fix(storage): add reconnectMu RLock protection to prevent race condition (#1054)

Add missing reconnectMu.RLock() protection to storage methods that were
vulnerable to the same race condition fixed in GH#607. The FreshnessChecker
can trigger reconnect() which closes s.db while queries are in flight,
causing "database is closed" errors during daemon export operations.

Protected methods:
- labels.go: GetLabelsForIssues (GetLabels intentionally unprotected - called from GetIssue which holds lock)
- comments.go: GetIssueComments, GetCommentsForIssues
- dependencies.go: GetDependencyCounts, GetDependencyRecords, GetAllDependencyRecords, GetDependencyTree, loadDependencyGraph
- config.go: SetConfig, GetConfig, GetAllConfig, DeleteConfig, SetMetadata, GetMetadata
- dirty.go: MarkIssueDirty, GetDirtyIssues, GetDirtyIssueHash, GetDirtyIssueCount
- events.go: GetEvents, GetStatistics, GetMoleculeProgress
- hash.go: All hash methods
- hash_ids.go: GetNextChildID, ensureChildCounterUpdated (getNextChildNumber unprotected - called internally)

Internal helpers called from already-locked contexts intentionally omit
RLock to avoid deadlock (Go's RWMutex doesn't support recursive locking).

Fixes: bd-vx7fp

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Executed-By: beads/crew/dave
Rig: beads
Role: crew

internal/storage/sqlite/comments.go

@@ -102,6 +102,11 @@ func (s *SQLiteStorage) ImportIssueComment(ctx context.Context, issueID, author,
 
 // GetIssueComments retrieves all comments for an issue
 func (s *SQLiteStorage) GetIssueComments(ctx context.Context, issueID string) ([]*types.Comment, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	rows, err := s.db.QueryContext(ctx, `
 		SELECT id, issue_id, author, text, created_at
 		FROM comments
@@ -137,6 +142,11 @@ func (s *SQLiteStorage) GetCommentsForIssues(ctx context.Context, issueIDs []str
 		return make(map[string][]*types.Comment), nil
 	}
 
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	// Build placeholders for IN clause
 	placeholders := make([]interface{}, len(issueIDs))
 	for i, id := range issueIDs {

internal/storage/sqlite/config.go

@@ -8,6 +8,11 @@ import (
 
 // SetConfig sets a configuration value
 func (s *SQLiteStorage) SetConfig(ctx context.Context, key, value string) error {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	_, err := s.db.ExecContext(ctx, `
 		INSERT INTO config (key, value) VALUES (?, ?)
 		ON CONFLICT (key) DO UPDATE SET value = excluded.value
@@ -17,6 +22,11 @@ func (s *SQLiteStorage) SetConfig(ctx context.Context, key, value string) error
 
 // GetConfig gets a configuration value
 func (s *SQLiteStorage) GetConfig(ctx context.Context, key string) (string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	var value string
 	err := s.db.QueryRowContext(ctx, `SELECT value FROM config WHERE key = ?`, key).Scan(&value)
 	if err == sql.ErrNoRows {
@@ -27,6 +37,11 @@ func (s *SQLiteStorage) GetConfig(ctx context.Context, key string) (string, erro
 
 // GetAllConfig gets all configuration key-value pairs
 func (s *SQLiteStorage) GetAllConfig(ctx context.Context) (map[string]string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	rows, err := s.db.QueryContext(ctx, `SELECT key, value FROM config ORDER BY key`)
 	if err != nil {
 		return nil, wrapDBError("query all config", err)
@@ -46,6 +61,11 @@ func (s *SQLiteStorage) GetAllConfig(ctx context.Context) (map[string]string, er
 
 // DeleteConfig deletes a configuration value
 func (s *SQLiteStorage) DeleteConfig(ctx context.Context, key string) error {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	_, err := s.db.ExecContext(ctx, `DELETE FROM config WHERE key = ?`, key)
 	return wrapDBError("delete config", err)
 }
@@ -78,6 +98,11 @@ func (s *SQLiteStorage) GetOrphanHandling(ctx context.Context) OrphanHandling {
 
 // SetMetadata sets a metadata value (for internal state like import hashes)
 func (s *SQLiteStorage) SetMetadata(ctx context.Context, key, value string) error {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	_, err := s.db.ExecContext(ctx, `
 		INSERT INTO metadata (key, value) VALUES (?, ?)
 		ON CONFLICT (key) DO UPDATE SET value = excluded.value
@@ -87,6 +112,11 @@ func (s *SQLiteStorage) SetMetadata(ctx context.Context, key, value string) erro
 
 // GetMetadata gets a metadata value (for internal state like import hashes)
 func (s *SQLiteStorage) GetMetadata(ctx context.Context, key string) (string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	var value string
 	err := s.db.QueryRowContext(ctx, `SELECT value FROM metadata WHERE key = ?`, key).Scan(&value)
 	if err == sql.ErrNoRows {

internal/storage/sqlite/dependencies.go

@@ -324,6 +324,11 @@ func (s *SQLiteStorage) GetDependencyCounts(ctx context.Context, issueIDs []stri
 		return make(map[string]*types.DependencyCounts), nil
 	}
 
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	// Build placeholders for the IN clause
 	placeholders := make([]string, len(issueIDs))
 	args := make([]interface{}, len(issueIDs)*2)
@@ -394,6 +399,11 @@ func (s *SQLiteStorage) GetDependencyCounts(ctx context.Context, issueIDs []stri
 
 // GetDependencyRecords returns raw dependency records for an issue
 func (s *SQLiteStorage) GetDependencyRecords(ctx context.Context, issueID string) ([]*types.Dependency, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	rows, err := s.db.QueryContext(ctx, `
 		SELECT issue_id, depends_on_id, type, created_at, created_by,
 		       COALESCE(metadata, '{}') as metadata, COALESCE(thread_id, '') as thread_id
@@ -430,6 +440,11 @@ func (s *SQLiteStorage) GetDependencyRecords(ctx context.Context, issueID string
 // GetAllDependencyRecords returns all dependency records grouped by issue ID
 // This is optimized for bulk export operations to avoid N+1 queries
 func (s *SQLiteStorage) GetAllDependencyRecords(ctx context.Context) (map[string][]*types.Dependency, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	rows, err := s.db.QueryContext(ctx, `
 		SELECT issue_id, depends_on_id, type, created_at, created_by,
 		       COALESCE(metadata, '{}') as metadata, COALESCE(thread_id, '') as thread_id
@@ -469,6 +484,11 @@ func (s *SQLiteStorage) GetAllDependencyRecords(ctx context.Context) (map[string
 // When showAllPaths is true, all paths are shown with duplicate nodes at different depths.
 // When reverse is true, shows dependent tree (what was discovered from this) instead of dependency tree (what blocks this).
 func (s *SQLiteStorage) GetDependencyTree(ctx context.Context, issueID string, maxDepth int, showAllPaths bool, reverse bool) ([]*types.TreeNode, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	if maxDepth <= 0 {
 		maxDepth = 50
 	}
@@ -721,6 +741,11 @@ func parseExternalRefParts(ref string) (project, capability string) {
 // loadDependencyGraph loads all non-relates-to dependencies as an adjacency list.
 // This is used by DetectCycles for O(V+E) cycle detection instead of the O(2^n) SQL CTE.
 func (s *SQLiteStorage) loadDependencyGraph(ctx context.Context) (map[string][]string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	deps := make(map[string][]string)
 	rows, err := s.db.QueryContext(ctx, `
 		SELECT issue_id, depends_on_id

internal/storage/sqlite/dirty.go

@@ -11,6 +11,11 @@ import (
 // MarkIssueDirty marks an issue as dirty (needs to be exported to JSONL)
 // This should be called whenever an issue is created, updated, or has dependencies changed
 func (s *SQLiteStorage) MarkIssueDirty(ctx context.Context, issueID string) error {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	_, err := s.db.ExecContext(ctx, `
 		INSERT INTO dirty_issues (issue_id, marked_at)
 		VALUES (?, ?)
@@ -50,6 +55,11 @@ func (s *SQLiteStorage) MarkIssuesDirty(ctx context.Context, issueIDs []string)
 
 // GetDirtyIssues returns the list of issue IDs that need to be exported
 func (s *SQLiteStorage) GetDirtyIssues(ctx context.Context) ([]string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	rows, err := s.db.QueryContext(ctx, `
 		SELECT issue_id FROM dirty_issues
 		ORDER BY marked_at ASC
@@ -76,6 +86,11 @@ func (s *SQLiteStorage) GetDirtyIssues(ctx context.Context) ([]string, error) {
 
 // GetDirtyIssueHash returns the stored content hash for a dirty issue, if it exists
 func (s *SQLiteStorage) GetDirtyIssueHash(ctx context.Context, issueID string) (string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	var hash sql.NullString
 	err := s.db.QueryRowContext(ctx, `
 		SELECT content_hash FROM dirty_issues WHERE issue_id = ?
@@ -121,6 +136,11 @@ func (s *SQLiteStorage) ClearDirtyIssuesByID(ctx context.Context, issueIDs []str
 
 // GetDirtyIssueCount returns the count of dirty issues (for monitoring/debugging)
 func (s *SQLiteStorage) GetDirtyIssueCount(ctx context.Context) (int, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	var count int
 	err := s.db.QueryRowContext(ctx, `SELECT COUNT(*) FROM dirty_issues`).Scan(&count)
 	if IsNotFound(wrapDBError("count dirty issues", err)) {

internal/storage/sqlite/events.go

@@ -55,6 +55,11 @@ func (s *SQLiteStorage) AddComment(ctx context.Context, issueID, actor, comment
 
 // GetEvents returns the event history for an issue
 func (s *SQLiteStorage) GetEvents(ctx context.Context, issueID string, limit int) ([]*types.Event, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	args := []interface{}{issueID}
 	limitSQL := ""
 	if limit > 0 {
@@ -108,6 +113,11 @@ func (s *SQLiteStorage) GetEvents(ctx context.Context, issueID string, limit int
 
 // GetStatistics returns aggregate statistics
 func (s *SQLiteStorage) GetStatistics(ctx context.Context) (*types.Statistics, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	var stats types.Statistics
 
 	// Get counts (bd-nyt: exclude tombstones from TotalIssues, report separately)
@@ -211,6 +221,11 @@ func (s *SQLiteStorage) GetStatistics(ctx context.Context) (*types.Statistics, e
 // GetMoleculeProgress returns efficient progress stats for a molecule.
 // Uses indexed queries on dependencies table instead of loading all steps.
 func (s *SQLiteStorage) GetMoleculeProgress(ctx context.Context, moleculeID string) (*types.MoleculeProgressStats, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	// First get the molecule's title
 	var title string
 	err := s.db.QueryRowContext(ctx, `SELECT title FROM issues WHERE id = ?`, moleculeID).Scan(&title)

internal/storage/sqlite/hash.go

@@ -9,6 +9,11 @@ import (
 // GetExportHash retrieves the content hash of the last export for an issue.
 // Returns empty string if no hash is stored (first export).
 func (s *SQLiteStorage) GetExportHash(ctx context.Context, issueID string) (string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	var hash string
 	err := s.db.QueryRowContext(ctx, `
 		SELECT content_hash FROM export_hashes WHERE issue_id = ?
@@ -26,6 +31,11 @@ func (s *SQLiteStorage) GetExportHash(ctx context.Context, issueID string) (stri
 
 // SetExportHash stores the content hash of an issue after successful export.
 func (s *SQLiteStorage) SetExportHash(ctx context.Context, issueID, contentHash string) error {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	_, err := s.db.ExecContext(ctx, `
 		INSERT INTO export_hashes (issue_id, content_hash, exported_at)
 		VALUES (?, ?, CURRENT_TIMESTAMP)
@@ -44,6 +54,11 @@ func (s *SQLiteStorage) SetExportHash(ctx context.Context, issueID, contentHash
 // ClearAllExportHashes removes all export hashes from the database.
 // This is primarily used for test isolation to force re-export of issues.
 func (s *SQLiteStorage) ClearAllExportHashes(ctx context.Context) error {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	_, err := s.db.ExecContext(ctx, `DELETE FROM export_hashes`)
 	if err != nil {
 		return fmt.Errorf("failed to clear export hashes: %w", err)
@@ -54,6 +69,11 @@ func (s *SQLiteStorage) ClearAllExportHashes(ctx context.Context) error {
 // GetJSONLFileHash retrieves the stored hash of the JSONL file.
 // Returns empty string if no hash is stored (bd-160).
 func (s *SQLiteStorage) GetJSONLFileHash(ctx context.Context) (string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	var hash string
 	err := s.db.QueryRowContext(ctx, `
 		SELECT value FROM metadata WHERE key = 'jsonl_file_hash'
@@ -71,6 +91,11 @@ func (s *SQLiteStorage) GetJSONLFileHash(ctx context.Context) (string, error) {
 
 // SetJSONLFileHash stores the hash of the JSONL file after export (bd-160).
 func (s *SQLiteStorage) SetJSONLFileHash(ctx context.Context, fileHash string) error {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	_, err := s.db.ExecContext(ctx, `
 		INSERT INTO metadata (key, value)
 		VALUES ('jsonl_file_hash', ?)

internal/storage/sqlite/hash_ids.go

@@ -11,6 +11,7 @@ import (
 
 // getNextChildNumber atomically increments and returns the next child counter for a parent issue.
 // Uses INSERT...ON CONFLICT to ensure atomicity without explicit locking.
+// Note: Caller must hold reconnectMu.RLock() - this is an internal method.
 func (s *SQLiteStorage) getNextChildNumber(ctx context.Context, parentID string) (int, error) {
 	var nextChild int
 	err := s.db.QueryRowContext(ctx, `
@@ -30,6 +31,11 @@ func (s *SQLiteStorage) getNextChildNumber(ctx context.Context, parentID string)
 // Returns formatted ID as parentID.{counter} (e.g., bd-a3f8e9.1 or bd-a3f8e9.1.5)
 // Works at any depth (max 3 levels)
 func (s *SQLiteStorage) GetNextChildID(ctx context.Context, parentID string) (string, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	// Validate parent exists
 	var count int
 	err := s.db.QueryRowContext(ctx, `SELECT COUNT(*) FROM issues WHERE id = ?`, parentID).Scan(&count)
@@ -72,6 +78,11 @@ func (s *SQLiteStorage) GetNextChildID(ctx context.Context, parentID string) (st
 // with explicit IDs (via --id flag or import) rather than GetNextChildID.
 // (GH#728 fix)
 func (s *SQLiteStorage) ensureChildCounterUpdated(ctx context.Context, parentID string, childNum int) error {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	_, err := s.db.ExecContext(ctx, `
 		INSERT INTO child_counters (parent_id, last_child)
 		VALUES (?, ?)

internal/storage/sqlite/labels.go

@@ -81,6 +81,9 @@ func (s *SQLiteStorage) RemoveLabel(ctx context.Context, issueID, label, actor s
 }
 
 // GetLabels returns all labels for an issue
+// Note: This method is called from GetIssue which already holds reconnectMu.RLock(),
+// so we don't acquire the lock here to avoid deadlock. Callers must ensure
+// appropriate locking when calling directly.
 func (s *SQLiteStorage) GetLabels(ctx context.Context, issueID string) ([]string, error) {
 	rows, err := s.db.QueryContext(ctx, `
 		SELECT label FROM labels WHERE issue_id = ? ORDER BY label
@@ -109,6 +112,11 @@ func (s *SQLiteStorage) GetLabelsForIssues(ctx context.Context, issueIDs []strin
 		return make(map[string][]string), nil
 	}
 
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	// Build placeholders for IN clause
 	placeholders := make([]interface{}, len(issueIDs))
 	for i, id := range issueIDs {
@@ -154,6 +162,11 @@ func buildPlaceholders(count int) string {
 
 // GetIssuesByLabel returns issues with a specific label
 func (s *SQLiteStorage) GetIssuesByLabel(ctx context.Context, label string) ([]*types.Issue, error) {
+	// Hold read lock during database operations to prevent reconnect() from
+	// closing the connection mid-query (GH#607 race condition fix)
+	s.reconnectMu.RLock()
+	defer s.reconnectMu.RUnlock()
+
 	rows, err := s.db.QueryContext(ctx, `
 		SELECT i.id, i.content_hash, i.title, i.description, i.design, i.acceptance_criteria, i.notes,
 		       i.status, i.priority, i.issue_type, i.assignee, i.estimated_minutes,