Replace GitHub App with Firestore as profile source of truth (#71)

* fix: cache profile data in Firestore to eliminate GitHub sync delay

Write profile data to Firestore alongside GitHub on create/update, and
read from Firestore first (instant, consistent) instead of GitHub. This
removes the retry loop, optimistic signal, sync-pending banner, and
timer management from the Angular frontend — a net reduction of ~200
lines. Existing GitHub-only profiles are lazily backfilled on first read.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add unknown type to catch callback variable

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: harden profile caching with fallback, cache invalidation, and tests

- Wrap Firestore cache lookup in its own try/catch so GitHub fallback
  still works when Firestore is unavailable
- Clear cached profile data on refund and subscription-ended flows
- Add tests for Firestore error fallback, and cache write failures
  in create/write profile routes
- Extract shared buildProfileImageUrl utility
- Remove double-logging in saveProfileContent
- Use API response data directly instead of reload() in Angular

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address PR review findings and CI failures

- Use proper Elysia response types in tests instead of Record<string, unknown>
- Add clearProfileCache to ProfileMemberService interface and implementation
- Harden error handling in saveProfileContent and setProfileCreatedAt
- Use ProfileMemberService.clearProfileCache in stripe webhooks
- Upgrade cache lookup logging from warn to error with errorId
- Fix factory JSDoc and add unknown type annotation
- Remove obsolete E2E retry/sync-pending tests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Refactor profiles API and migrate to Firestore

- Removed markdown serialization utility as it is no longer needed.
- Updated refund and subscription ended processing to trigger Hugo rebuilds.
- Removed cached profile data from member documents.
- Introduced Firestore-based profiles collection with CRUD operations.
- Implemented profile migration script from Hugo markdown to Firestore.
- Added synchronization script to keep Firestore profiles in sync with Hugo markdown files.
- Updated package dependencies for js-yaml and firebase-admin.

* fix: harden Firestore profile operations and clean up stale GitHub references

- Use atomic create()/update() instead of check-then-write to prevent race conditions
- Add empty-snapshot guard and per-profile error handling in Hugo sync script
- Add dedicated API_HUGO_REBUILD_FAILED error ID for trigger-rebuild
- Make profile field required in write/create response schemas
- Remove dead triggerHugoRebuild re-export from barrel
- Update stale GitHub references in comments, test names, and JSDoc
- Add TODO for localStorage cleanup removal in profile.service.ts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Fix unnecessary optional chains in profile test files

The `profile` property on `CreateProfileSuccessResponse` and
`WriteProfileSuccessResponse` is non-optional, so optional chaining
is flagged by @typescript-eslint/no-unnecessary-condition.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: remove committed profile content, sync from Firestore on build

Profiles are now sourced from Firestore at build time instead of being
committed as markdown files. The sync script runs before Hugo in CI
(both merge and PR preview workflows) and on `bun run hugo:dev` locally.

- .gitignore profile directories (hugo/content/doulas/*/)
- Add sync step to PR preview workflow for working preview URLs
- Replace js-yaml with Bun.YAML.parse and custom block-style serializer
- Fix initFirebase to pass explicit projectId for ADC usage
- Run sync script before hugo:dev for fresh local data

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use existing service account secret for Firestore sync in CI

Both Hugo workflows now write the FIREBASE_SERVICE_ACCOUNT_DOULA_COOPERATIVE
secret to a temp file instead of referencing the non-existent
FIREBASE_SERVICE_ACCOUNT_JSON_PATH secret.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use printenv to write service account JSON to avoid shell quoting

The secret JSON was getting mangled by shell single-quote interpolation.
Using printenv writes the exact env var contents without shell parsing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: pass service account JSON as env var instead of temp file

Match the pattern from kingston-church: pass FIREBASE_SERVICE_ACCOUNT
as an env var, JSON.parse() it in the script, pass to cert(). No temp
files needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: add admin draft toggle, draft-aware access control, notification link, and GitHub cleanup

- Add POST /admin/members/:memberId/profile/toggle-draft endpoint to
  publish/unpublish doula profiles from the admin dashboard
- Restrict GET /api/profiles/:slug to return 404 for draft profiles
  unless the requester is an admin or the profile owner (optional auth)
- Add direct admin dashboard link to profile creation notification email
- Remove redundant GitHub secret validation from profiles handler and
  14 orphaned GitHub-related error IDs
- Add Publish/Unpublish button with draft status indicator to Angular
  admin member detail page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: resolve lint errors in functions and members

- Remove useless `undefined` argument (unicorn/no-useless-undefined)
- Use direct boolean check instead of `=== false` comparison
- Rename `profileRef`/`profileDoc` to full names (unicorn/prevent-abbreviations)
- Suppress unused-vars for destructured ownerUid used to strip field

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address PR review findings from comprehensive code review

- Add missing updatedAt to toggleProfileDraft (was inconsistent with draftProfile)
- Fix falsy guards in createProfile that silently dropped empty arrays/strings
- Fix admin notification email referencing Hugo files instead of Firestore documents
- Fix script JSDoc referencing wrong env var (GOOGLE_APPLICATION_CREDENTIALS → FIREBASE_SERVICE_ACCOUNT)
- Update stale "deleted from GitHub" schema description
- Remove unused IMAGEKIT_BASE_URL from sync script
- Add explanatory comment to .gitignore for generated Hugo profile directories

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: resolve exactOptionalPropertyTypes error in readProfileBySlugLogic

Change userToken parameter from optional property (userToken?) to
explicit union type (userToken: DecodedIdToken | undefined) to match
what Elysia's derive provides. Fixes CI typecheck failure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: add parameter types to sendEmail mock to fix test typecheck

The mock function had no parameter types, causing TypeScript to infer
an empty tuple for call arguments, which broke the type assertion on
mock.calls[0][0].

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: use correct type assertion pattern for sendEmail mock calls

Use `as unknown as` pattern (consistent with stripe handler tests) to
fix both the TypeScript typecheck error and ESLint no-unused-vars error.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: markgoho

.github/workflows/hugo-hosting-merge.yml

@@ -9,6 +9,8 @@ on:
     paths:
       - "hugo/**"
       - "firebase.json"
+  repository_dispatch:
+    types: [profile-update]
 jobs:
   build_and_deploy:
     runs-on: ubuntu-latest
@@ -21,6 +23,10 @@ jobs:
           fetch-depth: 2
       - name: Install dependencies
         run: bun install
+      - name: Sync profiles from Firestore
+        run: bun scripts/sync-profiles-to-hugo.ts
+        env:
+          FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_DOULA_COOPERATIVE }}
       - name: Build Hugo site
         run: bun run build
         env:
@@ -36,36 +42,3 @@ jobs:
           channelId: live
           projectId: doula-cooperative
           target: main-site
-      - name: Notify Profile Updates
-        if: success()
-        run: |
-          COMMIT_MSG=$(git log -1 --pretty=%B)
-          COMMIT_SHA=$(git rev-parse HEAD)
-
-          # Get changed profile files (both index.md and profile images)
-          CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD | \
-            grep -E "hugo/content/doulas/[^/]+/(.*-profile.*\.(jpg|jpeg|png|webp|avif)|index\.md)$" \
-            2>/dev/null || echo "")
-
-          if [ -z "$CHANGED_FILES" ]; then
-            FILE_COUNT=0
-          else
-            FILE_COUNT=$(echo "$CHANGED_FILES" | wc -l)
-          fi
-
-          # Extract slug if single file (from either index.md or image path)
-          if [ "$FILE_COUNT" -eq 1 ]; then
-            # Try extracting from index.md path first
-            SLUG=$(echo "$CHANGED_FILES" | sed -n 's|hugo/content/doulas/\([^/]*\)/index.md|\1|p')
-            # If empty, try extracting from image path
-            if [ -z "$SLUG" ]; then
-              SLUG=$(echo "$CHANGED_FILES" | sed -n 's|hugo/content/doulas/\([^/]*\)/.*|\1|p')
-            fi
-          else
-            SLUG=""
-          fi
-
-          curl -X POST https://doulacooperative.com/api/profile-deployment-webhook \
-            -H "Content-Type: application/json" \
-            -d "{\"commitMessage\":\"$COMMIT_MSG\",\"commitSha\":\"$COMMIT_SHA\",\"slug\":\"$SLUG\",\"secret\":\"${{ secrets.DEPLOY_WEBHOOK_SECRET }}\"}"
-        continue-on-error: true

.github/workflows/hugo-hosting-pull-request.yml

@@ -29,6 +29,11 @@ jobs:
       - name: Install dependencies
         run: bun install
 
+      - name: Sync profiles from Firestore
+        run: bun scripts/sync-profiles-to-hugo.ts
+        env:
+          FIREBASE_SERVICE_ACCOUNT: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_DOULA_COOPERATIVE }}
+
       - name: Build Hugo site with test Stripe configuration
         run: bun run build
         env:

.gitignore

@@ -36,6 +36,8 @@ report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
 # Hugo
 public
 hugo/resources
+# Profile directories are generated at build time from Firestore (sync-profiles-to-hugo.ts)
+hugo/content/doulas/*/
 
 # Firebase
 *-debug.log

bun.lock

@@ -13,6 +13,7 @@ import {
   getMemberLogic,
   listMembersLogic,
   refundMembershipLogic,
+  toggleProfileDraftLogic,
   updateClaimsLogic,
   updateMemberLogic,
 } from "../routes/index.js";
@@ -28,6 +29,7 @@ import {
   MemberIdParameterSchema,
   RefundMembershipApiResponseSchema,
   RefundMembershipBodySchema,
+  ToggleProfileDraftApiResponseSchema,
   UpdateClaimsApiResponseSchema,
   UpdateClaimsBodySchema,
   UpdateMemberApiResponseSchema,
@@ -145,6 +147,27 @@ export function createAdminMembersPlugin(services?: PartialServices) {
               response: CleanSlateApiResponseSchema,
             },
           )
+          // POST /:memberId/profile/toggle-draft - Toggle profile draft status (served at /api/admin/members/:memberId/profile/toggle-draft)
+          .post(
+            "/profile/toggle-draft",
+            async ({
+              params,
+              adminToken,
+              memberAdminService,
+              logger,
+              set,
+            }) =>
+              toggleProfileDraftLogic({
+                memberId: params.memberId,
+                adminUid: getAdminUid(adminToken, logger),
+                memberAdminService,
+                logger,
+                set,
+              }),
+            {
+              response: ToggleProfileDraftApiResponseSchema,
+            },
+          )
           // Membership management routes under /:memberId/membership
           .group("/membership", app =>
             app

functions/src/admin-members-api/plugins/admin-members-plugin.ts

@@ -5,5 +5,6 @@ export { extendMembershipLogic } from "./extend-membership.js";
 export { getMemberLogic } from "./get-member.js";
 export { listMembersLogic } from "./list-members.js";
 export { refundMembershipLogic } from "./refund-membership.js";
+export { toggleProfileDraftLogic } from "./toggle-profile-draft.js";
 export { updateClaimsLogic } from "./update-claims.js";
 export { updateMemberLogic } from "./update-member.js";

functions/src/admin-members-api/routes/index.ts

@@ -0,0 +1,221 @@
+import { describe, expect, it, mock } from "bun:test";
+import {
+  NotFoundError,
+  ValidationError,
+} from "../../shared-api/errors/http-error.js";
+import { handleRequest } from "../../test-utils/handle-request.js";
+import type { ToggleProfileDraftResult } from "../services/toggle-profile-draft.js";
+import { createAdminTestPlugin } from "../test-utils/create-admin-test-plugin.js";
+
+/**
+ * Tests for POST /:memberId/profile/toggle-draft.
+ *
+ * Uses createAdminTestPlugin() factory with mocked services.
+ */
+describe("POST /:memberId/profile/toggle-draft", () => {
+  interface SetupOptions {
+    memberId?: string;
+    authToken?: string | null;
+    memberNotFound?: boolean;
+    noSlug?: boolean;
+    profileNotFound?: boolean;
+    serverError?: boolean;
+    toggleResult?: ToggleProfileDraftResult;
+  }
+
+  function setup({
+    memberId = "test-member-id",
+    authToken = "admin-token",
+    memberNotFound = false,
+    noSlug = false,
+    profileNotFound = false,
+    serverError = false,
+    toggleResult,
+  }: SetupOptions = {}) {
+    const defaultResult: ToggleProfileDraftResult = {
+      slug: "test-slug",
+      draft: false,
+      hugoRebuildTriggered: true,
+    };
+
+    const mockToggleProfileDraft = mock(
+      (): Promise<ToggleProfileDraftResult> => {
+        if (memberNotFound) {
+          return Promise.reject(
+            new NotFoundError(`Member with ID ${memberId} not found`),
+          );
+        }
+        if (noSlug) {
+          return Promise.reject(
+            new ValidationError(
+              "Member does not have a profile slug. Cannot toggle draft status.",
+            ),
+          );
+        }
+        if (profileNotFound) {
+          return Promise.reject(
+            new NotFoundError("Profile not found for slug: test-slug"),
+          );
+        }
+        if (serverError) {
+          return Promise.reject(new Error("Firestore unavailable"));
+        }
+        return Promise.resolve(toggleResult ?? defaultResult);
+      },
+    );
+
+    const testApp = createAdminTestPlugin({
+      memberAdminService: {
+        toggleProfileDraft: mockToggleProfileDraft,
+      },
+    });
+
+    const headers: Record<string, string> = {};
+    if (authToken) {
+      headers["Authorization"] = `Bearer ${authToken}`;
+    }
+
+    const request = new Request(
+      `http://localhost/${memberId}/profile/toggle-draft`,
+      {
+        method: "POST",
+        headers,
+      },
+    );
+
+    return { testApp, request };
+  }
+
+  describe("Authentication", () => {
+    it("should return 401 when no authorization header is provided", async () => {
+      const { testApp, request } = setup({ authToken: null });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(401);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toBe("Missing Authorization header");
+    });
+
+    it("should return 403 when non-admin user tries to toggle draft", async () => {
+      const { testApp, request } = setup({ authToken: "non-admin-token" });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(403);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toBe("Admin privileges required");
+    });
+  });
+
+  describe("Successful toggle", () => {
+    it("should toggle draft to published and return success", async () => {
+      const { testApp, request } = setup({
+        toggleResult: {
+          slug: "jane-doe",
+          draft: false,
+          hugoRebuildTriggered: true,
+        },
+      });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as {
+        success?: boolean;
+        slug?: string;
+        draft?: boolean;
+        warning?: string;
+      };
+      expect(body.success).toBe(true);
+      expect(body.slug).toBe("jane-doe");
+      expect(body.draft).toBe(false);
+      expect(body.warning).toBeUndefined();
+    });
+
+    it("should toggle draft to unpublished and return success", async () => {
+      const { testApp, request } = setup({
+        toggleResult: {
+          slug: "jane-doe",
+          draft: true,
+          hugoRebuildTriggered: true,
+        },
+      });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as {
+        success?: boolean;
+        slug?: string;
+        draft?: boolean;
+      };
+      expect(body.success).toBe(true);
+      expect(body.slug).toBe("jane-doe");
+      expect(body.draft).toBe(true);
+    });
+
+    it("should include warning when Hugo rebuild fails", async () => {
+      const { testApp, request } = setup({
+        toggleResult: {
+          slug: "jane-doe",
+          draft: false,
+          hugoRebuildTriggered: false,
+        },
+      });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as {
+        success?: boolean;
+        warning?: string;
+      };
+      expect(body.success).toBe(true);
+      expect(body.warning).toContain("Hugo rebuild failed");
+    });
+  });
+
+  describe("Error handling", () => {
+    it("should return 404 when member not found", async () => {
+      const { testApp, request } = setup({ memberNotFound: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(404);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toContain("not found");
+    });
+
+    it("should return 400 when member has no slug", async () => {
+      const { testApp, request } = setup({ noSlug: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(400);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toContain("profile slug");
+    });
+
+    it("should return 404 when profile not found", async () => {
+      const { testApp, request } = setup({ profileNotFound: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(404);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toContain("Profile not found");
+    });
+
+    it("should return 500 for unexpected errors", async () => {
+      const { testApp, request } = setup({ serverError: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(500);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toBeDefined();
+      expect(body.error).not.toContain("Firestore unavailable");
+    });
+  });
+});