# Code Review Issues (Aggregated)

## CLI Entrypoints
1. **Smoketest depends on external API availability**
   - Live integration check; can fail offline or if idonthavespotify is down.

## Matrix Bot Runtime
2. **Shutdown drops pending queue items**
   - Queue length is logged but pending items are not drained.

3. **Encryption prefetch fails fast**
   - A non-M_NOT_FOUND error aborts prefetch for subsequent rooms.

4. **Health endpoint unauthenticated**
   - `/healthz` exposes counters; should be bound to localhost or protected at the edge.

## Message Handling & Link Logic
5. **Detector regex is brittle**
   - Central regex risks missing edge cases; per-service patterns might be safer.

6. **Plain-text only parsing**
   - Formatted/HTML links are ignored (by design).

7. **Single-link handling**
   - Only first link is handled (by design).

## Config & Packaging
8. **vendorHash = null**
   - Nix doesn’t enforce vendor integrity; should pin a hash if vendor tree stabilizes.

9. **Go toolchain mismatch in dev shell**
   - `go.mod` requires 1.24.0 but devShell uses default `go`.

10. **Config file only (no env overrides)**
   - Token/secret loading relies on file config; document best practices.

## Docs & Ops
11. **Design doc still references Matterbridge migration**
   - `docs/design-matrix-native-routing.md` is outdated.

12. **README Go version outdated**
   - README says Go 1.22+ but module requires 1.24.0.

13. **WORKLOG is stale**
   - Mentions Matterbridge and old crash loops; should be updated or archived.