docs: sync from backend fcee958 — db audit m16
This commit is contained in:
@@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`.
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
### 2026-06-07 — backend@fcee958, frontend@d600fca — DB audit M16 deleted-email release atomicity
|
||||||
|
|
||||||
|
**Commits:** `fcee958` `d600fca`
|
||||||
|
**Touched:** backend `src/services/auth/authStore.ts`, `__tests__/auth-store-pg-query.test.ts`, `scripts/smoke/db-audit-service-regressions.sh`, `package.json`, `package-lock.json`; frontend `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md`
|
||||||
|
**Why:** Continue the next audit round after confirming M2 (`2abba67`) and M3 (`61aa42a`) were already correctly integrated and pushed. M16 closes the soft-deleted email release race by replacing the read-then-write flow with one conditional `UPDATE users ... WHERE email/status ... RETURNING` statement.
|
||||||
|
**Verification:** backend `npm test -- --runTestsByPath __tests__/auth-store-pg-query.test.ts --runInBand`, `BASE_URL=http://127.0.0.1:5001 scripts/smoke/db-audit-service-regressions.sh` (15 suites / 53 tests), `npm run typecheck`, `git diff --check`; frontend `git diff --check package.json`. Forgejo was current before the commits and both code commits were pushed; direct `dev` SSH remote had timed out earlier and `origin` remained intentionally skipped.
|
||||||
|
**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]]
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
### 2026-06-07 — backend@2c5e80d, frontend@1f8fdc9 — DB audit Waves 5-6 chat create and points transaction enforcement
|
### 2026-06-07 — backend@2c5e80d, frontend@1f8fdc9 — DB audit Waves 5-6 chat create and points transaction enforcement
|
||||||
|
|
||||||
**Commits:** `2c5e80d` `1f8fdc9`
|
**Commits:** `2c5e80d` `1f8fdc9`
|
||||||
|
|||||||
@@ -68,6 +68,7 @@ updated: 2026-06-06
|
|||||||
| H24: `verifyAndMarkDeliveryCodeUsed` read-check-then-write race → one conditional `UPDATE ... RETURNING` decides delivery-code consumption, with post-miss read only for failure reason | `f22794a` / `51ca048` v2.9.21 |
|
| H24: `verifyAndMarkDeliveryCodeUsed` read-check-then-write race → one conditional `UPDATE ... RETURNING` decides delivery-code consumption, with post-miss read only for failure reason | `f22794a` / `51ca048` v2.9.21 |
|
||||||
| H13: `DrizzleChatRepo.create` insert-then-update welcome message → build initial system message, lastMessage, and unread counts in the INSERT payload | `2c5e80d` v2.9.24 |
|
| H13: `DrizzleChatRepo.create` insert-then-update welcome message → build initial system message, lastMessage, and unread counts in the INSERT payload | `2c5e80d` v2.9.24 |
|
||||||
| H25: `updatePoints` + `createPointTransaction` could run outside one transaction → runtime guard requires a transaction-bound repo or explicit tx for both money writes | `2c5e80d` v2.9.24 |
|
| H25: `updatePoints` + `createPointTransaction` could run outside one transaction → runtime guard requires a transaction-bound repo or explicit tx for both money writes | `2c5e80d` v2.9.24 |
|
||||||
|
| M16: `releaseDeletedUserEmail` read-then-write release race → one conditional `UPDATE ... WHERE email/status ... RETURNING` atomically releases deleted-user emails | `fcee958` v2.9.25 |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user