{ "meta": { "title": "Veza Production Readiness TodoList", "generated_at": "2025-12-27T15:47:00+01:00", "total_tasks": 26, "by_priority": { "P0_blocker": 3, "P1_critical": 7, "P2_major": 10, "P3_minor": 6 }, "by_category": { "backend": 8, "frontend": 7, "infrastructure": 3, "security": 4, "testing": 2, "documentation": 1 } }, "summary": { "production_ready": false, "score": "31/70", "blocking_issues": 3, "estimated_hours": 323 }, "tasks": [ { "id": "PROD-000", "priority": "P1", "category": "testing", "title": "Débugger le setup global E2E", "description": "Les tests E2E ne peuvent pas démarrer car le setup global échoue avec 'API login failed: Failed to fetch'. Le Backend API est UP (health, register, login fonctionnent), mais le setup E2E a un problème de connexion.", "status": "open", "blocking": false, "test_command": "cd apps/web && npx playwright test --reporter=list", "expected_result": "Tests E2E démarrent et s'exécutent", "actual_result": "Setup global échoue: API login failed: Failed to fetch", "files_to_check": ["apps/web/e2e/global-setup.ts"], "fix_suggestion": "Vérifier la configuration de l'URL API dans global-setup.ts, les timeouts, CORS, et la logique de connexion. Le Backend API fonctionne, donc le problème est dans le setup.", "estimated_hours": 4, "dependencies": [] }, { "id": "PROD-001", "priority": "P0", "category": "backend", "title": "Corriger les dépendances Rust - Conflit sqlite", "description": "Le Chat Server ne compile pas à cause d'un conflit de dépendances libsqlite3-sys entre sqlx v0.7.0 (veza-common) et sqlx v0.8.6 (chat-server). Unifier les versions de sqlx dans tous les projets Rust.", "status": "open", "blocking": true, "test_command": "cd veza-chat-server && cargo build", "expected_result": "Compilation réussie sans erreurs", "actual_result": "failed to select a version for `libsqlite3-sys` - conflit de links", "files_to_check": ["veza-chat-server/Cargo.toml", "veza-common/Cargo.toml"], "fix_suggestion": "Unifier les versions de sqlx dans veza-common et veza-chat-server, ou utiliser des features pour éviter le conflit", "estimated_hours": 8, "dependencies": [] }, { "id": "PROD-002", "priority": "P0", "category": "backend", "title": "Installer protoc pour Stream Server", "description": "Le Stream Server ne compile pas car protoc (protobuf compiler) est manquant. Installer protoc ou configurer la variable d'environnement PROTOC.", "status": "open", "blocking": true, "test_command": "cd veza-stream-server && cargo build", "expected_result": "Compilation réussie", "actual_result": "Could not find `protoc`. If `protoc` is installed, try setting the `PROTOC` environment variable", "files_to_check": ["veza-stream-server/Cargo.toml", "veza-stream-server/build.rs"], "fix_suggestion": "Installer protobuf-compiler: `apt-get install protobuf-compiler` ou `dnf install protobuf-compiler`", "estimated_hours": 2, "dependencies": [] }, { "id": "PROD-003", "priority": "P0", "category": "frontend", "title": "Corriger les imports use-toast → useToast", "description": "Le build frontend échoue car les fichiers importent 'use-toast' au lieu de 'useToast'. Le hook existe sous le nom useToast.ts mais est importé avec un tiret.", "status": "open", "blocking": true, "test_command": "cd apps/web && npm run build", "expected_result": "Build réussi", "actual_result": "Could not load /home/senke/git/talas/veza/apps/web/src/hooks/use-toast: ENOENT: no such file or directory", "files_to_check": ["apps/web/src/pages/WebhooksPage.tsx", "apps/web/src/pages/AdminDashboardPage.tsx"], "fix_suggestion": "Remplacer 'use-toast' par '@/hooks/useToast' dans les imports", "estimated_hours": 2, "dependencies": [] }, { "id": "PROD-004", "priority": "P0", "category": "backend", "title": "Corriger les tests de transactions Backend", "description": "17 tests de transactions échouent car les conteneurs de test PostgreSQL ne démarrent pas. Erreur: 'failed to start postgres container after 3 attempts: start container: started hook: wait until ready: container exited with code 3'", "status": "open", "blocking": true, "test_command": "cd veza-backend-api && go test ./tests/transactions/... -v", "expected_result": "Tous les tests passent", "actual_result": "17 tests échouent avec erreur de conteneur", "files_to_check": ["veza-backend-api/internal/testutils/db.go", "veza-backend-api/tests/transactions/"], "fix_suggestion": "Vérifier la configuration des conteneurs de test, augmenter les timeouts, ou utiliser une base de données de test partagée", "estimated_hours": 12, "dependencies": [] }, { "id": "PROD-005", "priority": "P1", "category": "backend", "title": "Augmenter la couverture de code Backend à 80%+", "description": "La couverture actuelle est de 40.3%, ce qui est insuffisant pour la production. Objectif: 80%+", "status": "open", "blocking": false, "test_command": "cd veza-backend-api && go test ./... -coverprofile=coverage.out && go tool cover -func=coverage.out | grep total", "expected_result": "coverage: 80.0% of statements", "actual_result": "coverage: 40.3% of statements", "files_to_check": ["veza-backend-api/coverage.out"], "fix_suggestion": "Ajouter des tests unitaires pour les modules non couverts, notamment les handlers, services, et middleware", "estimated_hours": 40, "dependencies": [] }, { "id": "PROD-006", "priority": "P1", "category": "frontend", "title": "Corriger les tests Frontend - Contexte React Router", "description": "585 tests frontend échouent avec l'erreur 'Cannot destructure property 'basename' of 'React__namespace.useContext(...)' as it is null'. Problème de contexte Router manquant dans les tests.", "status": "open", "blocking": false, "test_command": "cd apps/web && npm test -- --run", "expected_result": "Tous les tests passent", "actual_result": "585 tests échouent avec erreur de contexte Router", "files_to_check": ["apps/web/src/features/tracks/components/TrackSearch.test.tsx", "apps/web/vitest.config.ts"], "fix_suggestion": "Ajouter MemoryRouter ou BrowserRouter dans les setup de tests, ou créer un wrapper de test avec Router", "estimated_hours": 16, "dependencies": [] }, { "id": "PROD-007", "priority": "P1", "category": "frontend", "title": "Corriger le type check Frontend", "description": "12 erreurs TypeScript empêchent le type check de passer. Problèmes dans stateVersioning.ts, undoRedo.ts, et stateVersioning.example.ts", "status": "open", "blocking": false, "test_command": "cd apps/web && npm run typecheck", "expected_result": "Aucune erreur TypeScript", "actual_result": "12 erreurs TypeScript", "files_to_check": ["apps/web/src/utils/stateVersioning.ts", "apps/web/src/utils/undoRedo.ts", "apps/web/src/utils/stateVersioning.example.ts"], "fix_suggestion": "Corriger les types dans les migrations, les mutators Zustand, et les LogContext", "estimated_hours": 8, "dependencies": [] }, { "id": "PROD-008", "priority": "P1", "category": "security", "title": "Corriger le secret filtering dans les logs", "description": "Les tests TestSecretFilterCore_FiltersSecrets échouent. Les secrets (password, api_key, token, authorization) ne sont pas filtrés correctement dans les logs.", "status": "open", "blocking": false, "test_command": "cd veza-backend-api && go test ./internal/logging -v -run TestSecretFilterCore", "expected_result": "Tous les tests passent", "actual_result": "4 sous-tests échouent - secrets non filtrés", "files_to_check": ["veza-backend-api/internal/logging/secret_filter.go", "veza-backend-api/internal/logging/secret_filter_test.go"], "fix_suggestion": "Vérifier la configuration du filtre de secrets, ajouter les patterns manquants (password, api_key, token, authorization)", "estimated_hours": 4, "dependencies": [] }, { "id": "PROD-009", "priority": "P1", "category": "backend", "title": "Corriger la validation de mot de passe", "description": "La validation de mot de passe rejette tous les mots de passe valides avec le message 'Password contains common words or patterns'. 7 tests échouent.", "status": "open", "blocking": false, "test_command": "cd veza-backend-api && go test ./internal/validators -v -run TestPasswordValidator", "expected_result": "Tous les tests passent", "actual_result": "7 tests échouent - tous les mots de passe rejetés", "files_to_check": ["veza-backend-api/internal/validators/password_validator.go", "veza-backend-api/internal/validators/password_validator_test.go"], "fix_suggestion": "Vérifier la logique de validation, corriger la détection des mots communs, ou ajuster les règles de validation", "estimated_hours": 6, "dependencies": [] }, { "id": "PROD-010", "priority": "P1", "category": "backend", "title": "Corriger les endpoints API qui échouent", "description": "Tous les endpoints API échouent sauf /health, /auth/register, et /auth/login. Problème probable avec les tokens ou les permissions.", "status": "open", "blocking": false, "test_command": "curl -s http://localhost:8080/api/v1/tracks -H 'Authorization: Bearer $TOKEN'", "expected_result": "Liste des tracks ou réponse JSON valide", "actual_result": "Error", "files_to_check": ["veza-backend-api/internal/middleware/auth.go", "veza-backend-api/internal/handlers/"], "fix_suggestion": "Vérifier la validation des tokens, les permissions, et les routes", "estimated_hours": 12, "dependencies": [] }, { "id": "PROD-011", "priority": "P2", "category": "frontend", "title": "Nettoyer le lint Frontend", "description": "2095 problèmes de lint (422 erreurs, 1673 warnings). Principalement utilisation excessive de 'any' et variables non utilisées.", "status": "open", "blocking": false, "test_command": "cd apps/web && npm run lint", "expected_result": "0 erreurs, <100 warnings", "actual_result": "422 erreurs, 1673 warnings", "files_to_check": ["apps/web/src/"], "fix_suggestion": "Remplacer 'any' par des types appropriés, supprimer les variables non utilisées, corriger les problèmes de types", "estimated_hours": 24, "dependencies": [] }, { "id": "PROD-012", "priority": "P2", "category": "backend", "title": "Mettre à jour les tests CORS", "description": "Les tests CORS échouent car les headers attendus ne correspondent pas à la configuration réelle (PATCH ajouté, X-Requested-With ajouté).", "status": "open", "blocking": false, "test_command": "cd veza-backend-api && go test ./internal/middleware -v -run TestCORS", "expected_result": "Tous les tests passent", "actual_result": "2 tests échouent - headers différents", "files_to_check": ["veza-backend-api/internal/middleware/cors_test.go", "veza-backend-api/internal/middleware/cors.go"], "fix_suggestion": "Mettre à jour les tests pour refléter la configuration CORS réelle", "estimated_hours": 2, "dependencies": [] }, { "id": "PROD-013", "priority": "P2", "category": "backend", "title": "Corriger TestGetTraceID - Panic nil pointer", "description": "Le test TestGetTraceID provoque un panic 'invalid memory address or nil pointer dereference' dans tracing.go:84.", "status": "open", "blocking": false, "test_command": "cd veza-backend-api && go test ./internal/middleware -v -run TestGetTraceID", "expected_result": "Test passe", "actual_result": "panic: runtime error: invalid memory address or nil pointer dereference", "files_to_check": ["veza-backend-api/internal/middleware/tracing.go", "veza-backend-api/internal/middleware/tracing_test.go"], "fix_suggestion": "Vérifier que le Request n'est pas nil avant d'appeler Context(), ou corriger le setup du test", "estimated_hours": 2, "dependencies": [] }, { "id": "PROD-014", "priority": "P2", "category": "backend", "title": "Corriger les messages d'erreur dans les tests RBAC", "description": "Les tests TestRequirePermission_WithInvalidUserIDType et TestRequireRole_WithInvalidUserIDType échouent car le message d'erreur est 'invalid user id format' au lieu de 'invalid user id type'.", "status": "open", "blocking": false, "test_command": "cd veza-backend-api && go test ./internal/middleware -v -run TestRequirePermission_WithInvalidUserIDType", "expected_result": "Test passe", "actual_result": "Message d'erreur différent", "files_to_check": ["veza-backend-api/internal/middleware/rbac_middleware_test.go", "veza-backend-api/internal/middleware/auth.go"], "fix_suggestion": "Mettre à jour les tests pour utiliser le message d'erreur réel, ou changer le message d'erreur dans le code", "estimated_hours": 1, "dependencies": [] }, { "id": "PROD-015", "priority": "P2", "category": "backend", "title": "Corriger TestTrackRecommendationParams_Defaults", "description": "Le test échoue car le score par défaut est 0.0 au lieu de 0.1.", "status": "open", "blocking": false, "test_command": "cd veza-backend-api && go test ./internal/services -v -run TestTrackRecommendationParams_Defaults", "expected_result": "Test passe", "actual_result": "Expected default min score 0.1, got 0.000000", "files_to_check": ["veza-backend-api/internal/services/track_recommendation_service.go", "veza-backend-api/internal/services/track_recommendation_service_test.go"], "fix_suggestion": "Corriger la valeur par défaut du min score à 0.1", "estimated_hours": 1, "dependencies": [] }, { "id": "PROD-016", "priority": "P2", "category": "backend", "title": "Corriger les erreurs de compilation Veza Common", "description": "Veza Common ne compile pas avec 163 erreurs de compilation. Problèmes de types, lifetimes, et ownership.", "status": "open", "blocking": false, "test_command": "cd veza-common && cargo build", "expected_result": "Compilation réussie", "actual_result": "163 erreurs de compilation", "files_to_check": ["veza-common/src/"], "fix_suggestion": "Corriger les erreurs de types, lifetimes, et ownership. Notamment le problème avec to_lowercase() dans le match", "estimated_hours": 16, "dependencies": [] }, { "id": "PROD-017", "priority": "P2", "category": "infrastructure", "title": "Configurer HTTPS/TLS en production", "description": "HTTPS/TLS n'est pas configuré pour la production. Nécessaire pour la sécurité.", "status": "open", "blocking": false, "test_command": "curl -k https://localhost:8080/health", "expected_result": "Connexion HTTPS réussie", "actual_result": "Non configuré", "files_to_check": ["docker/haproxy/", "docker-compose.production.yml"], "fix_suggestion": "Configurer un reverse proxy (nginx/haproxy) avec certificats SSL, ou utiliser Let's Encrypt", "estimated_hours": 8, "dependencies": [] }, { "id": "PROD-018", "priority": "P2", "category": "security", "title": "Vérifier et configurer CSRF protection", "description": "La protection CSRF n'a pas été vérifiée. Nécessaire pour la sécurité en production.", "status": "open", "blocking": false, "test_command": "Vérifier la présence de middleware CSRF dans le code", "expected_result": "CSRF protection activée", "actual_result": "Non vérifié", "files_to_check": ["veza-backend-api/internal/middleware/"], "fix_suggestion": "Ajouter un middleware CSRF si absent, ou documenter la protection existante", "estimated_hours": 4, "dependencies": [] }, { "id": "PROD-019", "priority": "P2", "category": "security", "title": "Vérifier le rate limiting en production", "description": "Le rate limiting est présent dans le code mais n'a pas été vérifié en production.", "status": "open", "blocking": false, "test_command": "Vérifier la configuration du rate limiting", "expected_result": "Rate limiting configuré et testé", "actual_result": "Présent mais non vérifié", "files_to_check": ["veza-backend-api/internal/middleware/"], "fix_suggestion": "Tester le rate limiting, vérifier les limites, et documenter la configuration", "estimated_hours": 4, "dependencies": [] }, { "id": "PROD-020", "priority": "P2", "category": "infrastructure", "title": "Vérifier les backups de base de données", "description": "La stratégie de backup de la base de données n'a pas été vérifiée.", "status": "open", "blocking": false, "test_command": "Vérifier les scripts de backup et leur automatisation", "expected_result": "Backups automatisés configurés", "actual_result": "Non vérifié", "files_to_check": ["scripts/", "docker-compose.production.yml"], "fix_suggestion": "Configurer des backups automatisés (cron, pg_dump, etc.)", "estimated_hours": 4, "dependencies": [] }, { "id": "PROD-021", "priority": "P3", "category": "documentation", "title": "Documenter les variables d'environnement", "description": "Les variables d'environnement ne sont pas documentées. Créer un fichier .env.example avec toutes les variables requises.", "status": "open", "blocking": false, "test_command": "Vérifier l'existence de .env.example pour chaque service", "expected_result": ".env.example présent avec documentation", "actual_result": "Partiellement présent", "files_to_check": ["veza-backend-api/.env.example", "apps/web/.env.example"], "fix_suggestion": "Créer ou compléter les fichiers .env.example avec toutes les variables et leurs descriptions", "estimated_hours": 2, "dependencies": [] }, { "id": "PROD-022", "priority": "P3", "category": "infrastructure", "title": "Vérifier la configuration du monitoring", "description": "Prometheus/Grafana sont présents dans le code mais la configuration n'a pas été vérifiée.", "status": "open", "blocking": false, "test_command": "Vérifier les dashboards et métriques", "expected_result": "Monitoring configuré et fonctionnel", "actual_result": "Présent mais non vérifié", "files_to_check": ["veza-backend-api/internal/monitoring/"], "fix_suggestion": "Vérifier les métriques exposées, les dashboards Grafana, et tester le monitoring", "estimated_hours": 4, "dependencies": [] }, { "id": "PROD-023", "priority": "P3", "category": "frontend", "title": "Configurer l'API URL de production", "description": "L'URL de l'API de production n'a pas été vérifiée dans la configuration frontend.", "status": "open", "blocking": false, "test_command": "Vérifier VITE_API_URL dans la configuration", "expected_result": "URL de production configurée", "actual_result": "Non vérifié", "files_to_check": ["apps/web/.env", "apps/web/.env.example"], "fix_suggestion": "Configurer VITE_API_URL pour la production et documenter", "estimated_hours": 1, "dependencies": [] }, { "id": "PROD-024", "priority": "P3", "category": "frontend", "title": "Vérifier la configuration Sentry", "description": "Sentry est présent dans package.json mais la configuration n'a pas été vérifiée.", "status": "open", "blocking": false, "test_command": "Vérifier la configuration Sentry dans le code", "expected_result": "Sentry configuré avec DSN", "actual_result": "Présent mais non vérifié", "files_to_check": ["apps/web/src/"], "fix_suggestion": "Vérifier et configurer Sentry avec le DSN de production", "estimated_hours": 2, "dependencies": [] }, { "id": "PROD-025", "priority": "P3", "category": "infrastructure", "title": "Vérifier la configuration CI/CD", "description": "La configuration CI/CD n'a pas été vérifiée.", "status": "open", "blocking": false, "test_command": "Vérifier les fichiers de CI/CD (.github/workflows/, .gitlab-ci.yml, etc.)", "expected_result": "CI/CD configuré et fonctionnel", "actual_result": "Non vérifié", "files_to_check": [".github/workflows/", ".gitlab-ci.yml"], "fix_suggestion": "Vérifier et tester les pipelines CI/CD", "estimated_hours": 4, "dependencies": [] } ], "tests_summary": { "backend_go": { "compilation": "pass", "unit_tests": { "total": 35, "passed": 19, "failed": 16 }, "integration_tests": { "total": 0, "passed": 0, "failed": 0 }, "coverage": "40.3%" }, "rust_services": { "chat_server": { "compilation": "fail", "tests": { "passed": 0, "failed": 0 }, "error": "Conflit de dépendances libsqlite3-sys" }, "stream_server": { "compilation": "fail", "tests": { "passed": 0, "failed": 0 }, "error": "protoc manquant" }, "veza_common": { "compilation": "fail", "tests": { "passed": 0, "failed": 0 }, "error": "163 erreurs de compilation" } }, "frontend": { "build": "fail", "type_check": "fail", "lint": { "errors": 422, "warnings": 1673 }, "unit_tests": { "total": 2885, "passed": 2300, "failed": 585, "note": "Tests exécutables malgré l'échec du build (79.7% de réussite)" } }, "api_curl": { "total": 12, "passed": 3, "failed": 0, "partial": 9, "note": "Health, register, login fonctionnent. Endpoints authentifiés non testés en détail." }, "e2e_playwright": { "total": 180, "passed": 0, "failed": 0, "skipped": 0, "note": "Setup global échoue: API login failed: Failed to fetch (Backend API est UP mais setup a un problème)" } }, "infrastructure_status": { "backend_api": { "port": 8080, "status": "up", "note": "✅ UP - Health, register, login fonctionnent" }, "frontend": { "port": 5173, "status": "up" }, "postgresql": { "port": 5432, "status": "up" }, "redis": { "port": 6379, "status": "up" }, "rabbitmq": { "port": 5672, "status": "up" }, "chat_server": { "port": 8081, "status": "down" }, "stream_server": { "port": 8082, "status": "down" } }, "security_checklist": { "csrf_protection": false, "rate_limiting": true, "jwt_validation": true, "password_hashing": true, "input_validation": true, "cors_configured": true, "https_ready": false, "secrets_in_env": true, "secret_filtering_logs": false }, "deployment_checklist": { "dockerfiles_ready": true, "docker_compose_prod": true, "env_vars_documented": false, "migrations_ready": true, "backup_strategy": false, "monitoring_ready": false, "ci_cd_configured": false, "ssl_certificates": false } }