N. Risks & Mitigations
← Back to README
Risk Register
⛔ Critical Risks
| ID |
Risk |
Probability |
Impact |
Mitigation |
| R01 |
GitHub PAT in production — credential exposure |
ACTIVE |
CRITICAL |
Revoke immediately. Audit git history. Replace soreto-arena install method. |
| R02 |
Node 10 — zero security patches since Dec 2020 |
ACTIVE |
HIGH |
Deploy WAF (Cloudflare / AWS WAF) in front of reverb-react Heroku app immediately; accelerate Next.js 16 rewrite in apps/legacy-portal/ — new scaffold starts on Node 24 |
🔴 High Risks
| ID |
Risk |
Probability |
Impact |
Mitigation |
| R03 |
seneca.js incompatible with Node 18+ |
MEDIUM |
HIGH |
Test on Node 18 before upgrading production; have amqplib migration plan ready |
| R04 |
Knex 0.16 → 3.x migration breaks zoe database |
HIGH |
HIGH |
Increment upgrade step-by-step (0.16 → 0.21 → 0.95 → 2 → 3); validate against staging DB at each step |
| R05 |
Default secrets silently active in production |
MEDIUM |
HIGH |
Audit all Heroku config vars; add startup validation that fails if secrets are defaults |
| R06 |
reverb-react modernization scope grows beyond estimate |
MEDIUM |
HIGH |
Time-box at 10 weeks; build admin + client routes first; defer edge features; gradual cut-over (10% → 50% → 100%) once scaffold is live |
| R07 |
soreto-melissa deploys without CI — regressions reach users |
MEDIUM |
HIGH |
Phase 1 priority: add GitHub Actions CI immediately |
| R08 |
Puppeteer 9 → 25.x breaks affiliate PDF processors |
HIGH |
MEDIUM |
Test each processor individually in staging after upgrade; maintain old Puppeteer as a fallback while testing |
| R09 |
connect-redis@3 → 6 breaks session handling |
MEDIUM |
HIGH |
Test session persistence on staging; roll back if sessions drop in production |
🟡 Medium Risks
| ID |
Risk |
Probability |
Impact |
Mitigation |
| R10 |
Monorepo CI becomes slow without caching |
MEDIUM |
MEDIUM |
Enable Turborepo remote cache from day 1; use --filter=[HEAD^1] to run only affected packages |
| R11 |
TypeScript migration in reverb-backend causes regressions |
LOW |
HIGH |
Adopt TypeScript only for new files initially; use allowJs: true to avoid touching existing code |
| R12 |
@rjsf/core@6.0.0-beta.10 breaks in production |
LOW |
MEDIUM |
Pin the exact beta version; test thoroughly before any upgrade; track the stable release |
| R13 |
Cross-schema PostgreSQL queries break when schemas are on different servers |
LOW |
HIGH |
Query information_schema to detect cross-schema references before any infrastructure change |
| R14 |
Monorepo PR scope expands uncontrollably |
LOW |
MEDIUM |
CODEOWNERS per package; enforce apps/ PRs separate from packages/ PRs |
| R15 |
Bull 3 memory leaks under high zoe load |
LOW |
MEDIUM |
Monitor Redis memory usage; migrate to BullMQ if leaks observed |
| R16 |
soreto-arena private fork becomes orphaned |
HIGH |
MEDIUM |
Replace with upstream bull-arena or bull-board from npm before PAT is revoked |
| R17 |
Two library-pair mismatches (react@17/dom@16.5 + react-router@3/dom@4) cause rendering issues |
MEDIUM |
MEDIUM |
Do not fix in-place — Next.js 16 rewrite in apps/legacy-portal/ starts on React 19 + App Router; both mismatches eliminated from day one |
| R18 |
Hardcoded analytics tokens (Mixpanel, GA) exposed in git |
MEDIUM |
LOW |
Rotate tokens; add to env vars with validated loading |
🟢 Low Risks (Monitor)
| ID |
Risk |
Probability |
Impact |
Mitigation |
| R19 |
Elasticsearch 7.x compatibility with Node 24 |
LOW |
MEDIUM |
Test @elastic/elasticsearch@7.13.0 on Node 24 before upgrade |
| R20 |
ioredis@4.14.0 compatibility with Node 24 |
LOW |
MEDIUM |
ioredis v4 is compatible with Node 22 — test on 24; monitor for deprecation warnings |
| R21 |
npm workspace protocol requires npm 7+ |
LOW |
LOW |
npm 7+ (included with Node 14+) supports workspaces natively — no tooling change needed |
| R22 |
Next.js 13 → 16 upgrade breaks melissa pages |
LOW |
MEDIUM |
Upgrade 13 → 14 → 15 → 16 incrementally; validate at each step. React 18 → 19 coordinated with 15 → 16. |
Risk Mitigation Priority Matrix
│ LOW IMPACT │ MEDIUM IMPACT │ HIGH IMPACT
──────────┼──────────────┼─────────────────┼──────────────
ACTIVE │ │ │ R01, R02
──────────┼──────────────┼─────────────────┼──────────────
HIGH │ │ R08, R16 │ R03, R04, R05
PROB │ │ │ R06, R07, R09
──────────┼──────────────┼─────────────────┼──────────────
MEDIUM │ R18 │ R10, R12, R17 │ R11, R13
PROB │ │ │
──────────┼──────────────┼─────────────────┼──────────────
LOW │ R21 │ R14, R15, │ R19, R22
PROB │ │ R19, R22 │
Action priority: R01 → R02 → R07 → R05 → R04 → R03 → R06 → R08
Compensating Controls
Where a risk cannot be immediately mitigated, compensating controls reduce exposure:
| Risk |
Compensating Control |
| R02 (Node 10 EOL) |
Deploy WAF (Cloudflare / AWS WAF) in front of reverb-react; restrict to known IP ranges if admin-only; accelerate Next.js 16 rewrite to reduce exposure window |
| R07 (melissa no CI) |
Manual pre-deploy checklist; designated QA session before each deploy |
| R05 (default secrets) |
Startup check that asserts secrets are not the default values; fail fast |
Monitoring Recommendations
Once the monorepo migration is underway, add monitoring for:
- Redis memory usage — Bull 3 can accumulate completed jobs
- Heroku dyno count — seneca multi-process may need dyno rebalancing
- Error rates per service — reverb-backend's winston logs should feed an alerting system
- Build time per package — Turborepo cache hit rate should be >60% within 2 months of setup
- Legacy portal traffic — Critical for cut-over timing decision (Phase 5)
Navigation