@sylphx/flow 2.9.0 → 2.11.0

package/CHANGELOG.md

@@ -1,5 +1,30 @@
 # @sylphx/flow
 
+## 2.11.0 (2025-12-17)
+
+### ✨ Features
+
+- **commands:** add tech stack and replace checklists with exploration questions ([0772b1d](https://github.com/SylphxAI/flow/commit/0772b1d788ddf2074729d04e67ef3d94b138de10))
+
+## 2.10.0 (2025-12-17)
+
+Replace saas-* commands with 24 focused /review-* commands.
+
+Each domain now has a dedicated review command with mandate to delegate to multiple workers for parallel research.
+
+Categories:
+- Core Architecture (4): data-architecture, database, ledger, storage
+- Identity & Security (4): auth, account-security, security, privacy
+- Billing & Commerce (3): billing, pricing, referral
+- Frontend & Experience (5): uiux, i18n, seo, pwa, performance
+- Operations & Management (4): admin, observability, operability, support
+- Growth & Research (2): growth, discovery
+- Quality & Delivery (2): code-quality, delivery
+
+### ✨ Features
+
+- **commands:** replace saas-* with 24 focused /review-* commands ([c2f9eb9](https://github.com/SylphxAI/flow/commit/c2f9eb9bad695714be08645163480b46b9286b99))
+
 ## 2.9.0 (2025-12-17)
 
 Add comprehensive SaaS review command suite with parallel worker delegation.

package/assets/slash-commands/review-account-security.md

@@ -0,0 +1,48 @@
+---
+name: review-account-security
+description: Review account security - sessions, devices, MFA, security events
+agent: coder
+---
+
+# Account Security Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of account security in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify improvements for user safety and threat detection.
+
+## Tech Stack
+
+* **Auth**: better-auth
+* **Framework**: Next.js
+
+## Review Scope
+
+### Membership and Account Security
+
+* Membership is entitlement-driven and server-enforced.
+* Provide a dedicated **Account Security** surface.
+* **Account Security minimum acceptance**:
+  * Session/device visibility and revocation
+  * MFA/passkey management
+  * Linked identity provider management
+  * Key security event visibility (and export where applicable)
+  * All server-enforced and auditable
+
+### Recovery Governance
+
+* Account recovery flow secure
+* Support-assisted recovery with strict audit logging
+* Step-up verification for sensitive actions
+
+## Key Areas to Explore
+
+* What visibility do users have into their active sessions and devices?
+* How robust is the MFA implementation and enrollment flow?
+* What security events are logged and how accessible are they to users?
+* How does the account recovery flow prevent social engineering attacks?
+* What step-up authentication exists for sensitive actions?
+* How are compromised accounts detected and handled?

package/assets/slash-commands/review-admin.md

@@ -0,0 +1,58 @@
+---
+name: review-admin
+description: Review admin - RBAC, bootstrap, config management, feature flags
+agent: coder
+---
+
+# Admin Platform Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of the admin platform in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify operational improvements and safety enhancements.
+
+## Tech Stack
+
+* **Framework**: Next.js
+* **API**: tRPC
+* **Database**: Neon (Postgres)
+
+## Review Scope
+
+### Admin Platform (Operational-Grade)
+
+* Baseline: RBAC (least privilege), audit logs, feature flags governance, optional impersonation with safeguards and auditing.
+
+### Admin Bootstrap (Critical)
+
+* Admin bootstrap must not rely on file seeding:
+  * Use a secure, auditable **first-login allowlist** for the initial SUPER_ADMIN.
+  * Permanently disable bootstrap after completion.
+  * All privilege grants must be server-enforced and recorded in the audit log.
+  * The allowlist must be managed via secure configuration (environment/secret store), not code or DB seeding.
+
+### Configuration Management (Mandatory)
+
+* All **non-secret** product-level configuration must be manageable via admin (server-enforced), with validation and change history.
+* Secrets/credentials are environment-managed only; admin may expose safe readiness/health visibility, not raw secrets.
+
+### Admin Analytics and Reporting (Mandatory)
+
+* Provide comprehensive dashboards/reports for business, growth, billing, referral, support, and security/abuse signals, governed by RBAC.
+
+### Admin Operational Management (Mandatory)
+
+* Tools for user/account management, entitlements/access management, lifecycle actions, and issue resolution workflows.
+* Actions affecting access, money/credits, or security posture require appropriate step-up controls and must be fully auditable.
+
+## Key Areas to Explore
+
+* How secure is the admin bootstrap process?
+* What RBAC gaps exist that could lead to privilege escalation?
+* How comprehensive is the audit logging for sensitive operations?
+* What admin workflows are missing or painful?
+* How does impersonation work and what safeguards exist?
+* What visibility do admins have into system health and issues?

package/assets/slash-commands/review-auth.md

@@ -0,0 +1,42 @@
+---
+name: review-auth
+description: Review authentication - SSO providers, passkeys, verification, sign-in
+agent: coder
+---
+
+# Authentication Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of authentication in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify improvements for security, usability, and reliability.
+
+## Tech Stack
+
+* **Auth**: better-auth
+* **Framework**: Next.js
+
+## Review Scope
+
+### Identity, Verification, and Sign-in
+
+* SSO providers (minimum): **Google, Apple, Facebook, Microsoft, GitHub** (prioritize by audience).
+* If provider env/secrets are missing, **hide** the login option (no broken/disabled UI).
+* Allow linking multiple providers and safe unlinking; server-enforced and abuse-protected.
+* Passkeys (WebAuthn) are first-class with secure enrollment/usage/recovery.
+
+### Verification Requirements
+
+* **Email verification is mandatory** baseline for high-impact capabilities.
+* **Phone verification is optional** and used as risk-based step-up (anti-abuse, higher-trust flows, recovery); consent-aware and data-minimizing.
+
+## Key Areas to Explore
+
+* How does the current auth implementation compare to best practices?
+* What security vulnerabilities exist in the sign-in flows?
+* How can the user experience be improved while maintaining security?
+* What edge cases are not handled (account recovery, provider outages, etc.)?
+* How does session management handle concurrent devices?

package/assets/slash-commands/review-billing.md

@@ -0,0 +1,52 @@
+---
+name: review-billing
+description: Review billing - Stripe integration, webhooks, state machine
+agent: coder
+---
+
+# Billing Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of billing and payments in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify revenue leakage and billing reliability improvements.
+
+## Tech Stack
+
+* **Payments**: Stripe
+* **Workflows**: Upstash Workflows + QStash
+
+## Review Scope
+
+### Billing and Payments (Stripe)
+
+* Support subscriptions and one-time payments as product needs require.
+* **Billing state machine follows mapping requirements**; UI must only surface explainable, non-ambiguous states aligned to server-truth.
+* Tax/invoicing and refund/dispute handling must be behaviorally consistent with product UX and entitlement state.
+
+### Webhook Requirements (High-Risk)
+
+* Webhooks must be idempotent, retry-safe, out-of-order safe, auditable
+* Billing UI reflects server-truth state without ambiguity
+* **Webhook trust is mandatory**: webhook origin must be verified (signature verification and replay resistance)
+* The Stripe **event id** must be used as the idempotency and audit correlation key
+* Unverifiable events must be rejected and must trigger alerting
+* **Out-of-order behavior must be explicit**: all webhook handlers must define and enforce a clear out-of-order strategy
+
+### State Machine
+
+* Define mapping: **Stripe state → internal subscription state → entitlements**
+* Handle: trial, past_due, unpaid, canceled, refund, dispute
+* UI only shows interpretable, non-ambiguous states
+
+## Key Areas to Explore
+
+* How robust is the webhook handling for all Stripe events?
+* What happens when webhooks arrive out of order?
+* How does the UI handle ambiguous billing states?
+* What revenue leakage exists (failed renewals, dunning, etc.)?
+* How are disputes and chargebacks handled end-to-end?
+* What is the testing strategy for billing edge cases?

package/assets/slash-commands/review-code-quality.md

@@ -0,0 +1,44 @@
+---
+name: review-code-quality
+description: Review code quality - linting, TypeScript, testing, CI
+agent: coder
+---
+
+# Code Quality Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of code quality in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify maintainability issues and technical debt.
+
+## Tech Stack
+
+* **Runtime**: Bun
+* **Linting/Formatting**: Biome
+* **Testing**: Bun test
+* **Language**: TypeScript (strict)
+
+## Review Scope
+
+### Non-Negotiable Engineering Principles
+
+* No workarounds, hacks, or TODOs.
+* Feature-first with clean architecture; designed for easy extension; no "god files".
+* Type-first, strict end-to-end correctness (**DB → API → UI**).
+* Serverless-first and server-first; edge-compatible where feasible without sacrificing correctness, security, or observability.
+* Mobile-first responsive design; desktop-second.
+* Precise naming; remove dead/unused code.
+* Upgrade all packages to latest stable; avoid deprecated patterns.
+
+## Key Areas to Explore
+
+* What areas of the codebase have the most technical debt?
+* Where are types weak or using `any` inappropriately?
+* What test coverage gaps exist for critical paths?
+* What code patterns are inconsistent across the codebase?
+* What dependencies are outdated or have known vulnerabilities?
+* Where do "god files" or overly complex modules exist?
+* What naming inconsistencies make the code harder to understand?

package/assets/slash-commands/review-data-architecture.md

@@ -0,0 +1,43 @@
+---
+name: review-data-architecture
+description: Review data architecture - boundaries, consistency model, server enforcement
+agent: coder
+---
+
+# Data Architecture Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of data architecture in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify improvements for consistency, reliability, and scalability.
+
+## Tech Stack
+
+* **API**: tRPC
+* **Framework**: Next.js
+* **Database**: Neon (Postgres)
+* **ORM**: Drizzle
+
+## Review Scope
+
+### Boundaries, Server Enforcement, and Consistency Model (Hard Requirement)
+
+* Define clear boundaries: domain rules, use-cases, integrations, UI.
+* All authorization/entitlements are **server-enforced**; no client-trust.
+* Runtime constraints (serverless/edge) must be explicit and validated.
+* **Consistency model is mandatory for high-value state**: for billing, entitlements, ledger, admin privilege grants, and security posture, the system must define and enforce an explicit consistency model (source-of-truth, allowed delay windows, retry/out-of-order handling, and acceptable eventual consistency bounds).
+* **Billing and access state machine is mandatory**: define and validate the mapping **Stripe state → internal subscription state → entitlements**, including trial, past_due, unpaid, canceled, refund, and dispute outcomes. UI must only present interpretable, non-ambiguous states derived from server-truth.
+* **No dual-write (hard requirement)**: subscription/payment truth must be derived from Stripe-driven events; internal systems must not directly rewrite billing truth or authorize entitlements based on non-Stripe truth, except for explicitly defined admin remediation flows that are fully server-enforced and fully audited.
+* **Server-truth is authoritative**: UI state must never contradict server-truth. Where asynchronous confirmation exists, UI must represent that state unambiguously and remain explainable.
+* **Auditability chain is mandatory** for any high-value mutation: who/when/why, before/after state, and correlation to the triggering request/job/webhook must be recorded and queryable.
+
+## Key Areas to Explore
+
+* How well are domain boundaries defined and enforced?
+* Where does client-side trust leak into authorization decisions?
+* What consistency guarantees exist and are they sufficient?
+* How does the system handle eventual consistency edge cases?
+* What would break if a webhook is processed out of order?

package/assets/slash-commands/review-database.md

@@ -0,0 +1,37 @@
+---
+name: review-database
+description: Review database - Drizzle migrations, schema drift, CI gates
+agent: coder
+---
+
+# Database Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of database architecture in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify improvements for performance, reliability, and maintainability.
+
+## Tech Stack
+
+* **Database**: Neon (Postgres)
+* **ORM**: Drizzle
+
+## Review Scope
+
+### Drizzle Migrations (Non-Negotiable)
+
+* Migration files must exist, be complete, and be committed.
+* Deterministic, reproducible, environment-safe; linear/auditable history; no drift.
+* CI must fail if schema changes are not represented by migrations.
+
+## Key Areas to Explore
+
+* Is the schema well-designed for the domain requirements?
+* Are there missing indexes that could improve query performance?
+* How are database connections pooled and managed?
+* What is the backup and disaster recovery strategy?
+* Are there any N+1 query problems or inefficient access patterns?
+* How does the schema handle soft deletes, auditing, and data lifecycle?

package/assets/slash-commands/review-delivery.md

@@ -0,0 +1,57 @@
+---
+name: review-delivery
+description: Review delivery gates - release blocking checks, verification
+agent: coder
+---
+
+# Delivery Gates Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of delivery gates in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify gaps in automated verification and release safety.
+
+## Tech Stack
+
+* **CI**: GitHub Actions
+* **Testing**: Bun test
+* **Linting**: Biome
+* **Platform**: Vercel
+
+## Review Scope
+
+### Delivery Gates and Completion
+
+CI must block merges/deploys when failing:
+
+* Code Quality: Biome lint/format, strict TS typecheck, unit + E2E tests, build
+* Data Integrity: Migration integrity checks, no schema drift
+* i18n: Missing translation keys fail build, `/en/*` redirects, hreflang correct
+* Performance: Budget verification, Core Web Vitals thresholds, regression detection
+* Security: CSP/HSTS/headers verified, CSRF protection tested
+* Consent: Analytics/marketing consent gating verified
+
+### Automation Requirement
+
+**All gates above must be enforced by automated tests or mechanized checks (non-manual); manual verification does not satisfy release gates.**
+
+### Configuration Gates
+
+* Build/startup must fail-fast when required configuration/secrets are missing or invalid.
+
+### Operability Gates
+
+* Observability and alerting configured for critical anomalies
+* Workflow dead-letter handling is operable and supports controlled replay
+
+## Key Areas to Explore
+
+* What release gates are missing or insufficient?
+* Where does manual verification substitute for automation?
+* How fast is the CI pipeline and what slows it down?
+* What flaky tests exist and how do they affect reliability?
+* How does the deployment process handle rollbacks?
+* What post-deployment verification exists?

package/assets/slash-commands/review-discovery.md

@@ -0,0 +1,34 @@
+---
+name: review-discovery
+description: Review discovery - competitive research, features, pricing opportunities
+agent: coder
+---
+
+# Discovery Review
+
+## Mandate
+
+* Perform a **deep, thorough review** to discover opportunities in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: this review IS the exploration—think broadly and creatively.
+
+## Review Scope
+
+### Review Requirements: Explore Beyond the Spec
+
+* **Feature design review**: define success criteria, journeys, state model, auth/entitlements, instrumentation; propose competitiveness improvements within constraints.
+* **Pricing/monetization review**: packaging/entitlements, lifecycle semantics, legal/tax/invoice implications; propose conversion/churn improvements within constraints.
+* **Competitive research**: features, extensibility, guidance patterns, pricing/packaging norms; convert insights into testable acceptance criteria.
+
+## Key Areas to Explore
+
+* What features are competitors offering that we lack?
+* What pricing models are common in the market and how do we compare?
+* What UX patterns are users expecting based on industry standards?
+* What integrations would add significant value?
+* What automation opportunities exist to reduce manual work?
+* What self-service capabilities are users asking for?
+* What technical capabilities could enable new business models?
+* Where are the biggest gaps between current state and market expectations?

package/assets/slash-commands/review-growth.md

@@ -0,0 +1,57 @@
+---
+name: review-growth
+description: Review growth - onboarding, viral mechanics, retention
+agent: coder
+---
+
+# Growth Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of growth systems in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify growth opportunities and conversion improvements.
+
+## Tech Stack
+
+* **Analytics**: PostHog
+* **Framework**: Next.js
+
+## Review Scope
+
+### Growth System (Onboarding, Share/Viral, Retention)
+
+* The review must produce a coherent, measurable growth system for activation, sharing/virality, and retention, aligned with compliance and anti-abuse constraints.
+
+### Onboarding
+
+* Onboarding must be:
+  * Outcome-oriented
+  * Localized
+  * Accessible
+  * Instrumented
+
+### Sharing/Virality
+
+* Sharing/virality must be:
+  * Consent-aware
+  * Abuse-resistant
+  * Measurable end-to-end
+
+### Retention
+
+* Retention must be:
+  * Intentionally engineered
+  * Monitored
+  * Protected against regressions
+
+## Key Areas to Explore
+
+* What is the current activation rate and where do users drop off?
+* How can time-to-value be reduced for new users?
+* What viral mechanics exist and how effective are they?
+* What retention patterns exist and what predicts churn?
+* How does the product re-engage dormant users?
+* What experiments could drive meaningful growth improvements?

package/assets/slash-commands/review-i18n.md

@@ -0,0 +1,54 @@
+---
+name: review-i18n
+description: Review i18n - locales, routing, canonicalization, UGC
+agent: coder
+---
+
+# Internationalization Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of internationalization in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify improvements for coverage, quality, and user experience.
+
+## Tech Stack
+
+* **i18n**: next-intl
+* **Framework**: Next.js
+
+## Review Scope
+
+### Supported Locales
+
+`en`, `zh-Hans`, `zh-Hant`, `es`, `ja`, `ko`, `de`, `fr`, `pt-BR`, `it`, `nl`, `pl`, `tr`, `id`, `th`, `vi`
+
+### URL Strategy: Prefix Except Default
+
+* English is default and non-prefixed.
+* `/en/*` must not exist; permanently redirect to non-prefixed equivalent.
+* All non-default locales are `/<locale>/...`.
+
+### Globalization Rules
+
+* Intl formatting for dates, numbers, currency
+* Explicit fallback rules
+* Missing translation keys must fail build
+* No hardcoded user-facing strings outside localization
+
+### UGC Canonicalization
+
+* Separate UI language from content language.
+* Exactly one canonical URL per UGC resource determined by content language.
+* No indexable locale-prefixed duplicates unless primary content is truly localized; otherwise redirect to canonical.
+* Canonical/hreflang/sitemap must reflect only true localized variants.
+
+## Key Areas to Explore
+
+* How complete and consistent are the translations across all locales?
+* What user-facing strings are hardcoded and missing from localization?
+* How does the routing handle edge cases (unknown locales, malformed URLs)?
+* What is the translation workflow and how can it be improved?
+* How does the system handle RTL languages if needed in the future?

package/assets/slash-commands/review-ledger.md

@@ -0,0 +1,38 @@
+---
+name: review-ledger
+description: Review ledger - financial-grade balance system, immutable ledger
+agent: coder
+---
+
+# Ledger Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of any balance/credits/wallet system in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify improvements for accuracy, auditability, and reconciliation.
+
+## Tech Stack
+
+* **Payments**: Stripe
+* **Database**: Neon (Postgres)
+* **ORM**: Drizzle
+
+## Review Scope
+
+### Financial-Grade Balance System (Only if "balance/credits/wallet" exists)
+
+* Any balance concept must be implemented as an **immutable ledger** (append-only source of truth), not a mutable balance field.
+* Deterministic precision (no floats), idempotent posting, concurrency safety, transactional integrity, and auditability are required.
+* Monetary flows must be currency-based and reconcilable with Stripe; credits (if used) must be governed as non-cash entitlements.
+
+## Key Areas to Explore
+
+* Is there a balance/credits system and how is it implemented?
+* If mutable balances exist, what are the risks and how to migrate to immutable ledger?
+* How does the system handle concurrent transactions?
+* What is the reconciliation process with Stripe?
+* How are edge cases handled (refunds, disputes, partial payments)?
+* What audit trail exists for financial mutations?

package/assets/slash-commands/review-observability.md

@@ -0,0 +1,43 @@
+---
+name: review-observability
+description: Review observability - logs, Sentry, correlation IDs, alerting
+agent: coder
+---
+
+# Observability Review
+
+## Mandate
+
+* Perform a **deep, thorough review** of observability in this codebase.
+* **Delegate to multiple workers** to research different aspects in parallel; you act as the **final gate** to synthesize and verify quality.
+* Deliverables must be stated as **findings, gaps, and actionable recommendations**.
+* **Single-pass delivery**: no deferrals; deliver a complete assessment.
+* **Explore beyond the spec**: identify blind spots and debugging improvements.
+
+## Tech Stack
+
+* **Error Tracking**: Sentry
+* **Analytics**: PostHog
+* **Platform**: Vercel
+
+## Review Scope
+
+### Observability and Alerting (Mandatory)
+
+* Structured logs and correlation IDs must exist end-to-end (request/job/webhook) with consistent traceability
+* Define critical-path SLO/SLI posture
+* Define actionable alerts for:
+  * Webhook failures
+  * Ledger/entitlement drift
+  * Authentication attacks
+  * Abuse spikes
+  * Drift detection
+
+## Key Areas to Explore
+
+* How easy is it to debug a production issue end-to-end?
+* What blind spots exist where errors go unnoticed?
+* How effective are the current alerts (signal vs noise)?
+* What SLOs/SLIs are defined and are they meaningful?
+* How does log correlation work across async boundaries?
+* What dashboards exist and do they answer the right questions?