docs: sync from backend 5364704 — money-flow transaction audit closeout

This commit is contained in:
Siavash Sameni
2026-06-07 07:43:21 +04:00
parent 0b78ad2e74
commit 4ba2a556f7
2 changed files with 18 additions and 4 deletions

View File

@@ -12,6 +12,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`.
---
### 2026-06-07 — backend@5364704, frontend@c34ab0a — DB audit money-flow transaction closeout H14/H15/H27/H29
**Commits:** `5364704` `c34ab0a`
**Touched:** backend `src/services/payment/paymentCoordinator.ts`, `src/services/payment/request-network/requestNetworkWebhook.ts`, `src/services/payment/paymentController.ts`, `src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts`, `__tests__/db-audit-money-flow-transactions.test.ts`, `__tests__/sec-022-rn-webhook-fail-closed.test.ts`, `scripts/smoke/db-audit-service-regressions.sh`, `package.json`, `package-lock.json`; frontend `Dockerfile`, `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md`
**Why:** Close High H14/H15/H27/H29 from the DB Query & Schema Audit. AML provider-fee ledger writes now happen inside the PG payment coordinator transaction. The legacy Request Network confirmation webhook routes through `PaymentCoordinator` instead of split payment/PR writes. Manual `verifyPayment` creates a non-terminal row and completes it through the coordinator. `updatePurchaseRequest` locks the purchase request and selected offer before changing `selectedOfferId`.
**Verification:** backend `npm run typecheck`, `npm test -- --runTestsByPath __tests__/db-audit-money-flow-transactions.test.ts __tests__/sec-022-rn-webhook-fail-closed.test.ts __tests__/payment-coordinator.test.ts --runInBand`, `scripts/smoke/db-audit-service-regressions.sh` (18 suites / 62 tests), scoped `git diff --check`; frontend scoped `git diff --check -- package.json Dockerfile`. Pushed to Forgejo.
**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]]
---
### 2026-06-07 — backend@c39b14a — DB audit schema/precision batch M38/M40/M41
**Commits:** `c39b14a`

View File

@@ -77,6 +77,10 @@ updated: 2026-06-07
| H23: `DisputeService.resolveDispute` dispute update + releaseHold separate writes → one serializable transaction with transaction-bound dispute/release-hold repos | `8fc2309` v2.9.30 |
| H28: dispute timeline/evidence read-modify-write arrays → atomic SQL JSONB append expressions | `8fc2309` v2.9.30 |
| H37: disputes status/priority/category plain text → pgEnum columns plus data-normalizing migration | `8fc2309` v2.9.30 |
| H14: AML provider-fee ledger write outside payment transaction → in-transaction PG ledger insert with idempotency key | `5364704` v2.9.33 |
| H15: legacy Request Network confirmation webhook split payment/PR writes → confirmation routed through `PaymentCoordinator` | `5364704` v2.9.33 |
| H27: manual `verifyPayment` created completed row before propagation → create pending, then complete through `PaymentCoordinator` | `5364704` v2.9.33 |
| H29: `updatePurchaseRequest.selectedOfferId` unguarded update → serializable PR row lock plus selected-offer ownership lock | `5364704` v2.9.33 |
---
@@ -306,7 +310,7 @@ When `global.io` is truthy, `getUserPointsSnapshot(referrer.id)` is called at li
---
### 14. AML ledger entry written outside the core-money transaction in paymentCoordinator
### 14. AML ledger entry written outside the core-money transaction in paymentCoordinator | **FIXED** `5364704` v2.9.33
> **Category:** Missing Transaction | **File:** `src/services/payment/paymentCoordinator.ts:303-308, 441-471`
@@ -316,7 +320,7 @@ The AML fee ledger entry (lines 441-471) is written after `db.transaction()` com
---
### 15. request-network webhook does two writes (payment update + PR escrow-funded) without a transaction
### 15. request-network webhook does two writes (payment update + PR escrow-funded) without a transaction | **FIXED** `5364704` v2.9.33
> **Category:** Missing Transaction | **File:** `src/services/payment/request-network/requestNetworkWebhook.ts:103-130`
@@ -436,7 +440,7 @@ The method reads the delivery code row at line 1377, checks `isUsed`/expired/cod
---
### 27. verifyPayment creates a payment record then propagates completion in separate non-atomic steps
### 27. verifyPayment creates a payment record then propagates completion in separate non-atomic steps | **FIXED** `5364704` v2.9.33
> **Category:** Missing Transaction | **File:** `src/services/payment/paymentController.ts:887-914`
@@ -456,7 +460,7 @@ The method reads the delivery code row at line 1377, checks `isUsed`/expired/cod
---
### 29. updatePurchaseRequest does not lock the row before updating selectedOfferId — double-accept race
### 29. updatePurchaseRequest does not lock the row before updating selectedOfferId — double-accept race | **FIXED** `5364704` v2.9.33
> **Category:** Missing Transaction | **File:** `src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts:1147-1168`