Skip to content

FLX-ENG-RFC-002-US-1.3 - Manual DMS Orientation

Field Value
Parent RFC FLX-ENG-RFC-002
GitHub Issue #11 - US-1.3
Owner Arun Singh
Priority P1
Status Ready for execution
Target window Day 1

Goal

Build enough source-level understanding of DMS to interpret scan results correctly and produce a credible Week 1 initial scan report.

Read Path

Use D:\Distribution-Management-Server if clean and current. If using the consolidated repo mirror, use the D: checkout for dms_ci_cd_test.

  1. README.md
  2. Solution file: *.sln
  3. API project: src/distribution-management-server-layered/
  4. Test project: distribution-management-server-layered-unit-tests/
  5. Workflows: .github/workflows/
  6. Docker topology: docker-compose.yml, docker/
  7. Database files: SQL scripts, EF migrations, DbContext
  8. Integration code: Meesho/client-specific layer

Approaches Considered

Approach Pros Cons
Manual read-through before scans Reduces false positives, identifies architecture context Takes 1-2 hours
Run tools first Fast Tool output lacks business context
Full refactor first Finds real issues Out of scope for EPIC-1

Verdict

Manual read-through first, then objective scans. EPIC-1 is discovery and baseline, not remediation.

Implementation Steps

  1. Record repository root, active branch, and commit SHA.
  2. List top-level directories and their purpose.
  3. Identify application entry point and dependency injection setup.
  4. Identify persistence model and database schema entry points.
  5. Identify external APIs and tenant-specific integrations.
  6. Identify CI workflow coverage.
  7. Record coupling hotspots as observations, not fixes.
  8. Feed notes into US-1.5 scan report.

Commands

git -C D:\Distribution-Management-Server rev-parse --short HEAD
Get-ChildItem D:\Distribution-Management-Server -Force
Get-ChildItem D:\Distribution-Management-Server -Recurse -Filter *.csproj
Get-ChildItem D:\Distribution-Management-Server -Recurse -Filter *.yml
rg -n "ConnectionStrings|DbContext|Npgsql|HttpClient|Meesho|TODO|FIXME" D:\Distribution-Management-Server

Test Cases

The output is acceptable when a new engineer can answer:

  • What is the app entry point?
  • Which database does local dev expect?
  • Which workflows run on PR?
  • Which folders are Core vs client-specific?
  • Which files should first-pass scans inspect?

Gating

  • Do not change source code during orientation.
  • Do not infer production behavior without workflow or runbook evidence.
  • Do not publish secrets from appsettings*.json, .env, PEM files, or scan output.

Definition of Completion

  • Orientation notes are captured in the Week 1 scan report.
  • Open questions are filed as GitHub issues or report gaps.
  • The scan plan for US-1.8 is scoped to actual repo structure.

Reviewer Reply Template

Thanks, I treated this as discovery only and fed the findings into the scan report instead of mixing in code changes.