WriteFile can expose partially-created files during concurrent ReaddirPlus

[chaitanyya]

For a new file, WriteFile currently performs several independent DB operations:

1. insert inode with nlink = 0
2. insert dentry
3. increment nlink
4. write file chunks

Once the dentry is inserted, concurrent readers can discover the file through ReaddirPlus before nlink and data writes finish. A later Lstat can then observe different metadata for the same path.

Relevant code: sdk/go/filesystem.go in WriteFile.

Impact

Concurrent readers can observe internally inconsistent filesystem metadata. This affects directory listing correctness and any caller that expects ReaddirPlus(path) stats to match Lstat(path/name) for the same visible entry.

Proposed fix

Wrap file creation in a transaction so the inode, dentry, link count, and initial file data become visible atomically.

At minimum, the new-file path in WriteFile should commit these together:

• insert inode
• insert dentry
• increment nlink
• write chunks

The same audit should be applied to other multi-statement filesystem mutations like Rename, Unlink, Mkdir, and link/symlink creation.

If you think this is valid I am happy to submit a PR, didn't want to spam without acknowledgement.