diff --git a/09 - Audits/Activity Log.md b/09 - Audits/Activity Log.md index 92115fe..78c48bb 100644 --- a/09 - Audits/Activity Log.md +++ b/09 - Audits/Activity Log.md @@ -12,6 +12,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`. --- +### 2026-06-07 — backend@5364704, frontend@c34ab0a — DB audit money-flow transaction closeout H14/H15/H27/H29 + +**Commits:** `5364704` `c34ab0a` +**Touched:** backend `src/services/payment/paymentCoordinator.ts`, `src/services/payment/request-network/requestNetworkWebhook.ts`, `src/services/payment/paymentController.ts`, `src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts`, `__tests__/db-audit-money-flow-transactions.test.ts`, `__tests__/sec-022-rn-webhook-fail-closed.test.ts`, `scripts/smoke/db-audit-service-regressions.sh`, `package.json`, `package-lock.json`; frontend `Dockerfile`, `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md` +**Why:** Close High H14/H15/H27/H29 from the DB Query & Schema Audit. AML provider-fee ledger writes now happen inside the PG payment coordinator transaction. The legacy Request Network confirmation webhook routes through `PaymentCoordinator` instead of split payment/PR writes. Manual `verifyPayment` creates a non-terminal row and completes it through the coordinator. `updatePurchaseRequest` locks the purchase request and selected offer before changing `selectedOfferId`. +**Verification:** backend `npm run typecheck`, `npm test -- --runTestsByPath __tests__/db-audit-money-flow-transactions.test.ts __tests__/sec-022-rn-webhook-fail-closed.test.ts __tests__/payment-coordinator.test.ts --runInBand`, `scripts/smoke/db-audit-service-regressions.sh` (18 suites / 62 tests), scoped `git diff --check`; frontend scoped `git diff --check -- package.json Dockerfile`. Pushed to Forgejo. +**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]] + +--- + ### 2026-06-07 — backend@c39b14a — DB audit schema/precision batch M38/M40/M41 **Commits:** `c39b14a` diff --git a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md index 4a391f5..e30b844 100644 --- a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md +++ b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md @@ -77,6 +77,10 @@ updated: 2026-06-07 | H23: `DisputeService.resolveDispute` dispute update + releaseHold separate writes → one serializable transaction with transaction-bound dispute/release-hold repos | `8fc2309` v2.9.30 | | H28: dispute timeline/evidence read-modify-write arrays → atomic SQL JSONB append expressions | `8fc2309` v2.9.30 | | H37: disputes status/priority/category plain text → pgEnum columns plus data-normalizing migration | `8fc2309` v2.9.30 | +| H14: AML provider-fee ledger write outside payment transaction → in-transaction PG ledger insert with idempotency key | `5364704` v2.9.33 | +| H15: legacy Request Network confirmation webhook split payment/PR writes → confirmation routed through `PaymentCoordinator` | `5364704` v2.9.33 | +| H27: manual `verifyPayment` created completed row before propagation → create pending, then complete through `PaymentCoordinator` | `5364704` v2.9.33 | +| H29: `updatePurchaseRequest.selectedOfferId` unguarded update → serializable PR row lock plus selected-offer ownership lock | `5364704` v2.9.33 | --- @@ -306,7 +310,7 @@ When `global.io` is truthy, `getUserPointsSnapshot(referrer.id)` is called at li --- -### 14. AML ledger entry written outside the core-money transaction in paymentCoordinator +### 14. AML ledger entry written outside the core-money transaction in paymentCoordinator | **FIXED** `5364704` v2.9.33 > **Category:** Missing Transaction | **File:** `src/services/payment/paymentCoordinator.ts:303-308, 441-471` @@ -316,7 +320,7 @@ The AML fee ledger entry (lines 441-471) is written after `db.transaction()` com --- -### 15. request-network webhook does two writes (payment update + PR escrow-funded) without a transaction +### 15. request-network webhook does two writes (payment update + PR escrow-funded) without a transaction | **FIXED** `5364704` v2.9.33 > **Category:** Missing Transaction | **File:** `src/services/payment/request-network/requestNetworkWebhook.ts:103-130` @@ -436,7 +440,7 @@ The method reads the delivery code row at line 1377, checks `isUsed`/expired/cod --- -### 27. verifyPayment creates a payment record then propagates completion in separate non-atomic steps +### 27. verifyPayment creates a payment record then propagates completion in separate non-atomic steps | **FIXED** `5364704` v2.9.33 > **Category:** Missing Transaction | **File:** `src/services/payment/paymentController.ts:887-914` @@ -456,7 +460,7 @@ The method reads the delivery code row at line 1377, checks `isUsed`/expired/cod --- -### 29. updatePurchaseRequest does not lock the row before updating selectedOfferId — double-accept race +### 29. updatePurchaseRequest does not lock the row before updating selectedOfferId — double-accept race | **FIXED** `5364704` v2.9.33 > **Category:** Missing Transaction | **File:** `src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts:1147-1168`