[VERIFY] Markers¶
Open questions raised during this audit that need follow-up.
| ID | Question | Owner | Where it matters |
|---|---|---|---|
| [VERIFY-1] | Do the three services/job_*_insights.js files match their someli-api/dashboard/services/ counterparts byte-for-byte? |
TBD | Cross-references in architecture-overview.md and relationship-to-someli-api.md |
| [VERIFY-2] | What is the production HTTP path? Is it /auth/dashboard/... (inferred from someli-api/CLAUDE.md)? |
TBD | API-inventory.md paths |
| [VERIFY-3] | Does someli-platform use the standalone with mocks, or always a real someli-api, during local dev? |
TBD | mock-vs-production.md rationale; testing.md |
| [VERIFY-4] | Are the SQL aggregations parameterised consistently (no string concatenation of :pId)? |
TBD | security.md SQL injection footnote |
| [VERIFY-5] | Is the express-session middleware actually consumed by any handler, or fully unused? |
TBD | authentication.md, security.md finding F-1 |
| [VERIFY-6] | What's the team's intent — Path A (retire) or Path B (extract)? | Engineering lead | All strategic guidance in enterprise-readiness.md |