openalice-social-api

Features
0
Status
×archived
Last activity
Branch

Architecture rating

C11d ago
observabilityB-

/metrics endpoint exposed in manifest confirms Prometheus-compatible metrics export; /health probe live and monitored by Atlas with latency tracking; structured logging and distributed tracing unverifiable without inspector or code inspection — metrics + health is solid baseline but tracing evidence absent.

data layerB-

27 owned tables with clear domain separation (servers/channels/DMs/billing/audit); audit_log and automod_config show operational maturity; GDPR export endpoint exists (/internal/me/{tenant_id}/export.json); no evidence of RLS or tenant-isolation constraints — single-tenant implied by tenant_id in export path but no RLS signal; FK/constraint quality unknown without inspector or migration inspection.

consistencyC+

Valid manifest with 8 features declared, zero env drift (declared_unused and undeclared_used both empty), zero dependency cycles; Atlas quality score 93/A with code_health 90; consistent with org substrate conventions (manifest, docker image, health probe); inspector not run so internal pattern uniformity (error types, handler structure) is unverified.

docsC

Manifest present and valid with table ownership, exposed endpoints, and feature annotations; README exists but excerpt is just an Atlas card link — minimal standalone documentation; manifest_summary describes scope clearly; no evidence of in-code architecture notes or @feature annotations in source without inspector; manifest quality (100) lifts score but thin README holds it back.

reliabilityC

Health probe live at /health with 100% 24h uptime and 200 status; however latest CI conclusion is 'failure' (2026-06-17) indicating broken build on main — a reliability red flag; no inspector data to verify graceful shutdown, timeouts, retries, or idempotency patterns in Rust handlers; uptime is strong but CI failure drags score.

securityC-

oauth_providers + revoked_tokens tables suggest token-based authn with revocation; server_bans and channel_permissions imply authz layering; however no inspector data to confirm SSRF guards, rate-limiting, or header hardening — manifest exposes internal endpoints (/internal/agent/dispatch, /internal/me/{tenant_id}/export.json) whose access control is unverifiable from signals alone; scored conservatively.

testingF

No inspector analysis run — zero evidence of test count, coverage, or critical-path test presence; CI is in failure state suggesting tests may exist but are broken; without any concrete test signal, cannot credit above minimal; strongly penalized for absence of evidence.

source · auto-grader-2026-07-07

Telemetry ribbon · last 90 days

1 event
MAYJUNJUL2026-07-17 · lifecycle · first scan — repo indexedNOW
commitmanifestlifecyclekind

No @feature annotations recorded in this repo yet.