Merge pull request 'v1.2.0' (#10 ) from dev into main

Reviewed-on: #10
Merge pull request 'chore: bump version to 1.2.0' (#9 ) from chore/bump-v1.2.0 into dev
2026-03-28 13:24:34 -04:00 · 2026-03-28 13:22:15 -04:00 · 2026-03-28 13:21:18 -04:00 · 2026-03-28 13:19:23 -04:00 · 2026-03-28 13:18:47 -04:00 · 2026-03-28 13:16:33 -04:00
12 changed files with 332 additions and 95 deletions
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -1,84 +0,0 @@
-name: Build
-
-on:
-  push:
-    branches: [main]
-    tags:
-      - 'v*'
-
-env:
-  IMAGE: ${{ vars.REGISTRY_HOST }}/${{ gitea.repository_owner }}/catalyst
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Setup Node
-        uses: actions/setup-node@v4
-        with:
-          node-version: 'lts/*'
-          cache: npm
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run tests
-        run: npm test
-
-  build:
-    runs-on: ubuntu-latest
-    needs: test
-    if: startsWith(gitea.ref, 'refs/tags/v')
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Docker metadata
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.IMAGE }}
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=sha,prefix=,format=short
-            type=raw,value=latest,enable={{is_default_branch}}
-
-      - name: Log in to Gitea registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ vars.REGISTRY_HOST }}
-          username: ${{ gitea.actor }}
-          password: ${{ secrets.TOKEN }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-
-  release:
-    runs-on: ubuntu-latest
-    needs: build
-    if: startsWith(gitea.ref, 'refs/tags/v')
-
-    steps:
-      - name: Create release
-        run: |
-          curl -sf -X POST \
-            -H "Authorization: token ${{ secrets.TOKEN }}" \
-            -H "Content-Type: application/json" \
-            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases" \
-            -d "{
-              \"tag_name\": \"${{ gitea.ref_name }}\",
-              \"name\": \"Catalyst ${{ gitea.ref_name }}\",
-              \"body\": \"### Image\n\n\`${{ env.IMAGE }}:${{ gitea.ref_name }}\`\",
-              \"draft\": false,
-              \"prerelease\": false
-            }"
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,53 @@
+name: CI
+
+on:
+  push:
+    branches: [dev, main]
+  pull_request:
+    branches: [dev, main]
+
+env:
+  IMAGE: ${{ vars.REGISTRY_HOST }}/${{ gitea.repository_owner }}/catalyst
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+
+      - run: npm ci
+
+      - run: npm test
+
+  build-dev:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.REGISTRY_HOST }}
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.TOKEN }}
+
+      - name: Compute short SHA
+        run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITEA_ENV
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          build-args: BUILD_VERSION=dev-${{ env.SHORT_SHA }}
+          tags: |
+            ${{ env.IMAGE }}:dev
+            ${{ env.IMAGE }}:dev-${{ gitea.sha }}
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -0,0 +1,95 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+
+env:
+  IMAGE: ${{ vars.REGISTRY_HOST }}/${{ gitea.repository_owner }}/catalyst
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+          cache: npm
+
+      - run: npm ci
+      - run: npm test
+
+      - name: Read version
+        run: |
+          VERSION=$(node -p "require('./package.json').version")
+          echo "VERSION=${VERSION}" >> $GITEA_ENV
+
+      - name: Assert tag does not exist
+        run: |
+          if git ls-remote --tags origin "refs/tags/v${{ env.VERSION }}" | grep -q .; then
+            echo "ERROR: tag v${{ env.VERSION }} already exists — bump version in package.json before merging to main."
+            exit 1
+          fi
+
+      - name: Create and push tag
+        run: |
+          git config user.name "gitea-actions"
+          git config user.email "actions@gitea"
+          git tag "v${{ env.VERSION }}"
+          git push origin "v${{ env.VERSION }}"
+
+      - name: Generate release notes
+        run: |
+          LAST_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
+          if [ -n "$LAST_TAG" ]; then
+            NOTES=$(git log "${LAST_TAG}..HEAD" --pretty=format:"- %s" --no-merges)
+          else
+            NOTES=$(git log --pretty=format:"- %s" --no-merges)
+          fi
+          NOTES_JSON=$(printf '%s' "$NOTES" | python3 -c "import sys,json; print(json.dumps(sys.stdin.read()))")
+          echo "NOTES=${NOTES_JSON}" >> $GITEA_ENV
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE }}
+          tags: |
+            type=semver,pattern={{version}},value=v${{ env.VERSION }}
+            type=semver,pattern={{major}}.{{minor}},value=v${{ env.VERSION }}
+            type=sha,prefix=,format=short
+            type=raw,value=latest
+
+      - name: Log in to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.REGISTRY_HOST }}
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Create Gitea release
+        run: |
+          curl -sf -X POST \
+            -H "Authorization: token ${{ secrets.TOKEN }}" \
+            -H "Content-Type: application/json" \
+            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases" \
+            -d "{
+              \"tag_name\": \"v${{ env.VERSION }}\",
+              \"name\": \"Catalyst v${{ env.VERSION }}\",
+              \"body\": \"### Changes\n\n${{ env.NOTES }}\n\n### Image\n\n\`${{ env.IMAGE }}:${{ env.VERSION }}\`\",
+              \"draft\": false,
+              \"prerelease\": false
+            }"
--- a/11
+++ b/11
@@ -7,10 +7,15 @@ COPY package*.json ./
 RUN npm ci --omit=dev

 COPY . .
-RUN awk -F'"' '/"version"/{printf "const VERSION = \"%s\";\n", $4; exit}' \
-    package.json > js/version.js
+ARG BUILD_VERSION=""
+RUN if [ -n "$BUILD_VERSION" ]; then \
+      printf 'const VERSION = "%s";\n' "$BUILD_VERSION" > js/version.js; \
+    else \
+      awk -F'"' '/"version"/{printf "const VERSION = \"%s\";\n", $4; exit}' \
+          package.json > js/version.js; \
+    fi

-RUN chown -R app:app /app
+RUN mkdir -p /app/data && chown -R app:app /app
 USER app

 EXPOSE 3000
--- a/css/app.css
+++ b/css/app.css
@@ -289,6 +289,7 @@ select:focus { border-color: var(--accent); }
  border-radius: 3px;
  letter-spacing: 0.08em;
  text-transform: uppercase;
+  text-align: center;
 }

 .badge.deployed    { background: var(--accent2); color: var(--accent); }
--- a/js/app.js
+++ b/js/app.js
@@ -38,6 +38,9 @@ window.addEventListener('popstate', e => {

 // ── Bootstrap ─────────────────────────────────────────────────────────────────

-if (VERSION) document.getElementById('nav-version').textContent = `v${VERSION}`;
+if (VERSION) {
+  const label = /^\d/.test(VERSION) ? `v${VERSION}` : VERSION;
+  document.getElementById('nav-version').textContent = label;
+}

 handleRoute();
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "catalyst",
-  "version": "1.1.2",
+  "version": "1.2.0",
  "type": "module",
  "scripts": {
    "start": "node server/server.js",
--- a/server/db.js
+++ b/server/db.js
@@ -133,5 +133,18 @@ export function _resetForTest() {
 }

 // ── Boot ──────────────────────────────────────────────────────────────────────
+// Skipped in test environment — parallel Vitest workers would race to open
+// the same file, causing "database is locked". _resetForTest() in beforeEach
+// handles initialisation for every test worker using :memory: instead.

-init(process.env.DB_PATH ?? DEFAULT_PATH);
+if (process.env.NODE_ENV !== 'test') {
+  const DB_PATH = process.env.DB_PATH ?? DEFAULT_PATH;
+  try {
+    init(DB_PATH);
+  } catch (e) {
+    console.error('[catalyst] fatal: could not open database at', DB_PATH);
+    console.error('[catalyst] ensure the data directory exists and is writable by the server process.');
+    console.error(e);
+    process.exit(1);
+  }
+}
--- a/server/routes.js
+++ b/server/routes.js
@@ -78,7 +78,8 @@ router.post('/instances', (req, res) => {
  } catch (e) {
    if (e.message.includes('UNIQUE')) return res.status(409).json({ error: 'vmid already exists' });
    if (e.message.includes('CHECK'))  return res.status(400).json({ error: 'invalid field value' });
-    throw e;
+    console.error('POST /api/instances', e);
+    res.status(500).json({ error: 'internal server error' });
  }
 });

@@ -98,7 +99,8 @@ router.put('/instances/:vmid', (req, res) => {
  } catch (e) {
    if (e.message.includes('UNIQUE')) return res.status(409).json({ error: 'vmid already exists' });
    if (e.message.includes('CHECK'))  return res.status(400).json({ error: 'invalid field value' });
-    throw e;
+    console.error('PUT /api/instances/:vmid', e);
+    res.status(500).json({ error: 'internal server error' });
  }
 });

@@ -112,6 +114,11 @@ router.delete('/instances/:vmid', (req, res) => {
  if (instance.stack !== 'development')
    return res.status(422).json({ error: 'only development instances can be deleted' });

+  try {
    deleteInstance(vmid);
    res.status(204).end();
+  } catch (e) {
+    console.error('DELETE /api/instances/:vmid', e);
+    res.status(500).json({ error: 'internal server error' });
+  }
 });
--- a/tests/api.test.js
+++ b/tests/api.test.js
@@ -1,7 +1,8 @@
-import { describe, it, expect, beforeEach } from 'vitest'
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest'
 import request from 'supertest'
 import { app } from '../server/server.js'
 import { _resetForTest } from '../server/db.js'
+import * as dbModule from '../server/db.js'

 beforeEach(() => _resetForTest())

@@ -277,3 +278,74 @@ describe('static assets and SPA routing', () => {
    expect(res.text).toContain('<base href="/">')
  })
 })
+
+// ── Error handling — unexpected DB failures ───────────────────────────────────
+
+const dbError = () => Object.assign(
+  new Error('attempt to write a readonly database'),
+  { code: 'ERR_SQLITE_ERROR', errcode: 8 }
+)
+
+describe('error handling — unexpected DB failures', () => {
+  let consoleSpy
+
+  beforeEach(() => {
+    consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {})
+  })
+
+  afterEach(() => {
+    vi.restoreAllMocks()
+  })
+
+  it('POST returns 500 with friendly message when DB throws unexpectedly', async () => {
+    vi.spyOn(dbModule, 'createInstance').mockImplementationOnce(() => { throw dbError() })
+    const res = await request(app).post('/api/instances').send(base)
+    expect(res.status).toBe(500)
+    expect(res.body).toEqual({ error: 'internal server error' })
+  })
+
+  it('POST logs the error with route context when DB throws unexpectedly', async () => {
+    vi.spyOn(dbModule, 'createInstance').mockImplementationOnce(() => { throw dbError() })
+    await request(app).post('/api/instances').send(base)
+    expect(consoleSpy).toHaveBeenCalledWith(
+      expect.stringContaining('POST /api/instances'),
+      expect.any(Error)
+    )
+  })
+
+  it('PUT returns 500 with friendly message when DB throws unexpectedly', async () => {
+    await request(app).post('/api/instances').send(base)
+    vi.spyOn(dbModule, 'updateInstance').mockImplementationOnce(() => { throw dbError() })
+    const res = await request(app).put('/api/instances/100').send(base)
+    expect(res.status).toBe(500)
+    expect(res.body).toEqual({ error: 'internal server error' })
+  })
+
+  it('PUT logs the error with route context when DB throws unexpectedly', async () => {
+    await request(app).post('/api/instances').send(base)
+    vi.spyOn(dbModule, 'updateInstance').mockImplementationOnce(() => { throw dbError() })
+    await request(app).put('/api/instances/100').send(base)
+    expect(consoleSpy).toHaveBeenCalledWith(
+      expect.stringContaining('PUT /api/instances/:vmid'),
+      expect.any(Error)
+    )
+  })
+
+  it('DELETE returns 500 with friendly message when DB throws unexpectedly', async () => {
+    await request(app).post('/api/instances').send({ ...base, stack: 'development', state: 'testing' })
+    vi.spyOn(dbModule, 'deleteInstance').mockImplementationOnce(() => { throw dbError() })
+    const res = await request(app).delete('/api/instances/100')
+    expect(res.status).toBe(500)
+    expect(res.body).toEqual({ error: 'internal server error' })
+  })
+
+  it('DELETE logs the error with route context when DB throws unexpectedly', async () => {
+    await request(app).post('/api/instances').send({ ...base, stack: 'development', state: 'testing' })
+    vi.spyOn(dbModule, 'deleteInstance').mockImplementationOnce(() => { throw dbError() })
+    await request(app).delete('/api/instances/100')
+    expect(consoleSpy).toHaveBeenCalledWith(
+      expect.stringContaining('DELETE /api/instances/:vmid'),
+      expect.any(Error)
+    )
+  })
+})
--- a/tests/db.test.js
+++ b/tests/db.test.js
@@ -165,3 +165,23 @@ describe('deleteInstance', () => {
    expect(getInstance(2)).not.toBeNull();
  });
 });
+
+// ── Test environment boot isolation ───────────────────────────────────────────
+
+describe('test environment boot isolation', () => {
+  it('vitest runs with NODE_ENV=test', () => {
+    // Vitest sets NODE_ENV=test automatically. This is the guard condition
+    // that prevents the boot init() from opening the real database file.
+    expect(process.env.NODE_ENV).toBe('test');
+  });
+
+  it('db module loads cleanly in parallel workers without locking the real db file', () => {
+    // Regression: the module-level init(DEFAULT_PATH) used to run unconditionally,
+    // causing "database is locked" when multiple test workers imported db.js at
+    // the same time. process.exit(1) then killed the worker mid-suite.
+    // Fix: boot init is skipped when NODE_ENV=test. _resetForTest() handles setup.
+    // Reaching this line proves the module loaded without calling process.exit.
+    expect(() => _resetForTest()).not.toThrow();
+    expect(getInstances()).toEqual([]);
+  });
+});
--- a/tests/helpers.test.js
+++ b/tests/helpers.test.js
@@ -1,5 +1,7 @@
 // @vitest-environment jsdom
 import { describe, it, expect } from 'vitest'
+import { readFileSync } from 'fs'
+import { join } from 'path'

 // ── esc() ─────────────────────────────────────────────────────────────────────
 // Mirrors the implementation in ui.js exactly (DOM-based).
@@ -112,3 +114,53 @@ describe('fmtDateFull', () => {
    expect(fmtDateFull('')).toBe('—')
  })
 })
+
+// ── versionLabel() ───────────────────────────────────────────────────────────
+// Mirrors the logic in app.js — semver strings get a v prefix, dev strings don't.
+
+function versionLabel(v) {
+  return /^\d/.test(v) ? `v${v}` : v
+}
+
+describe('version label formatting', () => {
+  it('prepends v for semver strings', () => {
+    expect(versionLabel('1.1.2')).toBe('v1.1.2')
+    expect(versionLabel('2.0.0')).toBe('v2.0.0')
+  })
+
+  it('does not prepend v for dev build strings', () => {
+    expect(versionLabel('dev-abc1234')).toBe('dev-abc1234')
+  })
+})
+
+// ── CSS regressions ───────────────────────────────────────────────────────────
+
+const css = readFileSync(join(__dirname, '../css/app.css'), 'utf8')
+
+describe('CSS regressions', () => {
+  it('.badge has text-align: center so state labels are not left-skewed on cards', () => {
+    // Regression: badges rendered left-aligned inside the card's flex-end column.
+    // Without text-align: center, short labels (e.g. "deployed") appear
+    // left-justified inside their pill rather than centred.
+    expect(css).toMatch(/\.badge\s*\{[^}]*text-align\s*:\s*center/s)
+  })
+})
+
+// ── CI workflow regressions ───────────────────────────────────────────────────
+
+const ciYml = readFileSync(join(__dirname, '../.gitea/workflows/ci.yml'), 'utf8')
+
+describe('CI workflow regressions', () => {
+  it('build-dev job passes BUILD_VERSION build arg', () => {
+    // Regression: dev image showed semver instead of dev-<sha> because
+    // BUILD_VERSION was never passed to docker build.
+    expect(ciYml).toContain('BUILD_VERSION')
+  })
+
+  it('short SHA is computed with git rev-parse, not $GITEA_SHA (which is empty)', () => {
+    // Regression: ${GITEA_SHA::7} expands to "" on Gitea runners — nav showed "dev-".
+    // git rev-parse --short HEAD works regardless of which env vars the runner sets.
+    expect(ciYml).toContain('git rev-parse --short HEAD')
+    expect(ciYml).not.toContain('GITEA_SHA')
+  })
+})
Author	SHA1	Message	Date
Josh Wright	f1e192c5d4	Merge pull request 'v1.2.0' (#10 ) from dev into main Some checks failed CI / test (push) Successful in 13s Details Release / release (push) Failing after 5m14s Details CI / build-dev (push) Has been skipped Details Reviewed-on: #10	2026-03-28 13:24:34 -04:00
Josh Wright	3037381084	Merge pull request 'chore: bump version to 1.2.0' (#9 ) from chore/bump-v1.2.0 into dev All checks were successful CI / test (push) Successful in 13s Details CI / build-dev (push) Successful in 26s Details CI / test (pull_request) Successful in 13s Details CI / build-dev (pull_request) Has been skipped Details Reviewed-on: #9	2026-03-28 13:22:15 -04:00
josh	e54c1d4848	chore: bump version to 1.2.0 All checks were successful CI / test (pull_request) Successful in 13s Details CI / build-dev (pull_request) Has been skipped Details Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 13:21:18 -04:00
Josh Wright	3ae3f98df5	Merge pull request 'fix: use git rev-parse for short SHA in build-dev' (#8 ) from fix/ci-short-sha into dev All checks were successful CI / test (push) Successful in 12s Details CI / build-dev (push) Successful in 20s Details Reviewed-on: #8	2026-03-28 13:19:23 -04:00
josh	65d6514603	fix: use git rev-parse for short SHA in build-dev All checks were successful CI / test (pull_request) Successful in 12s Details CI / build-dev (pull_request) Has been skipped Details $GITEA_SHA is unset on Gitea runners — the nav showed "dev-" with an empty SHA. git rev-parse --short HEAD works regardless of runner env vars. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 13:18:47 -04:00
Josh Wright	bc44bcbde9	Merge pull request 'fix: remove npm cache from setup-node' (#7 ) from fix/ci-remove-npm-cache into dev All checks were successful CI / test (push) Successful in 12s Details CI / build-dev (push) Successful in 13s Details Reviewed-on: #7	2026-03-28 13:16:33 -04:00
josh	cae0f2222a	fix: remove npm cache from setup-node All checks were successful CI / test (pull_request) Successful in 13s Details CI / build-dev (pull_request) Has been skipped Details The Gitea runner's cache service is unreachable, causing a ~4 minute ETIMEDOUT on every run before falling back to a cold install anyway. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 13:11:05 -04:00
Josh Wright	28833a7ec6	Merge pull request 'feat: show dev-<sha> version string in nav for dev builds' (#6 ) from feat/dev-version-string into dev All checks were successful CI / test (push) Successful in 9m33s Details CI / build-dev (push) Successful in 22s Details Reviewed-on: #6	2026-03-28 13:03:23 -04:00
josh	6ba02bf17d	feat: show dev-<sha> version string in nav for dev builds All checks were successful CI / test (pull_request) Successful in 9m31s Details CI / build-dev (pull_request) Has been skipped Details Production images continue to display the semver (v1.x.x). Dev images built by CI now receive BUILD_VERSION=dev-<7-char-sha> via a Docker ARG, and app.js skips the v prefix for non-semver strings. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 12:52:15 -04:00
Josh Wright	bfe71b2511	Merge pull request 'fix: centre badge text on instance cards' (#5 ) from fix/badge-alignment into dev All checks were successful CI / test (push) Successful in 9m32s Details CI / build-dev (push) Successful in 20s Details Reviewed-on: #5	2026-03-28 12:38:53 -04:00
josh	0f2a37cb39	fix: centre badge text on instance cards All checks were successful CI / test (pull_request) Successful in 9m31s Details CI / build-dev (pull_request) Has been skipped Details .badge lacked text-align: center. Inside the card's flex-end right column, badge text was left-justified within each pill, making state labels (deployed / testing / degraded) appear skewed to the left. TDD: CSS regression test added to tests/helpers.test.js — reads css/app.css directly and asserts the rule is present, so this cannot regress silently in future. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 12:28:44 -04:00
Josh Wright	73f4eabbc7	Merge pull request 'fix: db volume ownership and explicit error handling for write failures' (#3 ) from fix/db-permissions-and-error-handling into dev All checks were successful CI / test (push) Successful in 9m33s Details CI / build-dev (push) Successful in 21s Details Reviewed-on: #3	2026-03-28 12:10:32 -04:00
Josh Wright	515ff8ddb3	Merge branch 'dev' into fix/db-permissions-and-error-handling All checks were successful CI / test (pull_request) Successful in 9m28s Details CI / build-dev (pull_request) Has been skipped Details	2026-03-28 11:48:36 -04:00
josh	08c12c9394	fix: skip db boot init in test env to prevent parallel worker lock All checks were successful CI / test (pull_request) Successful in 9m33s Details CI / build-dev (pull_request) Has been skipped Details Vitest runs test files in parallel workers. Each worker imports server/db.js, which triggered module-level init(DEFAULT_PATH) unconditionally. Two workers racing to open the same SQLite file caused "database is locked", followed by process.exit(1) killing the worker — surfacing as: Error: process.exit unexpectedly called with "1" Fix: guard the boot init block behind NODE_ENV !== 'test'. Vitest sets NODE_ENV=test automatically. Each worker's beforeEach(() => _resetForTest()) initialises its own :memory: database, so no file coordination is needed. process.exit(1) is also guarded by the same condition — it must never fire inside a test runner process. TDD: two regression tests added to tests/db.test.js documenting the expected boot behaviour and proving the module loads cleanly in parallel. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 11:48:07 -04:00
Josh Wright	4ce7df4649	Merge pull request 'fix: skip db boot init in test env to prevent parallel worker lock' (#4 ) from fix/db-boot-test-isolation into dev Some checks failed CI / test (push) Successful in 9m29s Details CI / build-dev (push) Has been cancelled Details Reviewed-on: #4	2026-03-28 11:41:55 -04:00
josh	6c04a30c3a	fix: skip db boot init in test env to prevent parallel worker lock All checks were successful CI / test (pull_request) Successful in 9m29s Details CI / build-dev (pull_request) Has been skipped Details Vitest runs test files in parallel workers. Each worker imports server/db.js, which triggered module-level init(DEFAULT_PATH) unconditionally. Two workers racing to open the same SQLite file caused "database is locked", followed by process.exit(1) killing the worker — surfacing as: Error: process.exit unexpectedly called with "1" Fix: guard the boot init block behind NODE_ENV !== 'test'. Vitest sets NODE_ENV=test automatically. Each worker's beforeEach(() => _resetForTest()) initialises its own :memory: database, so no file coordination is needed. process.exit(1) is also guarded by the same condition — it must never fire inside a test runner process. TDD: two regression tests added to tests/db.test.js documenting the expected boot behaviour and proving the module loads cleanly in parallel. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 11:31:55 -04:00
Josh Wright	c6cd8098fd	Merge branch 'dev' into fix/db-permissions-and-error-handling Some checks failed CI / test (pull_request) Failing after 4m52s Details CI / build-dev (pull_request) Has been skipped Details	2026-03-28 11:16:31 -04:00
josh	15ed329743	fix: db volume ownership and explicit error handling for write failures All checks were successful CI / test (pull_request) Successful in 9m32s Details Root cause of the 500 on create/update/delete: the non-root app user in the Docker container lacked write permission to the volume mount point. Docker volume mounts are owned by root by default; the app user (added in a previous commit) could read the database but not write to it. Fixes: 1. Dockerfile — RUN mkdir -p /app/data before chown so the directory exists in the image with correct ownership. Docker uses this as a seed when initialising a new named volume, ensuring the app user owns the mount point from the start. NOTE: existing volumes from before the non-root user was introduced will still be root-owned. Fix with: docker run --rm -v catalyst-data:/data alpine chown -R 1000:1000 /data 2. server/routes.js — replace bare `throw e` in POST/PUT catch blocks with console.error (route context + error) + explicit 500 response. Add try-catch to DELETE handler which previously had none. Unexpected DB errors now log the route they came from and return a clean JSON body instead of relying on the generic Express error handler. 3. server/db.js — wrap the boot init() call in try-catch. Fatal startup errors (e.g. data directory not writable) now print a clear message pointing to the cause before exiting, instead of a raw stack trace. TDD: tests written first (RED), then fixed (GREEN). Six new tests in tests/api.test.js verify that unexpected DB errors on POST, PUT, and DELETE return 500 with { error: 'internal server error' } and call console.error with the route context string. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 11:11:00 -04:00
Josh Wright	1412b2e0b7	Merge pull request 'feat: build :dev Docker image on push to dev' (#1 ) from chore/dev-staging-build into dev All checks were successful CI / test (push) Successful in 9m29s Details CI / build-dev (push) Successful in 13s Details Reviewed-on: #1	2026-03-28 10:38:48 -04:00
josh	30b037ff9c	feat: build :dev Docker image on push to dev All checks were successful CI / test (pull_request) Successful in 9m30s Details CI / build-dev (pull_request) Has been skipped Details Adds a build-dev job to ci.yml that fires after tests pass on direct pushes to dev (not PRs). Pushes two tags to the registry: :dev — mutable, always the latest integrated dev state :dev-<sha> — immutable, for tracing exactly which commit is running Staging servers can pull :dev to test before a release PR is opened. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 10:27:23 -04:00
josh	7a5b5d7afc	chore: establish dev branch and branching workflow All checks were successful CI / test (push) Successful in 9m26s Details Merges the initial ci.yml + release.yml workflow changes onto dev. This is the first merge under the new feature-branch → dev → main model. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 10:16:00 -04:00
josh	3383bee968	chore: replace build.yml with ci.yml + release.yml Splits the single workflow into two with distinct responsibilities: ci.yml — runs tests on push/PR to dev and main. Powers the required status check for branch protection on both branches. release.yml — triggers on push to main (merged PR). Reads version from package.json, asserts the tag doesn't already exist, creates the git tag, generates patch notes from commits since the previous tag, builds and pushes the Docker image, and creates the Gitea release. No more manual git tag or git push --tags. build.yml deleted — all three of its jobs are covered by the new files. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-28 10:15:52 -04:00