Parallel analysis lane
Thoroughness: medium. In /home/akitav2/projects/4626/frontend/server and /home/akitav2/projects/4626/frontend/api, identify server-side multi-write mutation flows that touch DB state (multiple inserts/updates/deletes in one logical operation). Return a concise list with file paths, function names, and whether explicit transaction boundaries are present (BEGIN/COMMIT or helper). Focus on high-risk auth/wallet/waitlist/deploy/keeper paths. Also note obvious missing transaction boundary risks.
Analysis
Searching for multi-write DB flows and transaction boundaries in the server and API layers.
[REDACTED]
Tools invoked: UpdateCurrentStep, Grep, Grep, Grep, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Read, Grep, Grep, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Grep, Grep, Grep, Grep, Grep, Glob
Analysis
[REDACTED]
Tools invoked: Grep, Grep, Grep, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Read, Read, Read, Read, Read, Read
Analysis
[REDACTED]
Tools invoked: Read, Grep, Grep, Grep, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Grep, Glob, Grep, Grep, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Grep, Grep, Grep, Grep, Read, Read
Analysis
[REDACTED]
Tools invoked: Read, Read, Read, Read, Read, Glob
Analysis
[REDACTED]
Tools invoked: Read, Read, Read, Read, Read, Grep
Analysis
[REDACTED]
Tools invoked: Grep, Grep, Grep, Grep, Grep, Read
Analysis
[REDACTED]
Tools invoked: Read, Read, Glob, Grep, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Read, Read, Grep, Read, Read, Grep
Analysis
[REDACTED]
Tools invoked: Read, Read, Read, Read, Glob, Grep
Analysis
[REDACTED]
Tools invoked: Grep, Read, Read, Read, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Grep, Grep, Read, Grep, Read, Grep
Analysis
[REDACTED]
Tools invoked: Read, Read, Read, Grep, Grep, Read
Analysis
[REDACTED]
Tools invoked: Read, Read, Grep, Grep, Grep, Read
Analysis
[REDACTED]
Tools invoked: Read, Read, Grep, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Read, Read, Read, Grep, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Read, Read, Grep, Grep
Analysis
[REDACTED]
Tools invoked: Read, Read, Read, Read
Analysis
Transaction helper (repo-wide)
Only explicit boundary helper found: runInTransaction in /home/akitav2/projects/4626/frontend/server/_lib/db/postgres.ts (re-exported via @4626/server-core). Production callers are narrow.
Flows with explicit transactions
| Path | Function(s) | Boundary |
|---|---|---|
/home/akitav2/projects/4626/frontend/api/_handlers/arch-b/_subAccountBaseAppRegister.ts | handler → runInTransaction block | Yes — CIEC + wallets + profile_wallets + profiles in one txn |
/home/akitav2/projects/4626/frontend/server/_lib/controlPlane/operations.ts | transitionOperationStatus, transitionStageStatus | Yes — status row + event insert |
/home/akitav2/projects/4626/frontend/server/_lib/db/postgres.ts | runInTransaction | Helper only |
High-risk multi-write flows without outer transactions
Auth / wallet
| Path | Function(s) | Writes | Tx? | Risk |
|---|---|---|---|---|
/home/akitav2/projects/4626/frontend/server/_lib/wallet/walletSync.ts | syncUserWallets → insertOrUpdateProfile, clearRoleFlags, per-wallet loop | profiles + up to ~8 role-flag UPDATEs + N×(wallets, profile_wallets) | No | Partial sync can leave mismatched role flags vs wallet rows |
/home/akitav2/projects/4626/frontend/api/_handlers/auth/_privy.ts | handler → syncUserWallets | Same as above on every auth sync | No | Session mint can succeed while DB identity is half-written (mitigated by upserts, not atomic) |
/home/akitav2/projects/4626/frontend/api/_handlers/wallet/_sync.ts | handler → syncUserWallets | Same | No | Same |
/home/akitav2/projects/4626/frontend/server/_lib/wallet/canonicalCswDelegation.ts | ensureCanonicalWalletRow, bootstrapCanonicalDelegationState, confirmOwnerState | wallets + profile_wallets + profiles (3–5 statements) | No | Canonical CSW / embedded EOA / privy_is_owner can diverge mid-flight |
/home/akitav2/projects/4626/frontend/api/_handlers/wallet/solana/_setCanonical.ts | handler | 3× profile_wallets/profiles updates | No | Canonical vs operational Solana flags can split |
/home/akitav2/projects/4626/frontend/packages/server-core/src/commandIssuerContext.ts | provisionCommandIssuerContext | Single INSERT … ON CONFLICT on command_issuer_execution_context | Per-statement only | OK for CIEC alone; not paired with wallet/profile writes in same txn |
/home/akitav2/projects/4626/frontend/api/_handlers/arch-b/_subAccountProvisionCommit.ts, _enroll.ts, admin arch-b provision | → provisionCommandIssuerContext | CIEC upsert only (wallet rows may be separate) | No (except Base App register path) | Arch-b commit can persist CIEC without matching profile_wallets/profiles mirror |
Waitlist / identity / referrals
| Path | Function(s) | Writes | Tx? | Risk |
|---|---|---|---|---|
/home/akitav2/projects/4626/frontend/api/_handlers/waitlist/_bootstrap.ts | upsertBootstrapProfile, rebindEmailProfileToPrivyUser, full handler | profiles + migrate points + delete placeholder points + referral code/referral conversion + awardWaitlistPoints | No | Classic fragment/tombstone risk on email/privy rebind |
/home/akitav2/projects/4626/frontend/server/_lib/identity/emailCollisionAdoption.ts | mergePlaceholderProfiles, rebindEmailCollisionProfile, rebindWalletCollisionProfile | profiles, points, accounts, privy_user_aliases, linked methods | No | Collision recovery can stop mid-merge |
/home/akitav2/projects/4626/frontend/server/_lib/identity/profileMerge.ts | executeProfileMerge | 15+ steps: aliases, CSW propagate, points, profile_wallets, referrals, command_issuer_*, tombstone | No (code comments note TOCTOU) | Highest-risk admin merge; partial merge = orphaned arch-b state |
/home/akitav2/projects/4626/frontend/api/_handlers/admin/profiles/_merge.ts | handler → executeProfileMerge | Same | No | Same |
/home/akitav2/projects/4626/frontend/server/_lib/onboarding/waitlistPoints.ts | awardWaitlistPoints, recordReferralPassthrough | points (+ optional second points for referrer) | No | Referee credited without passthrough (logged, not rolled back) |
/home/akitav2/projects/4626/frontend/server/_lib/identity/accountsIdentity.ts | recordProviderLink, applyPointEvent, resolveOrCreateCanonicalProfileIdForPrivyUser | accounts, account_linked_methods, account_zora_signals, profiles, privy_user_aliases, points | No | Link + points award can split |
/home/akitav2/projects/4626/frontend/api/_handlers/onboarding/_register-sub-account.ts | handler | profiles.base_sub_account + awardWaitlistPoints | No | Sub-account saved but points not (swallowed) |
Deploy
| Path | Function(s) | Writes | Tx? | Risk |
|---|---|---|---|---|
/home/akitav2/projects/4626/frontend/server/_lib/deploy/deploySessions.ts | insertDeploySession | INSERT deploys + best-effort UPDATE signer columns | No | Low (same row) |
/home/akitav2/projects/4626/frontend/api/_handlers/deploy/v2/session/_continueCore.ts, _statusCore.ts | many updateDeploySession / transitionDeploySession calls | Sequences of single-row deploys updates + payload/artifact patches | Per-call only | Step/state can advance without matching artifact patch if a later call fails |
/home/akitav2/projects/4626/frontend/server/_lib/controlPlane/executors/executeSettleVault.ts | executeSettleVault | keepr_vaults update + ensureKeeperRegistryForVault | No | Vault marked settled before keeper registry fully provisioned |
/home/akitav2/projects/4626/frontend/server/_lib/controlPlane/executors/provisionVaultEconomy.ts | provisionVaultEconomy | upsertKeeprVault + upsertKeeprVaultAutomation (+ optional queue) | No | Vault row without automation row |
Keeper / Keepr
| Path | Function(s) | Writes | Tx? | Risk |
|---|---|---|---|---|
/home/akitav2/projects/4626/frontend/server/_lib/keeperJobs/keeperJobs.ts | claimDueKeeperJobs, completeKeeperJob | Single UPDATE each (FOR UPDATE SKIP LOCKED on claim) | Per-statement | Claim/complete are atomic; OK |
/home/akitav2/projects/4626/frontend/api/_handlers/keepr/actions/_updateStatus.ts | handler, syncJoinRequestStatus | keepr_actions then keepr_join_requests | No | Action status and join-request status can diverge |
/home/akitav2/projects/4626/frontend/api/_handlers/keepr/_join.ts | markJoinRequestQueued | UPDATE + conditional INSERT on keepr_join_requests | No | Duplicate/queued row edge cases |
/home/akitav2/projects/4626/frontend/api/_handlers/keeper/_solanaReconcile.ts | handler | control-plane transitions + keepr_workflow_checkpoints upsert | No | Checkpoint vs operation status drift |
/home/akitav2/projects/4626/frontend/server/_lib/keepr/keeperRegistryBootstrap.ts | ensureKeeperRegistryForVault | provisionVaultEconomy + optional seedAjnaRegistry | No | Multi-table keeper bootstrap partial completion |
Payments (creator strategy)
| Path | Function(s) | Writes | Tx? | Risk |
|---|---|---|---|---|
/home/akitav2/projects/4626/frontend/api/_handlers/creator/strategy/_activate.ts (and stripe/x402 siblings) | handler chain | creator_strategy_features + payment_orders + payment_events + control-plane ops/stages/events | No | Paid activation row without ledger/control-plane mirror (or vice versa) |
Lottery (positive pattern)
| Path | Function(s) | Writes | Tx? | Note |
|---|---|---|---|---|
/home/akitav2/projects/4626/frontend/server/_lib/lottery/lotteryAmoe.ts | credit burn path (spendAttempt CTE) | points + amoe_burn_credits_intents in one SQL statement | Implicit (single statement) | Good atomic debit+intent pattern |
Obvious missing-boundary risks (priority)
executeProfileMerge— many tables, no txn; explicit TOCTOU between plan and execute.syncUserWallets/ auth privy sync — highest-frequency wallet identity writer; multi-table, no txn.- Waitlist bootstrap + collision adoption — profile/privy/points/account rebinding across multiple statements.
- Keepr
updateStatus—keepr_actionsandkeepr_join_requestsnot wrapped together. - Creator strategy activation — payment feature row + orders/ledger + control plane not one txn.
- Vault settle + keeper provision —
settled_atcan land beforekeepr_vaults/ automation / ajna registry are consistent.
Note: runInTransaction is rarely used outside arch-b Base App register and control-plane status transitions; most auth/waitlist/wallet/deploy/keeper paths rely on idempotent upserts and ON CONFLICT, not serializable multi-write atomicity.
[REDACTED]
Was this page helpful?