Concurrency & Race Condition Audit

Verify that the system behaves correctly when multiple operations happen simultaneously. Race conditions are among the hardest bugs to detect in testing and the most damaging in production. They cause data corruption, duplicate records, lost updates, and security breaches.

## Key Points

1. Navigate to a page with a "Generate" or "Submit" button.
2. Click the button twice in rapid succession (< 200ms apart).
3. Alternatively, use the API to send two identical POST requests simultaneously:
4. Inspect results.
- [ ] Only one job/record is created.
- [ ] Second request receives: already-in-progress response, or same job ID.
- [ ] UI button is disabled after first click (optimistic guard).
- [ ] No duplicate entries in any table.
1. Open a resource (project, document, settings) in Tab A.
2. Open the same resource in Tab B.
3. In Tab A, change field X and save.
4. In Tab B (still showing old data), change field Y and save.

## Quick Example

```bash
curl -X POST /api/generate -d '{"project_id": "123"}' &
   curl -X POST /api/generate -d '{"project_id": "123"}' &
   wait
```

```
[ ] UI: Button disabled on click, re-enabled on response/timeout
[ ] API: Idempotency key required on create endpoints
[ ] API: Mutex check before job creation (SELECT FOR UPDATE or equivalent)
[ ] DB: Unique constraint on (entity_id, operation_type, status='active')
```