Commit Graph

8 Commits

Author SHA1 Message Date
null b4634a8080 feat(logging): redacted, level-gated logger; migrate all server console.* (Pillar D)
utils/logger.cts — console-compatible log.{debug,info,warn,error} with:
- level gating (LOG_LEVEL; debug in dev / info in prod), and
- REDACTION of secrets/PII (sensitive keys + bearer/JWT) so tokens,
  passwords, and encrypted values never reach the logs (financial app).
Backend is abstracted (console now, swappable to pino later).

Swept all 317 server-runtime console.* across 35 files → log.* + inserted
the import at correct scope. tests/logger.test.js pins the redaction
contract (4 tests). CODE_STANDARDS updated; raw console.* is now banned in
server code.

Verified: check:server + typecheck:server + lint clean; 240/240 server
tests; client 50/50; build; e2e probe 17/17; boot smoke logs flow through
the logger and graceful shutdown intact.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-06 16:05:18 -05:00
null f587d09d4a style: apply Prettier across client + server (no behavior change)
One-time repo-wide `prettier --write` (isolated commit so future diffs
stay reviewable). Mechanical formatting only.

Verified unchanged: typecheck + typecheck:server + check:server clean;
server tests 232/232; client tests 50/50; Vite build succeeds.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-06 14:23:53 -05:00
null abb9f7d443 fix(migration): repair server.js/.cts launch + require refs missed in the JS→TS migration
Full-deployment QA against a copy of the real DB surfaced launch/require
references the server .cts migration didn't update. All are non-source
tooling/edge paths, which is why typecheck/check/tests stayed green:

- e2e/setup/prepare-db.js: require('../../db/database') and
  require('../../scripts/seedDemoData') → .cts. This broke `npm run
  test:e2e*` entirely (harness couldn't load). [material]
- playwright.config.js + scripts/prod-smoke.sh: webServer/boot command
  `node server.js` → `node server.cts`. Also blocked the e2e + prod-smoke
  suites. [material]
- setup/firstRun.js → .cts, require('../services/auditService') → .cts,
  and server.cts call site → require('./setup/firstRun.cts'). Latent:
  server.cts only reaches firstRun when userCount===0, but database.cts
  auto-seeds a default admin during getDb() first, so the path isn't hit
  in normal boot — fixed defensively so it can't crash if ever reached.
- .env.example: doc reference `node server.js` → server.cts.

Verified: typecheck:server + check:server clean; server test suite
226/226; e2e probe 17/17 (was 0 — suite couldn't boot before); the
production Docker image builds and boots on a copy of the real
production DB (44 bills, 1159 payments) with /api/health 200 and all 64
page endpoints returning 2xx.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-06 12:05:40 -05:00
null eb86da1e69 v0.22.3: fix ENV-seeded users skip first-login flow, add audit logging
- setup/firstRun.js: reset first_login=0, must_change_password=0 on update
- server.js: reset flags for existing regular users + add logAudit
- db/database.js: fix must_change_password=0 in init code (was 1)
- Add logAudit calls for seed.flag_reset events
- database.js uses console.log for init-time resets (avoids circular dep)
- Hudson audit: 6/6 PASS after audit logging fix
2026-05-10 04:24:51 -05:00
null cf2ed37c1e feat: add INIT_REGULAR_USER env var, move bill_history_ranges to v0.42 migration
- Add INIT_REGULAR_USER/INIT_REGULAR_PASS for non-admin test user creation
- Regular user created at startup with role='user', not admin
- Move bill_history_ranges from inline to versioned migration v0.42
- Clean up FUTURE.md: remove completed items, add skip-first-login item
2026-05-09 16:38:28 -05:00
kaspa 4d1709aea3 push 2026-05-09 13:03:36 -05:00
_null 3228332e8c push 2026-05-04 23:34:24 -05:00
_null b9d1366d46 initial commit 2026-05-03 19:51:57 -05:00