docs: sync from backend fcee958 — db audit m16

This commit is contained in:
Siavash Sameni
2026-06-07 06:13:30 +04:00
parent 822cc4e1d5
commit b651753125
2 changed files with 11 additions and 0 deletions

View File

@@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`.
---
### 2026-06-07 — backend@fcee958, frontend@d600fca — DB audit M16 deleted-email release atomicity
**Commits:** `fcee958` `d600fca`
**Touched:** backend `src/services/auth/authStore.ts`, `__tests__/auth-store-pg-query.test.ts`, `scripts/smoke/db-audit-service-regressions.sh`, `package.json`, `package-lock.json`; frontend `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md`
**Why:** Continue the next audit round after confirming M2 (`2abba67`) and M3 (`61aa42a`) were already correctly integrated and pushed. M16 closes the soft-deleted email release race by replacing the read-then-write flow with one conditional `UPDATE users ... WHERE email/status ... RETURNING` statement.
**Verification:** backend `npm test -- --runTestsByPath __tests__/auth-store-pg-query.test.ts --runInBand`, `BASE_URL=http://127.0.0.1:5001 scripts/smoke/db-audit-service-regressions.sh` (15 suites / 53 tests), `npm run typecheck`, `git diff --check`; frontend `git diff --check package.json`. Forgejo was current before the commits and both code commits were pushed; direct `dev` SSH remote had timed out earlier and `origin` remained intentionally skipped.
**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]]
---
### 2026-06-07 — backend@2c5e80d, frontend@1f8fdc9 — DB audit Waves 5-6 chat create and points transaction enforcement
**Commits:** `2c5e80d` `1f8fdc9`

View File

@@ -68,6 +68,7 @@ updated: 2026-06-06
| H24: `verifyAndMarkDeliveryCodeUsed` read-check-then-write race → one conditional `UPDATE ... RETURNING` decides delivery-code consumption, with post-miss read only for failure reason | `f22794a` / `51ca048` v2.9.21 |
| H13: `DrizzleChatRepo.create` insert-then-update welcome message → build initial system message, lastMessage, and unread counts in the INSERT payload | `2c5e80d` v2.9.24 |
| H25: `updatePoints` + `createPointTransaction` could run outside one transaction → runtime guard requires a transaction-bound repo or explicit tx for both money writes | `2c5e80d` v2.9.24 |
| M16: `releaseDeletedUserEmail` read-then-write release race → one conditional `UPDATE ... WHERE email/status ... RETURNING` atomically releases deleted-user emails | `fcee958` v2.9.25 |
---