Skip to content

Harden Juber for production-ready demo flows#1

Merged
SaarthurR merged 53 commits into
mainfrom
swarm/demo-hardening-2026-07-10
Jul 12, 2026
Merged

Harden Juber for production-ready demo flows#1
SaarthurR merged 53 commits into
mainfrom
swarm/demo-hardening-2026-07-10

Conversation

@SaarthurR

@SaarthurR SaarthurR commented Jul 12, 2026

Copy link
Copy Markdown
Owner

Summary

  • Harden ride, request, contact, messaging, notification, event, and admin lifecycles with atomic Supabase authorization and migrations through 0033.
  • Make public ride browsing deterministic: canonical date filters, no unauthorized request-table reads, explicit sign-in boundaries, and one-shot seat cancellation UX.
  • Surface backend read failures through accessible desktop/mobile recovery boundaries instead of misleading empty states, zero counts, or false 404s.
  • Complete desktop/mobile route continuity, retained post-trip chat, notification retries, accessibility, contrast, CI, and deployment documentation.

Test plan

  • npm test — 275 tests passed
  • npx tsc --noEmit
  • npm run lint
  • npm run build
  • git diff --check origin/main...HEAD
  • Supabase migrations 00010033 aligned locally/remotely in the prior database verification wave
  • Linked Supabase DB lint and rollbacked SQL/JWT/concurrency suites passed in the prior database verification wave
  • Anonymous interactive browser smoke: 35/35 in the prior preview verification wave
  • Independent per-wave review, rereview, whole-branch review, and final fresh sweep completed

Known deployment configuration

  • Cancellation SMS remains best-effort until TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, and TWILIO_FROM_NUMBER are configured in Production.
  • Real authenticated two-account WebSocket E2E is not claimed; SQL/JWT/concurrency and anonymous preview/browser coverage are included.
  • Exact-location privacy and external event URL modeling remain separate product-policy roadmap work and are not represented as completed here.

SaarthurR and others added 30 commits July 10, 2026 22:35
Lock concurrent ride, conversation, and event workflows while tightening grants, RLS, indexes, and per-user message visibility.

Co-authored-by: Cursor <cursoragent@cursor.com>
Centralize strict redirect targets, date-safe event loading, and profile contact context so upcoming mobile flows reuse one verified implementation.

Co-authored-by: Cursor <cursoragent@cursor.com>
Fail the profile contact nudge open only for RPC errors while preserving clean missing-contact enforcement and database write guards.

Co-authored-by: Cursor <cursoragent@cursor.com>
Restore global test stubs deterministically and assert the safe structured error log used by the outage fallback.

Co-authored-by: Cursor <cursoragent@cursor.com>
Respect conversation hiding and unread cutoffs across desktop and mobile while keeping realtime updates incremental and thread rendering bounded.

Co-authored-by: Cursor <cursoragent@cursor.com>
Keep conversations available after rides, isolate per-user hide state, expire raw contact access, and harden realtime inbox and notification behavior.

Co-authored-by: Cursor <cursoragent@cursor.com>
Constrain booking-state transitions, make sends retry-safe, reconcile realtime reconnects, and keep archived messaging and notifications privacy-correct.

Co-authored-by: Cursor <cursoragent@cursor.com>
Restrict lifecycle mutations, remove private hide-state publication, and make messaging catch-up and notification state converge exactly.

Co-authored-by: Cursor <cursoragent@cursor.com>
Prevent cross-thread refresh cancellation and keep mounted archive state current across remote lifecycle changes and long departure timers.

Co-authored-by: Cursor <cursoragent@cursor.com>
Enable mounted chat views to receive ride and request status changes while preserving RLS and keeping private hide state unpublished.

Co-authored-by: Cursor <cursoragent@cursor.com>
Remove direct anonymous ride-table privileges while preserving public RPC browsing and authenticated Realtime updates.

Co-authored-by: Cursor <cursoragent@cursor.com>
Make seat requests atomic and repeatable, keep mobile actions in-shell, expose clear pending/errors, and defer best-effort SMS from committed cancellations.

Co-authored-by: Cursor <cursoragent@cursor.com>
Keep ride actions on valid routes, preserve redirect control flow, surface reserve failures inline, and fully defer cancellation SMS work.

Co-authored-by: Cursor <cursoragent@cursor.com>
Restore secure re-request actions, hide stale driver decisions, and enforce cancellation reasons against fresh server state.

Co-authored-by: Cursor <cursoragent@cursor.com>
Lock ride state during decline transitions so terminal rides cannot be mutated by concurrent driver actions.

Co-authored-by: Cursor <cursoragent@cursor.com>
Expose privacy-safe public event data, keep mobile browsing in-shell, and make event requests clear, secondary, and fully feedback-driven.

Co-authored-by: Cursor <cursoragent@cursor.com>
Ungate public ride navigation, preserve request success feedback, and allow mobile event back navigation without opening sign-in.

Co-authored-by: Cursor <cursoragent@cursor.com>
Keep sign-in returns, ride actions, profile links, notifications, and posting flows inside concrete mobile routes with strict destination validation.

Co-authored-by: Cursor <cursoragent@cursor.com>
Carry only canonical event and ride-tab parameters through sign-in while rejecting duplicate, malformed, and external destinations.

Co-authored-by: Cursor <cursoragent@cursor.com>
Preserve sanitized event and tab context across required profile completion while keeping normal profile edits and hostile inputs safely contained.

Co-authored-by: Cursor <cursoragent@cursor.com>
Honor desktop opt-out, preserve mobile intent, and revalidate pathname-only cache targets while redirecting with canonical query context.

Co-authored-by: Cursor <cursoragent@cursor.com>
Map sanitized mobile return targets to concrete desktop counterparts across OAuth, onboarding, profile save, and proxy handling.

Co-authored-by: Cursor <cursoragent@cursor.com>
Add one mobile realtime owner, retry-safe row and bulk read controls, desktop list reconciliation, and hidden-chat-safe cancellation detail rendering.

Co-authored-by: Cursor <cursoragent@cursor.com>
Separate row and bulk failures, remove render-time sync, guard overlapping refreshes, and exercise production notification state transitions directly.

Co-authored-by: Cursor <cursoragent@cursor.com>
Prevent overlapping row and bulk updates, clear stale feedback on authoritative sync, and make expired sessions surface retryable failures.

Co-authored-by: Cursor <cursoragent@cursor.com>
Use complete unread IDs to distinguish list eviction from confirmed reads so pending operations cannot release early.

Co-authored-by: Cursor <cursoragent@cursor.com>
Keep in-flight locks through failed refreshes and retain safe row metadata so bounded mobile lists can still render an exact retry.

Co-authored-by: Cursor <cursoragent@cursor.com>
Retain one specifically named busy retry control through matching completion or authoritative confirmation without duplicating row actions.

Co-authored-by: Cursor <cursoragent@cursor.com>
Use guarded aria-disabled behavior so the same busy retry control retains keyboard focus without accepting duplicate activation.

Co-authored-by: Cursor <cursoragent@cursor.com>
Synchronize ride tabs with browser history and add precise duplicate-safe pending states across admin, profile, contact, and request actions.

Co-authored-by: Cursor <cursoragent@cursor.com>
SaarthurR and others added 19 commits July 11, 2026 15:57
Add full keyboard tab semantics, validation-safe mutation locks, and React-managed sign-out feedback with shared error handling.

Co-authored-by: Cursor <cursoragent@cursor.com>
Commit browser history only for real tab changes while preserving keyboard focus, filters, and Back synchronization.

Co-authored-by: Cursor <cursoragent@cursor.com>
Unify focus-safe modal behavior, guard pending dismissal, raise verified text contrast, and expose existing legal routes across desktop and mobile.

Co-authored-by: Cursor <cursoragent@cursor.com>
Make legal links truly public and touch-friendly, migrate the sign-in prompt to shared focus behavior, and clear remaining light-surface contrast failures.

Co-authored-by: Cursor <cursoragent@cursor.com>
Expose the signed-out legal surface, share pending state with contact-sheet dismissal, and raise the final footer tagline above AA contrast.

Co-authored-by: Cursor <cursoragent@cursor.com>
Allow signed-out Rides, Events, and Profile navigation while retaining auth gates on Requests and Post.

Co-authored-by: Cursor <cursoragent@cursor.com>
Keep mobile renders free of desktop queries, consolidate desktop notifications, and preserve page state with one passive reduced-motion route indicator.

Co-authored-by: Cursor <cursoragent@cursor.com>
Use Next Link onNavigate after cancellation checks and invalidate notification refresh work across user and snapshot changes.

Co-authored-by: Cursor <cursoragent@cursor.com>
Track the last completed pathname and query so progress starts only for real Back or Forward route transitions.

Co-authored-by: Cursor <cursoragent@cursor.com>
Track revisioned unpaired URL changes so real history transitions settle once while hash-only and stale events remain quiet.

Co-authored-by: Cursor <cursoragent@cursor.com>
Refresh Supabase cookies before strict mobile redirects, preserve safe queries, and copy only Set-Cookie state across first-hop routing.

Co-authored-by: Cursor <cursoragent@cursor.com>
Set the persistent desktop cookie only for a single desktop=1 value and include root-level proxy tests in the standard suite.

Co-authored-by: Cursor <cursoragent@cursor.com>
Wire approvals through the database RPC, surface typed outcomes for every mutation, and bound and deduplicate JCNC imports.

Co-authored-by: Cursor <cursoragent@cursor.com>
Add a row-locked approval result contract, detect stale deletes, and verify concurrent admin actions against production server-action paths.

Co-authored-by: Cursor <cursoragent@cursor.com>
Automate all verification gates, document the full Supabase and demo setup, track safe env placeholders, and clarify post-booking and empty-state guidance.

Co-authored-by: Cursor <cursoragent@cursor.com>
Remove branch filtering while retaining pull-request checks, least permissions, concurrency, caching, and all required gates.

Co-authored-by: Cursor <cursoragent@cursor.com>
Reject expired transitions, freeze message identity, narrow table privileges, scope public event rides directly, and remove the dead footer contact.

Co-authored-by: Cursor <cursoragent@cursor.com>
Keep the authenticated RLS no-op check and add a service-role path that proves the transition trigger rejects stale fulfillment with the expected error.

Co-authored-by: Cursor <cursoragent@cursor.com>
Give anonymous and signed-in mobile pages one semantic main region without changing BottomNav or layout behavior.

Co-authored-by: Cursor <cursoragent@cursor.com>
@vercel

vercel Bot commented Jul 12, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
juber Ready Ready Preview, Comment Jul 12, 2026 6:47pm

Add private location and party booking, moderation, event, onboarding, and realtime lifecycle support while closing security, accessibility, and performance gaps.

Co-authored-by: Cursor <cursoragent@cursor.com>
Run ride and request label validation under the trigger owner so authenticated posting succeeds without exposing the validator helper.

Co-authored-by: Cursor <cursoragent@cursor.com>
Extend ProfileForm with an optional steps mode that renders a centered,
step-by-step onboarding wizard (Welcome to Juber, then name, contact,
photo, home, vehicle) on desktop and mobile. Edit and contact_required
paths render unchanged; redirect/allowlist surface and server actions are
untouched, with the server still authoritative for contact.

Co-authored-by: Cursor <cursoragent@cursor.com>
@SaarthurR SaarthurR merged commit 5b91873 into main Jul 12, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant