diff --git a/09 - Audits/Activity Log.md b/09 - Audits/Activity Log.md index 724abe7..29915b3 100644 --- a/09 - Audits/Activity Log.md +++ b/09 - Audits/Activity Log.md @@ -12,6 +12,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`. --- +### 2026-06-07 — backend@5d7d2af, frontend@ade7352 — DB audit H10 sweep balance probe parallelism + +**Commits:** `5d7d2af` `ade7352` +**Touched:** backend `src/services/payment/wallets/sweepService.ts`, `__tests__/sweep-service.test.ts`, `package.json`, `package-lock.json`; frontend `Dockerfile`, `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md` +**Why:** Close High H10 from the DB Query & Schema Audit. Derived-destination sweeps now fan out ERC-20 token balance probes with bounded concurrency before preserving sequential sweep/broadcast/mark-success handling, reducing large sweep runs from one RPC round-trip per destination in series to a tunable parallel probe phase. +**Verification:** backend `npm test -- --runTestsByPath __tests__/sweep-service.test.ts --runInBand` (31 tests), `npm run typecheck`, `scripts/smoke/db-audit-service-regressions.sh` (18 suites / 73 tests), backend/frontend scoped `git diff --check`; frontend/backend version metadata confirmed at v2.9.36. Pushed to Forgejo. +**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]] + +--- + ### 2026-06-07 — backend@8835068, frontend@73d1407 — DB audit C2 chat query bounds closeout **Commits:** `8835068` `73d1407` diff --git a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md index 8ffb81a..6979292 100644 --- a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md +++ b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md @@ -85,6 +85,7 @@ updated: 2026-06-07 | M14: PG payment completion follow-up assumed DB idempotency → explicit `notifyOnly` path skips all DB writes | `c3ad979` v2.9.34 | | M17: profile email verification pending-email race → single conditional SQL `UPDATE` with conflict outcome handling | `c3ad979` v2.9.34 | | C2/M26: `DrizzleChatRepo.findRows` unbounded chat fetch + JS pagination → bounded row scans, SQL pagination for SQL-pushable predicates, `findOne` `LIMIT 1`/id fast path, type pushdown, and archived-chat index | `8835068` v2.9.35 | +| H10: `sweepDerivedDestinations` sequential token-balance RPC probes → bounded parallel balance probe phase before sequential sweep/broadcast handling | `5d7d2af` v2.9.36 | --- @@ -274,13 +275,13 @@ The method issues 4 `COUNT(*)` calls filtered by individual status values (total --- -### 10. sweepDerivedDestinations issues one sequential RPC balance query per destination +### 10. sweepDerivedDestinations issues one sequential RPC balance query per destination | **FIXED** `5d7d2af` v2.9.36 > **Category:** N+1 Query | **File:** `src/services/payment/wallets/sweepService.ts:642-748` The `for (const dest of destinations)` loop awaits `queryTokenBalance` (an external RPC HTTP call) for every destination one at a time. With 50+ derived destinations this is 50+ sequential RPC round-trips. The optional `sweepNative` path adds another RPC call per destination. -**Fix:** Fan out the balance queries in parallel using `Promise.all` with a concurrency limit (e.g. `p-limit(10)`) before deciding which addresses need sweeping. Sequentialise only the broadcast step to avoid nonce collisions. +**Fix:** `5d7d2af` splits `sweepDerivedDestinations()` into a bounded parallel ERC-20 balance-probe phase and the existing sequential sweep/broadcast/record phase. Balance probes default to concurrency 10, can be tuned with `DERIVED_DESTINATION_SWEEP_BALANCE_CONCURRENCY` or `balanceQueryConcurrency`, and are clamped at 50 to avoid RPC stampedes. The regression test holds mocked RPC calls open and verifies that only the configured number run at once. ---