diff --git a/09 - Audits/Activity Log.md b/09 - Audits/Activity Log.md index d2cf5ed..76f3596 100644 --- a/09 - Audits/Activity Log.md +++ b/09 - Audits/Activity Log.md @@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`. --- +### 2026-06-06 — backend@5ff0013, frontend@8434f32 — DB audit Wave 1 unbounded read caps + +**Commits:** `5ff0013` `8434f32` +**Touched:** backend `src/db/repositories/drizzle/DrizzlePaymentRepo.ts`, `src/db/repositories/drizzle/DrizzleUserRepo.ts`, `src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts`, `src/services/payment/paymentController.ts`, `src/services/payment/migration/reportService.ts`, focused Jest tests, `scripts/smoke/db-audit-service-regressions.sh`, version files; frontend `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md` +**Why:** Start the remaining Critical/High work in 8 waves. Wave 1 caps unbounded export/report/seller/template reads: payment export, seller discovery, active-template seller list/detail, and SHKeeper migration reporting. +**Verification:** backend `BASE_URL=http://127.0.0.1:5001 scripts/smoke/db-audit-service-regressions.sh` (12 suites / 35 tests), `npm run typecheck`, `git diff --check`; frontend `git diff --check` for package bump. Pushed to Forgejo; `origin` remained unavailable and was intentionally skipped. +**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]] + +--- + ### 2026-06-06 — backend@0835be9, frontend@f05b056 — DB audit marketplace batching batch **Commits:** `0835be9` `f05b056` diff --git a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md index 7f9f22b..e8b5d5e 100644 --- a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md +++ b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md @@ -32,6 +32,10 @@ updated: 2026-06-06 | Seller template list: per-template seller/category lookups → batched seller/category page lookups | `0835be9` v2.9.17 | | Payment coordinator rejected-seller notifications: per-seller notification loop → one `createNotificationsBulk` call | `0835be9` v2.9.17 | | Category path lookup: one query per ancestor level → one recursive CTE returning root-to-leaf path | `0835be9` v2.9.17 | +| Payment export: `listForExport` fetched all matching payments → bounded export query with default/max limits | `5ff0013` v2.9.18 | +| Seller lookup: `findSellers` without input limit loaded all sellers → safe default cap while preserving explicit limits | `5ff0013` v2.9.18 | +| Active template seller list/detail: full seller/template table scans → capped list query and scoped single-seller detail query | `5ff0013` v2.9.18 | +| SHKeeper migration report: loaded all SHKeeper payments → bounded sorted scan with explicit `maxRecords` cap | `5ff0013` v2.9.18 | ---