docs: sync from backend b743b5e — dispute relation fks

This commit is contained in:
Siavash Sameni
2026-06-07 06:57:29 +04:00
parent 5352fa1b08
commit 311e44aac2
2 changed files with 12 additions and 1 deletions

View File

@@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`.
--- ---
### 2026-06-07 — backend@b743b5e, frontend@f1e5f3a — DB audit C7 dispute relation FKs
**Commits:** `b743b5e` `f1e5f3a`
**Touched:** backend `src/db/schema/dispute.ts`, `src/db/migrations/0024_disputes_uuid_fks.sql`, `src/db/repositories/drizzle/DrizzleDisputeRepo.ts`, `__tests__/db-audit-critical-fks.test.ts`, `package.json`, `package-lock.json`; frontend `Dockerfile`, `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md`
**Why:** Close Critical C7 from the DB Query & Schema Audit by converting dispute purchase-request/user relationship columns from loose text IDs to UUID FKs while keeping legacy Mongo ObjectId callers working through repo-level resolution and legacy display mapping.
**Verification:** backend `npm test -- --runTestsByPath __tests__/db-audit-critical-fks.test.ts --runInBand`, `scripts/smoke/db-audit-service-regressions.sh` (16 suites / 55 tests), `npm run typecheck`, scoped `git diff --check`; frontend scoped `git diff --check -- Dockerfile package.json`. Pushed to Forgejo; `origin` skipped.
**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]]
---
### 2026-06-07 — frontend@607587c, backend@189b0ab — frontend Docker Yarn install hardening ### 2026-06-07 — frontend@607587c, backend@189b0ab — frontend Docker Yarn install hardening
**Commits:** `607587c` `189b0ab` **Commits:** `607587c` `189b0ab`

View File

@@ -70,6 +70,7 @@ updated: 2026-06-06
| H25: `updatePoints` + `createPointTransaction` could run outside one transaction → runtime guard requires a transaction-bound repo or explicit tx for both money writes | `2c5e80d` v2.9.24 | | H25: `updatePoints` + `createPointTransaction` could run outside one transaction → runtime guard requires a transaction-bound repo or explicit tx for both money writes | `2c5e80d` v2.9.24 |
| M16: `releaseDeletedUserEmail` read-then-write release race → one conditional `UPDATE ... WHERE email/status ... RETURNING` atomically releases deleted-user emails | `fcee958` v2.9.25 | | M16: `releaseDeletedUserEmail` read-then-write release race → one conditional `UPDATE ... WHERE email/status ... RETURNING` atomically releases deleted-user emails | `fcee958` v2.9.25 |
| C6: `notifications.user_id` text recipient key → UUID FK to `users(id)` with legacy/UUID repo resolution and migration backfill | `38d0e76` v2.9.26 | | C6: `notifications.user_id` text recipient key → UUID FK to `users(id)` with legacy/UUID repo resolution and migration backfill | `38d0e76` v2.9.26 |
| C7: `disputes` purchase-request/user relationship columns text → UUID FKs with legacy/UUID repo resolution and migration backfill | `b743b5e` v2.9.28 |
--- ---
@@ -149,7 +150,7 @@ After fetching one page of `purchase_requests` rows, the method wraps every row
### 7. disputes FK columns (purchaseRequestId, buyerId, sellerId, adminId) stored as text instead of uuid ### 7. disputes FK columns (purchaseRequestId, buyerId, sellerId, adminId) stored as text instead of uuid
> **Category:** Wrong Schema | **File:** `src/db/schema/dispute.ts:83-86` > **Category:** Wrong Schema | **File:** `src/db/schema/dispute.ts:83-86` | **FIXED** `b743b5e` v2.9.28
All four entity-reference columns on the disputes table are `text`, bypassing UUID type safety, FK integrity, and efficient indexed equality matching. A dispute can reference a deleted purchase request or user without any database-level error. The schema comment at line 8 acknowledges this as intentional during cutover, but there is no migration plan or deadline to fix it. All four entity-reference columns on the disputes table are `text`, bypassing UUID type safety, FK integrity, and efficient indexed equality matching. A dispute can reference a deleted purchase request or user without any database-level error. The schema comment at line 8 acknowledges this as intentional during cutover, but there is no migration plan or deadline to fix it.