1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
Risks and Technical Debt
========================
This page tracks known architectural risks and follow-up work. Keep entries
short, actionable, and tied to repository evidence.
Current Risk Register
---------------------
.. list-table::
:header-rows: 1
:widths: 10 26 28 30
* - Priority
- Finding
- Evidence
- Recommendation
* - P0
- Email utility type dependency should be verified.
- ``src/lib/resend.ts`` imports project-local types.
- Keep type sources explicit and covered by type checks.
* - P0
- Payload secret fallback is unsafe for production.
- ``payload.config.ts`` falls back to ``your-secret-key``.
- Fail fast in production when ``PAYLOAD_SECRET`` is missing.
* - P1
- RSS canonical path must stay consistent.
- Route is ``/rss.xml``.
- Use the same path in metadata, README, docs, and sitemap config.
* - P1
- In-memory aggregation can become expensive.
- Search, RSS, and tag counts read batches of posts.
- Add caching or database-side aggregation when content volume grows.
* - P1
- Canonical URL configuration needs production hardening.
- Deployment URL handling depends on environment conventions.
- Prefer an explicit public site URL for production.
* - P2
- Comment role governance needs policy tests.
- Comment storage includes roles.
- Define moderation behavior before adding privileged comment actions.
Roadmap
-------
Phase 1: correctness and configuration hardening
Fix production secret handling, verify email types, and align feed paths.
Phase 2: scalability
Cache expensive public indexes, move tag aggregation closer to storage, and
add clear revalidation boundaries.
Phase 3: governance
Add architecture decision records, route-level integration tests, and CI
checks for type safety, tests, linting, and documentation links.
|
