From b462623f78bb7f069298619b0c66407473601864 Mon Sep 17 00:00:00 2001 From: moojttaba Date: Fri, 5 Jun 2026 12:14:19 +0330 Subject: [PATCH] =?UTF-8?q?Activity=20Log:=20backend=20v2.8.91=20=E2=80=94?= =?UTF-8?q?=20complete=20SEC-007=20non-vital=20pool=20routing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.8 (1M context) --- 09 - Audits/Activity Log.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/09 - Audits/Activity Log.md b/09 - Audits/Activity Log.md index dfc9dcb..76e7339 100644 --- a/09 - Audits/Activity Log.md +++ b/09 - Audits/Activity Log.md @@ -11,6 +11,15 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`. --- +### 2026-06-05 — backend@v2.8.91 — Complete SEC-007: route non-vital tables to the non-vital pool (fix 500s) + +**Commits:** backend v2.8.91 +**Touched:** `services/marketplace/categoryStore.ts`, `db/repositories/drizzle/DrizzleMarketplaceRepo.ts` (request_templates/categories/shop_settings/reviews queries), `DrizzleNotificationRepo.ts`, `DrizzleChatRepo.ts`, `DrizzleBlogRepo.ts`, `DrizzlePointsRepo.ts` +**Why:** SEC-007 (migration 0018) split the DB into `escrow_vital_user` (purchase_requests, payments, users, …) and `escrow_nonvital_user` (categories, request_templates, notifications, reviews, point_transactions, chats, blog_posts, shop_settings, level_configs). The migration was applied to the dev DB but the **code was never switched to the non-vital pool** for those tables — so the vital role hit `permission denied for table categories` (confirmed in logs) and **categories, request-templates, shop sellers, and notifications all 500'd for every user**. Routed each non-vital store/repo to `getNonvitalPostgresPool()` / `nonvitalDb` / `nonvitalPool`. In the mixed `DrizzleMarketplaceRepo`, only the `request_templates`/`categories`/`shop_settings`/`reviews` queries (incl. the legacy-id resolvers and the seller-ratings raw query) moved to the non-vital handle; `purchase_requests`/`seller_offers`/`payments`/`delivery_*` stay on the vital handle. `level_configs`/`shop_settings` stores were already on the non-vital pool. +**Verification:** backend `npx tsc --noEmit` clean. After deploy: `GET /marketplace/categories`, `/request-templates`, `/request-templates/sellers`, and `/notifications` return 200 instead of 500; template create/update works. Reviewed every remaining vital-`db` importer (disputes/payments/trezor/derived-destinations/user) — all are vital tables, correctly left on the vital pool. NOTE: the SEC-007 SQL (0018/0019) is NOT in the drizzle journal (stops at 0017) — it was applied out-of-band, so this code-side completion is the reliable fix (no new migration depends on an unknown runner). + +--- + ### 2026-06-05 — backend@v2.8.90 — Login failed-attempt lockout now OFF by default (env-gated) **Commits:** backend v2.8.90