Skip to content

Bug audit catalog: 165 entries across Qt client + WGS DB#15

Open
wgs4 wants to merge 2 commits into
masterfrom
audit/bug-log
Open

Bug audit catalog: 165 entries across Qt client + WGS DB#15
wgs4 wants to merge 2 commits into
masterfrom
audit/bug-log

Conversation

@wgs4

@wgs4 wgs4 commented Apr 14, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Owner

Summary

Adds a structured static-audit catalog of defects across the Qt client and the WGS PostgreSQL database, along with a self-contained local HTML viewer for triage.

  • software-bug-audit-log.json — 165 audit entries with full schema (id, priority, confidence, location, excerpt, description, reproduction, impact, suggested fix, tags)
  • software-bug-audit-log.html — single-file interactive viewer (vanilla JS, no external deps). Open with open software-bug-audit-log.html.

No product source code was modified.

Scope

  • Qt client: guiclient/, common/, widgets/, scriptapi/ (excluding openrpt/, csvimp/, hunspell/ submodules)
  • Database: public.* and wgs.* functions + triggers on coitem, cohead, gltrans, invhist, item, poitem

Method

Two passes:

  • Pass 1 (89 entries) — pattern scan: unchecked .exec(), stored-proc return codes ignored, bare EXCEPTION WHEN OTHERS, TODO/FIXME clusters, duplicate connects on populate methods.
  • Pass 2 continuation (76 entries) — focused module review of:
    • Display windows on money paths (dspGLTransactions, dspJournals, dspWoSchedule, dspRunningAvailability, dspInventoryAvailability)
    • Credit-card processors (cybersourceprocessor, verisignprocessor, authorizedotnetprocessor, paymentechprocessor)
    • CRM forms (incident.cpp, opportunity.cpp, contact.cpp, crmaccount.cpp)
    • Purchasing + error-handling core (purchaseOrder.cpp, purchaseOrderItem.cpp, enterPoReceipt.cpp, poitemTableView.cpp, common/errorReporter.cpp)
    • plpgsql functions: financialreport, explodewo, shipshipment, issuetoshipping, voidpostedcheck, voidapopenvoucher, convertquotetoinvoice, convertprospecttocustomer, merge2crmaccts, resetdbobjperms, changefkeypointers, copyfinancialgroup, deletepackage, calculatetaxdetailsummary, calcshipfreight, createpurchasetosale, returnshipmenttransaction
    • 10 of the 37 wgs.* functions, including the _temp-table race in wgs.determine_shipto_id and duplicate variants (pull_emails*, clean_shipcomments*)
    • Trigger-ordering analysis on coitem BEFORE chain

Distribution

Priority Count
P0 1
P1 31
P2 70
P3 63
Confidence Count
confirmed 89
likely 58
suspected 18

Notable findings

  • BUG-0141 (public.shipshipment) — writes coitem_qtyshipped with no cap against coitem_qtyord. 148 live rows where qtyshipped > qtyord. P1, confirmed via live data.
  • BUG-0140 (public.merge2crmaccts) — purge branch compares WHERE crmacct = pSourceId (whole-row reference to the table name) instead of crmacct_id. Source account never deleted on merge. P1, confirmed.
  • BUG-0151 (public.determine_shipto_id / wgs.*_temp) — *_temp are permanent tables, not session-local, so concurrent callers race and corrupt each other. P1.
  • BUG-0149 (public.explodewo) — phantom-BOM WHILE EXISTS has no cycle guard / depth counter → infinite loop on cyclic phantoms.
  • BUG-0158 (public.enterPoReceipt-calling postReceipt) — inverted logic treats -11 (valid 'no inventory' return) as an error contrary to the inline comment.
  • BUG-0101 (guiclient/verisignprocessor.cpp) — 38-line stub still selectable as a CC processor.

How to review

  1. Open software-bug-audit-log.html in a browser for triage (filter by priority / module / category / confidence; click a row to expand).
  2. software-bug-audit-log.json is the authoritative source if you want to grep/jq.

Not in scope

  • Running the Qt client at runtime.
  • Fixing any of the reported bugs — this PR is audit-only.
  • Exhaustive review of all 37 wgs.* functions or every api.* view.
  • Merging this PR — intended for human review only.

Test plan

  • python3 -m json.tool software-bug-audit-log.json — valid JSON
  • Every entry has all 17 required schema fields
  • Every entry has a unique ID in range BUG-0001..BUG-0165
  • Priority ∈ {P0, P1, P2, P3}; confidence ∈ {confirmed, likely, suspected}
  • HTML viewer parses the embedded JSON on load and filter/sort/search work
  • Human reviewer opens HTML locally and confirms UX

Note

Low Risk
Adds only static audit artifacts (JSON + standalone HTML viewer) with no runtime/product code changes, so risk is limited to repo size and data exposure in the published catalog.

Overview
Adds a structured bug-audit catalog (software-bug-audit-log.json) containing 165 entries spanning the Qt client and PostgreSQL/WGS database, including metadata/count breakdowns and per-bug details (location, reproduction, impact, suggested fix, tags).

Includes a self-contained, dependency-free HTML viewer (software-bug-audit-log.html) that embeds the JSON and provides local search/filter/sort and expandable detail panes for triage.

Reviewed by Cursor Bugbot for commit f6be53a. Bugbot is set up for automated code reviews on this repo. Configure here.

wgs4 and others added 2 commits April 14, 2026 16:04
@wgs4 @claude
Add bug-audit catalog + HTML viewer (165 entries across Qt client + W…
726db98 
…GS DB)

software-bug-audit-log.json contains a structured catalog of defects found
during a two-pass static + pattern-based audit of the Qt client
(guiclient/, common/, widgets/, scriptapi/) and the WGS PostgreSQL
database (public.* and wgs.* functions, plus a coitem trigger-ordering
pass).

Methodology:
  - Pass 1: grep-driven pattern scan for unchecked .exec(), ignored
    stored-proc return codes, EXCEPTION WHEN OTHERS, and known TODOs
    (89 entries).
  - Pass 2 continuation: focused module review of GL / inventory
    displays, credit-card processors, CRM forms, purchaseOrder family,
    errorReporter.cpp, and targeted plpgsql function audits including
    financialreport, explodewo, shipshipment, voidpostedcheck,
    convertquotetoinvoice, merge2crmaccts, plus 10 wgs.* functions
    and a trigger-ordering analysis on coitem (76 more entries).

Priority distribution: P0: 1, P1: 31, P2: 70, P3: 63
Confidence distribution: confirmed: 89, likely: 58, suspected: 18

software-bug-audit-log.html is a self-contained single-file viewer
(no external deps, vanilla JS) with filter/search/sort and expandable
detail panels. Open locally with `open software-bug-audit-log.html`.

No source code modified.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wgs4 @claude
Add side field (client/database/both) to all bug entries
f6be53a 
Every bug now tags whether the fix lands in the Qt client, the Postgres
DB, or both. Mapping: location.type=qt_code -> client; db_function /
db_trigger / db_view / db_table -> database. BUG-0092
(dspRunningAvailability::sDeleteOrder) is the sole "both" — its
suggested fix requires changing the deletePlannedOrder DB signature
AND uncommenting the client-side check.

Distribution: client 71, database 93, both 1 (total 165).

HTML viewer gains a sortable Side column, a Side filter dropdown, a
header chip summary, and the field in the detail panel.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wgs4