Connection & Auth Fixes

Database Connection Fix

• Fixed search_path assignment on pool connections — a tagged template literal was silently failing to set the schema search path on new database connections, meaning queries could miss the accounting schema entirely. Existed since the file was written but was masked by routes that set search_path on their own client connections.
• Fixed console.warn slow query logging — same tagged template issue prevented slow query warnings from appearing in logs.

API Key Authentication Fix

• Fixed RLS policy blocking API key lookup — the authentication middleware needs to read the api_keys table before it knows which organisation the request belongs to. Row Level Security was requiring an organisation context that doesn’t exist yet at that point. Updated the SELECT policy to allow key lookup when no tenant context is set, while continuing to enforce tenant isolation for all other queries.

Invoice Form Fix

• Customer dropdown no longer shows “Loading…” indefinitely — the contacts query filters by type, and no customer contacts existed after the v4.0.0 data migration. Resolved by correcting test data. A follow-up improvement to show “No customers found” instead of “Loading…” when zero results are returned is planned.