Case Study

A Lo Cubano Boulder Fest

A production ticketing platform serving a live Latin dance event — and the three critical bugs I found and fixed in the weeks before May 15 go-live: an analytics undercount, a QR validation race condition, and a silent data corruption in checkout.

7
PRs shipped concurrently
17/17
CI checks green
3
Production data bugs fixed
May 15
Go-live with verified data

Context

A Lo Cubano Boulder Fest is a Latin dance festival I built from scratch — full ticketing, payment processing, QR-code check-in, and an admin analytics dashboard. The stack is Node.js, Vercel, Stripe, and Turso (LibSQL edge database).

Three weeks before the May 15 event, a systematic audit of the analytics dashboard surfaced four distinct data correctness bugs. Each was independent in cause but convergent in effect: every revenue and attendance figure shown to the event organizer was wrong.

The Bugs

Bug 1 — Donation analytics undercount

The admin dashboard /api/admin/dashboard stats query omitted manual_entry donation rows from its transaction_stats CTE. Pure-donation transactions — those not tied to a ticket purchase — were invisible on the dashboard. The fix: two PRs (#464, #467) — the first surfacing donations in the top-level stats, the second fixing the CTE to include the manual_entry payment method in the revenue aggregation.

Bug 2 — QR validation atomicity failure

QR code scan processing updated three tables: tickets, scan_logs, and qr_validations. None of these writes were wrapped in a transaction. A crash between any two writes left the database in a partial state — a ticket could be marked used in scan_logs but not in tickets, allowing double-entry at the door. PR #465 wrapped the full scan sequence in a LibSQL transaction with rollback on any failure.

Bug 3 — Silent null attendee corruption

The checkout API accepted attendee payloads with missing firstName / lastName fields, silently storing null in the database. These records surfaced as unnamed attendees on the check-in dashboard, requiring manual lookup by ticket number at the door. PR #466 added explicit boundary validation rejecting partial attendee payloads before they reach the database.

Bug 4 — Comp ticket revenue inflation

getEventStatistics() in the analytics service computed average revenue per attendee by including comp (complimentary) tickets in the denominator while summing their $0 value — deflating the per-attendee revenue figure. PR #469 excluded comp tickets from the revenue aggregation so that statistics reflect paying attendees only.

Execution Approach

Each bug was independent — no shared root cause, no fix that would solve two at once. The right approach was parallel: 7 targeted PRs, each fixing one specific behavior, each with its own test. This minimized merge conflict risk and let CI verify each fix in isolation before any hit production.

Quantified Results

7 PRs, all CI green

17 required checks passed across all 7 PRs — zero rollbacks, zero hotfixes needed after merge.

Database integrity restored

QR scan writes wrapped in a transaction for the first time. Double-entry at check-in physically impossible after PR #465.

Accurate financial reporting

All four revenue/attendance aggregation bugs fixed before D presented event financials to the nonprofit. No manual correction needed.

May 15 go-live with confidence

Event-day monitoring runbook documented failure modes and recovery steps. Organizer had a single source of truth for attendee counts and revenue.

Tech Stack

Node.jsVercelTurso (LibSQL)StripeBrevoGitHub ActionsVitestPlaywright

Lessons

← Back to Projects