Merge pull request #189 from flocko-motion/development

uli's request to deploy dev -> prod

Author: flocko-motion

.vscode/launch.json

@@ -117,5 +117,34 @@
             ],
             "buildFlags": "-tags=ai_tests"
         },
+        // 
+        {
+            "name": "Debug TestGuestCanCreateSession",
+            "type": "go",
+            "request": "launch",
+            "mode": "test",
+            "program": "${workspaceFolder}/testing",
+            "cwd": "${workspaceFolder}/testing",
+            "args": [
+                "-test.run",
+                "TestPrivateShareSuite/TestGuestCanCreateSession",
+                "-test.v"
+            ],
+            "buildFlags": "-tags=ai_tests"
+        },
+        {
+            "name": "Debug TestWorkshopIndividualSuite/TestSessionSystemMessageIncludesWorkshopPromptConstraints",
+            "type": "go",
+            "request": "launch",
+            "mode": "test",
+            "program": "${workspaceFolder}/testing",
+            "cwd": "${workspaceFolder}/testing",
+            "args": [
+                "-test.run",
+                "TestWorkshopIndividualSuite/TestSessionSystemMessageIncludesWorkshopPromptConstraints",
+                "-test.v"
+            ],
+            "buildFlags": "-tags=ai_tests"
+        },
     ]
 }

git-rebase.sh

@@ -9,5 +9,6 @@ echo "Rebasing to origin/development..."
 
 git fetch origin development
 git rebase origin/development
+git pull
 
 echo "✅ Rebased successfully."

run-test.sh

@@ -9,25 +9,31 @@
 #   ./run-test.sh                    # Clean summary (default)
 #   ./run-test.sh --verbose          # Full verbose output
 #   ./run-test.sh -v                 # Full verbose output (short)
-#   ./run-test.sh --no-ai            # Exclude AI tests
-#   ./run-test.sh --no-ai --verbose  # Exclude AI tests, verbose
+#   ./run-test.sh --no-ai            # Exclude AI tests (default)
+#   ./run-test.sh --ai               # Include AI tests
+#   ./run-test.sh --only-ai          # Run ONLY AI tests
+#   ./run-test.sh --only-ai --verbose # Run only AI tests, verbose
 
 cd "$(dirname "$0")"
 
 GOTESTSUM="go run gotest.tools/gotestsum@latest"
 
 # Parse arguments
 BUILD_TAGS=""
+TEST_RUN=""
 VERBOSE=false
 for arg in "$@"; do
     case "$arg" in
         --no-ai)   ;;  # default behavior, no-op
         --verbose|-v) VERBOSE=true ;;
         --ai)      BUILD_TAGS="-tags ai_tests" ;;
+        --only-ai) BUILD_TAGS="-tags ai_tests" ; TEST_RUN="-run TestGameEngineSuite" ;;
     esac
 done
 
-if [[ -n "$BUILD_TAGS" ]]; then
+if [[ "$TEST_RUN" == "-run TestGameEngineSuite" ]]; then
+    echo "🧪 Running ONLY AI tests..."
+elif [[ -n "$BUILD_TAGS" ]]; then
     echo "🧪 Running integration tests (including AI tests)..."
 else
     echo "🧪 Running integration tests (excluding AI tests)..."
@@ -42,9 +48,10 @@ if [[ -n "$CI" ]]; then
 elif $VERBOSE; then
     FORMAT="standard-verbose"
 else
-    FORMAT="testname"
+    # Show dots for progress, then detailed failure summary at the end
+    FORMAT="dots-v2"
 fi
 
-$GOTESTSUM --format "$FORMAT" -- -v $BUILD_TAGS ./...
+$GOTESTSUM --format "$FORMAT" --format-hide-empty-pkg -- -v $BUILD_TAGS $TEST_RUN ./...
 
 exit $?

server/api/httpx/auth.go

@@ -62,8 +62,6 @@ func getAuth0Validator() *validator.Validator {
 		log.Error("failed to set up auth0 validator", "error", err)
 		return nil
 	}
-	log.Debug("auth0 validator initialized", "issuer", issuerURL.String())
-
 	return auth0Validator
 }
 
@@ -200,8 +198,6 @@ func Authenticate(next http.Handler) http.Handler {
 			log.Error("failed to set up auth0 validator", "error", err)
 			return nil
 		}
-		log.Debug("auth0 validator initialized", "issuer", issuerURL.String())
-
 		auth0Middleware = jwtmiddleware.New(
 			jwtValidator.ValidateToken,
 			jwtmiddleware.WithErrorHandler(func(w http.ResponseWriter, r *http.Request, err error) {
@@ -266,7 +262,6 @@ func Authenticate(next http.Handler) http.Handler {
 				return
 			}
 
-			log.Debug("participant token authenticated", "user_id", user.ID, "user_name", user.Name)
 			next.ServeHTTP(w, WithUser(r, user))
 			return
 		}
@@ -289,7 +284,6 @@ func Authenticate(next http.Handler) http.Handler {
 			}
 
 			user = db.CheckAndPromoteAdmin(r.Context(), user)
-			log.Debug("CGL JWT authenticated", "user_id", userId, "user_name", user.Name)
 			next.ServeHTTP(w, WithUser(r, user))
 			return
 		}
@@ -321,21 +315,25 @@ func Authenticate(next http.Handler) http.Handler {
 			token := tokenObj.(*validator.ValidatedClaims)
 			auth0ID := token.RegisteredClaims.Subject
 			if auth0ID == "" {
+				log.Warn("auth0 token has empty subject claim")
 				next.ServeHTTP(w, r)
 				return
 			}
 
+			log.Debug("auth0 token validated", "auth0_id", auth0ID, "auth0_id_length", len(auth0ID))
+
 			// Load user by Auth0 ID - do NOT auto-create
 			user, err := db.GetUserByAuth0ID(r.Context(), auth0ID)
 			if err != nil {
 				// User not registered - frontend will get email/name from Auth0 directly
-				log.Debug("auth0 user not registered", "auth0_id", auth0ID)
+				log.Debug("auth0 user not registered", "auth0_id", auth0ID, "error", err)
 				WriteUserNotRegistered(w, auth0ID)
 				return
 			}
 
+			log.Debug("auth0 user found", "auth0_id", auth0ID, "user_id", user.ID, "user_name", user.Name)
+
 			user = db.CheckAndPromoteAdmin(r.Context(), user)
-			log.Debug("auth0 authenticated", "auth0_id", auth0ID, "user_name", user.Name)
 			next.ServeHTTP(w, WithUser(r, user))
 		})).ServeHTTP(w, r)
 	})
@@ -399,8 +397,6 @@ func RequireAuth0Token(h http.HandlerFunc) http.Handler {
 			return
 		}
 
-		log.Debug("auth0 token validated for registration", "auth0_id", auth0ID)
-
 		// Store Auth0 ID in context for the handler to use
 		ctx := context.WithValue(r.Context(), auth0IDContextKey, auth0ID)
 		h.ServeHTTP(w, r.WithContext(ctx))

server/api/httpx/middleware.go

@@ -63,13 +63,13 @@ func Logging(next http.Handler) http.Handler {
 
 		next.ServeHTTP(wrapped, r)
 
+		// Skip logging CORS preflight requests
+		if r.Method == http.MethodOptions {
+			return
+		}
+
 		duration := time.Since(start)
-		log.Info("http request",
-			"method", r.Method,
-			"path", r.URL.Path,
-			"status", wrapped.status,
-			"duration", duration,
-		)
+		log.Info(fmt.Sprintf("%s %s → %d (%s)", r.Method, r.URL.Path, wrapped.status, formatDuration(duration)))
 
 		// Report error responses (4xx/5xx) to Sentry
 		if wrapped.status >= 400 {
@@ -165,6 +165,18 @@ func truncateBody(b []byte) string {
 	return string(b)
 }
 
+// formatDuration formats a duration in a compact human-readable form.
+func formatDuration(d time.Duration) string {
+	switch {
+	case d < time.Millisecond:
+		return fmt.Sprintf("%dµs", d.Microseconds())
+	case d < time.Second:
+		return fmt.Sprintf("%dms", d.Milliseconds())
+	default:
+		return fmt.Sprintf("%.2fs", d.Seconds())
+	}
+}
+
 // flattenHeaders converts http.Header to a simple map for Sentry extras.
 // Redacts the Authorization header.
 func flattenHeaders(h http.Header) map[string]string {

server/api/routes/auth.go

@@ -76,11 +76,27 @@ func RegisterUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Check if user already exists with this Auth0 ID
-	existingUser, _ := db.GetUserByAuth0ID(r.Context(), auth0ID)
+	log.Debug("checking if user exists by auth0_id", "auth0_id", auth0ID, "email", email, "name", name)
+	existingUser, err := db.GetUserByAuth0ID(r.Context(), auth0ID)
 	if existingUser != nil {
+		log.Warn("user already registered with this auth0_id", "auth0_id", auth0ID, "user_id", existingUser.ID, "existing_email", existingUser.Email)
 		httpx.WriteError(w, http.StatusBadRequest, "User already registered")
 		return
 	}
+	if err != nil {
+		log.Debug("no user found by auth0_id (expected for new registration)", "auth0_id", auth0ID, "error", err)
+	}
+
+	// Also check if a user exists with this email (might be a duplicate or auth0_id mismatch)
+	existingByEmail, emailErr := db.GetUserByEmail(r.Context(), email)
+	if emailErr == nil && existingByEmail != nil {
+		log.Error("user with this email already exists",
+			"email", email,
+			"existing_user_id", existingByEmail.ID,
+			"existing_auth0_id", existingByEmail.Auth0Id,
+			"new_auth0_id", auth0ID,
+			"auth0_ids_match", existingByEmail.Auth0Id != nil && *existingByEmail.Auth0Id == auth0ID)
+	}
 
 	// Check if name is already taken
 	nameTaken, err := db.IsNameTaken(r.Context(), name)
@@ -95,9 +111,10 @@ func RegisterUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Create the user
+	log.Info("attempting to create user", "name", name, "email", email, "auth0_id", auth0ID)
 	user, err := db.CreateUser(r.Context(), name, &email, auth0ID)
 	if err != nil {
-		log.Error("failed to create user", "error", err)
+		log.Error("failed to create user", "name", name, "email", email, "auth0_id", auth0ID, "error", err)
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to create user")
 		return
 	}

server/api/routes/games.go

@@ -44,7 +44,6 @@ func GetGames(w http.ResponseWriter, r *http.Request) {
 	sortDir := r.URL.Query().Get("sortDir")
 	filter := r.URL.Query().Get("filter")
 
-	log.Debug("listing games", "user_id", userID, "search", searchQuery, "sortBy", sortBy, "sortDir", sortDir, "filter", filter)
 	filters := &db.GetGamesFilters{
 		Search:    searchQuery,
 		SortField: sortBy,
@@ -105,18 +104,14 @@ func CreateGame(w http.ResponseWriter, r *http.Request) {
 		game.Public = *req.Public
 	}
 
-	log.Debug("creating game", "user_id", user.ID, "name", game.Name)
 	if err := db.CreateGame(r.Context(), user.ID, &game); err != nil {
-		log.Debug("game creation failed", "error", err)
 		if appErr, ok := err.(*obj.AppError); ok {
 			httpx.WriteAppError(w, appErr)
 			return
 		}
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to create game: "+err.Error())
 		return
 	}
-	log.Debug("game created", "game_id", game.ID)
-
 	created, err := db.GetGameByID(r.Context(), &user.ID, game.ID)
 	if err != nil {
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to load created game: "+err.Error())
@@ -150,8 +145,6 @@ func GetGameByID(w http.ResponseWriter, r *http.Request) {
 		userID = &user.ID
 	}
 
-	log.Debug("getting game by ID", "game_id", gameID, "user_id", userID)
-
 	game, err := db.GetGameByID(r.Context(), userID, gameID)
 	if err != nil {
 		httpx.WriteError(w, http.StatusNotFound, "Game not found")
@@ -185,8 +178,6 @@ func UpdateGame(w http.ResponseWriter, r *http.Request) {
 
 	user := httpx.UserFromRequest(r)
 
-	log.Debug("updating game", "game_id", gameID, "user_id", user.ID)
-
 	var updatedGame obj.Game
 	if err := httpx.ReadJSON(r, &updatedGame); err != nil {
 		httpx.WriteError(w, http.StatusBadRequest, "Invalid JSON: "+err.Error())
@@ -240,21 +231,16 @@ func DeleteGame(w http.ResponseWriter, r *http.Request) {
 
 	user := httpx.UserFromRequest(r)
 
-	log.Debug("deleting game", "game_id", gameID, "user_id", user.ID)
-
 	deleted, err := db.GetGameByID(r.Context(), &user.ID, gameID)
 	if err != nil {
 		httpx.WriteError(w, http.StatusNotFound, "Game not found")
 		return
 	}
 
 	if err := db.DeleteGame(r.Context(), user.ID, gameID); err != nil {
-		log.Debug("game deletion failed", "game_id", gameID, "error", err)
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to delete game: "+err.Error())
 		return
 	}
-	log.Debug("game deleted", "game_id", gameID)
-
 	httpx.WriteJSON(w, http.StatusOK, deleted)
 }
 
@@ -281,8 +267,6 @@ func CloneGame(w http.ResponseWriter, r *http.Request) {
 
 	user := httpx.UserFromRequest(r)
 
-	log.Debug("cloning game", "game_id", gameID, "user_id", user.ID)
-
 	// Get the source game (allow cloning public games or own games)
 	sourceGame, err := db.GetGameByID(r.Context(), nil, gameID)
 	if err != nil {
@@ -321,18 +305,13 @@ func CloneGame(w http.ResponseWriter, r *http.Request) {
 		OriginallyCreatedBy:    originalCreator,
 	}
 
-	log.Debug("creating cloned game", "user_id", user.ID, "source_game_id", gameID, "name", clonedGame.Name)
 	if err := db.CreateGame(r.Context(), user.ID, &clonedGame); err != nil {
-		log.Debug("game clone failed", "error", err)
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to clone game: "+err.Error())
 		return
 	}
-	log.Debug("game cloned", "new_game_id", clonedGame.ID)
-
 	// Increment the clone count on the source game
 	if err := db.IncrementGameCloneCount(r.Context(), gameID); err != nil {
-		log.Debug("failed to increment clone count", "error", err)
-		// Don't fail the request, just log the error
+		log.Warn("failed to increment clone count", "error", err)
 	}
 
 	created, err := db.GetGameByID(r.Context(), &user.ID, clonedGame.ID)

server/api/routes/games_favourites.go

@@ -5,7 +5,6 @@ import (
 
 	"cgl/api/httpx"
 	"cgl/db"
-	"cgl/log"
 )
 
 // GetFavouriteGames godoc
@@ -22,8 +21,6 @@ import (
 func GetFavouriteGames(w http.ResponseWriter, r *http.Request) {
 	user := httpx.UserFromRequest(r)
 
-	log.Debug("getting favourite games", "user_id", user.ID)
-
 	games, err := db.GetFavouriteGames(r.Context(), user.ID)
 	if err != nil {
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to get favourite games: "+err.Error())
@@ -55,8 +52,6 @@ func AddFavouriteGame(w http.ResponseWriter, r *http.Request) {
 
 	user := httpx.UserFromRequest(r)
 
-	log.Debug("adding favourite game", "game_id", gameID, "user_id", user.ID)
-
 	if err := db.AddFavouriteGame(r.Context(), user.ID, gameID); err != nil {
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to add favourite: "+err.Error())
 		return
@@ -87,8 +82,6 @@ func RemoveFavouriteGame(w http.ResponseWriter, r *http.Request) {
 
 	user := httpx.UserFromRequest(r)
 
-	log.Debug("removing favourite game", "game_id", gameID, "user_id", user.ID)
-
 	if err := db.RemoveFavouriteGame(r.Context(), user.ID, gameID); err != nil {
 		httpx.WriteError(w, http.StatusInternalServerError, "Failed to remove favourite: "+err.Error())
 		return