CognxSafeTrack commited on
Commit ·
b306c8b
1
Parent(s): 303f611
docs: add technical debt audit
Browse files- doc/technical_debt_audit.md +37 -0
doc/technical_debt_audit.md
ADDED
|
@@ -0,0 +1,37 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# Technical Debt Audit - Edtech Platform
|
| 2 |
+
|
| 3 |
+
**Date:** April 30, 2026
|
| 4 |
+
**Status:** Post-Stabilization (v1.0)
|
| 5 |
+
|
| 6 |
+
## 1. Architecture & Orchestration
|
| 7 |
+
| Issue | Severity | Impact | Recommendation |
|
| 8 |
+
|-------|----------|--------|----------------|
|
| 9 |
+
| Parallel Process Management | High | Reliability | Replace `start.sh` with a process manager like PM2 to handle crashes independently. |
|
| 10 |
+
| BullBoard Disabled | Medium | Monitoring | Re-enable BullBoard in `internal.ts` once route stability is confirmed. |
|
| 11 |
+
| Single Container for API/Worker | Medium | Scaling | Eventually separate API and Worker into two different Railway services for better horizontal scaling. |
|
| 12 |
+
|
| 13 |
+
## 2. Multi-Tenancy & Security
|
| 14 |
+
| Issue | Severity | Impact | Recommendation |
|
| 15 |
+
|-------|----------|--------|----------------|
|
| 16 |
+
| Global API Keys | Medium | Isolation | Fully migrate all AI/Payment providers to use organization-specific encrypted secrets from the database. |
|
| 17 |
+
| Webhook Header Validation | Medium | Security | Ensure HMAC signature verification is active and enforced on all Meta/Stripe webhooks. |
|
| 18 |
+
| Cache Invalidation | Low | Consistency | Implement Redis pub/sub for organization secret cache invalidation across replicas. |
|
| 19 |
+
|
| 20 |
+
## 3. Code Quality & Maintenance
|
| 21 |
+
| Issue | Severity | Impact | Recommendation |
|
| 22 |
+
|-------|----------|--------|----------------|
|
| 23 |
+
| Lack of Automated Tests | High | Speed | Implement Jest/Vitest for critical pedagogical logic and organization isolation. |
|
| 24 |
+
| TypeScript "any" usage | Low | Safety | Clean up `as any` casts in `index.ts` and `internal.ts` by refining Fastify type augmentations. |
|
| 25 |
+
| Documentation Gaps | Medium | Onboarding | Document the multi-tenant R2 storage structure and the personality configuration JSON schema. |
|
| 26 |
+
|
| 27 |
+
## 4. Infrastructure & DevOps
|
| 28 |
+
| Issue | Severity | Impact | Recommendation |
|
| 29 |
+
|-------|----------|--------|----------------|
|
| 30 |
+
| /tmp Disk Management | Low | Stability | Enhance the cleanup service to respect per-tenant storage quotas. |
|
| 31 |
+
| Centralized Logging | Medium | Debugging | Integrate a logging provider (Logtail, Datadog) to aggregate logs from multiple processes. |
|
| 32 |
+
| Environment Variable Sync | Low | Deploy | Keep `.env.example` strictly synchronized with Railway production variables. |
|
| 33 |
+
|
| 34 |
+
---
|
| 35 |
+
|
| 36 |
+
## Conclusion
|
| 37 |
+
The platform is currently **Production-Ready** for initial launch. The stabilization phase has resolved critical boot failures and port conflicts. The next phase should focus on **Observability** (Re-enabling BullBoard) and **Test Coverage**.
|