Tech Debt

This page tracks known technical debt and cleanup opportunities in the Cync codebase.

Critical Issues

Security: MCP Tools Auth

Location: /web/lib/mcp/tools.ts

The MCP tools layer currently:

Uses hardcoded placeholder user ID
Bypasses RLS with service role client
Lacks bearer token validation

Fix Required: Implement proper token extraction and user context propagation.

No CI/CD Pipeline

No GitHub Actions workflows
No automated testing on push
No deployment automation
No linting checks before merge

High Priority

Floating Dependencies

"next": "latest",
"@supabase/ssr": "latest",
"@supabase/supabase-js": "latest"

These should be pinned to specific versions to prevent unexpected breaking changes.

Disabled ESLint Rules

"@typescript-eslint/no-explicit-any": "off",
"@typescript-eslint/no-unused-vars": "off",
"react-hooks/exhaustive-deps": "off"

These defeat TypeScript's purpose and cause runtime bugs.

Duplicate Stickies Implementation

Two parallel implementations exist:

/lib/services/stickies.service.ts (old)
/app/(features)/stickies/lib/services/stickies.service.ts (new)

Need to complete migration and remove old version.

Missing API Endpoints

Endpoint	Status
`GET /api/pm/task-timeline/{taskId}`	TODO in code
Comments in collector agent	Empty array

Medium Priority

Large Monolithic Components

Component	Lines	Action
`StickiesPage.tsx`	4,374	Split into smaller components
`fireflies-chat.tsx`	~500	Consider extraction
`rhea-sticky-bot.tsx`	~800	Consider extraction

Missing Error Toasts

/app/(features)/stickies/components/StickiesPage.tsx has 4 locations with // TODO: Show error toast

Feedback API Not Integrated

Chat components have thumbs up/down UI but only log to console:

rhea-chat-legacy.tsx
fireflies-chat.tsx

Test Coverage

~10% coverage across 212 source files
E2E tests only run Chromium
No coverage reporting in CI

Low Priority / Cleanup

Unused Dependencies

Remove from package.json:

mcp-handler
@modelcontextprotocol/sdk
papaparse
p5
pg (devDependencies)

Files to Remove

/tmp_delete_me_folder/ - Temporary directory
/docs.backup.20251125/ - Old backup
test_openrouter_old_api.py - Uses deprecated API
prompt_optimizer.py - Superseded by parallel version

Console Logging

176 instances of console. in API routes - audit and clean up.

Configuration Debt

Area	Issue
ESLint	Dual configs (`.eslintrc.json` + `eslint.config.mjs`)
Prettier	No configuration file
TypeScript	`skipLibCheck: true` masks dependency issues
.npmrc	`legacy-peer-deps=true` masks compatibility issues
Environment	Missing `.env.test` for test environment

Planned Refactors

Calls to Meetings

Major refactor planned to transform data model:

Rename "Calls" to "Meetings"
Support multiple transcripts per meeting
Add calendar event linking
New URL: /protected/meetings

Initiative: AICync: Calls to Meetings Refactor

Calendar OAuth to AI Extraction

Phase 4 pivot:

Original plan: Calendar OAuth integration
New plan: AI-powered extraction from transcripts
Reduces complexity, leverages existing data

Critical Issues​

Security: MCP Tools Auth​

No CI/CD Pipeline​

High Priority​

Floating Dependencies​

Disabled ESLint Rules​

Duplicate Stickies Implementation​

Missing API Endpoints​

Medium Priority​

Large Monolithic Components​

Missing Error Toasts​

Feedback API Not Integrated​

Test Coverage​

Low Priority / Cleanup​

Unused Dependencies​

Files to Remove​

Console Logging​

Configuration Debt​

Planned Refactors​

Calls to Meetings​

Calendar OAuth to AI Extraction​