51 lines
2.4 KiB
Markdown
51 lines
2.4 KiB
Markdown
# Edge Case Catalogue
|
|
|
|
Capture every non-happy-path scenario that has bitten you in past projects. Use these prompts when planning features, writing tests, and updating documentation.
|
|
|
|
## Authentication & Authorization
|
|
- What happens when the identity provider is unavailable or rate-limited?
|
|
- Can users authenticate with multiple providers? How do you reconcile identities?
|
|
- Do access tokens expire mid-session? Plan silent refresh and forced logout flows.
|
|
- Are admin-only routes guarded on the server, not just the client?
|
|
- How do you roll keys or secrets without booting everyone?
|
|
|
|
## Feature Flags & Configuration
|
|
- Can new features be disabled quickly without redeploying?
|
|
- Are default values safe when the config service is unreachable?
|
|
- What is logged when a flag evaluation fails?
|
|
|
|
## Data & Persistence
|
|
- Are migrations idempotent? Can you roll them back?
|
|
- Do background jobs tolerate partial failure or duplicate delivery?
|
|
- What size assumptions exist for JSON payloads, binary blobs, or text fields?
|
|
- How do you seed development data without leaking production secrets?
|
|
|
|
## Scheduling & Calendars
|
|
- Do you store timestamps in UTC and render them with the user's offset?
|
|
- How do you handle daylight saving transitions and leap seconds?
|
|
- Can overlapping events be created? If not, validate and surface clear errors.
|
|
- What is the source of truth when multiple calendars sync into one timeline?
|
|
|
|
## File & Asset Management
|
|
- Maximum file size? Enforce both client and server-side.
|
|
- Are uploads scanned, transcoded, or resized? Where is the queue?
|
|
- How do you serve private files? Signed URLs, download proxies, expiring tokens?
|
|
- What is the retention policy and deletion workflow?
|
|
|
|
## External Services
|
|
- Plan for timeouts, retries, and rate limits on each integration.
|
|
- If a vendor returns partial data, does your UI still render something helpful?
|
|
- Document SLAs and fallbacks in `docs/stack-decisions.md`.
|
|
|
|
## Observability & Recovery
|
|
- Which metrics, logs, and traces are mandatory before launch?
|
|
- Do alerts route to a real person with enough context to act?
|
|
- After an incident, what automated reports or scripts help recreate the scenario?
|
|
|
|
## Compliance & Privacy
|
|
- How do you handle data export, erasure, and consent?
|
|
- What environments carry production data? Are they encrypted at rest?
|
|
- Which audit logs must be preserved, and where?
|
|
|
|
When a new surprise occurs, write the story here, then open a PR to harden the template so the next project benefits immediately.
|