ci: Bump version to 0.11.3 [skip ci]

- Removed direct return of json.data in favor of structured error handling.
- Implemented checks for success and data array in useActivityLogQuery, useBestSalePricesQuery, useBrandsQuery, useCategoriesQuery, useFlyerItemsForFlyersQuery, useFlyerItemsQuery, useFlyersQuery, useLeaderboardQuery, useMasterItemsQuery, usePriceHistoryQuery, useShoppingListsQuery, useSuggestedCorrectionsQuery, and useWatchedItemsQuery.
- Updated unit tests to reflect changes in expected behavior when API response does not conform to the expected structure.
- Updated package.json to use the latest version of @sentry/vite-plugin.
- Adjusted vite.config.ts for local development SSL configuration.
- Added self-signed SSL certificate and key for local development.

.claude/settings.local.json

@@ -98,7 +98,8 @@
       "Bash(ssh:*)",
       "mcp__redis__list",
       "Read(//d/gitea/bugsink-mcp/**)",
-      "Bash(d:/nodejs/npm.cmd install)"
+      "Bash(d:/nodejs/npm.cmd install)",
+      "Bash(node node_modules/vitest/vitest.mjs run:*)"
     ]
   }
 }

.env.example

@@ -102,3 +102,13 @@ VITE_SENTRY_ENABLED=true
 # Enable debug mode for SDK troubleshooting (default: false)
 SENTRY_DEBUG=false
 VITE_SENTRY_DEBUG=false
+
+# ===================
+# Source Maps Upload (ADR-015)
+# ===================
+# Auth token for uploading source maps to Bugsink
+# Create at: https://bugsink.projectium.com (Settings > API Keys)
+# Required for de-minified stack traces in error reports
+SENTRY_AUTH_TOKEN=
+# URL of your Bugsink instance (for source map uploads)
+SENTRY_URL=https://bugsink.projectium.com

.gitea/workflows/deploy-to-prod.yml

@@ -87,11 +87,22 @@ jobs:
           fi
 
       - name: Build React Application for Production
+        # Source Maps (ADR-015): If SENTRY_AUTH_TOKEN is set, the @sentry/vite-plugin will:
+        # 1. Generate hidden source maps during build
+        # 2. Upload them to Bugsink for error de-minification
+        # 3. Delete the .map files after upload (so they're not publicly accessible)
         run: |
           if [ -z "${{ secrets.VITE_GOOGLE_GENAI_API_KEY }}" ]; then
             echo "ERROR: The VITE_GOOGLE_GENAI_API_KEY secret is not set."
             exit 1
           fi
+
+          # Source map upload is optional - warn if not configured
+          if [ -z "${{ secrets.SENTRY_AUTH_TOKEN }}" ]; then
+            echo "WARNING: SENTRY_AUTH_TOKEN not set. Source maps will NOT be uploaded to Bugsink."
+            echo "         Errors will show minified stack traces. To fix, add SENTRY_AUTH_TOKEN to Gitea secrets."
+          fi
+
           GITEA_SERVER_URL="https://gitea.projectium.com"
           COMMIT_MESSAGE=$(git log -1 --grep="\[skip ci\]" --invert-grep --pretty=%s)
           PACKAGE_VERSION=$(node -p "require('./package.json').version")
@@ -101,6 +112,8 @@ jobs:
           VITE_SENTRY_DSN="${{ secrets.VITE_SENTRY_DSN }}" \
           VITE_SENTRY_ENVIRONMENT="production" \
           VITE_SENTRY_ENABLED="true" \
+          SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}" \
+          SENTRY_URL="https://bugsink.projectium.com" \
           VITE_API_BASE_URL=/api VITE_API_KEY=${{ secrets.VITE_GOOGLE_GENAI_API_KEY }} npm run build
 
       - name: Deploy Application to Production Server

.gitea/workflows/deploy-to-test.yml

@@ -374,6 +374,11 @@ jobs:
         # We set the environment variable directly in the command line for this step.
         # This maps the Gitea secret to the environment variable the application expects.
         # We also generate and inject the application version, commit URL, and commit message.
+        #
+        # Source Maps (ADR-015): If SENTRY_AUTH_TOKEN is set, the @sentry/vite-plugin will:
+        # 1. Generate hidden source maps during build
+        # 2. Upload them to Bugsink for error de-minification
+        # 3. Delete the .map files after upload (so they're not publicly accessible)
         run: |
           # Fail-fast check for the build-time secret.
           if [ -z "${{ secrets.VITE_GOOGLE_GENAI_API_KEY }}" ]; then
@@ -381,6 +386,12 @@ jobs:
             exit 1
           fi
 
+          # Source map upload is optional - warn if not configured
+          if [ -z "${{ secrets.SENTRY_AUTH_TOKEN }}" ]; then
+            echo "WARNING: SENTRY_AUTH_TOKEN not set. Source maps will NOT be uploaded to Bugsink."
+            echo "         Errors will show minified stack traces. To fix, add SENTRY_AUTH_TOKEN to Gitea secrets."
+          fi
+
           GITEA_SERVER_URL="https://gitea.projectium.com" # Your Gitea instance URL
           # Sanitize commit message to prevent shell injection or build breaks (removes quotes, backticks, backslashes, $)
           COMMIT_MESSAGE=$(git log -1 --grep="\[skip ci\]" --invert-grep --pretty=%s | tr -d '"`\\$')
@@ -391,6 +402,8 @@ jobs:
           VITE_SENTRY_DSN="${{ secrets.VITE_SENTRY_DSN_TEST }}" \
           VITE_SENTRY_ENVIRONMENT="test" \
           VITE_SENTRY_ENABLED="true" \
+          SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}" \
+          SENTRY_URL="https://bugsink.projectium.com" \
           VITE_API_BASE_URL="https://flyer-crawler-test.projectium.com/api" VITE_API_KEY=${{ secrets.VITE_GOOGLE_GENAI_API_KEY_TEST }} npm run build
 
       - name: Deploy Application to Test Server

CLAUDE.md

@@ -298,6 +298,7 @@ To add a new secret (e.g., `SENTRY_DSN`):
 - `GOOGLE_MAPS_API_KEY` - Google Maps
 - `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET` - Google OAuth
 - `GH_CLIENT_ID`, `GH_CLIENT_SECRET` - GitHub OAuth
+- `SENTRY_AUTH_TOKEN` - Bugsink API token for source map uploads (create at Settings > API Keys in Bugsink)
 
 **Production-specific:**
 
@@ -332,7 +333,7 @@ The test environment (`flyer-crawler-test.projectium.com`) uses **both** Gitea C
 
 | User                 | Database             | Purpose    |
 | -------------------- | -------------------- | ---------- |
-| `flyer_crawler_prod` | `flyer-crawler`      | Production |
+| `flyer_crawler_prod` | `flyer-crawler-prod` | Production |
 | `flyer_crawler_test` | `flyer-crawler-test` | Testing    |
 
 **Required Setup Commands** (run as `postgres` superuser):

DATABASE.md

@@ -14,6 +14,17 @@ Flyer Crawler uses PostgreSQL with several extensions for full-text search, geog
 
 ---
 
+## Database Users
+
+This project uses **environment-specific database users** to isolate production and test environments:
+
+| User                 | Database             | Purpose    |
+| -------------------- | -------------------- | ---------- |
+| `flyer_crawler_prod` | `flyer-crawler-prod` | Production |
+| `flyer_crawler_test` | `flyer-crawler-test` | Testing    |
+
+---
+
 ## Production Database Setup
 
 ### Step 1: Install PostgreSQL
@@ -34,15 +45,19 @@ sudo -u postgres psql
 Run the following SQL commands (replace `'a_very_strong_password'` with a secure password):
 
 ```sql
--- Create a new role for your application
-CREATE ROLE flyer_crawler_user WITH LOGIN PASSWORD 'a_very_strong_password';
+-- Create the production role
+CREATE ROLE flyer_crawler_prod WITH LOGIN PASSWORD 'a_very_strong_password';
 
 -- Create the production database
-CREATE DATABASE "flyer-crawler-prod" WITH OWNER = flyer_crawler_user;
+CREATE DATABASE "flyer-crawler-prod" WITH OWNER = flyer_crawler_prod;
 
 -- Connect to the new database
 \c "flyer-crawler-prod"
 
+-- Grant schema privileges
+ALTER SCHEMA public OWNER TO flyer_crawler_prod;
+GRANT CREATE, USAGE ON SCHEMA public TO flyer_crawler_prod;
+
 -- Install required extensions (must be done as superuser)
 CREATE EXTENSION IF NOT EXISTS postgis;
 CREATE EXTENSION IF NOT EXISTS pg_trgm;
@@ -57,7 +72,7 @@ CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
 Navigate to your project directory and run:
 
 ```bash
-psql -U flyer_crawler_user -d "flyer-crawler-prod" -f sql/master_schema_rollup.sql
+psql -U flyer_crawler_prod -d "flyer-crawler-prod" -f sql/master_schema_rollup.sql
 ```
 
 This creates all tables, functions, triggers, and seeds essential data (categories, master items).
@@ -67,7 +82,7 @@ This creates all tables, functions, triggers, and seeds essential data (categori
 Set the required environment variables and run the seed script:
 
 ```bash
-export DB_USER=flyer_crawler_user
+export DB_USER=flyer_crawler_prod
 export DB_PASSWORD=your_password
 export DB_NAME="flyer-crawler-prod"
 export DB_HOST=localhost
@@ -88,20 +103,24 @@ sudo -u postgres psql
 ```
 
 ```sql
+-- Create the test role
+CREATE ROLE flyer_crawler_test WITH LOGIN PASSWORD 'a_very_strong_password';
+
 -- Create the test database
-CREATE DATABASE "flyer-crawler-test" WITH OWNER = flyer_crawler_user;
+CREATE DATABASE "flyer-crawler-test" WITH OWNER = flyer_crawler_test;
 
 -- Connect to the test database
 \c "flyer-crawler-test"
 
+-- Grant schema privileges (required for test runner to reset schema)
+ALTER SCHEMA public OWNER TO flyer_crawler_test;
+GRANT CREATE, USAGE ON SCHEMA public TO flyer_crawler_test;
+
 -- Install required extensions
 CREATE EXTENSION IF NOT EXISTS postgis;
 CREATE EXTENSION IF NOT EXISTS pg_trgm;
 CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
 
--- Grant schema ownership (required for test runner to reset schema)
-ALTER SCHEMA public OWNER TO flyer_crawler_user;
-
 -- Exit
 \q
 ```
@@ -110,12 +129,28 @@ ALTER SCHEMA public OWNER TO flyer_crawler_user;
 
 Ensure these secrets are set in your Gitea repository settings:
 
-| Secret        | Description                                |
-| ------------- | ------------------------------------------ |
-| `DB_HOST`     | Database hostname (e.g., `localhost`)      |
-| `DB_PORT`     | Database port (e.g., `5432`)               |
-| `DB_USER`     | Database user (e.g., `flyer_crawler_user`) |
-| `DB_PASSWORD` | Database password                          |
+**Shared:**
+
+| Secret    | Description                           |
+| --------- | ------------------------------------- |
+| `DB_HOST` | Database hostname (e.g., `localhost`) |
+| `DB_PORT` | Database port (e.g., `5432`)          |
+
+**Production-specific:**
+
+| Secret             | Description                                     |
+| ------------------ | ----------------------------------------------- |
+| `DB_USER_PROD`     | Production database user (`flyer_crawler_prod`) |
+| `DB_PASSWORD_PROD` | Production database password                    |
+| `DB_DATABASE_PROD` | Production database name (`flyer-crawler-prod`) |
+
+**Test-specific:**
+
+| Secret             | Description                               |
+| ------------------ | ----------------------------------------- |
+| `DB_USER_TEST`     | Test database user (`flyer_crawler_test`) |
+| `DB_PASSWORD_TEST` | Test database password                    |
+| `DB_DATABASE_TEST` | Test database name (`flyer-crawler-test`) |
 
 ---
 
@@ -135,7 +170,7 @@ This approach is faster than creating/destroying databases and doesn't require s
 ## Connecting to Production Database
 
 ```bash
-psql -h localhost -U flyer_crawler_user -d "flyer-crawler-prod" -W
+psql -h localhost -U flyer_crawler_prod -d "flyer-crawler-prod" -W
 ```
 
 ---
@@ -171,13 +206,13 @@ POSTGIS="3.2.0 c3e3cc0" GEOS="3.10.2-CAPI-1.16.0" PROJ="8.2.1"
 ### Create a Backup
 
 ```bash
-pg_dump -U flyer_crawler_user -d "flyer-crawler-prod" -F c -f backup.dump
+pg_dump -U flyer_crawler_prod -d "flyer-crawler-prod" -F c -f backup.dump
 ```
 
 ### Restore from Backup
 
 ```bash
-pg_restore -U flyer_crawler_user -d "flyer-crawler-prod" -c backup.dump
+pg_restore -U flyer_crawler_prod -d "flyer-crawler-prod" -c backup.dump
 ```
 
 ---

README.md

@@ -61,14 +61,16 @@ See [INSTALL.md](INSTALL.md) for detailed setup instructions.
 
 This project uses environment variables for configuration (no `.env` files). Key variables:
 
-| Variable                            | Description                      |
-| ----------------------------------- | -------------------------------- |
-| `DB_HOST`, `DB_USER`, `DB_PASSWORD` | PostgreSQL credentials           |
-| `DB_DATABASE_PROD`                  | Production database name         |
-| `JWT_SECRET`                        | Authentication token signing key |
-| `VITE_GOOGLE_GENAI_API_KEY`         | Google Gemini API key            |
-| `GOOGLE_MAPS_API_KEY`               | Google Maps Geocoding API key    |
-| `REDIS_PASSWORD_PROD`               | Redis password                   |
+| Variable                                     | Description                      |
+| -------------------------------------------- | -------------------------------- |
+| `DB_HOST`                                    | PostgreSQL host                  |
+| `DB_USER_PROD`, `DB_PASSWORD_PROD`           | Production database credentials  |
+| `DB_USER_TEST`, `DB_PASSWORD_TEST`           | Test database credentials        |
+| `DB_DATABASE_PROD`, `DB_DATABASE_TEST`       | Database names                   |
+| `JWT_SECRET`                                 | Authentication token signing key |
+| `VITE_GOOGLE_GENAI_API_KEY`                  | Google Gemini API key            |
+| `GOOGLE_MAPS_API_KEY`                        | Google Maps Geocoding API key    |
+| `REDIS_PASSWORD_PROD`, `REDIS_PASSWORD_TEST` | Redis passwords                  |
 
 See [INSTALL.md](INSTALL.md) for the complete list.
 

certs/localhost.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAfGgAwIBAgIUHhZUK1vmww2wCepWPuVcU6d27hMwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI2MDExODAyMzM0NFoXDTI3MDEx
+ODAyMzM0NFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuUJGtSZzd+ZpLi+efjrkxJJNfVxVz2VLhknNM2WKeOYx
+JTK/VaTYq5hrczy6fEUnMhDAJCgEPUFlOK3vn1gFJKNMN8m7arkLVk6PYtrx8CTw
+w78Q06FLITr6hR0vlJNpN4MsmGxYwUoUpn1j5JdfZF7foxNAZRiwoopf7ZJxltDu
+PIuFjmVZqdzR8c6vmqIqdawx/V6sL9fizZr+CDH3oTsTUirn2qM+1ibBtPDiBvfX
+omUsr6MVOcTtvnMvAdy9NfV88qwF7MEWBGCjXkoT1bKCLD8hjn8l7GjRmPcmMFE2
+GqWEvfJiFkBK0CgSHYEUwzo0UtVNeQr0k0qkDRub6QIDAQABo1MwUTAdBgNVHQ4E
+FgQU5VeD67yFLV0QNYbHaJ6u9cM6UbkwHwYDVR0jBBgwFoAU5VeD67yFLV0QNYbH
+aJ6u9cM6UbkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEABueA
+8ujAD+yjeP5dTgqQH1G0hlriD5LmlJYnktaLarFU+y+EZlRFwjdORF/vLPwSG+y7
+CLty/xlmKKQop70QzQ5jtJcsWzUjww8w1sO3AevfZlIF3HNhJmt51ihfvtJ7DVCv
+CNyMeYO0pBqRKwOuhbG3EtJgyV7MF8J25UEtO4t+GzX3jcKKU4pWP+kyLBVfeDU3
+MQuigd2LBwBQQFxZdpYpcXVKnAJJlHZIt68ycO1oSBEJO9fIF0CiAlC6ITxjtYtz
+oCjd6cCLKMJiC6Zg7t1Q17vGl+FdGyQObSsiYsYO9N3CVaeDdpyGCH0Rfa0+oZzu
+a5U9/l1FHlvpX980bw==
+-----END CERTIFICATE-----

certs/localhost.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5Qka1JnN35mku
+L55+OuTEkk19XFXPZUuGSc0zZYp45jElMr9VpNirmGtzPLp8RScyEMAkKAQ9QWU4
+re+fWAUko0w3ybtquQtWTo9i2vHwJPDDvxDToUshOvqFHS+Uk2k3gyyYbFjBShSm
+fWPkl19kXt+jE0BlGLCiil/tknGW0O48i4WOZVmp3NHxzq+aoip1rDH9Xqwv1+LN
+mv4IMfehOxNSKufaoz7WJsG08OIG99eiZSyvoxU5xO2+cy8B3L019XzyrAXswRYE
+YKNeShPVsoIsPyGOfyXsaNGY9yYwUTYapYS98mIWQErQKBIdgRTDOjRS1U15CvST
+SqQNG5vpAgMBAAECggEAAnv0Dw1Mv+rRy4ZyxtObEVPXPRzoxnDDXzHP4E16BTye
+Fc/4pSBUIAUn2bPvLz0/X8bMOa4dlDcIv7Eu9Pvns8AY70vMaUReA80fmtHVD2xX
+1PCT0X3InnxRAYKstSIUIGs+aHvV5Z+iJ8F82soOStN1MU56h+JLWElL5deCPHq3
+tLZT8wM9aOZlNG72kJ71+DlcViahynQj8+VrionOLNjTJ2Jv/ByjM3GMIuSdBrgd
+Sl4YAcdn6ontjJGoTgI+e+qkBAPwMZxHarNGQgbS0yNVIJe7Lq4zIKHErU/ZSmpD
+GzhdVNzhrjADNIDzS7G+pxtz+aUxGtmRvOyopy8GAQKBgQDEPp2mRM+uZVVT4e1j
+pkKO1c3O8j24I5mGKwFqhhNs3qGy051RXZa0+cQNx63GokXQan9DIXzc/Il7Y72E
+z9bCFbcSWnlP8dBIpWiJm+UmqLXRyY4N8ecNnzL5x+Tuxm5Ij+ixJwXgdz/TLNeO
+MBzu+Qy738/l/cAYxwcF7mR7AQKBgQDxq1F95HzCxBahRU9OGUO4s3naXqc8xKCC
+m3vbbI8V0Exse2cuiwtlPPQWzTPabLCJVvCGXNru98sdeOu9FO9yicwZX0knOABK
+QfPyDeITsh2u0C63+T9DNn6ixI/T68bTs7DHawEYbpS7bR50BnbHbQrrOAo6FSXF
+yC7+Te+o6QKBgQCXEWSmo/4D0Dn5Usg9l7VQ40GFd3EPmUgLwntal0/I1TFAyiom
+gpcLReIogXhCmpSHthO1h8fpDfZ/p+4ymRRHYBQH6uHMKugdpEdu9zVVpzYgArp5
+/afSEqVZJwoSzWoELdQA23toqiPV2oUtDdiYFdw5nDccY1RHPp8nb7amAQKBgQDj
+f4DhYDxKJMmg21xCiuoDb4DgHoaUYA0xpii8cL9pq4KmBK0nVWFO1kh5Robvsa2m
+PB+EfNjkaIPepLxWbOTUEAAASoDU2JT9UoTQcl1GaUAkFnpEWfBB14TyuNMkjinH
+lLpvn72SQFbm8VvfoU4jgfTrZP/LmajLPR1v6/IWMQKBgBh9qvOTax/GugBAWNj3
+ZvF99rHOx0rfotEdaPcRN66OOiSWILR9yfMsTvwt1V0VEj7OqO9juMRFuIyB57gd
+Hs/zgbkuggqjr1dW9r22P/UpzpodAEEN2d52RSX8nkMOkH61JXlH2MyRX65kdExA
+VkTDq6KwomuhrU3z0+r/MSOn
+-----END PRIVATE KEY-----

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "flyer-crawler",
-  "version": "0.9.115",
+  "version": "0.11.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "flyer-crawler",
-      "version": "0.9.115",
+      "version": "0.11.3",
       "dependencies": {
         "@bull-board/api": "^6.14.2",
         "@bull-board/express": "^6.14.2",
@@ -55,6 +55,7 @@
         "zxing-wasm": "^2.2.4"
       },
       "devDependencies": {
+        "@sentry/vite-plugin": "^4.6.2",
         "@tailwindcss/postcss": "4.1.17",
         "@tanstack/react-query-devtools": "^5.91.2",
         "@testcontainers/postgresql": "^11.8.1",
@@ -4634,6 +4635,16 @@
         "node": ">=18"
       }
     },
+    "node_modules/@sentry/babel-plugin-component-annotate": {
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/@sentry/babel-plugin-component-annotate/-/babel-plugin-component-annotate-4.6.2.tgz",
+      "integrity": "sha512-6VTjLJXtIHKwxMmThtZKwi1+hdklLNzlbYH98NhbH22/Vzb/c6BlSD2b5A0NGN9vFB807rD4x4tuP+Su7BxQXQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
     "node_modules/@sentry/browser": {
       "version": "10.32.1",
       "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-10.32.1.tgz",
@@ -4650,6 +4661,258 @@
         "node": ">=18"
       }
     },
+    "node_modules/@sentry/bundler-plugin-core": {
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/@sentry/bundler-plugin-core/-/bundler-plugin-core-4.6.2.tgz",
+      "integrity": "sha512-JkOc3JkVzi/fbXsFp8R9uxNKmBrPRaU4Yu4y1i3ihWfugqymsIYaN0ixLENZbGk2j4xGHIk20PAJzBJqBMTHew==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/core": "^7.18.5",
+        "@sentry/babel-plugin-component-annotate": "4.6.2",
+        "@sentry/cli": "^2.57.0",
+        "dotenv": "^16.3.1",
+        "find-up": "^5.0.0",
+        "glob": "^10.5.0",
+        "magic-string": "0.30.8",
+        "unplugin": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/@sentry/bundler-plugin-core/node_modules/glob": {
+      "version": "10.5.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
+      "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "foreground-child": "^3.1.0",
+        "jackspeak": "^3.1.2",
+        "minimatch": "^9.0.4",
+        "minipass": "^7.1.2",
+        "package-json-from-dist": "^1.0.0",
+        "path-scurry": "^1.11.1"
+      },
+      "bin": {
+        "glob": "dist/esm/bin.mjs"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/@sentry/bundler-plugin-core/node_modules/lru-cache": {
+      "version": "10.4.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
+      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/@sentry/bundler-plugin-core/node_modules/magic-string": {
+      "version": "0.30.8",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.8.tgz",
+      "integrity": "sha512-ISQTe55T2ao7XtlAStud6qwYPZjE4GK1S/BeVPus4jrq6JuOnQ00YKQC581RWhR122W7msZV263KzVeLoqidyQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.4.15"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@sentry/bundler-plugin-core/node_modules/path-scurry": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
+      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "lru-cache": "^10.2.0",
+        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/@sentry/cli": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli/-/cli-2.58.4.tgz",
+      "integrity": "sha512-ArDrpuS8JtDYEvwGleVE+FgR+qHaOp77IgdGSacz6SZy6Lv90uX0Nu4UrHCQJz8/xwIcNxSqnN22lq0dH4IqTg==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "FSL-1.1-MIT",
+      "dependencies": {
+        "https-proxy-agent": "^5.0.0",
+        "node-fetch": "^2.6.7",
+        "progress": "^2.0.3",
+        "proxy-from-env": "^1.1.0",
+        "which": "^2.0.2"
+      },
+      "bin": {
+        "sentry-cli": "bin/sentry-cli"
+      },
+      "engines": {
+        "node": ">= 10"
+      },
+      "optionalDependencies": {
+        "@sentry/cli-darwin": "2.58.4",
+        "@sentry/cli-linux-arm": "2.58.4",
+        "@sentry/cli-linux-arm64": "2.58.4",
+        "@sentry/cli-linux-i686": "2.58.4",
+        "@sentry/cli-linux-x64": "2.58.4",
+        "@sentry/cli-win32-arm64": "2.58.4",
+        "@sentry/cli-win32-i686": "2.58.4",
+        "@sentry/cli-win32-x64": "2.58.4"
+      }
+    },
+    "node_modules/@sentry/cli-darwin": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli-darwin/-/cli-darwin-2.58.4.tgz",
+      "integrity": "sha512-kbTD+P4X8O+nsNwPxCywtj3q22ecyRHWff98rdcmtRrvwz8CKi/T4Jxn/fnn2i4VEchy08OWBuZAqaA5Kh2hRQ==",
+      "dev": true,
+      "license": "FSL-1.1-MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@sentry/cli-linux-arm": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli-linux-arm/-/cli-linux-arm-2.58.4.tgz",
+      "integrity": "sha512-rdQ8beTwnN48hv7iV7e7ZKucPec5NJkRdrrycMJMZlzGBPi56LqnclgsHySJ6Kfq506A2MNuQnKGaf/sBC9REA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "FSL-1.1-MIT",
+      "optional": true,
+      "os": [
+        "linux",
+        "freebsd",
+        "android"
+      ],
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@sentry/cli-linux-arm64": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli-linux-arm64/-/cli-linux-arm64-2.58.4.tgz",
+      "integrity": "sha512-0g0KwsOozkLtzN8/0+oMZoOuQ0o7W6O+hx+ydVU1bktaMGKEJLMAWxOQNjsh1TcBbNIXVOKM/I8l0ROhaAb8Ig==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "FSL-1.1-MIT",
+      "optional": true,
+      "os": [
+        "linux",
+        "freebsd",
+        "android"
+      ],
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@sentry/cli-linux-i686": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli-linux-i686/-/cli-linux-i686-2.58.4.tgz",
+      "integrity": "sha512-NseoIQAFtkziHyjZNPTu1Gm1opeQHt7Wm1LbLrGWVIRvUOzlslO9/8i6wETUZ6TjlQxBVRgd3Q0lRBG2A8rFYA==",
+      "cpu": [
+        "x86",
+        "ia32"
+      ],
+      "dev": true,
+      "license": "FSL-1.1-MIT",
+      "optional": true,
+      "os": [
+        "linux",
+        "freebsd",
+        "android"
+      ],
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@sentry/cli-linux-x64": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli-linux-x64/-/cli-linux-x64-2.58.4.tgz",
+      "integrity": "sha512-d3Arz+OO/wJYTqCYlSN3Ktm+W8rynQ/IMtSZLK8nu0ryh5mJOh+9XlXY6oDXw4YlsM8qCRrNquR8iEI1Y/IH+Q==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "FSL-1.1-MIT",
+      "optional": true,
+      "os": [
+        "linux",
+        "freebsd",
+        "android"
+      ],
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@sentry/cli-win32-arm64": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli-win32-arm64/-/cli-win32-arm64-2.58.4.tgz",
+      "integrity": "sha512-bqYrF43+jXdDBh0f8HIJU3tbvlOFtGyRjHB8AoRuMQv9TEDUfENZyCelhdjA+KwDKYl48R1Yasb4EHNzsoO83w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "FSL-1.1-MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@sentry/cli-win32-i686": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli-win32-i686/-/cli-win32-i686-2.58.4.tgz",
+      "integrity": "sha512-3triFD6jyvhVcXOmGyttf+deKZcC1tURdhnmDUIBkiDPJKGT/N5xa4qAtHJlAB/h8L9jgYih9bvJnvvFVM7yug==",
+      "cpu": [
+        "x86",
+        "ia32"
+      ],
+      "dev": true,
+      "license": "FSL-1.1-MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@sentry/cli-win32-x64": {
+      "version": "2.58.4",
+      "resolved": "https://registry.npmjs.org/@sentry/cli-win32-x64/-/cli-win32-x64-2.58.4.tgz",
+      "integrity": "sha512-cSzN4PjM1RsCZ4pxMjI0VI7yNCkxiJ5jmWncyiwHXGiXrV1eXYdQ3n1LhUYLZ91CafyprR0OhDcE+RVZ26Qb5w==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "FSL-1.1-MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@sentry/core": {
       "version": "10.32.1",
       "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.32.1.tgz",
@@ -4765,6 +5028,20 @@
         "react": "^16.14.0 || 17.x || 18.x || 19.x"
       }
     },
+    "node_modules/@sentry/vite-plugin": {
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/@sentry/vite-plugin/-/vite-plugin-4.6.2.tgz",
+      "integrity": "sha512-hK9N50LlTaPlb2P1r87CFupU7MJjvtrp+Js96a2KDdiP8ViWnw4Gsa/OvA0pkj2wAFXFeBQMLS6g/SktTKG54w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@sentry/bundler-plugin-core": "4.6.2",
+        "unplugin": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
     "node_modules/@smithy/abort-controller": {
       "version": "4.2.7",
       "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-4.2.7.tgz",
@@ -7036,6 +7313,33 @@
         "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
+    "node_modules/anymatch": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz",
+      "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/anymatch/node_modules/picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
     "node_modules/append-field": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz",
@@ -7691,6 +7995,19 @@
         "node": "*"
       }
     },
+    "node_modules/binary-extensions": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
+      "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/bl": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz",
@@ -8153,6 +8470,44 @@
         "node": ">=8"
       }
     },
+    "node_modules/chokidar": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
+      "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      },
+      "engines": {
+        "node": ">= 8.10.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/chokidar/node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
     "node_modules/chownr": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz",
@@ -9216,6 +9571,19 @@
       "license": "MIT",
       "peer": true
     },
+    "node_modules/dotenv": {
+      "version": "16.6.1",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.6.1.tgz",
+      "integrity": "sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://dotenvx.com"
+      }
+    },
     "node_modules/dunder-proto": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
@@ -11615,6 +11983,19 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "binary-extensions": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/is-boolean-object": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.2.2.tgz",
@@ -15197,6 +15578,16 @@
       ],
       "license": "MIT"
     },
+    "node_modules/progress": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz",
+      "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
     "node_modules/prop-types": {
       "version": "15.8.1",
       "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
@@ -15303,6 +15694,13 @@
         "node": ">= 0.10"
       }
     },
+    "node_modules/proxy-from-env": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/pump": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.3.tgz",
@@ -15567,6 +15965,32 @@
         "node": ">=10"
       }
     },
+    "node_modules/readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "picomatch": "^2.2.1"
+      },
+      "engines": {
+        "node": ">=8.10.0"
+      }
+    },
+    "node_modules/readdirp/node_modules/picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
     "node_modules/real-require": {
       "version": "0.2.0",
       "resolved": "https://registry.npmjs.org/real-require/-/real-require-0.2.0.tgz",
@@ -17782,6 +18206,19 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/unplugin": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/unplugin/-/unplugin-1.0.1.tgz",
+      "integrity": "sha512-aqrHaVBWW1JVKBHmGo33T5TxeL0qWzfvjWokObHA9bYmN7eNDkwOxmLjhioHl9878qDFMAaT51XNroRyuz7WxA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "acorn": "^8.8.1",
+        "chokidar": "^3.5.3",
+        "webpack-sources": "^3.2.3",
+        "webpack-virtual-modules": "^0.5.0"
+      }
+    },
     "node_modules/until-async": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/until-async/-/until-async-3.0.2.tgz",
@@ -18110,6 +18547,23 @@
         "node": ">=20"
       }
     },
+    "node_modules/webpack-sources": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.3.tgz",
+      "integrity": "sha512-yd1RBzSGanHkitROoPFd6qsrxt+oFhg/129YzheDGqeustzX0vTZJZsSsQjVQC4yzBQ56K55XU8gaNCtIzOnTg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/webpack-virtual-modules": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/webpack-virtual-modules/-/webpack-virtual-modules-0.5.0.tgz",
+      "integrity": "sha512-kyDivFZ7ZM0BVOUteVbDFhlRt7Ah/CSPwJdi8hBpkK7QLumUqdLtVfm/PX/hkcnrvr0i77fO5+TjZ94Pe+C9iw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/whatwg-encoding": {
       "version": "3.1.1",
       "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz",

package.json

@@ -1,7 +1,7 @@
 {
   "name": "flyer-crawler",
   "private": true,
-  "version": "0.9.115",
+  "version": "0.11.3",
   "type": "module",
   "scripts": {
     "dev": "concurrently \"npm:start:dev\" \"vite\"",
@@ -75,6 +75,7 @@
     "zxing-wasm": "^2.2.4"
   },
   "devDependencies": {
+    "@sentry/vite-plugin": "^4.6.2",
     "@tailwindcss/postcss": "4.1.17",
     "@tanstack/react-query-devtools": "^5.91.2",
     "@testcontainers/postgresql": "^11.8.1",

sql/fix_permissions.sql

@@ -10,11 +10,16 @@
 -- Usage:
 -- Connect to the database as a superuser (e.g., 'postgres') and run this
 -- entire script.
+--
+-- IMPORTANT: Set the new_owner variable to the appropriate user:
+--   - For production: 'flyer_crawler_prod'
+--   - For test: 'flyer_crawler_test'
 
 DO $$
 DECLARE
     -- Define the new owner for all objects.
-    new_owner TEXT := 'flyer_crawler_user';
+    -- Change this to 'flyer_crawler_test' when running against the test database.
+    new_owner TEXT := 'flyer_crawler_prod';
     
     -- Variables for iterating through object names.
     tbl_name TEXT;
@@ -81,7 +86,7 @@ END $$;
 -- 
 --         -- Construct and execute the ALTER FUNCTION statement using the full signature.
 --         -- This command is now unambiguous and will work for all functions, including overloaded ones.
---         EXECUTE format('ALTER FUNCTION %s OWNER TO flyer_crawler_user;', func_signature);
+--         EXECUTE format('ALTER FUNCTION %s OWNER TO flyer_crawler_prod;', func_signature);
 --     END LOOP;
 -- END $$;
 

src/hooks/queries/useActivityLogQuery.test.tsx

@@ -31,9 +31,10 @@ describe('useActivityLogQuery', () => {
       { id: 1, action: 'user_login', timestamp: '2024-01-01T10:00:00Z' },
       { id: 2, action: 'flyer_uploaded', timestamp: '2024-01-01T11:00:00Z' },
     ];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchActivityLog.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockActivityLog),
+      json: () => Promise.resolve({ success: true, data: mockActivityLog }),
     } as Response);
 
     const { result } = renderHook(() => useActivityLogQuery(), { wrapper });
@@ -46,9 +47,10 @@ describe('useActivityLogQuery', () => {
 
   it('should fetch activity log with custom limit and offset', async () => {
     const mockActivityLog = [{ id: 3, action: 'item_added', timestamp: '2024-01-01T12:00:00Z' }];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchActivityLog.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockActivityLog),
+      json: () => Promise.resolve({ success: true, data: mockActivityLog }),
     } as Response);
 
     const { result } = renderHook(() => useActivityLogQuery(10, 5), { wrapper });
@@ -102,9 +104,10 @@ describe('useActivityLogQuery', () => {
   });
 
   it('should return empty array for no activity log entries', async () => {
+    // API returns wrapped response: { success: true, data: [] }
     mockedApiClient.fetchActivityLog.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve([]),
+      json: () => Promise.resolve({ success: true, data: [] }),
     } as Response);
 
     const { result } = renderHook(() => useActivityLogQuery(), { wrapper });

src/hooks/queries/useActivityLogQuery.ts

@@ -33,7 +33,13 @@ export const useActivityLogQuery = (limit: number = 20, offset: number = 0) => {
         throw new Error(error.message || 'Failed to fetch activity log');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     // Activity log changes frequently, keep stale time short
     staleTime: 1000 * 30, // 30 seconds

src/hooks/queries/useApplicationStatsQuery.test.tsx

@@ -35,9 +35,10 @@ describe('useApplicationStatsQuery', () => {
       pendingCorrectionsCount: 10,
       recipeCount: 75,
     };
+    // API returns wrapped response: { success: true, data: {...} }
     mockedApiClient.getApplicationStats.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockStats),
+      json: () => Promise.resolve({ success: true, data: mockStats }),
     } as Response);
 
     const { result } = renderHook(() => useApplicationStatsQuery(), { wrapper });

src/hooks/queries/useApplicationStatsQuery.ts

@@ -31,7 +31,9 @@ export const useApplicationStatsQuery = () => {
         throw new Error(error.message || 'Failed to fetch application stats');
       }
 
-      return response.json();
+      const json = await response.json();
+      // API returns { success: true, data: {...} }, extract the data object
+      return json.data ?? json;
     },
     staleTime: 1000 * 60 * 2, // 2 minutes - stats change moderately, not as frequently as activity log
   });

src/hooks/queries/useAuthProfileQuery.ts

@@ -41,7 +41,9 @@ export const useAuthProfileQuery = (enabled: boolean = true) => {
         throw new Error(error.message || 'Failed to fetch user profile');
       }
 
-      return response.json();
+      const json = await response.json();
+      // API returns { success: true, data: {...} }, extract the data object
+      return json.data ?? json;
     },
     enabled: enabled && hasToken,
     staleTime: 1000 * 60 * 5, // 5 minutes

src/hooks/queries/useBestSalePricesQuery.ts

@@ -31,7 +31,13 @@ export const useBestSalePricesQuery = (enabled: boolean = true) => {
         throw new Error(error.message || 'Failed to fetch best sale prices');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     enabled,
     // Prices update when flyers change, keep fresh for 2 minutes

src/hooks/queries/useBrandsQuery.ts

@@ -27,7 +27,13 @@ export const useBrandsQuery = (enabled: boolean = true) => {
         throw new Error(error.message || 'Failed to fetch brands');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     enabled,
     staleTime: 1000 * 60 * 5, // 5 minutes - brands don't change frequently

src/hooks/queries/useCategoriesQuery.test.tsx

@@ -32,9 +32,10 @@ describe('useCategoriesQuery', () => {
       { category_id: 2, name: 'Bakery' },
       { category_id: 3, name: 'Produce' },
     ];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchCategories.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockCategories),
+      json: () => Promise.resolve({ success: true, data: mockCategories }),
     } as Response);
 
     const { result } = renderHook(() => useCategoriesQuery(), { wrapper });
@@ -88,9 +89,10 @@ describe('useCategoriesQuery', () => {
   });
 
   it('should return empty array for no categories', async () => {
+    // API returns wrapped response: { success: true, data: [] }
     mockedApiClient.fetchCategories.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve([]),
+      json: () => Promise.resolve({ success: true, data: [] }),
     } as Response);
 
     const { result } = renderHook(() => useCategoriesQuery(), { wrapper });

src/hooks/queries/useCategoriesQuery.ts

@@ -26,7 +26,13 @@ export const useCategoriesQuery = () => {
         throw new Error(error.message || 'Failed to fetch categories');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     staleTime: 1000 * 60 * 60, // 1 hour - categories rarely change
   });

src/hooks/queries/useFlyerItemCountQuery.ts

@@ -40,7 +40,9 @@ export const useFlyerItemCountQuery = (flyerIds: number[], enabled: boolean = tr
         throw new Error(error.message || 'Failed to count flyer items');
       }
 
-      return response.json();
+      const json = await response.json();
+      // API returns { success: true, data: {...} }, extract the data object
+      return json.data ?? json;
     },
     enabled: enabled && flyerIds.length > 0,
     // Count doesn't change frequently

src/hooks/queries/useFlyerItemsForFlyersQuery.ts

@@ -37,7 +37,13 @@ export const useFlyerItemsForFlyersQuery = (flyerIds: number[], enabled: boolean
         throw new Error(error.message || 'Failed to fetch flyer items');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     enabled: enabled && flyerIds.length > 0,
     // Flyer items don't change frequently once created

src/hooks/queries/useFlyerItemsQuery.test.tsx

@@ -31,9 +31,10 @@ describe('useFlyerItemsQuery', () => {
       { item_id: 1, name: 'Milk', price: 3.99, flyer_id: 42 },
       { item_id: 2, name: 'Bread', price: 2.49, flyer_id: 42 },
     ];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchFlyerItems.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve({ items: mockFlyerItems }),
+      json: () => Promise.resolve({ success: true, data: mockFlyerItems }),
     } as Response);
 
     const { result } = renderHook(() => useFlyerItemsQuery(42), { wrapper });
@@ -103,9 +104,10 @@ describe('useFlyerItemsQuery', () => {
   // respects the enabled condition. The guard exists as a defensive measure only.
 
   it('should return empty array when API returns no items', async () => {
+    // API returns wrapped response: { success: true, data: [] }
     mockedApiClient.fetchFlyerItems.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve({ items: [] }),
+      json: () => Promise.resolve({ success: true, data: [] }),
     } as Response);
 
     const { result } = renderHook(() => useFlyerItemsQuery(42), { wrapper });
@@ -115,16 +117,20 @@ describe('useFlyerItemsQuery', () => {
     expect(result.current.data).toEqual([]);
   });
 
-  it('should handle response without items property', async () => {
+  it('should return empty array when response lacks success/data structure (ADR-028)', async () => {
+    // ADR-028: API must return { success: true, data: [...] }
+    // Non-compliant responses return empty array to prevent .map() errors
+    const legacyItems = [{ item_id: 1, name: 'Legacy Item' }];
     mockedApiClient.fetchFlyerItems.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve({}),
+      json: () => Promise.resolve(legacyItems),
     } as Response);
 
     const { result } = renderHook(() => useFlyerItemsQuery(42), { wrapper });
 
     await waitFor(() => expect(result.current.isSuccess).toBe(true));
 
+    // Returns empty array when response doesn't match ADR-028 format
     expect(result.current.data).toEqual([]);
   });
 });

src/hooks/queries/useFlyerItemsQuery.ts

@@ -35,9 +35,13 @@ export const useFlyerItemsQuery = (flyerId: number | undefined) => {
         throw new Error(error.message || 'Failed to fetch flyer items');
       }
 
-      const data = await response.json();
-      // API returns { items: FlyerItem[] }
-      return data.items || [];
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     // Only run the query if we have a valid flyer ID
     enabled: !!flyerId,

src/hooks/queries/useFlyersQuery.test.tsx

@@ -31,9 +31,10 @@ describe('useFlyersQuery', () => {
       { flyer_id: 1, store_name: 'Store A', valid_from: '2024-01-01', valid_to: '2024-01-07' },
       { flyer_id: 2, store_name: 'Store B', valid_from: '2024-01-01', valid_to: '2024-01-07' },
     ];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchFlyers.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockFlyers),
+      json: () => Promise.resolve({ success: true, data: mockFlyers }),
     } as Response);
 
     const { result } = renderHook(() => useFlyersQuery(), { wrapper });
@@ -46,9 +47,10 @@ describe('useFlyersQuery', () => {
 
   it('should fetch flyers with custom limit and offset', async () => {
     const mockFlyers = [{ flyer_id: 3, store_name: 'Store C' }];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchFlyers.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockFlyers),
+      json: () => Promise.resolve({ success: true, data: mockFlyers }),
     } as Response);
 
     const { result } = renderHook(() => useFlyersQuery(10, 5), { wrapper });
@@ -102,9 +104,10 @@ describe('useFlyersQuery', () => {
   });
 
   it('should return empty array for no flyers', async () => {
+    // API returns wrapped response: { success: true, data: [] }
     mockedApiClient.fetchFlyers.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve([]),
+      json: () => Promise.resolve({ success: true, data: [] }),
     } as Response);
 
     const { result } = renderHook(() => useFlyersQuery(), { wrapper });

src/hooks/queries/useFlyersQuery.ts

@@ -32,7 +32,13 @@ export const useFlyersQuery = (limit: number = 20, offset: number = 0) => {
         throw new Error(error.message || 'Failed to fetch flyers');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     // Keep data fresh for 2 minutes since flyers don't change frequently
     staleTime: 1000 * 60 * 2,

src/hooks/queries/useLeaderboardQuery.ts

@@ -29,7 +29,13 @@ export const useLeaderboardQuery = (limit: number = 10, enabled: boolean = true)
         throw new Error(error.message || 'Failed to fetch leaderboard');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     enabled,
     staleTime: 1000 * 60 * 2, // 2 minutes - leaderboard can change moderately

src/hooks/queries/useMasterItemsQuery.test.tsx

@@ -32,9 +32,10 @@ describe('useMasterItemsQuery', () => {
       { master_item_id: 2, name: 'Bread', category: 'Bakery' },
       { master_item_id: 3, name: 'Eggs', category: 'Dairy' },
     ];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchMasterItems.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockMasterItems),
+      json: () => Promise.resolve({ success: true, data: mockMasterItems }),
     } as Response);
 
     const { result } = renderHook(() => useMasterItemsQuery(), { wrapper });
@@ -88,9 +89,10 @@ describe('useMasterItemsQuery', () => {
   });
 
   it('should return empty array for no master items', async () => {
+    // API returns wrapped response: { success: true, data: [] }
     mockedApiClient.fetchMasterItems.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve([]),
+      json: () => Promise.resolve({ success: true, data: [] }),
     } as Response);
 
     const { result } = renderHook(() => useMasterItemsQuery(), { wrapper });

src/hooks/queries/useMasterItemsQuery.ts

@@ -31,7 +31,13 @@ export const useMasterItemsQuery = () => {
         throw new Error(error.message || 'Failed to fetch master items');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     // Master items change infrequently, keep data fresh for 10 minutes
     staleTime: 1000 * 60 * 10,

src/hooks/queries/usePriceHistoryQuery.ts

@@ -34,7 +34,13 @@ export const usePriceHistoryQuery = (masterItemIds: number[], enabled: boolean =
         throw new Error(error.message || 'Failed to fetch price history');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     enabled: enabled && masterItemIds.length > 0,
     staleTime: 1000 * 60 * 10, // 10 minutes - historical data doesn't change frequently

src/hooks/queries/useShoppingListsQuery.test.tsx

@@ -31,9 +31,10 @@ describe('useShoppingListsQuery', () => {
       { shopping_list_id: 1, name: 'Weekly Groceries', items: [] },
       { shopping_list_id: 2, name: 'Party Supplies', items: [] },
     ];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchShoppingLists.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockShoppingLists),
+      json: () => Promise.resolve({ success: true, data: mockShoppingLists }),
     } as Response);
 
     const { result } = renderHook(() => useShoppingListsQuery(true), { wrapper });
@@ -98,9 +99,10 @@ describe('useShoppingListsQuery', () => {
   });
 
   it('should return empty array for no shopping lists', async () => {
+    // API returns wrapped response: { success: true, data: [] }
     mockedApiClient.fetchShoppingLists.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve([]),
+      json: () => Promise.resolve({ success: true, data: [] }),
     } as Response);
 
     const { result } = renderHook(() => useShoppingListsQuery(true), { wrapper });

src/hooks/queries/useShoppingListsQuery.ts

@@ -31,7 +31,13 @@ export const useShoppingListsQuery = (enabled: boolean) => {
         throw new Error(error.message || 'Failed to fetch shopping lists');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     enabled,
     // Keep data fresh for 1 minute since users actively manage shopping lists

src/hooks/queries/useSuggestedCorrectionsQuery.test.tsx

@@ -31,9 +31,10 @@ describe('useSuggestedCorrectionsQuery', () => {
       { correction_id: 1, item_name: 'Milk', suggested_name: 'Whole Milk', status: 'pending' },
       { correction_id: 2, item_name: 'Bread', suggested_name: 'White Bread', status: 'pending' },
     ];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.getSuggestedCorrections.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockCorrections),
+      json: () => Promise.resolve({ success: true, data: mockCorrections }),
     } as Response);
 
     const { result } = renderHook(() => useSuggestedCorrectionsQuery(), { wrapper });
@@ -87,9 +88,10 @@ describe('useSuggestedCorrectionsQuery', () => {
   });
 
   it('should return empty array for no corrections', async () => {
+    // API returns wrapped response: { success: true, data: [] }
     mockedApiClient.getSuggestedCorrections.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve([]),
+      json: () => Promise.resolve({ success: true, data: [] }),
     } as Response);
 
     const { result } = renderHook(() => useSuggestedCorrectionsQuery(), { wrapper });

src/hooks/queries/useSuggestedCorrectionsQuery.ts

@@ -26,7 +26,13 @@ export const useSuggestedCorrectionsQuery = () => {
         throw new Error(error.message || 'Failed to fetch suggested corrections');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     staleTime: 1000 * 60, // 1 minute - corrections change moderately
   });

src/hooks/queries/useUserAddressQuery.ts

@@ -36,7 +36,9 @@ export const useUserAddressQuery = (
         throw new Error(error.message || 'Failed to fetch user address');
       }
 
-      return response.json();
+      const json = await response.json();
+      // API returns { success: true, data: {...} }, extract the data object
+      return json.data ?? json;
     },
     enabled: enabled && !!addressId,
     staleTime: 1000 * 60 * 5, // 5 minutes - address data doesn't change frequently

src/hooks/queries/useUserProfileDataQuery.ts

@@ -48,8 +48,12 @@ export const useUserProfileDataQuery = (enabled: boolean = true) => {
         throw new Error(error.message || 'Failed to fetch user achievements');
       }
 
-      const profile: UserProfile = await profileRes.json();
-      const achievements: (UserAchievement & Achievement)[] = await achievementsRes.json();
+      const profileJson = await profileRes.json();
+      const achievementsJson = await achievementsRes.json();
+      // API returns { success: true, data: {...} }, extract the data
+      const profile: UserProfile = profileJson.data ?? profileJson;
+      const achievements: (UserAchievement & Achievement)[] =
+        achievementsJson.data ?? achievementsJson;
 
       return {
         profile,

src/hooks/queries/useWatchedItemsQuery.test.tsx

@@ -31,9 +31,10 @@ describe('useWatchedItemsQuery', () => {
       { master_item_id: 1, name: 'Milk', category: 'Dairy' },
       { master_item_id: 2, name: 'Bread', category: 'Bakery' },
     ];
+    // API returns wrapped response: { success: true, data: [...] }
     mockedApiClient.fetchWatchedItems.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve(mockWatchedItems),
+      json: () => Promise.resolve({ success: true, data: mockWatchedItems }),
     } as Response);
 
     const { result } = renderHook(() => useWatchedItemsQuery(true), { wrapper });
@@ -98,9 +99,10 @@ describe('useWatchedItemsQuery', () => {
   });
 
   it('should return empty array for no watched items', async () => {
+    // API returns wrapped response: { success: true, data: [] }
     mockedApiClient.fetchWatchedItems.mockResolvedValue({
       ok: true,
-      json: () => Promise.resolve([]),
+      json: () => Promise.resolve({ success: true, data: [] }),
     } as Response);
 
     const { result } = renderHook(() => useWatchedItemsQuery(true), { wrapper });

src/hooks/queries/useWatchedItemsQuery.ts

@@ -31,7 +31,13 @@ export const useWatchedItemsQuery = (enabled: boolean) => {
         throw new Error(error.message || 'Failed to fetch watched items');
       }
 
-      return response.json();
+      const json = await response.json();
+      // ADR-028: API returns { success: true, data: [...] }
+      // If success is false or data is not an array, return empty array to prevent .map() errors
+      if (!json.success || !Array.isArray(json.data)) {
+        return [];
+      }
+      return json.data;
     },
     enabled,
     // Keep data fresh for 1 minute since users actively manage watched items

src/tests/setup/globalApiMock.ts

@@ -19,21 +19,27 @@ import { vi } from 'vitest';
  *   // ... rest of the test
  * });
  */
+/**
+ * Helper to create a mock API response in the standard format.
+ * API responses are wrapped in { success: true, data: ... } per ADR-028.
+ */
+const mockApiResponse = <T>(data: T): Response =>
+  new Response(JSON.stringify({ success: true, data }));
+
 // Global mock for apiClient - provides defaults for tests using renderWithProviders.
 // Note: Individual test files must also call vi.mock() with their relative path.
 vi.mock('../../services/apiClient', () => ({
   // --- Provider Mocks (with default successful responses) ---
   // These are essential for any test using renderWithProviders, as AppProviders
   // will mount all these data providers.
-  fetchFlyers: vi.fn(() =>
-    Promise.resolve(new Response(JSON.stringify({ flyers: [], hasMore: false }))),
-  ),
-  fetchMasterItems: vi.fn(() => Promise.resolve(new Response(JSON.stringify([])))),
-  fetchWatchedItems: vi.fn(() => Promise.resolve(new Response(JSON.stringify([])))),
-  fetchShoppingLists: vi.fn(() => Promise.resolve(new Response(JSON.stringify([])))),
-  getAuthenticatedUserProfile: vi.fn(() => Promise.resolve(new Response(JSON.stringify(null)))),
-  fetchCategories: vi.fn(() => Promise.resolve(new Response(JSON.stringify([])))), // For CorrectionsPage
-  fetchAllBrands: vi.fn(() => Promise.resolve(new Response(JSON.stringify([])))), // For AdminBrandManager
+  // All responses use the standard API format: { success: true, data: ... }
+  fetchFlyers: vi.fn(() => Promise.resolve(mockApiResponse([]))),
+  fetchMasterItems: vi.fn(() => Promise.resolve(mockApiResponse([]))),
+  fetchWatchedItems: vi.fn(() => Promise.resolve(mockApiResponse([]))),
+  fetchShoppingLists: vi.fn(() => Promise.resolve(mockApiResponse([]))),
+  getAuthenticatedUserProfile: vi.fn(() => Promise.resolve(mockApiResponse(null))),
+  fetchCategories: vi.fn(() => Promise.resolve(mockApiResponse([]))), // For CorrectionsPage
+  fetchAllBrands: vi.fn(() => Promise.resolve(mockApiResponse([]))), // For AdminBrandManager
 
   // --- General Mocks (return empty vi.fn() by default) ---
   // These functions are commonly used and can be implemented in specific tests.

vite.config.ts

@@ -1,7 +1,22 @@
 // vite.config.ts
 import path from 'path';
+// import fs from 'fs'; // Unused when nginx handles SSL
 import { defineConfig } from 'vitest/config';
 import react from '@vitejs/plugin-react';
+import { sentryVitePlugin } from '@sentry/vite-plugin';
+
+// HTTPS configuration for local development (optional, disabled when using nginx proxy)
+// const httpsConfig = (() => {
+//   const keyPath = '/app/certs/localhost.key';
+//   const certPath = '/app/certs/localhost.crt';
+//   if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {
+//     return {
+//       key: fs.readFileSync(keyPath),
+//       cert: fs.readFileSync(certPath),
+//     };
+//   }
+//   return undefined;
+// })();
 
 // Ensure NODE_ENV is set to 'test' for all Vitest runs.
 process.env.NODE_ENV = 'test';
@@ -10,6 +25,13 @@ process.on('unhandledRejection', (reason, promise) => {
   console.error('Unhandled Rejection at:', promise, 'reason:', reason);
 });
 
+/**
+ * Determines if we should enable Sentry source map uploads.
+ * Only enabled during production builds with the required environment variables.
+ */
+const shouldUploadSourceMaps =
+  process.env.VITE_SENTRY_DSN && process.env.SENTRY_AUTH_TOKEN && process.env.NODE_ENV !== 'test';
+
 /**
  * This is the main configuration file for Vite and the Vitest 'unit' test project.
  * When running `vitest`, it is orchestrated by `vitest.workspace.ts`, which
@@ -18,10 +40,42 @@ process.on('unhandledRejection', (reason, promise) => {
 export default defineConfig({
   // Vite-specific configuration for the dev server, build, etc.
   // This is inherited by all Vitest projects.
-  plugins: [react()],
+  build: {
+    // Generate source maps for production builds (hidden = not referenced in built files)
+    // The Sentry plugin will upload them and then delete them
+    sourcemap: shouldUploadSourceMaps ? 'hidden' : false,
+  },
+  plugins: [
+    react(),
+    // Conditionally add Sentry plugin for production builds with source map upload
+    ...(shouldUploadSourceMaps
+      ? [
+          sentryVitePlugin({
+            // URL of the Bugsink instance (Sentry-compatible)
+            url: process.env.SENTRY_URL,
+
+            // Org and project are required by the API but Bugsink ignores them
+            org: 'flyer-crawler',
+            project: 'flyer-crawler-frontend',
+
+            // Auth token from environment variable
+            authToken: process.env.SENTRY_AUTH_TOKEN,
+
+            sourcemaps: {
+              // Delete source maps after upload to prevent public exposure
+              filesToDeleteAfterUpload: ['./dist/**/*.map'],
+            },
+
+            // Disable telemetry to Sentry
+            telemetry: false,
+          }),
+        ]
+      : []),
+  ],
   server: {
-    port: 3000,
+    port: 5173, // Internal port, nginx proxies on 3000
     host: '0.0.0.0',
+    // https: httpsConfig, // Disabled - nginx handles SSL
   },
   resolve: {
     alias: {