Item-module Stream — Learnings

Signing surface needs to match the storage contract

The save-time validator had already been generalised to accept any URL (CDN-host or otherwise). The print-time signer, however, kept its narrower assumption that every URL belonged to the CDN host. The two surfaces drifted: a save would succeed, but printing would fail to render the image because the signer corrupted the foreign URL.

Lesson: when the storage contract widens (e.g. “we now accept third-party image URLs”), audit every downstream consumer of that field for assumptions tied to the older contract. A single-line guard at the print-time surface restored consistency. The validator/signer pair should be tested together against a shared URL matrix to catch this class of drift earlier.

Tiny scope is the right scope

The plan called this stream “Tiny” — two files plus tests. The implementation matched. There’s no value in inflating scope for a fix this narrow: pulling sign-time logic into a separate value object, adding a strategy pattern, or refactoring ItemPrinter would be over-engineering. The right move was the smallest change that restored the storage/print contract symmetry. Worth remembering as a baseline against the temptation to “leave things better than I found them” when “better” would mean more code, not less.