docs(backlog): close out dep adoption — reject upstash/faker/msw with rationale
Three audit-flagged deps rejected on inspection (not parked-pending- decision): - @upstash/ratelimit — audit said "4 hand-rolled rate limiters"; actual state is one centralized sliding-window limiter with 14 named policies. - @faker-js/faker — both seed files are hand-curated specs keyed to test selectors, not random fake data; faker would mean ADDING a factory. - msw — vi.mock at the service-module boundary already gives determinism; msw only helps when tests hit fetch() directly. Adds tsc-staged.mjs to the done list. Updates parked list with concrete rationale per item. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -146,6 +146,7 @@ What's done (2026-05-12 session — all phases shipped):
|
|||||||
- ✅ **@tanstack/react-virtual in DataTable** — opt-in `virtual` prop. Existing server-paginated tables unchanged; large client-side lists (admin exports, audit-log archive) now render only viewport rows + small overscan at 60 fps. Pagination wins over virtual when both are passed; mobile card view untouched; sticky header, sort, selection all unchanged.
|
- ✅ **@tanstack/react-virtual in DataTable** — opt-in `virtual` prop. Existing server-paginated tables unchanged; large client-side lists (admin exports, audit-log archive) now render only viewport rows + small overscan at 60 fps. Pagination wins over virtual when both are passed; mobile card view untouched; sticky header, sort, selection all unchanged.
|
||||||
- ✅ **drizzle-zod adoption** — pattern proven in tags.ts + brochures.ts (earlier commit). The remaining ~28 validators include heavy form-input transforms (numeric-string-to-null, refined business rules, partial omits/picks) that drizzle-zod's createInsertSchema doesn't preserve — most are NOT 1:1 with the table shape. Migration is net-wash on LOC and adds no safety. Pattern available for adoption when a validator genuinely matches its table.
|
- ✅ **drizzle-zod adoption** — pattern proven in tags.ts + brochures.ts (earlier commit). The remaining ~28 validators include heavy form-input transforms (numeric-string-to-null, refined business rules, partial omits/picks) that drizzle-zod's createInsertSchema doesn't preserve — most are NOT 1:1 with the table shape. Migration is net-wash on LOC and adds no safety. Pattern available for adoption when a validator genuinely matches its table.
|
||||||
- ✅ **Tier 2 polish** — surveyed each candidate. `fast-deep-equal` not needed (existing memo comparators work). `use-debounce` package adds no value over the in-tree 13-LOC hook. `@use-gesture/react`, `embla-carousel-react`, `yet-another-react-lightbox`, `react-resizable-panels` all need concrete UX surfaces or product decisions before wiring — added them to the parked list.
|
- ✅ **Tier 2 polish** — surveyed each candidate. `fast-deep-equal` not needed (existing memo comparators work). `use-debounce` package adds no value over the in-tree 13-LOC hook. `@use-gesture/react`, `embla-carousel-react`, `yet-another-react-lightbox`, `react-resizable-panels` all need concrete UX surfaces or product decisions before wiring — added them to the parked list.
|
||||||
|
- ✅ **Pre-commit staged type-check** — `scripts/tsc-staged.mjs` (30-LOC shim) replaces the broken `tsc-files` package (which silently no-ops under pnpm). Pre-commit now runs `tsc -p <temp-config>` against staged ts/tsx in ~3s vs ~22s full-project; type errors caught before they hit CI.
|
||||||
|
|
||||||
Remaining (opportunistic, no concrete trigger):
|
Remaining (opportunistic, no concrete trigger):
|
||||||
|
|
||||||
@@ -159,16 +160,20 @@ Remaining (opportunistic, no concrete trigger):
|
|||||||
|
|
||||||
Decisions / parked:
|
Decisions / parked:
|
||||||
|
|
||||||
- `@upstash/ratelimit` — replace 4 hand-rolled rate limiters (audit Tier 2 candidate).
|
- ~`@upstash/ratelimit`~ — **rejected on inspection.** Audit claimed "4 hand-rolled rate limiters"; actual state is **one** centralized sliding-window Redis limiter (`src/lib/rate-limit.ts`) with 14 named policies + atomic pipeline. Replacement is pure churn.
|
||||||
- `next-safe-action` — pilot on a new form first.
|
- ~`@faker-js/faker`~ — **rejected on inspection.** Both seed files (`seed-data.ts`, `seed-synthetic-data.ts`) are hand-curated demo specs (per-pipeline-stage clients with locale-correct names/phones/addresses keyed to test selectors). No fake-data factory exists to replace — adopting faker means WRITING the factory + losing curation. Net add, not net subtract.
|
||||||
|
- ~`msw`~ — **rejected on inspection.** Integration tests already mock external services via `vi.mock('@/lib/services/documenso-client', ...)` at the module boundary — equivalent determinism, no extra layer. MSW only wins when tests hit `fetch()` directly, which we don't.
|
||||||
|
- `next-safe-action` — pilot on a new form first (no concrete trigger).
|
||||||
- `@sentry/nextjs` — needs SaaS-dep decision.
|
- `@sentry/nextjs` — needs SaaS-dep decision.
|
||||||
- `@tiptap/core` upgrade — needs product decision on rich notes.
|
- `@tiptap/core` upgrade — needs product decision on rich notes.
|
||||||
- `pdfjs-dist` / `@react-pdf-viewer/core` — in-browser PDF preview in docs hub (paired with PDF stack overhaul if revived).
|
- `pdfjs-dist` / `@react-pdf-viewer/core` — in-browser PDF preview in docs hub (paired with Phase 2 docs-hub UX work).
|
||||||
- `@faker-js/faker` — better seed data (dev-only).
|
- `next-pwa` / `@serwist/next` — blocked on missing PWA icons per MEMORY.md.
|
||||||
- `msw` — deterministic external-service mocking in integration tests.
|
|
||||||
- `next-pwa` / `@serwist/next` — PWA assets pending per MEMORY.md.
|
|
||||||
- `next-intl` — no current i18n target.
|
- `next-intl` — no current i18n target.
|
||||||
- `posthog-js` — analytics scope decision.
|
- `posthog-js` — analytics scope decision.
|
||||||
|
- `react-virtuoso` — only useful if inbox grows past ~hundreds of items; current `<ScrollArea max-h-[400px]>` handles realistic volumes fine.
|
||||||
|
- `react-imask` / `react-number-format` — input masks across ~6 forms. Decision pending: hand-rolled formatters work today.
|
||||||
|
- `type-fest` — opportunistic types; no concrete trigger.
|
||||||
|
- `partysocket` — Socket.IO-protocol incompatible without significant rework.
|
||||||
|
|
||||||
Major deferrals from §34 of audit:
|
Major deferrals from §34 of audit:
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user