The E2E global setup calls POST /api/setup on localhost:3000, but port
3000 is the workflowui dev server which had no such route — it only
existed in the nextjs workspace. This caused a 404, leaving the DB
empty and making all data-dependent tests (workflowui-auth,
workflowui-templates) time out waiting for content that was never seeded.
- Add /api/setup/route.ts to workflowui that seeds InstalledPackage and
PageConfig records via the DBAL REST API
- Make global setup throw on seed failure instead of logging and
continuing, so the suite fails fast rather than running 250 tests
against an empty database
https://claude.ai/code/session_01ChKf8wbKQLBcNbBCtqCwT6
In an npm monorepo, only the root lockfile is authoritative. Workspace-specific
lockfiles were stale, couldn't benefit from root overrides, and were triggering
Dependabot false positives. Switching to **/package-lock.json gitignore pattern.
Also adds eslint peer dep overrides to frontends/postgres for standalone compatibility.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Update storybook packages to 10.2.17 in root, storybook/, frontends/postgres, frontends/workflowui
- Move @storybook/react-vite from postgres dependencies→devDependencies
- Add storybook version pinned overrides to resolve peer dep conflicts
- Remove storybook from root devDependencies (managed by workspaces)
- Add @esbuild-kit/core-utils@3.3.3-metabuilder.0 patched tarball to deployment/npm-patches/
- Update publish-npm-patches.sh to handle pre-patched local tarballs
- Add @esbuild-kit scoped registry in .npmrc pointing to Nexus
- Publish @esbuild-kit/core-utils@3.3.3-metabuilder.0 to Nexus (esbuild dep widened to >=0.18.20)
- 2 residual moderate vulns remain: esbuild dev-server in drizzle-kit (dev-only, no prod impact)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
