Decksmith

Appearance

Project State

Updated: 2026-03-30

Environment

VariableStatus
DATABASE_URL✅ Configured (Supabase Session Pooler — IPv4 fallback)
Supabase project✅ Active (amsnscsignhhcderjczy.supabase.co)
SUPABASE_URL✅ Configured
SUPABASE_ANON_KEY✅ Configured
SUPABASE_SERVICE_ROLE_KEY✅ Configured
COOKIE_SECRET✅ Configured
RedisNot needed yet
.env.example✅ Updated (Session Pooler format + COOKIE_SECRET)

What's Working

  • [x] API server: pnpm --filter @decksmith/api devlocalhost:3000
  • [x] User CRUD routes: /api/v1/users responding
  • [x] Auth routes: /api/v1/auth/ — all 6 routes implemented (in feat/auth PR #14)
  • [x] Lint: pnpm lintoxlint . (0 errors)
  • [x] Format: pnpm format:check → oxfmt (0 errors, markdown included)
  • [x] Tests: pnpm test → 3/3 passing (apps/api)
  • [x] Typecheck: pnpm typecheck → 0 errors
  • [x] DB schema: synced to Supabase via Session Pooler (db:push ✅ 2026-03-17)
  • [x] Supabase client: supabase.auth.admin.listUsers() responding from packages/db
  • [x] CI: all checks passing on PR #14

What's NOT Working / Blockers

  • apps/web, apps/worker, apps/mobile are empty shells
  • OAuth providers (Google, GitHub) not yet enabled in Supabase dashboard
  • RLS policies not yet applied to user-owned tables
  • DB seed is broken — User.id no longer has @default(uuid()), seed must be updated to create Supabase Auth users first before seeding profile rows
  • PR #14 (feat/auth) open but not yet merged to main

Current Branch

  • Branch: feat/auth — PR #14 open against main
  • In progress: Phase 2.2 — Auth (routes done, OAuth + RLS remaining)

Phase 2.2 Auth — Implementation Progress

Steps completed:

  • [x] ADR-0014 created: API-proxied auth decision documented
  • [x] Prisma schema: User.id no longer auto-generated, username/displayName nullable
  • [x] Prisma schema: CardTag cascade fixed, 3 missing indexes added
  • [x] db:push to Supabase ✅
  • [x] @supabase/supabase-js added to packages/db, singleton client created + tested
  • [x] Auth Zod DTOs in packages/schema/src/auth/ — all endpoints covered
  • [x] UserResponseSchema.username + displayName made nullable
  • [x] @fastify/cookie, @fastify/cors, @fastify/rate-limit installed + configured in apps/api
  • [x] Auth plugin apps/api/src/plugins/auth.tsfastify.authenticate preHandler decorator
  • [x] src/types/fastify.d.ts — Fastify module augmentation (req.user, authenticate)
  • [x] AuthUser type re-exported from @decksmith/db
  • [x] Auth routes: register, login, logout, refresh, forgot-password, reset-password
  • [x] Auth mapper: toRegisterResponse (AuthUser → RegisterResponse DTO)
  • [x] Pitfalls doc system: apps/docs/context/pitfalls/ (fastify, supabase, typescript)
  • [x] api-reviewer run on auth module — all issues resolved
  • [x] REGISTRATION_FAILED + PASSWORD_RESET_FAILED added to packages/schema/src/errors/codes.ts
  • [x] CI fix: oxfmt now runs on .md files in lint-staged

Steps remaining:

  • [ ] Enable OAuth providers in Supabase dashboard (Google, GitHub)
  • [ ] RLS policies for user-owned tables
  • [ ] test-writer for auth routes
  • [ ] Merge PR #14

Open Decisions (not yet ADR'd)

  • Profile completion state: what happens when a user has no username/displayName yet? A redirect to an onboarding screen is needed but not yet specced.

Built with VitePress