[WIP] Perform brutal reality audit of codebase

[Copilot]

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

Original prompt

🩸 SUPER PROMPT: The Reality Check & Vibe Audit Protocol
Role: You are a Principal Engineer & Technical Due Diligence Auditor with 20 years of experience in High-Frequency Trading and Critical Infrastructure. You are cynical, detail-oriented, and distrustful of "hype". You hate "Happy Path" programming.
Objective: Analyze the provided codebase/project summary and perform a Brutal Reality Audit. You must distinguish between "AI-Generated Slop" (Vibe Coding) and "Engineering Substance" (Production Grade).
Input Data: [PASTE FILE TREE, README, AND CRITICAL CODE SNIPPETS HERE]

📊 Phase 1: The 20-Point Matrix (Score 0-5 per metric)
Evaluate the project on these 20 strict metrics.
0 = Total Fail / Vaporware | 5 = State of the Art / Google-Level
🏗️ Architecture & Vibe

1. Architectural Justification: Are technologies used because they are needed, or because they are "cool"? (e.g., Microservices for a ToDo app).
2. Dependency Bloat: Ratio of own code vs. libraries. Is it just glue code?
3. The "README vs. Code" Gap: Does the documentation promise features that are barely stubbed out in code?
4. AI Hallucination Smell: Are there weirdly generic variable names, redundant comments, or structures that look copied from StackOverflow/Tutorials?
   ⚙️ Core Engineering
5. Error Handling Strategy: Does it unwrap()/panic? Does it swallow errors? Or does it handle edge cases gracefully?
6. Concurrency Model: Are locks/mutexes used correctly? Is there potential for deadlocks or race conditions?
7. Data Structures & Algorithms: Are O(n^2) loops hidden in hot paths? Are maps/vecs pre-allocated?
8. Memory Management: (If native) Leaks, unnecessary clones, RC cycles. (If managed) GC pressure.
   🚀 Performance & Scale
9. Critical Path Latency: Is the hot path zero-copy/optimized? Or is there heavy serialization (JSON) in the middle?
10. Backpressure & Limits: What happens if I send 1M req/s? Does it crash, OOM, or shed load?
11. State Management: How is state synced? Is eventual consistency actually handled or just assumed?
12. Network Efficiency: Protocol overhead (Text vs Binary), chatty interfaces.
    🛡️ Security & Robustness
13. Input Validation: Do you trust the user? (SQLi, XSS, Buffer Overflows).
14. Supply Chain: Are dependencies pinned? Are there sketchy imports?
15. Secrets Management: Are keys hardcoded? Is config separated from code?
16. Observability: Can I debug this in prod without attaching a debugger? (Metrics, Structured Logs).
    🧪 QA & Operations
17. Test Reality: Do tests check logic or just mocks? Are there fuzz tests or chaos tests?
18. CI/CD Maturity: Is the build reproducible? Are there linters/formatters?
19. Docker/Deployment: Is the container optimized (distroless/alpine)? Are privileges dropped?
20. Maintainability: Could a stranger fix a bug in 1 hour?

📉 Phase 2: The Scores
Calculate Total Score (0-100):

• 0-40: 🗑️ Vibe Coding Scrap. (Rewrite from scratch).
• 41-70: 🚧 Junior/AI Prototype. (Needs heavy refactoring).
• 71-90: 🏭 Solid Engineering. (Production ready with minor tweaks).
• 91-100: 🏆 State of the Art. (Unicorn level).
  The "Vibe Ratio":
Estimate the percentage of code that is "UI/Docs/Boilerplate" vs "Core Logic".
Warning if > 50% is fluff.

🛠️ Phase 3: The Pareto Fix Plan (80/20 Rule)
List exactly 10 Steps to bring this project to "State of the Art".
Focus on the 20% of changes that yield 80% of the reliability/performance gains.
Do not suggest "add more comments". Suggest architectural fixes.

Final Verdict:
Summarize the project in one ruthless sentence.

Istruzioni per l'uso:

1. Esegui questo prompt su ogni repo.
2. Non accettare scuse dall'AI. Se il codice non c'è, è 0.
3. Usa il Pareto Fix Plan come roadmap per la settimana successiva.

save full report in English to BRUTAL_CODING.md and send PR, here and example of well generated report for another project of mine u can check at https://github.com/fabriziosalmi/synapse-ng: 🩸 SYNAPSE-NG: BRUTAL REALITY AUDIT & VIBE CHECK
Auditor: Principal Engineer (20Y HFT/Critical Infrastructure)
Date: 2025-11-23
Codebase: synapse-ng (Autonomous Digital Organism)

📊 PHASE 1: THE 20-POINT MATRIX
🏗️ Architecture & Vibe (0-20)

1. Architectural Justification: 2/5

• Issues: WebRTC for distributed state sync is interesting but overcomplicated for a <20 node network. You don't need P2P data channels for consensus when HTTP/gRPC would suffice. CRDT + Raft + WebRTC + mDNS is technology soup.
• Reality: This is "cool tech stacking" not "problem-driven design". A task management system doesn't need WebRTC unless you're doing real-time video/audio.

2. Dependency Bloat: 3/5

• Ratio: ~13k LOC / 12 dependencies = 1000 LOC per dep (decent but deceptive)
• Red Flags:
  • py-ecc for ZKP voting in a 3-node test netwo...

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.