# Notifications module — technical debt (concise)

## Delivery and reliability

- **Dedupe TTL is global.** `NOTIFICATIONS_DEDUPE_TTL` applies to all notification kinds. Some domains (e.g. SLA breach) may need shorter or longer windows; consider per-type overrides if product asks for it.
- **Cache driver dependency.** Duplicate suppression uses `Cache::add`. If the cache store is misconfigured or cleared aggressively, duplicate deliveries can slip through until queue uniqueness applies.
- **Queue unique jobs vs. `Mail::queue`.** Notification email is sent via `SendNotificationEmailJob` with `ShouldBeUnique`. Uniqueness uses Laravel’s cache lock; ensure the queue worker and app share the same cache when running multiple workers.
- **Idempotency key leakage.** Internal `_`-prefixed keys are skipped in template substitution and stripped from in-app persisted `data`, but any future channel must remember to treat them as reserved.

## Product and UX gaps

- **Slack/SMS are stubbed** in `NotificationService::getChannelService`. Preferences can enable channels that do not send.
- **Mention parsing** is intentionally simple (plain email after `@`). Internationalized addresses, display names in angle brackets, or non-email @handles are not supported.
- **No batching or digest** for high-volume types (replies, SLA ticks).

## Data and operations

- **Template versioning / audit** is minimal; updates are overwrite-in-place via seeder and repository.
- **Cleanup** (`NOTIFICATIONS_CLEANUP_DAYS`) is configuration only unless a scheduled job exists elsewhere.
- **Read-path indexes** were added for common filters; monitor query plans if JSON filters on `notifications.data` appear in production.

## Testing and observability

- **Integration coverage** for listeners (`NotifyOn*`) against real queue dispatch is limited; hardening tests focus on services, repository fallback, and mention isolation.
- **Metrics:** No structured counters for suppressed duplicates vs. sent notifications; only debug logs for dedupe hits.