# Deferred Improvements Items identified during the Feb 2026 architecture review that were deferred due to complexity, low urgency, or dependency on other work. ## Infrastructure ### Per-Session MCP Execution - **Problem:** All MCP tool calls go through a single `MyMCPServer.Manager` GenServer. Tool calls are serialized. - **Fix:** Spawn per-session MCP server processes. Requires Hermes refactor to support multiple server instances. - **Blocked by:** Hermes library architecture (single server process model) ### Oban / Persistent Job Queue - **Problem:** No persistent job queue. Scheduled operations (alarms, recurring tasks) use in-memory timers that are lost on restart. - **Fix:** Add Oban with PostgreSQL or SQLite adapter for durable background jobs. - **Deferred because:** Adds a significant dependency. Current single-user workload is manageable with in-memory timers. Revisit when reliability of scheduled operations becomes critical. ### Idempotency Keys - **Problem:** No idempotency protection on API mutations. Retries could create duplicate records. - **Fix:** Add idempotency key header/param. Store recent keys in ETS or SQLite with short TTL. - **Deferred because:** Single-user system with low concurrency. Network retries are rare. Implement when multi-user or external API consumers are added. ### Database Backup Strategy - **Problem:** SQLite files are not backed up. Data loss on disk failure. - **Fix:** Periodic `VACUUM INTO` to backup directory. Offsite sync via rclone or S3. - **Deferred because:** Low data volume. Manual backups suffice for now. ### Session Invalidation on Role Revoke - **Problem:** When a role or permission is revoked, active sessions still hold the old permission map until they re-fetch. - **Fix:** Push invalidation via PubSub or SSE. Session processes subscribe to permission change events and re-fetch on notification. - **Deferred because:** TTL expiry gap is documented in MEMORY.md. Low risk in single-user scenario. ## Features ### Per-User Timezones - **Problem:** All timestamps use server timezone. `AuthContext` has a `timezone` field but it's not threaded through to task scheduling, NIS follow-ups, or display formatting. - **Fix:** Thread `AuthContext.timezone` through task manager, NIS, and web templates. Use `Calendar.strftime/3` with timezone for display. - **Deferred because:** Single-user system. The user's timezone is configured at the MCP tool level. Implement when multi-user support is added. ### Budget / Quota Controls - **Problem:** No limits on API calls, tool invocations, or LLM token usage per user. - **Fix:** Add per-user quotas tracked in SQLite. Check quota in `has_permission?/2`. Decrement on use. - **Deferred because:** Single-user system. No billing. Implement when multi-tenant or when LLM costs need tracking. ### Multi-Agent Handoff - **Problem:** A2A protocol supports task delegation but not handoff between multiple agents. - **Fix:** Implement A2A `tasks/pushNotification` for agent-to-agent handoff. Add routing logic in A2A server. - **Deferred because:** A2A specification is still evolving. Current single-agent model is sufficient. ### Streaming A2A Responses - **Problem:** A2A responses are buffered. Long-running tool calls block until completion. - **Fix:** Implement SSE streaming for A2A task artifacts. Use `tasks/sendSubscribe` endpoint. - **Deferred because:** Current response times are acceptable. Streaming adds complexity to client handling. ### Vector Search UI - **Problem:** Blog and summary vector search is only available via MCP tools. No web interface. - **Fix:** Add `/search` page with semantic search across blogs and summaries. Display results with similarity scores. - **Deferred because:** MCP tool access is sufficient for current workflow. Web UI is nice-to-have. ## Code Quality ### Centralized Permission Checks (Partial) - **Status:** Documented in MEMORY.md as "Pending Refactor" - **Problem:** Permission checks happen in the MCP transport layer (`my_mcp_server.ex`) instead of functional modules. Web routes have no permission checks. - **Fix:** Move guards into functional modules. Each returns `{:not_allowed, reason}`. Transport layers pass permissions through. - **Progress:** `Permissions.Keys` and `AuthContext` (Phases 2A/2B) laid the groundwork. Router decomposition (Phase 3A) separated concerns. Full migration requires touching every functional module. ### Handle Tool Call Dispatch Refactor - **Problem:** `my_mcp_server.ex` still contains ~850 lines of `handle_tool_call/3` clauses. - **Fix:** Move dispatch into each `Permissions.*` module (e.g. `Permissions.Tasks.handle_call/2`). `MyMCPServer` becomes a thin dispatcher. - **Deferred because:** Phase 5A (tool registration refactor) was the priority. Dispatch refactor is the natural next step. ### HTML Route Extraction - **Problem:** ~500 lines of HTML routes remain in the main router for tasks, chat, access control, blogs, and summaries. - **Fix:** Extract to `Router.TasksWeb`, `Router.ChatWeb`, etc. following the API sub-router pattern. - **Progress:** API routes extracted in Phase 3A. HTML routes depend on main router helpers (`send_html/3`, `get_task_context/1`). ### get_task_context Duplication - **Problem:** `get_task_context/1` is duplicated in both the main router and `Router.TasksApi`. - **Fix:** Extract to `Router.TaskContext` shared module. - **Deferred because:** Low-impact duplication. Will resolve naturally when HTML task routes are extracted.