docs: sync from backend 3955430 — db audit wave 2

This commit is contained in:
Siavash Sameni
2026-06-06 21:07:39 +04:00
parent 58c613af3a
commit dd23f013ad
2 changed files with 25 additions and 0 deletions

View File

@@ -11,6 +11,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`.
--- ---
### 2026-06-06 — backend@2abba67/3955430, frontend@698c4d7 — DB audit Wave 2 missing indexes
**Commits:** `2abba67` `3955430` `698c4d7`
**Touched:** backend `src/db/schema/fundsLedgerEntry.ts`, `src/db/schema/payment.ts`, `src/db/schema/purchaseRequest.ts`, `src/db/schema/sellerOffer.ts`, `src/db/migrations/0021_missing_indexes.sql`, `__tests__/db-audit-high-indexes.test.ts`, `scripts/smoke/db-audit-service-regressions.sh`, plus medium-batch query/index cleanup files from `2abba67`; frontend `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`
**Why:** Continue the 8-wave Critical/High plan. Wave 2 completes H39-H42 high missing indexes; the earlier `2abba67` backend push also landed medium query/index cleanup in v2.9.19.
**Verification:** backend `npm test -- --runTestsByPath __tests__/db-audit-high-indexes.test.ts --runInBand`, `BASE_URL=http://127.0.0.1:5001 scripts/smoke/db-audit-service-regressions.sh` (13 suites / 37 tests), `npm run typecheck`, `git diff --check`; frontend `git diff --check` for package bump. Pushed to Forgejo; `origin` remained unavailable and was intentionally skipped.
**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]]
---
### 2026-06-06 — backend@5ff0013, frontend@8434f32 — DB audit Wave 1 unbounded read caps ### 2026-06-06 — backend@5ff0013, frontend@8434f32 — DB audit Wave 1 unbounded read caps
**Commits:** `5ff0013` `8434f32` **Commits:** `5ff0013` `8434f32`

View File

@@ -36,6 +36,21 @@ updated: 2026-06-06
| Seller lookup: `findSellers` without input limit loaded all sellers → safe default cap while preserving explicit limits | `5ff0013` v2.9.18 | | Seller lookup: `findSellers` without input limit loaded all sellers → safe default cap while preserving explicit limits | `5ff0013` v2.9.18 |
| Active template seller list/detail: full seller/template table scans → capped list query and scoped single-seller detail query | `5ff0013` v2.9.18 | | Active template seller list/detail: full seller/template table scans → capped list query and scoped single-seller detail query | `5ff0013` v2.9.18 |
| SHKeeper migration report: loaded all SHKeeper payments → bounded sorted scan with explicit `maxRecords` cap | `5ff0013` v2.9.18 | | SHKeeper migration report: loaded all SHKeeper payments → bounded sorted scan with explicit `maxRecords` cap | `5ff0013` v2.9.18 |
| M2: `updatePurchaseRequestStatus` 3rd redundant read → reuse first `currentRequest` with status override | `2abba67` v2.9.19 |
| M5: `createOffer` fetched PR twice → cached first `requestForOffer` reused for notification path | `2abba67` v2.9.19 |
| M7: `createReviewRecord` sequential `resolveUserUuid``Promise.all` parallel | `2abba67` v2.9.19 |
| M8: `getUserPoints` sequential `findActiveLevelConfigByLevel` × 2 → `Promise.all` parallel | `2abba67` v2.9.19 |
| M6: `getRequestTemplateStats` 4 queries (3 in parallel) → 1 combined aggregate + 1 top-5 query | `2abba67` v2.9.19 |
| M11: `create()` / `normalizeUserFilter()` sequential `resolveUserUuid` calls → `Promise.all` parallel | `2abba67` v2.9.19 |
| H40/M31: Missing indexes on `payments` (provider, purchaseRequestId, provider+status, pr+status+created) → migration `0021_missing_indexes.sql` | `2abba67` v2.9.19 |
| M35: Missing partial index on `reviews.purchaseRequestId` → migration `0021_missing_indexes.sql` | `2abba67` v2.9.19 |
| M36: Missing index on `payment_quotes.expiresAt` → migration `0021_missing_indexes.sql` | `2abba67` v2.9.19 |
| M33: Missing index on `categories.parent_id` → added to `categoryStore.ts` SQL schema init | `2abba67` v2.9.19 |
| M27: Duplicate-detection in `createPurchaseRequest` in-JS `find()` over 20-row page → targeted `findRecentDuplicateRequest` SQL query | `2abba67` v2.9.19 |
| M28: `DrizzleChatRepo.count()` fetched all rows and used `.length` → single `SELECT COUNT(*)` using same SQL predicates as `findRows` | `2abba67` v2.9.19 |
| H39: `fundsLedgerEntries` missing composite indexes on `(paymentId,entryType)`, `(purchaseRequestId,entryType)`, `occurredAt` → migration `0021_missing_indexes.sql` | `2abba67` v2.9.19 |
| H41: `purchase_requests` missing composite index `(buyerId,status)`, `seller_offers` missing `(status,createdAt)` and `(sellerId,status)` → schema + migration `0021_missing_indexes.sql` | `3955430` v2.9.19 |
| H42: `seller_offers` missing partial index on `validUntil` for expiry sweeper queries → schema + migration `0021_missing_indexes.sql` | `3955430` v2.9.19 |
--- ---