Maintainability Review - Pick'n'Play

A) Current focus

This document tracks only active work. Completed work is intentionally omitted and can be reviewed in git history.

Active maintainability risks (priority order):

CI currently gates restore/build/test only (.github/workflows/ci.yml:23-.github/workflows/ci.yml:29).
Impact: style drift and low-signal warnings can enter the codebase undetected.

[P2] Add static analysis and JS lint/format guardrails

Problem: Severity Medium, Category Tooling. CI does not enforce analyzers or JS lint/format checks.
Evidence: .github/workflows/ci.yml:23-.github/workflows/ci.yml:29.
Recommendation: add .NET analyzer configuration and ESLint/Prettier checks, then enforce in CI.
Acceptance criteria (testable): CI fails on analyzer/lint violations; local scripts are documented in root docs.
Effort / Risk: M / Low.
Dependencies (if any): none.

[P2] Externalize i18n and FAQ content from executable JS

Problem: Severity Low, Category Complexity/Documentation. Translation and FAQ payloads are embedded in code.
Evidence: wwwroot/js/i18n.js:1-wwwroot/js/i18n.js:799.
Recommendation: move language dictionaries and FAQ markdown into versioned data assets with schema checks.
Acceptance criteria (testable): i18n.js holds behavior only; assets load and render identical user-facing text.
Effort / Risk: M / Low.
Dependencies (if any): frontend module split is helpful but optional.

Keep endpoint handlers transport-focused and move business rules into services/validators.
Keep reads side-effect free and isolate all persistence changes to explicit command paths.
Maintain one source of truth per validation rule (backend authoritative, frontend UX hints only).
Prefer typed DTOs over anonymous response shapes for non-trivial API payloads.