# 10. Open Questions

Unresolved questions, conflicts between sources, and items requiring owner confirmation.

## Authentication & Security

| # | Question | Source | Impact |
|---|----------|--------|--------|
| Q1 | JWT tokens never expire. Is this intentional or a gap? No refresh token mechanism exists. | Code (`auth.js`) | Security risk for long-lived tokens |
| Q2 | Default JWT_SECRET fallback is hardcoded. Is there a production enforcement check? | Code (`auth.js`) | Production security |
| Q3 | No protection against deleting the last admin user. Should this be blocked? | Code (`admin.js`) | Could lock out all admin access |
| Q4 | API key validation is O(n) bcrypt comparisons. At what key count does this become a performance issue? | Code (`auth.js`) | Performance at scale |
| Q5 | No session invalidation on password change. Existing tokens remain valid. Is this accepted? | Code | Security |
| Q6 | No password complexity requirements server-side. Should minimum requirements be enforced? | Code (`auth.js`) | Security |

## Data Model

| # | Question | Source | Impact |
|---|----------|--------|--------|
| Q7 | `company_profiles.project_id` is designed for future 1:many (one user, many orgs). Is this still planned? | Schema comment in `init.sql` | Data model evolution |
| Q8 | `execution_history` and `executions` tables overlap in purpose. Is `executions` intended to replace `execution_history`? | Schema (`init.sql`) | Data model cleanup |
| Q9 | No explicit data retention policy. How long should `raw_exchanges`, `usage_events`, `hook_events` be kept? | Not documented | Storage growth |
| Q10 | `bedrock_config` enforces single row. Is multi-region Bedrock support planned? | Schema constraint | Feature planning |

## Deployment & Operations

| # | Question | Source | Impact |
|---|----------|--------|--------|
| Q11 | Encryption key for AES-256-GCM secrets -- is it derived from env var or generated? Where is it stored? | Code (`encryption.js`) | Secret management |
| Q12 | `journal_mode = DELETE` (not WAL) is set for NFS/EFS safety. What's the performance impact vs. WAL mode on local SSD? | Code (`db.js`) | Performance |
| Q13 | Container memory limits (2GB in docker-compose). Is this sufficient for large knowledge bases + Claude CLI? | `docker-compose.yml` | Resource planning |
| Q14 | No automated database backup strategy documented. EFS/volume snapshots? SQLite file copy? | Not documented | Disaster recovery |

## Product Behavior

| # | Question | Source | Impact |
|---|----------|--------|--------|
| Q15 | Meeting transcription feature -- what service provides the actual audio capture? Whisper transcription MCP? External bot? | Code references multiple approaches | Feature completeness |
| Q16 | What happens to active Claude CLI sessions when the container is restarted? Are they recoverable? | Not documented | UX continuity |
| Q17 | `output_styles` -- how do they modify Claude's response? System prompt injection? Post-processing? | Multiple code paths | Feature understanding |
| Q18 | How does the "advisor" system in meetings work? Is it different personas giving real-time meeting advice? | `advisorOrchestrator.js` | Feature documentation |

## Conflicts Between Sources

| # | Conflict | Source A | Source B | Recommendation |
|---|---------|----------|----------|---------------|
| C1 | Existing PRD mentions "TinyLlama 1.1B" and "Llama 3.2" integration | Existing PRD (v2.2) | No code evidence of local LLM support | Code wins -- remove local LLM references from PRD |
| C2 | Existing PRD says "Cost Reduction 60-80% vs alternatives" | Existing PRD | No cost comparison implementation | Unverified claim -- mark as marketing |
| C3 | Existing PRD lists "Multi-language Support" as planned | Existing PRD | No i18n code or framework | Remove unless actively planned |
| C4 | CLAUDE.md mentions "8-layer knowledge architecture" | CLAUDE.md | No code implementing layers | Conceptual framework, not implemented in code |

## Technical Risks

| # | Risk | Likelihood | Impact | Follow-up Needed |
|---|------|-----------|--------|-----------------|
| R1 | Claude CLI version pinned at v2.1.81 -- major version bumps may break PTY interface | Medium | High | Test CLI upgrades in staging |
| R2 | SQLite single-writer limitation under concurrent users | Low (single-tenant) | Medium | Monitor busy_timeout hit rate |
| R3 | rclone RC API stability for cloud drives | Medium | Medium | Health check monitoring |
| R4 | node-pty platform compatibility (arm64 vs amd64) | Low | High | Multi-platform Docker build covers this |
| R5 | JSONL log files grow unbounded | High | Medium | Implement log rotation |