SCRUM-1 Demo Base Kit

[vlussenburg]

✨ PR Description

Purpose: Add order history tracking and storage with database persistence across microservices to enable order retrieval and improve user experience.
Main changes:

• Added database storage and order history retrieval endpoint in OrderController
• Implemented order persistence in billing service with timestamps
• Added frontend UI improvements with order history display functionality
• Integrated Swagger documentation for API endpoints

Generated by LinearB AI and added by gitStream.
_{AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Description using Guidelines Learn how}

[orca-security-us]

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Infrastructure as Code	0   0   0   0	View in Orca
Failed	SAST	1   5   0   0	View in Orca
Passed	Secrets	0   0   0   0	View in Orca
Passed	Vulnerabilities	0   0   0   0	View in Orca

🛡️ The following SAST misconfigurations have been detected

	NAME	FILE
	User-controlled URLs may allow Server-Side Request Forgery (SSRF) attacks	frontend/server.js	View in code
	Sensitive Information Exposure via Stack Trace in Error Messages	...OrderController.java	View in code
	Sensitive Information Exposure via Stack Trace in Error Messages	...OrderController.java	View in code
	Sensitive Information Exposure via Stack Trace in Error Messages	...OrderController.java	View in code
	Sensitive Information Exposure via Stack Trace in Error Messages	...OrderController.java	View in code
	Sensitive Information Exposure via Stack Trace in Error Messages	...OrderController.java	View in code

[gitstream-cm]

✨ PR Review

The PR adds database persistence and order history features, but introduces critical data consistency and concurrency issues that must be resolved before merging.

3 issues detected:

🐞 Bug - Billing completes successfully but subsequent database failure leaves system in inconsistent state with no rollback mechanism.

Details: After billing succeeds, the order is saved to the database. If the database insert fails, the user is charged but no order record exists. This creates financial inconsistency where money is taken but the order is lost.
File: services/orders-java/src/main/java/com/example/orders/controller/OrderController.java

🐞 Bug - Concurrent file access without synchronization causes lost updates when multiple threads modify the same user's billing queue file.

Details: Multiple concurrent charge requests for the same username will cause data loss. The read-modify-write sequence (read file, deserialize, add item, serialize, write file) is not atomic. Concurrent requests can overwrite each other's changes.
File: services/billing-csharp/Controllers/BillingController.cs

🚀 Performance - Table scan on unindexed username column will cause O(n) query performance that degrades as order count increases.

Details: The orders table is created without an index on the username column, but the getOrderHistory endpoint queries by username. As order volume grows, this query will become increasingly slow, causing poor user experience and potential timeout issues.
File: services/orders-java/src/main/java/com/example/orders/controller/OrderController.java

Generated by LinearB AI and added by gitStream.
_{AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Review using Guidelines Learn how}