diff --git a/REVIEW.md b/REVIEW.md index 45c668c..730228a 100644 --- a/REVIEW.md +++ b/REVIEW.md @@ -13,7 +13,6 @@ Top 5 maintainability risks (priority order): 2. Operational contract drift between docs/scripts/code (High) - `API.md:3` claims admin auth via `X-Admin-Key`/`key`; admin runtime actually checks authenticated admin user (`Infrastructure/AdminOnlyFilter.cs:12`). -- `scripts/smoke.ps1:46`/`scripts/smoke.ps1:51` call admin endpoints using `X-Admin-Key` and contain a `TODO` (`scripts/smoke.ps1:48`), so smoke automation is not trustworthy. - Impact: incident response and deployment validation are unreliable. 3. High-change, high-complexity frontend hotspots (High) @@ -55,7 +54,7 @@ Major modules/components and responsibilities: - `Domain/*.cs`: entity data structures (`Player`, `Suggestion`, `Vote`, `AppState`, `Phase`). - `wwwroot/app.js` + `wwwroot/js/*.js`: frontend orchestration, shared state, API calls, rendering, i18n, effects. - `GameList.Tests/*.cs`: integration-heavy endpoint tests plus helper/unit tests. -- `scripts/*.ps1`: deployment and smoke automation. +- `scripts/*.ps1`: deployment automation. Boundary quality: - Backend boundaries are leaky: endpoint layer owns domain rules, persistence orchestration, and security checks directly. diff --git a/scripts/smoke.ps1 b/scripts/smoke.ps1 deleted file mode 100644 index ad71a7f..0000000 --- a/scripts/smoke.ps1 +++ /dev/null @@ -1,53 +0,0 @@ -Param( - [string]$BaseUrl = "http://localhost:5116", - [string]$AdminKey = $env:ADMIN_PASSWORD -) - -if (-not $AdminKey) { - Write-Error "Set ADMIN_PASSWORD env var or pass -AdminKey." - exit 1 -} - -$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession - -function Invoke-Json { - param( - [Parameter(Mandatory=$true)][string]$Method, - [Parameter(Mandatory=$true)][string]$Path, - [object]$Body = $null, - [hashtable]$Headers = @{} - ) - $uri = "$BaseUrl$Path" - $params = @{ - Method = $Method - Uri = $uri - WebSession = $session - Headers = $Headers - } - if ($Body) { $params.Body = ($Body | ConvertTo-Json -Depth 5); $params.ContentType = "application/json" } - try { - $response = Invoke-WebRequest @params -ErrorAction Stop - if ($response.Content) { return ($response.Content | ConvertFrom-Json) } - return $null - } catch { - Write-Error "Request failed: $Method $uri`n$($_.Exception.Message)" - if ($_.Exception.Response -and $_.Exception.Response.GetResponseStream()) { - $reader = New-Object IO.StreamReader $_.Exception.Response.GetResponseStream() - Write-Error "Response body:`n$($reader.ReadToEnd())" - } - exit 1 - } -} - -Write-Host "Health check..." -Invoke-Json -Method GET -Path "/health" | Out-Host - -Write-Host "`nAdmin factory reset (clears players, suggestions, votes)..." -Invoke-Json -Method POST -Path "/api/admin/factory-reset" -Headers @{ "X-Admin-Key" = $AdminKey } | Out-Host - -# TODO - -Write-Host "`nAdmin factory reset (clears players, suggestions, votes)..." -Invoke-Json -Method POST -Path "/api/admin/factory-reset" -Headers @{ "X-Admin-Key" = $AdminKey } | Out-Host - -Write-Host "`nSmoke test completed."