chore(changelog): include unreleased and full commit output

test(mvp1): add owner invariants and media form coverage
feat(settings): manage public header banner in admin
2026-02-12 20:43:05 +01:00 · 2026-02-12 20:34:53 +01:00 · 2026-02-12 20:18:00 +01:00
13 changed files with 762 additions and 12 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,56 @@
 ## Unreleased (2026-02-12)
 * test(admin): cover support fallback route and mark todo complete ([4ac74101487e0bb220215328510fd4344c9110e3](https://git.fellies.net/Citali/cms.fellies.org/commits/4ac74101487e0bb220215328510fd4344c9110e3))
 * test(auth): add registration policy route-flow integration tests ([39178c2d8d9c203ceca63a36012b58173d21d4d4](https://git.fellies.net/Citali/cms.fellies.org/commits/39178c2d8d9c203ceca63a36012b58173d21d4d4))
 * test(ci): add quality gates, e2e data prep, and i18n integration coverage ([4d4b583cf4dcb0f3b99f74c666af15d3b1a0fc59](https://git.fellies.net/Citali/cms.fellies.org/commits/4d4b583cf4dcb0f3b99f74c666af15d3b1a0fc59))
 * test(crud): finalize MVP1 gate CRUD contract coverage ([36b09cd9d76049219569bb4828aa292aec78a935](https://git.fellies.net/Citali/cms.fellies.org/commits/36b09cd9d76049219569bb4828aa292aec78a935))
 * test(e2e): add mvp1 happy path scenarios ([7c4b667bc79a022518d03a52a98060a9c86c673c](https://git.fellies.net/Citali/cms.fellies.org/commits/7c4b667bc79a022518d03a52a98060a9c86c673c))
 * test(mvp0): complete remaining i18n, RBAC, and CRUD coverage ([3b130568e9bfff9e428c3650c37dd8b1abfbed57](https://git.fellies.net/Citali/cms.fellies.org/commits/3b130568e9bfff9e428c3650c37dd8b1abfbed57))
 * test(mvp1): add owner invariants and media form coverage ([37f62a8007d6b50e7b53e5785365965c00c74a5b](https://git.fellies.net/Citali/cms.fellies.org/commits/37f62a8007d6b50e7b53e5785365965c00c74a5b))
 * test(mvp1): expand domain schema and service unit coverage ([24676bd384c39d954b791ff2322a4469ab86a83a](https://git.fellies.net/Citali/cms.fellies.org/commits/24676bd384c39d954b791ff2322a4469ab86a83a))
 * feat(admin-auth): add first-start onboarding flow and dev db reset command ([7b665ae633e869560654cf1c115d12dc05af1c45](https://git.fellies.net/Citali/cms.fellies.org/commits/7b665ae633e869560654cf1c115d12dc05af1c45))
 * feat(admin-auth): support username login and add dashboard logout ([b96cd6d8005aea50c49a70540e0fd2afff94c682](https://git.fellies.net/Citali/cms.fellies.org/commits/b96cd6d8005aea50c49a70540e0fd2afff94c682))
 * feat(admin-i18n): add cookie-based locale runtime and switcher baseline ([b618c8cb5161eef46e80d622156a1e53a732ea35](https://git.fellies.net/Citali/cms.fellies.org/commits/b618c8cb5161eef46e80d622156a1e53a732ea35))
 * feat(admin): add IA shell and protected section skeleton routes ([bf1a92d129b89811b58d6920a4e09482816988a0](https://git.fellies.net/Citali/cms.fellies.org/commits/bf1a92d129b89811b58d6920a4e09482816988a0))
 * feat(admin): add posts CRUD sandbox and shared CRUD foundation ([07e5f53793da5aa0b17e62a3a9b99c23a56dbcf0](https://git.fellies.net/Citali/cms.fellies.org/commits/07e5f53793da5aa0b17e62a3a9b99c23a56dbcf0))
 * feat(admin): add registration policy settings and disabled register state ([d0f731743c789ef836e4573eadece2f4c67c973d](https://git.fellies.net/Citali/cms.fellies.org/commits/d0f731743c789ef836e4573eadece2f4c67c973d))
 * feat(auth): block protected account deletion in auth endpoints ([0e2248b5c7f72684e4db6d4ab8f306b10f50ac66](https://git.fellies.net/Citali/cms.fellies.org/commits/0e2248b5c7f72684e4db6d4ab8f306b10f50ac66))
 * feat(auth): bootstrap protected support and first owner users ([411861419f160e3573a71ea67d57af7e0e91de7d](https://git.fellies.net/Citali/cms.fellies.org/commits/411861419f160e3573a71ea67d57af7e0e91de7d))
 * feat(auth): enforce single-owner invariant in bootstrap flow ([29a6e38ff3b725e4232736c4b5b007a2989acb82](https://git.fellies.net/Citali/cms.fellies.org/commits/29a6e38ff3b725e4232736c4b5b007a2989acb82))
 * feat(ci): stamp build metadata and validate footer version hash ([af52b8581f7dbe320c92752fcc56b73e37f0c2ba](https://git.fellies.net/Citali/cms.fellies.org/commits/af52b8581f7dbe320c92752fcc56b73e37f0c2ba))
 * feat(commissions): add customer records and kanban workflow baseline ([994b33e081c3507cbf88820028b819a4fc4b07a0](https://git.fellies.net/Citali/cms.fellies.org/commits/994b33e081c3507cbf88820028b819a4fc4b07a0))
 * feat(content): add announcements and public news flows ([dbf817c25511b3038b7abe81e4577d3518fd3f19](https://git.fellies.net/Citali/cms.fellies.org/commits/dbf817c25511b3038b7abe81e4577d3518fd3f19))
 * feat(media): add admin media CRUD preview and storage cleanup ([7d9bc9dca9197e87cc590ad6b49837c5774fcd4f](https://git.fellies.net/Citali/cms.fellies.org/commits/7d9bc9dca9197e87cc590ad6b49837c5774fcd4f))
 * feat(media): add mvp1 upload pipeline baseline ([5becba602c3aaefbe24ec71414f62b29a155d158](https://git.fellies.net/Citali/cms.fellies.org/commits/5becba602c3aaefbe24ec71414f62b29a155d158))
 * feat(media): complete mvp1 media foundation workflows ([ad351ed73ab7c76a9e751348ebf943aec5f0d084](https://git.fellies.net/Citali/cms.fellies.org/commits/ad351ed73ab7c76a9e751348ebf943aec5f0d084))
 * feat(media): default to s3 with local upload fallback ([86a8af25d8c28c2ab19039b56b1c69263c7450c5](https://git.fellies.net/Citali/cms.fellies.org/commits/86a8af25d8c28c2ab19039b56b1c69263c7450c5))
 * feat(media): scaffold mvp1 media and portfolio foundation ([d727ab8b5b896e5471829a6a1880dc33da28d070](https://git.fellies.net/Citali/cms.fellies.org/commits/d727ab8b5b896e5471829a6a1880dc33da28d070))
 * feat(media): support local and s3 upload providers ([19738b77d8842f3263e7f049aa47063dcfbd4ae6](https://git.fellies.net/Citali/cms.fellies.org/commits/19738b77d8842f3263e7f049aa47063dcfbd4ae6))
 * feat(pages): add pages and navigation builder baseline ([281b1d7a1be72af4cff790ca7e97d51cafcd8139](https://git.fellies.net/Citali/cms.fellies.org/commits/281b1d7a1be72af4cff790ca7e97d51cafcd8139))
 * feat(release): publish gitea release notes and enable production rollback ([ccac669454b46a3918b34df1d3c5f0e5f00aa1d9](https://git.fellies.net/Citali/cms.fellies.org/commits/ccac669454b46a3918b34df1d3c5f0e5f00aa1d9))
 * feat(settings): manage public header banner in admin ([d1face36c540673486b494d276f5af1621b6e6cb](https://git.fellies.net/Citali/cms.fellies.org/commits/d1face36c540673486b494d276f5af1621b6e6cb))
 * feat(versioning): show runtime version and git hash in app footers ([3de4d5732e26e06e825986e58ec271d0f0ff4007](https://git.fellies.net/Citali/cms.fellies.org/commits/3de4d5732e26e06e825986e58ec271d0f0ff4007))
 * feat(web-i18n): add es/fr locales and expand switcher locale set ([de26cb7647cf537a783cc9c77ae447a0f8a09ef6](https://git.fellies.net/Citali/cms.fellies.org/commits/de26cb7647cf537a783cc9c77ae447a0f8a09ef6))
 * feat(web): complete MVP0 public layout, banner, and SEO baseline ([8390689c8dd81dca5662b842c827a4759a9025e1](https://git.fellies.net/Citali/cms.fellies.org/commits/8390689c8dd81dca5662b842c827a4759a9025e1))
 * feat(web): render cms pages and navigation from db ([f65a9ea03f39c21ee9b31e7f9100e3a1f522525f](https://git.fellies.net/Citali/cms.fellies.org/commits/f65a9ea03f39c21ee9b31e7f9100e3a1f522525f))
 * refactor(db): simplify to single prisma schema workflow ([df1280af4a1d24bd9374fc9a005cea9142745d46](https://git.fellies.net/Citali/cms.fellies.org/commits/df1280af4a1d24bd9374fc9a005cea9142745d46))
 * refactor(media): use asset-centric storage key layout ([3e4f0b6c75c59422675637bf658b6682c22f4a89](https://git.fellies.net/Citali/cms.fellies.org/commits/3e4f0b6c75c59422675637bf658b6682c22f4a89))
 * docs(adr): add glossary pages and ADR baseline structure ([cec87679ca5efcf70883b6c78245f8197a8a4432](https://git.fellies.net/Citali/cms.fellies.org/commits/cec87679ca5efcf70883b6c78245f8197a8a4432))
 * docs(crud): add implementation examples and complete docs task ([7b4b23fc4ffdd7e6be8af9da6b2026067acbd35e](https://git.fellies.net/Citali/cms.fellies.org/commits/7b4b23fc4ffdd7e6be8af9da6b2026067acbd35e))
 * docs(gitflow): add branch protection verification checklist ([f9f2b4eb15bd42690891bdc8e4d34c5e55c343dc](https://git.fellies.net/Citali/cms.fellies.org/commits/f9f2b4eb15bd42690891bdc8e4d34c5e55c343dc))
 * docs(i18n): add conventions guide and wire docs navigation ([5872593b014e527ef884ea89053f9cf191edf5dc](https://git.fellies.net/Citali/cms.fellies.org/commits/5872593b014e527ef884ea89053f9cf191edf5dc))
 * docs(ops): add environment and deployment runbook ([4d6e17a13b3ee4a00d93713a223871e96ee94550](https://git.fellies.net/Citali/cms.fellies.org/commits/4d6e17a13b3ee4a00d93713a223871e96ee94550))
 * docs(ops): add staging deployment checklist and evidence template ([637dfd2651a8ad7b0900c0a87c714da7750aaae2](https://git.fellies.net/Citali/cms.fellies.org/commits/637dfd2651a8ad7b0900c0a87c714da7750aaae2))
 * docs(product): add cms feature topics, package catalog, and inspiration notes ([5b47fafe89e7d1e4fb42646f8bac0e2423828c07](https://git.fellies.net/Citali/cms.fellies.org/commits/5b47fafe89e7d1e4fb42646f8bac0e2423828c07))
 * docs(versioning): define release policy and close MVP0 pipeline tasks ([516b7730128951a9f0527b89291b21e14e35aca2](https://git.fellies.net/Citali/cms.fellies.org/commits/516b7730128951a9f0527b89291b21e14e35aca2))
 * chore(ci): add gitea actions runner compose setup ([334a5e35264bf57f1f3586bd78364a5b1d704876](https://git.fellies.net/Citali/cms.fellies.org/commits/334a5e35264bf57f1f3586bd78364a5b1d704876))
 * chore(repo): remove theoretical workflow and fix prisma ci generation ([a57464d818c10caa2732c1aac113d9a251342de1](https://git.fellies.net/Citali/cms.fellies.org/commits/a57464d818c10caa2732c1aac113d9a251342de1))
 * chore(repo): update turbo dependency ([37fabad1f8ceb6224c892facb60b5aa2bca02cc5](https://git.fellies.net/Citali/cms.fellies.org/commits/37fabad1f8ceb6224c892facb60b5aa2bca02cc5))
 * fix(ci): gitea workflows ([c174f840bcfa297937fa40bc3ce4593ddc8ca599](https://git.fellies.net/Citali/cms.fellies.org/commits/c174f840bcfa297937fa40bc3ce4593ddc8ca599))
 * fix(db): organize imports for biome check ([14c3df623a84a3307d4e825bbf36cccfd882eb49](https://git.fellies.net/Citali/cms.fellies.org/commits/14c3df623a84a3307d4e825bbf36cccfd882eb49))
 * ci(delivery): add deploy and release workflow scaffolds ([969e88670f5cb3dd0156e4a53bd84d729be4fe82](https://git.fellies.net/Citali/cms.fellies.org/commits/969e88670f5cb3dd0156e4a53bd84d729be4fe82))
 * ci(gitflow): enforce branch and PR governance checks ([21cc55a1b93f9c7d5ec0db7643f6fe895312a325](https://git.fellies.net/Citali/cms.fellies.org/commits/21cc55a1b93f9c7d5ec0db7643f6fe895312a325))
 ## 0.1.0 (2026-02-10)
 ### Features
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -46,7 +46,7 @@ Rules:
 ## Changelog Process
 - Keep commit messages conventional.
- Generate/update `CHANGELOG.md` with:
+- Generate/update `CHANGELOG.md` with release-focused sections (includes `Unreleased`):
 ```bash
 bun run changelog:release
@@ -57,3 +57,10 @@ bun run changelog:release
 ```bash
 bun run changelog:preview
 ```
 - For exhaustive output across all allowed commit types (`feat`, `fix`, `docs`, `test`, `ci`, `chore`, `refactor`, etc.):
 ```bash
 bun run changelog:full:preview
 bun run changelog:full:release
 ```
--- a/README.md
+++ b/README.md
@@ -138,7 +138,7 @@ docker compose --env-file .env.gitea-runner -f docker-compose.gitea-runner.yml u
 - Changelog file: `CHANGELOG.md`
 - Commit schema: Conventional Commits (see `CONTRIBUTING.md`)
- Generate/update changelog from git commits:
+- Generate/update changelog from git commits (release-focused sections + `Unreleased`):
 ```bash
 bun run changelog:release
@@ -150,6 +150,13 @@ bun run changelog:release
 bun run changelog:preview
 ```
 - Generate exhaustive changelog output across all supported commit types:
 ```bash
 bun run changelog:full:preview
 bun run changelog:full:release
 ```
 ## Docs Tool
 - Docs tool: VitePress
--- a/TODO.md
+++ b/TODO.md
@@ -160,7 +160,7 @@ This file is the single source of truth for roadmap and delivery progress.
 - [~] [P1] Customer records (contact profile, notes, consent flags, recurrence marker)
 - [~] [P1] Customer-to-commission linkage and reuse workflow (no re-entry for recurring customers)
 - [~] [P1] Kanban workflow for commissions (new, scoped, in-progress, review, done)
- [ ] [P1] Header banner management (message, CTA, active window)
+- [x] [P1] Header banner management (message, CTA, active window)
 - [~] [P1] Announcements management (prominent site notices with schedule, priority, and audience targeting)
 - [~] [P2] News/blog editorial workflow (draft/review/publish, authoring metadata)
@@ -174,7 +174,7 @@ This file is the single source of truth for roadmap and delivery progress.
 - [ ] [P1] Translation-ready content model for public entities (pages/news/navigation labels)
 - [ ] [P2] Artwork views and listing filters
 - [ ] [P1] Commission request submission flow
- [ ] [P1] Header banner render logic and fallbacks
+- [x] [P1] Header banner render logic and fallbacks
 - [ ] [P1] Announcement render slots (homepage + optional global/top banner position)
 ### News / Blog (Secondary Track)
@@ -187,14 +187,48 @@ This file is the single source of truth for roadmap and delivery progress.
 ### Testing
 - [x] [P1] Unit tests for content schemas and service logic
- [ ] [P1] Component tests for admin forms (pages/media/navigation)
+- [~] [P1] Component tests for admin forms (pages/media/navigation)
- [ ] [P1] Integration tests for owner invariant and hidden support-user protection
+- [x] [P1] Integration tests for owner invariant and hidden support-user protection
 - [x] [P1] Integration tests for registration allow/deny behavior
 - [ ] [P1] Integration tests for translated content CRUD and locale-specific validation
 - [~] [P1] E2E happy paths: create page, publish, see on public app
 - [~] [P1] E2E happy paths: media upload + artwork refinement display
 - [~] [P1] E2E happy paths: commissions kanban transitions
 ### Code Documentation And Handover
 - [ ] [P1] Create architecture map per package/app (`what exists`, `why`, `how to extend`) for `@cms/db`, `@cms/content`, `@cms/crud`, `@cms/ui`, `apps/admin`, `apps/web`
 - [ ] [P1] Add module-level ownership docs for auth, media, pages/navigation, commissions, announcements/news flows
 - [ ] [P1] Document critical invariants (single owner rule, protected support user, registration policy gates, media storage key contract)
 - [ ] [P1] Add “request lifecycle” docs for key flows (auth sign-in/up, media upload, page publish, commission status change)
 - [ ] [P1] Add coding handover playbook: local setup, migration workflow, test strategy, branch/release process, common failure recovery
 - [ ] [P2] Add code-level diagrams (Mermaid) for service boundaries and data relationships
 - [ ] [P2] Add route/action inventory for admin and public apps with linked source files
 ## MVP 1.5: UX/UI And Theming
 ### MVP1.5 Suggested Branch Order
 - [ ] [P1] `todo/mvp15-design-tokens-foundation`:
  establish shared design tokens (color, spacing, radius, typography scale, motion) in `@cms/ui` and app-level theme contracts
 - [ ] [P1] `todo/mvp15-admin-layout-polish`:
  refine admin shell, navigation hierarchy, spacing rhythm, table/form visual consistency, empty/loading/error states
 - [ ] [P1] `todo/mvp15-public-layout-and-templates`:
  define public visual direction (hero/header/footer/content widths), page templates for home/content/news/portfolio
 - [ ] [P2] `todo/mvp15-component-library-pass`:
  align shadcn-based primitives with CMS brand system (buttons, inputs, cards, badges, tabs, dialogs, toasts)
 - [ ] [P2] `todo/mvp15-responsive-and-a11y-pass`:
  mobile/tablet breakpoints, keyboard flow, focus states, contrast checks, reduced-motion support
 - [ ] [P2] `todo/mvp15-visual-regression-baseline`:
  add screenshot baselines for critical admin/public routes to guard layout regressions
 ### Deliverables
 - [ ] [P1] Admin UI baseline feels production-ready for daily editorial use
 - [ ] [P1] Public UI baseline is template-ready for artist branding and portfolio storytelling
 - [ ] [P2] Shared UI primitives are consistent across admin and public apps
 - [ ] [P2] Core routes have visual-regression coverage for the new layout baseline
 ## MVP 2: Production Readiness
 ### Admin App
@@ -282,6 +316,9 @@ This file is the single source of truth for roadmap and delivery progress.
 - [2026-02-12] Added `e2e/happy-paths.pw.ts` covering admin login, page publish/public rendering, announcement rendering, media upload, and commission status transition.
 - [2026-02-12] Expanded unit coverage for content/domain schemas and post service behavior (`packages/content/src/domain-schemas.test.ts`, `packages/db/src/posts.test.ts`).
 - [2026-02-12] Added auth flow integration tests for `/login`, `/register`, `/welcome` to validate registration allow/deny and owner bootstrap redirects.
 - [2026-02-12] Admin settings now manage public header banner (enabled/message/CTA), backed by `system_setting` and consumed by public layout rendering.
 - [2026-02-12] Added owner/support invariant integration tests for auth guards (`apps/admin/src/lib/auth/server.test.ts`), covering protected-user deletion blocking and one-owner repair/promotion rules.
 - [2026-02-12] Started admin form component tests with media upload behavior coverage (`apps/admin/src/components/media/media-upload-form.test.tsx`).
 ## How We Use This File
--- a/apps/admin/src/app/settings/page.tsx
+++ b/apps/admin/src/app/settings/page.tsx
@@ -1,4 +1,9 @@
-import { isAdminSelfRegistrationEnabled, setAdminSelfRegistrationEnabled } from "@cms/db"
+import {
  getPublicHeaderBannerConfig,
  isAdminSelfRegistrationEnabled,
  setAdminSelfRegistrationEnabled,
  setPublicHeaderBannerConfig,
 } from "@cms/db"
 import { Button } from "@cms/ui/button"
 import { revalidatePath } from "next/cache"
 import Link from "next/link"
@@ -79,6 +84,53 @@ async function updateRegistrationPolicyAction(formData: FormData) {
  )
 }
 async function updatePublicHeaderBannerAction(formData: FormData) {
  "use server"
  await requireSettingsPermission()
  const t = await getSettingsTranslator()
  const enabled = formData.get("bannerEnabled") === "on"
  const message = toSingleValue(formData.get("bannerMessage")?.toString())?.trim() ?? ""
  const ctaLabel = toSingleValue(formData.get("bannerCtaLabel")?.toString())?.trim() ?? ""
  const ctaHref = toSingleValue(formData.get("bannerCtaHref")?.toString())?.trim() ?? ""
  if (enabled && message.length === 0) {
    redirect(
      `/settings?error=${encodeURIComponent(
        t(
          "settings.banner.errors.messageRequired",
          "Banner message is required while banner is enabled.",
        ),
      )}`,
    )
  }
  try {
    await setPublicHeaderBannerConfig({
      enabled,
      message,
      ctaLabel: ctaLabel || null,
      ctaHref: ctaHref || null,
    })
  } catch {
    redirect(
      `/settings?error=${encodeURIComponent(
        t(
          "settings.banner.errors.updateFailed",
          "Saving banner settings failed. Ensure database migrations are applied.",
        ),
      )}`,
    )
  }
  revalidatePath("/settings")
  redirect(
    `/settings?notice=${encodeURIComponent(
      t("settings.banner.success.updated", "Public header banner settings updated."),
    )}`,
  )
 }
 export default async function SettingsPage({ searchParams }: { searchParams: SearchParamsInput }) {
  const role = await requirePermissionForRoute({
    nextPath: "/settings",
@@ -86,10 +138,11 @@ export default async function SettingsPage({ searchParams }: { searchParams: Sea
    scope: "global",
  })
-  const [params, locale, isRegistrationEnabled] = await Promise.all([
+  const [params, locale, isRegistrationEnabled, publicBanner] = await Promise.all([
    searchParams,
    resolveAdminLocale(),
    isAdminSelfRegistrationEnabled(),
    getPublicHeaderBannerConfig(),
  ])
  const messages = await getAdminMessages(locale)
  const t = (key: string, fallback: string) => translateMessage(messages, key, fallback)
@@ -175,6 +228,72 @@ export default async function SettingsPage({ searchParams }: { searchParams: Sea
          </form>
        </div>
      </section>
      <section className="rounded-xl border border-neutral-200 p-6">
        <div className="space-y-5">
          <div className="space-y-2">
            <h2 className="text-xl font-medium">
              {t("settings.banner.title", "Public header banner")}
            </h2>
            <p className="text-sm text-neutral-600">
              {t(
                "settings.banner.description",
                "Control the top banner shown on the public app header.",
              )}
            </p>
          </div>
          <form action={updatePublicHeaderBannerAction} className="space-y-4">
            <label className="flex items-center gap-3 text-sm">
              <input
                type="checkbox"
                name="bannerEnabled"
                defaultChecked={publicBanner.enabled}
                className="h-4 w-4 rounded border-neutral-300"
              />
              <span>{t("settings.banner.enabledLabel", "Enable public header banner")}</span>
            </label>
            <label className="space-y-1 text-sm">
              <span className="text-xs text-neutral-600">
                {t("settings.banner.messageLabel", "Message")}
              </span>
              <input
                name="bannerMessage"
                defaultValue={publicBanner.message}
                className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
              />
            </label>
            <div className="grid gap-3 md:grid-cols-2">
              <label className="space-y-1 text-sm">
                <span className="text-xs text-neutral-600">
                  {t("settings.banner.ctaLabelLabel", "CTA label (optional)")}
                </span>
                <input
                  name="bannerCtaLabel"
                  defaultValue={publicBanner.ctaLabel ?? ""}
                  className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
                />
              </label>
              <label className="space-y-1 text-sm">
                <span className="text-xs text-neutral-600">
                  {t("settings.banner.ctaHrefLabel", "CTA URL (optional)")}
                </span>
                <input
                  name="bannerCtaHref"
                  defaultValue={publicBanner.ctaHref ?? ""}
                  className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
                />
              </label>
            </div>
            <Button type="submit">
              {t("settings.banner.actions.save", "Save banner settings")}
            </Button>
          </form>
        </div>
      </section>
    </AdminShell>
  )
 }
--- a/apps/admin/src/components/media/media-upload-form.test.tsx
+++ b/apps/admin/src/components/media/media-upload-form.test.tsx
@@ -0,0 +1,84 @@
 /* @vitest-environment jsdom */
 import { fireEvent, render, screen, waitFor } from "@testing-library/react"
 import { afterEach, describe, expect, it, vi } from "vitest"
 import { MediaUploadForm } from "./media-upload-form"
 describe("MediaUploadForm", () => {
  afterEach(() => {
    vi.restoreAllMocks()
  })
  it("updates accepted MIME list based on selected media type", () => {
    render(<MediaUploadForm />)
    const fileInput = screen.getByLabelText("File") as HTMLInputElement
    const typeSelect = screen.getByLabelText("Type") as HTMLSelectElement
    expect(fileInput.accept).toContain("image/jpeg")
    fireEvent.change(typeSelect, { target: { value: "video" } })
    expect(fileInput.accept).toContain("video/mp4")
    expect(fileInput.accept).not.toContain("image/jpeg")
  })
  it("shows API error message when upload fails", async () => {
    const fetchMock = vi.spyOn(globalThis, "fetch").mockResolvedValue({
      ok: false,
      json: async () => ({ message: "Invalid file type" }),
    } as Response)
    render(<MediaUploadForm />)
    const form = screen.getByRole("button", { name: "Upload media" }).closest("form")
    if (!form) {
      throw new Error("Upload form not found")
    }
    const fileInput = screen.getByLabelText("File") as HTMLInputElement
    fireEvent.change(fileInput, {
      target: {
        files: [new File(["x"], "demo.png", { type: "image/png" })],
      },
    })
    fireEvent.submit(form)
    await waitFor(() => {
      expect(screen.queryByText("Invalid file type")).not.toBeNull()
    })
    expect(fetchMock).toHaveBeenCalledWith(
      "/api/media/upload",
      expect.objectContaining({ method: "POST" }),
    )
  })
  it("shows network error message when request throws", async () => {
    vi.spyOn(globalThis, "fetch").mockRejectedValue(new Error("network down"))
    render(<MediaUploadForm />)
    const form = screen.getByRole("button", { name: "Upload media" }).closest("form")
    if (!form) {
      throw new Error("Upload form not found")
    }
    const fileInput = screen.getByLabelText("File") as HTMLInputElement
    fireEvent.change(fileInput, {
      target: {
        files: [new File(["x"], "demo.png", { type: "image/png" })],
      },
    })
    fireEvent.submit(form)
    await waitFor(() => {
      expect(screen.queryByText("Upload request failed. Please retry.")).not.toBeNull()
    })
  })
 })
--- a/apps/admin/src/lib/auth/server.test.ts
+++ b/apps/admin/src/lib/auth/server.test.ts
@@ -0,0 +1,238 @@
 import { beforeEach, describe, expect, it, vi } from "vitest"
 const { mockDb, mockIsAdminSelfRegistrationEnabled, mockAuth, mockAuthRouteHandlers } = vi.hoisted(
  () => {
    const mockDb = {
      user: {
        count: vi.fn(),
        findUnique: vi.fn(),
        findMany: vi.fn(),
        findFirst: vi.fn(),
        update: vi.fn(),
        updateMany: vi.fn(),
      },
      $transaction: vi.fn(),
    }
    return {
      mockDb,
      mockIsAdminSelfRegistrationEnabled: vi.fn(),
      mockAuth: {
        api: {
          getSession: vi.fn(),
        },
        $context: Promise.resolve({
          internalAdapter: {
            findUserByEmail: vi.fn(),
            linkAccount: vi.fn(),
            createUser: vi.fn(),
          },
          password: {
            hash: vi.fn(async (value: string) => `hashed:${value}`),
          },
        }),
      },
      mockAuthRouteHandlers: {
        GET: vi.fn(),
        POST: vi.fn(),
        PATCH: vi.fn(),
        PUT: vi.fn(),
        DELETE: vi.fn(),
      },
    }
  },
 )
 vi.mock("@cms/db", () => ({
  db: mockDb,
  isAdminSelfRegistrationEnabled: mockIsAdminSelfRegistrationEnabled,
 }))
 vi.mock("better-auth", () => ({
  betterAuth: vi.fn(() => mockAuth),
 }))
 vi.mock("better-auth/adapters/prisma", () => ({
  prismaAdapter: vi.fn(() => ({})),
 }))
 vi.mock("better-auth/next-js", () => ({
  toNextJsHandler: vi.fn(() => mockAuthRouteHandlers),
 }))
 import {
  canDeleteUserAccount,
  enforceOwnerInvariant,
  promoteFirstRegisteredUserToOwner,
 } from "./server"
 describe("auth owner/support invariants", () => {
  beforeEach(() => {
    mockIsAdminSelfRegistrationEnabled.mockReset()
    mockDb.user.count.mockReset()
    mockDb.user.findUnique.mockReset()
    mockDb.user.findMany.mockReset()
    mockDb.user.findFirst.mockReset()
    mockDb.user.update.mockReset()
    mockDb.user.updateMany.mockReset()
    mockDb.$transaction.mockReset()
  })
  it("blocks deletion of protected users", async () => {
    mockDb.user.findUnique.mockResolvedValue({
      role: "support",
      isProtected: true,
    })
    const allowed = await canDeleteUserAccount("user-protected")
    expect(allowed).toBe(false)
  })
  it("allows deletion of non-owner non-protected users", async () => {
    mockDb.user.findUnique.mockResolvedValue({
      role: "editor",
      isProtected: false,
    })
    const allowed = await canDeleteUserAccount("user-editor")
    expect(allowed).toBe(true)
  })
  it("keeps sole owner non-deletable", async () => {
    mockDb.user.findUnique.mockResolvedValue({
      role: "owner",
      isProtected: false,
    })
    mockDb.user.count.mockResolvedValue(1)
    const allowed = await canDeleteUserAccount("owner-1")
    expect(allowed).toBe(false)
  })
  it("promotes earliest non-support user when no owner exists", async () => {
    const tx = {
      user: {
        findMany: vi.fn().mockResolvedValue([]),
        findFirst: vi.fn().mockResolvedValue({ id: "candidate-1" }),
        update: vi.fn().mockResolvedValue({ id: "candidate-1" }),
        updateMany: vi.fn(),
      },
    }
    mockDb.$transaction.mockImplementation(async (callback: (trx: typeof tx) => unknown) =>
      callback(tx),
    )
    const result = await enforceOwnerInvariant()
    expect(result).toEqual({
      ownerId: "candidate-1",
      ownerCount: 1,
      repaired: true,
    })
    expect(tx.user.update).toHaveBeenCalledTimes(1)
  })
  it("demotes extra owners and repairs canonical owner protection", async () => {
    const tx = {
      user: {
        findMany: vi.fn().mockResolvedValue([
          { id: "owner-a", isProtected: false, isBanned: true },
          { id: "owner-b", isProtected: true, isBanned: false },
        ]),
        findFirst: vi.fn(),
        update: vi.fn().mockResolvedValue({ id: "owner-a" }),
        updateMany: vi.fn().mockResolvedValue({ count: 1 }),
      },
    }
    mockDb.$transaction.mockImplementation(async (callback: (trx: typeof tx) => unknown) =>
      callback(tx),
    )
    const result = await enforceOwnerInvariant()
    expect(result).toEqual({
      ownerId: "owner-a",
      ownerCount: 1,
      repaired: true,
    })
    expect(tx.user.updateMany).toHaveBeenCalledWith({
      where: { id: { in: ["owner-b"] } },
      data: { role: "admin", isProtected: false },
    })
    expect(tx.user.update).toHaveBeenCalledWith({
      where: { id: "owner-a" },
      data: { isProtected: true, isBanned: false },
    })
  })
  it("does not promote first registration when an owner already exists", async () => {
    mockDb.$transaction.mockImplementationOnce(
      async (
        callback: (tx: {
          user: { findFirst: () => Promise<{ id: string }>; update: () => void }
        }) => unknown,
      ) =>
        callback({
          user: {
            findFirst: vi.fn().mockResolvedValue({ id: "owner-existing" }),
            update: vi.fn(),
          },
        }),
    )
    const promoted = await promoteFirstRegisteredUserToOwner("candidate")
    expect(promoted).toBe(false)
  })
  it("promotes first registration and re-enforces owner invariant", async () => {
    mockDb.$transaction
      .mockImplementationOnce(
        async (
          callback: (tx: {
            user: { findFirst: () => Promise<null>; update: () => Promise<{ id: string }> }
          }) => unknown,
        ) =>
          callback({
            user: {
              findFirst: vi.fn().mockResolvedValue(null),
              update: vi.fn().mockResolvedValue({ id: "candidate" }),
            },
          }),
      )
      .mockImplementationOnce(
        async (
          callback: (tx: {
            user: {
              findMany: () => Promise<
                Array<{ id: string; isProtected: boolean; isBanned: boolean }>
              >
              findFirst: () => void
              update: () => void
              updateMany: () => void
            }
          }) => unknown,
        ) =>
          callback({
            user: {
              findMany: vi
                .fn()
                .mockResolvedValue([{ id: "candidate", isProtected: true, isBanned: false }]),
              findFirst: vi.fn(),
              update: vi.fn(),
              updateMany: vi.fn(),
            },
          }),
      )
    const promoted = await promoteFirstRegisteredUserToOwner("candidate")
    expect(promoted).toBe(true)
    expect(mockDb.$transaction).toHaveBeenCalledTimes(2)
  })
 })
--- a/conventional-changelog.config.cjs
+++ b/conventional-changelog.config.cjs
@@ -0,0 +1,30 @@
 module.exports = {
  preset: "conventionalcommits",
  writerOpts: {
    transform: (commit) => {
      const typeMap = {
        feat: "Features",
        fix: "Bug Fixes",
        perf: "Performance",
        refactor: "Refactors",
        docs: "Documentation",
        test: "Tests",
        build: "Build System",
        ci: "CI",
        chore: "Chores",
        revert: "Reverts",
      }
      const mappedType = typeMap[commit.type]
      if (!mappedType) {
        return undefined
      }
      return {
        ...commit,
        type: mappedType,
      }
    },
  },
 }
--- a/docs/workflow.md
+++ b/docs/workflow.md
@@ -23,12 +23,18 @@ Follow `BRANCHING.md`:
 ## Changelog
 - Conventional commits required (see `CONTRIBUTING.md`)
- Generate changelog with:
+- Generate changelog with release-focused sections and `Unreleased`:
 ```bash
 bun run changelog:release
 ```
 - For exhaustive output across all allowed commit types:
 ```bash
 bun run changelog:full:preview
 ```
 ## Governance
 - Branch and PR governance checks run in `.gitea/workflows/ci.yml`.
--- a/package.json
+++ b/package.json
@@ -23,8 +23,10 @@
    "test:e2e:headed": "bun run test:e2e:prepare && playwright test --headed",
    "test:e2e:ui": "bun run test:e2e:prepare && playwright test --ui",
    "commitlint": "commitlint --last",
-    "changelog:preview": "conventional-changelog -p conventionalcommits -r 0",
+    "changelog:preview": "conventional-changelog -p conventionalcommits -r 0 -u",
-    "changelog:release": "conventional-changelog -p conventionalcommits -i CHANGELOG.md -s",
+    "changelog:release": "conventional-changelog -p conventionalcommits -i CHANGELOG.md -s -u",
    "changelog:full:preview": "conventional-changelog -n ./conventional-changelog.config.cjs -r 0 -u",
    "changelog:full:release": "conventional-changelog -n ./conventional-changelog.config.cjs -i CHANGELOG.md -s -u",
    "lint": "turbo lint",
    "typecheck": "turbo typecheck",
    "format": "biome format --write .",
--- a/packages/db/src/index.ts
+++ b/packages/db/src/index.ts
@@ -57,9 +57,11 @@ export {
  registerPostCrudAuditHook,
  updatePost,
 } from "./posts"
-export type { PublicHeaderBanner } from "./settings"
+export type { PublicHeaderBanner, PublicHeaderBannerConfig } from "./settings"
 export {
  getPublicHeaderBanner,
  getPublicHeaderBannerConfig,
  isAdminSelfRegistrationEnabled,
  setAdminSelfRegistrationEnabled,
  setPublicHeaderBannerConfig,
 } from "./settings"
--- a/packages/db/src/settings.test.ts
+++ b/packages/db/src/settings.test.ts
@@ -0,0 +1,92 @@
 import { beforeEach, describe, expect, it, vi } from "vitest"
 const { mockDb } = vi.hoisted(() => ({
  mockDb: {
    systemSetting: {
      findUnique: vi.fn(),
      upsert: vi.fn(),
    },
  },
 }))
 vi.mock("./client", () => ({
  db: mockDb,
 }))
 import {
  getPublicHeaderBanner,
  getPublicHeaderBannerConfig,
  isAdminSelfRegistrationEnabled,
  setPublicHeaderBannerConfig,
 } from "./settings"
 describe("settings service", () => {
  const previousEnv = process.env.CMS_ADMIN_SELF_REGISTRATION_ENABLED
  beforeEach(() => {
    mockDb.systemSetting.findUnique.mockReset()
    mockDb.systemSetting.upsert.mockReset()
    process.env.CMS_ADMIN_SELF_REGISTRATION_ENABLED = previousEnv
  })
  it("falls back to env flag when registration setting is missing", async () => {
    process.env.CMS_ADMIN_SELF_REGISTRATION_ENABLED = "true"
    mockDb.systemSetting.findUnique.mockResolvedValue(null)
    const enabled = await isAdminSelfRegistrationEnabled()
    expect(enabled).toBe(true)
  })
  it("reads active public header banner payload", async () => {
    mockDb.systemSetting.findUnique.mockResolvedValue({
      value: JSON.stringify({
        enabled: true,
        message: "Commissions open",
        ctaLabel: "Book now",
        ctaHref: "/contact",
      }),
    })
    const banner = await getPublicHeaderBanner()
    expect(banner).toEqual({
      message: "Commissions open",
      ctaLabel: "Book now",
      ctaHref: "/contact",
    })
  })
  it("returns a disabled default config for invalid data", async () => {
    mockDb.systemSetting.findUnique.mockResolvedValue({
      value: "not-json",
    })
    const config = await getPublicHeaderBannerConfig()
    expect(config).toEqual({
      enabled: false,
      message: "",
      ctaLabel: null,
      ctaHref: null,
    })
  })
  it("writes banner config to system settings", async () => {
    mockDb.systemSetting.upsert.mockResolvedValue({})
    await setPublicHeaderBannerConfig({
      enabled: true,
      message: "Holiday schedule",
      ctaLabel: "Details",
      ctaHref: "/news",
    })
    expect(mockDb.systemSetting.upsert).toHaveBeenCalledTimes(1)
    expect(mockDb.systemSetting.upsert.mock.calls[0]?.[0]).toMatchObject({
      where: {
        key: "public.header_banner",
      },
    })
  })
 })
--- a/packages/db/src/settings.ts
+++ b/packages/db/src/settings.ts
@@ -16,6 +16,13 @@ export type PublicHeaderBanner = {
  ctaHref?: string
 }
 export type PublicHeaderBannerConfig = {
  enabled: boolean
  message: string
  ctaLabel: string | null
  ctaHref: string | null
 }
 function resolveEnvFallback(): boolean {
  return process.env.CMS_ADMIN_SELF_REGISTRATION_ENABLED === "true"
 }
@@ -114,3 +121,69 @@ export async function getPublicHeaderBanner(): Promise<PublicHeaderBanner | null
    return null
  }
 }
 export async function getPublicHeaderBannerConfig(): Promise<PublicHeaderBannerConfig> {
  try {
    const setting = await db.systemSetting.findUnique({
      where: { key: PUBLIC_HEADER_BANNER_KEY },
      select: { value: true },
    })
    if (!setting) {
      return {
        enabled: false,
        message: "",
        ctaLabel: null,
        ctaHref: null,
      }
    }
    const parsed = parsePublicHeaderBanner(setting.value)
    if (!parsed) {
      return {
        enabled: false,
        message: "",
        ctaLabel: null,
        ctaHref: null,
      }
    }
    return {
      enabled: parsed.enabled,
      message: parsed.message,
      ctaLabel: parsed.ctaLabel ?? null,
      ctaHref: parsed.ctaHref ?? null,
    }
  } catch {
    return {
      enabled: false,
      message: "",
      ctaLabel: null,
      ctaHref: null,
    }
  }
 }
 export async function setPublicHeaderBannerConfig(input: PublicHeaderBannerConfig): Promise<void> {
  await db.systemSetting.upsert({
    where: { key: PUBLIC_HEADER_BANNER_KEY },
    create: {
      key: PUBLIC_HEADER_BANNER_KEY,
      value: JSON.stringify({
        enabled: input.enabled,
        message: input.message,
        ctaLabel: input.ctaLabel ?? undefined,
        ctaHref: input.ctaHref ?? undefined,
      }),
    },
    update: {
      value: JSON.stringify({
        enabled: input.enabled,
        message: input.message,
        ctaLabel: input.ctaLabel ?? undefined,
        ctaHref: input.ctaHref ?? undefined,
      }),
    },
  })
 }
Author	SHA1	Message	Date
Citali	6b282ce56b	chore(changelog): include unreleased and full commit output Some checks failed CMS CI / Governance Checks (push) Successful in 1m7s Details CMS CI / Lint Typecheck Unit E2E (push) Failing after 5m40s Details	2026-02-12 20:43:05 +01:00
Citali	37f62a8007	test(mvp1): add owner invariants and media form coverage Some checks failed CMS CI / Governance Checks (push) Successful in 1m5s Details CMS CI / Lint Typecheck Unit E2E (push) Failing after 5m3s Details	2026-02-12 20:34:53 +01:00
Citali	d1face36c5	feat(settings): manage public header banner in admin	2026-02-12 20:18:00 +01:00