Analysis Roadmap

1. Goal

Provide a concrete set of investigative steps to answer the "How" for:

1. Performance Bottlenecks (Immediate Relief)
2. Refactoring Prioritization (Strategic Planning)
3. Security Vulnerabilities (Risk Mitigation)
4. Docker/CD Migration (Modernization)
5. Automated Testing & Living Documentation (Quality Assurance)

2. Roadmap

2.1. Performance Analysis

• Goal: Identify "N+1" queries and slow synchronous I/O.
• Tool: MiniProfiler.
• Steps:
  1. Install MiniProfiler.Mvc4 NuGet package in WepNG_OMGT.
  2. Add MiniProfiler.Start() in Global.asax.cs (Application_BeginRequest).
  3. Navigate to Order/List page and observe query counts.
  4. Document "Top 5 Slowest Requests".

2.2. Refactoring Prioritization (Hotspot Analysis)

• Goal: Find code that is both Complex and Frequently Changed.
• Method: Hotspot Analysis Methodology.
• Results: See Hotspot Analysis Results.
• Findings (Preliminary):
  • WEPV2ModelBuilder.cs (261 changes) -> Critical Risk.
  • OrderOMGT.cs (120 changes) -> High Domain Complexity.
• Steps:
  1. Run formal "Hotspot Analysis" (Complexity vs Churn).
  2. Flag files > 1000 lines with > 50 commits/year.

2.3. Security Analysis

• Goal: Identify critical vulnerabilities (Secrets, SQLi, Legacy Auth).
• Findings (Preliminary):
  • Secrets: Web.config contains cleartext SQL passwords and hardcoded machineKey.
  • Auth: Uses legacy SqlMembershipProvider (potentially weak hashing).
  • XSS: requestValidationMode="2.0" implies degraded cross-site scripting protection.
  • WepAccess: Identified as Collaborator Portal with high-risk authorization logic (see Analysis).
• Results: See Security Audit Findings.
• Steps:
  1. Secret Audit: Search for Password=, ApiKey, and AWS/Azure keys in code.
  2. Validation Audit: Grep for [ValidateInput(false)] and AllowHtml in Controllers/Models.
  3. SQL Injection Scan: Search for ExecuteSqlCommand and string concatenation in WepNG_Business.
  4. Verify Config: Check compilation debug="false" and customErrors in production config.

2.4. Infrastructure & Continuous Deployment (Docker)

• Goal: Containerize the Monolith (Windows Container).
• Strategy: Hybrid Strangler Fig (Docker Migration Strategy).
• Blockers Identified:
  • Hardcoded local paths (C:\Projects, C:\Temp).
  • Local IIS Dependencies (App_Pool).
  • Local File System Dependencies (EIT_Packages relative paths).
• Steps:
  1. Strategy Definition: Defined Hybrid Strangler + Logic Side-car approach.
  2. Configuration: Replace C:\Temp with Environment.GetEnvironmentVariable("WEP_TEMP").
  3. Dependencies: Move EIT_Packages to a private NuGet feed or vendor them inside the repo properly.
  4. Container: Create Dockerfile based on mcr.microsoft.com/dotnet/framework/aspnet:4.8.

2.5. Reporting Evolution

• Goal: Move from Embedded BI / Monolithic Reporting to Zoho Analytics.
• Analysis: Reporting Analysis.
• Steps:
  1. Analysis: Identified WA "Feeders" and BO "DevExpress" as key legacy debts.
  2. Freeze Feeders: Enforce "No new logic in C# Feeders" policy.
  3. ETL Prototype: Create data export job for Orders/Invoices to Zoho.
  4. Inventory: Catalog all BO Reports to separate "Analytical" vs "Operational".

2.6. Refactoring & Cleanup

• Goal: Remove dead code to reduce cognitive load.
• Steps:
  1. Zombie Cleanup: Delete Forms module (vestigial).
  2. Legacy Retirement: Retire INET module (internal notes).

2.7. Automated Testing & Living Documentation

• Goal: Break the "Legacy Code Dilemma" and document business rules.
• Strategy: Hybrid approach (Unit Tests for logic, Gherkin for behavior).
• Steps:
  1. Unit Testing (Seams):
     • Create WepNG.Tests project (.NET 4.8).
     • Install xUnit and FluentAssertions.
     • Target EITWEP.WEPUtils (Pure functions).
     • Extract interfaces from "God Services" to enable mocking.
  2. Living Documentation (Gherkin):
     • Strategy: Gherkin Strategy.
     • Plan: Implementation Roadmap.
     • Execution: Setup WepNG.Tests.Specs and FeeController Pilot.

2.8. Functional Specification Pilot (OMGT)

• Goal: Validate the Hybrid Specification Strategy.
• Strategy: Functional Strategy.
• Steps:
  1. Dashboard Logic (Gherkin): AppFeeNotPaidFirstReminder.
  2. User Task (Use Case): AssignCallback (with Gap Analysis).
  3. Workflow (State Diagram): PlacementRequest Lifecycle.

2.9. OMGT Modernization Pilot (Priority Engine)

• Goal: Validate "Async Calculation" and "Side-car Logic" patterns on legacy entities without blocking the monolith.
• Specification: Priority Index Specification.
• Deliverables:
  1. Schema: Add PriorityScore to OrderTravelProductOMGT.
  2. Service: Implement OrderPriorityService (Pure C#).
  3. Async Trigger: Implement Fire-and-Forget hook on Save().
  4. Dashboard: Sort by PriorityScore.