Same bug as backend — perRollMultiplier (0.05) was applied as a direct
multiplier on base roll cost in the admin shop EV simulation, making
everything appear exploitable (red).
- i18n: widen Translations type to accept any string values
- home: fix async onMount returning cleanup function
- CreateProjectModal: import Project from stores instead of local interface
- user profile: non-null assert githubUrl inside existence check
perRollMultiplier (default 0.05) was being applied as a direct multiplier
on the base roll cost, making everything cost 1-3 scraps instead of the
correct amount. It should only be used as an escalation factor per
previous roll: displayRollCost = baseRollCost * (1 + perRollMultiplier * rollCount)
- Restore handler now decrements shop_items.count for purchase/luck_win
orders (reverses the increment from delete), with GREATEST(..., 0) guard
- Delete handler now selects notes, isFulfilled, updatedAt so they're
included in the archived deleted_payload JSONB
- Restore INSERT now includes notes, is_fulfilled, updated_at columns
- Add fetchServerConfig to config.ts (fetches /admin/config endpoint)
- Call fetchServerConfig in +layout.svelte onMount for early client init
- Format long lines in admin dashboard page
- Add displayRollCost to ShopItem interface in stores
- ShopItemModal and shop page prefer server-provided displayRollCost
- Clean up as-any casts in ShopItemModal roll cost computation
- Admin shop: add perRollMultiplier to item type and EV simulation
- Remove unused modalEV derived (dead code, formEV used in template)
- Delete modal requires reason (min 3 chars) before sending DELETE
- Undo toast allows 30-second window to restore deleted order
- Admin user detail page: replace soft-delete + DELETE with single DELETE
call including reason payload
- Add lightweight DOM toast helper for status messages
- Archive order + related rows (refinery, rolls, penalties) into single
deleted_payload JSONB column matching migration 0014 schema
- Add runtime CREATE TABLE fallback for missing admin_deleted_orders
- Full restore handler restores order with original ID (OVERRIDING SYSTEM
VALUE) plus all related rows; remove duplicate simple restore handler
- Delete transaction refunds stock count for purchase/luck_win orders
- Add detailed error logging for diagnostics
- Add batch compute-roll-costs endpoint and per-roll multiplier support
- change DOLLARS_PER_HOUR from 5 to 4 across backend and frontend
- merge soft-delete/restore/permanent-delete into single DELETE endpoint
- refund scraps, restore inventory, reverse penalties, and delete order row in one step
- add console.log for admin order reverts with full context
- simplify admin orders UI to single revert button with confirmation modal
- New nullable roll_cost_override column on shop_items (migration 0011)
- calculateRollCost uses override if set, otherwise auto-calculates
- Admin UI: new 'roll cost override' input with auto placeholder + reset button
- EV simulation and item cards respect the override
- Frontend shop page + ShopItemModal use override for display and affordability
- Backend try-luck endpoint uses override from locked row
- calculatePricing now accepts optional priceOverride parameter
- When price is overridden, optimal pricing uses actual price for EV checks
- hasCustomPricing now also checks price mismatch
- calculateShopItemPricing now simulates all upgrade levels and bumps
baseUpgradeCost until expectedTotalCost >= price at every level
- Synced to shop-pricing.ts (computeItemPricing) and frontend calculatePricing
- All price points from $5-$800 verified safe (house edge 0.2-18%)
- Show detailed required/available scraps in insufficient funds errors
- ShopItemModal: check data.error/data.success instead of response.ok
(backend returns 200 for all responses including errors, so response.ok
was always true and errors were silently swallowed, closing the modal)
- Shop page + ShopItemModal: use baseProbability for roll cost display
(matching backend calculateRollCost which uses fixed base probability)
- Auth: anchor session cookie regex to prevent matching wrong cookies
- Auth: keep dev-mode reduced OAuth scopes
