[hero_planner_server] currency_rate delete can corrupt data — oschema `CurrencyRate` omits the rowid #25

New issue

Closed

opened 2026-06-14 16:25:19 +00:00 by sameh-farouk · 1 comment

sameh-farouk commented

2026-06-14 16:25:19 +00:00

Member

currency_rate_list output (oschema CurrencyRate) does not expose the row id/sid, but currency_rate_delete requires the rowid (parse_sid -> i64; the lib deletes WHERE id = ?). There is no delete-by-code path.

So a client cannot reliably delete a specific rate: the web remap synthesizes an id from the list index, which can target the wrong / nonexistent row -> potential deletion of the wrong currency rate (data-corruption risk). This worked pre-migration when the old API returned the id.

Fix: expose the rowid (or a stable sid) in the CurrencyRate oschema output, or add a delete-by-code method.

`currency_rate_list` output (oschema `CurrencyRate`) does **not** expose the row id/sid, but `currency_rate_delete` requires the rowid (`parse_sid` -> i64; the lib deletes `WHERE id = ?`). There is no delete-by-code path. So a client cannot reliably delete a specific rate: the web remap synthesizes an `id` from the **list index**, which can target the **wrong / nonexistent row** -> potential deletion of the wrong currency rate (**data-corruption risk**). This worked pre-migration when the old API returned the id. **Fix:** expose the rowid (or a stable sid) in the `CurrencyRate` oschema output, or add a delete-by-code method.

sameh-farouk self-assigned this

2026-06-14 16:25:19 +00:00

sameh-farouk referenced this issue

2026-06-14 16:25:23 +00:00

[hero_planner_web] Web UI broken after oschema cutover — data RPC calls 404 #18

sameh-farouk referenced this issue from a commit

2026-06-14 17:36:41 +00:00

fix(planner): id on CurrencyRate, rename EntityCounts.conditions, implement *_list_full

sameh-farouk referenced this issue from a commit

2026-06-14 17:47:10 +00:00

fix(server): properly fill oschema gaps #24/#25/#26 (source + regen, not hand-edited output)

sameh-farouk commented

2026-06-14 17:49:11 +00:00

Author

Member

Fixed on development in 7976504 — added id: i64 (SQLite rowid) to the CurrencyRate type in the .oschema and populated it in the currency_rate_list/currency_rate_upsert impls (the lib model already carried the rowid; it was being dropped at the RPC boundary, so the client had no stable id to delete by). currency_rate_delete now targets the correct row.

Verified round-trip on the live daemon: upsert (returns real id) → list (rows carry that id) → delete by id → list empty, with only the targeted row removed and bystanders untouched. Source-only; openrpc/SDK regenerated by build.

Follow-up: the web client shim still derived the currency id from list index — being updated to use this real wire id (separate web commit).

Fixed on `development` in `7976504` — added `id: i64` (SQLite rowid) to the `CurrencyRate` type in the `.oschema` and populated it in the `currency_rate_list`/`currency_rate_upsert` impls (the lib model already carried the rowid; it was being dropped at the RPC boundary, so the client had no stable id to delete by). `currency_rate_delete` now targets the correct row. Verified round-trip on the live daemon: upsert (returns real `id`) → list (rows carry that `id`) → delete by `id` → list empty, with only the targeted row removed and bystanders untouched. Source-only; openrpc/SDK regenerated by build. **Follow-up:** the web client shim still derived the currency id from list *index* — being updated to use this real wire `id` (separate web commit).

sameh-farouk closed this issue

2026-06-14 17:49:11 +00:00

sameh-farouk referenced this issue from a commit

2026-06-14 17:59:54 +00:00

fix(web,ci): currency-delete uses real CurrencyRate.id; align CI to canonical

sameh-farouk referenced this issue

2026-06-14 18:01:23 +00:00

[hero_planner_web] Web UI broken after oschema cutover — data RPC calls 404 #18