Summary
Accounts created through OAuth onboarding can bypass the invariant that users should always possess at least one card.
This creates inconsistent account state compared to accounts created through standard onboarding flows.
Affected Files
- auth.ts
- cards.ts
- onboarding.ts
Root Cause
OAuth onboarding and standard onboarding follow different account initialization paths.
The OAuth flow can complete without creating a default card or enforcing the invariant expected elsewhere in the application.
Reproduction
- Create a new account using OAuth.
- Inspect associated card records.
- Compare against accounts created through the normal onboarding flow.
- Observe missing default-card state.
Expected Behavior
All account creation paths should enforce identical card invariants.
Actual Behavior
OAuth-created accounts can exist without a card.
Why This Is Difficult To Detect
Most testing validates authentication rather than post-onboarding invariants.
Production Impact
- Broken assumptions
- Missing profile content
- Downstream failures
- Inconsistent account state
Suggested Fix
Enforce card initialization consistently across all account creation paths.
Severity
High
Summary
Accounts created through OAuth onboarding can bypass the invariant that users should always possess at least one card.
This creates inconsistent account state compared to accounts created through standard onboarding flows.
Affected Files
Root Cause
OAuth onboarding and standard onboarding follow different account initialization paths.
The OAuth flow can complete without creating a default card or enforcing the invariant expected elsewhere in the application.
Reproduction
Expected Behavior
All account creation paths should enforce identical card invariants.
Actual Behavior
OAuth-created accounts can exist without a card.
Why This Is Difficult To Detect
Most testing validates authentication rather than post-onboarding invariants.
Production Impact
Suggested Fix
Enforce card initialization consistently across all account creation paths.
Severity
High