1f2dccb047
https://sonarly.com/issue/28633?type=bug A TOCTOU (Time-of-Check-Time-of-Use) race condition in `ensureSdkLayer()` causes `CreateFunctionCommand` to fail with `InvalidParameterValueException: Layer version not found`. Two concurrent logic function builds within the same application share a single SDK layer but hold independent per-function locks. One process can delete all versions of the shared SDK layer (via `deleteAllLayerVersions()`) in the window between another process's `ListLayerVersions` call and its `CreateFunctionCommand` call, invalidating the ARN the second process obtained. Fix: Two changes to `lambda.driver.ts` to fix the SDK layer TOCTOU race condition: 1. **Distributed lock on SDK layer name in `ensureSdkLayer()`**: Wrapped the destructive path (download SDK archive, reprefix, publish new layer version, delete old versions, mark fresh) in `cacheLockService.withLock()` keyed on `sdk-layer-build:${layerName}`. This serializes concurrent rebuild attempts across different logic functions that share the same application SDK layer. The lock uses the same TTL (120s), retry interval (500ms), and max retries (240) as the existing per-function build lock, matching team conventions. 2. **Publish-before-delete with version exclusion in `deleteAllLayerVersions()`**: Reordered `ensureSdkLayer()` to call `publishLayer()` BEFORE `deleteAllLayerVersions()`, and added an optional `excludeVersionArn` parameter to `deleteAllLayerVersions()` that skips the just-published version during cleanup. This ensures that concurrent fast-path readers (processes where `isSdkLayerStale=false`) still hold a valid layer ARN while the new version is being created. The old ARN remains valid throughout the publish window (~seconds of download+zip+upload), while the fast-path usage window is ~milliseconds. Together, these changes eliminate the race where Process A obtains a layer ARN via `getExistingLayerArn()` that Process B deletes via `deleteAllLayerVersions()` before Process A can use it in `CreateFunctionCommand`. |
||
|---|---|---|
| .claude-pr | ||
| .cursor | ||
| .github | ||
| .vscode | ||
| .yarn | ||
| packages | ||
| .dockerignore | ||
| .gitattributes | ||
| .gitignore | ||
| .mcp.json | ||
| .nvmrc | ||
| .yarnrc.yml | ||
| CLAUDE.md | ||
| jest.preset.js | ||
| LICENSE | ||
| nx.json | ||
| package.json | ||
| README.md | ||
| tsconfig.base.json | ||
| yarn.config.cjs | ||
| yarn.lock | ||
The #1 Open-Source CRM
🌐 Website · 📚 Documentation · 
Roadmap · 
Discord · 
Figma
Installation
See: 🚀 Self-hosting 🖥️ Local Setup
Why Twenty
We built Twenty for three reasons:
CRMs are too expensive, and users are trapped. Companies use locked-in customer data to hike prices. It shouldn't be that way.
A fresh start is required to build a better experience. We can learn from past mistakes and craft a cohesive experience inspired by new UX patterns from tools like Notion, Airtable or Linear.
We believe in open-source and community. Hundreds of developers are already building Twenty together. Once we have plugin capabilities, a whole ecosystem will grow around it.
What You Can Do With Twenty
Please feel free to flag any specific needs you have by creating an issue.
Below are a few features we have implemented to date:
- Personalize layouts with filters, sort, group by, kanban and table views
- Customize your objects and fields
- Create and manage permissions with custom roles
- Automate workflow with triggers and actions
- Emails, calendar events, files, and more
Personalize layouts with filters, sort, group by, kanban and table views
Customize your objects and fields
Create and manage permissions with custom roles
Automate workflow with triggers and actions
Emails, calendar events, files, and more
Stack
- TypeScript
- Nx
- NestJS, with BullMQ, PostgreSQL, Redis
- React, with Jotai, Linaria and Lingui
Thanks
Thanks to these amazing services that we use and recommend for UI testing (Chromatic), code review (Greptile), catching bugs (Sentry) and translating (Crowdin).
Join the Community
- Star the repo
- Subscribe to releases (watch -> custom -> releases)
- Follow us on Twitter or LinkedIn
- Join our Discord
- Improve translations on Crowdin
- Contributions are, of course, most welcome!