From e469b2b6a6ecc24eee6a64e9a6725d48d76c996c Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Thu, 14 May 2026 22:39:16 +0200
Subject: [PATCH] fix(P1): GDPR export + Redis eviction policy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

F3: BullMQ 5.x rejects custom job IDs containing `:` (collides with internal
Redis-key namespacing). GDPR export crashed with "Custom Id cannot contain :".
Switched to dash separator. GDPR Article 15 right-to-access now functional.

F4: Redis was configured with `allkeys-lru` eviction in both docker-compose.yml
and docker-compose.prod.yml. BullMQ explicitly requires `noeviction` —
otherwise queue keys can be evicted under memory pressure and jobs vanish
silently. Switched to noeviction with comment pointing at the audit finding.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 docker-compose.prod.yml                 | 4 +++-
 docker-compose.yml                      | 4 +++-
 src/lib/services/gdpr-export.service.ts | 4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index accbf34a..8528f650 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -32,7 +32,9 @@ services:
 
   redis:
     image: redis:7-alpine
-    command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 256mb --maxmemory-policy allkeys-lru
+    # BullMQ requires `noeviction` — under memory pressure, allkeys-lru
+    # silently drops queue keys and jobs disappear. See post-audit fix F4.
+    command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 256mb --maxmemory-policy noeviction
     volumes:
       - redisdata:/data
     healthcheck:
diff --git a/docker-compose.yml b/docker-compose.yml
index e96da941..9e894454 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -18,7 +18,9 @@ services:
 
   redis:
     image: redis:7-alpine
-    command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 256mb --maxmemory-policy allkeys-lru
+    # BullMQ requires `noeviction` — under memory pressure, allkeys-lru
+    # silently drops queue keys and jobs disappear. See post-audit fix F4.
+    command: redis-server --requirepass ${REDIS_PASSWORD} --maxmemory 256mb --maxmemory-policy noeviction
     volumes:
       - redisdata:/data
     healthcheck:
diff --git a/src/lib/services/gdpr-export.service.ts b/src/lib/services/gdpr-export.service.ts
index 579ad0f1..c7f7b690 100644
--- a/src/lib/services/gdpr-export.service.ts
+++ b/src/lib/services/gdpr-export.service.ts
@@ -110,7 +110,9 @@ export async function requestGdprExport(input: RequestExportInput): Promise<Requ
       emailToClient: input.emailToClient,
       emailOverride: input.emailOverride ?? null,
     },
-    { jobId: `gdpr-export:${row.id}` },
+    // BullMQ 5.x rejects custom job IDs containing ':' (Redis-key collision).
+    // Dash-separator keeps the namespace + the UUID round-trip unambiguous.
+    { jobId: `gdpr-export-${row.id}` },
   );
 
   return { export: row };