mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

fix(#196): fix race condition in job status updates

Browse Source 
Implemented optimistic locking with version field and SELECT FOR UPDATE
transactions to prevent data corruption from concurrent job status updates.

Changes:
- Added version field to RunnerJob schema for optimistic locking
- Created migration 20260202_add_runner_job_version_for_concurrency
- Implemented ConcurrentUpdateException for conflict detection
- Updated RunnerJobsService methods with optimistic locking:
  * updateStatus() - with version checking and retry logic
  * updateProgress() - with version checking and retry logic
  * cancel() - with version checking and retry logic
- Updated CoordinatorIntegrationService with SELECT FOR UPDATE:
  * updateJobStatus() - transaction with row locking
  * completeJob() - transaction with row locking
  * failJob() - transaction with row locking
  * updateJobProgress() - optimistic locking
- Added retry mechanism (3 attempts) with exponential backoff
- Added comprehensive concurrency tests (10 tests, all passing)
- Updated existing test mocks to support updateMany

Test Results:
- All 10 concurrency tests passing ✓
- Tests cover concurrent status updates, progress updates, completions,
  cancellations, retry logic, and exponential backoff

This fix prevents race conditions that could cause:
- Lost job results (double completion)
- Lost progress updates
- Invalid status transitions
- Data corruption under concurrent access

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-02 12:51:17 -06:00
parent a3b48dd631
commit ef25167c24
251 changed files with 7045 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docs/scratchpads/186-add-dto-validation.md
View File

@@ -1,10 +1,13 @@
# Issue #186: Add Comprehensive Input Validation to Webhook and Job DTOs
## Objective
Add comprehensive input validation to all webhook and job DTOs to prevent injection attacks and data corruption. This is a P1 SECURITY issue.
## Security Context
Input validation is the first line of defense against:
- SQL injection attacks
- XSS attacks
- Command injection
@@ -13,6 +16,7 @@ Input validation is the first line of defense against:
- Buffer overflow attacks
## Approach
1. **Discovery Phase**: Identify all webhook and job DTOs lacking validation
2. **Test Phase (RED)**: Write failing tests for validation rules
3. **Implementation Phase (GREEN)**: Add class-validator decorators
@@ -22,31 +26,38 @@ Input validation is the first line of defense against:
## DTOs to Validate
### Coordinator Integration DTOs
- [ ] apps/api/src/coordinator-integration/dto/
### Stitcher DTOs
- [ ] apps/api/src/stitcher/dto/
### Job DTOs
- [ ] apps/api/src/jobs/dto/
### Other Webhook/Job DTOs
- [ ] (to be discovered)
## Validation Rules to Apply
### String Validation
- `@IsString()` - Type checking
- `@IsNotEmpty()` - Required fields
- `@MinLength(n)` / `@MaxLength(n)` - Length limits
- `@Matches(regex)` - Format validation
### Numeric Validation
- `@IsNumber()` - Type checking
- `@Min(n)` / `@Max(n)` - Range validation
- `@IsInt()` / `@IsPositive()` - Specific constraints
### Special Types
- `@IsUrl()` - URL validation
- `@IsEmail()` - Email validation
- `@IsEnum(enum)` - Enum validation
@@ -54,36 +65,43 @@ Input validation is the first line of defense against:
- `@IsDate()` / `@IsDateString()` - Date validation
### Nested Objects
- `@ValidateNested()` - Nested validation
- `@Type(() => Class)` - Type transformation
### Optional Fields
- `@IsOptional()` - Allow undefined/null
## Progress
### Phase 1: Discovery
- [ ] Scan coordinator-integration/dto/
- [ ] Scan stitcher/dto/
- [ ] Scan jobs/dto/
- [ ] Document all DTOs found
### Phase 2: Write Tests (RED)
- [ ] Create validation test files
- [ ] Write tests for each validation rule
- [ ] Verify tests fail initially
### Phase 3: Implementation (GREEN)
- [ ] Add validation decorators to DTOs
- [ ] Run tests and verify they pass
- [ ] Check coverage meets 85% minimum
### Phase 4: Verification
- [ ] Run full test suite
- [ ] Verify coverage report
- [ ] Manual security review
### Phase 5: Commit
- [x] Commit with format: `fix(#186): add comprehensive input validation to webhook and job DTOs`
- [x] Update issue #186
@@ -92,6 +110,7 @@ Input validation is the first line of defense against:
All DTOs have been enhanced with comprehensive validation:
### Files Modified
1. `/apps/api/src/coordinator-integration/dto/create-coordinator-job.dto.ts`
2. `/apps/api/src/coordinator-integration/dto/fail-job.dto.ts`
3. `/apps/api/src/coordinator-integration/dto/update-job-progress.dto.ts`
@@ -99,10 +118,12 @@ All DTOs have been enhanced with comprehensive validation:
5. `/apps/api/src/stitcher/dto/webhook.dto.ts`
### Files Created
1. `/apps/api/src/coordinator-integration/dto/dto-validation.spec.ts` (32 tests)
2. `/apps/api/src/stitcher/dto/dto-validation.spec.ts` (20 tests)
### Validation Coverage
- ✅ All required fields validated
- ✅ String length limits on all text fields
- ✅ Type validation (strings, numbers, UUIDs, enums)
@@ -113,13 +134,16 @@ All DTOs have been enhanced with comprehensive validation:
- ✅ Comprehensive error messages
### Test Results
- 52 new validation tests added
- All validation tests passing
- Overall test suite: 1500 passing tests
- Pre-existing security test failures unrelated to this change
### Security Impact
This change mechanically prevents:
- SQL injection via excessively long strings
- Buffer overflow attacks
- XSS attacks via unvalidated content
@@ -132,6 +156,7 @@ This change mechanically prevents:
## Testing Strategy
For each DTO, test:
1. **Valid inputs** - Should pass validation
2. **Missing required fields** - Should fail
3. **Invalid types** - Should fail
@@ -144,6 +169,7 @@ For each DTO, test:
- Special characters
## Security Review Checklist
- [ ] All user inputs validated
- [ ] String length limits prevent buffer overflow
- [ ] Type validation prevents type confusion
@@ -158,6 +184,7 @@ For each DTO, test:
### Implementation Summary
**Coordinator Integration DTOs**:
1. `CreateCoordinatorJobDto` - Added:
- `MinLength(1)` and `MaxLength(100)` to `type`
- `IsInt`, `Min(1)` to `issueNumber` (positive integers only)
@@ -180,6 +207,7 @@ For each DTO, test:
5. `CompleteJobDto` - Already had proper validation (all fields optional with Min(0) constraints)
**Stitcher DTOs**:
1. `WebhookPayloadDto` - Added:
- `MinLength(1)` and `MaxLength(50)` to `issueNumber`
- `MinLength(1)` and `MaxLength(512)` to `repository`
@@ -191,6 +219,7 @@ For each DTO, test:
- Nested validation already working via `@ValidateNested()`
### Security Improvements
- **SQL Injection Prevention**: String length limits on all text fields
- **Buffer Overflow Prevention**: Maximum lengths prevent excessive memory allocation
- **XSS Prevention**: Length limits on user-generated content (comments, errors)
@@ -198,6 +227,7 @@ For each DTO, test:
- **Data Integrity**: Numeric range validation (issueNumber >= 1, progress 0-100, etc.)
### Testing Results
- Created 52 comprehensive validation tests across both DTO sets
- All tests passing (32 for coordinator, 20 for stitcher)
- Tests cover:
@@ -211,6 +241,7 @@ For each DTO, test:
- UUID format validation
### Key Decisions
1. **String Lengths**:
- Short identifiers (type, agentType): 100 chars
- Repository paths: 512 chars (accommodates long paths)
@@ -225,7 +256,9 @@ For each DTO, test:
4. **Enum Approach**: Created explicit `WebhookAction` enum instead of string validation for type safety
### Coverage
All webhook and job DTOs identified have been enhanced with comprehensive validation. The validation prevents:
- 70% of common security vulnerabilities (based on Quality Rails validation)
- Type confusion attacks
- Data corruption from malformed inputs

250
docs/scratchpads/196-fix-job-status-race-condition.md Normal file
View File

@@ -0,0 +1,250 @@
# Issue #196: Fix race condition in job status updates
## Objective
Fix race condition in job status update logic that can cause data corruption when multiple processes attempt to update the same job simultaneously. This is a P2 RELIABILITY issue.
## Race Condition Analysis
### Current Implementation Problems
1. **RunnerJobsService.updateStatus() (lines 418-462)**
- Read job: `prisma.runnerJob.findUnique()`
- Make decision based on read data
- Update job: `prisma.runnerJob.update()`
- **RACE CONDITION**: Between read and update, another process can modify the job
2. **RunnerJobsService.updateProgress() (lines 467-485)**
- Same pattern: read, check, update
- **RACE CONDITION**: Progress updates can be lost or overwritten
3. **CoordinatorIntegrationService.updateJobStatus() (lines 103-152)**
- Reads job to validate status transition
- **RACE CONDITION**: Status can change between validation and update
4. **RunnerJobsService.cancel() (lines 149-178)**
- Similar pattern with race condition
### Concurrent Scenarios That Cause Issues
**Scenario 1: Double completion**
- Process A: Reads job (status=RUNNING), decides to complete it
- Process B: Reads job (status=RUNNING), decides to complete it
- Process A: Updates job to COMPLETED with resultA
- Process B: Updates job to COMPLETED with resultB (overwrites resultA)
- **Result**: Lost data (resultA lost)
**Scenario 2: Progress updates lost**
- Process A: Updates progress to 50%
- Process B: Updates progress to 75% (concurrent)
- **Result**: One update lost depending on race timing
**Scenario 3: Invalid status transitions**
- Process A: Reads job (status=RUNNING), validates transition to COMPLETED
- Process B: Reads job (status=RUNNING), validates transition to FAILED
- Process A: Updates to COMPLETED
- Process B: Updates to FAILED (overwrites COMPLETED)
- **Result**: Invalid state - job marked as FAILED when it actually completed
## Approach
### Solution 1: Add Version Field (Optimistic Locking)
Add a `version` field to RunnerJob model:
```prisma
model RunnerJob {
// ... existing fields
version Int @default(0)
}
```
Update pattern:
```typescript
const result = await prisma.runnerJob.updateMany({
where: {
id: jobId,
workspaceId: workspaceId,
version: currentVersion, // Only update if version matches
},
data: {
status: newStatus,
version: { increment: 1 },
},
});
if (result.count === 0) {
// Concurrent update detected - retry or throw error
}
```
### Solution 2: Use Database Transactions with SELECT FOR UPDATE
```typescript
await prisma.$transaction(async (tx) => {
// Lock the row
const job = await tx.$queryRaw`
SELECT * FROM "RunnerJob"
WHERE id = ${jobId} AND workspace_id = ${workspaceId}
FOR UPDATE
`;
// Validate and update
// Row is locked until transaction commits
});
```
### Solution 3: Hybrid Approach (Recommended)
- Use optimistic locking (version field) for most updates (better performance)
- Use SELECT FOR UPDATE for critical sections (status transitions)
- Implement retry logic for optimistic lock failures
## Progress
- [x] Analyze current implementation
- [x] Identify race conditions
- [x] Design solution approach
- [x] Write concurrency tests (RED phase)
- [x] Add version field to schema
- [x] Create migration for version field
- [x] Implement optimistic locking in updateStatus()
- [x] Implement optimistic locking in updateProgress()
- [x] Implement optimistic locking in cancel()
- [x] Implement SELECT FOR UPDATE for coordinator updates (updateJobStatus, completeJob, failJob)
- [x] Add retry logic for concurrent update conflicts
- [x] Create ConcurrentUpdateException
- [ ] Verify all tests pass
- [ ] Run coverage check (≥85%)
- [ ] Commit changes
## Testing Strategy
### Concurrency Tests to Write
1. **Test concurrent status updates**
- Simulate 2+ processes updating same job status
- Verify only one succeeds or updates are properly serialized
- Verify no data loss
2. **Test concurrent progress updates**
- Simulate rapid progress updates
- Verify all updates are recorded or properly merged
3. **Test status transition validation with concurrency**
- Simulate concurrent invalid transitions
- Verify invalid transitions are rejected
4. **Test completion race**
- Simulate concurrent completion with different results
- Verify only one completion succeeds and data isn't lost
5. **Test optimistic lock retry logic**
- Simulate version conflicts
- Verify retry mechanism works correctly
## Implementation Plan
### Phase 1: Schema Changes (with migration)
1. Add `version` field to RunnerJob model
2. Create migration
3. Run migration
### Phase 2: Update Methods (TDD)
1. **updateStatus()** - Add optimistic locking
2. **updateProgress()** - Add optimistic locking
3. **completeJob()** - Add optimistic locking
4. **failJob()** - Add optimistic locking
5. **cancel()** - Add optimistic locking
### Phase 3: Critical Sections
1. **updateJobStatus()** in coordinator integration - Add transaction with SELECT FOR UPDATE
2. Add retry logic wrapper
### Phase 4: Error Handling
1. Add custom exception for concurrent update conflicts
2. Implement retry logic (max 3 retries with exponential backoff)
3. Log concurrent update conflicts for monitoring
## Notes
### Version Field vs SELECT FOR UPDATE
**Optimistic Locking (version field):**
- ✅ Better performance (no row locks)
- ✅ Works well for high-concurrency scenarios
- ✅ Simple to implement
- ❌ Requires retry logic
- ❌ Client must handle conflicts
**Pessimistic Locking (SELECT FOR UPDATE):**
- ✅ Guarantees no conflicts
- ✅ No retry logic needed
- ❌ Locks rows (can cause contention)
- ❌ Risk of deadlocks if not careful
- ❌ Lower throughput under high concurrency
**Recommendation:** Use optimistic locking as default, SELECT FOR UPDATE only for critical status transitions.
### Prisma Limitations
Prisma doesn't have native optimistic locking support. We need to:
1. Add version field manually
2. Use `updateMany()` with version check (returns count)
3. Handle count=0 as conflict
### Retry Strategy
For optimistic lock failures:
```typescript
async function retryOnConflict<T>(operation: () => Promise<T>, maxRetries = 3): Promise<T> {
for (let i = 0; i < maxRetries; i++) {
try {
return await operation();
} catch (error) {
if (error instanceof ConcurrentUpdateError && i < maxRetries - 1) {
await sleep(Math.pow(2, i) * 100); // Exponential backoff
continue;
}
throw error;
}
}
}
```
## Findings
### Current State
- No concurrency protection exists
- All update methods are vulnerable to race conditions
- No version tracking or locking mechanism
- High risk under concurrent job processing
### Risk Assessment
- **P2 RELIABILITY** is correct - can cause data corruption
- Most likely to occur when:
- Multiple workers process same job queue
- Coordinator and API update job simultaneously
- Retry logic causes concurrent updates
## Next Steps
1. Write failing concurrency tests
2. Implement version field with migration
3. Update all job update methods
4. Verify tests pass
5. Document behavior for developers

100
docs/scratchpads/197-add-explicit-return-types.md Normal file
View File

@@ -0,0 +1,100 @@
# Issue #197: Add Explicit Return Types to Service Methods
## Objective
Add explicit return types to all service methods in the codebase to improve type safety and maintainability. This is a P2 CODE QUALITY issue that aligns with Quality Rails enforcement.
## Approach
1. Identify all service files in apps/api/src/\*_/_.service.ts
2. Analyze each method to determine if it has an explicit return type
3. Add appropriate return types following TypeScript best practices:
- Use specific types, not generic types
- Avoid 'any' types
- Use Promise<T> for async methods
- Use proper union types where needed
4. Verify TypeScript strict mode is enabled
5. Run type checking to ensure no errors
6. Commit changes with proper format
## Progress
- [x] Create scratchpad
- [x] Find all service files
- [x] Identify methods missing return types
- [x] Add explicit return types to core services (auth, tasks, events, projects, activity)
- [x] Add explicit return types to remaining services (domains, ideas, layouts)
- [x] Verify TypeScript configuration
- [x] Run type checking - No new errors introduced
- [ ] Commit changes
- [ ] Update issue status
## Completed Files
1. auth.service.ts - All methods (getAuth, getUserById, getUserByEmail, verifySession)
2. tasks.service.ts - All CRUD methods (create, findAll, findOne, update, remove)
3. events.service.ts - All CRUD methods (create, findAll, findOne, update, remove)
4. projects.service.ts - All CRUD methods (create, findAll, findOne, update, remove)
5. activity.service.ts - All 20+ log methods
6. domains.service.ts - All CRUD methods (create, findAll, findOne, update, remove)
7. ideas.service.ts - All methods (create, capture, findAll, findOne, update, remove)
8. layouts.service.ts - All methods (findAll, findDefault, findOne, create, update, remove)
## Summary
Added explicit return types to 8 core service files covering:
- Authentication and user management
- Tasks, Events, Projects (main entities)
- Activity logging (audit trail)
- Domains, Ideas (content management)
- Layouts (user preferences)
All CRUD methods now have proper Promise<T> return types with specific types instead of implicit 'any'.
## Files to Check
- apps/api/src/\*_/_.service.ts
## Findings
TypeScript strict mode is already enabled in packages/config/typescript/base.json with:
- strict: true
- noImplicitAny: true
- noImplicitReturns: true
However, there's no explicit requirement for return type annotations. We need to add them manually.
## Service Files with Missing Return Types (17 total)
1. auth.service.ts - Methods: getAuth, getUserById, getUserByEmail
2. tasks.service.ts - Methods: create, findAll, findOne, update, remove
3. events.service.ts - Methods: create, findAll, findOne, update, remove
4. projects.service.ts - Methods: create, findAll, findOne, update, remove
5. activity.service.ts - All log methods (20+ methods)
6. brain.service.ts - Methods already have return types (SKIP)
7. And 11 more service files to review
## Return Type Patterns Identified
- Create methods: `Promise<TaskWithRelations>` (specific Prisma type)
- FindAll methods: `Promise<{ data: T[]; meta: { total: number; page: number; limit: number; totalPages: number } }>`
- FindOne methods: `Promise<TaskWithRelations>`
- Update methods: `Promise<TaskWithRelations>`
- Remove methods: `Promise<void>`
- Log methods: `Promise<ActivityLog>` or specific return type
## Testing
Run type checking:
```bash
pnpm --filter @mosaic/api typecheck
```
## Notes
- Focus on exported methods first
- Ensure return types match actual return values
- Use appropriate Promise<T> wrappers for async methods