typescript.idempotency_key

Correctness High

Detects non-idempotent operations without idempotency keys for safe retries.

Why It Matters

Missing idempotency keys:

• Duplicate processing — Retries create duplicate records
• Data corruption — Multiple charges, orders
• Inconsistent state — Lost updates on retry

Example

// ❌ Before (no idempotency key)
app.post('/payments', async (req, res) => {
  const payment = await createPayment(req.body);
  res.json(payment);
});

// ✅ After (with idempotency key)
app.post('/payments', async (req, res) => {
  const idempotencyKey = req.headers['idempotency-key'];

  if (!idempotencyKey) {
    return res.status(400).json({ error: 'Idempotency-Key header required' });
  }

  // Check for existing payment
  const existing = await db.findPaymentByIdempotencyKey(idempotencyKey);
  if (existing) {
    return res.json(existing);
  }

  const payment = await createPayment({ ...req.body, idempotencyKey });
  res.json(payment);
});

What Unfault Detects

• POST handlers without idempotency header check
• Payment/order creation without dedup key
• Mutation operations without idempotency

Related Rules

• go.idempotency_key
• rust.idempotency_key