feat: removed secret rotation v1 #6105
Merged
Claude / Claude Code Review
completed
Apr 21, 2026 in 14m 24s
Code review found 3 potential issues
Found 5 candidates, confirmed 3. See review comments for details.
Details
| Severity | Count |
|---|---|
| 🔴 Important | 0 |
| 🟡 Nit | 1 |
| 🟣 Pre-existing | 1 |
| Severity | File:Line | Issue |
|---|---|---|
| 🟡 Nit | backend/src/queue/queue-service.ts:54-59 |
Orphaned secret-rotation BullMQ queue not cleaned up on Redis |
| 🟣 Pre-existing | backend/src/db/migrations/20240102152111_secret-rotation.ts:40-44 |
dropOnUpdateTrigger called after table drop causes rollback failure |
Annotations
Check warning on line 59 in backend/src/queue/queue-service.ts
claude / Claude Code Review
Orphaned secret-rotation BullMQ queue not cleaned up on Redis
When `QueueName.SecretRotation` was removed from the enum, the queue name `'secret-rotation'` was not added to the `staleQueueNames` array in `queue-service.ts` (line 646). Any production deployments that previously had active secret rotation v1 jobs will retain orphaned BullMQ Redis keys (repeatable jobs, delayed jobs, job history) indefinitely. The fix is to add `'secret-rotation'` to the `staleQueueNames` array following the same cleanup pattern already used for `queue-internal-recovery` and
Check notice on line 44 in backend/src/db/migrations/20240102152111_secret-rotation.ts
claude / Claude Code Review
dropOnUpdateTrigger called after table drop causes rollback failure
The `down()` function in `20240102152111_secret-rotation.ts` calls `dropTableIfExists(DeprecatedSecretRotationV1)` before `dropOnUpdateTrigger(DeprecatedSecretRotationV1)`; PostgreSQL's `DROP TRIGGER IF EXISTS ... ON <table>` errors with *relation does not exist* when the table has already been removed, since `IF EXISTS` only suppresses a missing-trigger error, not a missing-table error. This is a pre-existing ordering bug that predates the PR — the same sequence was present with the old `Secret
Loading