Deferred from the quality-audit fix pass (#6).
Location: src/identity/workos-resolver.ts:124-157
Problem: on a cache miss the resolver does a full linear scan of the workforce directory — up to MAX_PAGES (50) × WORKOS_PAGE_SIZE (100) = 5000 users, one sequential HTTP round-trip per page (each with a 3s timeout) — to find one user by email. Cold-cache latency and WorkOS API load both scale with directory size.
Proposed fix (either):
- Use a WorkOS user-by-email lookup endpoint if one is available, instead of paginating.
- Warm the identity cache out-of-band: a WorkOS Directory Sync webhook (or a periodic full sync) writes Slack↔external mappings into the DDB identity cache, so the hot query path is always a cache hit.
Why deferred: architectural — it needs a WorkOS API capability and/or a new out-of-band sync component, not an in-place code tweak. The current path is correct and cached (1h TTL); this is a scale/latency improvement.
Deferred from the quality-audit fix pass (#6).
Location:
src/identity/workos-resolver.ts:124-157Problem: on a cache miss the resolver does a full linear scan of the workforce directory — up to
MAX_PAGES (50) × WORKOS_PAGE_SIZE (100) = 5000users, one sequential HTTP round-trip per page (each with a 3s timeout) — to find one user by email. Cold-cache latency and WorkOS API load both scale with directory size.Proposed fix (either):
Why deferred: architectural — it needs a WorkOS API capability and/or a new out-of-band sync component, not an in-place code tweak. The current path is correct and cached (1h TTL); this is a scale/latency improvement.