Bug
The ratings table stores rater_address as TEXT with no CHECK constraint enforcing lowercase hex format. The API does .toLowerCase() before insert, but direct DB access or future APIs could insert mixed-case addresses, breaking the UNIQUE constraint dedup.
Impact: Low — only affects data integrity if writes bypass the API. Defense-in-depth concern.
Fix:
- Add a CHECK constraint:
CHECK (rater_address = lower(rater_address))
- Apply via new migration
00006_ratings_address_check.sql
Context: Introduced in PR #83.
Checklist:
Labels: bug, agent/T3
Bug
The
ratingstable storesrater_addressasTEXTwith no CHECK constraint enforcing lowercase hex format. The API does.toLowerCase()before insert, but direct DB access or future APIs could insert mixed-case addresses, breaking the UNIQUE constraint dedup.Impact: Low — only affects data integrity if writes bypass the API. Defense-in-depth concern.
Fix:
CHECK (rater_address = lower(rater_address))00006_ratings_address_check.sqlContext: Introduced in PR #83.
Checklist:
rater_addressnpm run lintandnpm run typecheckpassLabels:
bug,agent/T3