feat-001: Account Registration and Authentication#6
Closed
leecampbell-codeagent wants to merge 6 commits into
Closed
feat-001: Account Registration and Authentication#6leecampbell-codeagent wants to merge 6 commits into
leecampbell-codeagent wants to merge 6 commits into
Conversation
…t-001) - Add users table migration with clerk_user_id TEXT, roles[], notification_prefs JSONB - Implement User entity with private constructor, create()/reconstitute() pattern - Add AccountAppService, REST API, and React frontend with full design system - 248 tests passing (76 backend + 172 frontend), builds succeed Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…at-001) - HIGH-001: Replace Zod schema internals in 400 responses with sanitised issue list (path + message only, no format() internals) - HIGH-002: Error handler returns static generic message instead of err.message; domain error classes use static strings without user data - HIGH-003: Remove onboardingCompleted/onboardingStep from PATCH /me/profile schema — onboarding state is server-controlled only Also commit exploratory and security review reports. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Resolves regression introduced by HIGH-003 security fix. The profile PATCH endpoint no longer accepts onboardingCompleted/onboardingStep from clients, but the onboarding page needed a way to complete the flow. Solution: dedicated server-controlled endpoint that only sets onboardingCompleted=true and onboardingStep='complete' — clients cannot set arbitrary values. - Add completeOnboarding() to UserRepository port, pg adapter, and in-memory adapter - Add completeOnboarding() to AccountAppService with audit logging - Add POST /api/v1/me/onboarding/complete route (auth required) - Frontend: call completeOnboarding() instead of profile PATCH for onboarding completion and skip flows - Add 8 new tests (4 unit + 4 integration) — 256 total now passing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Exploratory: PASS — 256/256 tests, all ACs verified - Security: 0 critical/high findings, 3 medium, 5 low - Audit: PASS — hex architecture, parameterised SQL, no enums, all checks - CI/CD: PASS — pipeline can support this feature Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Mark feat-001 as SHIPPED in backlog - Add G-016: hooks with -r flag scan everything when no files passed - Add G-017: ======= pattern needs ^ anchor to avoid false positives Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
leecampbell-codeagent
force-pushed
the
ralph/feat-001-account-auth
branch
from
ecdf8d9 to
de8824b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
userstable owns app data viaclerk_user_id TEXT UNIQUE)POST /me/onboarding/complete)Screenshots
Screenshots: app stack requires Clerk credentials and Docker to run — see Manual Task #1 and #2 in
.claude/manual-tasks.md. All 256 tests pass as proxy verification.Quality Gate
npm audit— 0 critical/high)Reports
.claude/reports/feat-001-exploratory.md.claude/reports/feat-001-security.md.claude/reports/feat-001-audit.md.claude/reports/feat-001-cicd.md.claude/reports/feat-001-merge.mdManual Tasks Required
docker-compose up db migrateFull instructions in
.claude/manual-tasks.md.