PromptBase
Upgrade
Close icon
General
Home
Marketplace
Create
Hire
Login
Chat
Sell
Explore

Skill Details

Runtime
Any model
Example user message
[userMessage]: REQUIRED INPUTS REFACTOR_DESCRIPTION: Migrating from a single-tenant user authentication schema to a multi-tenant schema to support a new Enterprise SSO feature. Changing how user IDs are indexed and queried across the platform. CODE_TO_REFACTOR: `AuthService.ts` and `UserRepository.ts`. Specifically refactoring the `getUserById`, `validateSession`, and `createToken` methods to require a `tenant_id`. LANGUAGE: TypeScript / Node.js CODEBASE_SIZE: ~150 files, monolithic backend service. TEST_COVERAGE: 45% (Unit tests exist for utility functions, but integration tests for the database layer are missing). DEPLOYMENT: Scheduled weekly manual deploy. OPTIONAL INPUTS KNOWN_DEPENDENTS: Authentication middleware, BillingService.ts, UserProfile endpoints, and the daily CSV data export job.
Example agent response
``` INPUT STATUS: ASSESSABLE Component: AuthService.ts / UserRepository.ts (getUserById, validateSession, createToken) Test coverage: 45% → PROCEED ``` --- ### CHAIN 1 — BLAST RADIUS ANALYSIS **Pre-emit gate — basis for dependent count:** No static analysis was run. The estimate below combines the four named dependents (Authentication middleware, BillingService.ts, UserProfile endpoints, daily CSV export job) with an inference from the description itself — `getUserById`, `validateSession`, and `createToken` are core identity primitives in a 150-file monolith, which almost always means many unnamed call sites across route handlers, middleware, and background jobs beyond the four flagged. This is a count estimate, not a confirmed measurement. ``` CHAIN 1 — BLAST RADIUS ────────────────────────────────────────────────────────────────── Direct dependents: 4+ named, likely 20+ unnamed — WIDE Basis: 4 named in input + inferred from role (core auth primitives in a monolith are rarely called from only 4 places) Critical paths: AUTH_ACCESS (direct), API_CONTRACT (direct), PAYMENT_BILLING (via BillingService — partial), DATA_EXPORT (via CSV export job — partial) — DIRECT (multiple paths, at least one direct hit) Migration needed: HIGH — schema re-index of user IDs to tenant-scoped keys, plus a breaking signature change (mandatory tenant_id param) that every caller of these 3 methods must update ────────────────────────────────────────────────────────────────── Blast radius score: 6/30 (WIDE dependents + DIRECT critical path exposure + HIGH migration is the worst-case combination on this dimension) ``` ### CHAIN 2 — SAFETY ANALYSIS (bootstrapped from Chain 1) **Bootstrap note:** Chain 1 found WIDE blast radius hitting auth, billing, and data export simultaneously. Against that backdrop, 45% coverage with no DB-layer integration tests isn't a moderate gap — it's a gap sitting directly under the riskiest part of the platform. A silent regression here wouldn't surface in a unit test; it would surface as broken logins, broken billing lookups, or a corrupted CSV export, in production. ``` CHAIN 2 — SAFETY (calibrated by Chain 1) ────────────────────────────────────────────────────────────────── Test coverage: 45% → PARTIAL Bootstrap note: WIDE blast radius means this PARTIAL coverage is effectively the only thing standing between this change and four separate downstream failure modes (auth, billing, profile, export). Safety mechanisms: Feature flag: UNKNOWN — not stated whether tenant-aware auth can be toggled independently of legacy auth Canary deploy: NOT_AVAILABLE — deployment pattern is scheduled weekly manual deploy, not canary/gradual rollout DB transaction: UNKNOWN — not stated whether the re-indexing migration can be wrapped/rolled back atomically API versioning: UNKNOWN — not stated whether old and new method signatures can run side-by-side Shadow traffic: UNKNOWN — not stated Rollback: COMPLEX — weekly manual deploy cadence plus a schema re-index (data migration) means rollback isn't a quick flag flip; reverting likely requires a second migration and redeploy ────────────────────────────────────────────────────────────────── Safety score: 17/40 (PARTIAL coverage + no confirmed mechanisms + COMPLEX rollback) ``` ### CHAIN 3 — EXECUTION SCENARIOS + VERDICT Given a WIDE blast radius with DIRECT critical-path exposure (Scenario B's stated fit) *and* COMPLEX rollback risk on a critical path (Scenario C's stated fit), this refactor sits at the intersection. Between the two, Parallel Run is the better match here specifically because `validateSession` and `createToken` are session-issuing methods — a strangler-style gradual traffic migration on auth primitives risks having some sessions validated under the old schema and some under the new mid-migration, which is harder to reason about than a clean flag-flip fallback. **Recommended: Scenario C — Parallel Run.** Build the tenant-aware path alongside the existing single-tenant path, route a controlled subset of traffic to it, keep the legacy path as live fallback, and cut over via a flag once the new path has proven out against billing, profile, and export consumers. ``` Execution approach score: 11/30 (Even the best-fit scenario carries real complexity here: three consuming systems beyond auth itself, weekly deploy cadence limiting iteration speed, and an irreversible-feeling schema change at the center of it) ``` --- ### PHASE 5 — FINAL DELIVERY ``` ═══════════════════════════════════════════════════════════════════ REFACTOR RISK ESTIMATOR™ — W1-12 Component: Single-tenant → multi-tenant auth schema migration (AuthService.ts / UserRepository.ts) ═══════════════════════════════════════════════════════════════════ RISK VERDICT ────────────────────────────────────────────────────────────────── Overall score: 34/100 — MEDIUM Recommendation: GO WITH CONDITIONS Conditions: 1. Write integration tests for the DB layer specifically covering getUserById, validateSession, and createToken under tenant scoping before merging — this is the single highest-leverage gap given WIDE blast radius + PARTIAL coverage. 2. Confirm in writing whether a feature flag or API-versioning path exists to run old/new auth side-by-side. If neither is available, build one before starting — Parallel Run depends on it. 3. Test the rollback migration (reverse re-index) in a staging environment before the production deploy window, since the weekly manual cadence means a failed rollback attempt costs a full week, not minutes. 4. Get explicit sign-off from BillingService and the CSV export job owners before cutover — both are named dependents on a critical path (billing, data export) and neither is the team doing the refactor. BLAST RADIUS SUMMARY ────────────────────────────────────────────────────────────────── Direct dependents: 4+ named, WIDE (estimate — not a static-analysis count) Critical paths: AUTH_ACCESS (direct), API_CONTRACT (direct), PAYMENT_BILLING (partial), DATA_EXPORT (partial) Migration: HIGH — breaking signature change + schema re-index SAFETY CHECKLIST (complete before deploying) ────────────────────────────────────────────────────────────────── ☐ Integration tests written for DB-layer behavior of the 3 changed methods under tenant scoping ☐ Feature flag or versioning mechanism confirmed and configured ☐ Reverse-migration rollback procedure documented and tested in staging ☐ Monitoring/alerts set on login failure rate, billing lookup failure rate, and CSV export job success/failure ☐ BillingService and CSV export job owners briefed on cutover timing and rollback trigger conditions RECOMMENDED APPROACH ────────────────────────────────────────────────────────────────── Scenario: C — Parallel Run Rationale: Auth/session-issuing code is the riskiest place to do a gradual traffic migration (strangler-style), since it can leave some sessions validated against the old schema and some against the new mid-rollout. A parallel implementation with a flag-flip cutover keeps the legacy path as an immediate fallback for the highest-blast-radius, hardest-to-test part of this change. Step-by-step: 1. Build the tenant-aware versions of getUserById, validateSession, and createToken alongside the existing methods (not replacing them yet). 2. Run the re-indexing migration in a backward-compatible way — add tenant_id without removing the old single-tenant lookup path. 3. Write the missing DB-layer integration tests against the new path before routing any real traffic to it. 4. Route a small, low-risk internal slice of traffic to the new path; validate against billing and export consumers specifically. 5. Expand traffic gradually behind the flag; keep the legacy path live as fallback through at least one full weekly deploy cycle. 6. Remove the legacy path only after a full cycle with zero flagged regressions in auth, billing, profile, and export. CHAIN HISTORY ────────────────────────────────────────────────────────────────── Chain Focus Key finding Score 1 Blast radius WIDE dependents, DIRECT critical 6/30 paths (auth + billing + export), HIGH migration complexity 2 Safety PARTIAL coverage, no confirmed 17/40 safety mechanisms, COMPLEX rollback 3 Execution Parallel Run recommended given 11/30 session-issuing methods + weekly deploy cadence ═══════════════════════════════════════════════════════════════════ ``` One thing worth flagging directly, outside the template: the weakest link here isn't the schema migration itself, it's that nobody has confirmed a feature flag or versioning mechanism exists yet. If that turns out to be unavailable, this should be re-scored — Parallel Run isn't viable without it, and Strangler Fig becomes the fallback option despite the session-consistency concerns noted above.
🟧 Claude Skill

Refactor Risk Estimator

Add to Cart
Instant accessInstant access
Usage rightsCommercial use
Money-back guaranteeMoney‑back
By purchasing this skill, you agree to our terms of service
Tested icon
Guide icon
Free credits icon
Refactor Risk Estimator™ — STaR Bootstrap Loop Refactors that break production? Runs a 3-chain Self-Taught Reasoner loop: analyzes blast radius (dependencies + critical paths) → bootstraps safety analysis (test gaps + rollback feasibility) → synthesizes execution scenarios (big bang vs strangler vs parallel). Delivers risk score + go/no-go. Input: Refactor description + code + codebase size + test coverage Output: Risk score + safety checklist + execution plan + rollback procedure
...more
Added 14 hours ago
Report
Browse Marketplace