oabrivard
/
ai_synth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f8588a57a3'
${ noResults }
ai_synth/audits/2026-03-27/backend-rust.md

76 lines
4.9 KiB
Markdown
Raw Blame History

# Backend Rust Audit Report (Partial)
## Scope and limitations
- Audited backend docs + code paths in:
- `handlers/`, `services/`, `db/`, `models/`, migrations, representative tests
- Limitation:
- Full backend test execution could not be completed due persistent Cargo artifact lock after interruption.
## Clarification Questions
1. Is "LLM vs HTML source-link extraction mode" still a product requirement, or intentionally removed?
- Docs still mention configurability (`functional_specs.md:140`)
- Related settings were removed in migrations (`20260326000026_remove_use_llm_for_source_links.sql`, `20260325000018_drop_deprecated_settings.sql`)
2. What are canonical theme defaults: docs/DB (`max_items=4`, `summary_length=3`) or handler (`5`, `2`)?
## Assumptions
- Docs are source of truth unless explicitly superseded by migration intent.
- Multi-theme source scoping is mandatory.
## Prioritized Findings
### P0
- Theme-scoped source import/export contract is broken.
- Evidence: `/Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:111`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:154`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:234`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:120`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:249`
- Spec refs: `/Users/oabrivard/Projects/rust/ai_synth/docs/requirements.md:19`, `/Users/oabrivard/Projects/rust/ai_synth/docs/functional_specs.md:35`
- Direction: make import/export strictly theme-aware.
### P1
- Theme update endpoint lacks validation; invalid settings can persist.
- Evidence: `/Users/oabrivard/Projects/rust/ai_synth/backend/src/models/theme.rs:77`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/themes.rs:72`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/db/themes.rs:72`
- Direction: add `UpdateThemeRequest::validate()` and enforce in handler.
- Source create/import path does not verify theme ownership.
- Evidence: `/Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/sources.rs:72`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/db/sources.rs:55`
- Direction: enforce `theme_id` ownership check before insert/update.
- Theme creation contract drifts from documented behavior/defaults.
- Evidence: `/Users/oabrivard/Projects/rust/ai_synth/backend/src/models/theme.rs:43`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/models/theme.rs:47`, `/Users/oabrivard/Projects/rust/ai_synth/docs/functional_specs.md:90`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/handlers/themes.rs:56`, `/Users/oabrivard/Projects/rust/ai_synth/docs/functional_specs.md:185`
- Direction: align create validation + defaults with agreed product contract.
### P2
- Core synthesis orchestration is monolithic and high-risk to change.
- Evidence: `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:85`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:152`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:357`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:542`
- Direction: split into composable phase modules.
- Scheduler reliability path is under-tested.
- Evidence: `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/scheduler.rs:94`
- Phase-2 filtering performs per-URL DB checks (N+1 pattern).
- Evidence: `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:1031`
### P3
- Silent error suppression (`.ok()`) hides operational issues.
- Evidence: `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:351`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:457`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/synthesis.rs:604`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/scheduler.rs:67`, `/Users/oabrivard/Projects/rust/ai_synth/backend/src/services/scheduler.rs:85`
## Idiomatic Rust Assessment
- Error handling: good (`AppError`, `Result`, minimal panics).
- Layering: mostly good, but orchestration service is overloaded.
- Async/concurrency: good use of `JoinSet`, `watch`, `AtomicBool`.
- Testability: strong in many modules; weaker around scheduler/autonomous workflows.
## Refactoring Plan
1. Correctness first (1 sprint).
- Theme-aware import/export, theme ownership validation, update validation, defaults alignment.
2. Pipeline decomposition (1-2 sprints).
- Split `run_generation_inner` into phase modules and explicit state contexts.
3. Reliability and QA hardening (1 sprint).
- Scheduler integration tests + SSE progress integration tests.
4. Performance cleanup (incremental).
- Batch article-history checks and optimize bulk inserts.
## Quick Wins
1. Add theme ownership guard in `POST /sources`.
2. Add update validation for themes.
3. Wire `theme_id` through bulk/csv import.
4. Make `export-csv` honor `theme_id`.
Reference in New Issue View Git Blame Copy Permalink