Case Study

A Lo Cubano Boulder Fest

A production ticketing platform serving a live Latin dance event — and the three critical bugs I found and fixed in the weeks before May 15 go-live: an analytics undercount, a QR validation race condition, and a silent data corruption in checkout.

7
PRs shipped concurrently
17/17
CI checks green
3
Production data bugs fixed
May 15
Go-live with verified data

Context

A Lo Cubano Boulder Fest is a Latin dance festival I built from scratch — full ticketing, payment processing, QR-code check-in, and an admin analytics dashboard. The stack is Node.js, Vercel, Stripe, and Turso (LibSQL edge database).

Three weeks before the May 15 event, a systematic audit of the analytics dashboard surfaced four distinct data correctness bugs. Each was independent in cause but convergent in effect: every revenue and attendance figure shown to the event organizer was wrong.

The Bugs

Bug 1 — Donation analytics undercount

The admin dashboard /api/admin/dashboard stats query omitted manual_entry donation rows from its transaction_stats CTE. Pure-donation transactions were invisible on the dashboard. The fix: two PRs surfacing donations in the top-level stats and including the payment method in revenue aggregation.

Bug 2 — QR validation atomicity failure

QR code scan processing updated three tables: tickets, scan_logs, and qr_validations— none wrapped in a transaction. A crash between writes left partial state, allowing double-entry at the door. The fix wrapped the full scan sequence in a LibSQL transaction with rollback on any failure.

Bug 3 — Silent null attendee corruption

The checkout API accepted attendee payloads with missing firstName / lastName fields, silently storing null in the database. These surfaced as unnamed attendees at check-in. Explicit boundary validation at the API layer — before any write — closed the gap.

Bug 4 — Comp ticket revenue inflation

getEventStatistics() included complimentary (free) tickets in the revenue-per-attendee denominator, deflating the figure. The fix excluded comp tickets from revenue aggregation so statistics reflect paying attendees only.

Execution Approach

Each bug was independent — no shared root cause. The right approach was parallel: 7 targeted PRs, each fixing one specific behavior with its own test. This minimized merge conflict risk and let CI verify each fix in isolation.

Quantified Results

7 PRs, all CI green

17 required checks passed across all 7 PRs — zero rollbacks, zero hotfixes after merge.

Database integrity restored

QR scan writes wrapped in a transaction for the first time. Double-entry at check-in physically impossible.

Accurate financial reporting

All four revenue/attendance aggregation bugs fixed before D presented event financials to the nonprofit.

May 15 go-live

Event-day monitoring runbook documented failure modes. Organizer had a single source of truth for attendee counts and revenue.

Tech Stack

Node.jsVercelTurso (LibSQL)StripeBrevoGitHub ActionsVitestPlaywright

Lessons

← All Case StudiesNext: Salsa Con Flow Dance →