Altitude-Interactive · BENZOOgataga · Feb 22, 2026 · Feb 18, 2026 · Feb 18, 2026 · Feb 19, 2026
@@ -43,6 +43,9 @@ JWT_SECRET=change_me_dev_only
 SESSION_SECRET=change_me_dev_only
 BETTER_AUTH_SECRET=replace_with_at_least_32_random_chars
 ADMIN_PASSWORD=
+# BETTER_AUTH_URL: Base URL for Better Auth endpoints and OAuth callbacks
+# In production, set this to the main web domain (e.g., https://corpsim.altitude-interactive.com)
+# NOT the API subdomain. The nginx proxy will forward /api/auth/* to the API server.
 BETTER_AUTH_URL=http://localhost:4310
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
@@ -97,8 +100,13 @@ COMPANY_SPECIALIZATION_CHANGE_COOLDOWN_HOURS=4
 ########################################
 # Frontend (Next.js public vars)
 ########################################
+NEXT_PUBLIC_APP_URL=http://localhost:4311
+# Optional explicit auth origin for Better Auth client requests.
+# Leave blank to use same-origin routing.
+NEXT_PUBLIC_AUTH_URL=
 NEXT_PUBLIC_API_URL=http://localhost:4310
 NEXT_PUBLIC_APP_NAME=CorpSim
+NEXT_PUBLIC_DISCORD_SERVER_URL=
 NEXT_PUBLIC_COMPANY_SPECIALIZATION_CHANGE_COOLDOWN_HOURS=4
 # SSO provider visibility flags (defaults to false if not set)
 # Set to 'true' to show SSO login buttons for each provider

@@ -4,6 +4,7 @@ on:
   workflow_run:
     workflows: ["Verify"]
     types: [completed]
+    branches: [main]
   workflow_dispatch:
 
 permissions:
@@ -17,7 +18,10 @@ concurrency:
 jobs:
   release:
     if: |
-      github.event_name == 'workflow_dispatch' ||
+      (
+        github.event_name == 'workflow_dispatch' &&
+        github.ref == 'refs/heads/main'
+      ) ||
       (
         github.event.workflow_run.conclusion == 'success' &&
         github.event.workflow_run.event == 'push' &&

@@ -0,0 +1,12 @@
+---
+type: minor
+area: web
+summary: Fix early UX and data visibility issues (forms, time display, workforce clarity, completion feedback)
+---
+
+- Replace prefilled form values with descriptive placeholders in market orders, production jobs, and workforce
+- Add tick countdown timer showing "Next week in Xs" with tooltip explaining time progression
+- Reduce health polling from 3s to 15s to minimize UI refresh indicator blinking
+- Add comprehensive workforce explanations (capacity impact, allocation labels, help text)
+- Add toast notifications for research and production job completions with unlocked recipe details
+- Improve overall system transparency and onboarding clarity
@@ -0,0 +1,14 @@
+---
+type: minor
+area: sim
+summary: Add building infrastructure domain layer for capital-based production system
+---
+
+- Add Building model with BuildingType and BuildingStatus enums to Prisma schema
+- Add BUILDING_OPERATING_COST and BUILDING_ACQUISITION ledger entry types
+- Implement building acquisition, operating cost application, and reactivation services
+- Add production capacity tracking based on active buildings
+- Buildings have weekly operating costs (7 ticks interval)
+- Buildings deactivate when company cannot afford operating costs
+- Create comprehensive test suite (12 passing tests)
+- Prepare foundation for infrastructure-based production requirements
@@ -0,0 +1,10 @@
+---
+type: patch
+area: web
+summary: Fix OAuth callback redirect URLs for GitHub, Microsoft, and Discord by configuring nginx proxy and BETTER_AUTH_URL
+---
+
+- Updated nginx configuration to proxy `/api/auth/*` requests from web domain to API server
+- Added documentation for configuring `BETTER_AUTH_URL` to use the main web domain in production
+- Fixed OAuth callback URL issues that caused "redirect_uri is not associated with this application" errors
+- Ensures all OAuth providers (GitHub, Microsoft, Discord) redirect to the correct domain
@@ -0,0 +1,30 @@
+---
+type: minor
+area: web,api,sim
+summary: Add Buildings Management UI with preflight validation and acquisition flows (Phase 4 & 5)
+---
+
+**Phase 4 - Frontend Integration + Preflight + Operator Visibility:**
+- Add Buildings page with region/category grouping and status display
+- Add building acquisition dialog with cost preview
+- Add reusable Storage Meter component with warning thresholds (80%, 95%, 100%)
+- Add preflight validation endpoints (canCreateProductionJob, canPlaceBuyOrder)
+- Add storage and capacity info endpoints
+- Add building type definitions endpoint with balanced costs
+
+**Phase 5 - Acquisition Flows + Balance Pass:**
+- Implement transactional building acquisition with ledger entries
+- Define BuildingType dataset: Early Workshop, Factory, MegaFactory, Warehouse, HQ
+- Add building reactivation flow for INACTIVE buildings
+- Implement cost preview showing acquisition cost and weekly operating expenses
+
+**API Layer:**
+- Add BuildingsController with full CRUD operations
+- Add BuildingsService with ownership validation
+- Add buildings API client functions and parsers
+
+**UI Components:**
+- Add Dialog, Label, and Progress UI primitives
+- Install required @radix-ui packages
+
+- Add Buildings Management UI with preflight validation and acquisition flows (Phase 4 & 5)
@@ -0,0 +1,10 @@
+---
+type: patch
+area: web, api
+summary: Support single-origin SSO by proxying auth routes and preferring web origin for auth base URL
+---
+
+- Added Next.js proxy routing for `/api/auth/*` to the API upstream so auth can run on the web origin.
+- Updated Better Auth base URL precedence to prefer explicit/web origins before internal API URLs.
+- Hardened web API upstream resolution to avoid accidental proxy loops when public URLs point to the web origin.
+- Updated deployment docs and env examples for single-domain SSO setup.
@@ -0,0 +1,8 @@
+---
+type: patch
+area: ci
+summary: Run Prisma migrations before launching services in APP_ROLE=all mode
+---
+
+- Updated `scripts/start-container.sh` so `APP_ROLE=all` applies `prisma migrate deploy` before starting API, worker, and web.
+- Prevents runtime schema-readiness pauses when single-container deployments start without a dedicated migrate step.
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Centralize item quantity rendering and apply quantifier labels to recipe outputs
+---
+
+- Centralize item quantity rendering and apply quantifier labels to recipe outputs
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Fix market unknown item labels by using global item metadata
+---
+
+- Fix market unknown item labels by using global item metadata
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Restrict market views to active company tradable items
+---
+
+- Restrict market views to active company tradable items
@@ -0,0 +1,7 @@
+---
+type: patch
+area: ops
+summary: Sanitize Dokploy/nginx docs to example domains and RFC 5737 IPs
+---
+
+- Sanitize Dokploy/nginx docs to example domains and RFC 5737 IPs
@@ -0,0 +1,7 @@
+---
+type: patch
+area: ops
+summary: Remove legacy API subdomain blocks from nginx sample
+---
+
+- Remove legacy API subdomain blocks from nginx sample
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Add ALPHA as-is disclaimer next to footer version badge
+---
+
+- Add ALPHA as-is disclaimer next to footer version badge
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Show ALPHA disclaimer on version hover and overview with Discord link
+---
+
+- Show ALPHA disclaimer on version hover and overview with Discord link
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Remove hover helper label from version badge
+---
+
+- Remove hover helper label from version badge
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Remove maintenance overlay focus ring rectangle
+---
+
+- Remove maintenance overlay focus ring rectangle
@@ -0,0 +1,8 @@
+---
+type: patch
+area: web
+summary: Hide seeded example.com accounts from admin user listing
+---
+
+- Filtered admin dashboard user rows to exclude seeded accounts with emails ending in `@example.com`.
+- Keeps production/real user account management focused and uncluttered.
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Make ALPHA version tag clickable to Discord and share URL resolver
+---
+
+- Make ALPHA version tag clickable to Discord and share URL resolver
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Load Discord link from runtime meta config for alpha notices
+---
+
+- Load Discord link from runtime meta config for alpha notices
@@ -0,0 +1,8 @@
+---
+type: patch
+area: api, web
+summary: Allow admin accounts to access developer page read endpoints
+---
+
+- Updated player-id guard logic to permit admin `GET` access on the specific catalog endpoints used by `/developer`.
+- Kept admin restrictions in place for write operations and non-allowlisted gameplay endpoints.
@@ -0,0 +1,7 @@
+---
+type: minor
+area: web
+summary: Replace static onboarding tutorial with guided cross-page walkthrough
+---
+
+- Replace static onboarding tutorial with guided cross-page walkthrough
@@ -0,0 +1,8 @@
+---
+type: patch
+area: web
+summary: Accept optional redacted company cash fields in API parsers
+---
+
+- Updated web API parsers to treat `cashCents` as optional in company summary and player registry company payloads.
+- Prevents admin developer page failures when backend redacts non-owned company cash values.
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Clarify overview metrics and tutorial copy as world-level values
+---
+
+- Clarify overview metrics and tutorial copy as world-level values
@@ -0,0 +1,7 @@
+---
+type: patch
+area: web
+summary: Start guided tutorial with active company snapshot before world KPIs
+---
+
+- Start guided tutorial with active company snapshot before world KPIs
@@ -0,0 +1,8 @@
+---
+type: patch
+area: api, web
+summary: Enable admin access to developer research catalog without player ownership
+---
+
+- Added admin-only research catalog read path that selects a player-owned company when no company ID is provided.
+- Kept existing player ownership enforcement for non-admin research access and all research mutations.
@@ -0,0 +1,8 @@
+---
+type: patch
+area: web
+summary: Improve recipe input readability with explicit separators and quantity labels
+---
+
+- Added a reusable `ItemQuantityList` UI component that renders item inputs with clear separators and `xN` quantities.
+- Updated developer and production recipe sections to use the shared list component, preventing concatenated input labels.
@@ -0,0 +1,7 @@
+---
+type: patch
+area: sim
+summary: Refresh liquidity bot orders and add deterministic crossing to prevent zero-trade stalls
+---
+
+- Refresh liquidity bot orders and add deterministic crossing to prevent zero-trade stalls
@@ -0,0 +1,7 @@
+---
+type: patch
+area: api
+summary: Fix diagnostics missing-items endpoint DI so missing item logs can be created
+---
+
+- Harden diagnostics controller service injection with explicit @Inject assignment to avoid undefined service at runtime.
@@ -0,0 +1,8 @@
+---
+type: patch
+area: ci
+summary: Fix typecheck failures in web public-links route import and bot order cancellation input
+---
+
+- Added a root `@/*` path mapping to `apps/web/src/*` so root `tsc` resolves web alias imports used by app route handlers.
+- Removed an invalid `companyId` property passed to `cancelMarketOrderWithTx` in bot order cleanup.
@@ -0,0 +1,8 @@
+---
+type: patch
+area: web
+summary: Wrap search-params dependent layout clients in Suspense to fix Next build prerendering
+---
+
+- Wrapped `AuthRouteGate` and `GuidedTutorialOverlay` with React `Suspense` boundaries so `useSearchParams()` does not fail static prerender checks.
+- Preserved existing runtime behavior by keeping current loading/empty fallbacks.
@@ -0,0 +1,8 @@
+---
+type: patch
+area: ci
+summary: Restrict release workflow to main branch for both automatic and manual runs
+---
+
+- Added a `main` branch filter to the release workflow's `workflow_run` trigger.
+- Added a job-level guard so manual dispatch runs only when dispatched from `refs/heads/main`.
@@ -0,0 +1,9 @@
+---
+type: patch
+area: web
+summary: Fix local Prisma lock races and restore Buildings/research feedback visibility
+---
+
+- Serialize `prisma:generate` runs with a cross-process lock to prevent Windows engine rename collisions when multiple dev scripts start at once.
+- Replace deprecated `/workforce` entry points by redirecting to `/buildings` and surfacing Buildings in shared navigation.
+- Move research completion toasts into a global app-shell notifier so completion feedback appears even when users are on other pages.
@@ -0,0 +1,9 @@
+---
+type: patch
+area: db
+summary: Run Prisma generate without relying on dotenv-cli shell binary
+---
+
+- Replace `packages/db` `generate:raw` command with a Node wrapper script.
+- Load `.env` directly in the wrapper and invoke `pnpm exec prisma generate`.
+- Avoid Windows shell failures when the `dotenv` CLI binary is not linked in `node_modules/.bin`.
@@ -0,0 +1,8 @@
+---
+type: patch
+area: web
+summary: Fix buildings definitions API response parsing in web client
+---
+
+- Parse `/v1/buildings/definitions` using the `definitions` field from object payloads.
+- Prevent runtime error: `Invalid response field "definitions" (expected array)`.
@@ -0,0 +1,9 @@
+---
+type: patch
+area: web
+summary: Accept legacy object-shaped buildings definitions payloads
+---
+
+- Make `getBuildingTypeDefinitions` tolerant to both array and object-map payload shapes.
+- Automatically inject `buildingType` from object keys when legacy payload omits it.
+- Prevent runtime parsing crashes in acquire/buildings dialogs during mixed-version dev runs.