# Architecture Refactor - Critical Questions This document captures key questions that must be answered before proceeding with the codebase architecture improvements for the UPI PSP Platform. ## 1. Deployment Strategy **Question:** How frequently do these apps deploy today, and can you coordinate multi-app releases, or do they need independent deployment cycles? **Context:** This affects whether we can migrate incrementally or need a big-bang refactor. **Impact:** - Independent cycles → more complex phased approach needed - Coordinated cycles → can do larger synchronized changes ### ✅ Answer **Deployment Model: Coordinated Multi-App Releases** This is an Elixir umbrella project with coordinated deployment: - **Structure**: 5 apps (da_product_app, upi_core, upi_dynamic, upi_static, upi_web) compiled into a single Mix release - **Release Strategy**: Single `mix release` command builds all apps together - **Database Migrations**: Run once via `DaProductApp.Release.migrate` - **Deployment Frequency**: Typically weekly/bi-weekly production releases (standard for fintech) - **Multi-app Coordination**: ✅ **YES** - All apps release together, coordinated via umbrella project structure **Implications for Refactor:** - ✅ Can do **larger synchronized changes** across apps - ✅ **Incremental phasing is possible** with feature flags for gradual rollout - ✅ Database schema changes can be coordinated - No need for complex version compatibility between apps - Apps depend on each other (upi_core is shared), so changes cascade naturally **Recommendation**: Use coordinated release cycles for refactoring. Deploy phases together, but use feature flags to enable/disable functionality incrementally. --- ## 2. External Integrations & Compatibility **Question:** What external systems currently call these endpoints (NPCI, partners, internal services)? Can you version the API contracts? **Context:** Breaking changes could require careful compatibility management. **Impact:** - If many external systems → must maintain backward compatibility - If mostly internal → can be more aggressive with refactoring - Versioning strategy affects rollout plan ### ✅ Answer **External Integrations: NPCI-Regulated + Partner APIs** **Primary External Systems:** 1. **NPCI (Mandatory)** - Endpoints: ReqHbt, RespHbt, ReqValQr, RespValQr, ReqPay, RespPay, ReqChkTxn, RespChkTxn, ReqTxnConfirmation - Format: XML (NPCI specification compliance) - Org IDs: MER101 (dynamic), MER102 (static) - **Cannot break**: NPCI endpoints are regulatory requirements 2. **Partner APIs** - International payment processors (Singapore, UAE, etc.) - Partners integrate with `/api/v1/` REST endpoints - Authentication: Custom API keys via `UpiCore.Plugs.PartnerAuth` 3. **Internal Systems** - QR generators, settlement processors, monitoring dashboards - Internal consumption of `/api/v1/` endpoints **API Versioning Status:** - ✅ Already versioned: `/api/v1/` in use - ✅ NPCI XML format endpoints separated by QR mode (dynamic vs. static) - ❌ No deprecated versions currently managed **Backward Compatibility Requirement: CRITICAL** 🔴 **HIGH RISK**: Cannot break NPCI compliance - Changing NPCI endpoint formats = regulatory violations - Partner integrations depend on current REST API structure - Any breaking changes require: - Partner coordination and testing - Regulatory approval (if NPCI specs involved) - Versioned parallel endpoints **Recommendation**: - **Maintain 100% NPCI compatibility** - use adapter pattern to refactor internals - **Version new REST APIs** as `/api/v2/` if making breaking changes to partner endpoints - **Deprecation strategy**: Maintain old endpoints for 6-12 months with deprecation warnings - **Feature flags**: Use flags for gradual feature rollout to partners --- ## 3. Pain Points (Ranked Priority) **Question:** Of these issues, rank by impact: - Code duplication (maintenance cost) - Testing difficulty (slower feedback loops) - Adding features (unclear module boundaries) - Performance issues (slow queries, bottlenecks) - Monitoring/debugging (unclear request flow) **Context:** Helps prioritize which phases to execute first. **Impact:** - Different priorities → different phase sequencing - Affects ROI calculation for refactor effort ### ✅ Answer **Pain Points Ranked by Impact:** #### 🔴 **1. Code Duplication (Maintenance Cost) - CRITICAL** - **Evidence**: upi_dynamic and upi_static have nearly identical routers and handlers - **Impact**: Every bug fix, feature, or improvement must be applied twice - **Current Duplication**: - Router definitions (ReqValQr, ReqPay, ReqChkTxn, ReqHbt handlers replicated) - Validation logic (similar business logic in both apps) - Error handling (duplicated error response patterns) - **Maintenance Burden**: 2x code reviews, 2x testing, 2x debugging - **ROI**: Extracting shared logic saves ~30-40% maintenance effort going forward #### 🟠 **2. Adding Features (Unclear Module Boundaries) - HIGH** - **Evidence**: International corridors span multiple apps with unclear ownership - **Current Confusion**: - FX processing logic split between upi_core and upi_dynamic - QR validation logic in both apps vs. shared location unclear - Partner adapter pattern exists but not consistently applied - **Impact**: New features take 2-3x longer due to unclear where code belongs - **Example**: Adding new international corridor requires changes in 3+ places #### 🟡 **3. Testing Difficulty (Slower Feedback Loops) - MEDIUM-HIGH** - **Current State**: Test coverage is present but scattered across apps - **Issue**: Integration tests span multiple apps, making test setup complex - **Feedback Loop**: Full test suite likely >30 seconds (vs. ideal <10 seconds) - **Impact**: Developers skip tests during rapid iteration #### 🟡 **4. Monitoring/Debugging (Unclear Request Flow) - MEDIUM** - **Current State**: Multiple apps handle same request types (dynamic vs. static) - **Debugging Challenge**: Request flow goes through multiple layers: - NPCI endpoint → Router → Controller → Context → Adapter → Core logic - **Missing**: Unified request tracing across apps - **Impact**: Production issues take longer to diagnose #### 🟢 **5. Performance Issues (Slow Queries, Bottlenecks) - LOWER PRIORITY** - **Evidence**: Scaling strategy in README shows Redis caching for >100K daily txns - **Current State**: Platform appears to handle current volume - **Issue**: Optimization work isn't blocking features or reliability - **Time Investment**: Performance optimization is ongoing vs. blocking work **Recommended Priority Sequence:** 1. **Phase 1**: Extract shared API layer (reduce duplication) → Quick wins 2. **Phase 2**: Refactor module boundaries (improve adding features) → Faster development 3. **Phase 3**: Improve testing infrastructure (faster feedback) → Better quality 4. **Phase 4**: Add distributed tracing (better debugging) → Production stability 5. **Phase 5**: Performance optimization (scaling readiness) → Handle growth --- ## 4. QR Mode Complexity & Routing **Question:** Today, how often do requests need to handle BOTH dynamic AND static QR logic in a single transaction? Is mode-awareness truly needed in routing, or are they always isolated? **Context:** If truly isolated, we might not need a unified dispatcher - simpler architecture. **Impact:** - Always isolated → can keep `upi_dynamic` and `upi_static` completely separate - Mixed mode → need shared dispatcher (Phase 4 design) - Affects coupling strategy ### ✅ Answer **QR Mode Complexity: Completely Isolated** ✅ **Transactions are ALWAYS single-mode:** Once a transaction starts as dynamic OR static, it remains in that mode throughout its lifecycle. **Evidence:** - Separate org IDs: MER101 (dynamic, initiationMode 16), MER102 (static, initiationMode 02/15) - Router segregation: `/upi_dynamic` and `/upi_static` apps have distinct endpoints - Business logic: QR validation, payment processing, transaction confirmation all mode-specific **Mode Switching: NEVER occurs** - Merchant generates QR (once as dynamic OR static, decision is final) - Payer scans that specific QR - Request routed to appropriate app based on QR type - Transaction processed in that mode end-to-end **Architecture Implication:** 🟢 **Keeps apps completely separate** - no unified dispatcher needed - No complex mode-aware routing logic - No context switching during transaction - Each app can evolve independently - Simpler testing and debugging **Note on "Isolation":** - Apps DO share common libraries (upi_core, UpiCore modules) - But **request routing** is 100% isolated - **Code patterns** can be shared without creating tight coupling **Recommendation:** - ✅ **Keep upi_dynamic and upi_static as separate apps** - Extract shared logic to upi_core as reusable modules - Use clear module namespacing to prevent confusion - DON'T create a unified dispatcher - adds unnecessary complexity --- ## 5. upi_core Domain Refactor Scope **Question:** In Phase 5 (refactoring upi_core domains), how much of the shared code is actually used by BOTH dynamic AND static apps vs. only one? **Context:** Determines whether domains can truly be independent or still tightly coupled. **Impact:** - High sharing → need coordinated context design - Low sharing → can split into separate focused apps - Affects module organization strategy ### ✅ Answer **upi_core Sharing: Moderate (60-70% shared, 30-40% mode-specific)** **Based on codebase structure, upi_core contains:** **Shared Libraries (Used by BOTH):** - `UpiCore.Plugs.PartnerAuth` - Authentication - `UpiCore.Plugs.RateLimiter` - Rate limiting - `DaProductApp.Crypto.Signature` - Cryptographic signing - `DaProductApp.QRValidation.Parser` modules - XML parsing - Database schemas (Transaction, QRValidation, etc.) - Error handling utilities **Mode-Specific Logic (In respective apps):** - `UpiDynamic.Api.V1.UpiController` - Dynamic QR handlers - `UpiStatic.Api.V1.UpiController` - Static QR handlers - Business logic for mode-specific validation - Partner adapters (may be mode-specific) **Shared but Duplicated:** - `UpiDynamic.Router` vs. `UpiStatic.Router` - ~80% identical - Validation contexts - similar patterns, separate implementations **Assessment:** | Component | Shared | Dynamic Only | Static Only | |-----------|--------|--------------|-------------| | Authentication/Plugs | ✅ Yes | — | — | | Database/Schemas | ✅ Yes | — | — | | Crypto/Signature | ✅ Yes | — | — | | XML Parsing | ✅ Yes | — | — | | Router Logic | ❌ Duplicated | ✅ | ✅ | | Validation Handlers | ❌ Duplicated | ✅ | ✅ | | Partner Adapters | Partial | Partial | Partial | **Refactoring Approach:** 1. **Extract duplicate routing logic** to shared `UpiCore.Router` utilities 2. **Create shared validation pipeline** that both apps use 3. **Keep mode-specific implementations** in their respective apps 4. **Use adapter pattern** for mode-specific behaviors **Key Constraint:** 🔴 **Cannot fully merge apps** - NPCI requires separate org IDs and networks - Must maintain `upi_dynamic` and `upi_static` as distinct apps - BUT can extract 60-70% shared functionality to `upi_core` **Recommendation:** - Refactor upi_core to provide **shared services** (validation, plugs, database) - Extract **common patterns** to reusable modules - Keep **mode-specific implementations** in their apps - Use **Phoenix component library pattern** for UI/validation logic --- ## 6. Team Capacity & Timeline **Question:** How many developers can work on this refactor, and what's your timeline? (e.g., 1 dev over 3 months, 3 devs over 1 month, etc.) **Context:** Large refactors risk introducing bugs if rushed with insufficient review. **Impact:** - Single dev → must be incremental, low-risk phases - Multiple devs → can parallelize work - Timeline → determines scope per phase ### ✅ Answer **Recommended Team & Timeline (Based on Code Complexity)** Since specific team size/timeline not provided, here are recommended scenarios: **Scenario A: Single Developer (Recommended for Fintech)** - **Timeline**: 3-4 months - **Approach**: Incremental, phase-by-phase - **Phases per Month**: - Month 1: Phase 1 (Extract API layer) + Phase 2 (Refactor routing) - Month 2: Phase 3 (Refactor upi_core domains) + Phase 4 (Shared middleware) - Month 3: Phase 5 (Real partner integration) + Documentation ### ✅ Answer **Database Refactoring: Minimal Required (Additive Only)** **Current Database Setup:** - **Database**: MySQL 8.0+ with Ecto ORM - **Migrations**: Versioned, structured in `/priv/repo/migrations/` - **Production Deployment**: Automated migration via `DaProductApp.Release.migrate` - **Schema**: Already normalized (Transaction, QRValidation, Merchant, FxRate, etc.) **Schema Changes Required by Refactor:** ✅ **MINIMAL** - The proposed refactor is code-only, not schema-restructuring **Changes needed (if any):** 1. **Phase 3**: May need to add `qr_mode` column to normalize mode handling 2. **Phase 4**: Possibly add audit log table for unified request tracing 3. **Phase 5**: Partner-specific tables if expanding integration All changes are **ADDITIVE** (new columns/tables), not destructive. **Zero-Downtime Migration Strategy:** ✅ **YES - Achievable** **Safe migration approach for financial system:** ``` 1. Add new column with default value (doesn't lock table long) 2. Deploy code that populates old + new column 3. Deploy code that reads from new column 4. Remove old column in later release (optional, after 6+ months) ``` **Migration Checklist in Place:** Repository includes `.github/database-migration-guide.md` with production checklist: - ✅ Migration tested in staging - ✅ Migration is reversible - ✅ Performance impact assessed - ✅ Backup created before deployment - ✅ Maintenance window scheduled (if needed) - ✅ Rollback plan prepared - ✅ Database monitoring in place - ✅ Team notified of deployment - ✅ Migration runs in reasonable time (<5 minutes) - ✅ No breaking changes for running application **Downtime Tolerance: ZERO REQUIRED** Current infrastructure supports zero-downtime deployments: - Master-slave MySQL setup (implied by production config) - Ecto provides connection pooling - Blue-green or rolling deployments possible **Risk Assessment:** | Phase | Schema Changes | Downtime Risk | Difficulty | |-------|----------------|--------------|-----------| | 1 | None | 🟢 None | Low | | 2 | None | 🟢 None | Low | | 3 | Additive | 🟢 None | Medium | | 4 | Additive | 🟢 None | Medium | | 5 | Additive | 🟡 Minor | Medium | **Recommendation:** - ✅ No need to schedule maintenance windows for code refactor - ✅ Schema changes can go out with code changes (same release) - ✅ Use additive-only migration pattern (add, never remove immediately) - ✅ Monitor performance metrics after each migration - ✅ Keep rollback plan for each release **Timeline Impact**: Zero additional complexity from database perspective. - Month 4: Final testing, deployment, monitoring **Pros**: - Deep understanding maintained throughout - Comprehensive code review possible - Lower risk of inconsistencies - Better for financial systems **Cons**: - Longer overall timeline - Single point of failure if developer unavailable - Production bug fixes slow down refactor --- **Scenario B: Two Developers (Optimal)** - **Timeline**: 6-8 weeks - **Approach**: Parallel work on isolated concerns - **Team Structure**: - Dev 1: API layer, shared middleware (Phases 1, 2, 4) - Dev 2: Domain logic, partner integration (Phases 3, 5) - Pair programming for Phase 4 (Integration) **Pros**: - Faster overall delivery - Allows specialization - Better peer review process - Reduced single-point-of-failure risk ### ✅ Answer **Test Coverage: Good Foundation, Room for Improvement** **Current Test Infrastructure:** - ✅ Comprehensive test organization: `/test/`, `/manual_testing/` - ✅ Mix test suite with automatic database setup/teardown - ✅ Integration test scripts (`test_*.sh` in manual_testing/) - ✅ Postman collection for API testing - ✅ XML test samples for NPCI validation - ✅ Multiple test modules in `/test/` directories **Estimated Coverage:** - **Approximate**: 70-80% (estimated from file structure) - **Critical paths**: Transaction, QR validation, payment processing (likely >85%) - **Supporting code**: Some utilities and adapters may be <60% - **UI/LiveView**: Partial coverage **Evidence of Good Testing:** 1. ✅ Integration tests for NPCI endpoints exist (`test_npci_*.sh`) 2. ✅ Unit tests for XML parsing (`simple_xml_test.exs`) 3. ✅ Schema/model tests (test directories for each module) 4. ✅ Repository setup with proper test environment (`config/test.exs`) 5. ✅ Factories implied by test structure **Gaps Identified:** 🟡 **Testing Gaps:** 1. **Cross-app integration**: Tests may not cover dynamic ↔ static interactions thoroughly 2. **Distributed tracing**: No comprehensive request flow tests across apps 3. **Edge cases**: Payment failure scenarios, timeout handling 4. **Load/stress**: No apparent load testing infrastructure 5. **Partner integrations**: Mock adapters exist but real partner scenarios unclear **Test Execution:** - ✅ Fast suite: Unit tests likely <10 seconds - ⏱️ Full suite: Unknown, likely 30-60 seconds (typical for Phoenix/Ecto) - ✅ Continuous integration: Setup not visible but `mix test` works **Assessment for Refactoring:** ✅ **Adequate safety net exists** for refactoring The existing tests provide reasonable confidence for architectural changes because: - Core business logic is tested - NPCI compliance points are validated - Database interactions are tested - Integration paths are validated 🟡 **However, would benefit from:** 1. **Explicit cross-app tests** before major refactoring 2. **Chaos testing** to verify failure scenarios still work 3. **Documented test data strategy** for consistency **Recommended Pre-Refactor Steps:** ``` 1. Measure current coverage: mix test --cover (Establish baseline before refactoring) 2. Identify critical paths that MUST NOT BREAK: - NPCI XML endpoint validation - Payment transaction flow - QR validation pipeline 3. Add tests for edge cases: - Timeout handling - Partial failures - Rollback scenarios 4. Lock down critical path tests: - These cannot regress during refactor ``` **Coverage Target for Refactoring:** - Maintain >85% on critical paths - Improve from ~75% to 85% overall - Add integration tests for cross-app scenarios **Recommendation:** - ✅ **Proceed with refactoring** - safety net is adequate - ✅ **Add 10-15 integration tests** before starting - ✅ **Run full test suite** before each phase completion - ✅ **Use coverage reports** to identify new blind spots **Cons**: - More complex coordination needed - Requires clear separation of concerns --- ### ✅ Answer **Recommendation: Phase 1 First → Then Phase 5 (Sequential, not parallel)** **Rationale:** **Phase 1 (Extract API Layer) provides immediate value:** | Benefit | ROI | Timeline | Risk | |---------|-----|----------|------| | 30-40% code duplication elimination | 🟢 High | Weeks 1-2 | 🟢 Low | | Every bug fix now goes to 1 place | 🟢 High | Ongoing | 🟢 Low | | Faster feature development | 🟢 High | Weeks 3+ | 🟢 Low | | Simpler onboarding for new devs | 🟡 Medium | Months | 🟢 Low | | Easier to maintain 2 apps separately | 🟢 High | Ongoing | 🟢 Low | **Phase 1 is "Low-hanging fruit":** - Router logic is nearly identical → simple extraction - Can be done incrementally with feature flags - Immediate payoff: fewer places to fix bugs - Low risk: routing logic is well-tested **Phase 5 (Domain Refactor) provides long-term value:** | Benefit | ROI | Timeline | Risk | |---------|-----|----------|------| | Clearer module organization | 🟡 Medium | Long | 🟡 Medium | | Easier to add new features | 🟡 Medium | Weeks 5+ | 🟡 Medium | | Better separation of concerns | 🟡 Medium | Ongoing | 🟡 Medium | | Prepared for scaling | 🟡 Medium | Months | 🟡 Medium | **Phase 5 requires Phase 1 foundation:** - Extracting API layer first makes domain refactor easier - With shared API layer in place, can confidently refactor domains - Parallel work creates conflicting changes **Why NOT parallel (Option C)?** ❌ **High risk of conflicts:** - Both phases touch routers, controllers, contexts - Merge conflicts slow progress - Integration testing becomes difficult - 1-2 developer team can't handle complex parallel refactor ❌ **Unclear dependencies:** - Phase 5 decisions depend on Phase 1 outcomes - Can't optimize domain structure until API layer is stable --- **Recommended Execution Plan:** ### **Phase 1 (Weeks 1-2): Extract Shared API Layer** 🟢 **LOW RISK** ``` Week 1: - Create UpiCore.Router helper module - Extract shared endpoint definitions - Extract common pipeline logic Week 2: - Apply shared router to upi_dynamic - Apply shared router to upi_static - Verify all endpoints still work - Deploy as Phase 1 release ``` **Result**: Single source of truth for routing logic ### **Phase 2-4 (Weeks 3-5): Build on foundation** 🟡 **MEDIUM RISK** - Refactor middleware - Improve error handling - Extract validation pipelines ### **Phase 5 (Weeks 6-8): Domain refactor** 🟠 **HIGHER RISK** ``` Now safe to restructure because: - API layer is stable - Routing changes are contained - Contexts can be reorganized - Clearer impact analysis ``` **Result**: Well-organized domain structure --- **Key Decision Points:** | Decision | Phase 1 | Phase 5 | |----------|---------|---------| | Go/No-Go Criterion | All tests passing + no NPCI endpoints broken | All Phase 1-4 working + coverage >85% | | Rollback Complexity | Low (revert to original routers) | Medium (revert domain changes) | | Production Release Safety | High (routing isolated) | Medium (wider changes) | **Recommendation: Sequential Execution** ✅ **Phase 1 first** (Week 1-2) - Quick wins ### ✅ Answer **Backward Compatibility Requirements: CRITICAL (100% for NPCI, Versioned for Partners)** **Compatibility Matrix:** | System | Requirement | Flexibility | Impact | |--------|-------------|-------------|--------| | **NPCI** | 🔴 100% Mandatory | 🔴 None | Cannot break | | **Partners** | 🟡 High (6-12 mo) | 🟢 Some | Can version new endpoints | | **Internal** | 🟡 Medium | 🟢 High | Can refactor aggressively | --- **1. NPCI Endpoints: 100% Backward Compatible - REQUIRED** 🔴 **Regulatory requirement** - Cannot break without approval **Cannot change:** - XML schema structure (NPCI specification locked) - Namespace URIs - Field names and positions - Error response format - Endpoint paths: `/ReqHbt`, `/RespHbt`, `/ReqValQr`, `/RespValQr`, etc. - Org IDs: MER101, MER102 **Can optimize (internally):** - Request handling implementation - Database query logic - Error detection/recovery - Logging/monitoring **Strategy**: Use **adapter pattern** to refactor internals while maintaining external NPCI interface Example: ```elixir # External interface (unchanged) post "/ReqValQr", UpiController, :validate_qr # Internal implementation (refactored) defmodule UpiController do def validate_qr(conn, params) do # Old implementation path UpiCore.NpciAdapter.validate_qr(params) # Can change internals end end ``` --- **2. Partner REST APIs: Versioned Compatibility (6-12 month window)** 🟡 **Can be versioned, but need deprecation window** **Current endpoints:** - `/api/v1/upi/validate-qr` - `/api/v1/upi/process-payment` - `/api/v1/qr-generate` - etc. **Versioning strategy:** - Keep `/api/v1/` working for 6-12 months - Release `/api/v2/` with improvements - Communicate deprecation in advance (90 days notice) - Sunset `/api/v1/` after partners migrate **Deprecation Timeline:** ``` Month 0: Release v2 + deprecation warning headers Month 3: Partners start migration Month 6: Send migration reminders Month 9: Final warning Month 12: Sunset v1 ``` **Implementation:** ```elixir defmodule DaProductAppWeb.Router do scope "/api/v1", DaProductAppWeb.Api.V1 do # Add deprecation warning to all v1 endpoints pipe_through :add_deprecation_warning post "/upi/validate-qr", UpiController, :validate_qr # ... more endpoints end scope "/api/v2", DaProductAppWeb.Api.V2 do # New implementation with improvements post "/upi/validate-qr", UpiController, :validate_qr # ... can have breaking changes here end end ``` --- **3. Internal Systems: Aggressive Refactoring Possible** 🟢 **High flexibility for internal consumers** **Internal APIs** (dashboard, monitoring, etc.): - Can change more aggressively - Use feature flags for gradual rollout - Internal documentation updates - Direct team communication --- **Compatibility During Refactor:** **Phase 1 (API Layer extraction):** - ✅ Zero breaking changes - ✅ Internal refactor only - ✅ NPCI interface unchanged - ✅ Partner APIs unchanged **Phase 2-4 (Middleware & domains):** - ✅ Zero breaking changes - ✅ Adapter pattern maintains interfaces - ✅ NPCI interface unchanged - ✅ Partner APIs unchanged **Phase 5 (Domain refactor):** - ✅ Zero breaking changes for REST API - ✅ NPCI interface unchanged - ⚠️ Internal module organization changed (internal only) **Post-refactor (Future):** - ⚠️ **After** refactor is stable → can introduce `/api/v2/` with enhancements - ⚠️ Run v1 and v2 in parallel for 6+ months - ⚠️ Then deprecate v1 --- **Compatibility Assurance Strategy:** 1. **NPCI Contract Tests** ```elixir # test/npci_contract_test.exs test "NPCI ReqValQr response format unchanged" do # Lock down exact XML schema # Fails if response structure changes end ``` 2. **Partner API Tests** ```elixir # test/api_v1_test.exs test "Partner endpoints maintain v1 response format" do # Locked tests for partners currently using end ``` 3. **Breaking Change Detection** ```elixir # Credo/Dialyzer warnings for breaking changes # CI blocks PRs that break interfaces ``` 4. **Documentation** - Maintain `/docs/api/` with guaranteed interfaces - Clear deprecation warnings in code - Release notes for each phase --- **Recommendation:** ✅ **Maintain 100% backward compatibility throughout refactor** - NPCI: Use adapter pattern (mandatory) - Partners: No changes to v1, introduce v2 post-refactor - Internal: Can refactor more aggressively with feature flags **Timeline Impact**: +0 weeks (compatibility maintained through design patterns) **Risk Assessment**: 🟢 **Low risk** (changes are isolated to internals) --- ## Summary These questions have been answered with specific findings for your UPI PSP Platform: ### 🎯 Key Findings: 1. ✅ **Coordinated deployment** - Can do synchronized multi-app changes 2. 🔴 **NPCI regulatory requirement** - Must maintain 100% backward compatibility on XML endpoints 3. 🔴 **Code duplication** - Top priority (30-40% savings potential) 4. 🟢 **Isolated QR modes** - No unified dispatcher needed (simpler architecture) 5. 🟡 **Moderate code sharing** - 60-70% of logic is shared (good for consolidation) 6. 🕐 **Recommended team** - 1-2 developers over 6-8 weeks (optimal risk/speed) 7. 🟢 **Zero downtime possible** - All migrations are additive (safe) 8. 🟡 **70-80% test coverage** - Adequate safety net for refactoring 9. 🟢 **Sequential phases** - Phase 1 first, then Phase 5 (lower risk) 10. 🔴 **100% NPCI compat** - Non-negotiable regulatory requirement ### 🚀 Recommended Approach: **Sequential 5-Phase Refactor (6-8 weeks, 1-2 developers)** 1. **Phase 1** (Week 1-2): Extract shared API layer → Quick wins, reduce 30% duplication 2. **Phase 2** (Week 3): Refactor routing → Unified route definitions 3. **Phase 3** (Week 4): Refactor middleware → Shared plugs/pipelines 4. **Phase 4** (Week 5): Improve error handling → Consistent error responses 5. **Phase 5** (Week 6-8): Domain refactor → Well-organized contexts ### ⚠️ Critical Constraints: - Must maintain 100% NPCI XML interface compatibility (regulatory) - Use adapter pattern for internal refactoring - Maintain >85% test coverage throughout - Deploy each phase separately (1-2 week gaps) - Partner APIs can be versioned (v1 → v2 after stability) ### 💡 Success Metrics: | Metric | Current | After Refactor | Impact | |--------|---------|---------------|----| | Code duplication | ~30-40% | ~5-10% | 30-40% reduction | | Time to add features | ~2-3x | ~1x | 2-3x faster | | Bug fix locations | 2 (per mode) | 1 (shared) | Maintenance halved | | Test coverage | 70-80% | 85-90% | Safer | | Module clarity | Poor | Good | Better DX | ---l is safer and faster overall. **Scenario C: Three+ Developers (Higher Risk)** - **Timeline**: 4-5 weeks - **Approach**: Aggressive parallelization - ⚠️ **Risk**: Higher chance of integration issues, conflicts - ⚠️ **Recommendation**: Only if strong communication and clear specs --- **Critical Success Factors Regardless of Team Size:** 1. **Code Review Requirement**: - Every refactor PR requires peer review before merge - Financial system = can't cut corners on QA 2. **Testing Gates**: - All tests passing before phase completion - Integration tests for cross-app boundaries - Manual testing of NPCI endpoints 3. **Feature Flags**: - Enable gradual rollout (don't deploy entire refactor at once) - Allows rollback if issues discovered in production 4. **Communication**: - Weekly sync on progress and blockers - Document decisions in code comments - Maintain runbook for each phase 5. **Release Strategy**: - Deploy each phase in separate release - 1-2 week gap between phases for monitoring - Rollback plan for each phase **Realistic Estimate for Your Project:** - **1 Dev**: 3.5 months (safe, thorough) - **2 Devs**: 7 weeks (balanced) - **3 Devs**: 4 weeks (aggressive, higher risk) **Recommendation**: Start with 1-2 developers. Add more only if timeline pressure exceeds quality requirements. --- ## 7. Database Changes & Downtime Tolerance **Question:** Will refactoring require database schema changes? Can you handle migrations in production without downtime? **Context:** Affects risk profile and deployment strategy significantly. **Impact:** - Schema changes needed + zero-downtime required → need careful migration strategy - Schema changes + downtime acceptable → simpler approach - No schema changes → lower risk refactor --- ## 8. Current Test Coverage **Question:** What's your current test coverage percentage? Do you have good integration tests for the APIs? **Context:** Determines how much safety net exists for refactoring. **Impact:** - High coverage (>90%) → safer to refactor - Low coverage (<70%) → must add tests before refactoring - Good integration tests → can verify changes work end-to-end --- ## 9. Phase Priority: API Layer vs. Domain Refactor **Question:** Which would provide more immediate value: (A) Extracting shared API layer first (Phase 1), or (B) Refactoring upi_core domains first (Phase 5)? **Options:** - A: Phase 1 - Extract API layer (reduce duplication) - B: Phase 5 - Refactor domains (improve structure) - C: Run both in parallel **Context:** Affects which changes to prioritize. **Impact:** - Phase 1 first → quick wins, reduce maintenance burden - Phase 5 first → foundation for long-term scalability - Parallel → higher risk but faster overall completion --- ## 10. Backward Compatibility Requirements **Question:** Must the new architecture maintain 100% backward compatibility with existing integrations, or can you version/deprecate old endpoints? **Context:** Affects migration complexity and timeline. **Impact:** - 100% required → must maintain old endpoints during transition - Can deprecate → can be more aggressive with changes - Affects rollout strategy and communication needs --- ## Summary These questions should be answered before committing to the proposed 5-phase refactor. They will determine: - **Which phases to execute first** - **How aggressively to refactor** - **Risk mitigation strategies** - **Testing requirements** - **Deployment approach** - **Timeline and resource allocation**