Architecture Review
Documentation Audit & Code Quality Plan
Created: April 26, 2026 Goal: Deliver a technically sound, well-documented, secure product that accurately represents what was planned and what was built — establishing a clear foundation before opening to real beta users.
Why This Matters
The project has moved fast. M1 through M11 represents months of development, dozens of architectural decisions, production deployments, and real-world fixes. Before expanding the user base, we need to:
- Verify the codebase is architecturally sound and secure
- Ensure documentation reflects reality, not aspirations
- Capture everything learned so future development (and future team members) have an honest, accurate reference
Session A — M11 Housekeeping (1-2 hours)
Goal: Close out loose ends from TRA-145 and the Playwright work.
- TRA-171 — Fix
SqlTicketNumberGeneratorto seed fromMAX(Number) + 1after sequence creation - Fix E2E tests 03-06 state sharing — write
E2E_TICKET_URLto a temp file after test 02, read it in downstream tests - Merge
feature/TRA-145-Playwright-TestsPR → development → main - Merge
feature/TRA-145-Playwright-Testsfor API changes (GetCurrentUserEndpoint, GetCurrentTechnicianEndpoint fix)
Session B — Documentation Audit (2-4 hours)
Goal: Produce honest, accurate documentation that reflects what was actually built. No aspirational gaps.
Input Documents to Review
These are the original planning documents from the project files. Pete will provide them at the start of the session:
roundtrip-brd.docx— Business Requirements Documentroundtrip-prd.docx— Product Requirements Documentroundtrip-solution-architecture.docx— Solution Architecture Document (SAD)roundtrip-api-design.docx— API Design Documentroundtrip-domain-model.docx— Domain Modelroundtrip-ddd.docx— Domain-Driven Design decisionsroundtrip-clean-arch.docx— Clean Architecture patternsroundtrip-database-design.docx— Database designroundtrip-impl-plan.docx— Implementation planroundtrip-tech-stack-analysis.docx— Tech stack decisionstraxs-business-plan.docx— Business plan contexttraxs-business-case.docx— Business case
Review Approach
For each document, evaluate:
- Still accurate? — Does it match what was actually built?
- Intentional divergence? — Did we consciously decide to do something differently?
- Unintentional drift? — Did we just end up somewhere different without a decision?
- Missing coverage? — Are there things built that the document doesn't cover at all?
Living Documents to Update
These Linear documents need updating based on what was learned in M10/M11:
| Document | Key Updates Needed |
|---|---|
| Backend Coding Standards | result.Type not result.ResultType; /v1/me pattern; GetCurrentTechnicianEndpoint TenantId resolution; HttpContext.Response.WriteAsJsonAsync pattern |
| Frontend Coding Standards | MSAL now localStorage; setAccount is async; role from /v1/me API not JWT; StatusBadge/PriorityBadge now forward ...rest props |
| Deployment Architecture | ADO self-hosted agent laptop in traxs-self-hosted pool; Cloudflare Pages for frontend; Secure Files → inline auth setup; repo migration from GitHub to ADO |
| Pre-Beta Launch Checklist | Current status pass — what's done, what's still open |
Session C — Architecture & Security Audit (2-3 hours)
Goal: Systematic review of both repos for security, correctness, and architectural integrity.
API (RoundTripAPI)
Multi-tenancy audit
- Every Dapper query has explicit
AND TenantId = @TenantId— no tenant data leakage possible -
TenantScopingBehaviorcorrectly covers all MediatR commands and queries - Direct endpoint handlers (non-MediatR paths) resolve tenant correctly
Authorization audit
- Every FastEndpoints endpoint has
Roles()configured - Role assignments match PRD (Technician cannot call Dispatcher endpoints)
-
GET /v1/mecorrectly has no role restriction (any authenticated user) -
GetCurrentTechnicianEndpointcorrectly restricted to Technician role
Input validation
- FluentValidation coverage — every command with user input has a validator
- No unvalidated inputs reaching domain methods
Security
- No secrets in
appsettings.jsonor committed config files - No raw string interpolation in SQL (Dapper parameterization everywhere)
- Exception middleware prevents stack traces reaching clients
- CORS policy is appropriately restrictive for production
Ticket number sequence (TRA-171)
-
SqlTicketNumberGeneratorseeds from existing max after creation
Frontend (RoundTripWeb)
MSAL / Auth
-
localStorageMSAL cache — XSS surface acknowledged and mitigated - 401 responses trigger MSAL re-auth correctly
- 403 responses handled gracefully (user sees a clear error, not a broken UI)
-
setAccountasync flow — app doesn't render role-dependent UI before/v1/meresolves
API client
- All API calls go through
apiClient(no raw fetch scattered through components) - Error handling is consistent — TanStack Query error states used correctly
Service worker
- Workbox guards
url.originbeforeurl.pathname(prevents intercepting cross-origin API calls) - Stale service worker update flow works correctly
Code quality
- No
console.logstatements in production code - No hardcoded tenant IDs or user IDs
- TypeScript strict mode — no
anyescapes
Claude Cowork — Where It Helps
Claude Cowork (desktop automation) is best used for bounded, systematic tasks rather than open-ended review. Specific use cases:
- Tenant scoping audit: Open RoundTripAPI, search all
.csfiles containing Dapper SQL for queries missingTenantIdfilter - Endpoint authorization audit: Open all
*Endpoint.csfiles, list each one and itsRoles()configuration - Console.log audit: Search RoundTripWeb for
console.login non-test files - Hardcoded value scan: Search for known GUIDs (dev tenant, Acme tenant) in source code
These are mechanical tasks that Cowork can run systematically in minutes rather than manual file-by-file review.
Success Definition
After all three sessions:
- All open M11 issues are tracked and prioritized
- The planning documents are annotated with what was built vs what was planned
- The two living coding standards documents reflect current reality
- The architecture and security audit is complete with findings documented
- Any issues found are filed as Linear tickets with appropriate priority
- The codebase is ready to present to beta users with confidence