feat: Phase 1 — Database, Auth, Companies, Agents#2
Merged
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…d data Fix critical security vulnerabilities (RLS role escalation, invite token exposure, server-side token verification), improve error handling across all mutation calls, fix type safety issues, eliminate N+1 query in useAgents, standardize zod imports, and add comprehensive seed data for local development. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…DE.md Codify lessons learned from Phase 1 PR review into project guidelines to prevent recurring issues: RLS policy security rules, error handling patterns, consistent zod imports, and query optimization rules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add atomic RPC functions (update_agent_companies, create_invite) replacing non-atomic client-side delete-then-insert patterns - Move invite token generation server-side (gen_random_bytes) - Add WITH CHECK to ticket update policies preventing cross-company moves - Add email_logs table and types (was missing from schema) - Remove single-admin unique index, use advisory lock instead - Fix non-null assertions in useProfile/useCompany with explicit guards - Fix uncaught promises: SignupForm validateToken, clipboard handlers - Fix signOut error handling in AppLayout (visible error, no console.error) - Add query error rendering in CompanyDetail - Use validate_invite RPC in SignupForm (replaces dropped USING(true) policy) - Sync CLAUDE.md data model with actual table names - Add 29 unit tests: useAuth, AuthProvider, ProtectedRoute, RoleGuard, useAgentCompanies, useCreateInvite, useCompanies - Add e2e tests: auth flows, navigation, form validation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add testing patterns: .test.tsx for JSX, supabase mocking, test-utils - Add RLS rules: server-side tokens, SECURITY DEFINER RPCs, advisory locks - Add error handling: clipboard catch, null guards in queryFn, no console.error - Fix stale references to user_roles → profiles in Supabase Guidelines - Update memory files with architecture patterns and review learnings Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Suppress react-refresh/only-export-components for shadcn ui files and AuthProvider hook co-export - Replace useEffect setState with onOpenChange callback in AssignCompaniesDialog - Guard duplicate validation in SignupForm with useRef - Fix constant binary expression in utils test Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Runs lint, typecheck+build, and unit tests in parallel on every PR targeting main and on pushes to main. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add migration 00006: DEFAULT for p_company_ids so PostgREST can resolve the function when the parameter is omitted - Omit p_company_ids from RPC call when companyIds is empty - Add unit test for empty companyIds case - Add E2E Tests job to CI workflow Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Move auth.users inserts to migration 00007 (which can drop/recreate the trigger since postgres owns handle_new_user) - Seed.sql now only handles public schema tables - Profiles are inserted by seed.sql with correct roles Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pgcrypto lives in the extensions schema on Supabase, but create_invite() had search_path = public. Add extensions to the search_path so gen_random_bytes() resolves correctly. Also fix 4 failing e2e tests (CardTitle renders a div, not a heading) and add invite-agent e2e tests covering the full invite flow. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use 4 workers instead of 1 in CI, and serve the production build via `vite preview` instead of the dev server for faster test execution. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Without Supabase running, all e2e tests timeout waiting for UI elements that never render. Uses supabase/setup-cli with minimal services to keep startup fast. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase 1 implementation (Tasks 1-10 of 15):
Database (Supabase)
Authentication
Companies (admin only)
Agents (admin only)
Remaining (Tasks 11-15, next PR)
Test plan
npm run buildsucceedsnpm test— unit tests passnpx supabase start && npx supabase db reset— migrations apply cleanly🤖 Generated with Claude Code