Strategic Blind Spots โ Tracker โ
Last updated: 2026-04-15 Origin: Level 2 review artifacts โ accumulated across L2 audits; source artifacts are not tracked in
docs/.Flagged as "SB-" items during L2 audits. Tracked here to prevent loss. None are blockers for Phase 1 implementation.
| ID | Description | Status | Resolution / Plan |
|---|---|---|---|
| SB-1 | FX rate refresh cadence โ When to snapshot exchange rates on multi-currency procurement. | planned โ Phase 2+ | Low risk. No multi-currency tours yet. When implemented, add fx_rate_snapshot to PriceMatrix (same pattern as ADR-011). |
| SB-2 | ยง 25 UStG per-line tax split โ Per-variant TOMS tax is a legal fiction. | โ Resolved | Closed by ADR-012. Tax deferred to Phase 3 FinancialLedger. |
| SB-3 | Agency commission โ margin interplay โ Interaction between operator margin and B2B agency commission undefined. | open | Needs a future ADR when channel pricing (Pricing Hierarchy Level 2/3) begins. Currently tracked in TODOS.md ยง7. |
| SB-4 | Stale allotment data on LOCKED sheets โ Allotment availability may change after CostingSheet LOCK. | open โ by design | Expected behavior: LOCK is an immutability guarantee. Operator regenerates a new CostingSheet version if allotments change. Document in operator playbook. |
| SB-5 | JSONB audit diffing โ No mechanism to diff snapshots between PriceMatrix versions. | open โ implementation detail | With ADR-011 snapshots, diffing becomes possible. Mechanism (Hasura computed field vs. NestJS service) is an implementation choice, not an architecture decision. Technical spike during Phase 2. |
| SB-6 | Partial recalculation (dirty-flag engine) โ Only recalculate affected variants on rule change. | planned | Premature optimization. Bounded at โค72 variants (~15 KB JSONB). Full recalculation is fast enough. Revisit only if performance profiling shows a bottleneck. |
| SB-7 | Default deposit percentage โ System fallback when neither operator nor template defines a deposit. Must consider ยง 651a BGB limits on advance payments for package travel. | open โ product decision | Origin: L2-2.2 Checkout & Payment. Needs legal review before setting a value. |
| SB-8 | Platform fee model โ How BusFlow charges operators per transaction (flat %, tiered, negotiated per-operator). Core monetization decision. | open โ product decision | Origin: L2-2.2 Checkout & Payment. Mollie Marketplace routing supports any model; the business logic is the decision. |
| SB-9 | Ancillary catalog design โ How operators define their available ancillaries per template (free-form list? configurable catalog with behavioral type mapping?). | โ Resolved | Resolved by ancillary-catalog.md. Centralized operator-level catalog with template-level assignments and price overrides. Schema: ancillary_catalog_items + template_ancillary_assignments in schema-backoffice.md. |
| SB-10 | Billing address capture at checkout โ ยง 14 Abs. 4 UStG requires recipient's full name and address on invoices. Neither bookings nor passengers currently stores a postal address. The checkout form must capture a billing address and the system must persist it (recommended: bookings.billing_address JSONB). | open โ product decision | Origin: L3-3.6.2 Invoice Rendering ยง3. Affects booking widget UX and checkout data model. |
| SB-11 | Multi-leg delay propagation โ If the system delays Leg 1 (PICKUP), downstream Leg 2 (TRANSIT) is implicitly delayed. No cascade mechanism exists. | open | Origin: L2-3.3 ServiceLeg/BoardingEvent. Multi-leg cascades are common in sequential pickup stops. L3 drill-down should specify whether delays propagate automatically or require manual dispatcher action. |
| SB-12 | Driver app manifest size limits โ For a 49-seat coach with 5 PICKUP legs, the offline manifest includes ~245 tickets + passenger data + seat maps. At what payload size does IndexedDB sync become a UX bottleneck? | open โ performance | Origin: L2-3.3 ServiceLeg/BoardingEvent. No document addresses manifest size or incremental sync granularity. |
| SB-13 | Partial leg completion โ A bus breaks down mid-leg. The leg is neither COMPLETED nor CANCELLED โ it is "aborted." The current state machine has no state for this. An Incident is created, but the leg's terminal state is ambiguous. | open | Origin: L2-3.3 ServiceLeg/BoardingEvent. Would require an ABORTED status or using COMPLETED + Incident linkage as the pattern. |
| SB-14 | TelemetryPoint data retention โ High-frequency GPS data (every 5โ15s) for 30 vehicles over 12 months produces millions of rows. No retention or archival policy is documented. | open โ infrastructure | Origin: L2-3.3 ServiceLeg/BoardingEvent. Consider TimescaleDB hypertable or partitioning + retention policy (e.g., raw data for 90 days, aggregated thereafter). |