test_md/cursor_output.md

🎯 OPTIMASI SCORE: 64/100
📈 KESEHATAN KODE: Fair
⚠️ CRITICAL ISSUES: 6
🔧 QUICK WINS: 9

Audit ini sudah mencakup seluruh file di REST_MB_RA:

• REQUEST_IN.esql
• MAPPING_REQUEST.esql
• RESPONSE_IN.esql
• RESPONSE_OUT.esql
• postLogin.subflow
• gen/REST_MB_RA.msgflow
• restapi.descriptor
• swagger.json
• plus project metadata (.project, .settings/...)

1) ESQL Code Quality

Status: ⚠️ NEEDS IMPROVEMENT

Issues Found

1. ❌ CRITICAL: MAPPING_REQUEST.esql line 84
   Problem: token = NULL dipakai di kondisi (ELSEIF ... (token = '' OR token = NULL) ...).
   Impact: Logic mismatch (comparison ke NULL tidak pernah true secara normal di ESQL).
   Resiko jika tidak diubah: valid API key tertentu bisa tidak tervalidasi sesuai ekspektasi.
   Fix:

   -- BEFORE (❌):
   ELSEIF apiKey <> '' AND (token = '' OR token = NULL) AND apiKey = InputRoot.HTTPInputHeader.Key THEN
   
   -- AFTER (✅):
   ELSEIF apiKey <> '' AND (token = '' OR token IS NULL) AND apiKey = InputRoot.HTTPInputHeader.Key THEN
   

Priority: 🔴 HIGH

1. ⚠️ RESPONSE_IN.esql line 67-72
   Problem: Field path panjang berulang (InputRoot.JSON.Data.OriginalMsg.JSON.Data.dlog...) tanpa REFERENCE tambahan.
   Impact: traversal tree berulang, overhead CPU kecil tapi konsisten di TPS tinggi.
   Resiko: latensi naik saat throughput tinggi.
   Fix:

   DECLARE idlog REFERENCE TO InputRoot.JSON.Data.OriginalMsg.JSON.Data.dlog;
   SET omd.clientIp = idlog.clientIp;
   SET omd.serverIp = idlog.serverIp;
   SET omd.code = idlog.code;
   SET omd.reqtimestamp = idlog.reqtimestamp;
   SET omd.correlId = idlog.correlId;
   

   Priority: 🟡 MEDIUM

2. ⚠️ REQUEST_IN.esql line 29
   Problem: nested SUBSTRING(SUBSTRING(...)) langsung di assignment.
   Impact: readability rendah, parsing URI cost berulang bila pattern dipakai lagi.
   Resiko: maintainability dan bug parsing edge-case URI.
   Fix:

   DECLARE uriPart CHARACTER SUBSTRING(InputLocalEnvironment.REST.Input.URI AFTER '//');
   SET omd.serverIp = SUBSTRING(uriPart BEFORE '/');
   

   Priority: 🟡 MEDIUM

3. ⚠️ MAPPING_REQUEST.esql line 19/32/45/58
   Problem: repeated validation block copy-paste (4x) dengan pola sama.
   Impact: technical debt + risiko inkonsistensi update validasi.
   Resiko: bug fix harus diulang di banyak cabang.
   Priority: 🟡 MEDIUM

✅ Tidak ditemukan EVAL dan array subscript [] anti-pattern.

---

2) Message Flow Design Patterns

Status: ⚠️ NEEDS IMPROVEMENT

Issues Found

1. ⚠️ postLogin.subflow memiliki ~17 nodes (di atas threshold 10)
   Problem: orchestration, validation, MQ mapping, logging, error routing masih padat dalam 1 subflow utama.
   Impact: testing granular susah, refactor lambat.
   Resiko: perubahan kecil berisiko memicu regresi alur lain.
   Solusi: pecah jadi subflow reusable:

   • validateRequest.subflow
   • mapToCoreRequest.subflow
   • mapToApiResponse.subflow
   • errorResponse.subflow Priority: 🟡 MEDIUM

2. ⚠️ Validasi request dan format error dicampur di MAPPING_REQUEST.esql
   Impact: separation of concerns lemah.
   Priority: 🟡 MEDIUM

✅ Reusability flow sudah lumayan: LOG_LOG_DB_JSON.subflow dan ACE_DLIB digunakan.

---

3) Error Handling & Resilience

Status: ⚠️ NEEDS IMPROVEMENT

Issues Found

1. ⚠️ restapi.descriptor line 11
   Problem: <ns2:errorHandlers/> kosong.
   Impact: API-level error mapping tidak distandardisasi di level descriptor.
   Resiko: format error bisa beda antar jalur exception tak terduga.
   Priority: 🟡 MEDIUM

2. ⚠️ Tidak terlihat TryCatch/TryCatch node eksplisit di jalur request utama; lebih mengandalkan failure terminal routing.
   Impact: penanganan exception business/technical bisa kurang kaya context.
   Priority: 🟡 MEDIUM

✅ Positif:

• Failure terminal banyak sudah terkoneksi (REQUEST_IN_FAILURE, MAPPING_REQUEST_FAILURE, dst).
• MQInput catch terminal sudah diroute (REPLY_IN_CATCH).

---

4) Performance Optimization

Status: ❌ CRITICAL

Issues Found

1. ❌ CRITICAL: MAPPING_REQUEST.esql line 136
   Problem: SET om.OriginalMsg = InputRoot; menyalin seluruh message tree ke output.
   Impact: memory overhead besar + CPU copy cost.
   Resiko jika tidak diubah: pada payload besar / TPS tinggi, memory pressure signifikan.
   Fix:

   -- BEFORE:
   SET om.OriginalMsg = InputRoot;
   
   -- AFTER (simpan minimal field yang diperlukan):
   CREATE FIELD om.OriginalMsg.JSON.Data.dlog;
   SET om.OriginalMsg.JSON.Data.dlog = InputRoot.JSON.Data.dlog;
   

Priority: 🔴 HIGH

1. ❌ CRITICAL: MAPPING_REQUEST.esql line 137-138
   Problem: RequestIdentifier di-encode dua kali dan disimpan ke dua lokasi.
   Impact: operasi string/base64 redundant.
   Resiko: konsumsi CPU tambahan dan data redundancy.
   Priority: 🔴 HIGH

2. ⚠️ MAPPING_REQUEST.esql line 77-90
   Problem: parsing keyList via loop + substring tiap iterasi (string slicing berulang).
   Impact: O(n) per request pada header-key check.
   Priority: 🟡 MEDIUM

✅ Tidak ada PASSTHRU/dynamic SQL terdeteksi.

---

5) Configuration Management

Status: ❌ CRITICAL

Issues Found

1. ❌ CRITICAL: MAPPING_REQUEST.esql line 131
   Problem: hardcoded IP 172.18.30.203.
   Impact: tidak portable antar environment.
   Resiko: deploy dev/staging/prod harus edit code.
   Fix:

   DECLARE ipClient EXTERNAL CHARACTER;
   SET om.metadata.IPClient = ipClient;
   

   Priority: 🔴 HIGH

2. ❌ CRITICAL: MAPPING_REQUEST.esql line 109
   Problem: hardcoded ReplyToQ = 'CORE_MQ_REPLY.MB' padahal ada UDP queueReply di subflow.
   Impact: config drift antara node property dan ESQL literal.
   Resiko: incident routing saat nama queue berubah.
   Priority: 🔴 HIGH

3. ⚠️ REQUEST_IN.esql line 31-32
   Problem: timezone offset + CAST(7 AS INTERVAL HOUR) hardcoded.
   Impact: tidak timezone-safe.
   Priority: 🟡 MEDIUM

---

6) Security & Credentials

Status: ⚠️ NEEDS IMPROVEMENT

Issues Found

1. ❌ CRITICAL: postLogin.subflow line 5
   Problem: default keyList berisi contoh key plaintext (aaa;bbb;ccc...).
   Impact: kebiasaan buruk credential handling; raw key dapat terekspos.
   Resiko: unauthorized access jika default/value bocor.
   Priority: 🔴 HIGH

2. ⚠️ swagger.json line 23-25
   Problem: schema body masih type: "string" (tanpa contract field-level validation).
   Impact: validasi input lemah, payload tak sesuai tetap masuk flow.
   Priority: 🟡 MEDIUM

3. ⚠️ Semua ESQL utama melakukan logDebug('Input'...) full message; field sensitif (cif, hp, nid) berpotensi tercatat mentah.
   Impact: data leakage di log.
   Priority: 🔴 HIGH

---

7) Modularity & Reusability

Status: ⚠️ NEEDS IMPROVEMENT

Issues Found

1. ⚠️ MAPPING_REQUEST.esql line 20-31, 33-44, 46-57, 59-70, 93-104
   Problem: blok error response duplicated berkali-kali.
   Impact: reuse score turun; maintenance cost tinggi.
   Priority: 🟡 MEDIUM

2. ✅ Positif: shared lib sudah dipakai (ACE_DLIB di restapi.descriptor) dan logging subflow reusable ada (LOG_LOG_DB_JSON.subflow).

---

8) Monitoring & Observability

Status: ✅ OPTIMAL (dengan perbaikan minor)

Strengths

• ACE_LIB.logDebug konsisten di Input/Output pada semua Compute utama.
• Correlation ID dibuat di REQUEST_IN.esql line 33 dan dipropagasikan ke response (RESPONSE_IN.esql line 72).
• brokerlog di-set di request/response path.

Issues Found

1. ⚠️ Tidak ada duration metric eksplisit (start/end timestamp delta) untuk SLA latency tracking.
   Priority: 🟡 MEDIUM

2. ⚠️ Correlation ID line 33 punya trailing space (|| ' ') yang berisiko menimbulkan mismatch saat lookup/log correlation.
   Priority: 🟡 MEDIUM

---

9) Startup Time & Resource Efficiency

Status: ⚠️ NEEDS IMPROVEMENT

Issues Found

1. ⚠️ Tidak ditemukan server.components.yaml / server.conf.yaml di scope repo ini.
   Impact: belum bisa verifikasi hasil ibmint optimize server dan komponen runtime minimal.
   Resiko: startup lebih lambat, footprint lebih besar dari perlu.
   Priority: 🟡 MEDIUM

2. ✅ Tidak ditemukan indikator recordReplyEnable/globalCache di artefak REST_MB_RA.

---

🚀 Prioritized Action Plan

🚀 QUICK WINS (impact tinggi, effort rendah)

1. Ganti token = NULL menjadi token IS NULL di MAPPING_REQUEST.esql (15 menit).
2. Hilangkan trailing space correlId di REQUEST_IN.esql (10 menit).
3. Refactor path panjang dlog jadi REFERENCE lokal di RESPONSE_IN.esql (20 menit).
4. Parameterisasi IPClient dan ReplyToQ via EXTERNAL/UDP (30-45 menit).
5. Kurangi logging payload sensitif (masking cif/hp/nid) (1-2 jam).

🔨 CRITICAL FIXES (must-do sprint ini)

1. Hapus full-tree copy om.OriginalMsg = InputRoot dan simpan hanya field yang dibutuhkan.
   Resiko delay: memory/cpu pressure di load tinggi.
2. Rapikan key management (hapus default key plaintext, ambil dari secure config/policy).
   Resiko delay: exposure credential & auth bypass risk.
3. Konsolidasi duplicated error blocks ke reusable procedure/function.
   Resiko delay: bug berulang dan regression cost tinggi.

📈 STRATEGIC IMPROVEMENTS (long-term)

1. Pecah postLogin.subflow jadi beberapa subflow concern-based.
2. Perketat OpenAPI schema (object + required fields + pattern/length).
3. Tambah API-level standardized error handler di restapi.descriptor.
4. Tambah latency instrumentation (ms elapsed + correlId per hop).

---

📊 Code Metrics

• Total ESQL files: 4
• Total Subflows: 1
• Total Message flows: 1
• Total ESQL lines: 276
• Average ESQL lines per module: 69 (Target <200 ✅)
• Approx cyclomatic complexity (module-level): 20 total (~5/module; MAPPING_REQUEST paling tinggi)
• Code reuse score: ~42% (Target >60% ❌, turun karena repeated error branches)
• REFERENCE variable usage: ~76% dari tree navigation (Target >80% ⚠️)

---

📄 Specific File Reviews

📄 REQUEST_IN.esql

✅ Strengths:

• Sudah pakai REFERENCE (om, omd).
• Correlation ID generation sudah ada.
• UDP/EXTERNAL variable (keyList/source/msgType) sudah digunakan.

❌ Issues:

1. Line 29: nested substring URI parsing.
2. Line 31-32: hardcoded timezone +7.
3. Line 33: trailing whitespace di correlation ID.

🎯 Refactor: ekstrak URI parser & timestamp utility ke shared function di ACE_DLIB.

📄 MAPPING_REQUEST.esql

✅ Strengths:

• Input validation dasar sudah ada (ref/cif/hp/nid).
• Logging input/output konsisten.
• Sudah ada branch out1 untuk business error response.

❌ Issues:

1. Line 84: token = NULL bug.
2. Line 109/131: hardcoded queue/IP.
3. Line 136: full copy InputRoot ke output (overhead tinggi).
4. Repeated error-building blocks (5x).

🎯 Refactor: buat procedure reusable BuildValidationError(desc, rspCode) + simpan hanya dlog dari original message.

📄 RESPONSE_IN.esql

✅ Strengths:

• Mapping response ke contract output cukup jelas.
• Error dictionary via ACE_LIB.generateError*.
• Correlation context diteruskan ke output dlog.

❌ Issues:

1. Repeated REPLACE(im.header.HDRERR, ' ', '') dipanggil beberapa kali.
2. Field path dlog panjang berulang tanpa REFERENCE.
3. cardexpired substring tanpa guard validasi panjang.

🎯 Refactor: normalize hdrErrClean sekali, tambah guard null/length untuk ABMBEXCR.

📄 RESPONSE_OUT.esql

✅ Strengths:

• Minimalis dan cepat.
• Pass-through body jelas.

❌ Issues:

• Tidak ada masking sebelum output log (bergantung ke ACE_LIB.logDebug policy).

📄 postLogin.subflow

✅ Strengths:

• Failure/catch routing cukup lengkap.
• UDP promoted property sudah dipakai untuk policy/queue/dataSource.
• Reusable logging subflow sudah diintegrasikan.

❌ Issues:

• Terlalu padat (17 node), concern bercampur.

---

Kalau kamu mau, langkah berikutnya saya bisa langsung lanjut fase 2: kirimkan patch refactor konkret untuk 5 quick wins teratas (siap copy-deploy), mulai dari MAPPING_REQUEST.esql dan REQUEST_IN.esql.