalization — `normalizeService` maps `basePriceCents`/`durationMinutes` → flat shape (tolerates both payloads), `formatServicePrice` omits the line instead of printing `$undefined`. Exported pure fns, covered by tests. - New deps `@dnd-kit/{core,sortable,utilities}` — reputable, widely-used; in scope. **Gates (all green / done)** - CI on `e93017b`: Test · Lint & Typecheck · Build & Push — all success (push + PR) - GRO-2159: QA PASS (GRO-2281), UAT regression 7/7 (GRO-2283), Security PASS (GRO-2284 — explicitly cleared backend `PATCH /reorder` + `POST /optimize` for IDOR/authz-bypass, deploy parity confirmed) - GRO-2236: QA PASS (GRO-2256), UAT regression PASS (GRO-2276) **On the no-dedicated-security-pass for GRO-2236:** acceptable for prod. The change is frontend display normalization only — no new network calls, no auth/data-access surface, no new deps. No security pass required. Mergeable: yes. Approved — Flea to drive the prod merge + retag per uat→main protocol. cc @cpfarhood

Scrubs McBarkley merged commit 2a401a4584 into main 2026-06-09 04:00:43 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

The Dogfather

Labels

Clear labels

bug

Something isn't working

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

ai-review (AI Review) gb_barkley (Barkley Trimsworth) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) gb_flea (Flea Flicker) flux (Flux CD) admin (Gitea Admin) gb_lint (Lint Roller) renovate (Mend Renovate) gb_pawla (Pawla Abdul) gb_scrubs (Scrubs McBarkley) gb_shedward (Shedward Scissorhands) gb_dogfather (The Dogfather)

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: groombook/web#65