# 11. Risks and Technical Debt

A list of identified technical risks or technical debts, ordered by priority.

> "Risk management is project management for grown-ups." — Tim Lister, Atlantic Systems Guild.

| Priority | Risk / Technical Debt                          | Probability | Impact | Suggested Measures                                                       |
| -------- | ---------------------------------------------- | ----------- | ------ | ------------------------------------------------------------------------ |
| 1        | Dependency on openrouter.ai availability       | medium      | high   | Add fallback models; implement retry logic with exponential backoff      |
| 2        | DuckDB schema changes break existing data      | low         | high   | Version migrations; backup strategy before upgrades                      |
| 3        | Single-process DuckDB limits write concurrency | low         | medium | Monitor load; consider migration to PostgreSQL if needed                 |
| 4        | JWT secret leak                                | low         | high   | Rotate secrets via environment variables; never commit to source control |