Skip to main content

Parallel analysis lane

[← Source sessions](/audits/fable/key-sessions) · [Transcript archive](/audits/fable/transcripts) · [Executive summary](/audits/fable/findings-summary)
# Parallel analysis lane | Field | Value | | --- | --- | | Session ID | `14818d1a-8a3e-4439-a19f-307cb224c9eb` | | Lead session | `2f3a0cb7-adbc-43d2-8e13-85fb0072fbf3` | | Record type | Parallel workstream export | :::note[Appendix record] Readable export of a supplementary review session. Tool outputs and system context are omitted; download the [JSONL archive](/audits/fable-chats-4626-2026-06.zip) for the complete log. ::: ## Engagement brief

Thoroughness: medium. In /home/akitav2/projects/4626/frontend/server and /home/akitav2/projects/4626/frontend/api, identify server-side multi-write mutation flows that touch DB state (multiple inserts/updates/deletes in one logical operation). Return a concise list with file paths, function names, and whether explicit transaction boundaries are present (BEGIN/COMMIT or helper). Focus on high-risk auth/wallet/waitlist/deploy/keeper paths. Also note obvious missing transaction boundary risks.

Analysis

Searching for multi-write DB flows and transaction boundaries in the server and API layers.

[REDACTED]

Tools invoked: UpdateCurrentStep, Grep, Grep, Grep, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Read, Grep, Grep, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Grep, Grep, Grep, Grep, Grep, Glob

Analysis

[REDACTED]

Tools invoked: Grep, Grep, Grep, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Read, Read, Read, Read, Read, Read

Analysis

[REDACTED]

Tools invoked: Read, Grep, Grep, Grep, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Grep, Glob, Grep, Grep, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Grep, Grep, Grep, Grep, Read, Read

Analysis

[REDACTED]

Tools invoked: Read, Read, Read, Read, Read, Glob

Analysis

[REDACTED]

Tools invoked: Read, Read, Read, Read, Read, Grep

Analysis

[REDACTED]

Tools invoked: Grep, Grep, Grep, Grep, Grep, Read

Analysis

[REDACTED]

Tools invoked: Read, Read, Glob, Grep, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Read, Read, Grep, Read, Read, Grep

Analysis

[REDACTED]

Tools invoked: Read, Read, Read, Read, Glob, Grep

Analysis

[REDACTED]

Tools invoked: Grep, Read, Read, Read, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Grep, Grep, Read, Grep, Read, Grep

Analysis

[REDACTED]

Tools invoked: Read, Read, Read, Grep, Grep, Read

Analysis

[REDACTED]

Tools invoked: Read, Read, Grep, Grep, Grep, Read

Analysis

[REDACTED]

Tools invoked: Read, Read, Grep, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Read, Read, Read, Grep, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Read, Read, Grep, Grep

Analysis

[REDACTED]

Tools invoked: Read, Read, Read, Read

Analysis

Transaction helper (repo-wide)

Only explicit boundary helper found: runInTransaction in /home/akitav2/projects/4626/frontend/server/_lib/db/postgres.ts (re-exported via @4626/server-core). Production callers are narrow.


Flows with explicit transactions

PathFunction(s)Boundary
/home/akitav2/projects/4626/frontend/api/_handlers/arch-b/_subAccountBaseAppRegister.tshandler → runInTransaction blockYes — CIEC + wallets + profile_wallets + profiles in one txn
/home/akitav2/projects/4626/frontend/server/_lib/controlPlane/operations.tstransitionOperationStatus, transitionStageStatusYes — status row + event insert
/home/akitav2/projects/4626/frontend/server/_lib/db/postgres.tsrunInTransactionHelper only

High-risk multi-write flows without outer transactions

Auth / wallet

PathFunction(s)WritesTx?Risk
/home/akitav2/projects/4626/frontend/server/_lib/wallet/walletSync.tssyncUserWalletsinsertOrUpdateProfile, clearRoleFlags, per-wallet loopprofiles + up to ~8 role-flag UPDATEs + N×(wallets, profile_wallets)NoPartial sync can leave mismatched role flags vs wallet rows
/home/akitav2/projects/4626/frontend/api/_handlers/auth/_privy.tshandler → syncUserWalletsSame as above on every auth syncNoSession mint can succeed while DB identity is half-written (mitigated by upserts, not atomic)
/home/akitav2/projects/4626/frontend/api/_handlers/wallet/_sync.tshandler → syncUserWalletsSameNoSame
/home/akitav2/projects/4626/frontend/server/_lib/wallet/canonicalCswDelegation.tsensureCanonicalWalletRow, bootstrapCanonicalDelegationState, confirmOwnerStatewallets + profile_wallets + profiles (3–5 statements)NoCanonical CSW / embedded EOA / privy_is_owner can diverge mid-flight
/home/akitav2/projects/4626/frontend/api/_handlers/wallet/solana/_setCanonical.tshandlerprofile_wallets/profiles updatesNoCanonical vs operational Solana flags can split
/home/akitav2/projects/4626/frontend/packages/server-core/src/commandIssuerContext.tsprovisionCommandIssuerContextSingle INSERT … ON CONFLICT on command_issuer_execution_contextPer-statement onlyOK for CIEC alone; not paired with wallet/profile writes in same txn
/home/akitav2/projects/4626/frontend/api/_handlers/arch-b/_subAccountProvisionCommit.ts, _enroll.ts, admin arch-b provisionprovisionCommandIssuerContextCIEC upsert only (wallet rows may be separate)No (except Base App register path)Arch-b commit can persist CIEC without matching profile_wallets/profiles mirror

Waitlist / identity / referrals

PathFunction(s)WritesTx?Risk
/home/akitav2/projects/4626/frontend/api/_handlers/waitlist/_bootstrap.tsupsertBootstrapProfile, rebindEmailProfileToPrivyUser, full handlerprofiles + migrate points + delete placeholder points + referral code/referral conversion + awardWaitlistPointsNoClassic fragment/tombstone risk on email/privy rebind
/home/akitav2/projects/4626/frontend/server/_lib/identity/emailCollisionAdoption.tsmergePlaceholderProfiles, rebindEmailCollisionProfile, rebindWalletCollisionProfileprofiles, points, accounts, privy_user_aliases, linked methodsNoCollision recovery can stop mid-merge
/home/akitav2/projects/4626/frontend/server/_lib/identity/profileMerge.tsexecuteProfileMerge15+ steps: aliases, CSW propagate, points, profile_wallets, referrals, command_issuer_*, tombstoneNo (code comments note TOCTOU)Highest-risk admin merge; partial merge = orphaned arch-b state
/home/akitav2/projects/4626/frontend/api/_handlers/admin/profiles/_merge.tshandler → executeProfileMergeSameNoSame
/home/akitav2/projects/4626/frontend/server/_lib/onboarding/waitlistPoints.tsawardWaitlistPoints, recordReferralPassthroughpoints (+ optional second points for referrer)NoReferee credited without passthrough (logged, not rolled back)
/home/akitav2/projects/4626/frontend/server/_lib/identity/accountsIdentity.tsrecordProviderLink, applyPointEvent, resolveOrCreateCanonicalProfileIdForPrivyUseraccounts, account_linked_methods, account_zora_signals, profiles, privy_user_aliases, pointsNoLink + points award can split
/home/akitav2/projects/4626/frontend/api/_handlers/onboarding/_register-sub-account.tshandlerprofiles.base_sub_account + awardWaitlistPointsNoSub-account saved but points not (swallowed)

Deploy

PathFunction(s)WritesTx?Risk
/home/akitav2/projects/4626/frontend/server/_lib/deploy/deploySessions.tsinsertDeploySessionINSERT deploys + best-effort UPDATE signer columnsNoLow (same row)
/home/akitav2/projects/4626/frontend/api/_handlers/deploy/v2/session/_continueCore.ts, _statusCore.tsmany updateDeploySession / transitionDeploySession callsSequences of single-row deploys updates + payload/artifact patchesPer-call onlyStep/state can advance without matching artifact patch if a later call fails
/home/akitav2/projects/4626/frontend/server/_lib/controlPlane/executors/executeSettleVault.tsexecuteSettleVaultkeepr_vaults update + ensureKeeperRegistryForVaultNoVault marked settled before keeper registry fully provisioned
/home/akitav2/projects/4626/frontend/server/_lib/controlPlane/executors/provisionVaultEconomy.tsprovisionVaultEconomyupsertKeeprVault + upsertKeeprVaultAutomation (+ optional queue)NoVault row without automation row

Keeper / Keepr

PathFunction(s)WritesTx?Risk
/home/akitav2/projects/4626/frontend/server/_lib/keeperJobs/keeperJobs.tsclaimDueKeeperJobs, completeKeeperJobSingle UPDATE each (FOR UPDATE SKIP LOCKED on claim)Per-statementClaim/complete are atomic; OK
/home/akitav2/projects/4626/frontend/api/_handlers/keepr/actions/_updateStatus.tshandler, syncJoinRequestStatuskeepr_actions then keepr_join_requestsNoAction status and join-request status can diverge
/home/akitav2/projects/4626/frontend/api/_handlers/keepr/_join.tsmarkJoinRequestQueuedUPDATE + conditional INSERT on keepr_join_requestsNoDuplicate/queued row edge cases
/home/akitav2/projects/4626/frontend/api/_handlers/keeper/_solanaReconcile.tshandlercontrol-plane transitions + keepr_workflow_checkpoints upsertNoCheckpoint vs operation status drift
/home/akitav2/projects/4626/frontend/server/_lib/keepr/keeperRegistryBootstrap.tsensureKeeperRegistryForVaultprovisionVaultEconomy + optional seedAjnaRegistryNoMulti-table keeper bootstrap partial completion

Payments (creator strategy)

PathFunction(s)WritesTx?Risk
/home/akitav2/projects/4626/frontend/api/_handlers/creator/strategy/_activate.ts (and stripe/x402 siblings)handler chaincreator_strategy_features + payment_orders + payment_events + control-plane ops/stages/eventsNoPaid activation row without ledger/control-plane mirror (or vice versa)

Lottery (positive pattern)

PathFunction(s)WritesTx?Note
/home/akitav2/projects/4626/frontend/server/_lib/lottery/lotteryAmoe.tscredit burn path (spendAttempt CTE)points + amoe_burn_credits_intents in one SQL statementImplicit (single statement)Good atomic debit+intent pattern

Obvious missing-boundary risks (priority)

  1. executeProfileMerge — many tables, no txn; explicit TOCTOU between plan and execute.
  2. syncUserWallets / auth privy sync — highest-frequency wallet identity writer; multi-table, no txn.
  3. Waitlist bootstrap + collision adoption — profile/privy/points/account rebinding across multiple statements.
  4. Keepr updateStatuskeepr_actions and keepr_join_requests not wrapped together.
  5. Creator strategy activation — payment feature row + orders/ledger + control plane not one txn.
  6. Vault settle + keeper provisionsettled_at can land before keepr_vaults / automation / ajna registry are consistent.

Note: runInTransaction is rarely used outside arch-b Base App register and control-plane status transitions; most auth/waitlist/wallet/deploy/keeper paths rely on idempotent upserts and ON CONFLICT, not serializable multi-write atomicity.

[REDACTED]