Technical Debt Audit - 2026-02-07

Summary

Severity	Count
Critical	3
High	8
Medium	9
Low	4
Total	24

Active Codebases

• Python Telegram bot: AI/kuma-ai-agents/michi-telegram-bot/

• Node.js video project: keanu-reeves-video-project/keanu-action-video/

Critical Issues

C1: No CI/CD Pipeline

No automated testing, linting, or security scanning on push/PR. Regressions can ship silently.

C2: No Test Configuration

Existing test files (test_full_integration.py, test_git_executor.py, test_orchestrator_git.py) are not pytest-compatible. No pyproject.toml or conftest.py exists. No way to run tests systematically.

C3: Outdated Dependencies with Known Vulnerabilities

• npm: @types/web 161 versions behind; multiple packages outdated

• Python: python-telegram-bot==21.0.1, pydantic==2.10.0 — several minor versions behind

High Priority Issues

H1: .gitignore has project-specific paths instead of global patterns

Lines 38-40 target specific michi-telegram-bot/ paths. Should use global __pycache__/, *.py[cod], *.db patterns.

H2: Stale Java/Maven .gitignore entries

Lines 3-4, 10-15, 17-22, 26-31 contain Java/Maven/Spring patterns. No Java code exists in the repo.

H3: No pyproject.toml for Python project

Missing standard Python project configuration. Cannot run pytest, black, or mypy with project-specific settings.

H4: Bare except Exception blocks

claude_executor.py, orchestrator.py, state_manager.py catch broad Exception instead of specific errors.

H5: No structured logging configuration

bot.py has basic logging.basicConfig() but no configurable log level, no structured format, no file output option.

H6: Magic numbers in code

progress[:200] in claude_executor.py, str(e)[:200] in message_handler.py — unexplained truncation limits.

H7: Missing type hints on public functions

Several public functions lack return type annotations and parameter types.

H8: node_modules checked into working tree

keanu-action-video/node_modules/ exists on disk (not git-tracked, but no global node_modules/ ignore pattern).

Medium Priority Issues

M1: Test files use asyncio.run() instead of pytest-async

All three test files are script-style, not pytest-compatible.

M2: No conftest.py with shared fixtures

No temp DB fixture, no mock executor, no shared test setup.

M3: No test coverage for state_manager.py

CRUD operations, state transitions, and edge cases untested.

M4: No test coverage for claude_executor.py

Output parsing, timeout handling, progress callbacks untested.

M5: No test coverage for config.py

Default values and env var loading untested.

M6: No dependabot configuration

Dependencies won't get automated update PRs.

M7: WorkflowState enum coupled to state_manager.py

WorkflowState enum is imported from state_manager by orchestrator.py and callback_handler.py. Should be in a shared models.py.

M8: Output parsing logic embedded in execute_direct()

File path extraction ("Created file:", "Wrote to") is interleaved with subprocess management. Should be a pure function.

M9: Mutable default argument in git_executor.py

files_created: List[str] = [] at line 90 — classic Python mutable default gotcha.

Low Priority Issues

L1: REFACTORING_SUMMARY.md is untracked

Generated documentation file sitting in working tree.

L2: start_bot.sh has no error handling

Simple script with no set -e or validation.

L3: TESTING.md may be stale

Documentation about testing approach that may not match current code.

L4: Duplicate orchestrator instances

Both message_handler.py and callback_handler.py create separate WorkflowOrchestrator() instances at module level.