9fd5539dc1
- plugins: update installed_plugins, known_marketplaces, install-counts-cache, blocklist; add agent-toolkit and cal-claude-plugins marketplaces - settings.json: significant config changes (129 insertions, -129 deletions net) - CLAUDE.md: minor update - skills: remove json-pretty and save-doc (archived to _archive/save-doc) - sessions: remove 2 old sessions, add 4 new sessions - add command-permissions.json, permission-audit.jsonl, tmp/permissions-audit.md
1.3 KiB
1.3 KiB
| title | description | type | domain | tags | ||||
|---|---|---|---|---|---|---|---|---|
| Fix: Scout Token Purchase Not Deducting Currency | Scout token buy flow silently failed to deduct 200₼ due to using db_patch instead of the dedicated money endpoint. | troubleshooting | development |
|
Fix: Scout Token Purchase Not Deducting Currency
Date: 2026-03-15 PR: #90 Severity: High — players getting free tokens
Problem
The /buy scout-token command completed successfully but didn't deduct the 200₼ cost. Players could buy unlimited tokens.
Root Cause
The buy handler used db_patch('/players/{id}', {'scout_tokens': new_count}) to increment tokens, but this endpoint doesn't trigger the money deduction side-effect. The dedicated /players/{id}/money endpoint handles balance validation and atomic deduction.
Fix
Replaced the db_patch call with a two-step flow:
POST /players/{id}/moneywith{"amount": -200, "reason": "scout_token_purchase"}- Only increment
scout_tokensif the money call succeeds
Lessons
- Always use dedicated money endpoints for currency operations — never raw patches
- The
db_patchhelper bypasses business logic by design (it's for admin corrections) - Added integration test covering the full buy→deduct→verify flow