Known Issues & Technical Debt Tracker
This document tracks known issues, warnings, and technical debt discovered during development and testing.FastAPI OpenAPI Duplicate Operation ID Warnings (Dashboard Routes)
First Seen: 2026-01-10 (pytest run in Docker) Evidence:api/main.py and api/routes/dashboard.py:
/api/v1/business-health: Defined inmain.py(line 1702) anddashboard.py(line 336)/api/v1/agents/performance: Defined inmain.py(line 1614) anddashboard.py(line 361)/api/v1/agents/growth: Defined inmain.py(line 1758) anddashboard.py(line 390)
/api/v1 (line 2219 in main.py), causing FastAPI to generate duplicate operation IDs in the OpenAPI schema.
Impact:
- OpenAPI schema collisions can break client code generation
- May hide endpoints or cause incorrect client bindings
- Schema validation tools may fail
- API documentation may be incomplete or incorrect
- Affects OpenAPI schema generation and client tooling
- Not Phase 7C unless it affects commission endpoints
- Routes are functional but schema is ambiguous
- Identify which routes share operation_id (already identified above)
- Remove duplicate definitions from
main.py(keep router-based definitions indashboard.py) - OR assign explicit unique
operation_idper route decorator: - Verify OpenAPI schema uniqueness after fix:
app.openapi()["paths"]
Deprecated auth_users.yaml File (Legacy Auth)
First Seen: Unknown (documented in file header) Evidence:- Risk of confusion: developers might add users to deprecated file
- Maintenance burden: file exists but should not be used for login
- Potential security risk if file is accidentally used instead of BigQuery dim_users
- Auth system migration (legacy → BigQuery)
- Admin/debug endpoints still reference this file
- Audit all references to
auth_users.yamlin codebase - Migrate admin/debug endpoints to use
dim_userstable - Remove file or add prominent deprecation warnings
- Update documentation to clarify migration status
Deprecated SECRET_KEY in auth.py (JWT Secret Fallback)
First Seen: Unknown (documented in code comments) Evidence:- Security risk: fallback to config file in production (line 99 warning)
- Code complexity: multiple secret resolution paths
- Potential for misconfiguration
- JWT authentication system
- Production deployments should use
JWT_SECRET_KEYenv var
- Verify all production deployments use
JWT_SECRET_KEYenv var - Remove config file fallback (or make it dev-only)
- Update deployment documentation to require env var
- Add startup validation to fail fast if secret not found in production
Stage 3 TPA Normalization: Print Statements Instead of Logger
First Seen: Unknown (code review) Evidence:- Warnings not captured in application logs
- Cannot filter/suppress warnings in production
- Inconsistent logging pattern (other modules use
logger.warning())
- Stage 3 TPA normalization pipeline
- Affects observability and debugging
- Replace
print()statements withlogger.warning()orlogger.info() - Ensure logger is initialized in module
- Verify warnings appear in application logs
- Consider log level configuration for production vs development
Pydantic Deprecation Warnings (V2 Migration)
First Seen: 2026-01-10 (pytest run in Docker) Evidence:- Code will break when Pydantic V3.0 is released
- 1079 deprecation warnings in test output (noise)
- Migration effort required before V3.0 release
- All Pydantic model definitions (schemas, request/response models)
- Not Phase 7C unless commission schemas are affected
- Audit Pydantic model usage across codebase
- Migrate
Field(example=...)→Field(json_schema_extra={"example": ...}) - Migrate class-based
config→ConfigDict - Replace
json_encoderswith custom serializers - Create migration checklist and prioritize high-traffic schemas
FastAPI on_event Deprecation Warning
First Seen: 2026-01-10 (pytest run in Docker) Evidence:- Code will break when FastAPI removes
on_eventsupport - Migration to lifespan handlers required
- FastAPI application startup/shutdown events
- Single occurrence in
main.pyline 231
- Migrate
@app.on_event("startup")→ lifespan context manager - Migrate
@app.on_event("shutdown")→ lifespan context manager - Test startup/shutdown behavior after migration
- Update FastAPI version compatibility notes
Python Crypt Module Deprecation Warning
First Seen: 2026-01-10 (pytest run in Docker) Evidence:- Code will break when Python 3.13 removes
cryptmodule - Dependency (
passlib) uses deprecated module - Requires passlib update or alternative password hashing library
- Password hashing (passlib dependency)
- Affects authentication system
- Check passlib version and update if newer version available
- Monitor passlib GitHub for Python 3.13 compatibility
- Consider alternative password hashing library if passlib doesn’t update
- Test password verification after any library changes
BigQuery Client Fallback Warnings
First Seen: Unknown (code review) Evidence:- Silent fallbacks to mock/empty data may hide configuration issues
- Production deployments may return incorrect data if BigQuery is misconfigured
- Difficult to distinguish between “no data” and “client unavailable”
- All BigQuery query functions
- Affects data accuracy and observability
- Audit all BigQuery client fallback patterns
- Consider failing fast in production (raise exception instead of mock data)
- Add health check endpoint to verify BigQuery connectivity
- Improve error messages to distinguish configuration vs data issues
Orchestrator Pipeline: Multiple Warning Conditions
First Seen: Unknown (code review) Evidence:- Many warning conditions may indicate data quality issues
- Some warnings are marked “CRITICAL” but don’t fail the pipeline
- May hide real problems if warnings are ignored
- Payroll pipeline execution
- Data quality validation
- Review which warnings should be errors (fail pipeline)
- Add metrics/alerting for critical warnings
- Document expected warning scenarios vs anomalies
- Consider structured logging for better alerting integration
Notes
- Issues are tracked chronologically by “First Seen” date when available
- Priority should be assigned based on impact and scope
- Some issues may be acceptable technical debt (documented deprecations)
- Production-critical issues should be addressed before Phase 7C completion