Platform Technical Audit

Full-stack codebase review — 3 repositories, ~56,000 lines of code, 15+ integrations

Executive Summary

This audit reviewed 3 codebases across ~56,000 lines of application code, 15+ third-party integrations, and production infrastructure. The platform has been in maintenance mode for 2+ years with a single developer — no dedicated DevOps, QA, or security support.

Overall Score (Industry Standard)

4.9 / 10

Adjusted for Team Size (1-3 devs)

5.9 / 10

The platform serves production traffic across payments, blockchain, and commerce. The system-level architecture is sound. The primary gaps — security hardening, test coverage, error monitoring, dependency updates — are all addressable without rearchitecting the system.

Scorecard

Area	Score	Startup-Adjusted	Path to Improvement	Summary
Architecture	7/10	8/10	Already strong	Clean tier separation (frontend / API / workers / blockchain). One Django app has absorbed too many domains and needs splitting.
Security	4/10	6/10	Straightforward	Secrets are not in repos, CORS and HMAC verification are correct. Credentials are shared across environments, tokens never expire, and 18 XSS-vulnerable components lack sanitization.
Code Quality	5/10	6/10	Incremental	Consistent naming conventions and standardized API responses. God modules, 132 TODOs, 115 print statements, and near-zero type hints indicate deferred maintenance.
Blockchain	6/10	7/10	Moderate	All transactions routed through async workers with a correct proposer wallet pattern. The monolithic 2,482-line handler needs splitting. No retry logic or monitoring.
Performance	5/10	6/10	Straightforward	Connection pooling and selective query optimization are in place. Task routing, pagination defaults, and caching are missing — configuration-level changes.
Error Handling	4/10	5/10	Easy	Consistent response format exists. No error monitoring on the backend. Exception messages leak to clients. Highest-impact fix is a single package install.
Third-Party Integrations	5/10	6/10	Time-consuming but low-risk	15+ services functional in production. Several critical dependencies are years out of date (Django 3.2 EOL, boto3 from 2019).
Infrastructure & CI/CD	4/10	5/10	Straightforward	Frontend CI/CD is fully automated across 3 environments. Backend deployment is manual (SSH). E-commerce app has zero automation.
Testing	1/10	2/10	Time investment	No application-level tests exist across any codebase. Testing frameworks are installed but unused.
Documentation	8/10	9/10	Already strong	Dedicated docs repo with architecture guides, runbooks, and setup instructions. New developer onboarding in 1-2 hours.

Score columns:

Score — Against industry-standard practices for a platform of this complexity.
Startup-Adjusted — Graded for a small team (1-3 developers) without dedicated DevOps, QA, or security.
Path to Improvement — Whether issues require quick fixes, incremental effort, or fundamental rework. None require architectural redesign.

Top Risks & Strengths

Top 5 Risks

No backend error monitoring — errors are only in rotating log files on a single server instance. No alerting on failures.
Django 3.2 is past end-of-life (April 2024) — no security patches for nearly 2 years.
Shared credentials across all environments — a compromise in dev/staging exposes production.
Zero test coverage — no safety net for any code change across any repo.
No containerization or deployment automation — backend is deployed manually via SSH. No Dockerfiles, no Infrastructure as Code.

Top 5 Strengths

Clean system architecture with async processing — strict layered communication (Frontend → API → Workers → Blockchain). On-chain issues don't block API responses.
Comprehensive documentation — dedicated docs repo with architecture guides, operational runbooks, and setup instructions.
15+ integrations working in production — Stripe, Shopify, Flow blockchain, Firebase, AWS — all functional and correctly implemented.
Security-aware auth framework — token-based auth with global default. Custom permission classes enforce domain-level access control. HMAC-verified webhooks, encrypted tokens, reCAPTCHA on auth endpoints.
Frontend CI/CD and build tooling — full automated deployment to 3 environments, static analysis scanning, well-optimized build config.

Security — 4/10

Secrets Management High

Credentials are stored as config files on each server and are not committed to any repository. However:

Concern	Detail	Environments
Shared AWS IAM keypair	Same key used for S3, SES, Lambda, SQS across all environments	All
Shared Django `SECRET_KEY`	Prefixed `django-insecure-` — identical across dev/staging/prod	All
Shared Fernet encryption key	Same key encrypts Stripe Connect tokens in all environments	All
Shared reCAPTCHA secret	Identical across environments	All
No secrets manager	Credentials live as files on servers — no rotation policy, no audit trail	All

Remediation: Migrate to a secrets manager (e.g., AWS Secrets Manager). Use per-environment IAM roles with least-privilege policies. Implement key rotation.

Authentication High

Token model: DRF TokenAuthentication — single static token per user, no expiration, no rotation.
BasicAuthentication is enabled globally — unnecessary for a token-based API.
Object-level permissions (django-guardian) are installed but entirely commented out — no object-level enforcement exists.

Remediation: Replace static tokens with JWT (with expiry + refresh). Remove BasicAuthentication. Re-enable object-level permissions.

CORS / CSRF / Headers High

Setting	Value	Issue
`ALLOWED_HOSTS`	`['*']`	Host header injection in production
`CORS_ALLOW_ALL_ORIGINS`	`False`	Correct
`X_FRAME_OPTIONS`	`'ALLOWALL'`	Clickjacking on staging
`DEBUG`	`True` (dev/staging)	Debug info exposed
`DEBUG`	`False` (prod)	Correct

Production CORS whitelist is correctly scoped. Dev/staging CORS includes legacy entries (old CDN URLs, private IPs, ngrok domains).

Frontend — Hardcoded Secrets in JS Bundle Critical

Hardcoded staging password embedded in the production JS bundle — trivially bypassable via DevTools.
A blockchain service account private key declared as a frontend env var — if populated, the key is embedded in the client-side bundle.
Dev tools component (ReactQueryDevtools) rendered unconditionally in production — exposes the full query cache.

Frontend — XSS via dangerouslySetInnerHTML High

18 components use dangerouslySetInnerHTML to render backend-sourced content. DOMPurify is installed but only used in 1 location. If any backend field accepts user-generated HTML, stored XSS is possible.

Remediation: Wrap all usages with DOMPurify.sanitize(). Better: sanitize server-side on write.

E-commerce App — Express Proxy High

app.use(cors()) — wildcard CORS, any origin can send requests
No authentication or HMAC verification at the proxy layer
No rate limiting or request size limits
E-commerce scopes include write_script_tags (allows injecting JS into merchant storefronts)

Recommendations (Priority Order)

Rotate all production secrets — move to a secrets manager.
Set ALLOWED_HOSTS to specific domains in production.
Sanitize all dangerouslySetInnerHTML usages with DOMPurify.
Remove staging password from frontend bundle — use server-side gate.
Never expose private keys as frontend env vars.
Remove dev tools from production builds.
Implement token expiry — replace static tokens with JWT.
Restrict proxy CORS and add rate limiting.
Re-enable object-level permissions.
Remove BasicAuthentication from API defaults.
Return generic error messages — stop leaking str(e) to clients.
Review write_script_tags scope — remove if unused.

Code Quality & Architecture — 5/10

Platform Architecture

The platform has a clean separation of concerns across tiers:

Frontend (React SPA) handles UI and user wallet interactions. Does not execute server-side blockchain transactions.
Backend (Django/DRF) serves the REST API and dispatches async operations to workers. Views never execute blockchain transactions inline.
Workers (Celery) handle all async processing: blockchain, e-commerce sync, email, analytics, payments.
Blockchain (Flow) accessed only through the worker layer.

Communication is strictly layered: Frontend → Backend API → Workers → Blockchain. No shortcuts exist.

The main concern is at the module level: one Django app has become a god module absorbing too many domains, and the task file contains inline business logic.

Backend App Structure

18 Django apps, 326 Python files, ~47,500 lines of code.

God Files

File	Lines	Issue
Blockchain worker	2,482	All blockchain transaction types in one monolithic file
E-commerce views	2,205	Webhooks, OAuth, order logic, product management mixed
Admin config	1,953	All admin registrations in one file
Core models	1,764	24 model classes in a single file
Task definitions	1,275	21 Celery tasks with inline business logic

Dead Code & Debug Artifacts

132 TODO/FIXME/HACK annotations across 59 files
115 print() statements in production backend code
~2,500 lines of commented-out code
Near-zero type hints across 326 Python files
229 bare except Exception as e: blocks — no custom exception classes for business logic

Frontend

485 files, React 18 + Vite + TypeScript, atomic design pattern.

tsconfig.json has strict: true, but undermined by 387 : any usages and 316 @ts-ignore directives.
Three state management patterns coexist: React Query (123 usages), React Context (5 providers, 1 overloaded at 579 lines), and Zustand (1 store, 17 lines).
Icon component: 3,115 lines of inline SVG data — should be a sprite sheet.

E-commerce App

24 source files, 8,285 lines. Cleanest TypeScript discipline: zero : any, zero @ts-ignore.

Legal text (Terms of Service, Privacy Policy) embedded as JSX components — belongs in markdown/CMS.
Debug components bundled in production without environment guards.
Billing prices hardcoded in client-side TypeScript.

Recommendations

Split the god app into separate Django apps (e-commerce, UGC, orders).
Split the 24-class model file into per-domain model files.
Extract business logic from task definitions into service modules.
Fix filename typos committed to the repo.
Replace bare except Exception blocks with specific exception types.
Remove 115 print() statements — use logger consistently.
Split inline SVGs into sprite sheet or individual assets.
Decompose overloaded context provider into focused providers.
Remove debug components from production builds.
Move legal text out of JSX into markdown/CMS.

Blockchain — 6/10

Architecture

Django View (API request)
    │
    ├── Creates BlockchainTransaction record (status: pending)
    │
    └── Dispatches async task: blockchain_transaction.delay(txn_id)
            │
            └── Worker
                    │
                    ├── Loads transaction from DB
                    ├── Selects proposer wallet (round-robin)
                    ├── Builds Cadence transaction
                    ├── Signs with service account + proposer key
                    ├── Submits to Flow Access Node
                    ├── Waits for seal
                    └── Updates BlockchainTransaction status (success/failed)

Frontend does not execute server-side blockchain transactions. The React app uses FCL (Flow Client Library) only for wallet connection, account setup, and user-initiated purchases. All minting, airdrops, and admin operations are backend-only via workers.

Proposer Wallet Architecture

Flow requires sequential sequence_number values per account key. The platform uses 3 separate proposer wallets for concurrent transaction submission, avoiding sequence number conflicts. Selection is round-robin based on transaction ID modulo.

This correctly solves the contention problem but creates a hard ceiling of 3 concurrent blockchain operations.

Transaction Types

All types handled via a single monolithic _execute() function with if/elif branching:

Type	Operation
`mint_nft`	Mint new NFT
`airdrop_nft`	Airdrop (mint + transfer)
`batch_mint`	Batch mint multiple NFTs
`setup_account`	Set up user's Flow account
`transfer_nft`	Transfer between accounts
`update_metadata`	Update on-chain metadata
`destroy_nft`	Burn/destroy an NFT
`create_listing`	Marketplace listing
`purchase_listing`	Marketplace purchase

Concerns

Monolithic handler: 2,482 lines, all transaction types in one function. No polymorphism or strategy pattern.
No retry logic: Failed transactions are marked failed with no automatic retry. Requires manual intervention.
No monitoring: No alerting on failed transaction rate, confirmation latency, or proposer wallet balance.
No timeouts: No explicit timeout on Flow Access Node calls — blocks indefinitely waiting for seal.
Legacy dependencies: Ethereum packages (web3, eth-account, ipfshttpclient) in requirements despite appearing inactive.

Recommendations

Split the blockchain worker into per-transaction-type handlers.
Add transaction retry logic with backoff for transient failures.
Add blockchain monitoring — failed transaction rate, confirmation latency, wallet balances.
Remove legacy Ethereum dependencies.
Add explicit timeouts for Flow Access Node calls.
Document contract deployment — contract source and deployment procedures are not in any repository.

Performance — 5/10

This audit is based on static code analysis. Production performance metrics (response times, throughput, error rates) were not reviewed.

Database

Connection pooling: Configured (pool size 20 in production, max overflow 10).
Query optimization: select_related/prefetch_related used in ~15 queries but not systematically. N+1 risks likely exist in serializers with nested relationships.
Pagination: No global DEFAULT_PAGINATION_CLASS. Views without explicit pagination return unbounded querysets. max_page_size up to 1,000.

Caching

Redis is configured as the Django cache backend. Usage is minimal:

Location	What's Cached	TTL
Analytics views	Analytics results	1 hour
Webhook handler	E-commerce webhook dedup	24 hours
Auth views	Email verification tokens, OTP codes	48 hours

No view-level caching, no queryset caching, no template fragment caching.

Worker Configuration

3 workers x concurrency=1 = 3 concurrent tasks total

Task types competing for these 3 slots: blockchain minting (10-30s each), e-commerce sync, payment processing, email sending, analytics aggregation, notification delivery. No task routing — a long blockchain mint blocks all other tasks on that worker.

Frontend

Dev tools component adds ~70KB to production bundle.
No global staleTime configuration for React Query — defaults to 0ms (refetch on every mount).
Wildcard CloudFront invalidation on every deploy — expensive for frequent deploys.

Recommendations

Add task routing — separate queues for fast (email, notifications) vs slow (blockchain, sync) tasks.
Increase worker concurrency and add max-tasks-per-child for memory management.
Set global DEFAULT_PAGINATION_CLASS.
Reduce max_page_size to 100.
Add view-level caching for public/read-heavy endpoints.
Remove dev tools from production bundle.
Audit serializers for N+1 queries.
Add rate limiting to the proxy server.
Configure global staleTime in React Query.
Review server sizing and scaling — single-instance backend is a single point of failure.

Error Handling — 4/10

Backend Response Format

All API responses follow a consistent JSON envelope:

// Success
{ "statusCode": 200, "message": "success", ...data }

// Error
{ "statusCode": 400, "error": {"details": ["..."]}, "message": "Bad Request" }

A custom DRF exception handler normalizes exceptions into this format. Manual helper functions (http_400_invalid_response, etc.) are also used directly in views.

Bug

http_201_created_response sets statusCode: 201 in the body but returns HTTP 200 — the status code and body don't match.

Exception Message Leakage Medium

Several auth views return raw str(e) directly to clients, exposing database column names, Python tracebacks, or third-party SDK errors.

Logging

Two rotating file loggers (50MB, 10 backups). Logs exist only on the server instance — if the instance is terminated, logs are lost. watchtower (CloudWatch log shipping) is installed but not configured.

Error Monitoring

Backend: No Sentry or equivalent. Unhandled exceptions produce 500 responses with no external alerting.
Frontend: Sentry configured but replay sample rates set to 0% and 429 errors suppressed. Error boundaries are passive — they log but show no UI feedback.
E-commerce app: No error boundary, no error monitoring. A component crash blanks the entire app.

Recommendations

Add Sentry to the backend — single highest-value monitoring improvement.
Stop leaking str(e) to clients — return generic messages.
Add ErrorBoundary to the e-commerce app.
Fix http_201_created_response returning HTTP 200.
Add a global 401 interceptor in the frontend.
Configure CloudWatch log shipping (already installed).
Catch specific exceptions instead of blanket except Exception.
Enable Sentry Replay at 10% sample rate.
Add user-facing error UI in frontend error boundaries.
Remove console.* from production builds.

Third-Party Integrations — 5/10

Integration Inventory

Service	Category	Auth Method
Stripe (Checkout + Connect)	Payments	Secret key + webhook secret
Shopify (OAuth + webhooks + sync)	Commerce	OAuth2 + HMAC verification
Flow Blockchain	Blockchain	Service account private keys
Firebase	Push notifications	Service account JSON
AWS S3	Storage	IAM access key
AWS SES	Email	IAM access key
AWS Lambda	Image processing	IAM access key
AWS SQS	Message queue	IAM access key
Google OAuth2	Social auth	OAuth2 client
Twitter/X OAuth2	Social auth	OAuth2 manual
Google reCAPTCHA v3	Bot prevention	Secret key
Google Sheets	Data lookups	Service account
Google Cloud Vision	Image analysis	Service account
Sentry	Monitoring (frontend only)	DSN
WalletConnect	Wallet connection	Project ID

Outdated / End-of-Life Packages

Package	Current	Concern
Django	3.2.8	3.2 LTS reached end of life April 2024. No security patches.
boto3	1.10 (Nov 2019)	6+ years behind. Missing security patches and features.
cryptography	35.0	Multiple security advisories. Current is 42.x.
Pillow	8.4	Known CVEs. Current is 11.x.
axios	0.27.x	Pre-1.0. Known prototype pollution CVE.
requests	2.27	Pre-2.31, which fixed CVE-2023-32681 (cookie leakage).
urllib3	1.25	Pre-2.0, multiple CVEs.
python-social-auth	0.3.6	Unmaintained — replaced by social-auth-core.

Blast Radius Assessment

If Compromised	Impact
AWS IAM key	Access to all S3 buckets, SES, Lambda, SQS, potentially RDS
Stripe secret key	Charge customers, refund payments, access payment data
E-commerce API secret	Forge HMAC signatures, inject scripts into merchant storefronts
Blockchain wallet keys	Execute unauthorized transactions, transfer/mint NFTs
Django SECRET_KEY	Forge session cookies, bypass CSRF, impersonate any user
Fernet key	Decrypt all stored Stripe Connect tokens
Firebase service account	Full admin access to notification database

Recommendations

Rotate all credentials and move to a secrets manager with per-environment, per-service IAM roles.
Upgrade Django to 4.2 LTS (or 5.x).
Update boto3 to current — 6 years of drift.
Update cryptography to 42.x.
Update Pillow to 11.x.
Audit e-commerce scopes — remove write_script_tags if unused.
Replace unmaintained python-social-auth.
Add Sentry to backend.
Separate AWS IAM credentials per service with least-privilege policies.
Update frontend deps — axios to 1.x, Sentry to 8.x.

Infrastructure & CI/CD — 4/10

Cross-Repo Comparison

Capability	Backend	Frontend	E-commerce App
Automated lint in CI	Yes (black on push)	Yes (eslint on PR)	No
Static analysis	Yes (SonarQube, main only)	Yes (SonarQube, main only)	No
Automated deployment	No	Yes (3 environments)	No
Tests in CI	No	No	No
Dockerized	No	No	No
Infrastructure as Code	No	No	No
Rollback mechanism	No	S3 versioning (if enabled)	No
Health checks	No	No	/health endpoint

Backend Deployment

Entirely manual: SSH into the server, git pull, supervisorctl update. No rollback mechanism, no health checks, no zero-downtime strategy.

Server stack: Nginx → uWSGI (5 workers, 300s timeout) → Django. Workers managed by Supervisor (3 workers × concurrency=1).

Frontend Deployment

Fully automated via GitHub Actions. Three workflows deploy to dev/staging/prod on branch push: checkout → build → S3 sync → CloudFront invalidation.

No test step in any deployment workflow.

Recommendations

Add backend deployment pipeline (mirroring the frontend pattern).
Add test steps to all deployment workflows.
Add CI/CD to the e-commerce repo.
Containerize the backend (Dockerfile for API + workers).
Use path-specific CloudFront invalidation instead of wildcards.
Update stale domain references in nginx config.
Add PR templates across all repos.
Consider Infrastructure as Code (Terraform) for reproducible environments.

Testing — 1/10

No meaningful application tests exist across any of the three repositories. All backend test files are empty stubs. No CI workflow runs tests.

Backend

14 tests.py files — all empty Django boilerplate (# Create your tests here.).
Testing packages installed but unused: pytest, pytest-xdist, hypothesis.
No pytest.ini or test configuration. No test target in Makefile.
No blockchain tests. No coverage tooling.
0% application code coverage.

Frontend

One test file — a stale boilerplate test that would fail immediately.
3 Playwright E2E specs covering page loads (smoke tests only).
package.json defines "test": "vitest" but Vitest is not in devDependencies. Running yarn test fails.

E-commerce App

Zero test files. No test dependencies. No test script.

High-Value Test Targets

Area	Why	Complexity
Payment webhook handling	Money flows — incorrect handling means lost revenue	Medium
E-commerce HMAC verification	Security gate — if broken, anyone can forge webhooks	Low
Auth flows	Core user journey — login, signup, OTP, password reset	Medium
Blockchain transaction signing	Asset creation/transfer — errors mean lost NFTs	High
Background task logic	Silent failures affect subscriptions, analytics, sync	Medium
Activation claim logic	Business-critical — claim codes, airdrops, drops	Medium

Recommendations

Fix yarn test — install Vitest or switch to Jest.
Start with backend integration tests (payment webhooks, HMAC verification, auth flows).
Add coverage tooling and set a threshold in CI (even 10%).
Add test steps to CI — block merges on test failure.
Expand Playwright E2E specs to cover auth, checkout, and claim flows.
Add blockchain unit tests with mocked SDK responses.

Documentation — 8/10

What Exists

Document	Quality
Technical architecture + API reference	Comprehensive — all endpoints, auth patterns, inter-app relationships
Database schema	Complete — all models, relationships, schema details
Background task guide	Thorough — task definitions, scheduling, worker config
AWS operations runbook	Practical — full inventory, deployment procedures, troubleshooting
Local dev setup guide	Platform-specific setup instructions
Architecture diagram	Visual overview of system
E-commerce plugin guide	Architecture, endpoints, webhooks, deployment, billing

Onboarding Assessment

Repo	Time to Running	Notes
Backend	~1 hour	Needs PostgreSQL with hstore extension, DB restore, env vars
Frontend	~30 min	Straightforward: clone, install, configure .env, run
E-commerce app	~45 min	Needs partner account, app credentials, and backend running
Full platform	2-3 hours	All repos + database + workers + cache

What's Missing

No ADRs (Architecture Decision Records)
No CONTRIBUTING.md or CHANGELOG.md
API docs exist only as live Swagger UI — no checked-in OpenAPI spec
Inline comments are sparse — code lacks "why" explanations
No environment variable reference document
No incident runbook for application-level issues

Recommendations

Export OpenAPI spec and check it into the docs repo.
Create a comprehensive environment variable reference.
Add CONTRIBUTING.md with PR process and branching strategy.
Write 3-5 retroactive ADRs for key architectural decisions.
Remove commented-out code — document removed features in a changelog.
Add docstrings to Django model classes.

Action Plan

Organized by priority and effort. These represent findings from the audit — not prescriptive assignments.

Sprint 1 — Quick Wins & Safety

#	Action	Area	Effort
1	Set `ALLOWED_HOSTS` to specific domains	Security	Low
2	Sanitize all `dangerouslySetInnerHTML` with DOMPurify	Security	Low
3	Remove staging password from frontend bundle	Security	Low
4	Remove dev tools from production	Security	Low
5	Add Sentry to backend (Django + Celery integrations)	Error Handling	Low
6	Stop leaking `str(e)` to API clients	Error Handling	Low
7	Add ErrorBoundary to e-commerce app	Error Handling	Low
8	Fix test runner — install missing test framework	Testing	Low
9	Export OpenAPI spec and check into docs repo	Documentation	Low

Sprint 2-3 — Foundation

#	Action	Area	Effort
10	Write integration tests for payment webhooks and HMAC verification	Testing	Medium
11	Add test steps to frontend deploy workflows	Infrastructure	Low
12	Use per-environment Django `SECRET_KEY`	Security	Low
13	Use per-environment AWS IAM credentials with least-privilege	Security	Medium
14	Migrate secrets to a secrets manager	Security	Medium
15	Add backend deployment pipeline (GitHub Actions)	Infrastructure	Medium
16	Add CI/CD to e-commerce repo	Infrastructure	Low
17	Implement task routing — separate queues for fast vs slow tasks	Performance	Medium
18	Set global pagination default and reduce max page size	Performance	Low
19	Complete activation validation (start/end dates, claim rules)	Code Quality	Medium
20	Complete e-commerce inventory/collection sync TODOs	Code Quality	Medium

Sprint 4-6 — Hardening

#	Action	Area	Effort
21	Upgrade Django 3.2 → 4.2 LTS (or 5.x)	Dependencies	High
22	Update boto3, cryptography, Pillow, requests, urllib3	Dependencies	Medium
23	Replace static tokens with JWT (expiry + refresh)	Security	High
24	Fix timezone handling TODOs	Code Quality	Low
25	Add CSV validation for data imports	Code Quality	Low
26	Fix filename typos	Code Quality	Low
27	Remove 115 print() statements	Code Quality	Low
28	Configure CloudWatch log shipping (already installed)	Error Handling	Low

Backlog — Refactoring & Scale

#	Action	Area	Effort
29	Split god app into separate Django apps	Code Quality	High
30	Split 24-class model file into per-domain files	Code Quality	Medium
31	Extract business logic from task definitions into service modules	Code Quality	Medium
32	Consolidate media model into a single JSON field	Code Quality	Medium
33	Re-enable object-level permissions	Security	High
34	Decompose overloaded context provider (579 lines)	Code Quality	Medium
35	Split icon component (3,115 lines of inline SVG)	Code Quality	Low
36	Remove BasicAuthentication from API defaults	Security	Low
37	Audit and remove write_script_tags scope if unused	Security	Low
38	Restrict proxy CORS and add rate limiting	Security	Low
39	Split blockchain worker into per-transaction-type handlers	Blockchain	High
40	Add transaction retry logic for transient failures	Blockchain	Medium
41	Add blockchain monitoring	Blockchain	Medium
42	Remove legacy Ethereum dependencies	Blockchain	Low
43	Containerize backend (Dockerfile for API + workers)	Infrastructure	Medium
44	Add CONTRIBUTING.md and retroactive ADRs	Documentation	Low
45	Move legal text out of JSX into markdown/CMS	Code Quality	Low
46	Create environment variable reference document	Documentation	Low

Appendix: Audit Methodology

Process

This audit was conducted collaboratively between a human reviewer (platform developer with full system context) and an AI assistant over multiple sessions:

Scope definition — 3 repositories, audit areas, and intended audience defined.
Codebase exploration — Source files, configuration, environment files, CI/CD workflows, and dependency manifests reviewed across all repos.
Finding documentation — Each area written as a standalone report with specific code patterns and configuration values.
Iterative refinement — Multiple review passes corrected errors, adjusted tone, and added missing areas.
Scoring — Scores assigned based on static analysis findings, calibrated against a 3-5 developer team for a platform of this complexity.

What Was Reviewed

Source code: All Python, TypeScript, and JavaScript files across 3 repositories (~56,000 lines)
Configuration: Django settings, Vite config, TypeScript config, ESLint, CI/CD workflows, Supervisor config, Nginx config
Dependencies: 244 Python packages, frontend and e-commerce app package.json files
Environment files: Server configuration files reviewed for credential patterns and environment isolation
Infrastructure: AWS resource usage, deployment scripts, server setup documentation

What Was Not Reviewed

Production metrics: Response times, throughput, error rates, server resource utilization
Database content: No queries against production data. Schema reviewed via models and documentation only.
Live penetration testing: No active security testing. Findings are code and configuration review only.
Smart contract source: Contract files are not in the backend repo. Logic inferred from transaction templates.
Third-party dashboards: Stripe, Shopify, AWS, Sentry, Firebase dashboards were not accessed.