[codex] fix oauth callback host and harden sql migration replay

[Abdulmuiz44]

Summary

This PR fixes production Google OAuth callback host resolution and hardens SQL migration replay so remote Supabase execution can be re-run safely using CLI credentials from .env.local.

It also carries the phase-3 market bias slice that was implemented in the same working stream (API, service, types, migration, and dashboard integration).

User-impacting fix: Google OAuth callback host

Users were still being redirected through http://localhost:3000/api/auth/callback/google during "Continue with Google" in environments where stale/malformed host env values leaked into runtime behavior.

Root cause

• NextAuth route handling could still inherit host/base-url state that pointed at localhost.
• Existing fallback sanitation in authOptions handled malformed URL strings, but did not force request-derived host resolution at the API route boundary.

Fix

• Updated app/api/auth/[...nextauth]/route.ts to derive and set NEXTAUTH_URL per request from x-forwarded-host / host and protocol headers.
• Added production safety fallback to https://tradiaai.app whenever request host is missing or localhost-like.
• Kept existing safe redirect normalization in src/lib/authOptions.ts.

This ensures callback URLs are generated from the actual deployed host in production, not localhost.

SQL replay hardening and Supabase push work

The user requested pushing all SQL with SUPABASE_ACCESS_TOKEN + SUPABASE_DB_PASSWORD from .env.local.

What was done

• Linked Supabase CLI project using those credentials.
• Executed migrations against linked remote DB via CLI.
• Iteratively patched failing scripts to be replay-safe/idempotent:
  • guarded duplicate policy/trigger/constraint creation
  • fixed constraint ordering for FK re-add
  • made seed migration resilient to schema/user-id mismatches
  • replaced destructive "drop/recreate trades" migration behavior with non-destructive compatibility updates
  • added missing-table guards in RLS/fix scripts
  • patched MT5 add/remove scripts for missing-object replay safety

Representative files hardened

• database/migrations/002_create_user_feedback_table.sql
• database/migrations/003_fix_column_names.sql
• database/migrations/004_enable_rls.sql
• database/migrations/005_fix_foreign_key.sql
• database/migrations/006_fix_rls.sql
• database/migrations/007_complete_setup.sql
• database/migrations/008_final_rls_fix.sql
• database/migrations/2025-01-15_add_lemonsqueezy_support.sql
• database/migrations/2026-04-09_add_pre_trade_brief_review_fields.sql
• database/migrations/create_trading_accounts.sql
• database/migrations/create_user_profiles.sql
• database/migrations/enhance_trading_accounts.sql
• database/migrations/seed_sample_analytics.sql
• migrations/002_remove_mt5_integration.sql
• migrations/006_add_mt5_tables.sql

Phase-3 market bias implementation included

• New migration:
  • database/migrations/2026-04-18_create_market_bias_reports.sql
• New API:
  • app/api/market-bias/route.ts
• New service and types:
  • src/lib/forex/marketBiasService.ts
  • src/types/marketBias.ts
• Dashboard integration:
  • app/dashboard/pre-trade-brief/page.tsx
• Pre-trade API/list filtering improvements:
  • app/api/pre-trade-brief/route.ts

Validation

• npm run type-check passes.
• Supabase linked query path verified with .env.local credentials.
• Replay-safe migration execution improved substantially and blockers were patched directly in migration files.

Notes

This PR intentionally keeps all fixes in one branch because the user requested the OAuth fix first, then phase continuation, plus SQL push hardening in the same workflow.

[netlify]

✅ Deploy Preview for tradiaai ready!

Name	Link
🔨 Latest commit	a9513f0
🔍 Latest deploy log	https://app.netlify.com/projects/tradiaai/deploys/69e7e93b35a7bd00082dd3f3
😎 Deploy Preview	https://deploy-preview-15--tradiaai.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.