Code inspection¶
Per-repo, code-level inspections of the main Someli product repos. Conducted 2026-05-17.
The lens is deliberately narrow: concrete, reproducible bugs and code-quality issues with file:line references. It does NOT re-litigate architecture, deployment, or platform-wide security findings — those live in each repo's audit subtree (someli-doc/audit/<repo>/security.md, enterprise-readiness.md, etc.).
Reports¶
| Repo | Role | Doc |
|---|---|---|
someli-api |
Main customer-facing backend (Express + MySQL) | someli-api.md |
someli-platform |
Main customer-facing frontend (Nuxt 2 SPA) | someli-platform.md |
admin_console_R |
Admin console frontend (Vite + React + TS) | admin_console_R.md |
Someli-Designer |
Internal staff designer tool frontend (Nuxt 2 + Polotno) | Someli-Designer.md |
Someli-admin-api |
Admin console backend (Express + MySQL) | Someli-admin-api.md |
designer-api |
Designer tool backend (Express + MySQL) | designer-api.md |
How to read these¶
Each report follows the same structure:
- Summary — one paragraph on counts and recurring themes.
- Critical / High / Medium / Low — each finding has
File:line, What, Why it matters, Fix. - Cross-cutting observations — patterns that span multiple findings.
Findings are confidence-filtered: the inspector was told to omit speculative items. A short report means few real issues were found, not a shallow inspection.
What's not included¶
- Architecture, data flow, deployment, branch/release model → see
someli-doc/audit/<repo>/. - Platform-wide security posture (no rate limits, persistent tokens, wildcard CORS, hardcoded session secrets, Vue 2 EOL, no test suites) → see
someli-doc/audit/<repo>/security.mdandenterprise-readiness.md. - Cross-repo overlap and drift → see
someli-doc/audit/CODE-OVERLAP-MATRIX.md.
Update cadence¶
Re-run inspection after any major refactor or every 6 months — line numbers drift fast.