数据库事务正确性审计工具 - 检测事务边界、触发器交互与提交模式

ln-652-transaction-correctness-auditor by levnikolaevich/claude-code-skills

139 周安装量

245 GitHub Stars

安装命令

npx skills add https://github.com/levnikolaevich/claude-code-skills --skill ln-652-transaction-correctness-auditor

🇨🇳中文介绍

Paths: File paths (shared/, references/, ../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}.

事务正确性审计器 (L3 Worker)

专门用于审计数据库事务模式在正确性、范围和触发器交互方面的 Worker。

目的与范围

审计事务正确性（优先级：高）
检查提交模式、事务边界、回滚处理、触发器/通知语义
将结构化发现写入文件，包含严重性、位置、工作量、建议
计算“事务正确性”类别的合规性分数 (X/10)

输入（来自协调器）

必读： 加载 shared/references/audit_worker_core_contract.md。

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

审计规则（优先级：高）

1. 缺少中间提交

描述： 当数据库触发器/NOTIFY 依赖于事务提交时，执行 UPDATE 操作但没有提交。

步骤 1： 在迁移文件中查找触发器：
- 在 alembic/versions/、migrations/ 中搜索 pg_notify|NOTIFY|CREATE TRIGGER|CREATE OR REPLACE FUNCTION.*trigger
- 提取：触发器函数名、表名、触发事件 (INSERT/UPDATE)
步骤 2： 查找对受触发器影响表执行 UPDATE 的代码：
- 搜索与触发器表相关的 repo.*update|session\.execute.*update|\.progress|\.status
步骤 3： 检查连续更新之间是否有 commit()：
- 如果在循环/序列中对触发器表进行多次 UPDATE 而没有中间的 commit()，则 NOTIFY 事件将延迟到最终提交时才发出
- 没有中间提交，实时进度跟踪将失效

严重： 缺少针对基于 NOTIFY/LISTEN 的实时功能（SSE、WebSocket）的提交
高：缺少针对更新物化数据的触发器的提交

例外： 单个原子操作，没有中间可观察状态 → 将严重性从严重降级为中等。事务范围被记录为有意为之（ADR、架构注释）→ 降一级。

在进度里程碑处添加 session.commit()（需节流：每 N%、每 T 秒）
或者将实时通知移出数据库触发器（使用 Redis 发布/订阅、进程内事件）

工作量： 小-中（添加策略性提交或重新设计通知路径）

2. 事务范围过宽

描述： 单个事务包装了不相关的操作，包括缓慢的外部调用。

查找 async with session.begin() 或显式的事务块
检查块是否包含外部调用：await httpx.、await aiohttp.、await requests.、await grpc.
检查块是否包含文件 I/O：open(、.read(、.write(
模式：DB 写入 + 外部 API 调用 + 同一事务中的另一个 DB 写入

高：事务内部进行外部 HTTP/gRPC 调用（在网络延迟期间持有数据库连接）
中等： 事务内部进行文件 I/O

建议： 拆分为独立的事务；使用 Saga/Outbox 模式实现跨服务一致性。

工作量： 中-大（重构事务边界）

3. 事务范围过窄

描述： 逻辑上原子的操作被拆分为多个提交。

对应该原子化的操作进行多次 session.commit() 调用
模式：创建父实体，提交，创建子实体，提交（应为单个事务）
模式：更新状态 + 在单独的提交中创建审计日志

高：父-子创建在单独的提交中（失败时存在孤儿风险）
中等： 相关更新在单独的提交中（失败时状态不一致）

建议： 使用 async with session.begin() 或工作单元模式将相关操作包装在单个事务中。

工作量： 中（重构提交边界）

4. 缺少回滚处理

描述： session.commit() 没有适当的错误处理和回滚。

查找不在 try/except 块或上下文管理器内的 session.commit()
查找在 try 中但没有在 except 中执行 session.rollback() 的 session.commit()
模式：服务方法中裸露的 await session.commit()
例外：async with session.begin() 自动回滚（安全）

中等： 缺少回滚（失败时会话处于损坏状态）
低：使用上下文管理器时缺少显式回滚（自动处理）

建议： 使用 async with session.begin()（自动回滚），或添加显式的 try/except/rollback 模式。

工作量： 小（包装在上下文管理器中或添加错误处理）

5. 事务持有时间过长

描述： 在缓慢/阻塞操作期间事务保持打开状态。

测量范围：计算事务开始和提交之间的代码行数
如果 begin() 和 commit() 之间有超过 50 行代码，则标记
如果事务包含对外部服务的 await 调用（网络延迟），则标记
如果事务包含 time.sleep() 或 asyncio.sleep()，则标记

高：在外部 API 调用期间持有事务（存在连接池耗尽风险）
中等： 事务跨越超过 50 行（逻辑复杂，锁争用可能性高）

建议： 最小化事务范围；在打开事务之前准备数据，在数据库操作后立即提交。

工作量： 中（重构代码以最小化事务窗口）

6. 事件通道名称一致性

描述： 发布者通道/主题名称与订阅者通道/主题名称不匹配。

步骤 1： 收集发布者通道名称（扩展第 2 阶段的触发器发现）：
- 迁移触发器：从 pg_notify('channel_name', ...)、NOTIFY channel_name 中提取字符串参数
- 应用程序代码：在 src/、app/ 中搜索 \.publish\(["']|\.emit\(["']|redis.*publish\(["']|\.send_to\(["']
- 提取：{channel_name, source_file, source_line, technology}
步骤 2： 收集订阅者通道名称：
- PostgreSQL：在应用程序代码（不仅仅是迁移）中搜索 LISTEN\s+(\w+)
- Redis：在 src/、app/ 中搜索 \.subscribe\(["']([^"']+)
- EventEmitter/WebSocket：在处理器/监听器目录中搜索 \.on\(["']([^"']+)
- 提取：{channel_name, source_file, source_line, technology}
步骤 3： 交叉引用发布者与订阅者：
- 完全匹配：publisher.channel_name == subscriber.channel_name → 正常
- 近似匹配：Levenshtein 距离 <= 2 或一方是另一方的子字符串 → 标记为不匹配
- 孤立的发布者：通道存在于发布者但不在订阅者中 → 标记为孤立
- 孤立的订阅者：通道存在于订阅者但不在发布者中 → 标记为孤立

第二层上下文分析（必做）：

如果通道名称来自共享配置常量或环境变量（例如 CHANNEL = os.environ["EVENT_CHANNEL"]）并且发布者和订阅者使用相同的来源 → 不是不匹配
如果通道使用动态后缀模式（例如 job_events:{job_id}）并且双方使用相同的模板 → 不是孤立
从发布者和订阅者发现中排除测试文件 (**/test*/**、**/*.test.*)

严重： 通道名称不匹配（近似匹配：发布者发送到 job_events，订阅者监听 job_event）
高：孤立的发布者 — 事件已发送但从未被消费（如果事件携带状态更改，则存在数据丢失风险）
中等： 孤立的订阅者 — 注册了监听器但未找到发布者（死代码或未来功能）

对于不匹配：将通道名称统一为发布者和订阅者之间共享的单个常量
对于孤立的发布者：添加订阅者或移除未使用的 NOTIFY/发布
对于孤立的订阅者：添加发布者或移除死监听器

工作量： 小（修复拼写错误/添加常量）到中（设计缺失的订阅者/发布者）

必读： 加载 shared/references/audit_worker_core_contract.md 和 shared/references/audit_scoring.md。

必读： 加载 shared/references/audit_worker_core_contract.md 和 shared/templates/audit_worker_report_template.md。

将报告写入 {output_dir}/652-transaction-correctness.md，其中包含 category: "Transaction Correctness" 和检查项：missing_intermediate_commits、scope_too_wide、scope_too_narrow、missing_rollback、long_held_transaction、event_channel_consistency。

向协调器返回摘要：

Report written: docs/project/.audit/ln-650/{YYYY-MM-DD}/652-transaction-correctness.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

必读： 加载 shared/references/audit_worker_core_contract.md。

不要自动修复： 仅报告
先发现触发器： 在分析事务模式之前，始终扫描迁移文件以查找触发器/NOTIFY
ORM 感知： 检查 ORM 上下文管理器是否自动回滚（async with session.begin() 是安全的）
排除测试事务： 不要标记具有手动提交/回滚的测试夹具
数据库特定： PostgreSQL NOTIFY 语义与 MySQL 事件调度器不同

必读： 加载 shared/references/audit_worker_core_contract.md。

contextStore 解析成功（包括 output_dir）
scan_path 已确定
从迁移文件中发现触发器/NOTIFY 基础设施
完成所有 6 项检查：
- missing_intermediate_commits、scope_too_wide、scope_too_narrow、missing_rollback、long_held、event_channel_consistency
收集了包含严重性、位置、工作量、建议的发现
使用惩罚算法计算了分数
报告已写入 {output_dir}/652-transaction-correctness.md（原子性单次 Write 调用）
摘要已返回给协调器

审计输出模式： shared/references/audit_output_schema.md

版本： 1.1.0 最后更新： 2026-03-15

🇺🇸English

Paths: File paths (shared/, references/, ../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}.

Transaction Correctness Auditor (L3 Worker)

Specialized worker auditing database transaction patterns for correctness, scope, and trigger interaction.

Purpose & Scope

Audit transaction correctness (Priority: HIGH)
Check commit patterns, transaction boundaries, rollback handling, trigger/notify semantics
Write structured findings to file with severity, location, effort, recommendations
Calculate compliance score (X/10) for Transaction Correctness category

Inputs (from Coordinator)

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Receives contextStore with: tech_stack, best_practices, db_config (database type, ORM settings, trigger/notify patterns), codebase_root, output_dir.

Domain-aware: Supports domain_mode + current_domain.

Workflow

MANDATORY READ: Load shared/references/two_layer_detection.md for detection methodology.

Parse context from contextStore
- Extract tech_stack, best_practices, db_config, output_dir
- Determine scan_path
Discover transaction infrastructure
- Find migration files with triggers (pg_notify, CREATE TRIGGER, NOTIFY)
- Find session/transaction configuration (expire_on_commit, autocommit, isolation level)
- Map trigger-affected tables
Scan codebase for violations
- Trace UPDATE paths for trigger-affected tables
- Analyze transaction boundaries (begin/commit scope)
- Check error handling around commits
Collect findings with severity, location, effort, recommendation

Audit Rules (Priority: HIGH)

1. Missing Intermediate Commits

What: UPDATE without commit when DB trigger/NOTIFY depends on transaction commit

Detection:

Step 1: Find triggers in migrations:
- Grep for pg_notify|NOTIFY|CREATE TRIGGER|CREATE OR REPLACE FUNCTION.*trigger in alembic/versions/, migrations/
- Extract: trigger function name, table name, trigger event (INSERT/UPDATE)
Step 2: Find code that UPDATEs trigger-affected tables:
- Grep for repo.*update|session\.execute.*update|\.progress|\.status related to trigger tables
Step 3: Check for commit() between sequential updates:
- If multiple UPDATEs to trigger table occur in a loop/sequence without intermediate commit(), NOTIFY events are deferred until final commit
- Real-time progress tracking breaks without intermediate commits

Severity:

CRITICAL: Missing commit for NOTIFY/LISTEN-based real-time features (SSE, WebSocket)
HIGH: Missing commit for triggers that update materialized data

Exception: Single atomic operation with no intermediate observable state → downgrade CRITICAL to MEDIUM. Transaction scope documented as intentional (ADR, architecture comment) → downgrade one level

Recommendation:

Add session.commit() at progress milestones (throttled: every N%, every T seconds)
Or move real-time notifications out of DB triggers (Redis pub/sub, in-process events)

Effort: S-M (add strategic commits or redesign notification path)

2. Transaction Scope Too Wide

What: Single transaction wraps unrelated operations, including slow external calls

Detection:

Find async with session.begin() or explicit transaction blocks
Check if block contains external calls: await httpx., await aiohttp., await requests., await grpc.
Check if block contains file I/O: open(, .read(, .write(
Pattern: DB write + external API call + another DB write in same transaction

Severity:

HIGH: External HTTP/gRPC call inside transaction (holds DB connection during network latency)
MEDIUM: File I/O inside transaction

Recommendation: Split into separate transactions; use Saga/Outbox pattern for cross-service consistency

Effort: M-L (restructure transaction boundaries)

3. Transaction Scope Too Narrow

What: Logically atomic operations split across multiple commits

Detection:

Multiple session.commit() calls for operations that should be atomic
Pattern: create parent entity, commit, create child entities, commit (should be single transaction)
Pattern: update status + create audit log in separate commits

Severity:

HIGH: Parent-child creation in separate commits (orphan risk on failure)
MEDIUM: Related updates in separate commits (inconsistent state on failure)

Recommendation: Wrap related operations in single transaction using async with session.begin() or unit-of-work pattern

Effort: M (restructure commit boundaries)

4. Missing Rollback Handling

What: session.commit() without proper error handling and rollback

Detection:

Find session.commit() not inside try/except block or context manager
Find session.commit() in try without session.rollback() in except
Pattern: bare await session.commit() in service methods
Exception: async with session.begin() auto-rollbacks (safe)

Severity:

MEDIUM: Missing rollback (session left in broken state on failure)
LOW: Missing explicit rollback when using context manager (auto-handled)

Recommendation: Use async with session.begin() (auto-rollback), or add explicit try/except/rollback pattern

Effort: S (wrap in context manager or add error handling)

5. Long-Held Transaction

What: Transaction open during slow/blocking operations

Detection:

Measure scope: count lines between transaction start and commit
Flag if >50 lines of code between begin() and commit()
Flag if transaction contains await calls to external services (network latency)
Flag if transaction contains time.sleep() or asyncio.sleep()

Severity:

HIGH: Transaction held during external API call (connection pool exhaustion risk)
MEDIUM: Transaction spans >50 lines (complex logic, high chance of lock contention)

Recommendation: Minimize transaction scope; prepare data before opening transaction, commit immediately after DB operations

Effort: M (restructure code to minimize transaction window)

6. Event Channel Name Consistency

What: Publisher channel/topic name does not match subscriber channel/topic name

Detection:

Step 1: Collect publisher channel names (extend Phase 2 trigger discovery):
- Migration triggers: extract string argument from pg_notify('channel_name', ...), NOTIFY channel_name
- Application code: Grep for \.publish\(["']|\.emit\(["']|redis.*publish\(["']|\.send_to\(["'] in src/, app/
- Extract: {channel_name, source_file, source_line, technology}
Step 2: Collect subscriber channel names:
- PostgreSQL: Grep for LISTEN\s+(\w+) in application code (not just migrations)
- Redis: Grep for \.subscribe\(["']([^"']+) in ,

Layer 2 Context Analysis (MANDATORY):

If channel name comes from shared config constant or env var (e.g., CHANNEL = os.environ["EVENT_CHANNEL"]) and both publisher and subscriber use same source → NOT a mismatch
If channel uses dynamic suffix pattern (e.g., job_events:{job_id}) and both sides use same template → NOT orphaned
Exclude test files (**/test*/**, **/*.test.*) from both publisher and subscriber discovery

Severity:

CRITICAL: Channel name mismatch (near-miss: publisher sends to job_events, subscriber listens on job_event)
HIGH: Orphaned publisher — events sent but never consumed (data loss risk if events carry state changes)
MEDIUM: Orphaned subscriber — listener registered but no publisher found (dead code or future feature)

Recommendation:

For mismatches: unify channel name to a single constant shared between publisher and subscriber
For orphaned publishers: add subscriber or remove unused NOTIFY/publish
For orphaned subscribers: add publisher or remove dead listener

Effort: S (fix typo/add constant) to M (design missing subscriber/publisher)

Scoring Algorithm

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/references/audit_scoring.md.

Output Format

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/templates/audit_worker_report_template.md.

Write report to {output_dir}/652-transaction-correctness.md with category: "Transaction Correctness" and checks: missing_intermediate_commits, scope_too_wide, scope_too_narrow, missing_rollback, long_held_transaction, event_channel_consistency.

Return summary to coordinator:

Report written: docs/project/.audit/ln-650/{YYYY-MM-DD}/652-transaction-correctness.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

Critical Rules

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Do not auto-fix: Report only
Trigger discovery first: Always scan migrations for triggers/NOTIFY before analyzing transaction patterns
ORM-aware: Check if ORM context manager auto-rollbacks (async with session.begin() is safe)
Exclude test transactions: Do not flag test fixtures with manual commit/rollback
Database-specific: PostgreSQL NOTIFY semantics differ from MySQL event scheduler

Definition of Done

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

contextStore parsed successfully (including output_dir)
scan_path determined
Trigger/NOTIFY infrastructure discovered from migrations
All 6 checks completed:
- missing intermediate commits, scope too wide, scope too narrow, missing rollback, long-held, event channel consistency
Findings collected with severity, location, effort, recommendation
Score calculated using penalty algorithm
Report written to {output_dir}/652-transaction-correctness.md (atomic single Write call)
Summary returned to coordinator

Reference Files

Audit output schema: shared/references/audit_output_schema.md

Version: 1.1.0 Last Updated: 2026-03-15

Weekly Installs

139

Repository

levnikolaevich/…e-skills

GitHub Stars

245

First Seen

Feb 7, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

claude-code129

cursor128

opencode128

codex127

gemini-cli127

github-copilot126

通过 LiteLLM 代理让 Claude Code 对接 GitHub Copilot 运行 | 高级变通方案指南

36,300 周安装

Calculate score using penalty algorithm

Write Report: Build full markdown report in memory per shared/templates/audit_worker_report_template.md, write to {output_dir}/652-transaction-correctness.md in single Write call

Return Summary: Return minimal summary to coordinator (see Output Format)

EventEmitter/WebSocket: Grep for \.on\(["']([^"']+) in handler/listener directories

Extract: {channel_name, source_file, source_line, technology}

Step 3: Cross-reference publishers vs subscribers:

Exact match: publisher.channel_name == subscriber.channel_name → OK
Near-miss: Levenshtein distance <= 2 OR one is substring of the other → flag as MISMATCH
Orphaned publisher: channel exists in publishers but not in subscribers → flag as ORPHAN
Orphaned subscriber: channel exists in subscribers but not in publishers → flag as ORPHAN

数据库事务正确性审计工具 - 检测事务边界、触发器交互与提交模式

🇨🇳中文介绍

事务正确性审计器 (L3 Worker)

目的与范围

输入（来自协调器）

相关 Skills

工作流程

审计规则（优先级：高）

1. 缺少中间提交

2. 事务范围过宽

3. 事务范围过窄

4. 缺少回滚处理

5. 事务持有时间过长

6. 事件通道名称一致性

评分算法

输出格式

关键规则

完成定义

参考文件

🇺🇸English

Transaction Correctness Auditor (L3 Worker)

Purpose & Scope

Inputs (from Coordinator)

Workflow

Audit Rules (Priority: HIGH)

1. Missing Intermediate Commits

2. Transaction Scope Too Wide

3. Transaction Scope Too Narrow

4. Missing Rollback Handling

5. Long-Held Transaction

6. Event Channel Name Consistency

Scoring Algorithm

Output Format

Critical Rules

Definition of Done

Reference Files

最新 Skills