d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_order/docs/reports/TODOS_AND_PLACEHOLDERS.md
defiQUG 2633de4d33 feat(eresidency): Complete eResidency service implementation 
- Implement credential revocation endpoint with proper database integration
- Fix database row mapping (snake_case to camelCase) for eResidency applications
- Add missing imports (getRiskAssessmentEngine, VeriffKYCProvider, ComplyAdvantageSanctionsProvider)
- Fix environment variable type checking for Veriff and ComplyAdvantage providers
- Add required 'message' field to notification service calls
- Fix risk assessment type mismatches
- Update audit logging to use 'verified' action type (supported by schema)
- Resolve all TypeScript errors and unused variable warnings
- Add TypeScript ignore comments for placeholder implementations
- Temporarily disable security/detect-non-literal-regexp rule due to ESLint 9 compatibility
- Service now builds successfully with no linter errors

All core functionality implemented:
- Application submission and management
- KYC integration (Veriff placeholder)
- Sanctions screening (ComplyAdvantage placeholder)
- Risk assessment engine
- Credential issuance and revocation
- Reviewer console
- Status endpoints
- Auto-issuance service
2025-11-10 19:43:02 -08:00

11 KiB
Raw Permalink Blame History

TODOs and Placeholders - Detailed List

Last Updated: 2024-12-28
Purpose: Quick reference for all TODOs and placeholders with exact file locations

TODOs in Code (7 items)

Identity Service

  1. services/identity/src/index.ts:134

    // TODO: Implement actual VC issuance with DID/KMS
    • Action: Implement full VC issuance with KMS signing and proof generation

  2. services/identity/src/index.ts:170

    // TODO: Implement actual VC verification
    • Action: Implement VC signature verification, expiration, and revocation checks

  3. services/identity/src/index.ts:208

    // TODO: Implement actual document signing with KMS
    • Action: Complete KMS integration and signature metadata storage

Finance Service

  1. services/finance/src/index.ts:118

    // TODO: Save to database
    • Action: Persist ledger entries to database with transaction handling

  2. services/finance/src/index.ts:161

    // TODO: Process payment through payment gateway
    • Action: Integrate payment gateway (Stripe/PayPal) and handle webhooks

Dataroom Service

  1. services/dataroom/src/index.ts:165

    // TODO: Fetch from database
    • Action: Replace hardcoded deal with database query

  2. services/dataroom/src/index.ts:210

    // TODO: Upload to storage and save to database
    • Action: Save document metadata to database after storage upload

Placeholders (10 items)

Identity Service

  1. services/identity/src/index.ts:173

    const valid = true; // Placeholder
    • Issue: VC verification always returns true
    • Fix: Implement actual verification logic

  2. services/identity/src/index.ts:138

    issuer: 'did:web:the-order.example.com',
    • Issue: Hardcoded issuer DID
    • Fix: Use environment variable or configuration

Workflows

  1. packages/workflows/src/intake.ts:31

    const ocrText = 'Extracted text from document'; // Placeholder
    • Issue: No actual OCR processing
    • Fix: Integrate OCR service

  2. packages/workflows/src/review.ts:98

    // For now, return true as a placeholder
return true;
    • Issue: Approval always returns true
    • Fix: Query database for actual approval status

Authentication

  1. packages/shared/src/auth.ts:127-132 
    // Placeholder: Extract user info from token
// In production: const userInfo = await oidcProvider.validateToken(token);
request.user = {
  id: 'oidc-user',
  email: 'user@example.com',
};
    • Issue: Hardcoded user info
    • Fix: Validate token with OIDC issuer and extract real user info

Test Files

  1. services/identity/src/index.test.ts:12 
    // For now, this is a placeholder structure
    • Issue: Test not implemented
    • Fix: Complete test implementation

Hardcoded Values (15+ items)

Configuration Values

  1. Storage Buckets

    • services/intake/src/index.ts:35: 'the-order-intake'
    • services/dataroom/src/index.ts:33: 'the-order-dataroom'
    • Fix: Use STORAGE_BUCKET environment variable

  2. KMS Key IDs

    • services/identity/src/index.ts:94: 'test-key'
    • services/identity/src/index.ts:211: 'default-key'
    • Fix: Require KMS_KEY_ID in environment, no fallback

  3. DID Issuer

    • services/identity/src/index.ts:138: 'did:web:the-order.example.com'
    • Fix: Use VC_ISSUER_DID environment variable

  4. Swagger Server URLs

    • All services: http://localhost:XXXX
    • Fix: Use environment-specific URLs

  5. CORS Default

    • packages/shared/src/security.ts:38: ['http://localhost:3000']
    • Fix: Require CORS_ORIGIN in production

  6. Deal Data

    • services/dataroom/src/index.ts:168: 'Example Deal'
    • Fix: Remove hardcoded data, query database

  7. Test Database URL

    • packages/test-utils/src/db-helpers.ts:47: 'postgresql://test:test@localhost:5432/test'
    • Note: This is acceptable for tests, but should be documented

Simplified/Incomplete Implementations

Workflows

  1. Intake Workflow (packages/workflows/src/intake.ts)

    • Line 29-31: OCR placeholder text
    • Line 33: Simple keyword-based classification
    • Line 36: Minimal data extraction (only word count)
    • Line 39-40: No document routing
    • Comment: "This is a simplified implementation. In production, this would use Temporal or AWS Step Functions"

  2. Review Workflow (packages/workflows/src/review.ts)

    • Line 27-28: Document not loaded
    • Line 66-88: All automated checks return { passed: true }
    • Line 42-43: No reviewer assignment
    • Line 97-99: Approval always returns true
    • Comment: "This is a simplified implementation. In production, this would use Temporal or AWS Step Functions"

Authentication

  1. DID Signature Verification (packages/auth/src/did.ts:83-90)

    • Comment: "Basic signature verification (simplified - real implementation would use proper crypto)"
    • Issue: May not work correctly for all key types

  2. eIDAS Verification (packages/auth/src/eidas.ts:52-59)

    • Comment: "Verify certificate chain (simplified - real implementation would validate full chain)"
    • Issue: Certificate chain not fully validated

  3. OIDC Token Validation (packages/shared/src/auth.ts:121-132)

    • Comment: "In production, this would validate the OIDC token with the issuer"
    • Issue: Only checks token length

Missing Implementations

Services Not Using Auth

  • Identity service endpoints are public
  • Finance service endpoints are public
  • Dataroom service endpoints are public
  • Intake service endpoints are public
  • Fix: Add authentication middleware to protected endpoints

Missing Database Operations

  • No database migrations defined
  • No database schema
  • No database seed scripts
  • No database connection initialization in services

Missing External Service Integrations

  • OCR service client
  • ML classification service
  • Payment gateway client
  • Notification service
  • Message queue client

Missing Infrastructure

  • Redis/caching setup
  • Message queue setup
  • Workflow orchestration (Temporal/Step Functions)
  • Monitoring stack (Prometheus, Grafana)

Code Comments Indicating Gaps

"In production" Comments (8 instances)

  1. packages/workflows/src/intake.ts:21-22: Temporal/Step Functions
  2. packages/workflows/src/intake.ts:30: OCR service call
  3. packages/workflows/src/intake.ts:40: Document routing
  4. packages/workflows/src/intake.ts:55: ML models
  5. packages/workflows/src/intake.ts:81: NLP extraction
  6. packages/workflows/src/review.ts:21-22: Temporal/Step Functions
  7. packages/workflows/src/review.ts:28: Document service
  8. packages/workflows/src/review.ts:43: Reviewer assignment
  9. packages/workflows/src/review.ts:97: Database approval check
  10. packages/shared/src/auth.ts:121: OIDC token validation
  11. packages/shared/src/auth.ts:128: User info extraction

"Simplified" Comments (6 instances)

  1. packages/workflows/src/intake.ts:54: Classification logic
  2. packages/workflows/src/intake.ts:80: Data extraction
  3. packages/workflows/src/review.ts:66: Automated checks
  4. packages/workflows/src/review.ts:91: Approval status
  5. packages/auth/src/did.ts:83: Signature verification
  6. packages/auth/src/eidas.ts:52: Certificate validation

Environment Variable Gaps

Optional but Required Variables

  1. DATABASE_URL - Required for all services
  2. STORAGE_BUCKET - Required for storage operations
  3. KMS_KEY_ID - Required for encryption/signing
  4. JWT_SECRET - Required for authentication

Missing Variables

  1. PAYMENT_GATEWAY_API_KEY
  2. PAYMENT_GATEWAY_WEBHOOK_SECRET
  3. OCR_SERVICE_URL
  4. OCR_SERVICE_API_KEY
  5. ML_CLASSIFICATION_SERVICE_URL
  6. ML_CLASSIFICATION_API_KEY
  7. NOTIFICATION_SERVICE_URL
  8. REDIS_URL
  9. MESSAGE_QUEUE_URL
  10. VC_ISSUER_DID
  11. VC_ISSUER_PRIVATE_KEY
  12. SWAGGER_SERVER_URL (per environment)

Test Implementation Gaps

Incomplete Tests

  1. services/identity/src/index.test.ts
    • Test structure exists but not implemented
    • Missing: Server setup
    • Missing: Mock configuration
    • Missing: Actual test execution

Missing Tests

  1. Integration tests for all services
  2. E2E tests for portal apps
  3. Database integration tests
  4. Storage integration tests
  5. KMS integration tests
  6. Workflow tests
  7. Authentication middleware tests

Application Gaps

Portal Public

  • Only placeholder homepage
  • No components
  • No API integration
  • No authentication UI

Portal Internal

  • Only placeholder homepage
  • No admin features
  • No management UIs
  • No reporting

MCP Apps

  • Not reviewed (may have similar gaps)

Priority Fix Order

Week 1 (Critical)

  1. Remove all hardcoded test/default values
  2. Add database persistence to all services
  3. Add authentication middleware to protected endpoints
  4. Fix placeholder implementations (VC verification, approval status)

Week 2-3 (High Priority)

  1. Integrate payment gateway
  2. Integrate OCR service
  3. Complete test implementations
  4. Add missing environment variables

Week 4+ (Medium Priority)

  1. Workflow orchestration
  2. ML classification
  3. Monitoring setup
  4. Portal app development

File-by-File Summary

Services

  • identity/src/index.ts: 3 TODOs, 2 placeholders, 2 hardcoded values
  • finance/src/index.ts: 2 TODOs
  • dataroom/src/index.ts: 2 TODOs, 1 hardcoded value
  • intake/src/index.ts: No TODOs, but missing database persistence

Packages

  • workflows/src/intake.ts: 1 placeholder, 5 "in production" comments
  • workflows/src/review.ts: 1 placeholder, 4 "in production" comments
  • shared/src/auth.ts: 1 placeholder, 2 "in production" comments
  • auth/src/did.ts: 1 "simplified" comment
  • auth/src/eidas.ts: 1 "simplified" comment

Tests

  • identity/src/index.test.ts: 1 placeholder comment, incomplete implementation

Quick Action Items

Immediate Fixes (1-2 hours each)

  • Remove 'test-key' and 'default-key' fallbacks
  • Remove 'Example Deal' hardcoded data
  • Change const valid = true to actual verification
  • Change return true in approval to database query
  • Move hardcoded issuer DID to environment variable
  • Make critical env vars required in production

Short Term (1-2 days each)

  • Add database persistence to all service endpoints
  • Integrate payment gateway
  • Add authentication middleware to endpoints
  • Complete test implementations

Medium Term (1-2 weeks each)

  • Integrate OCR service
  • Integrate ML classification
  • Set up workflow orchestration
  • Build portal apps

See GAPS_AND_PLACEHOLDERS.md for detailed analysis of each gap.

Reference in New Issue View Git Blame Copy Permalink