Fix OAuth redirect_uri mismatch between better-auth and provider configuration#77
Merged
Merged
Conversation
Member
The issue mentions |
Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com>
…guration Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com>
Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix invalid redirect URL for GitHub login
Fix OAuth redirect_uri mismatch between better-auth and provider configuration
Feb 19, 2026
Contributor
Author
You're correct - the issue description has some confusing wording. The main game/app runs at The fix ensures that when better-auth constructs OAuth callback URLs, it uses The typo mentioning "/microsoft" in the issue description should be "/github" for the GitHub OAuth callback. |
Greptile SummaryThis PR fixes a production OAuth authentication issue where providers (GitHub, Microsoft, Discord) rejected callbacks with "redirect_uri is not associated with this application." The root cause was a mismatch between The solution adds an nginx proxy rule to forward
The approach correctly leverages nginx reverse proxy to handle domain routing while keeping the authentication logic intact on the API server. Confidence Score: 5/5
Last reviewed commit: 7291faf |
There was a problem hiding this comment.
Pull request overview
Fixes production OAuth failures caused by better-auth constructing redirect_uri values from BETTER_AUTH_URL that didn’t match the domains configured in OAuth provider consoles, by routing /api/auth/* callbacks through the web domain and documenting the required production settings.
Changes:
- Add nginx routing on the web domain to proxy
/api/auth/to the API service so provider callbacks land on the configured domain. - Document production deployment steps for setting
BETTER_AUTH_URLto the web domain and troubleshooting the redirect mismatch. - Add a release note entry and update
.env.examplewith production guidance forBETTER_AUTH_URL.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/project/corpsim.altitude.nginx.conf | Adds /api/auth/ location to proxy auth routes to the API port from the web domain. |
| docs/project/OAUTH_CALLBACK_FIX.md | New step-by-step deployment guide explaining the redirect mismatch and fix. |
| docs/project/DOKPLOY_DOCKERFILE.md | Documents required production BETTER_AUTH_URL and adds troubleshooting notes. |
| .releases/unreleased/20260219091824-fix-github-oauth-redirect-url.md | Adds release note entry describing the OAuth redirect fix. |
| .env.example | Documents intended production usage of BETTER_AUTH_URL. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
|
@copilot last but not least, change the IP ranges to |
…, and use RFC 5737 IP ranges Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com>
Contributor
Author
Updated in commit 2fa0075. Changed all IP addresses to RFC 5737 example range ( |
Member
|
@copilot apply changes based on the comments in this thread |
Contributor
Author
All changes from that review thread have already been applied in commit 2fa0075:
No additional changes needed. |
Copilot stopped work on behalf of
BENZOOgataga due to an error
February 19, 2026 09:41
BENZOOgataga
added a commit
that referenced
this pull request
Feb 22, 2026
…lease hardening (#82) * Standardize postcss on 8.4.49 to address CVE in versions < 8.4.49 (#59) * Initial plan * Fix postcss vulnerability by upgrading to 8.5.6 Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Update postcss override to target 8.5.6 to eliminate dual versions Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Standardize on postcss 8.4.49 to fix CVE and eliminate version conflicts Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Fix early-game UX issues: form placeholders, time visibility, completion feedback (#73) * Initial plan * Fix prefilled form fields, add tick countdown, improve workforce UI explanations Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Add toast notifications for research and production completion Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Fix TypeScript errors in toast notifications Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Add release entry for UX improvements Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Remove prefilled allocation percentages from workforce page initial state Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Fix capacity delta input reset to empty string after submission Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Apply code review feedback: improve accessibility, fix countdown boundary, deduplicate toast recipes Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Update design guidelines documentation with new UX patterns Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat: Add infrastructure-based production foundation (Phase 1-2) (#75) * Initial plan * feat(sim): add building infrastructure domain layer with Prisma schema and tests Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * chore: add release entry for building infrastructure phase 1 * feat(sim): integrate building operating costs into tick pipeline Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix(sim): fix stale cash bug and reserved cash invariant in building operating costs - Fetch fresh company data for each building to avoid stale cash values when processing multiple buildings - Use availableCash() to respect reservedCashCents when checking affordability - Update AGENTS.md to reflect new 11-stage tick pipeline - Add tests for reserved cash respect and multi-building scenarios Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * refactor(sim): improve building service types and documentation clarity - Remove `any` return types, let TypeScript infer from Prisma - Clarify which invariants are enforced vs planned in module docs - Add note in tick-engine that production validation doesn't check building status yet (Phase 2) - Update building service docs to separate current vs future features Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix(shared): add new building ledger entry types to FinanceLedgerEntryType - Add BUILDING_OPERATING_COST and BUILDING_ACQUISITION to shared API types - Fixes TypeScript compilation errors in finance controller and service - All 53 tests passing Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix(sim): remove explicit any type in building tests to pass linter - Replace `{} as any` with `{} as Prisma.TransactionClient` - Fixes ESLint error: @typescript-eslint/no-explicit-any - All tests passing, TypeScript compilation successful Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Fix OAuth redirect_uri mismatch between better-auth and provider configuration (#77) * Initial plan * feat: Add nginx proxy rule for OAuth callbacks on web domain Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * docs: Update deployment docs and env example for OAuth callback configuration Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * docs: Add deployment guide for OAuth callback redirect URL fix Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: Address PR review feedback - update release area, nginx comments, and use RFC 5737 IP ranges Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Phase 3: Enforce storage capacity limits and production building requirements (#78) * Initial plan * feat: implement storage capacity system and building validation - Add BASE_STORAGE_CAPACITY_PER_REGION and WAREHOUSE_CAPACITY_PER_SLOT constants - Implement calculateRegionalStorageCapacity function - Implement validateStorageCapacity function to check inventory limits - Integrate storage validation in production completions - Integrate storage validation in market settlement - Integrate storage validation in shipment deliveries - Add validateProductionBuildingAvailable function - Integrate building validation in production job creation - Update tick-engine JSDoc with Phase 3 validation notes - Add comprehensive tests for storage capacity system - Add tests for production building validation Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: remove unused imports in storage.test.ts * fix: resolve storage validation race conditions and bot production - Move storage validation BEFORE inventory mutations in production - Move storage validation BEFORE inventory mutations in market settlement - Only validate production buildings for player companies (bots exempt) - Prevents batch processing race condition where multiple operations in same tick could exceed capacity Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: account for net inventory change in production storage validation - Calculate net inventory change (outputs - inputs consumed) - Only validate storage if net change is positive - Update documentation to accurately reflect validation behavior - Addresses bot reviewer feedback on production capacity logic Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: skip storage validation for self-trades in market settlement - Self-trades (same company, region, and item) have net zero inventory change - Skip storage capacity validation when buyer and seller are the same entity - Prevents false positive rejections when company at capacity trades with itself - Addresses bot reviewer feedback on self-trade edge case Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: add warehouse to market-candles test to ensure storage capacity - Test was failing because buyer company lacked sufficient storage capacity - Added warehouse to buyer company in test setup - Warehouse increases capacity by 500 units (base 1000 + warehouse 500 = 1500 total) - Ensures trade settlement doesn't hit storage limit validation Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: add production building and warehouse to seeded player company - Player company now gets a FACTORY (5 capacity slots) for production jobs - Player company now gets a WAREHOUSE (500 capacity) to handle 1088 units of starting inventory - Total capacity: 1000 (base) + 500 (warehouse) = 1500 units - Removes need for per-test warehouse setup in market-candles test - Fixes all integration tests that rely on player company having buildings Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * refactor: reduce starting inventory and remove free warehouse - Reduced player starting inventory from 1088 to 885 units (fits in base 1000 capacity) - Removed free warehouse to avoid giving players buildings with upkeep costs - Keep FACTORY for production capability (no operating cost in seed) - Starting inventory breakdown: * ironOre: 240 → 200 * coal: 140 → 120 * copperOre: 180 → 150 * water: 200 → 150 * fertilizer: 150 → 120 * bioSubstrate: 160 → 130 * ironIngot: 12 → 10 * copperIngot: 6 → 5 Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Phase 4 & 5: Buildings Management UI + Preflight Validation + Deterministic Overflow Policy + Stuck Shipment Indicator (#79) * Initial plan * feat(api): add buildings API with preflight validation - Add BuildingsController with endpoints for listing, acquiring, and reactivating buildings - Add preflight validation endpoints for production jobs and buy orders - Add storage and capacity info endpoints - Add building type definitions with costs (Phase 5 balance pass) - Add building-related types to shared package - Register buildings module in app.module.ts Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat(web): add buildings API client functions - Add building-related parsers to api-parsers - Add buildings API functions to api client - Add support for listing, acquiring, and reactivating buildings - Add preflight validation API calls - Add storage and capacity info API calls Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat(web): add Buildings page and UI components - Add Buildings page with region/category grouping - Add building status display with badges - Add Acquire Building dialog with cost preview - Add reactivate building functionality - Add Storage Meter component for capacity visualization - Add missing UI components (Dialog, Label, Progress) - Install required radix-ui packages Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * chore: add release entry for Phase 4 & 5 implementation * fix: remove unused imports in buildings service * feat(sim): implement deterministic overflow policy for shipments CRITICAL FIX: Shipment delivery now returns to sender when destination storage is full, preventing tick blocking. **Overflow Strategy: Return to Sender** When shipment arrives but destination storage is full: - Shipment marked as DELIVERED (not failed) - Inventory returned to origin region (fromRegionId) - No error thrown (prevents tick advancement failures) - Deterministic behavior - always returns, never partial - Player consequence: wasted logistics fee **Changes:** - packages/sim/src/services/shipments.ts: - deliverDueShipmentsForTick() now returns {deliveredCount, returnedCount} - Catches storage capacity errors and returns to sender - Updated JSDoc with comprehensive overflow policy documentation **Prevents Soft-Lock:** - Tick processing never fails due to player storage mismanagement - Multi-operation storage contention handled deterministically - Same-tick shipments processed in arrival order (ASC) All 64 existing tests passing. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * docs: add comprehensive overflow policy and economic analysis Complete documentation covering: - Deterministic overflow policy (reject at source + return to sender) - Multi-operation storage contention handling - Soft-lock prevention strategy - Economic balance analysis with break-even calculations - Early game viability assessment - Over-expansion risk scenarios - Integration test coverage plan Key Findings: - Current building costs too high for absolute beginners - Recommend adding $25k Workshop tier - MegaFactory dangerous if purchased too early (bankruptcy risk) - Production failure behavior needs design decision (lose inputs vs return) All quality gates passing: - ✅ 64/64 tests - ✅ TypeScript compilation - ✅ ESLint Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat: add WORKSHOP building tier and improve overflow policy **Workshop Building Tier ($25k Entry-Level):** - Acquisition: $25,000 (vs $80k for Farm) - Weekly cost: $1,500 (vs $4k for Farm) - Capacity: 1 slot - Purpose: True early-game viability **Overflow Policy Enhancements:** - Origin storage validation SKIPPED for returns (prevents deadlock) - Rationale: Items were already at origin - bounded violation acceptable - Origin may temporarily exceed capacity but self-corrects - Deterministic: Same inputs → same outputs - Idempotent: updateMany prevents double-processing - Atomic: Single transaction, no partial state - No ledger entry on return (fee already paid at creation) **Changes:** - packages/db/prisma/schema.prisma: Add WORKSHOP to BuildingType enum - packages/shared/src/api-types.ts: Add WORKSHOP to type union - packages/sim/src/services/buildings.ts: Include WORKSHOP in production building types - packages/sim/src/services/shipments.ts: Enhanced overflow documentation - apps/api/src/buildings/buildings.service.ts: Add WORKSHOP definition and include in preflight **Quality:** - All 64 tests passing - TypeScript compilation passing - ESLint passing Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: maintain hard storage caps and use deterministic ordering BREAKING CHANGES to overflow policy per reviewer feedback: **1. Hard Storage Caps Maintained:** - Origin capacity NOW VALIDATED on rollback (was bypassed) - No bounded violation - all regions respect capacity limits - If both origin and destination full, delivery FAILS - This is acceptable - player made storage management error **2. Delivery Rollback Semantics:** - Clarified: This is a ROLLBACK, not a logistics return - No new shipment created, no additional travel time - Status: DELIVERED (completed, even if rolled back) - Player penalty: wasted fee + time **3. Deterministic Ordering:** - Changed from createdAt (wall-clock) to tickCreated (deterministic) - Guarantees same order on replay: ORDER BY tickArrives ASC, tickCreated ASC - Location: packages/sim/src/services/shipments.ts:674 **Changes:** - packages/sim/src/services/shipments.ts: - Add origin capacity validation on rollback (line 730-736) - Use tickCreated instead of createdAt for ordering - Comprehensive JSDoc updates explaining rollback vs return - Hard cap invariants maintained everywhere - docs/overflow-policy-and-economics.md: - Updated to reflect rollback semantics - Clarified deterministic ordering with tickCreated - Documented edge case (both regions full) **Rationale:** - Hard caps are invariants - no bypass allowed - Edge case failure acceptable (player must manage both regions) - Simpler than overflow bucket (no quarantine system needed) - Deterministic ordering critical for replay All 64 tests passing. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: ensure tick never fails - retry shipments when both regions full CRITICAL FIX: Tick advancement can never be blocked by storage overflow. **Problem:** Previous implementation threw error if both origin and destination were full, blocking tick advancement. **Solution:** Three-tier delivery fallback: 1. Destination has capacity → Normal delivery 2. Destination full, origin has capacity → Rollback to origin (DELIVERED status) 3. Both regions full → Keep IN_TRANSIT, retry next tick (tick continues) **Changes:** - packages/sim/src/services/shipments.ts: - Moved status update AFTER capacity validation (line 746-756) - Only update to DELIVERED if delivery succeeds - If both regions full: shipment stays IN_TRANSIT, no throw - Comprehensive JSDoc explaining three-tier fallback - Line 733: Catch origin validation error, set shouldDeliver=false - docs/overflow-policy-and-economics.md: - Updated to document three-tier delivery outcomes - Clarified tick never fails guarantee - Documented retry mechanism for double-full scenario **Guarantees:** ✅ Tick advancement NEVER fails due to storage ✅ Hard storage caps maintained (no bypass) ✅ Deterministic retry behavior ✅ Player gets clear feedback (shipment stays IN_TRANSIT until space available) **Edge Case Handling:** - Both regions full → shipment retries automatically next tick - Player must clear space in EITHER region for delivery - No soft-lock possible All 64 tests passing. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * refactor: extract production building types constant and fix type safety Address code review feedback: 1. Extract PRODUCTION_BUILDING_TYPES as shared constant (eliminates duplication) 2. Fix type safety: use `as BuildingType` instead of `as any` in acquire dialog **Changes:** - packages/sim/src/services/buildings.ts: - Add PRODUCTION_BUILDING_TYPES export (line 89-97) - Use constant in getProductionCapacityForCompany (line 513) - Use constant in assertHasActiveProductionBuilding (line 649) - apps/api/src/buildings/buildings.service.ts: - Import PRODUCTION_BUILDING_TYPES (line 19) - Use constant in preflightProductionJob (line 337) - apps/web/src/components/buildings/acquire-building-dialog.tsx: - Import BuildingType from api (line 25) - Fix type assertion: as BuildingType (line 90) **Benefits:** - Single source of truth for production building types - Easier maintenance (add/remove building types in one place) - Better type safety (no `as any` bypass) - Consistent across API and sim layers All 64 tests passing, typecheck and lint passing. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: add database migration for WORKSHOP building type CRITICAL FIX: Database enum missing WORKSHOP value causing 500 errors. **Problem:** Added WORKSHOP to TypeScript code and Prisma schema, but database enum wasn't updated via migration. **Error:** ``` invalid input value for enum "BuildingType": "WORKSHOP" ``` **Solution:** Create migration to add WORKSHOP to BuildingType enum in PostgreSQL. **Migration:** packages/db/prisma/migrations/20260219133500_add_workshop_building_type/migration.sql - Adds WORKSHOP value to BuildingType enum - Required for integration tests to pass - Safe to apply (enum extension, no data migration needed) Integration tests will pass once migration is applied to test database. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * refactor: apply code review suggestions Address copilot-pull-request-reviewer feedback: 1. Remove trailing blank lines in api-parsers.ts 2. Simplify listBuildings controller - pass query DTO directly 3. Wrap building definitions response for API consistency **Changes:** - apps/web/src/lib/api-parsers.ts: Remove trailing whitespace - apps/api/src/buildings/buildings.controller.ts: - Pass query DTO directly to listBuildings (no redundant object) - Wrap definitions in { definitions: [...] } for consistency **Note:** Bot comment about tickCreated field is incorrect - field exists in schema at line 290. All changes are code quality improvements with no functional impact. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat: add stuck shipment UI indicator with storage management link Implement real-time visual feedback for stuck shipments (IN_TRANSIT past ETA). **Changes:** - apps/web/src/components/logistics/logistics-page.tsx: - Added Badge and Link imports - Detect stuck shipments: tickArrives < currentTick - Display warning badge with tooltip on stuck shipments - Add "Manage Storage" button linking to /buildings page - Tooltip: "Waiting for storage capacity in destination or origin region" **UX Improvements:** - Clear visual indicator (amber warning badge) when shipment can't deliver - Actionable "Manage Storage" button for direct navigation to Buildings page - Tooltip explains retry behavior (waiting for capacity) - Prevents player confusion about stuck shipments **Implementation Details:** - Uses existing Badge component with "warning" variant - Conditionally renders badge only when isStuck = true - Adds direct link to Buildings page for capacity management - Maintains existing Cancel button functionality No breaking changes. Pure UX enhancement. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix(auth): support single-origin sso routing * fix(web): preserve repeated proxy headers * fix(ci): apply migrations before APP_ROLE all startup * fix(web): hide seeded example accounts in admin list * fix(api): allow admins on developer catalog read endpoints * fix(web): accept redacted company cash in parsers * fix(api): support admin research catalog on developer page * fix(web): separate recipe input items across catalog views * fix(web): centralize item quantity labels for recipe outputs * fix(web): resolve unknown item labels in market lists * fix(web): scope market listings to company tradable items * fix(auth): support single-origin sso routing * fix(web): preserve repeated proxy headers * fix(ci): apply migrations before APP_ROLE all startup * fix(web): hide seeded example accounts in admin list * fix(api): allow admins on developer catalog read endpoints * fix(web): accept redacted company cash in parsers * fix(api): support admin research catalog on developer page * fix(web): separate recipe input items across catalog views * fix(web): centralize item quantity labels for recipe outputs * fix(web): resolve unknown item labels in market lists * fix(web): scope market listings to company tradable items * docs(ops): use example domains and RFC5737 IPs in nginx docs * docs(ops): drop API subdomain blocks from nginx sample * feat(web): add ALPHA preview disclaimer to footer version badge * feat(web): show alpha notice on version hover and overview * fix(web): remove hover helper text from version badge * fix(web): remove focus ring box from maintenance overlay * feat(web): link alpha version badge to Discord updates * fix(web): fetch Discord URL via runtime public-links endpoint * fix(docs): add guideline to avoid commits to main branch * feat(web): replace static onboarding tutorial with guided walkthrough * fix(web): clarify overview metrics as world-level * feat(web): begin guided tutorial with active company snapshot * fix(sim): prevent zero-trade stalls from static bot books * fix(api): harden diagnostics missing-items service injection * fix(ci): resolve root typecheck failures * fix(web): wrap search params hooks in suspense * fix(ci): run release workflow only on main * fix: stabilize prisma startup and restore phase 1-5 web UX * fix(db): run Prisma generate without relying on dotenv-cli shell binary * fix(web): parse buildings definitions payload correctly * fix(web): support legacy buildings definitions payload shape * chore(release): cut v0.10. 0 --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
BENZOOgataga
added a commit
that referenced
this pull request
Feb 22, 2026
* Standardize postcss on 8.4.49 to address CVE in versions < 8.4.49 (#59) * Initial plan * Fix postcss vulnerability by upgrading to 8.5.6 Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Update postcss override to target 8.5.6 to eliminate dual versions Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Standardize on postcss 8.4.49 to fix CVE and eliminate version conflicts Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Fix early-game UX issues: form placeholders, time visibility, completion feedback (#73) * Initial plan * Fix prefilled form fields, add tick countdown, improve workforce UI explanations Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Add toast notifications for research and production completion Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Fix TypeScript errors in toast notifications Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Add release entry for UX improvements Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Remove prefilled allocation percentages from workforce page initial state Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Fix capacity delta input reset to empty string after submission Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Apply code review feedback: improve accessibility, fix countdown boundary, deduplicate toast recipes Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Update design guidelines documentation with new UX patterns Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat: Add infrastructure-based production foundation (Phase 1-2) (#75) * Initial plan * feat(sim): add building infrastructure domain layer with Prisma schema and tests Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * chore: add release entry for building infrastructure phase 1 * feat(sim): integrate building operating costs into tick pipeline Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix(sim): fix stale cash bug and reserved cash invariant in building operating costs - Fetch fresh company data for each building to avoid stale cash values when processing multiple buildings - Use availableCash() to respect reservedCashCents when checking affordability - Update AGENTS.md to reflect new 11-stage tick pipeline - Add tests for reserved cash respect and multi-building scenarios Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * refactor(sim): improve building service types and documentation clarity - Remove `any` return types, let TypeScript infer from Prisma - Clarify which invariants are enforced vs planned in module docs - Add note in tick-engine that production validation doesn't check building status yet (Phase 2) - Update building service docs to separate current vs future features Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix(shared): add new building ledger entry types to FinanceLedgerEntryType - Add BUILDING_OPERATING_COST and BUILDING_ACQUISITION to shared API types - Fixes TypeScript compilation errors in finance controller and service - All 53 tests passing Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix(sim): remove explicit any type in building tests to pass linter - Replace `{} as any` with `{} as Prisma.TransactionClient` - Fixes ESLint error: @typescript-eslint/no-explicit-any - All tests passing, TypeScript compilation successful Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Fix OAuth redirect_uri mismatch between better-auth and provider configuration (#77) * Initial plan * feat: Add nginx proxy rule for OAuth callbacks on web domain Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * docs: Update deployment docs and env example for OAuth callback configuration Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * docs: Add deployment guide for OAuth callback redirect URL fix Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: Address PR review feedback - update release area, nginx comments, and use RFC 5737 IP ranges Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Phase 3: Enforce storage capacity limits and production building requirements (#78) * Initial plan * feat: implement storage capacity system and building validation - Add BASE_STORAGE_CAPACITY_PER_REGION and WAREHOUSE_CAPACITY_PER_SLOT constants - Implement calculateRegionalStorageCapacity function - Implement validateStorageCapacity function to check inventory limits - Integrate storage validation in production completions - Integrate storage validation in market settlement - Integrate storage validation in shipment deliveries - Add validateProductionBuildingAvailable function - Integrate building validation in production job creation - Update tick-engine JSDoc with Phase 3 validation notes - Add comprehensive tests for storage capacity system - Add tests for production building validation Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: remove unused imports in storage.test.ts * fix: resolve storage validation race conditions and bot production - Move storage validation BEFORE inventory mutations in production - Move storage validation BEFORE inventory mutations in market settlement - Only validate production buildings for player companies (bots exempt) - Prevents batch processing race condition where multiple operations in same tick could exceed capacity Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: account for net inventory change in production storage validation - Calculate net inventory change (outputs - inputs consumed) - Only validate storage if net change is positive - Update documentation to accurately reflect validation behavior - Addresses bot reviewer feedback on production capacity logic Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: skip storage validation for self-trades in market settlement - Self-trades (same company, region, and item) have net zero inventory change - Skip storage capacity validation when buyer and seller are the same entity - Prevents false positive rejections when company at capacity trades with itself - Addresses bot reviewer feedback on self-trade edge case Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: add warehouse to market-candles test to ensure storage capacity - Test was failing because buyer company lacked sufficient storage capacity - Added warehouse to buyer company in test setup - Warehouse increases capacity by 500 units (base 1000 + warehouse 500 = 1500 total) - Ensures trade settlement doesn't hit storage limit validation Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: add production building and warehouse to seeded player company - Player company now gets a FACTORY (5 capacity slots) for production jobs - Player company now gets a WAREHOUSE (500 capacity) to handle 1088 units of starting inventory - Total capacity: 1000 (base) + 500 (warehouse) = 1500 units - Removes need for per-test warehouse setup in market-candles test - Fixes all integration tests that rely on player company having buildings Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * refactor: reduce starting inventory and remove free warehouse - Reduced player starting inventory from 1088 to 885 units (fits in base 1000 capacity) - Removed free warehouse to avoid giving players buildings with upkeep costs - Keep FACTORY for production capability (no operating cost in seed) - Starting inventory breakdown: * ironOre: 240 → 200 * coal: 140 → 120 * copperOre: 180 → 150 * water: 200 → 150 * fertilizer: 150 → 120 * bioSubstrate: 160 → 130 * ironIngot: 12 → 10 * copperIngot: 6 → 5 Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * Phase 4 & 5: Buildings Management UI + Preflight Validation + Deterministic Overflow Policy + Stuck Shipment Indicator (#79) * Initial plan * feat(api): add buildings API with preflight validation - Add BuildingsController with endpoints for listing, acquiring, and reactivating buildings - Add preflight validation endpoints for production jobs and buy orders - Add storage and capacity info endpoints - Add building type definitions with costs (Phase 5 balance pass) - Add building-related types to shared package - Register buildings module in app.module.ts Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat(web): add buildings API client functions - Add building-related parsers to api-parsers - Add buildings API functions to api client - Add support for listing, acquiring, and reactivating buildings - Add preflight validation API calls - Add storage and capacity info API calls Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat(web): add Buildings page and UI components - Add Buildings page with region/category grouping - Add building status display with badges - Add Acquire Building dialog with cost preview - Add reactivate building functionality - Add Storage Meter component for capacity visualization - Add missing UI components (Dialog, Label, Progress) - Install required radix-ui packages Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * chore: add release entry for Phase 4 & 5 implementation * fix: remove unused imports in buildings service * feat(sim): implement deterministic overflow policy for shipments CRITICAL FIX: Shipment delivery now returns to sender when destination storage is full, preventing tick blocking. **Overflow Strategy: Return to Sender** When shipment arrives but destination storage is full: - Shipment marked as DELIVERED (not failed) - Inventory returned to origin region (fromRegionId) - No error thrown (prevents tick advancement failures) - Deterministic behavior - always returns, never partial - Player consequence: wasted logistics fee **Changes:** - packages/sim/src/services/shipments.ts: - deliverDueShipmentsForTick() now returns {deliveredCount, returnedCount} - Catches storage capacity errors and returns to sender - Updated JSDoc with comprehensive overflow policy documentation **Prevents Soft-Lock:** - Tick processing never fails due to player storage mismanagement - Multi-operation storage contention handled deterministically - Same-tick shipments processed in arrival order (ASC) All 64 existing tests passing. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * docs: add comprehensive overflow policy and economic analysis Complete documentation covering: - Deterministic overflow policy (reject at source + return to sender) - Multi-operation storage contention handling - Soft-lock prevention strategy - Economic balance analysis with break-even calculations - Early game viability assessment - Over-expansion risk scenarios - Integration test coverage plan Key Findings: - Current building costs too high for absolute beginners - Recommend adding $25k Workshop tier - MegaFactory dangerous if purchased too early (bankruptcy risk) - Production failure behavior needs design decision (lose inputs vs return) All quality gates passing: - ✅ 64/64 tests - ✅ TypeScript compilation - ✅ ESLint Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat: add WORKSHOP building tier and improve overflow policy **Workshop Building Tier ($25k Entry-Level):** - Acquisition: $25,000 (vs $80k for Farm) - Weekly cost: $1,500 (vs $4k for Farm) - Capacity: 1 slot - Purpose: True early-game viability **Overflow Policy Enhancements:** - Origin storage validation SKIPPED for returns (prevents deadlock) - Rationale: Items were already at origin - bounded violation acceptable - Origin may temporarily exceed capacity but self-corrects - Deterministic: Same inputs → same outputs - Idempotent: updateMany prevents double-processing - Atomic: Single transaction, no partial state - No ledger entry on return (fee already paid at creation) **Changes:** - packages/db/prisma/schema.prisma: Add WORKSHOP to BuildingType enum - packages/shared/src/api-types.ts: Add WORKSHOP to type union - packages/sim/src/services/buildings.ts: Include WORKSHOP in production building types - packages/sim/src/services/shipments.ts: Enhanced overflow documentation - apps/api/src/buildings/buildings.service.ts: Add WORKSHOP definition and include in preflight **Quality:** - All 64 tests passing - TypeScript compilation passing - ESLint passing Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: maintain hard storage caps and use deterministic ordering BREAKING CHANGES to overflow policy per reviewer feedback: **1. Hard Storage Caps Maintained:** - Origin capacity NOW VALIDATED on rollback (was bypassed) - No bounded violation - all regions respect capacity limits - If both origin and destination full, delivery FAILS - This is acceptable - player made storage management error **2. Delivery Rollback Semantics:** - Clarified: This is a ROLLBACK, not a logistics return - No new shipment created, no additional travel time - Status: DELIVERED (completed, even if rolled back) - Player penalty: wasted fee + time **3. Deterministic Ordering:** - Changed from createdAt (wall-clock) to tickCreated (deterministic) - Guarantees same order on replay: ORDER BY tickArrives ASC, tickCreated ASC - Location: packages/sim/src/services/shipments.ts:674 **Changes:** - packages/sim/src/services/shipments.ts: - Add origin capacity validation on rollback (line 730-736) - Use tickCreated instead of createdAt for ordering - Comprehensive JSDoc updates explaining rollback vs return - Hard cap invariants maintained everywhere - docs/overflow-policy-and-economics.md: - Updated to reflect rollback semantics - Clarified deterministic ordering with tickCreated - Documented edge case (both regions full) **Rationale:** - Hard caps are invariants - no bypass allowed - Edge case failure acceptable (player must manage both regions) - Simpler than overflow bucket (no quarantine system needed) - Deterministic ordering critical for replay All 64 tests passing. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: ensure tick never fails - retry shipments when both regions full CRITICAL FIX: Tick advancement can never be blocked by storage overflow. **Problem:** Previous implementation threw error if both origin and destination were full, blocking tick advancement. **Solution:** Three-tier delivery fallback: 1. Destination has capacity → Normal delivery 2. Destination full, origin has capacity → Rollback to origin (DELIVERED status) 3. Both regions full → Keep IN_TRANSIT, retry next tick (tick continues) **Changes:** - packages/sim/src/services/shipments.ts: - Moved status update AFTER capacity validation (line 746-756) - Only update to DELIVERED if delivery succeeds - If both regions full: shipment stays IN_TRANSIT, no throw - Comprehensive JSDoc explaining three-tier fallback - Line 733: Catch origin validation error, set shouldDeliver=false - docs/overflow-policy-and-economics.md: - Updated to document three-tier delivery outcomes - Clarified tick never fails guarantee - Documented retry mechanism for double-full scenario **Guarantees:** ✅ Tick advancement NEVER fails due to storage ✅ Hard storage caps maintained (no bypass) ✅ Deterministic retry behavior ✅ Player gets clear feedback (shipment stays IN_TRANSIT until space available) **Edge Case Handling:** - Both regions full → shipment retries automatically next tick - Player must clear space in EITHER region for delivery - No soft-lock possible All 64 tests passing. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * refactor: extract production building types constant and fix type safety Address code review feedback: 1. Extract PRODUCTION_BUILDING_TYPES as shared constant (eliminates duplication) 2. Fix type safety: use `as BuildingType` instead of `as any` in acquire dialog **Changes:** - packages/sim/src/services/buildings.ts: - Add PRODUCTION_BUILDING_TYPES export (line 89-97) - Use constant in getProductionCapacityForCompany (line 513) - Use constant in assertHasActiveProductionBuilding (line 649) - apps/api/src/buildings/buildings.service.ts: - Import PRODUCTION_BUILDING_TYPES (line 19) - Use constant in preflightProductionJob (line 337) - apps/web/src/components/buildings/acquire-building-dialog.tsx: - Import BuildingType from api (line 25) - Fix type assertion: as BuildingType (line 90) **Benefits:** - Single source of truth for production building types - Easier maintenance (add/remove building types in one place) - Better type safety (no `as any` bypass) - Consistent across API and sim layers All 64 tests passing, typecheck and lint passing. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix: add database migration for WORKSHOP building type CRITICAL FIX: Database enum missing WORKSHOP value causing 500 errors. **Problem:** Added WORKSHOP to TypeScript code and Prisma schema, but database enum wasn't updated via migration. **Error:** ``` invalid input value for enum "BuildingType": "WORKSHOP" ``` **Solution:** Create migration to add WORKSHOP to BuildingType enum in PostgreSQL. **Migration:** packages/db/prisma/migrations/20260219133500_add_workshop_building_type/migration.sql - Adds WORKSHOP value to BuildingType enum - Required for integration tests to pass - Safe to apply (enum extension, no data migration needed) Integration tests will pass once migration is applied to test database. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * refactor: apply code review suggestions Address copilot-pull-request-reviewer feedback: 1. Remove trailing blank lines in api-parsers.ts 2. Simplify listBuildings controller - pass query DTO directly 3. Wrap building definitions response for API consistency **Changes:** - apps/web/src/lib/api-parsers.ts: Remove trailing whitespace - apps/api/src/buildings/buildings.controller.ts: - Pass query DTO directly to listBuildings (no redundant object) - Wrap definitions in { definitions: [...] } for consistency **Note:** Bot comment about tickCreated field is incorrect - field exists in schema at line 290. All changes are code quality improvements with no functional impact. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * feat: add stuck shipment UI indicator with storage management link Implement real-time visual feedback for stuck shipments (IN_TRANSIT past ETA). **Changes:** - apps/web/src/components/logistics/logistics-page.tsx: - Added Badge and Link imports - Detect stuck shipments: tickArrives < currentTick - Display warning badge with tooltip on stuck shipments - Add "Manage Storage" button linking to /buildings page - Tooltip: "Waiting for storage capacity in destination or origin region" **UX Improvements:** - Clear visual indicator (amber warning badge) when shipment can't deliver - Actionable "Manage Storage" button for direct navigation to Buildings page - Tooltip explains retry behavior (waiting for capacity) - Prevents player confusion about stuck shipments **Implementation Details:** - Uses existing Badge component with "warning" variant - Conditionally renders badge only when isStuck = true - Adds direct link to Buildings page for capacity management - Maintains existing Cancel button functionality No breaking changes. Pure UX enhancement. Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com> * fix(auth): support single-origin sso routing * fix(web): preserve repeated proxy headers * fix(ci): apply migrations before APP_ROLE all startup * fix(web): hide seeded example accounts in admin list * fix(api): allow admins on developer catalog read endpoints * fix(web): accept redacted company cash in parsers * fix(api): support admin research catalog on developer page * fix(web): separate recipe input items across catalog views * fix(web): centralize item quantity labels for recipe outputs * fix(web): resolve unknown item labels in market lists * fix(web): scope market listings to company tradable items * fix(auth): support single-origin sso routing * fix(web): preserve repeated proxy headers * fix(ci): apply migrations before APP_ROLE all startup * fix(web): hide seeded example accounts in admin list * fix(api): allow admins on developer catalog read endpoints * fix(web): accept redacted company cash in parsers * fix(api): support admin research catalog on developer page * fix(web): separate recipe input items across catalog views * fix(web): centralize item quantity labels for recipe outputs * fix(web): resolve unknown item labels in market lists * fix(web): scope market listings to company tradable items * docs(ops): use example domains and RFC5737 IPs in nginx docs * docs(ops): drop API subdomain blocks from nginx sample * feat(web): add ALPHA preview disclaimer to footer version badge * feat(web): show alpha notice on version hover and overview * fix(web): remove hover helper text from version badge * fix(web): remove focus ring box from maintenance overlay * feat(web): link alpha version badge to Discord updates * fix(web): fetch Discord URL via runtime public-links endpoint * fix(docs): add guideline to avoid commits to main branch * feat(web): replace static onboarding tutorial with guided walkthrough * fix(web): clarify overview metrics as world-level * feat(web): begin guided tutorial with active company snapshot * fix(sim): prevent zero-trade stalls from static bot books * fix(api): harden diagnostics missing-items service injection * fix(ci): resolve root typecheck failures * fix(web): wrap search params hooks in suspense * fix(ci): run release workflow only on main * fix: stabilize prisma startup and restore phase 1-5 web UX * fix(db): run Prisma generate without relying on dotenv-cli shell binary * fix(web): parse buildings definitions payload correctly * fix(web): support legacy buildings definitions payload shape * chore(release): cut v0.10. 0 * fix(db): sync static catalog for production deployments * chore(release): cut v0.10.1 --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
4 tasks
BENZOOgataga
added a commit
that referenced
this pull request
Feb 22, 2026
* Standardize postcss on 8.4.49 to address CVE in versions < 8.4.49 (#59) * Initial plan * Fix postcss vulnerability by upgrading to 8.5.6 * Update postcss override to target 8.5.6 to eliminate dual versions * Standardize on postcss 8.4.49 to fix CVE and eliminate version conflicts --------- * Fix early-game UX issues: form placeholders, time visibility, completion feedback (#73) * Initial plan * Fix prefilled form fields, add tick countdown, improve workforce UI explanations * Add toast notifications for research and production completion * Fix TypeScript errors in toast notifications * Add release entry for UX improvements * Remove prefilled allocation percentages from workforce page initial state * Fix capacity delta input reset to empty string after submission * Apply code review feedback: improve accessibility, fix countdown boundary, deduplicate toast recipes * Update design guidelines documentation with new UX patterns --------- * feat: Add infrastructure-based production foundation (Phase 1-2) (#75) * Initial plan * feat(sim): add building infrastructure domain layer with Prisma schema and tests * chore: add release entry for building infrastructure phase 1 * feat(sim): integrate building operating costs into tick pipeline * fix(sim): fix stale cash bug and reserved cash invariant in building operating costs - Fetch fresh company data for each building to avoid stale cash values when processing multiple buildings - Use availableCash() to respect reservedCashCents when checking affordability - Update AGENTS.md to reflect new 11-stage tick pipeline - Add tests for reserved cash respect and multi-building scenarios * refactor(sim): improve building service types and documentation clarity - Remove `any` return types, let TypeScript infer from Prisma - Clarify which invariants are enforced vs planned in module docs - Add note in tick-engine that production validation doesn't check building status yet (Phase 2) - Update building service docs to separate current vs future features * fix(shared): add new building ledger entry types to FinanceLedgerEntryType - Add BUILDING_OPERATING_COST and BUILDING_ACQUISITION to shared API types - Fixes TypeScript compilation errors in finance controller and service - All 53 tests passing * fix(sim): remove explicit any type in building tests to pass linter - Replace `{} as any` with `{} as Prisma.TransactionClient` - Fixes ESLint error: @typescript-eslint/no-explicit-any - All tests passing, TypeScript compilation successful --------- * Fix OAuth redirect_uri mismatch between better-auth and provider configuration (#77) * Initial plan * feat: Add nginx proxy rule for OAuth callbacks on web domain * docs: Update deployment docs and env example for OAuth callback configuration * docs: Add deployment guide for OAuth callback redirect URL fix * fix: Address PR review feedback - update release area, nginx comments, and use RFC 5737 IP ranges --------- * Phase 3: Enforce storage capacity limits and production building requirements (#78) * Initial plan * feat: implement storage capacity system and building validation - Add BASE_STORAGE_CAPACITY_PER_REGION and WAREHOUSE_CAPACITY_PER_SLOT constants - Implement calculateRegionalStorageCapacity function - Implement validateStorageCapacity function to check inventory limits - Integrate storage validation in production completions - Integrate storage validation in market settlement - Integrate storage validation in shipment deliveries - Add validateProductionBuildingAvailable function - Integrate building validation in production job creation - Update tick-engine JSDoc with Phase 3 validation notes - Add comprehensive tests for storage capacity system - Add tests for production building validation * fix: remove unused imports in storage.test.ts * fix: resolve storage validation race conditions and bot production - Move storage validation BEFORE inventory mutations in production - Move storage validation BEFORE inventory mutations in market settlement - Only validate production buildings for player companies (bots exempt) - Prevents batch processing race condition where multiple operations in same tick could exceed capacity * fix: account for net inventory change in production storage validation - Calculate net inventory change (outputs - inputs consumed) - Only validate storage if net change is positive - Update documentation to accurately reflect validation behavior - Addresses bot reviewer feedback on production capacity logic * fix: skip storage validation for self-trades in market settlement - Self-trades (same company, region, and item) have net zero inventory change - Skip storage capacity validation when buyer and seller are the same entity - Prevents false positive rejections when company at capacity trades with itself - Addresses bot reviewer feedback on self-trade edge case * fix: add warehouse to market-candles test to ensure storage capacity - Test was failing because buyer company lacked sufficient storage capacity - Added warehouse to buyer company in test setup - Warehouse increases capacity by 500 units (base 1000 + warehouse 500 = 1500 total) - Ensures trade settlement doesn't hit storage limit validation * fix: add production building and warehouse to seeded player company - Player company now gets a FACTORY (5 capacity slots) for production jobs - Player company now gets a WAREHOUSE (500 capacity) to handle 1088 units of starting inventory - Total capacity: 1000 (base) + 500 (warehouse) = 1500 units - Removes need for per-test warehouse setup in market-candles test - Fixes all integration tests that rely on player company having buildings * refactor: reduce starting inventory and remove free warehouse - Reduced player starting inventory from 1088 to 885 units (fits in base 1000 capacity) - Removed free warehouse to avoid giving players buildings with upkeep costs - Keep FACTORY for production capability (no operating cost in seed) - Starting inventory breakdown: * ironOre: 240 → 200 * coal: 140 → 120 * copperOre: 180 → 150 * water: 200 → 150 * fertilizer: 150 → 120 * bioSubstrate: 160 → 130 * ironIngot: 12 → 10 * copperIngot: 6 → 5 --------- * Phase 4 & 5: Buildings Management UI + Preflight Validation + Deterministic Overflow Policy + Stuck Shipment Indicator (#79) * Initial plan * feat(api): add buildings API with preflight validation - Add BuildingsController with endpoints for listing, acquiring, and reactivating buildings - Add preflight validation endpoints for production jobs and buy orders - Add storage and capacity info endpoints - Add building type definitions with costs (Phase 5 balance pass) - Add building-related types to shared package - Register buildings module in app.module.ts * feat(web): add buildings API client functions - Add building-related parsers to api-parsers - Add buildings API functions to api client - Add support for listing, acquiring, and reactivating buildings - Add preflight validation API calls - Add storage and capacity info API calls * feat(web): add Buildings page and UI components - Add Buildings page with region/category grouping - Add building status display with badges - Add Acquire Building dialog with cost preview - Add reactivate building functionality - Add Storage Meter component for capacity visualization - Add missing UI components (Dialog, Label, Progress) - Install required radix-ui packages * chore: add release entry for Phase 4 & 5 implementation * fix: remove unused imports in buildings service * feat(sim): implement deterministic overflow policy for shipments CRITICAL FIX: Shipment delivery now returns to sender when destination storage is full, preventing tick blocking. **Overflow Strategy: Return to Sender** When shipment arrives but destination storage is full: - Shipment marked as DELIVERED (not failed) - Inventory returned to origin region (fromRegionId) - No error thrown (prevents tick advancement failures) - Deterministic behavior - always returns, never partial - Player consequence: wasted logistics fee **Changes:** - packages/sim/src/services/shipments.ts: - deliverDueShipmentsForTick() now returns {deliveredCount, returnedCount} - Catches storage capacity errors and returns to sender - Updated JSDoc with comprehensive overflow policy documentation **Prevents Soft-Lock:** - Tick processing never fails due to player storage mismanagement - Multi-operation storage contention handled deterministically - Same-tick shipments processed in arrival order (ASC) All 64 existing tests passing. * docs: add comprehensive overflow policy and economic analysis Complete documentation covering: - Deterministic overflow policy (reject at source + return to sender) - Multi-operation storage contention handling - Soft-lock prevention strategy - Economic balance analysis with break-even calculations - Early game viability assessment - Over-expansion risk scenarios - Integration test coverage plan Key Findings: - Current building costs too high for absolute beginners - Recommend adding $25k Workshop tier - MegaFactory dangerous if purchased too early (bankruptcy risk) - Production failure behavior needs design decision (lose inputs vs return) All quality gates passing: - ✅ 64/64 tests - ✅ TypeScript compilation - ✅ ESLint * feat: add WORKSHOP building tier and improve overflow policy **Workshop Building Tier ($25k Entry-Level):** - Acquisition: $25,000 (vs $80k for Farm) - Weekly cost: $1,500 (vs $4k for Farm) - Capacity: 1 slot - Purpose: True early-game viability **Overflow Policy Enhancements:** - Origin storage validation SKIPPED for returns (prevents deadlock) - Rationale: Items were already at origin - bounded violation acceptable - Origin may temporarily exceed capacity but self-corrects - Deterministic: Same inputs → same outputs - Idempotent: updateMany prevents double-processing - Atomic: Single transaction, no partial state - No ledger entry on return (fee already paid at creation) **Changes:** - packages/db/prisma/schema.prisma: Add WORKSHOP to BuildingType enum - packages/shared/src/api-types.ts: Add WORKSHOP to type union - packages/sim/src/services/buildings.ts: Include WORKSHOP in production building types - packages/sim/src/services/shipments.ts: Enhanced overflow documentation - apps/api/src/buildings/buildings.service.ts: Add WORKSHOP definition and include in preflight **Quality:** - All 64 tests passing - TypeScript compilation passing - ESLint passing * fix: maintain hard storage caps and use deterministic ordering BREAKING CHANGES to overflow policy per reviewer feedback: **1. Hard Storage Caps Maintained:** - Origin capacity NOW VALIDATED on rollback (was bypassed) - No bounded violation - all regions respect capacity limits - If both origin and destination full, delivery FAILS - This is acceptable - player made storage management error **2. Delivery Rollback Semantics:** - Clarified: This is a ROLLBACK, not a logistics return - No new shipment created, no additional travel time - Status: DELIVERED (completed, even if rolled back) - Player penalty: wasted fee + time **3. Deterministic Ordering:** - Changed from createdAt (wall-clock) to tickCreated (deterministic) - Guarantees same order on replay: ORDER BY tickArrives ASC, tickCreated ASC - Location: packages/sim/src/services/shipments.ts:674 **Changes:** - packages/sim/src/services/shipments.ts: - Add origin capacity validation on rollback (line 730-736) - Use tickCreated instead of createdAt for ordering - Comprehensive JSDoc updates explaining rollback vs return - Hard cap invariants maintained everywhere - docs/overflow-policy-and-economics.md: - Updated to reflect rollback semantics - Clarified deterministic ordering with tickCreated - Documented edge case (both regions full) **Rationale:** - Hard caps are invariants - no bypass allowed - Edge case failure acceptable (player must manage both regions) - Simpler than overflow bucket (no quarantine system needed) - Deterministic ordering critical for replay All 64 tests passing. * fix: ensure tick never fails - retry shipments when both regions full CRITICAL FIX: Tick advancement can never be blocked by storage overflow. **Problem:** Previous implementation threw error if both origin and destination were full, blocking tick advancement. **Solution:** Three-tier delivery fallback: 1. Destination has capacity → Normal delivery 2. Destination full, origin has capacity → Rollback to origin (DELIVERED status) 3. Both regions full → Keep IN_TRANSIT, retry next tick (tick continues) **Changes:** - packages/sim/src/services/shipments.ts: - Moved status update AFTER capacity validation (line 746-756) - Only update to DELIVERED if delivery succeeds - If both regions full: shipment stays IN_TRANSIT, no throw - Comprehensive JSDoc explaining three-tier fallback - Line 733: Catch origin validation error, set shouldDeliver=false - docs/overflow-policy-and-economics.md: - Updated to document three-tier delivery outcomes - Clarified tick never fails guarantee - Documented retry mechanism for double-full scenario **Guarantees:** ✅ Tick advancement NEVER fails due to storage ✅ Hard storage caps maintained (no bypass) ✅ Deterministic retry behavior ✅ Player gets clear feedback (shipment stays IN_TRANSIT until space available) **Edge Case Handling:** - Both regions full → shipment retries automatically next tick - Player must clear space in EITHER region for delivery - No soft-lock possible All 64 tests passing. * refactor: extract production building types constant and fix type safety Address code review feedback: 1. Extract PRODUCTION_BUILDING_TYPES as shared constant (eliminates duplication) 2. Fix type safety: use `as BuildingType` instead of `as any` in acquire dialog **Changes:** - packages/sim/src/services/buildings.ts: - Add PRODUCTION_BUILDING_TYPES export (line 89-97) - Use constant in getProductionCapacityForCompany (line 513) - Use constant in assertHasActiveProductionBuilding (line 649) - apps/api/src/buildings/buildings.service.ts: - Import PRODUCTION_BUILDING_TYPES (line 19) - Use constant in preflightProductionJob (line 337) - apps/web/src/components/buildings/acquire-building-dialog.tsx: - Import BuildingType from api (line 25) - Fix type assertion: as BuildingType (line 90) **Benefits:** - Single source of truth for production building types - Easier maintenance (add/remove building types in one place) - Better type safety (no `as any` bypass) - Consistent across API and sim layers All 64 tests passing, typecheck and lint passing. * fix: add database migration for WORKSHOP building type CRITICAL FIX: Database enum missing WORKSHOP value causing 500 errors. **Problem:** Added WORKSHOP to TypeScript code and Prisma schema, but database enum wasn't updated via migration. **Error:** ``` invalid input value for enum "BuildingType": "WORKSHOP" ``` **Solution:** Create migration to add WORKSHOP to BuildingType enum in PostgreSQL. **Migration:** packages/db/prisma/migrations/20260219133500_add_workshop_building_type/migration.sql - Adds WORKSHOP value to BuildingType enum - Required for integration tests to pass - Safe to apply (enum extension, no data migration needed) Integration tests will pass once migration is applied to test database. * refactor: apply code review suggestions Address copilot-pull-request-reviewer feedback: 1. Remove trailing blank lines in api-parsers.ts 2. Simplify listBuildings controller - pass query DTO directly 3. Wrap building definitions response for API consistency **Changes:** - apps/web/src/lib/api-parsers.ts: Remove trailing whitespace - apps/api/src/buildings/buildings.controller.ts: - Pass query DTO directly to listBuildings (no redundant object) - Wrap definitions in { definitions: [...] } for consistency **Note:** Bot comment about tickCreated field is incorrect - field exists in schema at line 290. All changes are code quality improvements with no functional impact. * feat: add stuck shipment UI indicator with storage management link Implement real-time visual feedback for stuck shipments (IN_TRANSIT past ETA). **Changes:** - apps/web/src/components/logistics/logistics-page.tsx: - Added Badge and Link imports - Detect stuck shipments: tickArrives < currentTick - Display warning badge with tooltip on stuck shipments - Add "Manage Storage" button linking to /buildings page - Tooltip: "Waiting for storage capacity in destination or origin region" **UX Improvements:** - Clear visual indicator (amber warning badge) when shipment can't deliver - Actionable "Manage Storage" button for direct navigation to Buildings page - Tooltip explains retry behavior (waiting for capacity) - Prevents player confusion about stuck shipments **Implementation Details:** - Uses existing Badge component with "warning" variant - Conditionally renders badge only when isStuck = true - Adds direct link to Buildings page for capacity management - Maintains existing Cancel button functionality No breaking changes. Pure UX enhancement. --------- * fix(auth): support single-origin sso routing * fix(web): preserve repeated proxy headers * fix(ci): apply migrations before APP_ROLE all startup * fix(web): hide seeded example accounts in admin list * fix(api): allow admins on developer catalog read endpoints * fix(web): accept redacted company cash in parsers * fix(api): support admin research catalog on developer page * fix(web): separate recipe input items across catalog views * fix(web): centralize item quantity labels for recipe outputs * fix(web): resolve unknown item labels in market lists * fix(web): scope market listings to company tradable items * fix(auth): support single-origin sso routing * fix(web): preserve repeated proxy headers * fix(ci): apply migrations before APP_ROLE all startup * fix(web): hide seeded example accounts in admin list * fix(api): allow admins on developer catalog read endpoints * fix(web): accept redacted company cash in parsers * fix(api): support admin research catalog on developer page * fix(web): separate recipe input items across catalog views * fix(web): centralize item quantity labels for recipe outputs * fix(web): resolve unknown item labels in market lists * fix(web): scope market listings to company tradable items * docs(ops): use example domains and RFC5737 IPs in nginx docs * docs(ops): drop API subdomain blocks from nginx sample * feat(web): add ALPHA preview disclaimer to footer version badge * feat(web): show alpha notice on version hover and overview * fix(web): remove hover helper text from version badge * fix(web): remove focus ring box from maintenance overlay * feat(web): link alpha version badge to Discord updates * fix(web): fetch Discord URL via runtime public-links endpoint * fix(docs): add guideline to avoid commits to main branch * feat(web): replace static onboarding tutorial with guided walkthrough * fix(web): clarify overview metrics as world-level * feat(web): begin guided tutorial with active company snapshot * fix(sim): prevent zero-trade stalls from static bot books * fix(api): harden diagnostics missing-items service injection * fix(ci): resolve root typecheck failures * fix(web): wrap search params hooks in suspense * fix(ci): run release workflow only on main * fix: stabilize prisma startup and restore phase 1-5 web UX * fix(db): run Prisma generate without relying on dotenv-cli shell binary * fix(web): parse buildings definitions payload correctly * fix(web): support legacy buildings definitions payload shape * chore(release): cut v0.10. 0 * fix(db): sync static catalog for production deployments * chore(release): cut v0.10.1 --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix GitHub OAuth Invalid Redirect URL Issue
Problem
corpsim.altitude-interactive.com)corpsim-api.altitude-interactive.com)Solution
/api/auth/*from web domain to API serverBETTER_AUTH_URLcorrectlyChanges
Nginx Configuration (
docs/project/corpsim.altitude.nginx.conf):/api/auth/*from web domain to API server192.0.2.10)Deployment Documentation (
docs/project/DOKPLOY_DOCKERFILE.md):BETTER_AUTH_URLconfiguration for API serviceEnvironment Configuration (
.env.example):Deployment Guide (
docs/project/OAUTH_CALLBACK_FIX.md):Release Entry (
.releases/unreleased/20260219091824-fix-github-oauth-redirect-url.md):webinstead of multiple valuesDeployment Steps Required
To deploy this fix to production:
/api/auth/*requestsBETTER_AUTH_URL=https://corpsim.altitude-interactive.comto API serviceSee
docs/project/OAUTH_CALLBACK_FIX.mdfor complete instructions.Security Summary
No code changes were made - only documentation and configuration updates. CodeQL analysis found no security issues.
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.