Nicholai/Correspondents
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Correspondents/docs/edge-cases.md

2.4 KiB
Raw Blame History

Edge Case Catalogue

Capture every non-happy-path scenario that has bitten you in past projects. Use these prompts when planning features, writing tests, and updating documentation.

Authentication & Authorization

  • What happens when the identity provider is unavailable or rate-limited?
  • Can users authenticate with multiple providers? How do you reconcile identities?
  • Do access tokens expire mid-session? Plan silent refresh and forced logout flows.
  • Are admin-only routes guarded on the server, not just the client?
  • How do you roll keys or secrets without booting everyone?

Feature Flags & Configuration

  • Can new features be disabled quickly without redeploying?
  • Are default values safe when the config service is unreachable?
  • What is logged when a flag evaluation fails?

Data & Persistence

  • Are migrations idempotent? Can you roll them back?
  • Do background jobs tolerate partial failure or duplicate delivery?
  • What size assumptions exist for JSON payloads, binary blobs, or text fields?
  • How do you seed development data without leaking production secrets?

Scheduling & Calendars

  • Do you store timestamps in UTC and render them with the user's offset?
  • How do you handle daylight saving transitions and leap seconds?
  • Can overlapping events be created? If not, validate and surface clear errors.
  • What is the source of truth when multiple calendars sync into one timeline?

File & Asset Management

  • Maximum file size? Enforce both client and server-side.
  • Are uploads scanned, transcoded, or resized? Where is the queue?
  • How do you serve private files? Signed URLs, download proxies, expiring tokens?
  • What is the retention policy and deletion workflow?

External Services

  • Plan for timeouts, retries, and rate limits on each integration.
  • If a vendor returns partial data, does your UI still render something helpful?
  • Document SLAs and fallbacks in docs/stack-decisions.md.

Observability & Recovery

  • Which metrics, logs, and traces are mandatory before launch?
  • Do alerts route to a real person with enough context to act?
  • After an incident, what automated reports or scripts help recreate the scenario?

Compliance & Privacy

  • How do you handle data export, erasure, and consent?
  • What environments carry production data? Are they encrypted at rest?
  • Which audit logs must be preserved, and where?

When a new surprise occurs, write the story here, then open a PR to harden the template so the next project benefits immediately.