Affiliate balance'ım anonymized oldu — 12 ay yerine 360 gün, dormancy calendar bug (PR #635 III F2)

Sivas Merkez de 38 yaslarinda TikTok @yusufeats 28k takipci dijital pazarlamaci Yusuf, thMenu affiliate program 2023 yazindan beri (~€38-55/ay komisyon). 2025 Mayis tan sonra Guneydogu Asya 3-aylik seyahat. Mayis ortasinda Sivas a dondu, dashboard a login etmek istedi. Account "Anonymized Affiliate AT-X-9NF". Balance $0. Statement: 2026-05-12 dormancy_forfeit $47.20 platform revenue. Yusuf un son commission 2025-06-19 — 327 gun. ToS Section 8.3: "12 months no commissions AND balance < $50 → forfeit + anonymize." 12 calendar months = 365.25 gun average, **38 gun erken anonymize**. Yusuf support a yazamadi cunku TCKN + IBAN anonymized + identity check fail. Twitter: "@thmenu_tr 12 ay yerine erken anonymize ettiniz, hesabimi geri istiyorum." Social team 2 saat DM + escalate. Engineering wrong theories busted: (1) Manual admin operation? Audit log temiz, record source aff-dormancy cron 03:00 UTC slot automatic; (2) last_commission_at timestamp wrong? Dogru. (3) **Right theory**: cron 12-month math yanlis. cloudflare/src/cron-jobs/affiliate.ts:891 `const cutoff = now - 12 * 30 * 24 * 60 * 60 * 1000;` — 12 * 30 = 360 gun. 12 calendar months ≠ 360 gun (average calendar month 30.44 gun, 12 ay = 365.25 gun leap year averaged). Cron 5-6 gun erken anonymize ediyor. **Why this matters**: (1) ToS contract breach; (2) anonymize + balance forfeit geri alinamaz default; (3) forfeited balance platform revenue olur ($47 kucuk ama "stolen with calendar bug" PR riski); (4) cumulative effect — platform-wide audit 23 affiliate son 6 ay erken anonymize, toplam $890 forfeit. **PR #635 batch III F2** fix tek satir + sanity check: `const cutoffDate = new Date(now); cutoffDate.setUTCMonth(cutoffDate.getUTCMonth() - 12); const cutoff = cutoffDate.getTime();` — JS Date API calendar-month arithmetic + leap year/DST/ay uzunluk variation handle eder. Defense-in-depth pre-anonymize sanity check: monthsSinceLastCommission < 12 → [BEACON:dormancy_anonymize_skipped] warn + skip. **Restore process** Yusuf: (1) identity verification multi-signal (email + last commission + last login IP + Stripe customer_id); (2) anonymize reversal — PR #524 EXT-P1 GG ile beri anonymize soft yapilir, encryption-vault tombstone tablosunda 90 gun tutulur, eski full_name + iban_encrypted + tax_id_encrypted geri yuklenir; (3) balance restore $47.20 reversed_anonymize_dormancy_forfeit operation; (4) apology + 3-ay ucretsiz Pro tier. 23 affected affiliate batch reversal 5 gun, identity verification manuel. 22/23 affiliate restored, 1 ulasilamadi (90-day tombstone closed, proactive $50 + 6-month Pro offer flagged). Yusuf Twitter follow-up: "thMenu calendar bug kabul etti + shipped + Pro tier gift" 8k impression. Pattern: **multi-month time windows (forfeiture, retention, expiry, grace period) icin days-based arithmetic (N * 30 * 24 * 60 * 60 * 1000) yanlis sonuc verir. setUTCMonth() / setUTCFullYear() ile calendar-accurate UTC arithmetic kullan. Leap years + DST + ay uzunluk variation handle edilir.** Implementation checklist: (1) grep "\* 30 \*\|\* 365 \*" monorepo-wide; (2) setUTCMonth/setUTCFullYear replacement; (3) days-in-month variation handle (Feb 29 leap edge); (4) pre-action sanity check + threshold cross-check; (5) structured BEACON log marker audit trail; (6) ToS-language match audit legal team; (7) quarterly false-positive sweep (anonymized_at - last_commission_at diff list). Lukas Vienna Neubau version: @lukas.foodtech 41k followers 3-aylik Balkans road trip sonrasi ayni flow + ToS contract breach kabul.

İlgili makaleler