rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61)
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61) Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
This commit was merged in pull request #61.
This commit is contained in:
@@ -1,11 +1,11 @@
|
||||
# AI Excellence Due Diligence And Roadmap
|
||||
|
||||
**Date:** 2026-03-30
|
||||
**Purpose:** Frank assessment of the current codebase plus a pragmatic roadmap to turn CapaKraken into a reference project for disciplined AI-assisted software engineering.
|
||||
**Purpose:** Frank assessment of the current codebase plus a pragmatic roadmap to turn Nexus into a reference project for disciplined AI-assisted software engineering.
|
||||
|
||||
## Executive Summary
|
||||
|
||||
CapaKraken is already well beyond a prototype. The repository shows a real domain model, a non-trivial bounded-context split, a meaningful automated test baseline, and active delivery discipline.
|
||||
Nexus is already well beyond a prototype. The repository shows a real domain model, a non-trivial bounded-context split, a meaningful automated test baseline, and active delivery discipline.
|
||||
|
||||
At the same time, the codebase still carries several risks that are typical of fast-moving AI-assisted development:
|
||||
|
||||
@@ -44,30 +44,30 @@ The previously critical SSE and browser parser coverage issues were addressed du
|
||||
### High
|
||||
|
||||
1. Router and UI module size is now an operational risk.
|
||||
Evidence: [assistant-tools.ts](/home/hartmut/Documents/Copilot/capakraken/packages/api/src/router/assistant-tools.ts), [resource.ts](/home/hartmut/Documents/Copilot/capakraken/packages/api/src/router/resource.ts), [allocation.ts](/home/hartmut/Documents/Copilot/capakraken/packages/api/src/router/allocation.ts), [timeline.ts](/home/hartmut/Documents/Copilot/capakraken/packages/api/src/router/timeline.ts), [vacation.ts](/home/hartmut/Documents/Copilot/capakraken/packages/api/src/router/vacation.ts), and large frontend files such as [SystemSettingsClient.tsx](/home/hartmut/Documents/Copilot/capakraken/apps/web/src/components/admin/SystemSettingsClient.tsx) and [TimelineProjectPanel.tsx](/home/hartmut/Documents/Copilot/capakraken/apps/web/src/components/timeline/TimelineProjectPanel.tsx) are each well past the size where safe ownership stays easy.
|
||||
Evidence: [assistant-tools.ts](/home/hartmut/Documents/Copilot/nexus/packages/api/src/router/assistant-tools.ts), [resource.ts](/home/hartmut/Documents/Copilot/nexus/packages/api/src/router/resource.ts), [allocation.ts](/home/hartmut/Documents/Copilot/nexus/packages/api/src/router/allocation.ts), [timeline.ts](/home/hartmut/Documents/Copilot/nexus/packages/api/src/router/timeline.ts), [vacation.ts](/home/hartmut/Documents/Copilot/nexus/packages/api/src/router/vacation.ts), and large frontend files such as [SystemSettingsClient.tsx](/home/hartmut/Documents/Copilot/nexus/apps/web/src/components/admin/SystemSettingsClient.tsx) and [TimelineProjectPanel.tsx](/home/hartmut/Documents/Copilot/nexus/apps/web/src/components/timeline/TimelineProjectPanel.tsx) are each well past the size where safe ownership stays easy.
|
||||
Risk: AI-generated changes become harder to review, humans lose local reasoning context, and regressions become more likely.
|
||||
|
||||
2. Runtime secret policy is mostly corrected, but deploy standardization still has to catch up.
|
||||
Evidence: runtime resolution and admin flows now treat environment-backed secrets as the preferred source in [settings.ts](/home/hartmut/Documents/Copilot/capakraken/packages/api/src/router/settings.ts), [system-settings-runtime.ts](/home/hartmut/Documents/Copilot/capakraken/packages/api/src/lib/system-settings-runtime.ts), and [SystemSettingsClient.tsx](/home/hartmut/Documents/Copilot/capakraken/apps/web/src/components/admin/SystemSettingsClient.tsx).
|
||||
Evidence: runtime resolution and admin flows now treat environment-backed secrets as the preferred source in [settings.ts](/home/hartmut/Documents/Copilot/nexus/packages/api/src/router/settings.ts), [system-settings-runtime.ts](/home/hartmut/Documents/Copilot/nexus/packages/api/src/lib/system-settings-runtime.ts), and [SystemSettingsClient.tsx](/home/hartmut/Documents/Copilot/nexus/apps/web/src/components/admin/SystemSettingsClient.tsx).
|
||||
Risk: a strong secret policy is only fully effective once staging and production provisioning use one canonical deployment path and operators clear remaining legacy database copies.
|
||||
Update: the application no longer persists new operational secret values through admin settings; the remaining work is rollout discipline and cleanup completion.
|
||||
|
||||
3. Least-privilege is materially better documented now, but it still needs long-lived enforcement rather than relying mainly on one hardening batch.
|
||||
Evidence: the route audience model is now explicit in [route-access-matrix.md](/home/hartmut/Documents/Copilot/capakraken/docs/route-access-matrix.md) and backed by multiple focused auth tests, but the remaining guarantee still depends on continuing test coverage and architecture guardrails as new routes evolve.
|
||||
Evidence: the route audience model is now explicit in [route-access-matrix.md](/home/hartmut/Documents/Copilot/nexus/docs/route-access-matrix.md) and backed by multiple focused auth tests, but the remaining guarantee still depends on continuing test coverage and architecture guardrails as new routes evolve.
|
||||
Risk: future feature work can slowly widen access again if the matrix and tests are not treated as an enforced contract.
|
||||
|
||||
### Medium
|
||||
|
||||
1. Rate limiting now supports deployment-grade shared counters, but rollout discipline still matters.
|
||||
Evidence: [rate-limit.ts](/home/hartmut/Documents/Copilot/capakraken/packages/api/src/middleware/rate-limit.ts) now prefers Redis-backed counters when `REDIS_URL` is configured, while preserving an in-memory fallback for local development and degraded operation.
|
||||
Evidence: [rate-limit.ts](/home/hartmut/Documents/Copilot/nexus/packages/api/src/middleware/rate-limit.ts) now prefers Redis-backed counters when `REDIS_URL` is configured, while preserving an in-memory fallback for local development and degraded operation.
|
||||
Risk: protections still depend on production actually wiring Redis for all instances instead of silently running on the fallback path.
|
||||
|
||||
2. Performance hotspots are well understood but not yet structurally solved.
|
||||
Evidence: the current performance review identifies repeated in-memory filtering, broad invalidation, and heavyweight timeline/report derivations in [performance-optimization-review-2026-03-18.md](/home/hartmut/Documents/Copilot/capakraken/docs/performance-optimization-review-2026-03-18.md).
|
||||
Evidence: the current performance review identifies repeated in-memory filtering, broad invalidation, and heavyweight timeline/report derivations in [performance-optimization-review-2026-03-18.md](/home/hartmut/Documents/Copilot/nexus/docs/performance-optimization-review-2026-03-18.md).
|
||||
Risk: user experience and infrastructure cost will degrade as data volume grows.
|
||||
|
||||
3. Rollback and incident drills still need to be exercised, even though the deployment path is now standardized.
|
||||
Evidence: the canonical production path now runs through [release-image.yml](/home/hartmut/Documents/Copilot/capakraken/.github/workflows/release-image.yml), [deploy-staging.yml](/home/hartmut/Documents/Copilot/capakraken/.github/workflows/deploy-staging.yml), [deploy-prod.yml](/home/hartmut/Documents/Copilot/capakraken/.github/workflows/deploy-prod.yml), and the single host compose file [docker-compose.prod.yml](/home/hartmut/Documents/Copilot/capakraken/docker-compose.prod.yml).
|
||||
Evidence: the canonical production path now runs through [release-image.yml](/home/hartmut/Documents/Copilot/nexus/.github/workflows/release-image.yml), [deploy-staging.yml](/home/hartmut/Documents/Copilot/nexus/.github/workflows/deploy-staging.yml), [deploy-prod.yml](/home/hartmut/Documents/Copilot/nexus/.github/workflows/deploy-prod.yml), and the single host compose file [docker-compose.prod.yml](/home/hartmut/Documents/Copilot/nexus/docker-compose.prod.yml).
|
||||
Risk: a clean architecture path still needs operator rehearsal before it becomes operationally boring under pressure.
|
||||
|
||||
## Overall Rating
|
||||
@@ -237,6 +237,6 @@ Artifacts to add:
|
||||
|
||||
## Bottom Line
|
||||
|
||||
CapaKraken is already good enough to justify further investment. It is not a cleanup disaster.
|
||||
Nexus is already good enough to justify further investment. It is not a cleanup disaster.
|
||||
|
||||
The opportunity is not to rebuild it. The opportunity is to harden the weak edges, reduce oversized ownership surfaces, and make the engineering standards visible enough that the repository becomes evidence that AI can accelerate serious software without normalizing architectural debt.
|
||||
|
||||
Reference in New Issue
Block a user