Code Audit
Full-stack audit of YAS Marketplace and Legal AI Platform — March 12, 2026
Next.js 15 · PostgreSQL · Redis · AWS S3
Pages
14 buyer + 15 admin
API Endpoints
12 groups
DB Models
28 models
Auth
JWT + bcrypt
i18n
EN + AR / RTL
Payment
MOCK ONLY ⚠️
Next.js · PostgreSQL · Zoom SDK 3.8.10
Dashboard Pages
12 pages
Auth
Phone OTP
Video
Zoom SDK (untested)
i18n
EN + AR / RTL
Subscription
UI only ⚠️
Wallet
UI only ⚠️
Confirmed Strengths
Bilingual EN/AR with RTL
Full bilingual support with RTL layout switching across both platforms — a genuine competitive advantage in Kuwait.
704 Automated Tests
The Marketplace has 704 automated tests across 33 suites using Vitest — above average for early-stage startups.
Production-Grade DB Schema
28 well-indexed Prisma models with proper KWD decimal precision (10,3), audit logging, and full lifecycle modeling.
Role-Based Access Control
BUYER / SELLER / ADMIN / SUPER_ADMIN roles with admin approval gates for products, sellers, and auctions.
Complete Admin Panel
15 admin pages covering users, seller applications, products, auctions, raffles, transactions, payouts, reports, and system health.
Seller Workflow Complete
Full seller lifecycle: apply → approval → product listing → auction management → earnings → payouts.
Critical & High-Priority Gaps
All transactions are simulated. KNET UI is built but no real gateway credentials or integration code exists. No real money moves through the system.
The Zoom Video SDK is loaded from CDN. Server-side JWT generation for Zoom sessions has not been verified in a live environment. Meeting creation and participant joining flows are untested.
Subscription plans are displayed in the UI but no payment processing, plan activation, or feature gating is connected to a backend.
Wallet balance display exists but no top-up mechanism, transaction history, or deduction logic is connected.
The OCR model's chain-of-thought is appearing in the extracted text output. The system prompt must explicitly strip reasoning tokens before returning output.