oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity
Files
6f6a0ded6dacb5dcb163604d13aaca610b6ef067
aitbc/docs/quality/json-dependency-analysis.md
aitbc 573aae065b
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 56s
Details
Blockchain Synchronization Verification / sync-verification (push) Failing after 3s
Details
CLI Tests / test-cli (push) Failing after 5s
Details
Coverage Phase 1 (70% Target) / test-coverage-70 (push) Failing after 19s
Details
Coverage Phase 2 (85% Target) / test-coverage-85 (push) Failing after 18s
Details
Cross-Chain Functionality Tests / test-cross-chain-sync (push) Successful in 3s
Details
Cross-Chain Functionality Tests / test-cross-chain-transactions (push) Successful in 4s
Details
Cross-Chain Functionality Tests / test-multi-chain-consensus (push) Successful in 5s
Details
Deploy to Testnet / deploy-testnet (push) Failing after 21s
Details
Documentation Validation / validate-docs (push) Failing after 13s
Details
Documentation Validation / validate-policies-strict (push) Successful in 4s
Details
Integration Tests / test-service-integration (push) Failing after 2s
Details
Multi-Chain Island Architecture Tests / test-multi-chain-island (push) Successful in 4s
Details
Multi-Node Blockchain Health Monitoring / health-check (push) Failing after 14s
Details
Node Failover Simulation / failover-test (push) Successful in 9s
Details
P2P Network Verification / p2p-verification (push) Successful in 5s
Details
Package Tests / Python package - aitbc-agent-sdk (push) Successful in 51s
Details
Package Tests / Python package - aitbc-core (push) Failing after 3s
Details
Package Tests / Python package - aitbc-crypto (push) Successful in 22s
Details
Package Tests / Python package - aitbc-sdk (push) Successful in 16s
Details
Package Tests / JavaScript package - aitbc-sdk-js (push) Successful in 21s
Details
Package Tests / JavaScript package - aitbc-token (push) Failing after 18s
Details
Production Tests / Production Integration Tests (push) Failing after 1m9s
Details
Python Tests / test-python (push) Failing after 3s
Details
Security Scanning / security-scan (push) Failing after 41s
Details
Smart Contract Tests / test-solidity (map[name:aitbc-contracts path:contracts]) (push) Failing after 6s
Details
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Failing after 7s
Details
Smart Contract Tests / test-foundry (push) Failing after 20s
Details
Smart Contract Tests / lint-solidity (push) Failing after 4s
Details
Smart Contract Tests / deploy-contracts (push) Failing after 5s
Details
Cross-Chain Functionality Tests / aggregate-results (push) Successful in 2s
Details
Multi-Node Stress Testing / stress-test (push) Successful in 2s
Details
Cross-Node Transaction Testing / transaction-test (push) Successful in 3s
Details
feat: complete codebase remediation with all phases 
Phase 1: Security fixes
- Added CORSMiddleware to marketplace-service with specific origins
- Fixed blockchain-node auth to fail closed on JWT errors
- Added security regression tests (test_cors_configuration.py, test_dispute_auth.py)

Phase 2: Repository cleanup
- Removed 51 fix/backup/legacy files
- Deleted marketplace-service-debug directory

Phase 3.1: Python version constraints
- Updated aitbc-crypto and aitbc-sdk with requires-python >=3.13
- Added explicit [tool.poetry].packages declarations

Phase 3.2: Agent service DI architecture
- Created aitbc-agent-core package with protocols and shared service
- Implemented adapters for agent-management and coordinator-api
- Created factory functions for gradual migration
- Added migration comments to existing integration files

Phase 4.1: Auth/utils extraction
- Created auth.py module with JWT validation and security utilities
- Created utils.py module with common helpers

Phase 4.2: Router decomposition
- Decomposed router.py into 10 domain modules (58 endpoints)
- Created route table snapshot for verification
- Preserved router_old.py as reference

Phase 5: App shell classification
- Documented app shell patterns across services

Phase 6: Quality gates
- Verified mypy type checking (75% error reduction)
- Analyzed logging inconsistencies with structlog migration plan
- Removed unused orjson dependency

Documentation:
- Created comprehensive remediation report
- Added architecture documentation for DI pattern
- Added quality analysis documents
2026-05-24 20:21:23 +02:00

3.0 KiB
Raw Blame History

JSON Dependency Analysis

Current State

Dependency in pyproject.toml

# JSON & Serialization
orjson = ">=3.11.0"
msgpack = ">=3.11.0"
python-multipart = ">=0.0.27"

Usage Analysis

  • orjson: Listed in dependencies but NOT USED in codebase

    • No import orjson found in any Python files
    • No references to orjson API
    • Dead dependency

  • msgpack: Listed in dependencies

    • Usage not analyzed in this scan
    • Potentially used for binary serialization

  • stdlib json: Used throughout codebase

    • Standard library json module is the default
    • Used in 100+ files across codebase

Performance Considerations

orjson Benefits

  • Faster serialization/deserialization than stdlib json
  • Better performance for hot paths
  • More efficient memory usage
  • Better datetime handling

orjson Drawbacks

  • Additional dependency to maintain
  • Not needed if not used
  • Adds to dependency surface area
  • Potential security vulnerabilities in third-party code

Recommendation

Decision: Remove orjson from dependencies

Rationale:

  1. Not Used: No active usage found in codebase
  2. Unnecessary Overhead: Adds dependency without benefit
  3. Security: Reduces attack surface
  4. Maintenance: One less dependency to update
  5. Cost: Smaller dependency tree

Future Consideration

If orjson is needed for performance-critical hot paths:

  1. Add it only to the specific package/app that needs it
  2. Use it conditionally in hot paths only
  3. Benchmark to justify the addition
  4. Document the performance benefit

Migration Plan

Phase 1: Remove orjson from root dependencies

  • Remove orjson = ">=3.11.0" from pyproject.toml
  • Run poetry lock --no-update to update lock file
  • Verify no imports break

Phase 2: Verify stdlib json usage

  • Confirm stdlib json works correctly
  • No performance issues in current usage
  • All JSON operations functioning

Phase 3: Document decision

  • Add comment to pyproject.toml explaining removal
  • Update documentation if needed
  • Note future re-addition criteria

Implementation

Changes Required

# Before
# JSON & Serialization
orjson = ">=3.11.0"
msgpack = ">=3.11.0"
python-multipart = ">=0.0.27"

# After
# JSON & Serialization
# orjson removed - not used in codebase, can be re-added for hot paths if needed
msgpack = ">=3.11.0"
python-multipart = ">=0.0.27"

Verification Steps

  1. Remove orjson from pyproject.toml
  2. Update poetry.lock
  3. Run tests to ensure no breakage
  4. Check for any hidden orjson usage
  5. Commit changes

Risk Assessment

Low Risk

  • orjson is not actively used
  • stdlib json is the default
  • No breaking changes expected
  • Easy to re-add if needed

Mitigation

  • Keep stdlib json as default
  • Document removal decision
  • Monitor for performance issues
  • Can re-add if hot paths identified

Success Criteria

  • orjson removed from pyproject.toml
  • poetry.lock updated
  • All tests passing
  • No hidden orjson usage found
  • Documentation updated