B2BEA.org Rebuild build-execution S-02
build-execution artifact · for B2BEA.org Rebuild · phase S-02 · status complete
- Extended runtime route policies to canonical /member, /vendor, and /company portal shell routes using persisted role names.
- Added /api/access/session for authenticated subject context without exposing service-role data to anonymous callers.
- Updated member, vendor, and company placeholder shells to use the shared portal layout and /api/access/decision flow.
- Added tests preventing private data from being embedded in current static portal shells; real private data must come from Functions endpoints after server-side access decisions.
- Fixed access JSON CORS methods to advertise GET, POST, and OPTIONS for the new session endpoint.
| detail | result | command |
|---|---|---|
| 49/49 tests passed locally | pass | npm test |
| CSS governance audit passed | pass | node scripts/audit-css-governance.js |
| Cloudflare function syntax checks passed | pass | node --check functions/api/access/session.js && node --check functions/api/access/decision.js |
| Eleventy wrote 126 files; local missing Sanity/Supabase env warnings are expected fallbacks | pass | npm run build |
| PR #37 check run succeeded | pass | GitHub Actions CI / build |
| PR #37 preview deployment succeeded | pass | Cloudflare Pages preview |
feature/b2bea-slice-2-member-company-access
https://github.com/b2bea-org/b2bea-website/pull/37
Start the next runtime slice from origin/main: add real data-backed member/vendor/company endpoints behind server-side access decisions, beginning with owned vendor/company summary data.
Start the next runtime slice from origin/main: add real data-backed member/vendor/company endpoints behind server-side access decisions, beginning with owned vendor/company summary data.
| detail | result | command |
|---|---|---|
| 49/49 tests passed locally | pass | npm test |
| CSS governance audit passed | pass | node scripts/audit-css-governance.js |
| Cloudflare function syntax checks passed | pass | node --check functions/api/access/session.js && node --check functions/api/access/decision.js |
| Eleventy wrote 126 files; local missing Sanity/Supabase env warnings are expected fallbacks | pass | npm run build |
| PR #37 check run succeeded | pass | GitHub Actions CI / build |
| PR #37 preview deployment succeeded | pass | Cloudflare Pages preview |
- Extended runtime route policies to canonical /member, /vendor, and /company portal shell routes using persisted role names.
- Added /api/access/session for authenticated subject context without exposing service-role data to anonymous callers.
- Updated member, vendor, and company placeholder shells to use the shared portal layout and /api/access/decision flow.
- Added tests preventing private data from being embedded in current static portal shells; real private data must come from Functions endpoints after server-side access decisions.
- Fixed access JSON CORS methods to advertise GET, POST, and OPTIONS for the new session endpoint.
Start the next runtime slice from origin/main: add real data-backed member/vendor/company endpoints behind server-side access decisions, beginning with owned vendor/company summary data.
Machine-readable source fields
build-execution
feature/b2bea-slice-2-member-company-access
b2bea-website
S-02
/Users/justinking/Vaults/Projects/B2BEA-org-new/.worktrees/b2bea-slice-2-member-company-access
- Extended runtime route policies to canonical /member, /vendor, and /company portal shell routes using persisted role names.
- Added /api/access/session for authenticated subject context without exposing service-role data to anonymous callers.
- Updated member, vendor, and company placeholder shells to use the shared portal layout and /api/access/decision flow.
- Added tests preventing private data from being embedded in current static portal shells; real private data must come from Functions endpoints after server-side access decisions.
- Fixed access JSON CORS methods to advertise GET, POST, and OPTIONS for the new session endpoint.
2026-05-08T17:36:09Z
main
f4fe892bd2a105b1d7ec14ba1a2562851af7be85 feat: extend runtime access to portal shells
Start the next runtime slice from origin/main: add real data-backed member/vendor/company endpoints behind server-side access decisions, beginning with owned vendor/company summary data.
155f57ebb33a76ec88e5ba7140c531679f9f4604
https://github.com/b2bea-org/b2bea-website/pull/37
- Read-only review flagged client-side portal reveal as unsafe for real private data; Slice 2 keeps these as non-sensitive placeholders and tests that constraint.
- Read-only review flagged fake owner-scope fallback and non-persisted b2bea_* roles; Slice 2 was corrected to role-gate shells with persisted role names.
| detail | result | command |
|---|---|---|
| 49/49 tests passed locally | pass | npm test |
| CSS governance audit passed | pass | node scripts/audit-css-governance.js |
| Cloudflare function syntax checks passed | pass | node --check functions/api/access/session.js && node --check functions/api/access/decision.js |
| Eleventy wrote 126 files; local missing Sanity/Supabase env warnings are expected fallbacks | pass | npm run build |
| PR #37 check run succeeded | pass | GitHub Actions CI / build |
| PR #37 preview deployment succeeded | pass | Cloudflare Pages preview |
2026-05-08T17:37:04.470Z