docs(backlog): track v0.5.0 release-PR review feedback

[fvadicamo]

Summary

Two new BACKLOG entries from the Gemini review on the v0.5.0 release PR (#71).
All medium/low severity, deferred from v0.5.0 per zero-new-commit policy on
release PRs.

New entries

• DEBT-020 (medium): audit log skipped when request_id is missing on admin writes. patch_namespace_config and similar endpoints should synthesize a fallback uuid4() so NFR-007 holds even if the request-id middleware misbehaves.
• DEBT-021 (low): _fetch_document_names adds a separate Postgres round-trip per query. The WI-2 plan called for a JOIN with source_documents inside the existing chunk-fetch query; v0.5.0 opted for a clarity-first separate call, consolidation tracked here.

Other Gemini feedback (not new entries)

Comment	Disposition
:root injection scope (chat-ui.js:145)	Already DEBT-018
Missing UTC, datetime imports (api.py:32)	False positive — imports present at line 13
self_inner in nested test fakes (test_pipeline.py x4)	Style noise on disambiguating closure-bound mocks; no action

Test plan

• CI green (lint + tests)
• BACKLOG.md renders correctly on GitHub

Refs

• Reviewed PR: release: v0.5.0 - Widget production-ready & instructor configuration #71 (release v0.5.0)
• Existing related items: DEBT-017, DEBT-018, DEBT-019 (PR feat(learn): widget production-ready + prof config #66 review)

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• .s2s/BACKLOG.md is excluded by !.s2s/**

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6cf80b47-1793-44e3-b608-f2fd15985add

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/backlog-v050-pr71-feedback

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request adds two new technical debt entries to the backlog: DEBT-020, which addresses missing audit logs when a request ID is absent, and DEBT-021, which aims to optimize document name retrieval. Feedback suggests broadening the scope of DEBT-020 to include all sensitive endpoints rather than just admin writes to ensure comprehensive audit coverage. Additionally, for DEBT-021, the proposed optimization should be generalized to support non-SQL providers like Qdrant, ensuring consistency with the project's multi-provider architecture.

[fvadicamo]

Both Gemini comments addressed in 855bebd. DEBT-020 scope broadened to sensitive endpoints (reads + writes); DEBT-021 reframed for multi-provider architecture with explicit pgvector and qdrant optimization paths.