Skip to content

fix: wrap email account deletion in database transaction#35

Closed
0x-SquidSol wants to merge 1 commit intonullxnothing:mainfrom
0x-SquidSol:fix/email-account-deletion-transaction
Closed

fix: wrap email account deletion in database transaction#35
0x-SquidSol wants to merge 1 commit intonullxnothing:mainfrom
0x-SquidSol:fix/email-account-deletion-transaction

Conversation

@0x-SquidSol
Copy link
Copy Markdown

@0x-SquidSol 0x-SquidSol commented Apr 8, 2026

Summary

  • removeAccount ran 4 DELETE statements (secure_keys ×2, email_message_cache, email_accounts) without a transaction wrapper
  • A crash between any two deletes could leave orphaned secure keys or cached messages in the database
  • All deletes now execute atomically via db.transaction()

Test plan

  • Delete an email account — verify all related data is removed
  • Run pnpm run typecheck — passes clean
  • Run pnpm run test — all tests pass

@0x-SquidSol @claude
fix: wrap email account deletion in database transaction
b09caf1 
The four DELETE statements in removeAccount ran without a transaction,
risking orphaned secure keys or cached messages if the process crashed
between operations. All deletes now execute atomically.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@nullxnothing
Copy link
Copy Markdown
Owner

nullxnothing commented Apr 13, 2026

Closed as superseded by #75, which reapplies the corrected security hardening on top of current main. This avoids merging stale/conflicted branches and preserves the fixes with passing CI/CodeQL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@0x-SquidSol @nullxnothing