From b651753125dd146f7b09f5d7da83809656b94764 Mon Sep 17 00:00:00 2001 From: Siavash Sameni Date: Sun, 7 Jun 2026 06:13:30 +0400 Subject: [PATCH] =?UTF-8?q?docs:=20sync=20from=20backend=20fcee958=20?= =?UTF-8?q?=E2=80=94=20db=20audit=20m16?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 09 - Audits/Activity Log.md | 10 ++++++++++ 09 - Audits/DB Query & Schema Audit - 2026-06-06.md | 1 + 2 files changed, 11 insertions(+) diff --git a/09 - Audits/Activity Log.md b/09 - Audits/Activity Log.md index be0c3a3..15ef326 100644 --- a/09 - Audits/Activity Log.md +++ b/09 - Audits/Activity Log.md @@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`. --- +### 2026-06-07 — backend@fcee958, frontend@d600fca — DB audit M16 deleted-email release atomicity + +**Commits:** `fcee958` `d600fca` +**Touched:** backend `src/services/auth/authStore.ts`, `__tests__/auth-store-pg-query.test.ts`, `scripts/smoke/db-audit-service-regressions.sh`, `package.json`, `package-lock.json`; frontend `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md` +**Why:** Continue the next audit round after confirming M2 (`2abba67`) and M3 (`61aa42a`) were already correctly integrated and pushed. M16 closes the soft-deleted email release race by replacing the read-then-write flow with one conditional `UPDATE users ... WHERE email/status ... RETURNING` statement. +**Verification:** backend `npm test -- --runTestsByPath __tests__/auth-store-pg-query.test.ts --runInBand`, `BASE_URL=http://127.0.0.1:5001 scripts/smoke/db-audit-service-regressions.sh` (15 suites / 53 tests), `npm run typecheck`, `git diff --check`; frontend `git diff --check package.json`. Forgejo was current before the commits and both code commits were pushed; direct `dev` SSH remote had timed out earlier and `origin` remained intentionally skipped. +**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]] + +--- + ### 2026-06-07 — backend@2c5e80d, frontend@1f8fdc9 — DB audit Waves 5-6 chat create and points transaction enforcement **Commits:** `2c5e80d` `1f8fdc9` diff --git a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md index 1c978c5..23fab1c 100644 --- a/09 - Audits/DB Query & Schema Audit - 2026-06-06.md +++ b/09 - Audits/DB Query & Schema Audit - 2026-06-06.md @@ -68,6 +68,7 @@ updated: 2026-06-06 | H24: `verifyAndMarkDeliveryCodeUsed` read-check-then-write race → one conditional `UPDATE ... RETURNING` decides delivery-code consumption, with post-miss read only for failure reason | `f22794a` / `51ca048` v2.9.21 | | H13: `DrizzleChatRepo.create` insert-then-update welcome message → build initial system message, lastMessage, and unread counts in the INSERT payload | `2c5e80d` v2.9.24 | | H25: `updatePoints` + `createPointTransaction` could run outside one transaction → runtime guard requires a transaction-bound repo or explicit tx for both money writes | `2c5e80d` v2.9.24 | +| M16: `releaseDeletedUserEmail` read-then-write release race → one conditional `UPDATE ... WHERE email/status ... RETURNING` atomically releases deleted-user emails | `fcee958` v2.9.25 | ---