Improvement Checklist

Low Priority (Next Up)

• Worker SMTP: add STARTTLS/TLS support and dial/write timeouts; configurable smtpSendMail transport.

Completed Improvements

High Priority

• Harden filesystem object store to prevent path traversal.
• Fix internal/sla/sla.go DB loader bug.
• Unify duplicated API composition (thin main.go).
• Strengthen JWT/OIDC validation.
• Consolidate login cookie handling (hd_auth).
• Ensure cmd/api/handlers/events.go compiles cleanly.

Medium Priority

• Standardize rate limiting (Redis-backed).
• Add context timeouts to DB, Redis, MinIO.
• Improve JWKS handling (backoff, caching).
• Helm: Secrets support and scheduling knobs.
• Make Docker builds reproducible (vendor Swagger UI).
• Multi-arch builds (AMD64/ARM64).
• Expand tests: SLA calendars, JWT validation, upload keys.
• Observability: unify request logging and Prometheus counters.
• Tighten CORS headers.

General / Infrastructure

• Add readiness/liveness indicator for the worker.
• Set default resource requests/limits in Helm.
• Provide Makefile targets.
• Documentation: auth modes, rate limiting, hardening.