musiclink/docs/reviews/issues.md

Code Review Issues (Aggregated)

CLI Entrypoints

1. Smoketest depends on external API availability
   • Live integration check; can fail offline or if idonthavespotify is down.

Matrix Bot Runtime

2. Shutdown drops pending queue items

   • Queue length is logged but pending items are not drained.

3. Encryption prefetch fails fast

   • A non-M_NOT_FOUND error aborts prefetch for subsequent rooms.

4. Health endpoint unauthenticated

   • /healthz exposes counters; should be bound to localhost or protected at the edge.

Message Handling & Link Logic

5. Detector regex is brittle

   • Central regex risks missing edge cases; per-service patterns might be safer.

6. Plain-text only parsing

   • Formatted/HTML links are ignored (by design).

7. Single-link handling

   • Only first link is handled (by design).

Config & Packaging

8. vendorHash = null

   • Nix doesn’t enforce vendor integrity; should pin a hash if vendor tree stabilizes.

9. Go toolchain mismatch in dev shell

   • go.mod requires 1.24.0 but devShell uses default go.

10. Config file only (no env overrides)

• Token/secret loading relies on file config; document best practices.

Docs & Ops

11. Design doc still references Matterbridge migration

• docs/design-matrix-native-routing.md is outdated.

12. README Go version outdated

• README says Go 1.22+ but module requires 1.24.0.

13. WORKLOG is stale

• Mentions Matterbridge and old crash loops; should be updated or archived.