diff --git a/09 - Audits/Activity Log.md b/09 - Audits/Activity Log.md index 04d83aa..d8082e2 100644 --- a/09 - Audits/Activity Log.md +++ b/09 - Audits/Activity Log.md @@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`. --- +### 2026-06-06 — backend@f22794a/51ca048, frontend@4a86dc7 — DB audit Wave 4 delivery-code atomicity + +**Commits:** `f22794a` `51ca048` `4a86dc7` +**Touched:** backend `src/db/repositories/drizzle/DrizzleMarketplaceRepo.ts`, `__tests__/drizzle-marketplace-repo-batch.test.ts`, `package.json`, `package-lock.json`; frontend `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md` +**Why:** Continue the 8-wave Critical/High plan. Wave 4 closes H24 by making delivery-code verification a single conditional database update that consumes the code only when it is still unused, unexpired, and matches the submitted code; result rows are returned directly and a bounded read is used only after update misses to explain failure. +**Verification:** backend `npm test -- --runTestsByPath __tests__/drizzle-marketplace-repo-batch.test.ts --runInBand`, `BASE_URL=http://127.0.0.1:5001 scripts/smoke/db-audit-service-regressions.sh` (14 suites / 40 tests), `npm run typecheck`, `git diff --check`; frontend `git diff --check` for package bump. Pushed to Forgejo; `origin` remained unavailable and was intentionally skipped. +**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]] + +--- + ### 2026-06-06 — backend@61aa42a/885745e, frontend@c9e9ccf — DB audit Wave 3 points/referral consistency **Commits:** `61aa42a` `885745e` `c9e9ccf` diff --git a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md index c348d75..d1fc9a9 100644 --- a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md +++ b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md @@ -65,6 +65,7 @@ updated: 2026-06-06 | H11: `processReferralReward` duplicate referrer snapshot reads → reuse atomic reward result for socket payload and return value | `885745e` v2.9.20 | | H12: `updateReferralStats` count/update outside a transaction → serializable row-lock transaction | `885745e` v2.9.20 | | H26: `processReferralReward` independent points + referralStats writes → one idempotent `grantReferralReward` transaction for points, referralStats, and ledger row | `885745e` v2.9.20 | +| H24: `verifyAndMarkDeliveryCodeUsed` read-check-then-write race → one conditional `UPDATE ... RETURNING` decides delivery-code consumption, with post-miss read only for failure reason | `f22794a` / `51ca048` v2.9.21 | ---