oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity
Files
main
aitbc/docs/quality/json-dependency-analysis.md
aitbc 573aae065b
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 56s
Details
Blockchain Synchronization Verification / sync-verification (push) Failing after 3s
Details
CLI Tests / test-cli (push) Failing after 5s
Details
Coverage Phase 1 (70% Target) / test-coverage-70 (push) Failing after 19s
Details
Coverage Phase 2 (85% Target) / test-coverage-85 (push) Failing after 18s
Details
Cross-Chain Functionality Tests / test-cross-chain-sync (push) Successful in 3s
Details
Cross-Chain Functionality Tests / test-cross-chain-transactions (push) Successful in 4s
Details
Cross-Chain Functionality Tests / test-multi-chain-consensus (push) Successful in 5s
Details
Deploy to Testnet / deploy-testnet (push) Failing after 21s
Details
Documentation Validation / validate-docs (push) Failing after 13s
Details
Documentation Validation / validate-policies-strict (push) Successful in 4s
Details
Integration Tests / test-service-integration (push) Failing after 2s
Details
Multi-Chain Island Architecture Tests / test-multi-chain-island (push) Successful in 4s
Details
Multi-Node Blockchain Health Monitoring / health-check (push) Failing after 14s
Details
Node Failover Simulation / failover-test (push) Successful in 9s
Details
P2P Network Verification / p2p-verification (push) Successful in 5s
Details
Package Tests / Python package - aitbc-agent-sdk (push) Successful in 51s
Details
Package Tests / Python package - aitbc-core (push) Failing after 3s
Details
Package Tests / Python package - aitbc-crypto (push) Successful in 22s
Details
Package Tests / Python package - aitbc-sdk (push) Successful in 16s
Details
Package Tests / JavaScript package - aitbc-sdk-js (push) Successful in 21s
Details
Package Tests / JavaScript package - aitbc-token (push) Failing after 18s
Details
Production Tests / Production Integration Tests (push) Failing after 1m9s
Details
Python Tests / test-python (push) Failing after 3s
Details
Security Scanning / security-scan (push) Failing after 41s
Details
Smart Contract Tests / test-solidity (map[name:aitbc-contracts path:contracts]) (push) Failing after 6s
Details
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Failing after 7s
Details
Smart Contract Tests / test-foundry (push) Failing after 20s
Details
Smart Contract Tests / lint-solidity (push) Failing after 4s
Details
Smart Contract Tests / deploy-contracts (push) Failing after 5s
Details
Cross-Chain Functionality Tests / aggregate-results (push) Successful in 2s
Details
Multi-Node Stress Testing / stress-test (push) Successful in 2s
Details
Cross-Node Transaction Testing / transaction-test (push) Successful in 3s
Details
feat: complete codebase remediation with all phases 
Phase 1: Security fixes
- Added CORSMiddleware to marketplace-service with specific origins
- Fixed blockchain-node auth to fail closed on JWT errors
- Added security regression tests (test_cors_configuration.py, test_dispute_auth.py)

Phase 2: Repository cleanup
- Removed 51 fix/backup/legacy files
- Deleted marketplace-service-debug directory

Phase 3.1: Python version constraints
- Updated aitbc-crypto and aitbc-sdk with requires-python >=3.13
- Added explicit [tool.poetry].packages declarations

Phase 3.2: Agent service DI architecture
- Created aitbc-agent-core package with protocols and shared service
- Implemented adapters for agent-management and coordinator-api
- Created factory functions for gradual migration
- Added migration comments to existing integration files

Phase 4.1: Auth/utils extraction
- Created auth.py module with JWT validation and security utilities
- Created utils.py module with common helpers

Phase 4.2: Router decomposition
- Decomposed router.py into 10 domain modules (58 endpoints)
- Created route table snapshot for verification
- Preserved router_old.py as reference

Phase 5: App shell classification
- Documented app shell patterns across services

Phase 6: Quality gates
- Verified mypy type checking (75% error reduction)
- Analyzed logging inconsistencies with structlog migration plan
- Removed unused orjson dependency

Documentation:
- Created comprehensive remediation report
- Added architecture documentation for DI pattern
- Added quality analysis documents
2026-05-24 20:21:23 +02:00

121 lines
3.0 KiB
Markdown
Raw Permalink Blame History

# JSON Dependency Analysis
## Current State
### Dependency in pyproject.toml
```toml
# JSON & Serialization
orjson = ">=3.11.0"
msgpack = ">=3.11.0"
python-multipart = ">=0.0.27"
```
### Usage Analysis
- **orjson**: Listed in dependencies but **NOT USED** in codebase
- No `import orjson` found in any Python files
- No references to orjson API
- Dead dependency
- **msgpack**: Listed in dependencies
- Usage not analyzed in this scan
- Potentially used for binary serialization
- **stdlib json**: Used throughout codebase
- Standard library `json` module is the default
- Used in 100+ files across codebase
## Performance Considerations
### orjson Benefits
- Faster serialization/deserialization than stdlib json
- Better performance for hot paths
- More efficient memory usage
- Better datetime handling
### orjson Drawbacks
- Additional dependency to maintain
- Not needed if not used
- Adds to dependency surface area
- Potential security vulnerabilities in third-party code
## Recommendation
### Decision: Remove orjson from dependencies
**Rationale:**
1. **Not Used**: No active usage found in codebase
2. **Unnecessary Overhead**: Adds dependency without benefit
3. **Security**: Reduces attack surface
4. **Maintenance**: One less dependency to update
5. **Cost**: Smaller dependency tree
### Future Consideration
If orjson is needed for performance-critical hot paths:
1. Add it only to the specific package/app that needs it
2. Use it conditionally in hot paths only
3. Benchmark to justify the addition
4. Document the performance benefit
## Migration Plan
### Phase 1: Remove orjson from root dependencies
- Remove `orjson = ">=3.11.0"` from `pyproject.toml`
- Run `poetry lock --no-update` to update lock file
- Verify no imports break
### Phase 2: Verify stdlib json usage
- Confirm stdlib json works correctly
- No performance issues in current usage
- All JSON operations functioning
### Phase 3: Document decision
- Add comment to pyproject.toml explaining removal
- Update documentation if needed
- Note future re-addition criteria
## Implementation
### Changes Required
```toml
# Before
# JSON & Serialization
orjson = ">=3.11.0"
msgpack = ">=3.11.0"
python-multipart = ">=0.0.27"
# After
# JSON & Serialization
# orjson removed - not used in codebase, can be re-added for hot paths if needed
msgpack = ">=3.11.0"
python-multipart = ">=0.0.27"
```
### Verification Steps
1. Remove orjson from pyproject.toml
2. Update poetry.lock
3. Run tests to ensure no breakage
4. Check for any hidden orjson usage
5. Commit changes
## Risk Assessment
### Low Risk
- orjson is not actively used
- stdlib json is the default
- No breaking changes expected
- Easy to re-add if needed
### Mitigation
- Keep stdlib json as default
- Document removal decision
- Monitor for performance issues
- Can re-add if hot paths identified
## Success Criteria
- [ ] orjson removed from pyproject.toml
- [ ] poetry.lock updated
- [ ] All tests passing
- [ ] No hidden orjson usage found
- [ ] Documentation updated
Reference in New Issue View Git Blame Copy Permalink