oabrivard
/
ai_synth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ai_synth/audits/2026-03-27/backend-rust.md

4.9 KiB
Raw Permalink Blame History

Backend Rust Audit Report (Partial)

Scope and limitations

  • Audited backend docs + code paths in:
    • handlers/, services/, db/, models/, migrations, representative tests
  • Limitation:
    • Full backend test execution could not be completed due persistent Cargo artifact lock after interruption.

Clarification Questions

  1. Is "LLM vs HTML source-link extraction mode" still a product requirement, or intentionally removed?
    • Docs still mention configurability (functional_specs.md:140)
    • Related settings were removed in migrations (20260326000026_remove_use_llm_for_source_links.sql, 20260325000018_drop_deprecated_settings.sql)
  2. What are canonical theme defaults: docs/DB (max_items=4, summary_length=3) or handler (5, 2)?

Assumptions

  • Docs are source of truth unless explicitly superseded by migration intent.
  • Multi-theme source scoping is mandatory.

Prioritized Findings

P0

  • Theme-scoped source import/export contract is broken.
    • Evidence: /Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:111, /Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:154, /Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:234, /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:120, /Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:249
    • Spec refs: /Users/oabrivard/Projects/rust/ai_synth/docs/requirements.md:19, /Users/oabrivard/Projects/rust/ai_synth/docs/functional_specs.md:35
    • Direction: make import/export strictly theme-aware.

P1

  • Theme update endpoint lacks validation; invalid settings can persist.

    • Evidence: /Users/oabrivard/Projects/rust/ai_synth/backend/src/models/theme.rs:77, /Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/themes.rs:72, /Users/oabrivard/Projects/rust/ai_synth/backend/src/db/themes.rs:72
    • Direction: add UpdateThemeRequest::validate() and enforce in handler.

  • Source create/import path does not verify theme ownership.

    • Evidence: /Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:72, /Users/oabrivard/Projects/rust/ai_synth/backend/src/db/sources.rs:55
    • Direction: enforce theme_id ownership check before insert/update.

  • Theme creation contract drifts from documented behavior/defaults.

    • Evidence: /Users/oabrivard/Projects/rust/ai_synth/backend/src/models/theme.rs:43, /Users/oabrivard/Projects/rust/ai_synth/backend/src/models/theme.rs:47, /Users/oabrivard/Projects/rust/ai_synth/docs/functional_specs.md:90, /Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/themes.rs:56, /Users/oabrivard/Projects/rust/ai_synth/docs/functional_specs.md:185
    • Direction: align create validation + defaults with agreed product contract.

P2

  • Core synthesis orchestration is monolithic and high-risk to change.

    • Evidence: /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:85, /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:152, /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:357, /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:542
    • Direction: split into composable phase modules.

  • Scheduler reliability path is under-tested.

    • Evidence: /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/scheduler.rs:94

  • Phase-2 filtering performs per-URL DB checks (N+1 pattern).

    • Evidence: /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:1031

P3

  • Silent error suppression (.ok()) hides operational issues.
    • Evidence: /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:351, /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:457, /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:604, /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/scheduler.rs:67, /Users/oabrivard/Projects/rust/ai_synth/backend/src/services/scheduler.rs:85

Idiomatic Rust Assessment

  • Error handling: good (AppError, Result, minimal panics).
  • Layering: mostly good, but orchestration service is overloaded.
  • Async/concurrency: good use of JoinSet, watch, AtomicBool.
  • Testability: strong in many modules; weaker around scheduler/autonomous workflows.

Refactoring Plan

  1. Correctness first (1 sprint).
    • Theme-aware import/export, theme ownership validation, update validation, defaults alignment.
  2. Pipeline decomposition (1-2 sprints).
    • Split run_generation_inner into phase modules and explicit state contexts.
  3. Reliability and QA hardening (1 sprint).
    • Scheduler integration tests + SSE progress integration tests.
  4. Performance cleanup (incremental).
    • Batch article-history checks and optimize bulk inserts.

Quick Wins

  1. Add theme ownership guard in POST /sources.
  2. Add update validation for themes.
  3. Wire theme_id through bulk/csv import.
  4. Make export-csv honor theme_id.