# Risks and Technical Debts

## Identified Risks

| Priority | Risk                                             | Likelihood | Impact   | Mitigation                                                      |
| -------- | ------------------------------------------------ | ---------- | -------- | --------------------------------------------------------------- |
| High     | API quota exhaustion (YouTube/TikTok)            | Medium     | High     | Cache aggressively; add quota alerts; stagger poll intervals    |
| High     | Discord rate limit bans if polling misconfigured | Low        | Critical | Implement proper backoff; respect `Retry-After` headers         |
| Medium   | OAuth2 token expiry during web session           | Medium     | Medium   | Implement refresh token rotation; warn user before expiry       |
| Medium   | Single-process bot: any crash = total downtime   | Medium     | High     | Use process manager (PM2); deploy to platform with auto-restart |
| Low      | Mileage database drift between bot and web app   | Low        | Medium   | Periodic reconciliation job (nightly)                           |

## Technical Debts

| Item             | Area   | Description                            | Priority |
| ---------------- | ------ | -------------------------------------- | -------- |
| No test coverage | All    | Tests not implemented for any module   | High     |
| No CI pipeline   | DevOps | Lint + test not automated in PRs       | High     |
| Inline config    | Bot    | Some settings hardcoded instead of env | Medium   |
| Manual deploy    | DevOps | No deployment script / IaC yet         | Medium   |